Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

src/ssl.c@7:481bce714567, 2017-05-02 (annotated)

Committer:
wolfSSL
Date:
Tue May 02 08:44:47 2017 +0000
Revision:
7:481bce714567
wolfSSL3.10.2

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 7:481bce714567 1 /* ssl.c
wolfSSL 7:481bce714567 2 *
wolfSSL 7:481bce714567 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 7:481bce714567 4 *
wolfSSL 7:481bce714567 5 * This file is part of wolfSSL.
wolfSSL 7:481bce714567 6 *
wolfSSL 7:481bce714567 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 7:481bce714567 8 * it under the terms of the GNU General Public License as published by
wolfSSL 7:481bce714567 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 7:481bce714567 10 * (at your option) any later version.
wolfSSL 7:481bce714567 11 *
wolfSSL 7:481bce714567 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 7:481bce714567 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 7:481bce714567 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 7:481bce714567 15 * GNU General Public License for more details.
wolfSSL 7:481bce714567 16 *
wolfSSL 7:481bce714567 17 * You should have received a copy of the GNU General Public License
wolfSSL 7:481bce714567 18 * along with this program; if not, write to the Free Software
wolfSSL 7:481bce714567 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 7:481bce714567 20 */
wolfSSL 7:481bce714567 21
wolfSSL 7:481bce714567 22
wolfSSL 7:481bce714567 23 #ifdef HAVE_CONFIG_H
wolfSSL 7:481bce714567 24 #include <config.h>
wolfSSL 7:481bce714567 25 #endif
wolfSSL 7:481bce714567 26
wolfSSL 7:481bce714567 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 7:481bce714567 28
wolfSSL 7:481bce714567 29 #ifndef WOLFCRYPT_ONLY
wolfSSL 7:481bce714567 30
wolfSSL 7:481bce714567 31 #ifdef HAVE_ERRNO_H
wolfSSL 7:481bce714567 32 #include <errno.h>
wolfSSL 7:481bce714567 33 #endif
wolfSSL 7:481bce714567 34
wolfSSL 7:481bce714567 35 #include <wolfssl/internal.h>
wolfSSL 7:481bce714567 36 #include <wolfssl/error-ssl.h>
wolfSSL 7:481bce714567 37 #include <wolfssl/wolfcrypt/coding.h>
wolfSSL 7:481bce714567 38 #ifdef NO_INLINE
wolfSSL 7:481bce714567 39 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 7:481bce714567 40 #else
wolfSSL 7:481bce714567 41 #define WOLFSSL_MISC_INCLUDED
wolfSSL 7:481bce714567 42 #include <wolfcrypt/src/misc.c>
wolfSSL 7:481bce714567 43 #endif
wolfSSL 7:481bce714567 44
wolfSSL 7:481bce714567 45
wolfSSL 7:481bce714567 46 #ifndef WOLFSSL_ALLOW_NO_SUITES
wolfSSL 7:481bce714567 47 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
wolfSSL 7:481bce714567 48 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK)
wolfSSL 7:481bce714567 49 #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"
wolfSSL 7:481bce714567 50 #endif
wolfSSL 7:481bce714567 51 #endif
wolfSSL 7:481bce714567 52
wolfSSL 7:481bce714567 53 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
wolfSSL 7:481bce714567 54 defined(WOLFSSL_KEY_GEN)
wolfSSL 7:481bce714567 55 #include <wolfssl/openssl/evp.h>
wolfSSL 7:481bce714567 56 /* openssl headers end, wolfssl internal headers next */
wolfSSL 7:481bce714567 57 #include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL 7:481bce714567 58 #endif
wolfSSL 7:481bce714567 59
wolfSSL 7:481bce714567 60 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 61 /* openssl headers begin */
wolfSSL 7:481bce714567 62 #include <wolfssl/openssl/hmac.h>
wolfSSL 7:481bce714567 63 #include <wolfssl/openssl/crypto.h>
wolfSSL 7:481bce714567 64 #include <wolfssl/openssl/des.h>
wolfSSL 7:481bce714567 65 #include <wolfssl/openssl/bn.h>
wolfSSL 7:481bce714567 66 #include <wolfssl/openssl/dh.h>
wolfSSL 7:481bce714567 67 #include <wolfssl/openssl/rsa.h>
wolfSSL 7:481bce714567 68 #include <wolfssl/openssl/pem.h>
wolfSSL 7:481bce714567 69 #include <wolfssl/openssl/ec.h>
wolfSSL 7:481bce714567 70 #include <wolfssl/openssl/ec25519.h>
wolfSSL 7:481bce714567 71 #include <wolfssl/openssl/ed25519.h>
wolfSSL 7:481bce714567 72 #include <wolfssl/openssl/ecdsa.h>
wolfSSL 7:481bce714567 73 #include <wolfssl/openssl/ecdh.h>
wolfSSL 7:481bce714567 74 /* openssl headers end, wolfssl internal headers next */
wolfSSL 7:481bce714567 75 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 7:481bce714567 76 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 7:481bce714567 77 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 7:481bce714567 78 #include <wolfssl/wolfcrypt/md4.h>
wolfSSL 7:481bce714567 79 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 7:481bce714567 80 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 7:481bce714567 81 #include <wolfssl/wolfcrypt/idea.h>
wolfSSL 7:481bce714567 82 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 7:481bce714567 83 #include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL 7:481bce714567 84 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 85 #include <wolfssl/openssl/ocsp.h>
wolfSSL 7:481bce714567 86 #endif /* WITH_STUNNEL */
wolfSSL 7:481bce714567 87 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 88 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 7:481bce714567 89 #endif
wolfSSL 7:481bce714567 90 #endif
wolfSSL 7:481bce714567 91
wolfSSL 7:481bce714567 92 #ifdef NO_ASN
wolfSSL 7:481bce714567 93 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 7:481bce714567 94 #endif
wolfSSL 7:481bce714567 95
wolfSSL 7:481bce714567 96
wolfSSL 7:481bce714567 97 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX)
wolfSSL 7:481bce714567 98 #define WOLFSSL_HAVE_MAX
wolfSSL 7:481bce714567 99
wolfSSL 7:481bce714567 100 static INLINE word32 max(word32 a, word32 b)
wolfSSL 7:481bce714567 101 {
wolfSSL 7:481bce714567 102 return a > b ? a : b;
wolfSSL 7:481bce714567 103 }
wolfSSL 7:481bce714567 104
wolfSSL 7:481bce714567 105 #endif /* WOLFSSL_DTLS && !WOLFSSL_HAVE_MAX */
wolfSSL 7:481bce714567 106
wolfSSL 7:481bce714567 107
wolfSSL 7:481bce714567 108 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 109 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL 7:481bce714567 110 {
wolfSSL 7:481bce714567 111 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL 7:481bce714567 112
wolfSSL 7:481bce714567 113 if (s2_len == 0)
wolfSSL 7:481bce714567 114 return (char*)s1;
wolfSSL 7:481bce714567 115
wolfSSL 7:481bce714567 116 while (n >= s2_len && s1[0]) {
wolfSSL 7:481bce714567 117 if (s1[0] == s2[0])
wolfSSL 7:481bce714567 118 if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL 7:481bce714567 119 return (char*)s1;
wolfSSL 7:481bce714567 120 s1++;
wolfSSL 7:481bce714567 121 n--;
wolfSSL 7:481bce714567 122 }
wolfSSL 7:481bce714567 123
wolfSSL 7:481bce714567 124 return NULL;
wolfSSL 7:481bce714567 125 }
wolfSSL 7:481bce714567 126 #endif
wolfSSL 7:481bce714567 127
wolfSSL 7:481bce714567 128 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 7:481bce714567 129 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 130 int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, unsigned int sz)
wolfSSL 7:481bce714567 131 {
wolfSSL 7:481bce714567 132 WOLFSSL_ENTER("wolfSSL_session_import");
wolfSSL 7:481bce714567 133
wolfSSL 7:481bce714567 134 if (ssl == NULL || buf == NULL) {
wolfSSL 7:481bce714567 135 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 136 }
wolfSSL 7:481bce714567 137
wolfSSL 7:481bce714567 138 /* sanity checks on buffer and protocol are done in internal function */
wolfSSL 7:481bce714567 139 return wolfSSL_dtls_import_internal(ssl, buf, sz);
wolfSSL 7:481bce714567 140 }
wolfSSL 7:481bce714567 141
wolfSSL 7:481bce714567 142
wolfSSL 7:481bce714567 143 /* Sets the function to call for serializing the session. This function is
wolfSSL 7:481bce714567 144 * called right after the handshake is completed. */
wolfSSL 7:481bce714567 145 int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)
wolfSSL 7:481bce714567 146 {
wolfSSL 7:481bce714567 147
wolfSSL 7:481bce714567 148 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");
wolfSSL 7:481bce714567 149
wolfSSL 7:481bce714567 150 /* purposefully allow func to be NULL */
wolfSSL 7:481bce714567 151 if (ctx == NULL) {
wolfSSL 7:481bce714567 152 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 153 }
wolfSSL 7:481bce714567 154
wolfSSL 7:481bce714567 155 ctx->dtls_export = func;
wolfSSL 7:481bce714567 156
wolfSSL 7:481bce714567 157 return SSL_SUCCESS;
wolfSSL 7:481bce714567 158 }
wolfSSL 7:481bce714567 159
wolfSSL 7:481bce714567 160
wolfSSL 7:481bce714567 161 /* Sets the function in WOLFSSL struct to call for serializing the session. This
wolfSSL 7:481bce714567 162 * function is called right after the handshake is completed. */
wolfSSL 7:481bce714567 163 int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)
wolfSSL 7:481bce714567 164 {
wolfSSL 7:481bce714567 165
wolfSSL 7:481bce714567 166 WOLFSSL_ENTER("wolfSSL_dtls_set_export");
wolfSSL 7:481bce714567 167
wolfSSL 7:481bce714567 168 /* purposefully allow func to be NULL */
wolfSSL 7:481bce714567 169 if (ssl == NULL) {
wolfSSL 7:481bce714567 170 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 171 }
wolfSSL 7:481bce714567 172
wolfSSL 7:481bce714567 173 ssl->dtls_export = func;
wolfSSL 7:481bce714567 174
wolfSSL 7:481bce714567 175 return SSL_SUCCESS;
wolfSSL 7:481bce714567 176 }
wolfSSL 7:481bce714567 177
wolfSSL 7:481bce714567 178
wolfSSL 7:481bce714567 179 /* This function allows for directly serializing a session rather than using
wolfSSL 7:481bce714567 180 * callbacks. It has less overhead by removing a temporary buffer and gives
wolfSSL 7:481bce714567 181 * control over when the session gets serialized. When using callbacks the
wolfSSL 7:481bce714567 182 * session is always serialized immediatly after the handshake is finished.
wolfSSL 7:481bce714567 183 *
wolfSSL 7:481bce714567 184 * buf is the argument to contain the serialized session
wolfSSL 7:481bce714567 185 * sz is the size of the buffer passed in
wolfSSL 7:481bce714567 186 * ssl is the WOLFSSL struct to serialize
wolfSSL 7:481bce714567 187 * returns the size of serialized session on success, 0 on no action, and
wolfSSL 7:481bce714567 188 * negative value on error */
wolfSSL 7:481bce714567 189 int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
wolfSSL 7:481bce714567 190 {
wolfSSL 7:481bce714567 191 WOLFSSL_ENTER("wolfSSL_dtls_export");
wolfSSL 7:481bce714567 192
wolfSSL 7:481bce714567 193 if (ssl == NULL || sz == NULL) {
wolfSSL 7:481bce714567 194 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 195 }
wolfSSL 7:481bce714567 196
wolfSSL 7:481bce714567 197 if (buf == NULL) {
wolfSSL 7:481bce714567 198 *sz = MAX_EXPORT_BUFFER;
wolfSSL 7:481bce714567 199 return 0;
wolfSSL 7:481bce714567 200 }
wolfSSL 7:481bce714567 201
wolfSSL 7:481bce714567 202 /* if not DTLS do nothing */
wolfSSL 7:481bce714567 203 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 204 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 7:481bce714567 205 return 0;
wolfSSL 7:481bce714567 206 }
wolfSSL 7:481bce714567 207
wolfSSL 7:481bce714567 208 /* copy over keys, options, and dtls state struct */
wolfSSL 7:481bce714567 209 return wolfSSL_dtls_export_internal(ssl, buf, *sz);
wolfSSL 7:481bce714567 210 }
wolfSSL 7:481bce714567 211
wolfSSL 7:481bce714567 212
wolfSSL 7:481bce714567 213 /* returns 0 on success */
wolfSSL 7:481bce714567 214 int wolfSSL_send_session(WOLFSSL* ssl)
wolfSSL 7:481bce714567 215 {
wolfSSL 7:481bce714567 216 int ret;
wolfSSL 7:481bce714567 217 byte* buf;
wolfSSL 7:481bce714567 218 word16 bufSz = MAX_EXPORT_BUFFER;
wolfSSL 7:481bce714567 219
wolfSSL 7:481bce714567 220 WOLFSSL_ENTER("wolfSSL_send_session");
wolfSSL 7:481bce714567 221
wolfSSL 7:481bce714567 222 if (ssl == NULL) {
wolfSSL 7:481bce714567 223 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 224 }
wolfSSL 7:481bce714567 225
wolfSSL 7:481bce714567 226 buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 227 if (buf == NULL) {
wolfSSL 7:481bce714567 228 return MEMORY_E;
wolfSSL 7:481bce714567 229 }
wolfSSL 7:481bce714567 230
wolfSSL 7:481bce714567 231 /* if not DTLS do nothing */
wolfSSL 7:481bce714567 232 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 233 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 234 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 7:481bce714567 235 return 0;
wolfSSL 7:481bce714567 236 }
wolfSSL 7:481bce714567 237
wolfSSL 7:481bce714567 238 /* copy over keys, options, and dtls state struct */
wolfSSL 7:481bce714567 239 ret = wolfSSL_dtls_export_internal(ssl, buf, bufSz);
wolfSSL 7:481bce714567 240 if (ret < 0) {
wolfSSL 7:481bce714567 241 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 242 return ret;
wolfSSL 7:481bce714567 243 }
wolfSSL 7:481bce714567 244
wolfSSL 7:481bce714567 245 /* if no error ret has size of buffer */
wolfSSL 7:481bce714567 246 ret = ssl->dtls_export(ssl, buf, ret, NULL);
wolfSSL 7:481bce714567 247 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 248 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 249 return ret;
wolfSSL 7:481bce714567 250 }
wolfSSL 7:481bce714567 251
wolfSSL 7:481bce714567 252 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 253 return 0;
wolfSSL 7:481bce714567 254 }
wolfSSL 7:481bce714567 255 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 256 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 7:481bce714567 257
wolfSSL 7:481bce714567 258
wolfSSL 7:481bce714567 259 /* prevent multiple mutex initializations */
wolfSSL 7:481bce714567 260 static volatile int initRefCount = 0;
wolfSSL 7:481bce714567 261 static wolfSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 7:481bce714567 262
wolfSSL 7:481bce714567 263
wolfSSL 7:481bce714567 264 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
wolfSSL 7:481bce714567 265 WOLFSSL_METHOD pointer passed in is given to ctx to manage.
wolfSSL 7:481bce714567 266 This function frees the passed in WOLFSSL_METHOD struct on failure and on
wolfSSL 7:481bce714567 267 success is freed when ctx is freed.
wolfSSL 7:481bce714567 268 */
wolfSSL 7:481bce714567 269 WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
wolfSSL 7:481bce714567 270 {
wolfSSL 7:481bce714567 271 WOLFSSL_CTX* ctx = NULL;
wolfSSL 7:481bce714567 272
wolfSSL 7:481bce714567 273 WOLFSSL_ENTER("WOLFSSL_CTX_new_ex");
wolfSSL 7:481bce714567 274
wolfSSL 7:481bce714567 275 if (initRefCount == 0) {
wolfSSL 7:481bce714567 276 /* user no longer forced to call Init themselves */
wolfSSL 7:481bce714567 277 int ret = wolfSSL_Init();
wolfSSL 7:481bce714567 278 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 279 WOLFSSL_MSG("wolfSSL_Init failed");
wolfSSL 7:481bce714567 280 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 7:481bce714567 281 if (method != NULL) {
wolfSSL 7:481bce714567 282 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 283 }
wolfSSL 7:481bce714567 284 return NULL;
wolfSSL 7:481bce714567 285 }
wolfSSL 7:481bce714567 286 }
wolfSSL 7:481bce714567 287
wolfSSL 7:481bce714567 288 if (method == NULL)
wolfSSL 7:481bce714567 289 return ctx;
wolfSSL 7:481bce714567 290
wolfSSL 7:481bce714567 291 ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
wolfSSL 7:481bce714567 292 if (ctx) {
wolfSSL 7:481bce714567 293 if (InitSSL_Ctx(ctx, method, heap) < 0) {
wolfSSL 7:481bce714567 294 WOLFSSL_MSG("Init CTX failed");
wolfSSL 7:481bce714567 295 wolfSSL_CTX_free(ctx);
wolfSSL 7:481bce714567 296 ctx = NULL;
wolfSSL 7:481bce714567 297 }
wolfSSL 7:481bce714567 298 }
wolfSSL 7:481bce714567 299 else {
wolfSSL 7:481bce714567 300 WOLFSSL_MSG("Alloc CTX failed, method freed");
wolfSSL 7:481bce714567 301 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 302 }
wolfSSL 7:481bce714567 303
wolfSSL 7:481bce714567 304 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 7:481bce714567 305 return ctx;
wolfSSL 7:481bce714567 306 }
wolfSSL 7:481bce714567 307
wolfSSL 7:481bce714567 308
wolfSSL 7:481bce714567 309 WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
wolfSSL 7:481bce714567 310 {
wolfSSL 7:481bce714567 311 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 312 /* if testing the heap hint then set top level CTX to have test value */
wolfSSL 7:481bce714567 313 return wolfSSL_CTX_new_ex(method, (void*)WOLFSSL_HEAP_TEST);
wolfSSL 7:481bce714567 314 #else
wolfSSL 7:481bce714567 315 return wolfSSL_CTX_new_ex(method, NULL);
wolfSSL 7:481bce714567 316 #endif
wolfSSL 7:481bce714567 317 }
wolfSSL 7:481bce714567 318
wolfSSL 7:481bce714567 319
wolfSSL 7:481bce714567 320 void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 321 {
wolfSSL 7:481bce714567 322 WOLFSSL_ENTER("SSL_CTX_free");
wolfSSL 7:481bce714567 323 if (ctx)
wolfSSL 7:481bce714567 324 FreeSSL_Ctx(ctx);
wolfSSL 7:481bce714567 325 WOLFSSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 7:481bce714567 326 }
wolfSSL 7:481bce714567 327
wolfSSL 7:481bce714567 328
wolfSSL 7:481bce714567 329 #ifdef SINGLE_THREADED
wolfSSL 7:481bce714567 330 /* no locking in single threaded mode, allow a CTX level rng to be shared with
wolfSSL 7:481bce714567 331 * WOLFSSL objects, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 332 int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 333 {
wolfSSL 7:481bce714567 334 WC_RNG* rng;
wolfSSL 7:481bce714567 335 int ret;
wolfSSL 7:481bce714567 336
wolfSSL 7:481bce714567 337 if (ctx == NULL) {
wolfSSL 7:481bce714567 338 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 339 }
wolfSSL 7:481bce714567 340
wolfSSL 7:481bce714567 341 rng = XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 342 if (rng == NULL) {
wolfSSL 7:481bce714567 343 return MEMORY_E;
wolfSSL 7:481bce714567 344 }
wolfSSL 7:481bce714567 345
wolfSSL 7:481bce714567 346 #ifndef HAVE_FIPS
wolfSSL 7:481bce714567 347 ret = wc_InitRng_ex(rng, ctx->heap);
wolfSSL 7:481bce714567 348 #else
wolfSSL 7:481bce714567 349 ret = wc_InitRng(rng);
wolfSSL 7:481bce714567 350 #endif
wolfSSL 7:481bce714567 351 if (ret != 0) {
wolfSSL 7:481bce714567 352 XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 353 return ret;
wolfSSL 7:481bce714567 354 }
wolfSSL 7:481bce714567 355
wolfSSL 7:481bce714567 356 ctx->rng = rng;
wolfSSL 7:481bce714567 357 return SSL_SUCCESS;
wolfSSL 7:481bce714567 358 }
wolfSSL 7:481bce714567 359 #endif
wolfSSL 7:481bce714567 360
wolfSSL 7:481bce714567 361
wolfSSL 7:481bce714567 362 WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 363 {
wolfSSL 7:481bce714567 364 WOLFSSL* ssl = NULL;
wolfSSL 7:481bce714567 365 int ret = 0;
wolfSSL 7:481bce714567 366
wolfSSL 7:481bce714567 367 (void)ret;
wolfSSL 7:481bce714567 368 WOLFSSL_ENTER("SSL_new");
wolfSSL 7:481bce714567 369
wolfSSL 7:481bce714567 370 if (ctx == NULL)
wolfSSL 7:481bce714567 371 return ssl;
wolfSSL 7:481bce714567 372
wolfSSL 7:481bce714567 373 ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 374 if (ssl)
wolfSSL 7:481bce714567 375 if ( (ret = InitSSL(ssl, ctx)) < 0) {
wolfSSL 7:481bce714567 376 FreeSSL(ssl, ctx->heap);
wolfSSL 7:481bce714567 377 ssl = 0;
wolfSSL 7:481bce714567 378 }
wolfSSL 7:481bce714567 379
wolfSSL 7:481bce714567 380 WOLFSSL_LEAVE("SSL_new", ret);
wolfSSL 7:481bce714567 381 return ssl;
wolfSSL 7:481bce714567 382 }
wolfSSL 7:481bce714567 383
wolfSSL 7:481bce714567 384
wolfSSL 7:481bce714567 385 void wolfSSL_free(WOLFSSL* ssl)
wolfSSL 7:481bce714567 386 {
wolfSSL 7:481bce714567 387 WOLFSSL_ENTER("SSL_free");
wolfSSL 7:481bce714567 388 if (ssl)
wolfSSL 7:481bce714567 389 FreeSSL(ssl, ssl->ctx->heap);
wolfSSL 7:481bce714567 390 WOLFSSL_LEAVE("SSL_free", 0);
wolfSSL 7:481bce714567 391 }
wolfSSL 7:481bce714567 392
wolfSSL 7:481bce714567 393 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 394 /* set if to use old poly 1 for yes 0 to use new poly */
wolfSSL 7:481bce714567 395 int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)
wolfSSL 7:481bce714567 396 {
wolfSSL 7:481bce714567 397 WOLFSSL_ENTER("SSL_use_old_poly");
wolfSSL 7:481bce714567 398 WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function"
wolfSSL 7:481bce714567 399 "is depriciated");
wolfSSL 7:481bce714567 400 ssl->options.oldPoly = (word16)value;
wolfSSL 7:481bce714567 401 WOLFSSL_LEAVE("SSL_use_old_poly", 0);
wolfSSL 7:481bce714567 402 return 0;
wolfSSL 7:481bce714567 403 }
wolfSSL 7:481bce714567 404 #endif
wolfSSL 7:481bce714567 405
wolfSSL 7:481bce714567 406
wolfSSL 7:481bce714567 407 int wolfSSL_set_fd(WOLFSSL* ssl, int fd)
wolfSSL 7:481bce714567 408 {
wolfSSL 7:481bce714567 409 int ret;
wolfSSL 7:481bce714567 410
wolfSSL 7:481bce714567 411 WOLFSSL_ENTER("SSL_set_fd");
wolfSSL 7:481bce714567 412
wolfSSL 7:481bce714567 413 if (ssl == NULL) {
wolfSSL 7:481bce714567 414 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 415 }
wolfSSL 7:481bce714567 416
wolfSSL 7:481bce714567 417 ret = wolfSSL_set_read_fd(ssl, fd);
wolfSSL 7:481bce714567 418 if (ret == SSL_SUCCESS) {
wolfSSL 7:481bce714567 419 ret = wolfSSL_set_write_fd(ssl, fd);
wolfSSL 7:481bce714567 420 }
wolfSSL 7:481bce714567 421
wolfSSL 7:481bce714567 422 return ret;
wolfSSL 7:481bce714567 423 }
wolfSSL 7:481bce714567 424
wolfSSL 7:481bce714567 425
wolfSSL 7:481bce714567 426 int wolfSSL_set_read_fd(WOLFSSL* ssl, int fd)
wolfSSL 7:481bce714567 427 {
wolfSSL 7:481bce714567 428 WOLFSSL_ENTER("SSL_set_read_fd");
wolfSSL 7:481bce714567 429
wolfSSL 7:481bce714567 430 if (ssl == NULL) {
wolfSSL 7:481bce714567 431 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 432 }
wolfSSL 7:481bce714567 433
wolfSSL 7:481bce714567 434 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 7:481bce714567 435 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 7:481bce714567 436
wolfSSL 7:481bce714567 437 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 438 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 439 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 7:481bce714567 440 ssl->buffers.dtlsCtx.rfd = fd;
wolfSSL 7:481bce714567 441 }
wolfSSL 7:481bce714567 442 #endif
wolfSSL 7:481bce714567 443
wolfSSL 7:481bce714567 444 WOLFSSL_LEAVE("SSL_set_read_fd", SSL_SUCCESS);
wolfSSL 7:481bce714567 445 return SSL_SUCCESS;
wolfSSL 7:481bce714567 446 }
wolfSSL 7:481bce714567 447
wolfSSL 7:481bce714567 448
wolfSSL 7:481bce714567 449 int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd)
wolfSSL 7:481bce714567 450 {
wolfSSL 7:481bce714567 451 WOLFSSL_ENTER("SSL_set_write_fd");
wolfSSL 7:481bce714567 452
wolfSSL 7:481bce714567 453 if (ssl == NULL) {
wolfSSL 7:481bce714567 454 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 455 }
wolfSSL 7:481bce714567 456
wolfSSL 7:481bce714567 457 ssl->wfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 7:481bce714567 458 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 7:481bce714567 459
wolfSSL 7:481bce714567 460 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 461 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 462 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 7:481bce714567 463 ssl->buffers.dtlsCtx.wfd = fd;
wolfSSL 7:481bce714567 464 }
wolfSSL 7:481bce714567 465 #endif
wolfSSL 7:481bce714567 466
wolfSSL 7:481bce714567 467 WOLFSSL_LEAVE("SSL_set_write_fd", SSL_SUCCESS);
wolfSSL 7:481bce714567 468 return SSL_SUCCESS;
wolfSSL 7:481bce714567 469 }
wolfSSL 7:481bce714567 470
wolfSSL 7:481bce714567 471
wolfSSL 7:481bce714567 472 /**
wolfSSL 7:481bce714567 473 * Get the name of cipher at priority level passed in.
wolfSSL 7:481bce714567 474 */
wolfSSL 7:481bce714567 475 char* wolfSSL_get_cipher_list(int priority)
wolfSSL 7:481bce714567 476 {
wolfSSL 7:481bce714567 477 const char* const* ciphers = GetCipherNames();
wolfSSL 7:481bce714567 478
wolfSSL 7:481bce714567 479 if (priority >= GetCipherNamesSize() || priority < 0) {
wolfSSL 7:481bce714567 480 return 0;
wolfSSL 7:481bce714567 481 }
wolfSSL 7:481bce714567 482
wolfSSL 7:481bce714567 483 return (char*)ciphers[priority];
wolfSSL 7:481bce714567 484 }
wolfSSL 7:481bce714567 485
wolfSSL 7:481bce714567 486
wolfSSL 7:481bce714567 487 int wolfSSL_get_ciphers(char* buf, int len)
wolfSSL 7:481bce714567 488 {
wolfSSL 7:481bce714567 489 const char* const* ciphers = GetCipherNames();
wolfSSL 7:481bce714567 490 int totalInc = 0;
wolfSSL 7:481bce714567 491 int step = 0;
wolfSSL 7:481bce714567 492 char delim = ':';
wolfSSL 7:481bce714567 493 int size = GetCipherNamesSize();
wolfSSL 7:481bce714567 494 int i;
wolfSSL 7:481bce714567 495
wolfSSL 7:481bce714567 496 if (buf == NULL || len <= 0)
wolfSSL 7:481bce714567 497 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 498
wolfSSL 7:481bce714567 499 /* Add each member to the buffer delimited by a : */
wolfSSL 7:481bce714567 500 for (i = 0; i < size; i++) {
wolfSSL 7:481bce714567 501 step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */
wolfSSL 7:481bce714567 502 totalInc += step;
wolfSSL 7:481bce714567 503
wolfSSL 7:481bce714567 504 /* Check to make sure buf is large enough and will not overflow */
wolfSSL 7:481bce714567 505 if (totalInc < len) {
wolfSSL 7:481bce714567 506 XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i]));
wolfSSL 7:481bce714567 507 buf += XSTRLEN(ciphers[i]);
wolfSSL 7:481bce714567 508
wolfSSL 7:481bce714567 509 if (i < size - 1)
wolfSSL 7:481bce714567 510 *buf++ = delim;
wolfSSL 7:481bce714567 511 else
wolfSSL 7:481bce714567 512 *buf++ = '\0';
wolfSSL 7:481bce714567 513 }
wolfSSL 7:481bce714567 514 else
wolfSSL 7:481bce714567 515 return BUFFER_E;
wolfSSL 7:481bce714567 516 }
wolfSSL 7:481bce714567 517 return SSL_SUCCESS;
wolfSSL 7:481bce714567 518 }
wolfSSL 7:481bce714567 519
wolfSSL 7:481bce714567 520
wolfSSL 7:481bce714567 521 int wolfSSL_get_fd(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 522 {
wolfSSL 7:481bce714567 523 WOLFSSL_ENTER("SSL_get_fd");
wolfSSL 7:481bce714567 524 WOLFSSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL 7:481bce714567 525 return ssl->rfd;
wolfSSL 7:481bce714567 526 }
wolfSSL 7:481bce714567 527
wolfSSL 7:481bce714567 528
wolfSSL 7:481bce714567 529 int wolfSSL_get_using_nonblock(WOLFSSL* ssl)
wolfSSL 7:481bce714567 530 {
wolfSSL 7:481bce714567 531 WOLFSSL_ENTER("wolfSSL_get_using_nonblock");
wolfSSL 7:481bce714567 532 WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL 7:481bce714567 533 return ssl->options.usingNonblock;
wolfSSL 7:481bce714567 534 }
wolfSSL 7:481bce714567 535
wolfSSL 7:481bce714567 536
wolfSSL 7:481bce714567 537 int wolfSSL_dtls(WOLFSSL* ssl)
wolfSSL 7:481bce714567 538 {
wolfSSL 7:481bce714567 539 return ssl->options.dtls;
wolfSSL 7:481bce714567 540 }
wolfSSL 7:481bce714567 541
wolfSSL 7:481bce714567 542
wolfSSL 7:481bce714567 543 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 544 void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock)
wolfSSL 7:481bce714567 545 {
wolfSSL 7:481bce714567 546 WOLFSSL_ENTER("wolfSSL_set_using_nonblock");
wolfSSL 7:481bce714567 547 ssl->options.usingNonblock = (nonblock != 0);
wolfSSL 7:481bce714567 548 }
wolfSSL 7:481bce714567 549
wolfSSL 7:481bce714567 550
wolfSSL 7:481bce714567 551 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 7:481bce714567 552 {
wolfSSL 7:481bce714567 553 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 554 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 7:481bce714567 555 if (sa != NULL) {
wolfSSL 7:481bce714567 556 if (ssl->buffers.dtlsCtx.peer.sa != NULL)
wolfSSL 7:481bce714567 557 XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
wolfSSL 7:481bce714567 558 XMEMCPY(sa, peer, peerSz);
wolfSSL 7:481bce714567 559 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 7:481bce714567 560 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 7:481bce714567 561 return SSL_SUCCESS;
wolfSSL 7:481bce714567 562 }
wolfSSL 7:481bce714567 563 return SSL_FAILURE;
wolfSSL 7:481bce714567 564 #else
wolfSSL 7:481bce714567 565 (void)ssl;
wolfSSL 7:481bce714567 566 (void)peer;
wolfSSL 7:481bce714567 567 (void)peerSz;
wolfSSL 7:481bce714567 568 return SSL_NOT_IMPLEMENTED;
wolfSSL 7:481bce714567 569 #endif
wolfSSL 7:481bce714567 570 }
wolfSSL 7:481bce714567 571
wolfSSL 7:481bce714567 572 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 7:481bce714567 573 {
wolfSSL 7:481bce714567 574 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 575 if (ssl == NULL) {
wolfSSL 7:481bce714567 576 return SSL_FAILURE;
wolfSSL 7:481bce714567 577 }
wolfSSL 7:481bce714567 578
wolfSSL 7:481bce714567 579 if (peer != NULL && peerSz != NULL
wolfSSL 7:481bce714567 580 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz
wolfSSL 7:481bce714567 581 && ssl->buffers.dtlsCtx.peer.sa != NULL) {
wolfSSL 7:481bce714567 582 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 7:481bce714567 583 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 7:481bce714567 584 return SSL_SUCCESS;
wolfSSL 7:481bce714567 585 }
wolfSSL 7:481bce714567 586 return SSL_FAILURE;
wolfSSL 7:481bce714567 587 #else
wolfSSL 7:481bce714567 588 (void)ssl;
wolfSSL 7:481bce714567 589 (void)peer;
wolfSSL 7:481bce714567 590 (void)peerSz;
wolfSSL 7:481bce714567 591 return SSL_NOT_IMPLEMENTED;
wolfSSL 7:481bce714567 592 #endif
wolfSSL 7:481bce714567 593 }
wolfSSL 7:481bce714567 594
wolfSSL 7:481bce714567 595
wolfSSL 7:481bce714567 596 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL 7:481bce714567 597
wolfSSL 7:481bce714567 598 int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 599 {
wolfSSL 7:481bce714567 600 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
wolfSSL 7:481bce714567 601
wolfSSL 7:481bce714567 602 if (ctx == NULL)
wolfSSL 7:481bce714567 603 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 604
wolfSSL 7:481bce714567 605 ctx->dtlsSctp = 1;
wolfSSL 7:481bce714567 606 return SSL_SUCCESS;
wolfSSL 7:481bce714567 607 }
wolfSSL 7:481bce714567 608
wolfSSL 7:481bce714567 609
wolfSSL 7:481bce714567 610 int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
wolfSSL 7:481bce714567 611 {
wolfSSL 7:481bce714567 612 WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
wolfSSL 7:481bce714567 613
wolfSSL 7:481bce714567 614 if (ssl == NULL)
wolfSSL 7:481bce714567 615 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 616
wolfSSL 7:481bce714567 617 ssl->options.dtlsSctp = 1;
wolfSSL 7:481bce714567 618 return SSL_SUCCESS;
wolfSSL 7:481bce714567 619 }
wolfSSL 7:481bce714567 620
wolfSSL 7:481bce714567 621
wolfSSL 7:481bce714567 622 int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
wolfSSL 7:481bce714567 623 {
wolfSSL 7:481bce714567 624 if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
wolfSSL 7:481bce714567 625 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 626
wolfSSL 7:481bce714567 627 ctx->dtlsMtuSz = newMtu;
wolfSSL 7:481bce714567 628 return SSL_SUCCESS;
wolfSSL 7:481bce714567 629 }
wolfSSL 7:481bce714567 630
wolfSSL 7:481bce714567 631
wolfSSL 7:481bce714567 632 int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
wolfSSL 7:481bce714567 633 {
wolfSSL 7:481bce714567 634 if (ssl == NULL)
wolfSSL 7:481bce714567 635 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 636
wolfSSL 7:481bce714567 637 if (newMtu > MAX_RECORD_SIZE) {
wolfSSL 7:481bce714567 638 ssl->error = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 639 return SSL_FAILURE;
wolfSSL 7:481bce714567 640 }
wolfSSL 7:481bce714567 641
wolfSSL 7:481bce714567 642 ssl->dtlsMtuSz = newMtu;
wolfSSL 7:481bce714567 643 return SSL_SUCCESS;
wolfSSL 7:481bce714567 644 }
wolfSSL 7:481bce714567 645
wolfSSL 7:481bce714567 646
wolfSSL 7:481bce714567 647 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
wolfSSL 7:481bce714567 648
wolfSSL 7:481bce714567 649 #endif /* WOLFSSL_LEANPSK */
wolfSSL 7:481bce714567 650
wolfSSL 7:481bce714567 651
wolfSSL 7:481bce714567 652 /* return underlying connect or accept, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 653 int wolfSSL_negotiate(WOLFSSL* ssl)
wolfSSL 7:481bce714567 654 {
wolfSSL 7:481bce714567 655 int err = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 656
wolfSSL 7:481bce714567 657 WOLFSSL_ENTER("wolfSSL_negotiate");
wolfSSL 7:481bce714567 658 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 659 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 660 err = wolfSSL_accept(ssl);
wolfSSL 7:481bce714567 661 #endif
wolfSSL 7:481bce714567 662
wolfSSL 7:481bce714567 663 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 664 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 665 err = wolfSSL_connect(ssl);
wolfSSL 7:481bce714567 666 #endif
wolfSSL 7:481bce714567 667
wolfSSL 7:481bce714567 668 WOLFSSL_LEAVE("wolfSSL_negotiate", err);
wolfSSL 7:481bce714567 669
wolfSSL 7:481bce714567 670 return err;
wolfSSL 7:481bce714567 671 }
wolfSSL 7:481bce714567 672
wolfSSL 7:481bce714567 673
wolfSSL 7:481bce714567 674 WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
wolfSSL 7:481bce714567 675 {
wolfSSL 7:481bce714567 676 if (ssl) {
wolfSSL 7:481bce714567 677 return ssl->rng;
wolfSSL 7:481bce714567 678 }
wolfSSL 7:481bce714567 679
wolfSSL 7:481bce714567 680 return NULL;
wolfSSL 7:481bce714567 681 }
wolfSSL 7:481bce714567 682
wolfSSL 7:481bce714567 683
wolfSSL 7:481bce714567 684 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 685 /* object size based on build */
wolfSSL 7:481bce714567 686 int wolfSSL_GetObjectSize(void)
wolfSSL 7:481bce714567 687 {
wolfSSL 7:481bce714567 688 #ifdef SHOW_SIZES
wolfSSL 7:481bce714567 689 printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL 7:481bce714567 690 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL 7:481bce714567 691 #ifndef NO_RC4
wolfSSL 7:481bce714567 692 printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL 7:481bce714567 693 #endif
wolfSSL 7:481bce714567 694 printf(" sizeof aes = %lu\n", sizeof(Aes));
wolfSSL 7:481bce714567 695 #ifndef NO_DES3
wolfSSL 7:481bce714567 696 printf(" sizeof des3 = %lu\n", sizeof(Des3));
wolfSSL 7:481bce714567 697 #endif
wolfSSL 7:481bce714567 698 #ifndef NO_RABBIT
wolfSSL 7:481bce714567 699 printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL 7:481bce714567 700 #endif
wolfSSL 7:481bce714567 701 #ifdef HAVE_CHACHA
wolfSSL 7:481bce714567 702 printf(" sizeof chacha = %lu\n", sizeof(ChaCha));
wolfSSL 7:481bce714567 703 #endif
wolfSSL 7:481bce714567 704 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL 7:481bce714567 705 printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL 7:481bce714567 706 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL 7:481bce714567 707 #ifndef NO_MD5
wolfSSL 7:481bce714567 708 printf(" sizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL 7:481bce714567 709 #endif
wolfSSL 7:481bce714567 710 #ifndef NO_SHA
wolfSSL 7:481bce714567 711 printf(" sizeof SHA = %lu\n", sizeof(Sha));
wolfSSL 7:481bce714567 712 #endif
wolfSSL 7:481bce714567 713 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 714 printf(" sizeof SHA224 = %lu\n", sizeof(Sha224));
wolfSSL 7:481bce714567 715 #endif
wolfSSL 7:481bce714567 716 #ifndef NO_SHA256
wolfSSL 7:481bce714567 717 printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL 7:481bce714567 718 #endif
wolfSSL 7:481bce714567 719 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 720 printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL 7:481bce714567 721 #endif
wolfSSL 7:481bce714567 722 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 723 printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL 7:481bce714567 724 #endif
wolfSSL 7:481bce714567 725 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL 7:481bce714567 726 printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL 7:481bce714567 727 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL 7:481bce714567 728 #ifndef NO_RSA
wolfSSL 7:481bce714567 729 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL 7:481bce714567 730 #endif
wolfSSL 7:481bce714567 731 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 732 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL 7:481bce714567 733 #endif
wolfSSL 7:481bce714567 734 printf("sizeof WOLFSSL_CIPHER = %lu\n", sizeof(WOLFSSL_CIPHER));
wolfSSL 7:481bce714567 735 printf("sizeof WOLFSSL_SESSION = %lu\n", sizeof(WOLFSSL_SESSION));
wolfSSL 7:481bce714567 736 printf("sizeof WOLFSSL = %lu\n", sizeof(WOLFSSL));
wolfSSL 7:481bce714567 737 printf("sizeof WOLFSSL_CTX = %lu\n", sizeof(WOLFSSL_CTX));
wolfSSL 7:481bce714567 738 #endif
wolfSSL 7:481bce714567 739
wolfSSL 7:481bce714567 740 return sizeof(WOLFSSL);
wolfSSL 7:481bce714567 741 }
wolfSSL 7:481bce714567 742 #endif
wolfSSL 7:481bce714567 743
wolfSSL 7:481bce714567 744
wolfSSL 7:481bce714567 745 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 746
wolfSSL 7:481bce714567 747 int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
wolfSSL 7:481bce714567 748 unsigned char* buf, unsigned int sz,
wolfSSL 7:481bce714567 749 int flag, int max)
wolfSSL 7:481bce714567 750 {
wolfSSL 7:481bce714567 751 WOLFSSL_HEAP* heap;
wolfSSL 7:481bce714567 752 WOLFSSL_HEAP_HINT* hint;
wolfSSL 7:481bce714567 753 word32 idx = 0;
wolfSSL 7:481bce714567 754
wolfSSL 7:481bce714567 755 if (ctx == NULL || buf == NULL) {
wolfSSL 7:481bce714567 756 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 757 }
wolfSSL 7:481bce714567 758
wolfSSL 7:481bce714567 759 if (*ctx == NULL && method == NULL) {
wolfSSL 7:481bce714567 760 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 761 }
wolfSSL 7:481bce714567 762
wolfSSL 7:481bce714567 763 if (*ctx == NULL || (*ctx)->heap == NULL) {
wolfSSL 7:481bce714567 764 if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
wolfSSL 7:481bce714567 765 return BUFFER_E; /* not enough memory for structures */
wolfSSL 7:481bce714567 766 }
wolfSSL 7:481bce714567 767 heap = (WOLFSSL_HEAP*)buf;
wolfSSL 7:481bce714567 768 idx += sizeof(WOLFSSL_HEAP);
wolfSSL 7:481bce714567 769 if (wolfSSL_init_memory_heap(heap) != 0) {
wolfSSL 7:481bce714567 770 return SSL_FAILURE;
wolfSSL 7:481bce714567 771 }
wolfSSL 7:481bce714567 772 hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
wolfSSL 7:481bce714567 773 idx += sizeof(WOLFSSL_HEAP_HINT);
wolfSSL 7:481bce714567 774 XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 7:481bce714567 775 hint->memory = heap;
wolfSSL 7:481bce714567 776
wolfSSL 7:481bce714567 777 if (*ctx && (*ctx)->heap == NULL) {
wolfSSL 7:481bce714567 778 (*ctx)->heap = (void*)hint;
wolfSSL 7:481bce714567 779 }
wolfSSL 7:481bce714567 780 }
wolfSSL 7:481bce714567 781 else {
wolfSSL 7:481bce714567 782 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 783 /* do not load in memory if test has been set */
wolfSSL 7:481bce714567 784 if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 7:481bce714567 785 return SSL_SUCCESS;
wolfSSL 7:481bce714567 786 }
wolfSSL 7:481bce714567 787 #endif
wolfSSL 7:481bce714567 788 hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap);
wolfSSL 7:481bce714567 789 heap = hint->memory;
wolfSSL 7:481bce714567 790 }
wolfSSL 7:481bce714567 791
wolfSSL 7:481bce714567 792 if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) {
wolfSSL 7:481bce714567 793 WOLFSSL_MSG("Error partitioning memory");
wolfSSL 7:481bce714567 794 return SSL_FAILURE;
wolfSSL 7:481bce714567 795 }
wolfSSL 7:481bce714567 796
wolfSSL 7:481bce714567 797 /* create ctx if needed */
wolfSSL 7:481bce714567 798 if (*ctx == NULL) {
wolfSSL 7:481bce714567 799 *ctx = wolfSSL_CTX_new_ex(method(hint), hint);
wolfSSL 7:481bce714567 800 if (*ctx == NULL) {
wolfSSL 7:481bce714567 801 WOLFSSL_MSG("Error creating ctx");
wolfSSL 7:481bce714567 802 return SSL_FAILURE;
wolfSSL 7:481bce714567 803 }
wolfSSL 7:481bce714567 804 }
wolfSSL 7:481bce714567 805
wolfSSL 7:481bce714567 806 /* determine what max applies too */
wolfSSL 7:481bce714567 807 if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 7:481bce714567 808 heap->maxIO = max;
wolfSSL 7:481bce714567 809 }
wolfSSL 7:481bce714567 810 else { /* general memory used in handshakes */
wolfSSL 7:481bce714567 811 heap->maxHa = max;
wolfSSL 7:481bce714567 812 }
wolfSSL 7:481bce714567 813
wolfSSL 7:481bce714567 814 heap->flag |= flag;
wolfSSL 7:481bce714567 815
wolfSSL 7:481bce714567 816 (void)max;
wolfSSL 7:481bce714567 817 (void)method;
wolfSSL 7:481bce714567 818
wolfSSL 7:481bce714567 819 return SSL_SUCCESS;
wolfSSL 7:481bce714567 820 }
wolfSSL 7:481bce714567 821
wolfSSL 7:481bce714567 822
wolfSSL 7:481bce714567 823 int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
wolfSSL 7:481bce714567 824 {
wolfSSL 7:481bce714567 825 if (ssl == NULL) {
wolfSSL 7:481bce714567 826 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 827 }
wolfSSL 7:481bce714567 828 WOLFSSL_ENTER("wolfSSL_is_static_memory");
wolfSSL 7:481bce714567 829
wolfSSL 7:481bce714567 830 /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */
wolfSSL 7:481bce714567 831 if (mem_stats != NULL && ssl->heap != NULL) {
wolfSSL 7:481bce714567 832 WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 7:481bce714567 833 WOLFSSL_HEAP* heap = hint->memory;
wolfSSL 7:481bce714567 834 if (heap->flag & WOLFMEM_TRACK_STATS && hint->stats != NULL) {
wolfSSL 7:481bce714567 835 XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 7:481bce714567 836 }
wolfSSL 7:481bce714567 837 }
wolfSSL 7:481bce714567 838
wolfSSL 7:481bce714567 839 return (ssl->heap) ? 1 : 0;
wolfSSL 7:481bce714567 840 }
wolfSSL 7:481bce714567 841
wolfSSL 7:481bce714567 842
wolfSSL 7:481bce714567 843 int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
wolfSSL 7:481bce714567 844 {
wolfSSL 7:481bce714567 845 if (ctx == NULL) {
wolfSSL 7:481bce714567 846 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 847 }
wolfSSL 7:481bce714567 848 WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory");
wolfSSL 7:481bce714567 849
wolfSSL 7:481bce714567 850 /* fill out statistics if wanted */
wolfSSL 7:481bce714567 851 if (mem_stats != NULL && ctx->heap != NULL) {
wolfSSL 7:481bce714567 852 WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory;
wolfSSL 7:481bce714567 853 if (wolfSSL_GetMemStats(heap, mem_stats) != 1) {
wolfSSL 7:481bce714567 854 return MEMORY_E;
wolfSSL 7:481bce714567 855 }
wolfSSL 7:481bce714567 856 }
wolfSSL 7:481bce714567 857
wolfSSL 7:481bce714567 858 return (ctx->heap) ? 1 : 0;
wolfSSL 7:481bce714567 859 }
wolfSSL 7:481bce714567 860
wolfSSL 7:481bce714567 861 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 7:481bce714567 862
wolfSSL 7:481bce714567 863
wolfSSL 7:481bce714567 864 /* return max record layer size plaintext input size */
wolfSSL 7:481bce714567 865 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 866 {
wolfSSL 7:481bce714567 867 int maxSize = OUTPUT_RECORD_SIZE;
wolfSSL 7:481bce714567 868
wolfSSL 7:481bce714567 869 WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize");
wolfSSL 7:481bce714567 870
wolfSSL 7:481bce714567 871 if (ssl == NULL)
wolfSSL 7:481bce714567 872 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 873
wolfSSL 7:481bce714567 874 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 7:481bce714567 875 WOLFSSL_MSG("Handshake not complete yet");
wolfSSL 7:481bce714567 876 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 877 }
wolfSSL 7:481bce714567 878
wolfSSL 7:481bce714567 879 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 880 maxSize = min(maxSize, ssl->max_fragment);
wolfSSL 7:481bce714567 881 #endif
wolfSSL 7:481bce714567 882
wolfSSL 7:481bce714567 883 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 884 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 885 maxSize = min(maxSize, MAX_UDP_SIZE);
wolfSSL 7:481bce714567 886 }
wolfSSL 7:481bce714567 887 #endif
wolfSSL 7:481bce714567 888
wolfSSL 7:481bce714567 889 return maxSize;
wolfSSL 7:481bce714567 890 }
wolfSSL 7:481bce714567 891
wolfSSL 7:481bce714567 892
wolfSSL 7:481bce714567 893 /* return record layer size of plaintext input size */
wolfSSL 7:481bce714567 894 int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
wolfSSL 7:481bce714567 895 {
wolfSSL 7:481bce714567 896 int maxSize;
wolfSSL 7:481bce714567 897
wolfSSL 7:481bce714567 898 WOLFSSL_ENTER("wolfSSL_GetOutputSize");
wolfSSL 7:481bce714567 899
wolfSSL 7:481bce714567 900 if (inSz < 0)
wolfSSL 7:481bce714567 901 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 902
wolfSSL 7:481bce714567 903 maxSize = wolfSSL_GetMaxOutputSize(ssl);
wolfSSL 7:481bce714567 904 if (maxSize < 0)
wolfSSL 7:481bce714567 905 return maxSize; /* error */
wolfSSL 7:481bce714567 906 if (inSz > maxSize)
wolfSSL 7:481bce714567 907 return INPUT_SIZE_E;
wolfSSL 7:481bce714567 908
wolfSSL 7:481bce714567 909 return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1);
wolfSSL 7:481bce714567 910 }
wolfSSL 7:481bce714567 911
wolfSSL 7:481bce714567 912
wolfSSL 7:481bce714567 913 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 914 int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 7:481bce714567 915 {
wolfSSL 7:481bce714567 916 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 7:481bce714567 917 WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null");
wolfSSL 7:481bce714567 918 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 919 }
wolfSSL 7:481bce714567 920
wolfSSL 7:481bce714567 921 ctx->minEccKeySz = keySz / 8;
wolfSSL 7:481bce714567 922 ctx->cm->minEccKeySz = keySz / 8;
wolfSSL 7:481bce714567 923 return SSL_SUCCESS;
wolfSSL 7:481bce714567 924 }
wolfSSL 7:481bce714567 925
wolfSSL 7:481bce714567 926
wolfSSL 7:481bce714567 927 int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 7:481bce714567 928 {
wolfSSL 7:481bce714567 929 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 7:481bce714567 930 WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null");
wolfSSL 7:481bce714567 931 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 932 }
wolfSSL 7:481bce714567 933
wolfSSL 7:481bce714567 934 ssl->options.minEccKeySz = keySz / 8;
wolfSSL 7:481bce714567 935 return SSL_SUCCESS;
wolfSSL 7:481bce714567 936 }
wolfSSL 7:481bce714567 937
wolfSSL 7:481bce714567 938 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 939
wolfSSL 7:481bce714567 940 #ifndef NO_RSA
wolfSSL 7:481bce714567 941 int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 7:481bce714567 942 {
wolfSSL 7:481bce714567 943 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 7:481bce714567 944 WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null");
wolfSSL 7:481bce714567 945 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 946 }
wolfSSL 7:481bce714567 947
wolfSSL 7:481bce714567 948 ctx->minRsaKeySz = keySz / 8;
wolfSSL 7:481bce714567 949 ctx->cm->minRsaKeySz = keySz / 8;
wolfSSL 7:481bce714567 950 return SSL_SUCCESS;
wolfSSL 7:481bce714567 951 }
wolfSSL 7:481bce714567 952
wolfSSL 7:481bce714567 953
wolfSSL 7:481bce714567 954 int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 7:481bce714567 955 {
wolfSSL 7:481bce714567 956 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 7:481bce714567 957 WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null");
wolfSSL 7:481bce714567 958 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 959 }
wolfSSL 7:481bce714567 960
wolfSSL 7:481bce714567 961 ssl->options.minRsaKeySz = keySz / 8;
wolfSSL 7:481bce714567 962 return SSL_SUCCESS;
wolfSSL 7:481bce714567 963 }
wolfSSL 7:481bce714567 964 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 965
wolfSSL 7:481bce714567 966 #ifndef NO_DH
wolfSSL 7:481bce714567 967 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 968 int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
wolfSSL 7:481bce714567 969 const unsigned char* g, int gSz)
wolfSSL 7:481bce714567 970 {
wolfSSL 7:481bce714567 971 word16 havePSK = 0;
wolfSSL 7:481bce714567 972 word16 haveRSA = 1;
wolfSSL 7:481bce714567 973
wolfSSL 7:481bce714567 974 WOLFSSL_ENTER("wolfSSL_SetTmpDH");
wolfSSL 7:481bce714567 975 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 976
wolfSSL 7:481bce714567 977 if (pSz < ssl->options.minDhKeySz)
wolfSSL 7:481bce714567 978 return DH_KEY_SIZE_E;
wolfSSL 7:481bce714567 979
wolfSSL 7:481bce714567 980 if (ssl->options.side != WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 981 return SIDE_ERROR;
wolfSSL 7:481bce714567 982
wolfSSL 7:481bce714567 983 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
wolfSSL 7:481bce714567 984 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 985 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 7:481bce714567 986 }
wolfSSL 7:481bce714567 987 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
wolfSSL 7:481bce714567 988 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 989 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 7:481bce714567 990 }
wolfSSL 7:481bce714567 991
wolfSSL 7:481bce714567 992 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 7:481bce714567 993 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap,
wolfSSL 7:481bce714567 994 DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 995 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 7:481bce714567 996 return MEMORY_E;
wolfSSL 7:481bce714567 997
wolfSSL 7:481bce714567 998 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap,
wolfSSL 7:481bce714567 999 DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1000 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 7:481bce714567 1001 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1002 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 7:481bce714567 1003 return MEMORY_E;
wolfSSL 7:481bce714567 1004 }
wolfSSL 7:481bce714567 1005
wolfSSL 7:481bce714567 1006 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 7:481bce714567 1007 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 7:481bce714567 1008
wolfSSL 7:481bce714567 1009 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 7:481bce714567 1010 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 7:481bce714567 1011
wolfSSL 7:481bce714567 1012 ssl->options.haveDH = 1;
wolfSSL 7:481bce714567 1013 #ifndef NO_PSK
wolfSSL 7:481bce714567 1014 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 1015 #endif
wolfSSL 7:481bce714567 1016 #ifdef NO_RSA
wolfSSL 7:481bce714567 1017 haveRSA = 0;
wolfSSL 7:481bce714567 1018 #endif
wolfSSL 7:481bce714567 1019 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 7:481bce714567 1020 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 7:481bce714567 1021 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 7:481bce714567 1022 ssl->options.side);
wolfSSL 7:481bce714567 1023
wolfSSL 7:481bce714567 1024 WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
wolfSSL 7:481bce714567 1025 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1026 }
wolfSSL 7:481bce714567 1027
wolfSSL 7:481bce714567 1028 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1029 int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 7:481bce714567 1030 const unsigned char* g, int gSz)
wolfSSL 7:481bce714567 1031 {
wolfSSL 7:481bce714567 1032 WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
wolfSSL 7:481bce714567 1033 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1034
wolfSSL 7:481bce714567 1035 if (pSz < ctx->minDhKeySz)
wolfSSL 7:481bce714567 1036 return DH_KEY_SIZE_E;
wolfSSL 7:481bce714567 1037
wolfSSL 7:481bce714567 1038 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1039 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1040
wolfSSL 7:481bce714567 1041 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1042 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 7:481bce714567 1043 return MEMORY_E;
wolfSSL 7:481bce714567 1044
wolfSSL 7:481bce714567 1045 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1046 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 7:481bce714567 1047 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1048 return MEMORY_E;
wolfSSL 7:481bce714567 1049 }
wolfSSL 7:481bce714567 1050
wolfSSL 7:481bce714567 1051 ctx->serverDH_P.length = pSz;
wolfSSL 7:481bce714567 1052 ctx->serverDH_G.length = gSz;
wolfSSL 7:481bce714567 1053
wolfSSL 7:481bce714567 1054 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 7:481bce714567 1055 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 7:481bce714567 1056
wolfSSL 7:481bce714567 1057 ctx->haveDH = 1;
wolfSSL 7:481bce714567 1058
wolfSSL 7:481bce714567 1059 WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
wolfSSL 7:481bce714567 1060 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1061 }
wolfSSL 7:481bce714567 1062
wolfSSL 7:481bce714567 1063
wolfSSL 7:481bce714567 1064 int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
wolfSSL 7:481bce714567 1065 {
wolfSSL 7:481bce714567 1066 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 7:481bce714567 1067 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1068
wolfSSL 7:481bce714567 1069 ctx->minDhKeySz = keySz / 8;
wolfSSL 7:481bce714567 1070 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1071 }
wolfSSL 7:481bce714567 1072
wolfSSL 7:481bce714567 1073
wolfSSL 7:481bce714567 1074 int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
wolfSSL 7:481bce714567 1075 {
wolfSSL 7:481bce714567 1076 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 7:481bce714567 1077 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1078
wolfSSL 7:481bce714567 1079 ssl->options.minDhKeySz = keySz / 8;
wolfSSL 7:481bce714567 1080 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1081 }
wolfSSL 7:481bce714567 1082
wolfSSL 7:481bce714567 1083
wolfSSL 7:481bce714567 1084 int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1085 {
wolfSSL 7:481bce714567 1086 if (ssl == NULL)
wolfSSL 7:481bce714567 1087 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1088
wolfSSL 7:481bce714567 1089 return (ssl->options.dhKeySz * 8);
wolfSSL 7:481bce714567 1090 }
wolfSSL 7:481bce714567 1091
wolfSSL 7:481bce714567 1092 #endif /* !NO_DH */
wolfSSL 7:481bce714567 1093
wolfSSL 7:481bce714567 1094
wolfSSL 7:481bce714567 1095 int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 7:481bce714567 1096 {
wolfSSL 7:481bce714567 1097 int ret;
wolfSSL 7:481bce714567 1098
wolfSSL 7:481bce714567 1099 WOLFSSL_ENTER("SSL_write()");
wolfSSL 7:481bce714567 1100
wolfSSL 7:481bce714567 1101 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 7:481bce714567 1102 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1103
wolfSSL 7:481bce714567 1104 #ifdef HAVE_ERRNO_H
wolfSSL 7:481bce714567 1105 errno = 0;
wolfSSL 7:481bce714567 1106 #endif
wolfSSL 7:481bce714567 1107
wolfSSL 7:481bce714567 1108 ret = SendData(ssl, data, sz);
wolfSSL 7:481bce714567 1109
wolfSSL 7:481bce714567 1110 WOLFSSL_LEAVE("SSL_write()", ret);
wolfSSL 7:481bce714567 1111
wolfSSL 7:481bce714567 1112 if (ret < 0)
wolfSSL 7:481bce714567 1113 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1114 else
wolfSSL 7:481bce714567 1115 return ret;
wolfSSL 7:481bce714567 1116 }
wolfSSL 7:481bce714567 1117
wolfSSL 7:481bce714567 1118
wolfSSL 7:481bce714567 1119 static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
wolfSSL 7:481bce714567 1120 {
wolfSSL 7:481bce714567 1121 int ret;
wolfSSL 7:481bce714567 1122
wolfSSL 7:481bce714567 1123 WOLFSSL_ENTER("wolfSSL_read_internal()");
wolfSSL 7:481bce714567 1124
wolfSSL 7:481bce714567 1125 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 7:481bce714567 1126 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1127
wolfSSL 7:481bce714567 1128 #ifdef HAVE_ERRNO_H
wolfSSL 7:481bce714567 1129 errno = 0;
wolfSSL 7:481bce714567 1130 #endif
wolfSSL 7:481bce714567 1131
wolfSSL 7:481bce714567 1132 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 1133 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 1134 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 7:481bce714567 1135 #ifdef WOLFSSL_SCTP
wolfSSL 7:481bce714567 1136 if (ssl->options.dtlsSctp)
wolfSSL 7:481bce714567 1137 ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
wolfSSL 7:481bce714567 1138 #endif
wolfSSL 7:481bce714567 1139 }
wolfSSL 7:481bce714567 1140 #endif
wolfSSL 7:481bce714567 1141
wolfSSL 7:481bce714567 1142 sz = min(sz, OUTPUT_RECORD_SIZE);
wolfSSL 7:481bce714567 1143 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 1144 sz = min(sz, ssl->max_fragment);
wolfSSL 7:481bce714567 1145 #endif
wolfSSL 7:481bce714567 1146 ret = ReceiveData(ssl, (byte*)data, sz, peek);
wolfSSL 7:481bce714567 1147
wolfSSL 7:481bce714567 1148 WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
wolfSSL 7:481bce714567 1149
wolfSSL 7:481bce714567 1150 if (ret < 0)
wolfSSL 7:481bce714567 1151 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1152 else
wolfSSL 7:481bce714567 1153 return ret;
wolfSSL 7:481bce714567 1154 }
wolfSSL 7:481bce714567 1155
wolfSSL 7:481bce714567 1156
wolfSSL 7:481bce714567 1157 int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
wolfSSL 7:481bce714567 1158 {
wolfSSL 7:481bce714567 1159 WOLFSSL_ENTER("wolfSSL_peek()");
wolfSSL 7:481bce714567 1160
wolfSSL 7:481bce714567 1161 return wolfSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 7:481bce714567 1162 }
wolfSSL 7:481bce714567 1163
wolfSSL 7:481bce714567 1164
wolfSSL 7:481bce714567 1165 int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
wolfSSL 7:481bce714567 1166 {
wolfSSL 7:481bce714567 1167 WOLFSSL_ENTER("wolfSSL_read()");
wolfSSL 7:481bce714567 1168
wolfSSL 7:481bce714567 1169 return wolfSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 7:481bce714567 1170 }
wolfSSL 7:481bce714567 1171
wolfSSL 7:481bce714567 1172
wolfSSL 7:481bce714567 1173 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 1174
wolfSSL 7:481bce714567 1175 /* let's use async hardware, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1176 int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
wolfSSL 7:481bce714567 1177 {
wolfSSL 7:481bce714567 1178 if (ssl == NULL)
wolfSSL 7:481bce714567 1179 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1180
wolfSSL 7:481bce714567 1181 ssl->devId = devId;
wolfSSL 7:481bce714567 1182
wolfSSL 7:481bce714567 1183 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1184 }
wolfSSL 7:481bce714567 1185
wolfSSL 7:481bce714567 1186
wolfSSL 7:481bce714567 1187 /* let's use async hardware, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1188 int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
wolfSSL 7:481bce714567 1189 {
wolfSSL 7:481bce714567 1190 if (ctx == NULL)
wolfSSL 7:481bce714567 1191 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1192
wolfSSL 7:481bce714567 1193 ctx->devId = devId;
wolfSSL 7:481bce714567 1194
wolfSSL 7:481bce714567 1195 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1196 }
wolfSSL 7:481bce714567 1197
wolfSSL 7:481bce714567 1198 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 1199
wolfSSL 7:481bce714567 1200 #ifdef HAVE_SNI
wolfSSL 7:481bce714567 1201
wolfSSL 7:481bce714567 1202 int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
wolfSSL 7:481bce714567 1203 {
wolfSSL 7:481bce714567 1204 if (ssl == NULL)
wolfSSL 7:481bce714567 1205 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1206
wolfSSL 7:481bce714567 1207 return TLSX_UseSNI(&ssl->extensions, type, data, size, ssl->heap);
wolfSSL 7:481bce714567 1208 }
wolfSSL 7:481bce714567 1209
wolfSSL 7:481bce714567 1210
wolfSSL 7:481bce714567 1211 int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data,
wolfSSL 7:481bce714567 1212 word16 size)
wolfSSL 7:481bce714567 1213 {
wolfSSL 7:481bce714567 1214 if (ctx == NULL)
wolfSSL 7:481bce714567 1215 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1216
wolfSSL 7:481bce714567 1217 return TLSX_UseSNI(&ctx->extensions, type, data, size, ctx->heap);
wolfSSL 7:481bce714567 1218 }
wolfSSL 7:481bce714567 1219
wolfSSL 7:481bce714567 1220 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 1221
wolfSSL 7:481bce714567 1222 void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
wolfSSL 7:481bce714567 1223 {
wolfSSL 7:481bce714567 1224 if (ssl && ssl->extensions)
wolfSSL 7:481bce714567 1225 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 7:481bce714567 1226 }
wolfSSL 7:481bce714567 1227
wolfSSL 7:481bce714567 1228
wolfSSL 7:481bce714567 1229 void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
wolfSSL 7:481bce714567 1230 {
wolfSSL 7:481bce714567 1231 if (ctx && ctx->extensions)
wolfSSL 7:481bce714567 1232 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 7:481bce714567 1233 }
wolfSSL 7:481bce714567 1234
wolfSSL 7:481bce714567 1235
wolfSSL 7:481bce714567 1236 byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
wolfSSL 7:481bce714567 1237 {
wolfSSL 7:481bce714567 1238 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 7:481bce714567 1239 }
wolfSSL 7:481bce714567 1240
wolfSSL 7:481bce714567 1241
wolfSSL 7:481bce714567 1242 word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
wolfSSL 7:481bce714567 1243 {
wolfSSL 7:481bce714567 1244 if (data)
wolfSSL 7:481bce714567 1245 *data = NULL;
wolfSSL 7:481bce714567 1246
wolfSSL 7:481bce714567 1247 if (ssl && ssl->extensions)
wolfSSL 7:481bce714567 1248 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 7:481bce714567 1249
wolfSSL 7:481bce714567 1250 return 0;
wolfSSL 7:481bce714567 1251 }
wolfSSL 7:481bce714567 1252
wolfSSL 7:481bce714567 1253
wolfSSL 7:481bce714567 1254 int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 7:481bce714567 1255 byte type, byte* sni, word32* inOutSz)
wolfSSL 7:481bce714567 1256 {
wolfSSL 7:481bce714567 1257 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 7:481bce714567 1258 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 7:481bce714567 1259
wolfSSL 7:481bce714567 1260 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1261 }
wolfSSL 7:481bce714567 1262
wolfSSL 7:481bce714567 1263 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 1264
wolfSSL 7:481bce714567 1265 #endif /* HAVE_SNI */
wolfSSL 7:481bce714567 1266
wolfSSL 7:481bce714567 1267
wolfSSL 7:481bce714567 1268 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 1269 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 1270
wolfSSL 7:481bce714567 1271 int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
wolfSSL 7:481bce714567 1272 {
wolfSSL 7:481bce714567 1273 if (ssl == NULL)
wolfSSL 7:481bce714567 1274 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1275
wolfSSL 7:481bce714567 1276 return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap);
wolfSSL 7:481bce714567 1277 }
wolfSSL 7:481bce714567 1278
wolfSSL 7:481bce714567 1279
wolfSSL 7:481bce714567 1280 int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
wolfSSL 7:481bce714567 1281 {
wolfSSL 7:481bce714567 1282 if (ctx == NULL)
wolfSSL 7:481bce714567 1283 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1284
wolfSSL 7:481bce714567 1285 return TLSX_UseMaxFragment(&ctx->extensions, mfl, ctx->heap);
wolfSSL 7:481bce714567 1286 }
wolfSSL 7:481bce714567 1287
wolfSSL 7:481bce714567 1288 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 1289 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 7:481bce714567 1290
wolfSSL 7:481bce714567 1291 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 1292 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 1293
wolfSSL 7:481bce714567 1294 int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1295 {
wolfSSL 7:481bce714567 1296 if (ssl == NULL)
wolfSSL 7:481bce714567 1297 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1298
wolfSSL 7:481bce714567 1299 return TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 7:481bce714567 1300 }
wolfSSL 7:481bce714567 1301
wolfSSL 7:481bce714567 1302
wolfSSL 7:481bce714567 1303 int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 1304 {
wolfSSL 7:481bce714567 1305 if (ctx == NULL)
wolfSSL 7:481bce714567 1306 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1307
wolfSSL 7:481bce714567 1308 return TLSX_UseTruncatedHMAC(&ctx->extensions, ctx->heap);
wolfSSL 7:481bce714567 1309 }
wolfSSL 7:481bce714567 1310
wolfSSL 7:481bce714567 1311 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 1312 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 7:481bce714567 1313
wolfSSL 7:481bce714567 1314 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 7:481bce714567 1315
wolfSSL 7:481bce714567 1316 int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 7:481bce714567 1317 {
wolfSSL 7:481bce714567 1318 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 1319 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1320
wolfSSL 7:481bce714567 1321 return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 7:481bce714567 1322 options, ssl->heap);
wolfSSL 7:481bce714567 1323 }
wolfSSL 7:481bce714567 1324
wolfSSL 7:481bce714567 1325
wolfSSL 7:481bce714567 1326 int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
wolfSSL 7:481bce714567 1327 byte options)
wolfSSL 7:481bce714567 1328 {
wolfSSL 7:481bce714567 1329 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 1330 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1331
wolfSSL 7:481bce714567 1332 return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
wolfSSL 7:481bce714567 1333 options, ctx->heap);
wolfSSL 7:481bce714567 1334 }
wolfSSL 7:481bce714567 1335
wolfSSL 7:481bce714567 1336 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 7:481bce714567 1337
wolfSSL 7:481bce714567 1338 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 1339
wolfSSL 7:481bce714567 1340 int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 7:481bce714567 1341 {
wolfSSL 7:481bce714567 1342 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 1343 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1344
wolfSSL 7:481bce714567 1345 return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
wolfSSL 7:481bce714567 1346 options, ssl->heap);
wolfSSL 7:481bce714567 1347 }
wolfSSL 7:481bce714567 1348
wolfSSL 7:481bce714567 1349
wolfSSL 7:481bce714567 1350 int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 1351 byte status_type, byte options)
wolfSSL 7:481bce714567 1352 {
wolfSSL 7:481bce714567 1353 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 1354 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1355
wolfSSL 7:481bce714567 1356 return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
wolfSSL 7:481bce714567 1357 options, ctx->heap);
wolfSSL 7:481bce714567 1358 }
wolfSSL 7:481bce714567 1359
wolfSSL 7:481bce714567 1360 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 7:481bce714567 1361
wolfSSL 7:481bce714567 1362 /* Elliptic Curves */
wolfSSL 7:481bce714567 1363 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 7:481bce714567 1364 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 1365
wolfSSL 7:481bce714567 1366 int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
wolfSSL 7:481bce714567 1367 {
wolfSSL 7:481bce714567 1368 if (ssl == NULL)
wolfSSL 7:481bce714567 1369 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1370
wolfSSL 7:481bce714567 1371 switch (name) {
wolfSSL 7:481bce714567 1372 case WOLFSSL_ECC_SECP160K1:
wolfSSL 7:481bce714567 1373 case WOLFSSL_ECC_SECP160R1:
wolfSSL 7:481bce714567 1374 case WOLFSSL_ECC_SECP160R2:
wolfSSL 7:481bce714567 1375 case WOLFSSL_ECC_SECP192K1:
wolfSSL 7:481bce714567 1376 case WOLFSSL_ECC_SECP192R1:
wolfSSL 7:481bce714567 1377 case WOLFSSL_ECC_SECP224K1:
wolfSSL 7:481bce714567 1378 case WOLFSSL_ECC_SECP224R1:
wolfSSL 7:481bce714567 1379 case WOLFSSL_ECC_SECP256K1:
wolfSSL 7:481bce714567 1380 case WOLFSSL_ECC_SECP256R1:
wolfSSL 7:481bce714567 1381 case WOLFSSL_ECC_SECP384R1:
wolfSSL 7:481bce714567 1382 case WOLFSSL_ECC_SECP521R1:
wolfSSL 7:481bce714567 1383 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 7:481bce714567 1384 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 7:481bce714567 1385 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 7:481bce714567 1386 break;
wolfSSL 7:481bce714567 1387
wolfSSL 7:481bce714567 1388 default:
wolfSSL 7:481bce714567 1389 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1390 }
wolfSSL 7:481bce714567 1391
wolfSSL 7:481bce714567 1392 ssl->options.userCurves = 1;
wolfSSL 7:481bce714567 1393
wolfSSL 7:481bce714567 1394 return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 7:481bce714567 1395 }
wolfSSL 7:481bce714567 1396
wolfSSL 7:481bce714567 1397
wolfSSL 7:481bce714567 1398 int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
wolfSSL 7:481bce714567 1399 {
wolfSSL 7:481bce714567 1400 if (ctx == NULL)
wolfSSL 7:481bce714567 1401 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1402
wolfSSL 7:481bce714567 1403 switch (name) {
wolfSSL 7:481bce714567 1404 case WOLFSSL_ECC_SECP160K1:
wolfSSL 7:481bce714567 1405 case WOLFSSL_ECC_SECP160R1:
wolfSSL 7:481bce714567 1406 case WOLFSSL_ECC_SECP160R2:
wolfSSL 7:481bce714567 1407 case WOLFSSL_ECC_SECP192K1:
wolfSSL 7:481bce714567 1408 case WOLFSSL_ECC_SECP192R1:
wolfSSL 7:481bce714567 1409 case WOLFSSL_ECC_SECP224K1:
wolfSSL 7:481bce714567 1410 case WOLFSSL_ECC_SECP224R1:
wolfSSL 7:481bce714567 1411 case WOLFSSL_ECC_SECP256K1:
wolfSSL 7:481bce714567 1412 case WOLFSSL_ECC_SECP256R1:
wolfSSL 7:481bce714567 1413 case WOLFSSL_ECC_SECP384R1:
wolfSSL 7:481bce714567 1414 case WOLFSSL_ECC_SECP521R1:
wolfSSL 7:481bce714567 1415 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 7:481bce714567 1416 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 7:481bce714567 1417 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 7:481bce714567 1418 break;
wolfSSL 7:481bce714567 1419
wolfSSL 7:481bce714567 1420 default:
wolfSSL 7:481bce714567 1421 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1422 }
wolfSSL 7:481bce714567 1423
wolfSSL 7:481bce714567 1424 ctx->userCurves = 1;
wolfSSL 7:481bce714567 1425
wolfSSL 7:481bce714567 1426 return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap);
wolfSSL 7:481bce714567 1427 }
wolfSSL 7:481bce714567 1428
wolfSSL 7:481bce714567 1429 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 1430 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 7:481bce714567 1431
wolfSSL 7:481bce714567 1432 /* QSH quantum safe handshake */
wolfSSL 7:481bce714567 1433 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 1434 /* returns 1 if QSH has been used 0 otherwise */
wolfSSL 7:481bce714567 1435 int wolfSSL_isQSH(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1436 {
wolfSSL 7:481bce714567 1437 /* if no ssl struct than QSH was not used */
wolfSSL 7:481bce714567 1438 if (ssl == NULL)
wolfSSL 7:481bce714567 1439 return 0;
wolfSSL 7:481bce714567 1440
wolfSSL 7:481bce714567 1441 return ssl->isQSH;
wolfSSL 7:481bce714567 1442 }
wolfSSL 7:481bce714567 1443
wolfSSL 7:481bce714567 1444
wolfSSL 7:481bce714567 1445 int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
wolfSSL 7:481bce714567 1446 {
wolfSSL 7:481bce714567 1447 if (ssl == NULL)
wolfSSL 7:481bce714567 1448 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1449
wolfSSL 7:481bce714567 1450 switch (name) {
wolfSSL 7:481bce714567 1451 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 1452 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 1453 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 1454 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 1455 break;
wolfSSL 7:481bce714567 1456 #endif
wolfSSL 7:481bce714567 1457 default:
wolfSSL 7:481bce714567 1458 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1459 }
wolfSSL 7:481bce714567 1460
wolfSSL 7:481bce714567 1461 ssl->user_set_QSHSchemes = 1;
wolfSSL 7:481bce714567 1462
wolfSSL 7:481bce714567 1463 return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 7:481bce714567 1464 }
wolfSSL 7:481bce714567 1465
wolfSSL 7:481bce714567 1466 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 1467 /* user control over sending client public key in hello
wolfSSL 7:481bce714567 1468 when flag = 1 will send keys if flag is 0 or function is not called
wolfSSL 7:481bce714567 1469 then will not send keys in the hello extension
wolfSSL 7:481bce714567 1470 return 0 on success
wolfSSL 7:481bce714567 1471 */
wolfSSL 7:481bce714567 1472 int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
wolfSSL 7:481bce714567 1473 {
wolfSSL 7:481bce714567 1474 if (ssl == NULL)
wolfSSL 7:481bce714567 1475 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1476
wolfSSL 7:481bce714567 1477 ssl->sendQSHKeys = flag;
wolfSSL 7:481bce714567 1478
wolfSSL 7:481bce714567 1479 return 0;
wolfSSL 7:481bce714567 1480 }
wolfSSL 7:481bce714567 1481 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 1482 #endif /* HAVE_QSH */
wolfSSL 7:481bce714567 1483
wolfSSL 7:481bce714567 1484
wolfSSL 7:481bce714567 1485 /* Application-Layer Protocol Negotiation */
wolfSSL 7:481bce714567 1486 #ifdef HAVE_ALPN
wolfSSL 7:481bce714567 1487
wolfSSL 7:481bce714567 1488 int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
wolfSSL 7:481bce714567 1489 word32 protocol_name_listSz, byte options)
wolfSSL 7:481bce714567 1490 {
wolfSSL 7:481bce714567 1491 char *list, *ptr, *token[10];
wolfSSL 7:481bce714567 1492 word16 len;
wolfSSL 7:481bce714567 1493 int idx = 0;
wolfSSL 7:481bce714567 1494 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 1495
wolfSSL 7:481bce714567 1496 WOLFSSL_ENTER("wolfSSL_UseALPN");
wolfSSL 7:481bce714567 1497
wolfSSL 7:481bce714567 1498 if (ssl == NULL || protocol_name_list == NULL)
wolfSSL 7:481bce714567 1499 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1500
wolfSSL 7:481bce714567 1501 if (protocol_name_listSz > (WOLFSSL_MAX_ALPN_NUMBER *
wolfSSL 7:481bce714567 1502 WOLFSSL_MAX_ALPN_PROTO_NAME_LEN +
wolfSSL 7:481bce714567 1503 WOLFSSL_MAX_ALPN_NUMBER)) {
wolfSSL 7:481bce714567 1504 WOLFSSL_MSG("Invalid arguments, protocol name list too long");
wolfSSL 7:481bce714567 1505 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1506 }
wolfSSL 7:481bce714567 1507
wolfSSL 7:481bce714567 1508 if (!(options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) &&
wolfSSL 7:481bce714567 1509 !(options & WOLFSSL_ALPN_FAILED_ON_MISMATCH)) {
wolfSSL 7:481bce714567 1510 WOLFSSL_MSG("Invalid arguments, options not supported");
wolfSSL 7:481bce714567 1511 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1512 }
wolfSSL 7:481bce714567 1513
wolfSSL 7:481bce714567 1514
wolfSSL 7:481bce714567 1515 list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap,
wolfSSL 7:481bce714567 1516 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 1517 if (list == NULL) {
wolfSSL 7:481bce714567 1518 WOLFSSL_MSG("Memory failure");
wolfSSL 7:481bce714567 1519 return MEMORY_ERROR;
wolfSSL 7:481bce714567 1520 }
wolfSSL 7:481bce714567 1521
wolfSSL 7:481bce714567 1522 XMEMSET(list, 0, protocol_name_listSz+1);
wolfSSL 7:481bce714567 1523 XSTRNCPY(list, protocol_name_list, protocol_name_listSz);
wolfSSL 7:481bce714567 1524
wolfSSL 7:481bce714567 1525 /* read all protocol name from the list */
wolfSSL 7:481bce714567 1526 token[idx] = XSTRTOK(list, ",", &ptr);
wolfSSL 7:481bce714567 1527 while (token[idx] != NULL)
wolfSSL 7:481bce714567 1528 token[++idx] = XSTRTOK(NULL, ",", &ptr);
wolfSSL 7:481bce714567 1529
wolfSSL 7:481bce714567 1530 /* add protocol name list in the TLS extension in reverse order */
wolfSSL 7:481bce714567 1531 while ((idx--) > 0) {
wolfSSL 7:481bce714567 1532 len = (word16)XSTRLEN(token[idx]);
wolfSSL 7:481bce714567 1533
wolfSSL 7:481bce714567 1534 ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options,
wolfSSL 7:481bce714567 1535 ssl->heap);
wolfSSL 7:481bce714567 1536 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 1537 WOLFSSL_MSG("TLSX_UseALPN failure");
wolfSSL 7:481bce714567 1538 break;
wolfSSL 7:481bce714567 1539 }
wolfSSL 7:481bce714567 1540 }
wolfSSL 7:481bce714567 1541
wolfSSL 7:481bce714567 1542 XFREE(list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 1543
wolfSSL 7:481bce714567 1544 return ret;
wolfSSL 7:481bce714567 1545 }
wolfSSL 7:481bce714567 1546
wolfSSL 7:481bce714567 1547 int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, word16 *size)
wolfSSL 7:481bce714567 1548 {
wolfSSL 7:481bce714567 1549 return TLSX_ALPN_GetRequest(ssl ? ssl->extensions : NULL,
wolfSSL 7:481bce714567 1550 (void **)protocol_name, size);
wolfSSL 7:481bce714567 1551 }
wolfSSL 7:481bce714567 1552
wolfSSL 7:481bce714567 1553 int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
wolfSSL 7:481bce714567 1554 {
wolfSSL 7:481bce714567 1555 if (list == NULL || listSz == NULL)
wolfSSL 7:481bce714567 1556 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1557
wolfSSL 7:481bce714567 1558 if (ssl->alpn_client_list == NULL)
wolfSSL 7:481bce714567 1559 return BUFFER_ERROR;
wolfSSL 7:481bce714567 1560
wolfSSL 7:481bce714567 1561 *listSz = (word16)XSTRLEN(ssl->alpn_client_list);
wolfSSL 7:481bce714567 1562 if (*listSz == 0)
wolfSSL 7:481bce714567 1563 return BUFFER_ERROR;
wolfSSL 7:481bce714567 1564
wolfSSL 7:481bce714567 1565 *list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 7:481bce714567 1566 if (*list == NULL)
wolfSSL 7:481bce714567 1567 return MEMORY_ERROR;
wolfSSL 7:481bce714567 1568
wolfSSL 7:481bce714567 1569 XSTRNCPY(*list, ssl->alpn_client_list, (*listSz)+1);
wolfSSL 7:481bce714567 1570 (*list)[*listSz] = 0;
wolfSSL 7:481bce714567 1571
wolfSSL 7:481bce714567 1572 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1573 }
wolfSSL 7:481bce714567 1574
wolfSSL 7:481bce714567 1575
wolfSSL 7:481bce714567 1576 /* used to free memory allocated by wolfSSL_ALPN_GetPeerProtocol */
wolfSSL 7:481bce714567 1577 int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
wolfSSL 7:481bce714567 1578 {
wolfSSL 7:481bce714567 1579 if (ssl == NULL) {
wolfSSL 7:481bce714567 1580 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1581 }
wolfSSL 7:481bce714567 1582
wolfSSL 7:481bce714567 1583 XFREE(*list, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 7:481bce714567 1584 *list = NULL;
wolfSSL 7:481bce714567 1585
wolfSSL 7:481bce714567 1586 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1587 }
wolfSSL 7:481bce714567 1588
wolfSSL 7:481bce714567 1589 #endif /* HAVE_ALPN */
wolfSSL 7:481bce714567 1590
wolfSSL 7:481bce714567 1591 /* Secure Renegotiation */
wolfSSL 7:481bce714567 1592 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 1593
wolfSSL 7:481bce714567 1594 /* user is forcing ability to use secure renegotiation, we discourage it */
wolfSSL 7:481bce714567 1595 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1596 {
wolfSSL 7:481bce714567 1597 int ret = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1598
wolfSSL 7:481bce714567 1599 if (ssl)
wolfSSL 7:481bce714567 1600 ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);
wolfSSL 7:481bce714567 1601
wolfSSL 7:481bce714567 1602 if (ret == SSL_SUCCESS) {
wolfSSL 7:481bce714567 1603 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 7:481bce714567 1604
wolfSSL 7:481bce714567 1605 if (extension)
wolfSSL 7:481bce714567 1606 ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
wolfSSL 7:481bce714567 1607 }
wolfSSL 7:481bce714567 1608
wolfSSL 7:481bce714567 1609 return ret;
wolfSSL 7:481bce714567 1610 }
wolfSSL 7:481bce714567 1611
wolfSSL 7:481bce714567 1612
wolfSSL 7:481bce714567 1613 /* do a secure renegotiation handshake, user forced, we discourage */
wolfSSL 7:481bce714567 1614 int wolfSSL_Rehandshake(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1615 {
wolfSSL 7:481bce714567 1616 int ret;
wolfSSL 7:481bce714567 1617
wolfSSL 7:481bce714567 1618 if (ssl == NULL)
wolfSSL 7:481bce714567 1619 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1620
wolfSSL 7:481bce714567 1621 if (ssl->secure_renegotiation == NULL) {
wolfSSL 7:481bce714567 1622 WOLFSSL_MSG("Secure Renegotiation not forced on by user");
wolfSSL 7:481bce714567 1623 return SECURE_RENEGOTIATION_E;
wolfSSL 7:481bce714567 1624 }
wolfSSL 7:481bce714567 1625
wolfSSL 7:481bce714567 1626 if (ssl->secure_renegotiation->enabled == 0) {
wolfSSL 7:481bce714567 1627 WOLFSSL_MSG("Secure Renegotiation not enabled at extension level");
wolfSSL 7:481bce714567 1628 return SECURE_RENEGOTIATION_E;
wolfSSL 7:481bce714567 1629 }
wolfSSL 7:481bce714567 1630
wolfSSL 7:481bce714567 1631 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 7:481bce714567 1632 WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
wolfSSL 7:481bce714567 1633 return SECURE_RENEGOTIATION_E;
wolfSSL 7:481bce714567 1634 }
wolfSSL 7:481bce714567 1635
wolfSSL 7:481bce714567 1636 #ifndef NO_FORCE_SCR_SAME_SUITE
wolfSSL 7:481bce714567 1637 /* force same suite */
wolfSSL 7:481bce714567 1638 if (ssl->suites) {
wolfSSL 7:481bce714567 1639 ssl->suites->suiteSz = SUITE_LEN;
wolfSSL 7:481bce714567 1640 ssl->suites->suites[0] = ssl->options.cipherSuite0;
wolfSSL 7:481bce714567 1641 ssl->suites->suites[1] = ssl->options.cipherSuite;
wolfSSL 7:481bce714567 1642 }
wolfSSL 7:481bce714567 1643 #endif
wolfSSL 7:481bce714567 1644
wolfSSL 7:481bce714567 1645 /* reset handshake states */
wolfSSL 7:481bce714567 1646 ssl->options.serverState = NULL_STATE;
wolfSSL 7:481bce714567 1647 ssl->options.clientState = NULL_STATE;
wolfSSL 7:481bce714567 1648 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 7:481bce714567 1649 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 7:481bce714567 1650 ssl->options.handShakeState = NULL_STATE;
wolfSSL 7:481bce714567 1651 ssl->options.processReply = 0; /* TODO, move states in internal.h */
wolfSSL 7:481bce714567 1652
wolfSSL 7:481bce714567 1653 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 7:481bce714567 1654
wolfSSL 7:481bce714567 1655 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
wolfSSL 7:481bce714567 1656
wolfSSL 7:481bce714567 1657 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 1658 #ifndef NO_MD5
wolfSSL 7:481bce714567 1659 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 7:481bce714567 1660 #endif
wolfSSL 7:481bce714567 1661 #ifndef NO_SHA
wolfSSL 7:481bce714567 1662 ret = wc_InitSha(&ssl->hsHashes->hashSha);
wolfSSL 7:481bce714567 1663 if (ret !=0)
wolfSSL 7:481bce714567 1664 return ret;
wolfSSL 7:481bce714567 1665 #endif
wolfSSL 7:481bce714567 1666 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 1667 #ifndef NO_SHA256
wolfSSL 7:481bce714567 1668 ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
wolfSSL 7:481bce714567 1669 if (ret !=0)
wolfSSL 7:481bce714567 1670 return ret;
wolfSSL 7:481bce714567 1671 #endif
wolfSSL 7:481bce714567 1672 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 1673 ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
wolfSSL 7:481bce714567 1674 if (ret !=0)
wolfSSL 7:481bce714567 1675 return ret;
wolfSSL 7:481bce714567 1676 #endif
wolfSSL 7:481bce714567 1677 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 1678 ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
wolfSSL 7:481bce714567 1679 if (ret !=0)
wolfSSL 7:481bce714567 1680 return ret;
wolfSSL 7:481bce714567 1681 #endif
wolfSSL 7:481bce714567 1682
wolfSSL 7:481bce714567 1683 ret = wolfSSL_negotiate(ssl);
wolfSSL 7:481bce714567 1684 return ret;
wolfSSL 7:481bce714567 1685 }
wolfSSL 7:481bce714567 1686
wolfSSL 7:481bce714567 1687 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 7:481bce714567 1688
wolfSSL 7:481bce714567 1689 /* Session Ticket */
wolfSSL 7:481bce714567 1690 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
wolfSSL 7:481bce714567 1691 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1692 int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
wolfSSL 7:481bce714567 1693 {
wolfSSL 7:481bce714567 1694 if (ctx == NULL)
wolfSSL 7:481bce714567 1695 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1696
wolfSSL 7:481bce714567 1697 ctx->ticketEncCb = cb;
wolfSSL 7:481bce714567 1698
wolfSSL 7:481bce714567 1699 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1700 }
wolfSSL 7:481bce714567 1701
wolfSSL 7:481bce714567 1702 /* set hint interval, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1703 int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
wolfSSL 7:481bce714567 1704 {
wolfSSL 7:481bce714567 1705 if (ctx == NULL)
wolfSSL 7:481bce714567 1706 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1707
wolfSSL 7:481bce714567 1708 ctx->ticketHint = hint;
wolfSSL 7:481bce714567 1709
wolfSSL 7:481bce714567 1710 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1711 }
wolfSSL 7:481bce714567 1712
wolfSSL 7:481bce714567 1713 /* set user context, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1714 int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
wolfSSL 7:481bce714567 1715 {
wolfSSL 7:481bce714567 1716 if (ctx == NULL)
wolfSSL 7:481bce714567 1717 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1718
wolfSSL 7:481bce714567 1719 ctx->ticketEncCtx = userCtx;
wolfSSL 7:481bce714567 1720
wolfSSL 7:481bce714567 1721 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1722 }
wolfSSL 7:481bce714567 1723
wolfSSL 7:481bce714567 1724 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
wolfSSL 7:481bce714567 1725
wolfSSL 7:481bce714567 1726 /* Session Ticket */
wolfSSL 7:481bce714567 1727 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL 7:481bce714567 1728 int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1729 {
wolfSSL 7:481bce714567 1730 if (ssl == NULL)
wolfSSL 7:481bce714567 1731 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1732
wolfSSL 7:481bce714567 1733 return TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 7:481bce714567 1734 }
wolfSSL 7:481bce714567 1735
wolfSSL 7:481bce714567 1736 int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 1737 {
wolfSSL 7:481bce714567 1738 if (ctx == NULL)
wolfSSL 7:481bce714567 1739 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1740
wolfSSL 7:481bce714567 1741 return TLSX_UseSessionTicket(&ctx->extensions, NULL, ctx->heap);
wolfSSL 7:481bce714567 1742 }
wolfSSL 7:481bce714567 1743
wolfSSL 7:481bce714567 1744 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
wolfSSL 7:481bce714567 1745 byte* buf, word32* bufSz)
wolfSSL 7:481bce714567 1746 {
wolfSSL 7:481bce714567 1747 if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
wolfSSL 7:481bce714567 1748 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1749
wolfSSL 7:481bce714567 1750 if (ssl->session.ticketLen <= *bufSz) {
wolfSSL 7:481bce714567 1751 XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 7:481bce714567 1752 *bufSz = ssl->session.ticketLen;
wolfSSL 7:481bce714567 1753 }
wolfSSL 7:481bce714567 1754 else
wolfSSL 7:481bce714567 1755 *bufSz = 0;
wolfSSL 7:481bce714567 1756
wolfSSL 7:481bce714567 1757 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1758 }
wolfSSL 7:481bce714567 1759
wolfSSL 7:481bce714567 1760 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
wolfSSL 7:481bce714567 1761 {
wolfSSL 7:481bce714567 1762 if (ssl == NULL || (buf == NULL && bufSz > 0))
wolfSSL 7:481bce714567 1763 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1764
wolfSSL 7:481bce714567 1765 if (bufSz > 0) {
wolfSSL 7:481bce714567 1766 /* Ticket will fit into static ticket */
wolfSSL 7:481bce714567 1767 if(bufSz <= SESSION_TICKET_LEN) {
wolfSSL 7:481bce714567 1768 if (ssl->session.isDynamic) {
wolfSSL 7:481bce714567 1769 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 1770 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 1771 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 1772 }
wolfSSL 7:481bce714567 1773 } else { /* Ticket requires dynamic ticket storage */
wolfSSL 7:481bce714567 1774 if (ssl->session.ticketLen < bufSz) { /* is dyn buffer big enough */
wolfSSL 7:481bce714567 1775 if(ssl->session.isDynamic)
wolfSSL 7:481bce714567 1776 XFREE(ssl->session.ticket, ssl->heap,
wolfSSL 7:481bce714567 1777 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 1778 ssl->session.ticket = (byte*)XMALLOC(bufSz, ssl->heap,
wolfSSL 7:481bce714567 1779 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 1780 if(!ssl->session.ticket) {
wolfSSL 7:481bce714567 1781 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 1782 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 1783 return MEMORY_ERROR;
wolfSSL 7:481bce714567 1784 }
wolfSSL 7:481bce714567 1785 ssl->session.isDynamic = 1;
wolfSSL 7:481bce714567 1786 }
wolfSSL 7:481bce714567 1787 }
wolfSSL 7:481bce714567 1788 XMEMCPY(ssl->session.ticket, buf, bufSz);
wolfSSL 7:481bce714567 1789 }
wolfSSL 7:481bce714567 1790 ssl->session.ticketLen = (word16)bufSz;
wolfSSL 7:481bce714567 1791
wolfSSL 7:481bce714567 1792 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1793 }
wolfSSL 7:481bce714567 1794
wolfSSL 7:481bce714567 1795
wolfSSL 7:481bce714567 1796 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
wolfSSL 7:481bce714567 1797 CallbackSessionTicket cb, void* ctx)
wolfSSL 7:481bce714567 1798 {
wolfSSL 7:481bce714567 1799 if (ssl == NULL)
wolfSSL 7:481bce714567 1800 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1801
wolfSSL 7:481bce714567 1802 ssl->session_ticket_cb = cb;
wolfSSL 7:481bce714567 1803 ssl->session_ticket_ctx = ctx;
wolfSSL 7:481bce714567 1804
wolfSSL 7:481bce714567 1805 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1806 }
wolfSSL 7:481bce714567 1807 #endif
wolfSSL 7:481bce714567 1808
wolfSSL 7:481bce714567 1809
wolfSSL 7:481bce714567 1810 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 1811 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 1812
wolfSSL 7:481bce714567 1813 int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 1814 {
wolfSSL 7:481bce714567 1815 if (ctx == NULL)
wolfSSL 7:481bce714567 1816 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1817
wolfSSL 7:481bce714567 1818 ctx->haveEMS = 0;
wolfSSL 7:481bce714567 1819
wolfSSL 7:481bce714567 1820 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1821 }
wolfSSL 7:481bce714567 1822
wolfSSL 7:481bce714567 1823
wolfSSL 7:481bce714567 1824 int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1825 {
wolfSSL 7:481bce714567 1826 if (ssl == NULL)
wolfSSL 7:481bce714567 1827 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1828
wolfSSL 7:481bce714567 1829 ssl->options.haveEMS = 0;
wolfSSL 7:481bce714567 1830
wolfSSL 7:481bce714567 1831 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1832 }
wolfSSL 7:481bce714567 1833
wolfSSL 7:481bce714567 1834 #endif
wolfSSL 7:481bce714567 1835 #endif
wolfSSL 7:481bce714567 1836
wolfSSL 7:481bce714567 1837
wolfSSL 7:481bce714567 1838 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 1839
wolfSSL 7:481bce714567 1840 int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
wolfSSL 7:481bce714567 1841 {
wolfSSL 7:481bce714567 1842 int ret;
wolfSSL 7:481bce714567 1843 int oldFlags;
wolfSSL 7:481bce714567 1844
wolfSSL 7:481bce714567 1845 WOLFSSL_ENTER("wolfSSL_send()");
wolfSSL 7:481bce714567 1846
wolfSSL 7:481bce714567 1847 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 7:481bce714567 1848 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1849
wolfSSL 7:481bce714567 1850 oldFlags = ssl->wflags;
wolfSSL 7:481bce714567 1851
wolfSSL 7:481bce714567 1852 ssl->wflags = flags;
wolfSSL 7:481bce714567 1853 ret = wolfSSL_write(ssl, data, sz);
wolfSSL 7:481bce714567 1854 ssl->wflags = oldFlags;
wolfSSL 7:481bce714567 1855
wolfSSL 7:481bce714567 1856 WOLFSSL_LEAVE("wolfSSL_send()", ret);
wolfSSL 7:481bce714567 1857
wolfSSL 7:481bce714567 1858 return ret;
wolfSSL 7:481bce714567 1859 }
wolfSSL 7:481bce714567 1860
wolfSSL 7:481bce714567 1861
wolfSSL 7:481bce714567 1862 int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
wolfSSL 7:481bce714567 1863 {
wolfSSL 7:481bce714567 1864 int ret;
wolfSSL 7:481bce714567 1865 int oldFlags;
wolfSSL 7:481bce714567 1866
wolfSSL 7:481bce714567 1867 WOLFSSL_ENTER("wolfSSL_recv()");
wolfSSL 7:481bce714567 1868
wolfSSL 7:481bce714567 1869 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 7:481bce714567 1870 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1871
wolfSSL 7:481bce714567 1872 oldFlags = ssl->rflags;
wolfSSL 7:481bce714567 1873
wolfSSL 7:481bce714567 1874 ssl->rflags = flags;
wolfSSL 7:481bce714567 1875 ret = wolfSSL_read(ssl, data, sz);
wolfSSL 7:481bce714567 1876 ssl->rflags = oldFlags;
wolfSSL 7:481bce714567 1877
wolfSSL 7:481bce714567 1878 WOLFSSL_LEAVE("wolfSSL_recv()", ret);
wolfSSL 7:481bce714567 1879
wolfSSL 7:481bce714567 1880 return ret;
wolfSSL 7:481bce714567 1881 }
wolfSSL 7:481bce714567 1882 #endif
wolfSSL 7:481bce714567 1883
wolfSSL 7:481bce714567 1884
wolfSSL 7:481bce714567 1885 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1886 int wolfSSL_shutdown(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1887 {
wolfSSL 7:481bce714567 1888 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1889 byte tmp;
wolfSSL 7:481bce714567 1890 WOLFSSL_ENTER("SSL_shutdown()");
wolfSSL 7:481bce714567 1891
wolfSSL 7:481bce714567 1892 if (ssl == NULL)
wolfSSL 7:481bce714567 1893 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1894
wolfSSL 7:481bce714567 1895 if (ssl->options.quietShutdown) {
wolfSSL 7:481bce714567 1896 WOLFSSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 7:481bce714567 1897 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1898 }
wolfSSL 7:481bce714567 1899
wolfSSL 7:481bce714567 1900 /* try to send close notify, not an error if can't */
wolfSSL 7:481bce714567 1901 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 7:481bce714567 1902 !ssl->options.sentNotify) {
wolfSSL 7:481bce714567 1903 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 7:481bce714567 1904 if (ssl->error < 0) {
wolfSSL 7:481bce714567 1905 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 1906 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1907 }
wolfSSL 7:481bce714567 1908 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 7:481bce714567 1909 if (ssl->options.closeNotify)
wolfSSL 7:481bce714567 1910 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 1911 else
wolfSSL 7:481bce714567 1912 ret = SSL_SHUTDOWN_NOT_DONE;
wolfSSL 7:481bce714567 1913
wolfSSL 7:481bce714567 1914 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 7:481bce714567 1915 return ret;
wolfSSL 7:481bce714567 1916 }
wolfSSL 7:481bce714567 1917
wolfSSL 7:481bce714567 1918 /* call wolfSSL_shutdown again for bidirectional shutdown */
wolfSSL 7:481bce714567 1919 if (ssl->options.sentNotify && !ssl->options.closeNotify) {
wolfSSL 7:481bce714567 1920 ret = wolfSSL_read(ssl, &tmp, 0);
wolfSSL 7:481bce714567 1921 if (ret < 0) {
wolfSSL 7:481bce714567 1922 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 1923 ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 1924 } else if (ssl->options.closeNotify) {
wolfSSL 7:481bce714567 1925 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL 7:481bce714567 1926 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 1927 }
wolfSSL 7:481bce714567 1928 }
wolfSSL 7:481bce714567 1929
wolfSSL 7:481bce714567 1930 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 7:481bce714567 1931
wolfSSL 7:481bce714567 1932 return ret;
wolfSSL 7:481bce714567 1933 }
wolfSSL 7:481bce714567 1934
wolfSSL 7:481bce714567 1935
wolfSSL 7:481bce714567 1936 /* get current error state value */
wolfSSL 7:481bce714567 1937 int wolfSSL_state(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1938 {
wolfSSL 7:481bce714567 1939 if (ssl == NULL) {
wolfSSL 7:481bce714567 1940 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1941 }
wolfSSL 7:481bce714567 1942
wolfSSL 7:481bce714567 1943 return ssl->error;
wolfSSL 7:481bce714567 1944 }
wolfSSL 7:481bce714567 1945
wolfSSL 7:481bce714567 1946
wolfSSL 7:481bce714567 1947 int wolfSSL_get_error(WOLFSSL* ssl, int ret)
wolfSSL 7:481bce714567 1948 {
wolfSSL 7:481bce714567 1949 WOLFSSL_ENTER("SSL_get_error");
wolfSSL 7:481bce714567 1950
wolfSSL 7:481bce714567 1951 if (ret > 0)
wolfSSL 7:481bce714567 1952 return SSL_ERROR_NONE;
wolfSSL 7:481bce714567 1953 if (ssl == NULL)
wolfSSL 7:481bce714567 1954 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1955
wolfSSL 7:481bce714567 1956 WOLFSSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 7:481bce714567 1957
wolfSSL 7:481bce714567 1958 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 7:481bce714567 1959 if (ssl->error == WANT_READ)
wolfSSL 7:481bce714567 1960 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 7:481bce714567 1961 else if (ssl->error == WANT_WRITE)
wolfSSL 7:481bce714567 1962 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 7:481bce714567 1963 else if (ssl->error == ZERO_RETURN)
wolfSSL 7:481bce714567 1964 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 7:481bce714567 1965 return ssl->error;
wolfSSL 7:481bce714567 1966 }
wolfSSL 7:481bce714567 1967
wolfSSL 7:481bce714567 1968
wolfSSL 7:481bce714567 1969 /* retrive alert history, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 1970 int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
wolfSSL 7:481bce714567 1971 {
wolfSSL 7:481bce714567 1972 if (ssl && h) {
wolfSSL 7:481bce714567 1973 *h = ssl->alert_history;
wolfSSL 7:481bce714567 1974 }
wolfSSL 7:481bce714567 1975 return SSL_SUCCESS;
wolfSSL 7:481bce714567 1976 }
wolfSSL 7:481bce714567 1977
wolfSSL 7:481bce714567 1978
wolfSSL 7:481bce714567 1979 /* return TRUE if current error is want read */
wolfSSL 7:481bce714567 1980 int wolfSSL_want_read(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1981 {
wolfSSL 7:481bce714567 1982 WOLFSSL_ENTER("SSL_want_read");
wolfSSL 7:481bce714567 1983 if (ssl->error == WANT_READ)
wolfSSL 7:481bce714567 1984 return 1;
wolfSSL 7:481bce714567 1985
wolfSSL 7:481bce714567 1986 return 0;
wolfSSL 7:481bce714567 1987 }
wolfSSL 7:481bce714567 1988
wolfSSL 7:481bce714567 1989
wolfSSL 7:481bce714567 1990 /* return TRUE if current error is want write */
wolfSSL 7:481bce714567 1991 int wolfSSL_want_write(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1992 {
wolfSSL 7:481bce714567 1993 WOLFSSL_ENTER("SSL_want_write");
wolfSSL 7:481bce714567 1994 if (ssl->error == WANT_WRITE)
wolfSSL 7:481bce714567 1995 return 1;
wolfSSL 7:481bce714567 1996
wolfSSL 7:481bce714567 1997 return 0;
wolfSSL 7:481bce714567 1998 }
wolfSSL 7:481bce714567 1999
wolfSSL 7:481bce714567 2000
wolfSSL 7:481bce714567 2001 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 7:481bce714567 2002 {
wolfSSL 7:481bce714567 2003 static const char* msg = "Please supply a buffer for error string";
wolfSSL 7:481bce714567 2004
wolfSSL 7:481bce714567 2005 WOLFSSL_ENTER("ERR_error_string");
wolfSSL 7:481bce714567 2006 if (data) {
wolfSSL 7:481bce714567 2007 SetErrorString((int)errNumber, data);
wolfSSL 7:481bce714567 2008 return data;
wolfSSL 7:481bce714567 2009 }
wolfSSL 7:481bce714567 2010
wolfSSL 7:481bce714567 2011 return (char*)msg;
wolfSSL 7:481bce714567 2012 }
wolfSSL 7:481bce714567 2013
wolfSSL 7:481bce714567 2014
wolfSSL 7:481bce714567 2015 void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 7:481bce714567 2016 {
wolfSSL 7:481bce714567 2017 WOLFSSL_ENTER("wolfSSL_ERR_error_string_n");
wolfSSL 7:481bce714567 2018 if (len >= WOLFSSL_MAX_ERROR_SZ)
wolfSSL 7:481bce714567 2019 wolfSSL_ERR_error_string(e, buf);
wolfSSL 7:481bce714567 2020 else {
wolfSSL 7:481bce714567 2021 char tmp[WOLFSSL_MAX_ERROR_SZ];
wolfSSL 7:481bce714567 2022
wolfSSL 7:481bce714567 2023 WOLFSSL_MSG("Error buffer too short, truncating");
wolfSSL 7:481bce714567 2024 if (len) {
wolfSSL 7:481bce714567 2025 wolfSSL_ERR_error_string(e, tmp);
wolfSSL 7:481bce714567 2026 XMEMCPY(buf, tmp, len-1);
wolfSSL 7:481bce714567 2027 buf[len-1] = '\0';
wolfSSL 7:481bce714567 2028 }
wolfSSL 7:481bce714567 2029 }
wolfSSL 7:481bce714567 2030 }
wolfSSL 7:481bce714567 2031
wolfSSL 7:481bce714567 2032
wolfSSL 7:481bce714567 2033 /* don't free temporary arrays at end of handshake */
wolfSSL 7:481bce714567 2034 void wolfSSL_KeepArrays(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2035 {
wolfSSL 7:481bce714567 2036 if (ssl)
wolfSSL 7:481bce714567 2037 ssl->options.saveArrays = 1;
wolfSSL 7:481bce714567 2038 }
wolfSSL 7:481bce714567 2039
wolfSSL 7:481bce714567 2040
wolfSSL 7:481bce714567 2041 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 7:481bce714567 2042 void wolfSSL_FreeArrays(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2043 {
wolfSSL 7:481bce714567 2044 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 7:481bce714567 2045 ssl->options.saveArrays = 0;
wolfSSL 7:481bce714567 2046 FreeArrays(ssl, 1);
wolfSSL 7:481bce714567 2047 }
wolfSSL 7:481bce714567 2048 }
wolfSSL 7:481bce714567 2049
wolfSSL 7:481bce714567 2050
wolfSSL 7:481bce714567 2051 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
wolfSSL 7:481bce714567 2052 {
wolfSSL 7:481bce714567 2053 if (ssl == NULL)
wolfSSL 7:481bce714567 2054 return NULL;
wolfSSL 7:481bce714567 2055
wolfSSL 7:481bce714567 2056 if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
wolfSSL 7:481bce714567 2057 (ssl->options.side == WOLFSSL_SERVER_END && verify) )
wolfSSL 7:481bce714567 2058 return ssl->keys.client_write_MAC_secret;
wolfSSL 7:481bce714567 2059 else
wolfSSL 7:481bce714567 2060 return ssl->keys.server_write_MAC_secret;
wolfSSL 7:481bce714567 2061 }
wolfSSL 7:481bce714567 2062
wolfSSL 7:481bce714567 2063
wolfSSL 7:481bce714567 2064 #ifdef ATOMIC_USER
wolfSSL 7:481bce714567 2065
wolfSSL 7:481bce714567 2066 void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 7:481bce714567 2067 {
wolfSSL 7:481bce714567 2068 if (ctx)
wolfSSL 7:481bce714567 2069 ctx->MacEncryptCb = cb;
wolfSSL 7:481bce714567 2070 }
wolfSSL 7:481bce714567 2071
wolfSSL 7:481bce714567 2072
wolfSSL 7:481bce714567 2073 void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 2074 {
wolfSSL 7:481bce714567 2075 if (ssl)
wolfSSL 7:481bce714567 2076 ssl->MacEncryptCtx = ctx;
wolfSSL 7:481bce714567 2077 }
wolfSSL 7:481bce714567 2078
wolfSSL 7:481bce714567 2079
wolfSSL 7:481bce714567 2080 void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2081 {
wolfSSL 7:481bce714567 2082 if (ssl)
wolfSSL 7:481bce714567 2083 return ssl->MacEncryptCtx;
wolfSSL 7:481bce714567 2084
wolfSSL 7:481bce714567 2085 return NULL;
wolfSSL 7:481bce714567 2086 }
wolfSSL 7:481bce714567 2087
wolfSSL 7:481bce714567 2088
wolfSSL 7:481bce714567 2089 void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 7:481bce714567 2090 {
wolfSSL 7:481bce714567 2091 if (ctx)
wolfSSL 7:481bce714567 2092 ctx->DecryptVerifyCb = cb;
wolfSSL 7:481bce714567 2093 }
wolfSSL 7:481bce714567 2094
wolfSSL 7:481bce714567 2095
wolfSSL 7:481bce714567 2096 void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 2097 {
wolfSSL 7:481bce714567 2098 if (ssl)
wolfSSL 7:481bce714567 2099 ssl->DecryptVerifyCtx = ctx;
wolfSSL 7:481bce714567 2100 }
wolfSSL 7:481bce714567 2101
wolfSSL 7:481bce714567 2102
wolfSSL 7:481bce714567 2103 void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2104 {
wolfSSL 7:481bce714567 2105 if (ssl)
wolfSSL 7:481bce714567 2106 return ssl->DecryptVerifyCtx;
wolfSSL 7:481bce714567 2107
wolfSSL 7:481bce714567 2108 return NULL;
wolfSSL 7:481bce714567 2109 }
wolfSSL 7:481bce714567 2110
wolfSSL 7:481bce714567 2111
wolfSSL 7:481bce714567 2112 const byte* wolfSSL_GetClientWriteKey(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2113 {
wolfSSL 7:481bce714567 2114 if (ssl)
wolfSSL 7:481bce714567 2115 return ssl->keys.client_write_key;
wolfSSL 7:481bce714567 2116
wolfSSL 7:481bce714567 2117 return NULL;
wolfSSL 7:481bce714567 2118 }
wolfSSL 7:481bce714567 2119
wolfSSL 7:481bce714567 2120
wolfSSL 7:481bce714567 2121 const byte* wolfSSL_GetClientWriteIV(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2122 {
wolfSSL 7:481bce714567 2123 if (ssl)
wolfSSL 7:481bce714567 2124 return ssl->keys.client_write_IV;
wolfSSL 7:481bce714567 2125
wolfSSL 7:481bce714567 2126 return NULL;
wolfSSL 7:481bce714567 2127 }
wolfSSL 7:481bce714567 2128
wolfSSL 7:481bce714567 2129
wolfSSL 7:481bce714567 2130 const byte* wolfSSL_GetServerWriteKey(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2131 {
wolfSSL 7:481bce714567 2132 if (ssl)
wolfSSL 7:481bce714567 2133 return ssl->keys.server_write_key;
wolfSSL 7:481bce714567 2134
wolfSSL 7:481bce714567 2135 return NULL;
wolfSSL 7:481bce714567 2136 }
wolfSSL 7:481bce714567 2137
wolfSSL 7:481bce714567 2138
wolfSSL 7:481bce714567 2139 const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2140 {
wolfSSL 7:481bce714567 2141 if (ssl)
wolfSSL 7:481bce714567 2142 return ssl->keys.server_write_IV;
wolfSSL 7:481bce714567 2143
wolfSSL 7:481bce714567 2144 return NULL;
wolfSSL 7:481bce714567 2145 }
wolfSSL 7:481bce714567 2146
wolfSSL 7:481bce714567 2147 int wolfSSL_GetKeySize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2148 {
wolfSSL 7:481bce714567 2149 if (ssl)
wolfSSL 7:481bce714567 2150 return ssl->specs.key_size;
wolfSSL 7:481bce714567 2151
wolfSSL 7:481bce714567 2152 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2153 }
wolfSSL 7:481bce714567 2154
wolfSSL 7:481bce714567 2155
wolfSSL 7:481bce714567 2156 int wolfSSL_GetIVSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2157 {
wolfSSL 7:481bce714567 2158 if (ssl)
wolfSSL 7:481bce714567 2159 return ssl->specs.iv_size;
wolfSSL 7:481bce714567 2160
wolfSSL 7:481bce714567 2161 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2162 }
wolfSSL 7:481bce714567 2163
wolfSSL 7:481bce714567 2164
wolfSSL 7:481bce714567 2165 int wolfSSL_GetBulkCipher(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2166 {
wolfSSL 7:481bce714567 2167 if (ssl)
wolfSSL 7:481bce714567 2168 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 7:481bce714567 2169
wolfSSL 7:481bce714567 2170 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2171 }
wolfSSL 7:481bce714567 2172
wolfSSL 7:481bce714567 2173
wolfSSL 7:481bce714567 2174 int wolfSSL_GetCipherType(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2175 {
wolfSSL 7:481bce714567 2176 if (ssl == NULL)
wolfSSL 7:481bce714567 2177 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2178
wolfSSL 7:481bce714567 2179 if (ssl->specs.cipher_type == block)
wolfSSL 7:481bce714567 2180 return WOLFSSL_BLOCK_TYPE;
wolfSSL 7:481bce714567 2181 if (ssl->specs.cipher_type == stream)
wolfSSL 7:481bce714567 2182 return WOLFSSL_STREAM_TYPE;
wolfSSL 7:481bce714567 2183 if (ssl->specs.cipher_type == aead)
wolfSSL 7:481bce714567 2184 return WOLFSSL_AEAD_TYPE;
wolfSSL 7:481bce714567 2185
wolfSSL 7:481bce714567 2186 return -1;
wolfSSL 7:481bce714567 2187 }
wolfSSL 7:481bce714567 2188
wolfSSL 7:481bce714567 2189
wolfSSL 7:481bce714567 2190 int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2191 {
wolfSSL 7:481bce714567 2192 if (ssl == NULL)
wolfSSL 7:481bce714567 2193 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2194
wolfSSL 7:481bce714567 2195 return ssl->specs.block_size;
wolfSSL 7:481bce714567 2196 }
wolfSSL 7:481bce714567 2197
wolfSSL 7:481bce714567 2198
wolfSSL 7:481bce714567 2199 int wolfSSL_GetAeadMacSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2200 {
wolfSSL 7:481bce714567 2201 if (ssl == NULL)
wolfSSL 7:481bce714567 2202 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2203
wolfSSL 7:481bce714567 2204 return ssl->specs.aead_mac_size;
wolfSSL 7:481bce714567 2205 }
wolfSSL 7:481bce714567 2206
wolfSSL 7:481bce714567 2207
wolfSSL 7:481bce714567 2208 int wolfSSL_IsTLSv1_1(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2209 {
wolfSSL 7:481bce714567 2210 if (ssl == NULL)
wolfSSL 7:481bce714567 2211 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2212
wolfSSL 7:481bce714567 2213 if (ssl->options.tls1_1)
wolfSSL 7:481bce714567 2214 return 1;
wolfSSL 7:481bce714567 2215
wolfSSL 7:481bce714567 2216 return 0;
wolfSSL 7:481bce714567 2217 }
wolfSSL 7:481bce714567 2218
wolfSSL 7:481bce714567 2219
wolfSSL 7:481bce714567 2220 int wolfSSL_GetSide(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2221 {
wolfSSL 7:481bce714567 2222 if (ssl)
wolfSSL 7:481bce714567 2223 return ssl->options.side;
wolfSSL 7:481bce714567 2224
wolfSSL 7:481bce714567 2225 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2226 }
wolfSSL 7:481bce714567 2227
wolfSSL 7:481bce714567 2228
wolfSSL 7:481bce714567 2229 int wolfSSL_GetHmacSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2230 {
wolfSSL 7:481bce714567 2231 /* AEAD ciphers don't have HMAC keys */
wolfSSL 7:481bce714567 2232 if (ssl)
wolfSSL 7:481bce714567 2233 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 7:481bce714567 2234
wolfSSL 7:481bce714567 2235 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2236 }
wolfSSL 7:481bce714567 2237
wolfSSL 7:481bce714567 2238 #endif /* ATOMIC_USER */
wolfSSL 7:481bce714567 2239
wolfSSL 7:481bce714567 2240 #ifndef NO_CERTS
wolfSSL 7:481bce714567 2241
wolfSSL 7:481bce714567 2242 int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
wolfSSL 7:481bce714567 2243 {
wolfSSL 7:481bce714567 2244 int ret = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2245 if (pDer) {
wolfSSL 7:481bce714567 2246 int dynType = 0;
wolfSSL 7:481bce714567 2247 DerBuffer* der;
wolfSSL 7:481bce714567 2248
wolfSSL 7:481bce714567 2249 /* Determine dynamic type */
wolfSSL 7:481bce714567 2250 switch (type) {
wolfSSL 7:481bce714567 2251 case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;
wolfSSL 7:481bce714567 2252 case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
wolfSSL 7:481bce714567 2253 case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;
wolfSSL 7:481bce714567 2254 case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;
wolfSSL 7:481bce714567 2255 case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;
wolfSSL 7:481bce714567 2256 case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;
wolfSSL 7:481bce714567 2257 default: dynType = DYNAMIC_TYPE_KEY; break;
wolfSSL 7:481bce714567 2258 }
wolfSSL 7:481bce714567 2259
wolfSSL 7:481bce714567 2260 /* Setup new buffer */
wolfSSL 7:481bce714567 2261 *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
wolfSSL 7:481bce714567 2262 if (*pDer == NULL) {
wolfSSL 7:481bce714567 2263 return MEMORY_ERROR;
wolfSSL 7:481bce714567 2264 }
wolfSSL 7:481bce714567 2265
wolfSSL 7:481bce714567 2266 der = *pDer;
wolfSSL 7:481bce714567 2267 der->type = type;
wolfSSL 7:481bce714567 2268 der->dynType = dynType; /* Cache this for FreeDer */
wolfSSL 7:481bce714567 2269 der->heap = heap;
wolfSSL 7:481bce714567 2270 der->buffer = (byte*)der + sizeof(DerBuffer);
wolfSSL 7:481bce714567 2271 der->length = length;
wolfSSL 7:481bce714567 2272 ret = 0; /* Success */
wolfSSL 7:481bce714567 2273 }
wolfSSL 7:481bce714567 2274 return ret;
wolfSSL 7:481bce714567 2275 }
wolfSSL 7:481bce714567 2276
wolfSSL 7:481bce714567 2277 void FreeDer(DerBuffer** pDer)
wolfSSL 7:481bce714567 2278 {
wolfSSL 7:481bce714567 2279 if (pDer && *pDer)
wolfSSL 7:481bce714567 2280 {
wolfSSL 7:481bce714567 2281 DerBuffer* der = (DerBuffer*)*pDer;
wolfSSL 7:481bce714567 2282
wolfSSL 7:481bce714567 2283 /* ForceZero private keys */
wolfSSL 7:481bce714567 2284 if (der->type == PRIVATEKEY_TYPE) {
wolfSSL 7:481bce714567 2285 ForceZero(der->buffer, der->length);
wolfSSL 7:481bce714567 2286 }
wolfSSL 7:481bce714567 2287 der->buffer = NULL;
wolfSSL 7:481bce714567 2288 der->length = 0;
wolfSSL 7:481bce714567 2289 XFREE(der, der->heap, der->dynType);
wolfSSL 7:481bce714567 2290
wolfSSL 7:481bce714567 2291 *pDer = NULL;
wolfSSL 7:481bce714567 2292 }
wolfSSL 7:481bce714567 2293 }
wolfSSL 7:481bce714567 2294
wolfSSL 7:481bce714567 2295
wolfSSL 7:481bce714567 2296 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
wolfSSL 7:481bce714567 2297 {
wolfSSL 7:481bce714567 2298 WOLFSSL_CERT_MANAGER* cm = NULL;
wolfSSL 7:481bce714567 2299
wolfSSL 7:481bce714567 2300 WOLFSSL_ENTER("wolfSSL_CertManagerNew");
wolfSSL 7:481bce714567 2301
wolfSSL 7:481bce714567 2302 cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
wolfSSL 7:481bce714567 2303 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 7:481bce714567 2304 if (cm) {
wolfSSL 7:481bce714567 2305 XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
wolfSSL 7:481bce714567 2306
wolfSSL 7:481bce714567 2307 if (wc_InitMutex(&cm->caLock) != 0) {
wolfSSL 7:481bce714567 2308 WOLFSSL_MSG("Bad mutex init");
wolfSSL 7:481bce714567 2309 wolfSSL_CertManagerFree(cm);
wolfSSL 7:481bce714567 2310 return NULL;
wolfSSL 7:481bce714567 2311 }
wolfSSL 7:481bce714567 2312
wolfSSL 7:481bce714567 2313 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 2314 if (wc_InitMutex(&cm->tpLock) != 0) {
wolfSSL 7:481bce714567 2315 WOLFSSL_MSG("Bad mutex init");
wolfSSL 7:481bce714567 2316 wolfSSL_CertManagerFree(cm);
wolfSSL 7:481bce714567 2317 return NULL;
wolfSSL 7:481bce714567 2318 }
wolfSSL 7:481bce714567 2319 #endif
wolfSSL 7:481bce714567 2320
wolfSSL 7:481bce714567 2321 /* set default minimum key size allowed */
wolfSSL 7:481bce714567 2322 #ifndef NO_RSA
wolfSSL 7:481bce714567 2323 cm->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 7:481bce714567 2324 #endif
wolfSSL 7:481bce714567 2325 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 2326 cm->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 7:481bce714567 2327 #endif
wolfSSL 7:481bce714567 2328 cm->heap = heap;
wolfSSL 7:481bce714567 2329 }
wolfSSL 7:481bce714567 2330
wolfSSL 7:481bce714567 2331 return cm;
wolfSSL 7:481bce714567 2332 }
wolfSSL 7:481bce714567 2333
wolfSSL 7:481bce714567 2334
wolfSSL 7:481bce714567 2335 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
wolfSSL 7:481bce714567 2336 {
wolfSSL 7:481bce714567 2337 return wolfSSL_CertManagerNew_ex(NULL);
wolfSSL 7:481bce714567 2338 }
wolfSSL 7:481bce714567 2339
wolfSSL 7:481bce714567 2340
wolfSSL 7:481bce714567 2341 void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 2342 {
wolfSSL 7:481bce714567 2343 WOLFSSL_ENTER("wolfSSL_CertManagerFree");
wolfSSL 7:481bce714567 2344
wolfSSL 7:481bce714567 2345 if (cm) {
wolfSSL 7:481bce714567 2346 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 2347 if (cm->crl)
wolfSSL 7:481bce714567 2348 FreeCRL(cm->crl, 1);
wolfSSL 7:481bce714567 2349 #endif
wolfSSL 7:481bce714567 2350 #ifdef HAVE_OCSP
wolfSSL 7:481bce714567 2351 if (cm->ocsp)
wolfSSL 7:481bce714567 2352 FreeOCSP(cm->ocsp, 1);
wolfSSL 7:481bce714567 2353 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 2354 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 2355 if (cm->ocsp_stapling)
wolfSSL 7:481bce714567 2356 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 7:481bce714567 2357 #endif
wolfSSL 7:481bce714567 2358 #endif
wolfSSL 7:481bce714567 2359 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 7:481bce714567 2360 wc_FreeMutex(&cm->caLock);
wolfSSL 7:481bce714567 2361
wolfSSL 7:481bce714567 2362 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 2363 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
wolfSSL 7:481bce714567 2364 wc_FreeMutex(&cm->tpLock);
wolfSSL 7:481bce714567 2365 #endif
wolfSSL 7:481bce714567 2366
wolfSSL 7:481bce714567 2367 XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 7:481bce714567 2368 }
wolfSSL 7:481bce714567 2369
wolfSSL 7:481bce714567 2370 }
wolfSSL 7:481bce714567 2371
wolfSSL 7:481bce714567 2372
wolfSSL 7:481bce714567 2373 /* Unload the CA signer list */
wolfSSL 7:481bce714567 2374 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 2375 {
wolfSSL 7:481bce714567 2376 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
wolfSSL 7:481bce714567 2377
wolfSSL 7:481bce714567 2378 if (cm == NULL)
wolfSSL 7:481bce714567 2379 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2380
wolfSSL 7:481bce714567 2381 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 7:481bce714567 2382 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 2383
wolfSSL 7:481bce714567 2384 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 7:481bce714567 2385
wolfSSL 7:481bce714567 2386 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 2387
wolfSSL 7:481bce714567 2388
wolfSSL 7:481bce714567 2389 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2390 }
wolfSSL 7:481bce714567 2391
wolfSSL 7:481bce714567 2392
wolfSSL 7:481bce714567 2393 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 2394 int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 2395 {
wolfSSL 7:481bce714567 2396 WOLFSSL_ENTER("wolfSSL_CertManagerUnload_trust_peers");
wolfSSL 7:481bce714567 2397
wolfSSL 7:481bce714567 2398 if (cm == NULL)
wolfSSL 7:481bce714567 2399 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2400
wolfSSL 7:481bce714567 2401 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 7:481bce714567 2402 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 2403
wolfSSL 7:481bce714567 2404 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL);
wolfSSL 7:481bce714567 2405
wolfSSL 7:481bce714567 2406 wc_UnLockMutex(&cm->tpLock);
wolfSSL 7:481bce714567 2407
wolfSSL 7:481bce714567 2408
wolfSSL 7:481bce714567 2409 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2410 }
wolfSSL 7:481bce714567 2411 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 2412
wolfSSL 7:481bce714567 2413
wolfSSL 7:481bce714567 2414 /* Return bytes written to buff or < 0 for error */
wolfSSL 7:481bce714567 2415 int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 7:481bce714567 2416 unsigned char* buff, int buffSz, int type)
wolfSSL 7:481bce714567 2417 {
wolfSSL 7:481bce714567 2418 int eccKey = 0;
wolfSSL 7:481bce714567 2419 int ret;
wolfSSL 7:481bce714567 2420 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 2421 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2422 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 2423 #else
wolfSSL 7:481bce714567 2424 EncryptedInfo info[1];
wolfSSL 7:481bce714567 2425 #endif
wolfSSL 7:481bce714567 2426
wolfSSL 7:481bce714567 2427 WOLFSSL_ENTER("wolfSSL_CertPemToDer");
wolfSSL 7:481bce714567 2428
wolfSSL 7:481bce714567 2429 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 7:481bce714567 2430 WOLFSSL_MSG("Bad pem der args");
wolfSSL 7:481bce714567 2431 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2432 }
wolfSSL 7:481bce714567 2433
wolfSSL 7:481bce714567 2434 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL 7:481bce714567 2435 WOLFSSL_MSG("Bad cert type");
wolfSSL 7:481bce714567 2436 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2437 }
wolfSSL 7:481bce714567 2438
wolfSSL 7:481bce714567 2439 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2440 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 2441 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 2442 if (info == NULL)
wolfSSL 7:481bce714567 2443 return MEMORY_E;
wolfSSL 7:481bce714567 2444 #endif
wolfSSL 7:481bce714567 2445
wolfSSL 7:481bce714567 2446 info->set = 0;
wolfSSL 7:481bce714567 2447 info->ctx = NULL;
wolfSSL 7:481bce714567 2448 info->consumed = 0;
wolfSSL 7:481bce714567 2449
wolfSSL 7:481bce714567 2450 ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);
wolfSSL 7:481bce714567 2451
wolfSSL 7:481bce714567 2452 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2453 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 2454 #endif
wolfSSL 7:481bce714567 2455
wolfSSL 7:481bce714567 2456 if (ret < 0) {
wolfSSL 7:481bce714567 2457 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 7:481bce714567 2458 }
wolfSSL 7:481bce714567 2459 else {
wolfSSL 7:481bce714567 2460 if (der->length <= (word32)buffSz) {
wolfSSL 7:481bce714567 2461 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 7:481bce714567 2462 ret = der->length;
wolfSSL 7:481bce714567 2463 }
wolfSSL 7:481bce714567 2464 else {
wolfSSL 7:481bce714567 2465 WOLFSSL_MSG("Bad der length");
wolfSSL 7:481bce714567 2466 ret = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2467 }
wolfSSL 7:481bce714567 2468 }
wolfSSL 7:481bce714567 2469
wolfSSL 7:481bce714567 2470 FreeDer(&der);
wolfSSL 7:481bce714567 2471 return ret;
wolfSSL 7:481bce714567 2472 }
wolfSSL 7:481bce714567 2473
wolfSSL 7:481bce714567 2474 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 2475
wolfSSL 7:481bce714567 2476 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 7:481bce714567 2477
wolfSSL 7:481bce714567 2478 static struct cipher{
wolfSSL 7:481bce714567 2479 unsigned char type;
wolfSSL 7:481bce714567 2480 const char *name;
wolfSSL 7:481bce714567 2481 } cipher_tbl[] = {
wolfSSL 7:481bce714567 2482
wolfSSL 7:481bce714567 2483 #ifndef NO_AES
wolfSSL 7:481bce714567 2484 {AES_128_CBC_TYPE, "AES-128-CBC"},
wolfSSL 7:481bce714567 2485 {AES_192_CBC_TYPE, "AES-192-CBC"},
wolfSSL 7:481bce714567 2486 {AES_256_CBC_TYPE, "AES-256-CBC"},
wolfSSL 7:481bce714567 2487 #if defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 2488 {AES_128_CTR_TYPE, "AES-128-CTR"},
wolfSSL 7:481bce714567 2489 {AES_192_CTR_TYPE, "AES-192-CTR"},
wolfSSL 7:481bce714567 2490 {AES_256_CTR_TYPE, "AES-256-CTR"},
wolfSSL 7:481bce714567 2491
wolfSSL 7:481bce714567 2492 {AES_128_ECB_TYPE, "AES-128-ECB"},
wolfSSL 7:481bce714567 2493 {AES_192_ECB_TYPE, "AES-192-ECB"},
wolfSSL 7:481bce714567 2494 {AES_256_ECB_TYPE, "AES-256-ECB"},
wolfSSL 7:481bce714567 2495 #endif
wolfSSL 7:481bce714567 2496
wolfSSL 7:481bce714567 2497 #endif
wolfSSL 7:481bce714567 2498
wolfSSL 7:481bce714567 2499 #ifndef NO_DES3
wolfSSL 7:481bce714567 2500 {DES_CBC_TYPE, "DES-CBC"},
wolfSSL 7:481bce714567 2501 {DES_ECB_TYPE, "DES-ECB"},
wolfSSL 7:481bce714567 2502
wolfSSL 7:481bce714567 2503 {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC"},
wolfSSL 7:481bce714567 2504 {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB"},
wolfSSL 7:481bce714567 2505 #endif
wolfSSL 7:481bce714567 2506
wolfSSL 7:481bce714567 2507 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 2508 {IDEA_CBC_TYPE, "IDEA-CBC"},
wolfSSL 7:481bce714567 2509 #endif
wolfSSL 7:481bce714567 2510 { 0, NULL}
wolfSSL 7:481bce714567 2511 } ;
wolfSSL 7:481bce714567 2512
wolfSSL 7:481bce714567 2513 const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
wolfSSL 7:481bce714567 2514 {
wolfSSL 7:481bce714567 2515
wolfSSL 7:481bce714567 2516 static const struct alias {
wolfSSL 7:481bce714567 2517 const char *name;
wolfSSL 7:481bce714567 2518 const char *alias;
wolfSSL 7:481bce714567 2519 } alias_tbl[] =
wolfSSL 7:481bce714567 2520 {
wolfSSL 7:481bce714567 2521 {"DES-CBC", "DES"},
wolfSSL 7:481bce714567 2522 {"DES-CBC", "des"},
wolfSSL 7:481bce714567 2523 {"DES-EDE3-CBC", "DES3"},
wolfSSL 7:481bce714567 2524 {"DES-EDE3-CBC", "des3"},
wolfSSL 7:481bce714567 2525 {"DES-EDE3-ECB", "des-ede3-ecb"},
wolfSSL 7:481bce714567 2526 {"IDEA-CBC", "IDEA"},
wolfSSL 7:481bce714567 2527 {"IDEA-CBC", "idea"},
wolfSSL 7:481bce714567 2528 {"AES-128-CBC", "AES128"},
wolfSSL 7:481bce714567 2529 {"AES-128-CBC", "aes128"},
wolfSSL 7:481bce714567 2530 {"AES-192-CBC", "AES192"},
wolfSSL 7:481bce714567 2531 {"AES-192-CBC", "aes192"},
wolfSSL 7:481bce714567 2532 {"AES-256-CBC", "AES256"},
wolfSSL 7:481bce714567 2533 {"AES-256-CBC", "aes256"},
wolfSSL 7:481bce714567 2534 { NULL, NULL}
wolfSSL 7:481bce714567 2535 };
wolfSSL 7:481bce714567 2536
wolfSSL 7:481bce714567 2537 const struct cipher *ent ;
wolfSSL 7:481bce714567 2538 const struct alias *al ;
wolfSSL 7:481bce714567 2539
wolfSSL 7:481bce714567 2540 WOLFSSL_ENTER("EVP_get_cipherbyname");
wolfSSL 7:481bce714567 2541
wolfSSL 7:481bce714567 2542 for( al = alias_tbl; al->name != NULL; al++)
wolfSSL 7:481bce714567 2543 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
wolfSSL 7:481bce714567 2544 name = al->name;
wolfSSL 7:481bce714567 2545 break;
wolfSSL 7:481bce714567 2546 }
wolfSSL 7:481bce714567 2547
wolfSSL 7:481bce714567 2548 for( ent = cipher_tbl; ent->name != NULL; ent++)
wolfSSL 7:481bce714567 2549 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 7:481bce714567 2550 return (WOLFSSL_EVP_CIPHER *)ent->name;
wolfSSL 7:481bce714567 2551 }
wolfSSL 7:481bce714567 2552
wolfSSL 7:481bce714567 2553 return NULL;
wolfSSL 7:481bce714567 2554 }
wolfSSL 7:481bce714567 2555
wolfSSL 7:481bce714567 2556
wolfSSL 7:481bce714567 2557 #ifndef NO_AES
wolfSSL 7:481bce714567 2558 static char *EVP_AES_128_CBC;
wolfSSL 7:481bce714567 2559 static char *EVP_AES_192_CBC;
wolfSSL 7:481bce714567 2560 static char *EVP_AES_256_CBC;
wolfSSL 7:481bce714567 2561 #if defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 2562 static char *EVP_AES_128_CTR;
wolfSSL 7:481bce714567 2563 static char *EVP_AES_192_CTR;
wolfSSL 7:481bce714567 2564 static char *EVP_AES_256_CTR;
wolfSSL 7:481bce714567 2565
wolfSSL 7:481bce714567 2566 static char *EVP_AES_128_ECB;
wolfSSL 7:481bce714567 2567 static char *EVP_AES_192_ECB;
wolfSSL 7:481bce714567 2568 static char *EVP_AES_256_ECB;
wolfSSL 7:481bce714567 2569 #endif
wolfSSL 7:481bce714567 2570 static const int EVP_AES_SIZE = 11;
wolfSSL 7:481bce714567 2571 #endif
wolfSSL 7:481bce714567 2572
wolfSSL 7:481bce714567 2573 #ifndef NO_DES3
wolfSSL 7:481bce714567 2574 static char *EVP_DES_CBC;
wolfSSL 7:481bce714567 2575 static char *EVP_DES_ECB;
wolfSSL 7:481bce714567 2576 static const int EVP_DES_SIZE = 7;
wolfSSL 7:481bce714567 2577
wolfSSL 7:481bce714567 2578 static char *EVP_DES_EDE3_CBC;
wolfSSL 7:481bce714567 2579 static char *EVP_DES_EDE3_ECB;
wolfSSL 7:481bce714567 2580 static const int EVP_DES_EDE3_SIZE = 12;
wolfSSL 7:481bce714567 2581 #endif
wolfSSL 7:481bce714567 2582
wolfSSL 7:481bce714567 2583 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 2584 static char *EVP_IDEA_CBC;
wolfSSL 7:481bce714567 2585 static const int EVP_IDEA_SIZE = 8;
wolfSSL 7:481bce714567 2586 #endif
wolfSSL 7:481bce714567 2587
wolfSSL 7:481bce714567 2588 void wolfSSL_EVP_init(void)
wolfSSL 7:481bce714567 2589 {
wolfSSL 7:481bce714567 2590 #ifndef NO_AES
wolfSSL 7:481bce714567 2591 EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC");
wolfSSL 7:481bce714567 2592 EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC");
wolfSSL 7:481bce714567 2593 EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC");
wolfSSL 7:481bce714567 2594
wolfSSL 7:481bce714567 2595 #if defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 2596 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR");
wolfSSL 7:481bce714567 2597 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR");
wolfSSL 7:481bce714567 2598 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR");
wolfSSL 7:481bce714567 2599
wolfSSL 7:481bce714567 2600 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB");
wolfSSL 7:481bce714567 2601 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB");
wolfSSL 7:481bce714567 2602 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB");
wolfSSL 7:481bce714567 2603 #endif
wolfSSL 7:481bce714567 2604 #endif
wolfSSL 7:481bce714567 2605
wolfSSL 7:481bce714567 2606 #ifndef NO_DES3
wolfSSL 7:481bce714567 2607 EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC");
wolfSSL 7:481bce714567 2608 EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB");
wolfSSL 7:481bce714567 2609
wolfSSL 7:481bce714567 2610 EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC");
wolfSSL 7:481bce714567 2611 EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB");
wolfSSL 7:481bce714567 2612 #endif
wolfSSL 7:481bce714567 2613
wolfSSL 7:481bce714567 2614 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 2615 EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC");
wolfSSL 7:481bce714567 2616 #endif
wolfSSL 7:481bce714567 2617 }
wolfSSL 7:481bce714567 2618
wolfSSL 7:481bce714567 2619 /* our KeyPemToDer password callback, password in userData */
wolfSSL 7:481bce714567 2620 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL 7:481bce714567 2621 {
wolfSSL 7:481bce714567 2622 (void)rw;
wolfSSL 7:481bce714567 2623
wolfSSL 7:481bce714567 2624 if (userdata == NULL)
wolfSSL 7:481bce714567 2625 return 0;
wolfSSL 7:481bce714567 2626
wolfSSL 7:481bce714567 2627 XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL 7:481bce714567 2628 return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL 7:481bce714567 2629 }
wolfSSL 7:481bce714567 2630
wolfSSL 7:481bce714567 2631 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 7:481bce714567 2632
wolfSSL 7:481bce714567 2633 #ifndef NO_CERTS
wolfSSL 7:481bce714567 2634
wolfSSL 7:481bce714567 2635 /* Return bytes written to buff or < 0 for error */
wolfSSL 7:481bce714567 2636 int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 7:481bce714567 2637 unsigned char* buff, int buffSz, const char* pass)
wolfSSL 7:481bce714567 2638 {
wolfSSL 7:481bce714567 2639 int eccKey = 0;
wolfSSL 7:481bce714567 2640 int ret;
wolfSSL 7:481bce714567 2641 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 2642 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2643 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 2644 #else
wolfSSL 7:481bce714567 2645 EncryptedInfo info[1];
wolfSSL 7:481bce714567 2646 #endif
wolfSSL 7:481bce714567 2647
wolfSSL 7:481bce714567 2648 WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
wolfSSL 7:481bce714567 2649
wolfSSL 7:481bce714567 2650 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 7:481bce714567 2651 WOLFSSL_MSG("Bad pem der args");
wolfSSL 7:481bce714567 2652 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2653 }
wolfSSL 7:481bce714567 2654
wolfSSL 7:481bce714567 2655 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2656 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 2657 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 2658 if (info == NULL)
wolfSSL 7:481bce714567 2659 return MEMORY_E;
wolfSSL 7:481bce714567 2660 #endif
wolfSSL 7:481bce714567 2661
wolfSSL 7:481bce714567 2662 info->set = 0;
wolfSSL 7:481bce714567 2663 info->ctx = NULL;
wolfSSL 7:481bce714567 2664 info->consumed = 0;
wolfSSL 7:481bce714567 2665
wolfSSL 7:481bce714567 2666 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 7:481bce714567 2667 if (pass) {
wolfSSL 7:481bce714567 2668 info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
wolfSSL 7:481bce714567 2669 if (info->ctx == NULL) {
wolfSSL 7:481bce714567 2670 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2671 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 2672 #endif
wolfSSL 7:481bce714567 2673 return MEMORY_E;
wolfSSL 7:481bce714567 2674 }
wolfSSL 7:481bce714567 2675
wolfSSL 7:481bce714567 2676 wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
wolfSSL 7:481bce714567 2677 wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
wolfSSL 7:481bce714567 2678 }
wolfSSL 7:481bce714567 2679 #else
wolfSSL 7:481bce714567 2680 (void)pass;
wolfSSL 7:481bce714567 2681 #endif
wolfSSL 7:481bce714567 2682
wolfSSL 7:481bce714567 2683 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
wolfSSL 7:481bce714567 2684
wolfSSL 7:481bce714567 2685 if (info->ctx)
wolfSSL 7:481bce714567 2686 wolfSSL_CTX_free(info->ctx);
wolfSSL 7:481bce714567 2687
wolfSSL 7:481bce714567 2688 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 2689 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 2690 #endif
wolfSSL 7:481bce714567 2691
wolfSSL 7:481bce714567 2692 if (ret < 0) {
wolfSSL 7:481bce714567 2693 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 7:481bce714567 2694 }
wolfSSL 7:481bce714567 2695 else {
wolfSSL 7:481bce714567 2696 if (der->length <= (word32)buffSz) {
wolfSSL 7:481bce714567 2697 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 7:481bce714567 2698 ret = der->length;
wolfSSL 7:481bce714567 2699 }
wolfSSL 7:481bce714567 2700 else {
wolfSSL 7:481bce714567 2701 WOLFSSL_MSG("Bad der length");
wolfSSL 7:481bce714567 2702 ret = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2703 }
wolfSSL 7:481bce714567 2704 }
wolfSSL 7:481bce714567 2705
wolfSSL 7:481bce714567 2706 FreeDer(&der);
wolfSSL 7:481bce714567 2707 return ret;
wolfSSL 7:481bce714567 2708 }
wolfSSL 7:481bce714567 2709
wolfSSL 7:481bce714567 2710 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 2711
wolfSSL 7:481bce714567 2712
wolfSSL 7:481bce714567 2713
wolfSSL 7:481bce714567 2714 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 7:481bce714567 2715
wolfSSL 7:481bce714567 2716 void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL 7:481bce714567 2717 {
wolfSSL 7:481bce714567 2718 char data[WOLFSSL_MAX_ERROR_SZ + 1];
wolfSSL 7:481bce714567 2719
wolfSSL 7:481bce714567 2720 WOLFSSL_ENTER("wolfSSL_ERR_print_errors_fp");
wolfSSL 7:481bce714567 2721 SetErrorString(err, data);
wolfSSL 7:481bce714567 2722 fprintf(fp, "%s", data);
wolfSSL 7:481bce714567 2723 }
wolfSSL 7:481bce714567 2724
wolfSSL 7:481bce714567 2725 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wolfSSL 7:481bce714567 2726 void wolfSSL_ERR_dump_errors_fp(FILE* fp)
wolfSSL 7:481bce714567 2727 {
wolfSSL 7:481bce714567 2728 wc_ERR_print_errors_fp(fp);
wolfSSL 7:481bce714567 2729 }
wolfSSL 7:481bce714567 2730 #endif
wolfSSL 7:481bce714567 2731 #endif
wolfSSL 7:481bce714567 2732
wolfSSL 7:481bce714567 2733
wolfSSL 7:481bce714567 2734 int wolfSSL_pending(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2735 {
wolfSSL 7:481bce714567 2736 WOLFSSL_ENTER("SSL_pending");
wolfSSL 7:481bce714567 2737 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 7:481bce714567 2738 }
wolfSSL 7:481bce714567 2739
wolfSSL 7:481bce714567 2740
wolfSSL 7:481bce714567 2741 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 2742 /* turn on handshake group messages for context */
wolfSSL 7:481bce714567 2743 int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 2744 {
wolfSSL 7:481bce714567 2745 if (ctx == NULL)
wolfSSL 7:481bce714567 2746 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2747
wolfSSL 7:481bce714567 2748 ctx->groupMessages = 1;
wolfSSL 7:481bce714567 2749
wolfSSL 7:481bce714567 2750 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2751 }
wolfSSL 7:481bce714567 2752 #endif
wolfSSL 7:481bce714567 2753
wolfSSL 7:481bce714567 2754
wolfSSL 7:481bce714567 2755 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 2756 /* connect enough to get peer cert chain */
wolfSSL 7:481bce714567 2757 int wolfSSL_connect_cert(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2758 {
wolfSSL 7:481bce714567 2759 int ret;
wolfSSL 7:481bce714567 2760
wolfSSL 7:481bce714567 2761 if (ssl == NULL)
wolfSSL 7:481bce714567 2762 return SSL_FAILURE;
wolfSSL 7:481bce714567 2763
wolfSSL 7:481bce714567 2764 ssl->options.certOnly = 1;
wolfSSL 7:481bce714567 2765 ret = wolfSSL_connect(ssl);
wolfSSL 7:481bce714567 2766 ssl->options.certOnly = 0;
wolfSSL 7:481bce714567 2767
wolfSSL 7:481bce714567 2768 return ret;
wolfSSL 7:481bce714567 2769 }
wolfSSL 7:481bce714567 2770 #endif
wolfSSL 7:481bce714567 2771
wolfSSL 7:481bce714567 2772
wolfSSL 7:481bce714567 2773 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 2774 /* turn on handshake group messages for ssl object */
wolfSSL 7:481bce714567 2775 int wolfSSL_set_group_messages(WOLFSSL* ssl)
wolfSSL 7:481bce714567 2776 {
wolfSSL 7:481bce714567 2777 if (ssl == NULL)
wolfSSL 7:481bce714567 2778 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2779
wolfSSL 7:481bce714567 2780 ssl->options.groupMessages = 1;
wolfSSL 7:481bce714567 2781
wolfSSL 7:481bce714567 2782 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2783 }
wolfSSL 7:481bce714567 2784
wolfSSL 7:481bce714567 2785
wolfSSL 7:481bce714567 2786 /* make minVersion the internal equivalent SSL version */
wolfSSL 7:481bce714567 2787 static int SetMinVersionHelper(byte* minVersion, int version)
wolfSSL 7:481bce714567 2788 {
wolfSSL 7:481bce714567 2789 #ifdef NO_TLS
wolfSSL 7:481bce714567 2790 (void)minVersion;
wolfSSL 7:481bce714567 2791 #endif
wolfSSL 7:481bce714567 2792
wolfSSL 7:481bce714567 2793 switch (version) {
wolfSSL 7:481bce714567 2794 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 2795 case WOLFSSL_SSLV3:
wolfSSL 7:481bce714567 2796 *minVersion = SSLv3_MINOR;
wolfSSL 7:481bce714567 2797 break;
wolfSSL 7:481bce714567 2798 #endif
wolfSSL 7:481bce714567 2799
wolfSSL 7:481bce714567 2800 #ifndef NO_TLS
wolfSSL 7:481bce714567 2801 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 2802 case WOLFSSL_TLSV1:
wolfSSL 7:481bce714567 2803 *minVersion = TLSv1_MINOR;
wolfSSL 7:481bce714567 2804 break;
wolfSSL 7:481bce714567 2805
wolfSSL 7:481bce714567 2806 case WOLFSSL_TLSV1_1:
wolfSSL 7:481bce714567 2807 *minVersion = TLSv1_1_MINOR;
wolfSSL 7:481bce714567 2808 break;
wolfSSL 7:481bce714567 2809 #endif
wolfSSL 7:481bce714567 2810 case WOLFSSL_TLSV1_2:
wolfSSL 7:481bce714567 2811 *minVersion = TLSv1_2_MINOR;
wolfSSL 7:481bce714567 2812 break;
wolfSSL 7:481bce714567 2813 #endif
wolfSSL 7:481bce714567 2814
wolfSSL 7:481bce714567 2815 default:
wolfSSL 7:481bce714567 2816 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 2817 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2818 }
wolfSSL 7:481bce714567 2819
wolfSSL 7:481bce714567 2820 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2821 }
wolfSSL 7:481bce714567 2822
wolfSSL 7:481bce714567 2823
wolfSSL 7:481bce714567 2824 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 2825 int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
wolfSSL 7:481bce714567 2826 {
wolfSSL 7:481bce714567 2827 WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
wolfSSL 7:481bce714567 2828
wolfSSL 7:481bce714567 2829 if (ctx == NULL) {
wolfSSL 7:481bce714567 2830 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 2831 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2832 }
wolfSSL 7:481bce714567 2833
wolfSSL 7:481bce714567 2834 return SetMinVersionHelper(&ctx->minDowngrade, version);
wolfSSL 7:481bce714567 2835 }
wolfSSL 7:481bce714567 2836
wolfSSL 7:481bce714567 2837
wolfSSL 7:481bce714567 2838 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 2839 int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
wolfSSL 7:481bce714567 2840 {
wolfSSL 7:481bce714567 2841 WOLFSSL_ENTER("wolfSSL_SetMinVersion");
wolfSSL 7:481bce714567 2842
wolfSSL 7:481bce714567 2843 if (ssl == NULL) {
wolfSSL 7:481bce714567 2844 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 2845 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2846 }
wolfSSL 7:481bce714567 2847
wolfSSL 7:481bce714567 2848 return SetMinVersionHelper(&ssl->options.minDowngrade, version);
wolfSSL 7:481bce714567 2849 }
wolfSSL 7:481bce714567 2850
wolfSSL 7:481bce714567 2851
wolfSSL 7:481bce714567 2852 int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
wolfSSL 7:481bce714567 2853 {
wolfSSL 7:481bce714567 2854 word16 haveRSA = 1;
wolfSSL 7:481bce714567 2855 word16 havePSK = 0;
wolfSSL 7:481bce714567 2856
wolfSSL 7:481bce714567 2857 WOLFSSL_ENTER("wolfSSL_SetVersion");
wolfSSL 7:481bce714567 2858
wolfSSL 7:481bce714567 2859 if (ssl == NULL) {
wolfSSL 7:481bce714567 2860 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 2861 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2862 }
wolfSSL 7:481bce714567 2863
wolfSSL 7:481bce714567 2864 switch (version) {
wolfSSL 7:481bce714567 2865 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 2866 case WOLFSSL_SSLV3:
wolfSSL 7:481bce714567 2867 ssl->version = MakeSSLv3();
wolfSSL 7:481bce714567 2868 break;
wolfSSL 7:481bce714567 2869 #endif
wolfSSL 7:481bce714567 2870
wolfSSL 7:481bce714567 2871 #ifndef NO_TLS
wolfSSL 7:481bce714567 2872 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 2873 case WOLFSSL_TLSV1:
wolfSSL 7:481bce714567 2874 ssl->version = MakeTLSv1();
wolfSSL 7:481bce714567 2875 break;
wolfSSL 7:481bce714567 2876
wolfSSL 7:481bce714567 2877 case WOLFSSL_TLSV1_1:
wolfSSL 7:481bce714567 2878 ssl->version = MakeTLSv1_1();
wolfSSL 7:481bce714567 2879 break;
wolfSSL 7:481bce714567 2880 #endif
wolfSSL 7:481bce714567 2881 case WOLFSSL_TLSV1_2:
wolfSSL 7:481bce714567 2882 ssl->version = MakeTLSv1_2();
wolfSSL 7:481bce714567 2883 break;
wolfSSL 7:481bce714567 2884 #endif
wolfSSL 7:481bce714567 2885
wolfSSL 7:481bce714567 2886 default:
wolfSSL 7:481bce714567 2887 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 2888 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2889 }
wolfSSL 7:481bce714567 2890
wolfSSL 7:481bce714567 2891 #ifdef NO_RSA
wolfSSL 7:481bce714567 2892 haveRSA = 0;
wolfSSL 7:481bce714567 2893 #endif
wolfSSL 7:481bce714567 2894 #ifndef NO_PSK
wolfSSL 7:481bce714567 2895 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 2896 #endif
wolfSSL 7:481bce714567 2897
wolfSSL 7:481bce714567 2898 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 7:481bce714567 2899 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 7:481bce714567 2900 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 7:481bce714567 2901 ssl->options.side);
wolfSSL 7:481bce714567 2902
wolfSSL 7:481bce714567 2903 return SSL_SUCCESS;
wolfSSL 7:481bce714567 2904 }
wolfSSL 7:481bce714567 2905 #endif /* !leanpsk */
wolfSSL 7:481bce714567 2906
wolfSSL 7:481bce714567 2907
wolfSSL 7:481bce714567 2908 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 7:481bce714567 2909
wolfSSL 7:481bce714567 2910 /* Make a work from the front of random hash */
wolfSSL 7:481bce714567 2911 static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 7:481bce714567 2912 {
wolfSSL 7:481bce714567 2913 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
wolfSSL 7:481bce714567 2914 hashID[3];
wolfSSL 7:481bce714567 2915 }
wolfSSL 7:481bce714567 2916
wolfSSL 7:481bce714567 2917 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 7:481bce714567 2918
wolfSSL 7:481bce714567 2919
wolfSSL 7:481bce714567 2920 #ifndef NO_CERTS
wolfSSL 7:481bce714567 2921
wolfSSL 7:481bce714567 2922 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 7:481bce714567 2923 static INLINE word32 HashSigner(const byte* hash)
wolfSSL 7:481bce714567 2924 {
wolfSSL 7:481bce714567 2925 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 7:481bce714567 2926 }
wolfSSL 7:481bce714567 2927
wolfSSL 7:481bce714567 2928
wolfSSL 7:481bce714567 2929 /* does CA already exist on signer list */
wolfSSL 7:481bce714567 2930 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 7:481bce714567 2931 {
wolfSSL 7:481bce714567 2932 Signer* signers;
wolfSSL 7:481bce714567 2933 int ret = 0;
wolfSSL 7:481bce714567 2934 word32 row = HashSigner(hash);
wolfSSL 7:481bce714567 2935
wolfSSL 7:481bce714567 2936 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 7:481bce714567 2937 return ret;
wolfSSL 7:481bce714567 2938 signers = cm->caTable[row];
wolfSSL 7:481bce714567 2939 while (signers) {
wolfSSL 7:481bce714567 2940 byte* subjectHash;
wolfSSL 7:481bce714567 2941 #ifndef NO_SKID
wolfSSL 7:481bce714567 2942 subjectHash = signers->subjectKeyIdHash;
wolfSSL 7:481bce714567 2943 #else
wolfSSL 7:481bce714567 2944 subjectHash = signers->subjectNameHash;
wolfSSL 7:481bce714567 2945 #endif
wolfSSL 7:481bce714567 2946 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 7:481bce714567 2947 ret = 1;
wolfSSL 7:481bce714567 2948 break;
wolfSSL 7:481bce714567 2949 }
wolfSSL 7:481bce714567 2950 signers = signers->next;
wolfSSL 7:481bce714567 2951 }
wolfSSL 7:481bce714567 2952 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 2953
wolfSSL 7:481bce714567 2954 return ret;
wolfSSL 7:481bce714567 2955 }
wolfSSL 7:481bce714567 2956
wolfSSL 7:481bce714567 2957
wolfSSL 7:481bce714567 2958 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 2959 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 7:481bce714567 2960 static INLINE word32 TrustedPeerHashSigner(const byte* hash)
wolfSSL 7:481bce714567 2961 {
wolfSSL 7:481bce714567 2962 return MakeWordFromHash(hash) % TP_TABLE_SIZE;
wolfSSL 7:481bce714567 2963 }
wolfSSL 7:481bce714567 2964
wolfSSL 7:481bce714567 2965 /* does trusted peer already exist on signer list */
wolfSSL 7:481bce714567 2966 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 7:481bce714567 2967 {
wolfSSL 7:481bce714567 2968 TrustedPeerCert* tp;
wolfSSL 7:481bce714567 2969 int ret = 0;
wolfSSL 7:481bce714567 2970 word32 row = TrustedPeerHashSigner(hash);
wolfSSL 7:481bce714567 2971
wolfSSL 7:481bce714567 2972 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 7:481bce714567 2973 return ret;
wolfSSL 7:481bce714567 2974 tp = cm->tpTable[row];
wolfSSL 7:481bce714567 2975 while (tp) {
wolfSSL 7:481bce714567 2976 byte* subjectHash;
wolfSSL 7:481bce714567 2977 #ifndef NO_SKID
wolfSSL 7:481bce714567 2978 subjectHash = tp->subjectKeyIdHash;
wolfSSL 7:481bce714567 2979 #else
wolfSSL 7:481bce714567 2980 subjectHash = tp->subjectNameHash;
wolfSSL 7:481bce714567 2981 #endif
wolfSSL 7:481bce714567 2982 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 7:481bce714567 2983 ret = 1;
wolfSSL 7:481bce714567 2984 break;
wolfSSL 7:481bce714567 2985 }
wolfSSL 7:481bce714567 2986 tp = tp->next;
wolfSSL 7:481bce714567 2987 }
wolfSSL 7:481bce714567 2988 wc_UnLockMutex(&cm->tpLock);
wolfSSL 7:481bce714567 2989
wolfSSL 7:481bce714567 2990 return ret;
wolfSSL 7:481bce714567 2991 }
wolfSSL 7:481bce714567 2992
wolfSSL 7:481bce714567 2993
wolfSSL 7:481bce714567 2994 /* return Trusted Peer if found, otherwise NULL
wolfSSL 7:481bce714567 2995 type is what to match on
wolfSSL 7:481bce714567 2996 */
wolfSSL 7:481bce714567 2997 TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, int type)
wolfSSL 7:481bce714567 2998 {
wolfSSL 7:481bce714567 2999 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 7:481bce714567 3000 TrustedPeerCert* ret = NULL;
wolfSSL 7:481bce714567 3001 TrustedPeerCert* tp = NULL;
wolfSSL 7:481bce714567 3002 word32 row;
wolfSSL 7:481bce714567 3003
wolfSSL 7:481bce714567 3004 if (cm == NULL || hash == NULL)
wolfSSL 7:481bce714567 3005 return NULL;
wolfSSL 7:481bce714567 3006
wolfSSL 7:481bce714567 3007 row = TrustedPeerHashSigner(hash);
wolfSSL 7:481bce714567 3008
wolfSSL 7:481bce714567 3009 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 7:481bce714567 3010 return ret;
wolfSSL 7:481bce714567 3011
wolfSSL 7:481bce714567 3012 tp = cm->tpTable[row];
wolfSSL 7:481bce714567 3013 while (tp) {
wolfSSL 7:481bce714567 3014 byte* subjectHash;
wolfSSL 7:481bce714567 3015 switch (type) {
wolfSSL 7:481bce714567 3016 #ifndef NO_SKID
wolfSSL 7:481bce714567 3017 case WC_MATCH_SKID:
wolfSSL 7:481bce714567 3018 subjectHash = tp->subjectKeyIdHash;
wolfSSL 7:481bce714567 3019 break;
wolfSSL 7:481bce714567 3020 #endif
wolfSSL 7:481bce714567 3021 case WC_MATCH_NAME:
wolfSSL 7:481bce714567 3022 subjectHash = tp->subjectNameHash;
wolfSSL 7:481bce714567 3023 break;
wolfSSL 7:481bce714567 3024 default:
wolfSSL 7:481bce714567 3025 WOLFSSL_MSG("Unknown search type");
wolfSSL 7:481bce714567 3026 wc_UnLockMutex(&cm->tpLock);
wolfSSL 7:481bce714567 3027 return NULL;
wolfSSL 7:481bce714567 3028 }
wolfSSL 7:481bce714567 3029 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 7:481bce714567 3030 ret = tp;
wolfSSL 7:481bce714567 3031 break;
wolfSSL 7:481bce714567 3032 }
wolfSSL 7:481bce714567 3033 tp = tp->next;
wolfSSL 7:481bce714567 3034 }
wolfSSL 7:481bce714567 3035 wc_UnLockMutex(&cm->tpLock);
wolfSSL 7:481bce714567 3036
wolfSSL 7:481bce714567 3037 return ret;
wolfSSL 7:481bce714567 3038 }
wolfSSL 7:481bce714567 3039
wolfSSL 7:481bce714567 3040
wolfSSL 7:481bce714567 3041 int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
wolfSSL 7:481bce714567 3042 {
wolfSSL 7:481bce714567 3043 if (tp == NULL || cert == NULL)
wolfSSL 7:481bce714567 3044 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 3045
wolfSSL 7:481bce714567 3046 /* subject key id or subject hash has been compared when searching
wolfSSL 7:481bce714567 3047 tpTable for the cert from function GetTrustedPeer */
wolfSSL 7:481bce714567 3048
wolfSSL 7:481bce714567 3049 /* compare signatures */
wolfSSL 7:481bce714567 3050 if (tp->sigLen == cert->sigLength) {
wolfSSL 7:481bce714567 3051 if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
wolfSSL 7:481bce714567 3052 return SSL_FAILURE;
wolfSSL 7:481bce714567 3053 }
wolfSSL 7:481bce714567 3054 }
wolfSSL 7:481bce714567 3055 else {
wolfSSL 7:481bce714567 3056 return SSL_FAILURE;
wolfSSL 7:481bce714567 3057 }
wolfSSL 7:481bce714567 3058
wolfSSL 7:481bce714567 3059 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3060 }
wolfSSL 7:481bce714567 3061 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 3062
wolfSSL 7:481bce714567 3063
wolfSSL 7:481bce714567 3064 /* return CA if found, otherwise NULL */
wolfSSL 7:481bce714567 3065 Signer* GetCA(void* vp, byte* hash)
wolfSSL 7:481bce714567 3066 {
wolfSSL 7:481bce714567 3067 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 7:481bce714567 3068 Signer* ret = NULL;
wolfSSL 7:481bce714567 3069 Signer* signers;
wolfSSL 7:481bce714567 3070 word32 row = HashSigner(hash);
wolfSSL 7:481bce714567 3071
wolfSSL 7:481bce714567 3072 if (cm == NULL)
wolfSSL 7:481bce714567 3073 return NULL;
wolfSSL 7:481bce714567 3074
wolfSSL 7:481bce714567 3075 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 7:481bce714567 3076 return ret;
wolfSSL 7:481bce714567 3077
wolfSSL 7:481bce714567 3078 signers = cm->caTable[row];
wolfSSL 7:481bce714567 3079 while (signers) {
wolfSSL 7:481bce714567 3080 byte* subjectHash;
wolfSSL 7:481bce714567 3081 #ifndef NO_SKID
wolfSSL 7:481bce714567 3082 subjectHash = signers->subjectKeyIdHash;
wolfSSL 7:481bce714567 3083 #else
wolfSSL 7:481bce714567 3084 subjectHash = signers->subjectNameHash;
wolfSSL 7:481bce714567 3085 #endif
wolfSSL 7:481bce714567 3086 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 7:481bce714567 3087 ret = signers;
wolfSSL 7:481bce714567 3088 break;
wolfSSL 7:481bce714567 3089 }
wolfSSL 7:481bce714567 3090 signers = signers->next;
wolfSSL 7:481bce714567 3091 }
wolfSSL 7:481bce714567 3092 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 3093
wolfSSL 7:481bce714567 3094 return ret;
wolfSSL 7:481bce714567 3095 }
wolfSSL 7:481bce714567 3096
wolfSSL 7:481bce714567 3097
wolfSSL 7:481bce714567 3098 #ifndef NO_SKID
wolfSSL 7:481bce714567 3099 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 7:481bce714567 3100 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 7:481bce714567 3101 {
wolfSSL 7:481bce714567 3102 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 7:481bce714567 3103 Signer* ret = NULL;
wolfSSL 7:481bce714567 3104 Signer* signers;
wolfSSL 7:481bce714567 3105 word32 row;
wolfSSL 7:481bce714567 3106
wolfSSL 7:481bce714567 3107 if (cm == NULL)
wolfSSL 7:481bce714567 3108 return NULL;
wolfSSL 7:481bce714567 3109
wolfSSL 7:481bce714567 3110 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 7:481bce714567 3111 return ret;
wolfSSL 7:481bce714567 3112
wolfSSL 7:481bce714567 3113 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 7:481bce714567 3114 signers = cm->caTable[row];
wolfSSL 7:481bce714567 3115 while (signers && ret == NULL) {
wolfSSL 7:481bce714567 3116 if (XMEMCMP(hash, signers->subjectNameHash,
wolfSSL 7:481bce714567 3117 SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 7:481bce714567 3118 ret = signers;
wolfSSL 7:481bce714567 3119 }
wolfSSL 7:481bce714567 3120 signers = signers->next;
wolfSSL 7:481bce714567 3121 }
wolfSSL 7:481bce714567 3122 }
wolfSSL 7:481bce714567 3123 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 3124
wolfSSL 7:481bce714567 3125 return ret;
wolfSSL 7:481bce714567 3126 }
wolfSSL 7:481bce714567 3127 #endif
wolfSSL 7:481bce714567 3128
wolfSSL 7:481bce714567 3129
wolfSSL 7:481bce714567 3130 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 3131 /* add a trusted peer cert to linked list */
wolfSSL 7:481bce714567 3132 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
wolfSSL 7:481bce714567 3133 {
wolfSSL 7:481bce714567 3134 int ret, row;
wolfSSL 7:481bce714567 3135 TrustedPeerCert* peerCert;
wolfSSL 7:481bce714567 3136 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 3137 DerBuffer* der = *pDer;
wolfSSL 7:481bce714567 3138 byte* subjectHash = NULL;
wolfSSL 7:481bce714567 3139
wolfSSL 7:481bce714567 3140 WOLFSSL_MSG("Adding a Trusted Peer Cert");
wolfSSL 7:481bce714567 3141
wolfSSL 7:481bce714567 3142 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 7:481bce714567 3143 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3144 if (cert == NULL)
wolfSSL 7:481bce714567 3145 return MEMORY_E;
wolfSSL 7:481bce714567 3146
wolfSSL 7:481bce714567 3147 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 7:481bce714567 3148 if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
wolfSSL 7:481bce714567 3149 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3150 return ret;
wolfSSL 7:481bce714567 3151 }
wolfSSL 7:481bce714567 3152 WOLFSSL_MSG(" Parsed new trusted peer cert");
wolfSSL 7:481bce714567 3153
wolfSSL 7:481bce714567 3154 peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
wolfSSL 7:481bce714567 3155 DYNAMIC_TYPE_CERT);
wolfSSL 7:481bce714567 3156 if (peerCert == NULL) {
wolfSSL 7:481bce714567 3157 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 3158 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3159 return MEMORY_E;
wolfSSL 7:481bce714567 3160 }
wolfSSL 7:481bce714567 3161 XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
wolfSSL 7:481bce714567 3162
wolfSSL 7:481bce714567 3163 #ifndef NO_SKID
wolfSSL 7:481bce714567 3164 if (cert->extAuthKeyIdSet) {
wolfSSL 7:481bce714567 3165 subjectHash = cert->extSubjKeyId;
wolfSSL 7:481bce714567 3166 }
wolfSSL 7:481bce714567 3167 else {
wolfSSL 7:481bce714567 3168 subjectHash = cert->subjectHash;
wolfSSL 7:481bce714567 3169 }
wolfSSL 7:481bce714567 3170 #else
wolfSSL 7:481bce714567 3171 subjectHash = cert->subjectHash;
wolfSSL 7:481bce714567 3172 #endif
wolfSSL 7:481bce714567 3173
wolfSSL 7:481bce714567 3174 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 7:481bce714567 3175 if (peerCert->permittedNames)
wolfSSL 7:481bce714567 3176 FreeNameSubtrees(peerCert->permittedNames, cm->heap);
wolfSSL 7:481bce714567 3177 if (peerCert->excludedNames)
wolfSSL 7:481bce714567 3178 FreeNameSubtrees(peerCert->excludedNames, cm->heap);
wolfSSL 7:481bce714567 3179 #endif
wolfSSL 7:481bce714567 3180
wolfSSL 7:481bce714567 3181 if (AlreadyTrustedPeer(cm, subjectHash)) {
wolfSSL 7:481bce714567 3182 WOLFSSL_MSG(" Already have this CA, not adding again");
wolfSSL 7:481bce714567 3183 (void)ret;
wolfSSL 7:481bce714567 3184 }
wolfSSL 7:481bce714567 3185 else {
wolfSSL 7:481bce714567 3186 /* add trusted peer signature */
wolfSSL 7:481bce714567 3187 peerCert->sigLen = cert->sigLength;
wolfSSL 7:481bce714567 3188 peerCert->sig = XMALLOC(cert->sigLength, cm->heap,
wolfSSL 7:481bce714567 3189 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 7:481bce714567 3190 if (peerCert->sig == NULL) {
wolfSSL 7:481bce714567 3191 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 3192 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3193 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 7:481bce714567 3194 return MEMORY_E;
wolfSSL 7:481bce714567 3195 }
wolfSSL 7:481bce714567 3196 XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
wolfSSL 7:481bce714567 3197
wolfSSL 7:481bce714567 3198 /* add trusted peer name */
wolfSSL 7:481bce714567 3199 peerCert->nameLen = cert->subjectCNLen;
wolfSSL 7:481bce714567 3200 peerCert->name = cert->subjectCN;
wolfSSL 7:481bce714567 3201 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 7:481bce714567 3202 peerCert->permittedNames = cert->permittedNames;
wolfSSL 7:481bce714567 3203 peerCert->excludedNames = cert->excludedNames;
wolfSSL 7:481bce714567 3204 #endif
wolfSSL 7:481bce714567 3205
wolfSSL 7:481bce714567 3206 /* add SKID when available and hash of name */
wolfSSL 7:481bce714567 3207 #ifndef NO_SKID
wolfSSL 7:481bce714567 3208 XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 7:481bce714567 3209 SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 3210 #endif
wolfSSL 7:481bce714567 3211 XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
wolfSSL 7:481bce714567 3212 SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 3213 peerCert->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 7:481bce714567 3214 cert->subjectCN = 0;
wolfSSL 7:481bce714567 3215 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 7:481bce714567 3216 cert->permittedNames = NULL;
wolfSSL 7:481bce714567 3217 cert->excludedNames = NULL;
wolfSSL 7:481bce714567 3218 #endif
wolfSSL 7:481bce714567 3219
wolfSSL 7:481bce714567 3220 #ifndef NO_SKID
wolfSSL 7:481bce714567 3221 if (cert->extAuthKeyIdSet) {
wolfSSL 7:481bce714567 3222 row = TrustedPeerHashSigner(peerCert->subjectKeyIdHash);
wolfSSL 7:481bce714567 3223 }
wolfSSL 7:481bce714567 3224 else {
wolfSSL 7:481bce714567 3225 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 7:481bce714567 3226 }
wolfSSL 7:481bce714567 3227 #else
wolfSSL 7:481bce714567 3228 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 7:481bce714567 3229 #endif
wolfSSL 7:481bce714567 3230
wolfSSL 7:481bce714567 3231 if (wc_LockMutex(&cm->tpLock) == 0) {
wolfSSL 7:481bce714567 3232 peerCert->next = cm->tpTable[row];
wolfSSL 7:481bce714567 3233 cm->tpTable[row] = peerCert; /* takes ownership */
wolfSSL 7:481bce714567 3234 wc_UnLockMutex(&cm->tpLock);
wolfSSL 7:481bce714567 3235 }
wolfSSL 7:481bce714567 3236 else {
wolfSSL 7:481bce714567 3237 WOLFSSL_MSG(" Trusted Peer Cert Mutex Lock failed");
wolfSSL 7:481bce714567 3238 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 3239 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3240 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 7:481bce714567 3241 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3242 }
wolfSSL 7:481bce714567 3243 }
wolfSSL 7:481bce714567 3244
wolfSSL 7:481bce714567 3245 WOLFSSL_MSG(" Freeing parsed trusted peer cert");
wolfSSL 7:481bce714567 3246 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 3247 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3248 WOLFSSL_MSG(" Freeing der trusted peer cert");
wolfSSL 7:481bce714567 3249 FreeDer(&der);
wolfSSL 7:481bce714567 3250 WOLFSSL_MSG(" OK Freeing der trusted peer cert");
wolfSSL 7:481bce714567 3251 WOLFSSL_LEAVE("AddTrustedPeer", ret);
wolfSSL 7:481bce714567 3252
wolfSSL 7:481bce714567 3253 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3254 }
wolfSSL 7:481bce714567 3255 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 3256
wolfSSL 7:481bce714567 3257
wolfSSL 7:481bce714567 3258 /* owns der, internal now uses too */
wolfSSL 7:481bce714567 3259 /* type flag ids from user or from chain received during verify
wolfSSL 7:481bce714567 3260 don't allow chain ones to be added w/o isCA extension */
wolfSSL 7:481bce714567 3261 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
wolfSSL 7:481bce714567 3262 {
wolfSSL 7:481bce714567 3263 int ret;
wolfSSL 7:481bce714567 3264 Signer* signer = 0;
wolfSSL 7:481bce714567 3265 word32 row;
wolfSSL 7:481bce714567 3266 byte* subjectHash;
wolfSSL 7:481bce714567 3267 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3268 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 3269 #else
wolfSSL 7:481bce714567 3270 DecodedCert cert[1];
wolfSSL 7:481bce714567 3271 #endif
wolfSSL 7:481bce714567 3272 DerBuffer* der = *pDer;
wolfSSL 7:481bce714567 3273
wolfSSL 7:481bce714567 3274 WOLFSSL_MSG("Adding a CA");
wolfSSL 7:481bce714567 3275
wolfSSL 7:481bce714567 3276 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3277 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 3278 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3279 if (cert == NULL)
wolfSSL 7:481bce714567 3280 return MEMORY_E;
wolfSSL 7:481bce714567 3281 #endif
wolfSSL 7:481bce714567 3282
wolfSSL 7:481bce714567 3283 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 7:481bce714567 3284 ret = ParseCert(cert, CA_TYPE, verify, cm);
wolfSSL 7:481bce714567 3285 WOLFSSL_MSG(" Parsed new CA");
wolfSSL 7:481bce714567 3286
wolfSSL 7:481bce714567 3287 #ifndef NO_SKID
wolfSSL 7:481bce714567 3288 subjectHash = cert->extSubjKeyId;
wolfSSL 7:481bce714567 3289 #else
wolfSSL 7:481bce714567 3290 subjectHash = cert->subjectHash;
wolfSSL 7:481bce714567 3291 #endif
wolfSSL 7:481bce714567 3292
wolfSSL 7:481bce714567 3293 /* check CA key size */
wolfSSL 7:481bce714567 3294 if (verify) {
wolfSSL 7:481bce714567 3295 switch (cert->keyOID) {
wolfSSL 7:481bce714567 3296 #ifndef NO_RSA
wolfSSL 7:481bce714567 3297 case RSAk:
wolfSSL 7:481bce714567 3298 if (cm->minRsaKeySz < 0 ||
wolfSSL 7:481bce714567 3299 cert->pubKeySize < (word16)cm->minRsaKeySz) {
wolfSSL 7:481bce714567 3300 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 3301 WOLFSSL_MSG(" CA RSA key size error");
wolfSSL 7:481bce714567 3302 }
wolfSSL 7:481bce714567 3303 break;
wolfSSL 7:481bce714567 3304 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 3305 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3306 case ECDSAk:
wolfSSL 7:481bce714567 3307 if (cm->minEccKeySz < 0 ||
wolfSSL 7:481bce714567 3308 cert->pubKeySize < (word16)cm->minEccKeySz) {
wolfSSL 7:481bce714567 3309 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 3310 WOLFSSL_MSG(" CA ECC key size error");
wolfSSL 7:481bce714567 3311 }
wolfSSL 7:481bce714567 3312 break;
wolfSSL 7:481bce714567 3313 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3314
wolfSSL 7:481bce714567 3315 default:
wolfSSL 7:481bce714567 3316 WOLFSSL_MSG(" No key size check done on CA");
wolfSSL 7:481bce714567 3317 break; /* no size check if key type is not in switch */
wolfSSL 7:481bce714567 3318 }
wolfSSL 7:481bce714567 3319 }
wolfSSL 7:481bce714567 3320
wolfSSL 7:481bce714567 3321 if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
wolfSSL 7:481bce714567 3322 WOLFSSL_MSG(" Can't add as CA if not actually one");
wolfSSL 7:481bce714567 3323 ret = NOT_CA_ERROR;
wolfSSL 7:481bce714567 3324 }
wolfSSL 7:481bce714567 3325 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 7:481bce714567 3326 else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
wolfSSL 7:481bce714567 3327 (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 7:481bce714567 3328 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 7:481bce714567 3329 * extension set. User loaded root certs are not. */
wolfSSL 7:481bce714567 3330 WOLFSSL_MSG(" Doesn't have key usage certificate signing");
wolfSSL 7:481bce714567 3331 ret = NOT_CA_ERROR;
wolfSSL 7:481bce714567 3332 }
wolfSSL 7:481bce714567 3333 #endif
wolfSSL 7:481bce714567 3334 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 7:481bce714567 3335 WOLFSSL_MSG(" Already have this CA, not adding again");
wolfSSL 7:481bce714567 3336 (void)ret;
wolfSSL 7:481bce714567 3337 }
wolfSSL 7:481bce714567 3338 else if (ret == 0) {
wolfSSL 7:481bce714567 3339 /* take over signer parts */
wolfSSL 7:481bce714567 3340 signer = MakeSigner(cm->heap);
wolfSSL 7:481bce714567 3341 if (!signer)
wolfSSL 7:481bce714567 3342 ret = MEMORY_ERROR;
wolfSSL 7:481bce714567 3343 else {
wolfSSL 7:481bce714567 3344 signer->keyOID = cert->keyOID;
wolfSSL 7:481bce714567 3345 if (cert->pubKeyStored) {
wolfSSL 7:481bce714567 3346 signer->publicKey = cert->publicKey;
wolfSSL 7:481bce714567 3347 signer->pubKeySize = cert->pubKeySize;
wolfSSL 7:481bce714567 3348 }
wolfSSL 7:481bce714567 3349 if (cert->subjectCNStored) {
wolfSSL 7:481bce714567 3350 signer->nameLen = cert->subjectCNLen;
wolfSSL 7:481bce714567 3351 signer->name = cert->subjectCN;
wolfSSL 7:481bce714567 3352 }
wolfSSL 7:481bce714567 3353 signer->pathLength = cert->pathLength;
wolfSSL 7:481bce714567 3354 signer->pathLengthSet = cert->pathLengthSet;
wolfSSL 7:481bce714567 3355 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 7:481bce714567 3356 signer->permittedNames = cert->permittedNames;
wolfSSL 7:481bce714567 3357 signer->excludedNames = cert->excludedNames;
wolfSSL 7:481bce714567 3358 #endif
wolfSSL 7:481bce714567 3359 #ifndef NO_SKID
wolfSSL 7:481bce714567 3360 XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 7:481bce714567 3361 SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 3362 #endif
wolfSSL 7:481bce714567 3363 XMEMCPY(signer->subjectNameHash, cert->subjectHash,
wolfSSL 7:481bce714567 3364 SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 3365 signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
wolfSSL 7:481bce714567 3366 : 0xFFFF;
wolfSSL 7:481bce714567 3367 signer->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 7:481bce714567 3368 cert->publicKey = 0; /* in case lock fails don't free here. */
wolfSSL 7:481bce714567 3369 cert->subjectCN = 0;
wolfSSL 7:481bce714567 3370 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 7:481bce714567 3371 cert->permittedNames = NULL;
wolfSSL 7:481bce714567 3372 cert->excludedNames = NULL;
wolfSSL 7:481bce714567 3373 #endif
wolfSSL 7:481bce714567 3374
wolfSSL 7:481bce714567 3375 #ifndef NO_SKID
wolfSSL 7:481bce714567 3376 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 7:481bce714567 3377 #else
wolfSSL 7:481bce714567 3378 row = HashSigner(signer->subjectNameHash);
wolfSSL 7:481bce714567 3379 #endif
wolfSSL 7:481bce714567 3380
wolfSSL 7:481bce714567 3381 if (wc_LockMutex(&cm->caLock) == 0) {
wolfSSL 7:481bce714567 3382 signer->next = cm->caTable[row];
wolfSSL 7:481bce714567 3383 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 7:481bce714567 3384 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 3385 if (cm->caCacheCallback)
wolfSSL 7:481bce714567 3386 cm->caCacheCallback(der->buffer, (int)der->length, type);
wolfSSL 7:481bce714567 3387 }
wolfSSL 7:481bce714567 3388 else {
wolfSSL 7:481bce714567 3389 WOLFSSL_MSG(" CA Mutex Lock failed");
wolfSSL 7:481bce714567 3390 ret = BAD_MUTEX_E;
wolfSSL 7:481bce714567 3391 FreeSigner(signer, cm->heap);
wolfSSL 7:481bce714567 3392 }
wolfSSL 7:481bce714567 3393 }
wolfSSL 7:481bce714567 3394 }
wolfSSL 7:481bce714567 3395
wolfSSL 7:481bce714567 3396 WOLFSSL_MSG(" Freeing Parsed CA");
wolfSSL 7:481bce714567 3397 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 3398 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3399 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3400 #endif
wolfSSL 7:481bce714567 3401 WOLFSSL_MSG(" Freeing der CA");
wolfSSL 7:481bce714567 3402 FreeDer(pDer);
wolfSSL 7:481bce714567 3403 WOLFSSL_MSG(" OK Freeing der CA");
wolfSSL 7:481bce714567 3404
wolfSSL 7:481bce714567 3405 WOLFSSL_LEAVE("AddCA", ret);
wolfSSL 7:481bce714567 3406
wolfSSL 7:481bce714567 3407 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 7:481bce714567 3408 }
wolfSSL 7:481bce714567 3409
wolfSSL 7:481bce714567 3410 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 3411
wolfSSL 7:481bce714567 3412
wolfSSL 7:481bce714567 3413 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 3414
wolfSSL 7:481bce714567 3415 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 7:481bce714567 3416 embedded servers
wolfSSL 7:481bce714567 3417
wolfSSL 7:481bce714567 3418 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 7:481bce714567 3419 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 7:481bce714567 3420
wolfSSL 7:481bce714567 3421 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 7:481bce714567 3422
wolfSSL 7:481bce714567 3423 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 7:481bce714567 3424 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 7:481bce714567 3425 second
wolfSSL 7:481bce714567 3426
wolfSSL 7:481bce714567 3427 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 7:481bce714567 3428 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 7:481bce714567 3429 uses less than 500 bytes RAM
wolfSSL 7:481bce714567 3430
wolfSSL 7:481bce714567 3431 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 7:481bce714567 3432 */
wolfSSL 7:481bce714567 3433 #ifdef HUGE_SESSION_CACHE
wolfSSL 7:481bce714567 3434 #define SESSIONS_PER_ROW 11
wolfSSL 7:481bce714567 3435 #define SESSION_ROWS 5981
wolfSSL 7:481bce714567 3436 #elif defined(BIG_SESSION_CACHE)
wolfSSL 7:481bce714567 3437 #define SESSIONS_PER_ROW 7
wolfSSL 7:481bce714567 3438 #define SESSION_ROWS 2861
wolfSSL 7:481bce714567 3439 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 7:481bce714567 3440 #define SESSIONS_PER_ROW 5
wolfSSL 7:481bce714567 3441 #define SESSION_ROWS 211
wolfSSL 7:481bce714567 3442 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 7:481bce714567 3443 #define SESSIONS_PER_ROW 2
wolfSSL 7:481bce714567 3444 #define SESSION_ROWS 3
wolfSSL 7:481bce714567 3445 #else
wolfSSL 7:481bce714567 3446 #define SESSIONS_PER_ROW 3
wolfSSL 7:481bce714567 3447 #define SESSION_ROWS 11
wolfSSL 7:481bce714567 3448 #endif
wolfSSL 7:481bce714567 3449
wolfSSL 7:481bce714567 3450 typedef struct SessionRow {
wolfSSL 7:481bce714567 3451 int nextIdx; /* where to place next one */
wolfSSL 7:481bce714567 3452 int totalCount; /* sessions ever on this row */
wolfSSL 7:481bce714567 3453 WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 7:481bce714567 3454 } SessionRow;
wolfSSL 7:481bce714567 3455
wolfSSL 7:481bce714567 3456 static SessionRow SessionCache[SESSION_ROWS];
wolfSSL 7:481bce714567 3457
wolfSSL 7:481bce714567 3458 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 7:481bce714567 3459 static word32 PeakSessions;
wolfSSL 7:481bce714567 3460 #endif
wolfSSL 7:481bce714567 3461
wolfSSL 7:481bce714567 3462 static wolfSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 7:481bce714567 3463
wolfSSL 7:481bce714567 3464 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 3465
wolfSSL 7:481bce714567 3466 typedef struct ClientSession {
wolfSSL 7:481bce714567 3467 word16 serverRow; /* SessionCache Row id */
wolfSSL 7:481bce714567 3468 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 7:481bce714567 3469 } ClientSession;
wolfSSL 7:481bce714567 3470
wolfSSL 7:481bce714567 3471 typedef struct ClientRow {
wolfSSL 7:481bce714567 3472 int nextIdx; /* where to place next one */
wolfSSL 7:481bce714567 3473 int totalCount; /* sessions ever on this row */
wolfSSL 7:481bce714567 3474 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 7:481bce714567 3475 } ClientRow;
wolfSSL 7:481bce714567 3476
wolfSSL 7:481bce714567 3477 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL 7:481bce714567 3478 /* uses session mutex */
wolfSSL 7:481bce714567 3479 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 3480
wolfSSL 7:481bce714567 3481 #endif /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 3482
wolfSSL 7:481bce714567 3483 int wolfSSL_Init(void)
wolfSSL 7:481bce714567 3484 {
wolfSSL 7:481bce714567 3485 WOLFSSL_ENTER("wolfSSL_Init");
wolfSSL 7:481bce714567 3486
wolfSSL 7:481bce714567 3487 if (initRefCount == 0) {
wolfSSL 7:481bce714567 3488 /* Initialize crypto for use with TLS connection */
wolfSSL 7:481bce714567 3489 if (wolfCrypt_Init() != 0) {
wolfSSL 7:481bce714567 3490 WOLFSSL_MSG("Bad wolfCrypt Init");
wolfSSL 7:481bce714567 3491 return WC_INIT_E;
wolfSSL 7:481bce714567 3492 }
wolfSSL 7:481bce714567 3493 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 3494 if (wc_InitMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 3495 WOLFSSL_MSG("Bad Init Mutex session");
wolfSSL 7:481bce714567 3496 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3497 }
wolfSSL 7:481bce714567 3498 #endif
wolfSSL 7:481bce714567 3499 if (wc_InitMutex(&count_mutex) != 0) {
wolfSSL 7:481bce714567 3500 WOLFSSL_MSG("Bad Init Mutex count");
wolfSSL 7:481bce714567 3501 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3502 }
wolfSSL 7:481bce714567 3503 }
wolfSSL 7:481bce714567 3504
wolfSSL 7:481bce714567 3505 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 7:481bce714567 3506 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 7:481bce714567 3507 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3508 }
wolfSSL 7:481bce714567 3509
wolfSSL 7:481bce714567 3510 initRefCount++;
wolfSSL 7:481bce714567 3511 wc_UnLockMutex(&count_mutex);
wolfSSL 7:481bce714567 3512
wolfSSL 7:481bce714567 3513 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3514 }
wolfSSL 7:481bce714567 3515
wolfSSL 7:481bce714567 3516
wolfSSL 7:481bce714567 3517 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_CERTS)
wolfSSL 7:481bce714567 3518
wolfSSL 7:481bce714567 3519 /* SSL_SUCCESS if ok, <= 0 else */
wolfSSL 7:481bce714567 3520 static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
wolfSSL 7:481bce714567 3521 int passwordSz, EncryptedInfo* info)
wolfSSL 7:481bce714567 3522 {
wolfSSL 7:481bce714567 3523 int ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 3524
wolfSSL 7:481bce714567 3525 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3526 byte* key = NULL;
wolfSSL 7:481bce714567 3527 #else
wolfSSL 7:481bce714567 3528 byte key[AES_256_KEY_SIZE];
wolfSSL 7:481bce714567 3529 #endif
wolfSSL 7:481bce714567 3530
wolfSSL 7:481bce714567 3531 (void)passwordSz;
wolfSSL 7:481bce714567 3532 (void)key;
wolfSSL 7:481bce714567 3533
wolfSSL 7:481bce714567 3534 WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");
wolfSSL 7:481bce714567 3535
wolfSSL 7:481bce714567 3536 if (der == NULL || password == NULL || info == NULL) {
wolfSSL 7:481bce714567 3537 WOLFSSL_MSG("bad arguments");
wolfSSL 7:481bce714567 3538 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3539 }
wolfSSL 7:481bce714567 3540
wolfSSL 7:481bce714567 3541 /* use file's salt for key derivation, hex decode first */
wolfSSL 7:481bce714567 3542 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
wolfSSL 7:481bce714567 3543 WOLFSSL_MSG("base16 decode failed");
wolfSSL 7:481bce714567 3544 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3545 }
wolfSSL 7:481bce714567 3546
wolfSSL 7:481bce714567 3547 #ifndef NO_MD5
wolfSSL 7:481bce714567 3548
wolfSSL 7:481bce714567 3549 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3550 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3551 if (key == NULL) {
wolfSSL 7:481bce714567 3552 WOLFSSL_MSG("memory failure");
wolfSSL 7:481bce714567 3553 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3554 }
wolfSSL 7:481bce714567 3555 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 7:481bce714567 3556
wolfSSL 7:481bce714567 3557 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
wolfSSL 7:481bce714567 3558 password, passwordSz, 1, key, NULL)) <= 0) {
wolfSSL 7:481bce714567 3559 WOLFSSL_MSG("bytes to key failure");
wolfSSL 7:481bce714567 3560 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3561 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3562 #endif
wolfSSL 7:481bce714567 3563 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3564 }
wolfSSL 7:481bce714567 3565
wolfSSL 7:481bce714567 3566 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 3567
wolfSSL 7:481bce714567 3568 #ifndef NO_DES3
wolfSSL 7:481bce714567 3569 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
wolfSSL 7:481bce714567 3570 ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 7:481bce714567 3571 key, info->iv);
wolfSSL 7:481bce714567 3572 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
wolfSSL 7:481bce714567 3573 ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 7:481bce714567 3574 key, info->iv);
wolfSSL 7:481bce714567 3575 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 3576 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)
wolfSSL 7:481bce714567 3577 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3578 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 7:481bce714567 3579 key, AES_128_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3580 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3581 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 7:481bce714567 3582 key, AES_192_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3583 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3584 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 7:481bce714567 3585 key, AES_256_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3586 #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */
wolfSSL 7:481bce714567 3587
wolfSSL 7:481bce714567 3588 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3589 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3590 #endif
wolfSSL 7:481bce714567 3591
wolfSSL 7:481bce714567 3592 if (ret == MP_OKAY)
wolfSSL 7:481bce714567 3593 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3594 else if (ret == SSL_BAD_FILE)
wolfSSL 7:481bce714567 3595 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3596
wolfSSL 7:481bce714567 3597 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3598 }
wolfSSL 7:481bce714567 3599 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
wolfSSL 7:481bce714567 3600
wolfSSL 7:481bce714567 3601
wolfSSL 7:481bce714567 3602 #if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 3603 static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
wolfSSL 7:481bce714567 3604 int passwordSz, EncryptedInfo* info)
wolfSSL 7:481bce714567 3605 {
wolfSSL 7:481bce714567 3606 int ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 3607
wolfSSL 7:481bce714567 3608 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3609 byte* key = NULL;
wolfSSL 7:481bce714567 3610 #else
wolfSSL 7:481bce714567 3611 byte key[AES_256_KEY_SIZE];
wolfSSL 7:481bce714567 3612 #endif
wolfSSL 7:481bce714567 3613
wolfSSL 7:481bce714567 3614 (void)derSz;
wolfSSL 7:481bce714567 3615 (void)passwordSz;
wolfSSL 7:481bce714567 3616 (void)key;
wolfSSL 7:481bce714567 3617
wolfSSL 7:481bce714567 3618 WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");
wolfSSL 7:481bce714567 3619
wolfSSL 7:481bce714567 3620 if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {
wolfSSL 7:481bce714567 3621 WOLFSSL_MSG("bad arguments");
wolfSSL 7:481bce714567 3622 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3623 }
wolfSSL 7:481bce714567 3624
wolfSSL 7:481bce714567 3625 #ifndef NO_MD5
wolfSSL 7:481bce714567 3626
wolfSSL 7:481bce714567 3627 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3628 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3629 if (key == NULL) {
wolfSSL 7:481bce714567 3630 WOLFSSL_MSG("memory failure");
wolfSSL 7:481bce714567 3631 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3632 }
wolfSSL 7:481bce714567 3633 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 7:481bce714567 3634
wolfSSL 7:481bce714567 3635 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
wolfSSL 7:481bce714567 3636 password, passwordSz, 1, key, NULL)) <= 0) {
wolfSSL 7:481bce714567 3637 WOLFSSL_MSG("bytes to key failure");
wolfSSL 7:481bce714567 3638 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3639 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3640 #endif
wolfSSL 7:481bce714567 3641 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3642 }
wolfSSL 7:481bce714567 3643
wolfSSL 7:481bce714567 3644 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 3645
wolfSSL 7:481bce714567 3646 if (ret > 0) {
wolfSSL 7:481bce714567 3647 ret = SSL_BAD_FILE; /* Reset error return */
wolfSSL 7:481bce714567 3648 #ifndef NO_DES3
wolfSSL 7:481bce714567 3649 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
wolfSSL 7:481bce714567 3650 ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 7:481bce714567 3651 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
wolfSSL 7:481bce714567 3652 ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 7:481bce714567 3653 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 3654 #ifndef NO_AES
wolfSSL 7:481bce714567 3655 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3656 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 7:481bce714567 3657 key, AES_128_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3658 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3659 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 7:481bce714567 3660 key, AES_192_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3661 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
wolfSSL 7:481bce714567 3662 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 7:481bce714567 3663 key, AES_256_KEY_SIZE, info->iv);
wolfSSL 7:481bce714567 3664 #endif /* NO_AES */
wolfSSL 7:481bce714567 3665 }
wolfSSL 7:481bce714567 3666
wolfSSL 7:481bce714567 3667 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3668 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3669 #endif
wolfSSL 7:481bce714567 3670
wolfSSL 7:481bce714567 3671 if (ret == MP_OKAY)
wolfSSL 7:481bce714567 3672 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3673 else if (ret == SSL_BAD_FILE)
wolfSSL 7:481bce714567 3674 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3675
wolfSSL 7:481bce714567 3676 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3677 }
wolfSSL 7:481bce714567 3678 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 7:481bce714567 3679
wolfSSL 7:481bce714567 3680
wolfSSL 7:481bce714567 3681 #ifndef NO_CERTS
wolfSSL 7:481bce714567 3682
wolfSSL 7:481bce714567 3683 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL 7:481bce714567 3684 info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL 7:481bce714567 3685 int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL 7:481bce714567 3686 DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL 7:481bce714567 3687 {
wolfSSL 7:481bce714567 3688 const char* header = NULL;
wolfSSL 7:481bce714567 3689 const char* footer = NULL;
wolfSSL 7:481bce714567 3690 char* headerEnd;
wolfSSL 7:481bce714567 3691 char* footerEnd;
wolfSSL 7:481bce714567 3692 char* consumedEnd;
wolfSSL 7:481bce714567 3693 char* bufferEnd = (char*)(buff + longSz);
wolfSSL 7:481bce714567 3694 long neededSz;
wolfSSL 7:481bce714567 3695 int ret = 0;
wolfSSL 7:481bce714567 3696 int sz = (int)longSz;
wolfSSL 7:481bce714567 3697 int encrypted_key = 0;
wolfSSL 7:481bce714567 3698 DerBuffer* der;
wolfSSL 7:481bce714567 3699
wolfSSL 7:481bce714567 3700 WOLFSSL_ENTER("PemToDer");
wolfSSL 7:481bce714567 3701
wolfSSL 7:481bce714567 3702 switch (type) {
wolfSSL 7:481bce714567 3703 case CA_TYPE: /* same as below */
wolfSSL 7:481bce714567 3704 case TRUSTED_PEER_TYPE:
wolfSSL 7:481bce714567 3705 case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break;
wolfSSL 7:481bce714567 3706 case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break;
wolfSSL 7:481bce714567 3707 case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break;
wolfSSL 7:481bce714567 3708 case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break;
wolfSSL 7:481bce714567 3709 case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break;
wolfSSL 7:481bce714567 3710 case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break;
wolfSSL 7:481bce714567 3711 case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break;
wolfSSL 7:481bce714567 3712 case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
wolfSSL 7:481bce714567 3713 case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break;
wolfSSL 7:481bce714567 3714 default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
wolfSSL 7:481bce714567 3715 }
wolfSSL 7:481bce714567 3716
wolfSSL 7:481bce714567 3717 /* find header */
wolfSSL 7:481bce714567 3718 for (;;) {
wolfSSL 7:481bce714567 3719 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 7:481bce714567 3720
wolfSSL 7:481bce714567 3721 if (headerEnd || type != PRIVATEKEY_TYPE) {
wolfSSL 7:481bce714567 3722 break;
wolfSSL 7:481bce714567 3723 } else if (header == BEGIN_RSA_PRIV) {
wolfSSL 7:481bce714567 3724 header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
wolfSSL 7:481bce714567 3725 } else if (header == BEGIN_PRIV_KEY) {
wolfSSL 7:481bce714567 3726 header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
wolfSSL 7:481bce714567 3727 } else if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 7:481bce714567 3728 header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
wolfSSL 7:481bce714567 3729 } else if (header == BEGIN_EC_PRIV) {
wolfSSL 7:481bce714567 3730 header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
wolfSSL 7:481bce714567 3731 } else
wolfSSL 7:481bce714567 3732 break;
wolfSSL 7:481bce714567 3733 }
wolfSSL 7:481bce714567 3734
wolfSSL 7:481bce714567 3735 if (!headerEnd) {
wolfSSL 7:481bce714567 3736 WOLFSSL_MSG("Couldn't find PEM header");
wolfSSL 7:481bce714567 3737 return SSL_NO_PEM_HEADER;
wolfSSL 7:481bce714567 3738 }
wolfSSL 7:481bce714567 3739
wolfSSL 7:481bce714567 3740 headerEnd += XSTRLEN(header);
wolfSSL 7:481bce714567 3741
wolfSSL 7:481bce714567 3742 if ((headerEnd + 1) >= bufferEnd)
wolfSSL 7:481bce714567 3743 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3744
wolfSSL 7:481bce714567 3745 /* eat end of line */
wolfSSL 7:481bce714567 3746 if (headerEnd[0] == '\n')
wolfSSL 7:481bce714567 3747 headerEnd++;
wolfSSL 7:481bce714567 3748 else if (headerEnd[1] == '\n')
wolfSSL 7:481bce714567 3749 headerEnd += 2;
wolfSSL 7:481bce714567 3750 else {
wolfSSL 7:481bce714567 3751 if (info)
wolfSSL 7:481bce714567 3752 info->consumed = (long)(headerEnd+2 - (char*)buff);
wolfSSL 7:481bce714567 3753 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3754 }
wolfSSL 7:481bce714567 3755
wolfSSL 7:481bce714567 3756 if (type == PRIVATEKEY_TYPE) {
wolfSSL 7:481bce714567 3757 if (eccKey)
wolfSSL 7:481bce714567 3758 *eccKey = header == BEGIN_EC_PRIV;
wolfSSL 7:481bce714567 3759 }
wolfSSL 7:481bce714567 3760
wolfSSL 7:481bce714567 3761 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 7:481bce714567 3762 {
wolfSSL 7:481bce714567 3763 /* remove encrypted header if there */
wolfSSL 7:481bce714567 3764 char encHeader[] = "Proc-Type";
wolfSSL 7:481bce714567 3765 char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
wolfSSL 7:481bce714567 3766 if (line) {
wolfSSL 7:481bce714567 3767 char* newline;
wolfSSL 7:481bce714567 3768 char* finish;
wolfSSL 7:481bce714567 3769 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL 7:481bce714567 3770
wolfSSL 7:481bce714567 3771 if (!start)
wolfSSL 7:481bce714567 3772 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL 7:481bce714567 3773
wolfSSL 7:481bce714567 3774 if (!start) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3775 if (!info) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3776
wolfSSL 7:481bce714567 3777 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL 7:481bce714567 3778
wolfSSL 7:481bce714567 3779 if (start && finish && (start < finish)) {
wolfSSL 7:481bce714567 3780 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL 7:481bce714567 3781
wolfSSL 7:481bce714567 3782 if (XMEMCPY(info->name, start, finish - start) == NULL)
wolfSSL 7:481bce714567 3783 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3784 info->name[finish - start] = 0;
wolfSSL 7:481bce714567 3785 if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
wolfSSL 7:481bce714567 3786 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 3787
wolfSSL 7:481bce714567 3788 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL 7:481bce714567 3789 if (newline && (newline > finish)) {
wolfSSL 7:481bce714567 3790 info->ivSz = (word32)(newline - (finish + 1));
wolfSSL 7:481bce714567 3791 info->set = 1;
wolfSSL 7:481bce714567 3792 }
wolfSSL 7:481bce714567 3793 else
wolfSSL 7:481bce714567 3794 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3795 }
wolfSSL 7:481bce714567 3796 else
wolfSSL 7:481bce714567 3797 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3798
wolfSSL 7:481bce714567 3799 /* eat blank line */
wolfSSL 7:481bce714567 3800 while (*newline == '\r' || *newline == '\n')
wolfSSL 7:481bce714567 3801 newline++;
wolfSSL 7:481bce714567 3802 headerEnd = newline;
wolfSSL 7:481bce714567 3803
wolfSSL 7:481bce714567 3804 encrypted_key = 1;
wolfSSL 7:481bce714567 3805 }
wolfSSL 7:481bce714567 3806 }
wolfSSL 7:481bce714567 3807 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 7:481bce714567 3808
wolfSSL 7:481bce714567 3809 /* find footer */
wolfSSL 7:481bce714567 3810 footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL 7:481bce714567 3811 if (!footerEnd) {
wolfSSL 7:481bce714567 3812 if (info)
wolfSSL 7:481bce714567 3813 info->consumed = longSz; /* No more certs if no footer */
wolfSSL 7:481bce714567 3814 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3815 }
wolfSSL 7:481bce714567 3816
wolfSSL 7:481bce714567 3817 consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL 7:481bce714567 3818
wolfSSL 7:481bce714567 3819 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL 7:481bce714567 3820 /* eat end of line */
wolfSSL 7:481bce714567 3821 if (consumedEnd[0] == '\n')
wolfSSL 7:481bce714567 3822 consumedEnd++;
wolfSSL 7:481bce714567 3823 else if ((consumedEnd + 1 < bufferEnd) && consumedEnd[1] == '\n')
wolfSSL 7:481bce714567 3824 consumedEnd += 2;
wolfSSL 7:481bce714567 3825 else {
wolfSSL 7:481bce714567 3826 if (info)
wolfSSL 7:481bce714567 3827 info->consumed = (long)(consumedEnd+2 - (char*)buff);
wolfSSL 7:481bce714567 3828 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3829 }
wolfSSL 7:481bce714567 3830 }
wolfSSL 7:481bce714567 3831
wolfSSL 7:481bce714567 3832 if (info)
wolfSSL 7:481bce714567 3833 info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL 7:481bce714567 3834
wolfSSL 7:481bce714567 3835 /* set up der buffer */
wolfSSL 7:481bce714567 3836 neededSz = (long)(footerEnd - headerEnd);
wolfSSL 7:481bce714567 3837 if (neededSz > sz || neededSz <= 0)
wolfSSL 7:481bce714567 3838 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3839
wolfSSL 7:481bce714567 3840 ret = AllocDer(pDer, (word32)neededSz, type, heap);
wolfSSL 7:481bce714567 3841 if (ret < 0) {
wolfSSL 7:481bce714567 3842 return ret;
wolfSSL 7:481bce714567 3843 }
wolfSSL 7:481bce714567 3844 der = *pDer;
wolfSSL 7:481bce714567 3845
wolfSSL 7:481bce714567 3846 if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
wolfSSL 7:481bce714567 3847 der->buffer, &der->length) < 0)
wolfSSL 7:481bce714567 3848 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 3849
wolfSSL 7:481bce714567 3850 if (header == BEGIN_PRIV_KEY && !encrypted_key) {
wolfSSL 7:481bce714567 3851 /* pkcs8 key, convert and adjust length */
wolfSSL 7:481bce714567 3852 if ((ret = ToTraditional(der->buffer, der->length)) < 0)
wolfSSL 7:481bce714567 3853 return ret;
wolfSSL 7:481bce714567 3854
wolfSSL 7:481bce714567 3855 der->length = ret;
wolfSSL 7:481bce714567 3856 return 0;
wolfSSL 7:481bce714567 3857 }
wolfSSL 7:481bce714567 3858
wolfSSL 7:481bce714567 3859 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL 7:481bce714567 3860 if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 7:481bce714567 3861 int passwordSz;
wolfSSL 7:481bce714567 3862 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3863 char* password = NULL;
wolfSSL 7:481bce714567 3864 #else
wolfSSL 7:481bce714567 3865 char password[80];
wolfSSL 7:481bce714567 3866 #endif
wolfSSL 7:481bce714567 3867
wolfSSL 7:481bce714567 3868 if (!info || !info->ctx || !info->ctx->passwd_cb)
wolfSSL 7:481bce714567 3869 return SSL_BAD_FILE; /* no callback error */
wolfSSL 7:481bce714567 3870
wolfSSL 7:481bce714567 3871 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3872 password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3873 if (password == NULL)
wolfSSL 7:481bce714567 3874 return MEMORY_E;
wolfSSL 7:481bce714567 3875 #endif
wolfSSL 7:481bce714567 3876 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 7:481bce714567 3877 info->ctx->userdata);
wolfSSL 7:481bce714567 3878 /* convert and adjust length */
wolfSSL 7:481bce714567 3879 if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 7:481bce714567 3880 ret = ToTraditionalEnc(der->buffer, der->length,
wolfSSL 7:481bce714567 3881 password, passwordSz);
wolfSSL 7:481bce714567 3882 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3883 XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3884 #endif
wolfSSL 7:481bce714567 3885 if (ret < 0) {
wolfSSL 7:481bce714567 3886 return ret;
wolfSSL 7:481bce714567 3887 }
wolfSSL 7:481bce714567 3888
wolfSSL 7:481bce714567 3889 der->length = ret;
wolfSSL 7:481bce714567 3890 }
wolfSSL 7:481bce714567 3891 /* decrypt the key */
wolfSSL 7:481bce714567 3892 else {
wolfSSL 7:481bce714567 3893 ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
wolfSSL 7:481bce714567 3894 passwordSz, info);
wolfSSL 7:481bce714567 3895 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3896 XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3897 #endif
wolfSSL 7:481bce714567 3898 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 3899 return ret;
wolfSSL 7:481bce714567 3900 }
wolfSSL 7:481bce714567 3901 }
wolfSSL 7:481bce714567 3902 }
wolfSSL 7:481bce714567 3903 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */
wolfSSL 7:481bce714567 3904
wolfSSL 7:481bce714567 3905 return 0;
wolfSSL 7:481bce714567 3906 }
wolfSSL 7:481bce714567 3907
wolfSSL 7:481bce714567 3908
wolfSSL 7:481bce714567 3909
wolfSSL 7:481bce714567 3910 /* process user cert chain to pass during the handshake */
wolfSSL 7:481bce714567 3911 static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 7:481bce714567 3912 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 7:481bce714567 3913 long* used, EncryptedInfo* info)
wolfSSL 7:481bce714567 3914 {
wolfSSL 7:481bce714567 3915 int ret = 0;
wolfSSL 7:481bce714567 3916 void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 7:481bce714567 3917
wolfSSL 7:481bce714567 3918 /* we may have a user cert chain, try to consume */
wolfSSL 7:481bce714567 3919 if (type == CERT_TYPE && info->consumed < sz) {
wolfSSL 7:481bce714567 3920 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 3921 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 3922 #else
wolfSSL 7:481bce714567 3923 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 7:481bce714567 3924 #endif
wolfSSL 7:481bce714567 3925 byte* chainBuffer = staticBuffer;
wolfSSL 7:481bce714567 3926 int dynamicBuffer = 0;
wolfSSL 7:481bce714567 3927 word32 bufferSz = sizeof(staticBuffer);
wolfSSL 7:481bce714567 3928 long consumed = info->consumed;
wolfSSL 7:481bce714567 3929 word32 idx = 0;
wolfSSL 7:481bce714567 3930 int gotOne = 0;
wolfSSL 7:481bce714567 3931
wolfSSL 7:481bce714567 3932 if ( (sz - consumed) > (int)bufferSz) {
wolfSSL 7:481bce714567 3933 WOLFSSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 7:481bce714567 3934 bufferSz = (word32)(sz - consumed);
wolfSSL 7:481bce714567 3935 /* will shrink to actual size */
wolfSSL 7:481bce714567 3936 chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 3937 if (chainBuffer == NULL) {
wolfSSL 7:481bce714567 3938 return MEMORY_E;
wolfSSL 7:481bce714567 3939 }
wolfSSL 7:481bce714567 3940 dynamicBuffer = 1;
wolfSSL 7:481bce714567 3941 }
wolfSSL 7:481bce714567 3942
wolfSSL 7:481bce714567 3943 WOLFSSL_MSG("Processing Cert Chain");
wolfSSL 7:481bce714567 3944 while (consumed < sz) {
wolfSSL 7:481bce714567 3945 int eccKey = 0;
wolfSSL 7:481bce714567 3946 DerBuffer* part = NULL;
wolfSSL 7:481bce714567 3947 word32 remain = (word32)(sz - consumed);
wolfSSL 7:481bce714567 3948 info->consumed = 0;
wolfSSL 7:481bce714567 3949
wolfSSL 7:481bce714567 3950 if (format == SSL_FILETYPE_PEM) {
wolfSSL 7:481bce714567 3951 ret = PemToDer(buff + consumed, remain, type, &part,
wolfSSL 7:481bce714567 3952 heap, info, &eccKey);
wolfSSL 7:481bce714567 3953 }
wolfSSL 7:481bce714567 3954 else {
wolfSSL 7:481bce714567 3955 int length = remain;
wolfSSL 7:481bce714567 3956 if (format == SSL_FILETYPE_ASN1) {
wolfSSL 7:481bce714567 3957 /* get length of der (read sequence) */
wolfSSL 7:481bce714567 3958 word32 inOutIdx = 0;
wolfSSL 7:481bce714567 3959 if (GetSequence(buff + consumed, &inOutIdx, &length, remain) < 0) {
wolfSSL 7:481bce714567 3960 ret = SSL_NO_PEM_HEADER;
wolfSSL 7:481bce714567 3961 }
wolfSSL 7:481bce714567 3962 length += inOutIdx; /* include leading squence */
wolfSSL 7:481bce714567 3963 }
wolfSSL 7:481bce714567 3964 info->consumed = length;
wolfSSL 7:481bce714567 3965 if (ret == 0) {
wolfSSL 7:481bce714567 3966 ret = AllocDer(&part, length, type, heap);
wolfSSL 7:481bce714567 3967 if (ret == 0) {
wolfSSL 7:481bce714567 3968 XMEMCPY(part->buffer, buff + consumed, length);
wolfSSL 7:481bce714567 3969 }
wolfSSL 7:481bce714567 3970 }
wolfSSL 7:481bce714567 3971 }
wolfSSL 7:481bce714567 3972 if (ret == 0) {
wolfSSL 7:481bce714567 3973 gotOne = 1;
wolfSSL 7:481bce714567 3974 if ((idx + part->length) > bufferSz) {
wolfSSL 7:481bce714567 3975 WOLFSSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 7:481bce714567 3976 ret = BUFFER_E;
wolfSSL 7:481bce714567 3977 }
wolfSSL 7:481bce714567 3978 else {
wolfSSL 7:481bce714567 3979 c32to24(part->length, &chainBuffer[idx]);
wolfSSL 7:481bce714567 3980 idx += CERT_HEADER_SZ;
wolfSSL 7:481bce714567 3981 XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
wolfSSL 7:481bce714567 3982 idx += part->length;
wolfSSL 7:481bce714567 3983 consumed += info->consumed;
wolfSSL 7:481bce714567 3984 if (used)
wolfSSL 7:481bce714567 3985 *used += info->consumed;
wolfSSL 7:481bce714567 3986 }
wolfSSL 7:481bce714567 3987 }
wolfSSL 7:481bce714567 3988 FreeDer(&part);
wolfSSL 7:481bce714567 3989
wolfSSL 7:481bce714567 3990 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 7:481bce714567 3991 WOLFSSL_MSG("We got one good cert, so stuff at end ok");
wolfSSL 7:481bce714567 3992 break;
wolfSSL 7:481bce714567 3993 }
wolfSSL 7:481bce714567 3994
wolfSSL 7:481bce714567 3995 if (ret < 0) {
wolfSSL 7:481bce714567 3996 WOLFSSL_MSG(" Error in Cert in Chain");
wolfSSL 7:481bce714567 3997 if (dynamicBuffer)
wolfSSL 7:481bce714567 3998 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 3999 return ret;
wolfSSL 7:481bce714567 4000 }
wolfSSL 7:481bce714567 4001 WOLFSSL_MSG(" Consumed another Cert in Chain");
wolfSSL 7:481bce714567 4002 }
wolfSSL 7:481bce714567 4003 WOLFSSL_MSG("Finished Processing Cert Chain");
wolfSSL 7:481bce714567 4004
wolfSSL 7:481bce714567 4005 /* only retain actual size used */
wolfSSL 7:481bce714567 4006 ret = 0;
wolfSSL 7:481bce714567 4007 if (idx > 0) {
wolfSSL 7:481bce714567 4008 if (ssl) {
wolfSSL 7:481bce714567 4009 if (ssl->buffers.weOwnCertChain) {
wolfSSL 7:481bce714567 4010 FreeDer(&ssl->buffers.certChain);
wolfSSL 7:481bce714567 4011 }
wolfSSL 7:481bce714567 4012 ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
wolfSSL 7:481bce714567 4013 if (ret == 0) {
wolfSSL 7:481bce714567 4014 XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx);
wolfSSL 7:481bce714567 4015 ssl->buffers.weOwnCertChain = 1;
wolfSSL 7:481bce714567 4016 }
wolfSSL 7:481bce714567 4017 } else if (ctx) {
wolfSSL 7:481bce714567 4018 FreeDer(&ctx->certChain);
wolfSSL 7:481bce714567 4019 ret = AllocDer(&ctx->certChain, idx, type, heap);
wolfSSL 7:481bce714567 4020 if (ret == 0) {
wolfSSL 7:481bce714567 4021 XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
wolfSSL 7:481bce714567 4022 }
wolfSSL 7:481bce714567 4023 }
wolfSSL 7:481bce714567 4024 }
wolfSSL 7:481bce714567 4025
wolfSSL 7:481bce714567 4026 if (dynamicBuffer)
wolfSSL 7:481bce714567 4027 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 4028 }
wolfSSL 7:481bce714567 4029
wolfSSL 7:481bce714567 4030 return ret;
wolfSSL 7:481bce714567 4031 }
wolfSSL 7:481bce714567 4032 /* process the buffer buff, length sz, into ctx of format and type
wolfSSL 7:481bce714567 4033 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 7:481bce714567 4034 to pass during the handshake */
wolfSSL 7:481bce714567 4035 int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 7:481bce714567 4036 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 7:481bce714567 4037 long* used, int userChain)
wolfSSL 7:481bce714567 4038 {
wolfSSL 7:481bce714567 4039 DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
wolfSSL 7:481bce714567 4040 int ret = 0;
wolfSSL 7:481bce714567 4041 int eccKey = 0;
wolfSSL 7:481bce714567 4042 int rsaKey = 0;
wolfSSL 7:481bce714567 4043 void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 7:481bce714567 4044 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4045 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 4046 #else
wolfSSL 7:481bce714567 4047 EncryptedInfo info[1];
wolfSSL 7:481bce714567 4048 #endif
wolfSSL 7:481bce714567 4049
wolfSSL 7:481bce714567 4050 (void)rsaKey;
wolfSSL 7:481bce714567 4051
wolfSSL 7:481bce714567 4052 if (used)
wolfSSL 7:481bce714567 4053 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 7:481bce714567 4054
wolfSSL 7:481bce714567 4055 /* check args */
wolfSSL 7:481bce714567 4056 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL 7:481bce714567 4057 && format != SSL_FILETYPE_RAW)
wolfSSL 7:481bce714567 4058 return SSL_BAD_FILETYPE;
wolfSSL 7:481bce714567 4059
wolfSSL 7:481bce714567 4060 if (ctx == NULL && ssl == NULL)
wolfSSL 7:481bce714567 4061 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4062
wolfSSL 7:481bce714567 4063 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4064 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
wolfSSL 7:481bce714567 4065 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4066 if (info == NULL)
wolfSSL 7:481bce714567 4067 return MEMORY_E;
wolfSSL 7:481bce714567 4068 #endif
wolfSSL 7:481bce714567 4069
wolfSSL 7:481bce714567 4070 info->set = 0;
wolfSSL 7:481bce714567 4071 info->ctx = ctx;
wolfSSL 7:481bce714567 4072 info->consumed = 0;
wolfSSL 7:481bce714567 4073
wolfSSL 7:481bce714567 4074 if (format == SSL_FILETYPE_PEM) {
wolfSSL 7:481bce714567 4075 ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
wolfSSL 7:481bce714567 4076 }
wolfSSL 7:481bce714567 4077 else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 7:481bce714567 4078 int length = (int)sz;
wolfSSL 7:481bce714567 4079 if (format == SSL_FILETYPE_ASN1) {
wolfSSL 7:481bce714567 4080 /* get length of der (read sequence) */
wolfSSL 7:481bce714567 4081 word32 inOutIdx = 0;
wolfSSL 7:481bce714567 4082 if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) {
wolfSSL 7:481bce714567 4083 ret = ASN_PARSE_E;
wolfSSL 7:481bce714567 4084 }
wolfSSL 7:481bce714567 4085 length += inOutIdx; /* include leading squence */
wolfSSL 7:481bce714567 4086 }
wolfSSL 7:481bce714567 4087 info->consumed = length;
wolfSSL 7:481bce714567 4088 if (ret == 0) {
wolfSSL 7:481bce714567 4089 ret = AllocDer(&der, (word32)length, type, heap);
wolfSSL 7:481bce714567 4090 if (ret == 0) {
wolfSSL 7:481bce714567 4091 XMEMCPY(der->buffer, buff, length);
wolfSSL 7:481bce714567 4092 }
wolfSSL 7:481bce714567 4093 }
wolfSSL 7:481bce714567 4094 }
wolfSSL 7:481bce714567 4095
wolfSSL 7:481bce714567 4096 if (used) {
wolfSSL 7:481bce714567 4097 *used = info->consumed;
wolfSSL 7:481bce714567 4098 }
wolfSSL 7:481bce714567 4099
wolfSSL 7:481bce714567 4100 /* process user chain */
wolfSSL 7:481bce714567 4101 if (ret >= 0) {
wolfSSL 7:481bce714567 4102 if (userChain) {
wolfSSL 7:481bce714567 4103 ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info);
wolfSSL 7:481bce714567 4104 }
wolfSSL 7:481bce714567 4105 }
wolfSSL 7:481bce714567 4106
wolfSSL 7:481bce714567 4107 /* check for error */
wolfSSL 7:481bce714567 4108 if (ret < 0) {
wolfSSL 7:481bce714567 4109 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4110 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4111 #endif
wolfSSL 7:481bce714567 4112 FreeDer(&der);
wolfSSL 7:481bce714567 4113 return ret;
wolfSSL 7:481bce714567 4114 }
wolfSSL 7:481bce714567 4115
wolfSSL 7:481bce714567 4116 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 7:481bce714567 4117 /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
wolfSSL 7:481bce714567 4118 if (info->set && (format != SSL_FILETYPE_PEM)) {
wolfSSL 7:481bce714567 4119 /* decrypt */
wolfSSL 7:481bce714567 4120 int passwordSz;
wolfSSL 7:481bce714567 4121 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4122 char* password = NULL;
wolfSSL 7:481bce714567 4123 #else
wolfSSL 7:481bce714567 4124 char password[80];
wolfSSL 7:481bce714567 4125 #endif
wolfSSL 7:481bce714567 4126
wolfSSL 7:481bce714567 4127 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4128 password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4129 if (password == NULL)
wolfSSL 7:481bce714567 4130 ret = MEMORY_E;
wolfSSL 7:481bce714567 4131 else
wolfSSL 7:481bce714567 4132 #endif
wolfSSL 7:481bce714567 4133 if (!ctx || !ctx->passwd_cb) {
wolfSSL 7:481bce714567 4134 ret = NO_PASSWORD;
wolfSSL 7:481bce714567 4135 }
wolfSSL 7:481bce714567 4136 else {
wolfSSL 7:481bce714567 4137 passwordSz = ctx->passwd_cb(password, sizeof(password),
wolfSSL 7:481bce714567 4138 0, ctx->userdata);
wolfSSL 7:481bce714567 4139
wolfSSL 7:481bce714567 4140 /* decrypt the key */
wolfSSL 7:481bce714567 4141 ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
wolfSSL 7:481bce714567 4142 passwordSz, info);
wolfSSL 7:481bce714567 4143 }
wolfSSL 7:481bce714567 4144
wolfSSL 7:481bce714567 4145 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4146 XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4147 #endif
wolfSSL 7:481bce714567 4148
wolfSSL 7:481bce714567 4149 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 4150 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4151 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4152 #endif
wolfSSL 7:481bce714567 4153 FreeDer(&der);
wolfSSL 7:481bce714567 4154 return ret;
wolfSSL 7:481bce714567 4155 }
wolfSSL 7:481bce714567 4156 }
wolfSSL 7:481bce714567 4157 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 7:481bce714567 4158
wolfSSL 7:481bce714567 4159 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4160 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4161 #endif
wolfSSL 7:481bce714567 4162
wolfSSL 7:481bce714567 4163 /* Handle DER owner */
wolfSSL 7:481bce714567 4164 if (type == CA_TYPE) {
wolfSSL 7:481bce714567 4165 if (ctx == NULL) {
wolfSSL 7:481bce714567 4166 WOLFSSL_MSG("Need context for CA load");
wolfSSL 7:481bce714567 4167 FreeDer(&der);
wolfSSL 7:481bce714567 4168 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4169 }
wolfSSL 7:481bce714567 4170 /* verify CA unless user set to no verify */
wolfSSL 7:481bce714567 4171 return AddCA(ctx->cm, &der, WOLFSSL_USER_CA, !ctx->verifyNone);
wolfSSL 7:481bce714567 4172 }
wolfSSL 7:481bce714567 4173 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 4174 else if (type == TRUSTED_PEER_TYPE) {
wolfSSL 7:481bce714567 4175 if (ctx == NULL) {
wolfSSL 7:481bce714567 4176 WOLFSSL_MSG("Need context for trusted peer cert load");
wolfSSL 7:481bce714567 4177 FreeDer(&der);
wolfSSL 7:481bce714567 4178 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4179 }
wolfSSL 7:481bce714567 4180 /* add trusted peer cert */
wolfSSL 7:481bce714567 4181 return AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone);
wolfSSL 7:481bce714567 4182 }
wolfSSL 7:481bce714567 4183 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 4184 else if (type == CERT_TYPE) {
wolfSSL 7:481bce714567 4185 if (ssl) {
wolfSSL 7:481bce714567 4186 /* Make sure previous is free'd */
wolfSSL 7:481bce714567 4187 if (ssl->buffers.weOwnCert) {
wolfSSL 7:481bce714567 4188 FreeDer(&ssl->buffers.certificate);
wolfSSL 7:481bce714567 4189 #ifdef KEEP_OUR_CERT
wolfSSL 7:481bce714567 4190 FreeX509(ssl->ourCert);
wolfSSL 7:481bce714567 4191 if (ssl->ourCert) {
wolfSSL 7:481bce714567 4192 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 4193 ssl->ourCert = NULL;
wolfSSL 7:481bce714567 4194 }
wolfSSL 7:481bce714567 4195 #endif
wolfSSL 7:481bce714567 4196 }
wolfSSL 7:481bce714567 4197 ssl->buffers.certificate = der;
wolfSSL 7:481bce714567 4198 #ifdef KEEP_OUR_CERT
wolfSSL 7:481bce714567 4199 ssl->keepCert = 1; /* hold cert for ssl lifetime */
wolfSSL 7:481bce714567 4200 #endif
wolfSSL 7:481bce714567 4201 ssl->buffers.weOwnCert = 1;
wolfSSL 7:481bce714567 4202 }
wolfSSL 7:481bce714567 4203 else if (ctx) {
wolfSSL 7:481bce714567 4204 FreeDer(&ctx->certificate); /* Make sure previous is free'd */
wolfSSL 7:481bce714567 4205 #ifdef KEEP_OUR_CERT
wolfSSL 7:481bce714567 4206 FreeX509(ctx->ourCert);
wolfSSL 7:481bce714567 4207 if (ctx->ourCert) {
wolfSSL 7:481bce714567 4208 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 4209 ctx->ourCert = NULL;
wolfSSL 7:481bce714567 4210 }
wolfSSL 7:481bce714567 4211 #endif
wolfSSL 7:481bce714567 4212 ctx->certificate = der;
wolfSSL 7:481bce714567 4213 }
wolfSSL 7:481bce714567 4214 }
wolfSSL 7:481bce714567 4215 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 7:481bce714567 4216 if (ssl) {
wolfSSL 7:481bce714567 4217 /* Make sure previous is free'd */
wolfSSL 7:481bce714567 4218 if (ssl->buffers.weOwnKey) {
wolfSSL 7:481bce714567 4219 FreeDer(&ssl->buffers.key);
wolfSSL 7:481bce714567 4220 }
wolfSSL 7:481bce714567 4221 ssl->buffers.key = der;
wolfSSL 7:481bce714567 4222 ssl->buffers.weOwnKey = 1;
wolfSSL 7:481bce714567 4223 }
wolfSSL 7:481bce714567 4224 else if (ctx) {
wolfSSL 7:481bce714567 4225 FreeDer(&ctx->privateKey);
wolfSSL 7:481bce714567 4226 ctx->privateKey = der;
wolfSSL 7:481bce714567 4227 }
wolfSSL 7:481bce714567 4228 }
wolfSSL 7:481bce714567 4229 else {
wolfSSL 7:481bce714567 4230 FreeDer(&der);
wolfSSL 7:481bce714567 4231 return SSL_BAD_CERTTYPE;
wolfSSL 7:481bce714567 4232 }
wolfSSL 7:481bce714567 4233
wolfSSL 7:481bce714567 4234 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL 7:481bce714567 4235 #ifndef NO_RSA
wolfSSL 7:481bce714567 4236 if (!eccKey) {
wolfSSL 7:481bce714567 4237 /* make sure RSA key can be used */
wolfSSL 7:481bce714567 4238 word32 idx = 0;
wolfSSL 7:481bce714567 4239 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4240 RsaKey* key = NULL;
wolfSSL 7:481bce714567 4241 #else
wolfSSL 7:481bce714567 4242 RsaKey key[1];
wolfSSL 7:481bce714567 4243 #endif
wolfSSL 7:481bce714567 4244
wolfSSL 7:481bce714567 4245 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4246 key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap,
wolfSSL 7:481bce714567 4247 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4248 if (key == NULL)
wolfSSL 7:481bce714567 4249 return MEMORY_E;
wolfSSL 7:481bce714567 4250 #endif
wolfSSL 7:481bce714567 4251
wolfSSL 7:481bce714567 4252 ret = wc_InitRsaKey(key, 0);
wolfSSL 7:481bce714567 4253 if (ret == 0) {
wolfSSL 7:481bce714567 4254 if (wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length)
wolfSSL 7:481bce714567 4255 != 0) {
wolfSSL 7:481bce714567 4256 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 4257 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL 7:481bce714567 4258 eccKey = 1; /* so try it out */
wolfSSL 7:481bce714567 4259 #endif
wolfSSL 7:481bce714567 4260 if (!eccKey)
wolfSSL 7:481bce714567 4261 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 4262 } else {
wolfSSL 7:481bce714567 4263 /* check that the size of the RSA key is enough */
wolfSSL 7:481bce714567 4264 int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
wolfSSL 7:481bce714567 4265 if (ssl) {
wolfSSL 7:481bce714567 4266 if (RsaSz < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 4267 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 4268 WOLFSSL_MSG("Private Key size too small");
wolfSSL 7:481bce714567 4269 }
wolfSSL 7:481bce714567 4270 }
wolfSSL 7:481bce714567 4271 else if(ctx) {
wolfSSL 7:481bce714567 4272 if (RsaSz < ctx->minRsaKeySz) {
wolfSSL 7:481bce714567 4273 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 4274 WOLFSSL_MSG("Private Key size too small");
wolfSSL 7:481bce714567 4275 }
wolfSSL 7:481bce714567 4276 }
wolfSSL 7:481bce714567 4277 rsaKey = 1;
wolfSSL 7:481bce714567 4278 (void)rsaKey; /* for no ecc builds */
wolfSSL 7:481bce714567 4279 }
wolfSSL 7:481bce714567 4280 }
wolfSSL 7:481bce714567 4281
wolfSSL 7:481bce714567 4282 wc_FreeRsaKey(key);
wolfSSL 7:481bce714567 4283
wolfSSL 7:481bce714567 4284 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4285 XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4286 #endif
wolfSSL 7:481bce714567 4287
wolfSSL 7:481bce714567 4288 if (ret != 0)
wolfSSL 7:481bce714567 4289 return ret;
wolfSSL 7:481bce714567 4290 }
wolfSSL 7:481bce714567 4291 #endif
wolfSSL 7:481bce714567 4292 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 4293 if (!rsaKey) {
wolfSSL 7:481bce714567 4294 /* make sure ECC key can be used */
wolfSSL 7:481bce714567 4295 word32 idx = 0;
wolfSSL 7:481bce714567 4296 ecc_key key;
wolfSSL 7:481bce714567 4297
wolfSSL 7:481bce714567 4298 wc_ecc_init(&key);
wolfSSL 7:481bce714567 4299 if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key,
wolfSSL 7:481bce714567 4300 der->length) != 0) {
wolfSSL 7:481bce714567 4301 wc_ecc_free(&key);
wolfSSL 7:481bce714567 4302 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 4303 }
wolfSSL 7:481bce714567 4304
wolfSSL 7:481bce714567 4305 /* check for minimum ECC key size and then free */
wolfSSL 7:481bce714567 4306 if (ssl) {
wolfSSL 7:481bce714567 4307 if (wc_ecc_size(&key) < ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 4308 wc_ecc_free(&key);
wolfSSL 7:481bce714567 4309 WOLFSSL_MSG("ECC private key too small");
wolfSSL 7:481bce714567 4310 return ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 4311 }
wolfSSL 7:481bce714567 4312 }
wolfSSL 7:481bce714567 4313 else if (ctx) {
wolfSSL 7:481bce714567 4314 if (wc_ecc_size(&key) < ctx->minEccKeySz) {
wolfSSL 7:481bce714567 4315 wc_ecc_free(&key);
wolfSSL 7:481bce714567 4316 WOLFSSL_MSG("ECC private key too small");
wolfSSL 7:481bce714567 4317 return ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 4318 }
wolfSSL 7:481bce714567 4319 }
wolfSSL 7:481bce714567 4320
wolfSSL 7:481bce714567 4321 wc_ecc_free(&key);
wolfSSL 7:481bce714567 4322 eccKey = 1;
wolfSSL 7:481bce714567 4323 if (ctx)
wolfSSL 7:481bce714567 4324 ctx->haveStaticECC = 1;
wolfSSL 7:481bce714567 4325 if (ssl)
wolfSSL 7:481bce714567 4326 ssl->options.haveStaticECC = 1;
wolfSSL 7:481bce714567 4327 }
wolfSSL 7:481bce714567 4328 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 4329 }
wolfSSL 7:481bce714567 4330 else if (type == CERT_TYPE) {
wolfSSL 7:481bce714567 4331 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4332 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 4333 #else
wolfSSL 7:481bce714567 4334 DecodedCert cert[1];
wolfSSL 7:481bce714567 4335 #endif
wolfSSL 7:481bce714567 4336
wolfSSL 7:481bce714567 4337 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4338 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
wolfSSL 7:481bce714567 4339 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4340 if (cert == NULL)
wolfSSL 7:481bce714567 4341 return MEMORY_E;
wolfSSL 7:481bce714567 4342 #endif
wolfSSL 7:481bce714567 4343
wolfSSL 7:481bce714567 4344 WOLFSSL_MSG("Checking cert signature type");
wolfSSL 7:481bce714567 4345 InitDecodedCert(cert, der->buffer, der->length, heap);
wolfSSL 7:481bce714567 4346
wolfSSL 7:481bce714567 4347 if (DecodeToKey(cert, 0) < 0) {
wolfSSL 7:481bce714567 4348 WOLFSSL_MSG("Decode to key failed");
wolfSSL 7:481bce714567 4349 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 4350 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4351 XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4352 #endif
wolfSSL 7:481bce714567 4353 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 4354 }
wolfSSL 7:481bce714567 4355 switch (cert->signatureOID) {
wolfSSL 7:481bce714567 4356 case CTC_SHAwECDSA:
wolfSSL 7:481bce714567 4357 case CTC_SHA256wECDSA:
wolfSSL 7:481bce714567 4358 case CTC_SHA384wECDSA:
wolfSSL 7:481bce714567 4359 case CTC_SHA512wECDSA:
wolfSSL 7:481bce714567 4360 WOLFSSL_MSG("ECDSA cert signature");
wolfSSL 7:481bce714567 4361 if (ctx)
wolfSSL 7:481bce714567 4362 ctx->haveECDSAsig = 1;
wolfSSL 7:481bce714567 4363 if (ssl)
wolfSSL 7:481bce714567 4364 ssl->options.haveECDSAsig = 1;
wolfSSL 7:481bce714567 4365 break;
wolfSSL 7:481bce714567 4366 default:
wolfSSL 7:481bce714567 4367 WOLFSSL_MSG("Not ECDSA cert signature");
wolfSSL 7:481bce714567 4368 break;
wolfSSL 7:481bce714567 4369 }
wolfSSL 7:481bce714567 4370
wolfSSL 7:481bce714567 4371 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 4372 if (ctx) {
wolfSSL 7:481bce714567 4373 ctx->pkCurveOID = cert->pkCurveOID;
wolfSSL 7:481bce714567 4374 #ifndef WC_STRICT_SIG
wolfSSL 7:481bce714567 4375 if (cert->keyOID == ECDSAk) {
wolfSSL 7:481bce714567 4376 ctx->haveECC = 1;
wolfSSL 7:481bce714567 4377 }
wolfSSL 7:481bce714567 4378 #else
wolfSSL 7:481bce714567 4379 ctx->haveECC = ctx->haveECDSAsig;
wolfSSL 7:481bce714567 4380 #endif
wolfSSL 7:481bce714567 4381 }
wolfSSL 7:481bce714567 4382 if (ssl) {
wolfSSL 7:481bce714567 4383 ssl->pkCurveOID = cert->pkCurveOID;
wolfSSL 7:481bce714567 4384 #ifndef WC_STRICT_SIG
wolfSSL 7:481bce714567 4385 if (cert->keyOID == ECDSAk) {
wolfSSL 7:481bce714567 4386 ssl->options.haveECC = 1;
wolfSSL 7:481bce714567 4387 }
wolfSSL 7:481bce714567 4388 #else
wolfSSL 7:481bce714567 4389 ssl->options.haveECC = ssl->options.haveECDSAsig;
wolfSSL 7:481bce714567 4390 #endif
wolfSSL 7:481bce714567 4391 }
wolfSSL 7:481bce714567 4392 #endif
wolfSSL 7:481bce714567 4393
wolfSSL 7:481bce714567 4394 /* check key size of cert unless specified not to */
wolfSSL 7:481bce714567 4395 switch (cert->keyOID) {
wolfSSL 7:481bce714567 4396 #ifndef NO_RSA
wolfSSL 7:481bce714567 4397 case RSAk:
wolfSSL 7:481bce714567 4398 if (ssl && !ssl->options.verifyNone) {
wolfSSL 7:481bce714567 4399 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 7:481bce714567 4400 cert->pubKeySize < (word16)ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 4401 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 4402 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 7:481bce714567 4403 }
wolfSSL 7:481bce714567 4404 }
wolfSSL 7:481bce714567 4405 else if (ctx && !ctx->verifyNone) {
wolfSSL 7:481bce714567 4406 if (ctx->minRsaKeySz < 0 ||
wolfSSL 7:481bce714567 4407 cert->pubKeySize < (word16)ctx->minRsaKeySz) {
wolfSSL 7:481bce714567 4408 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 4409 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 7:481bce714567 4410 }
wolfSSL 7:481bce714567 4411 }
wolfSSL 7:481bce714567 4412 break;
wolfSSL 7:481bce714567 4413 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 4414 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 4415 case ECDSAk:
wolfSSL 7:481bce714567 4416 if (ssl && !ssl->options.verifyNone) {
wolfSSL 7:481bce714567 4417 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 7:481bce714567 4418 cert->pubKeySize < (word16)ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 4419 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 4420 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 7:481bce714567 4421 }
wolfSSL 7:481bce714567 4422 }
wolfSSL 7:481bce714567 4423 else if (ctx && !ctx->verifyNone) {
wolfSSL 7:481bce714567 4424 if (ctx->minEccKeySz < 0 ||
wolfSSL 7:481bce714567 4425 cert->pubKeySize < (word16)ctx->minEccKeySz) {
wolfSSL 7:481bce714567 4426 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 4427 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 7:481bce714567 4428 }
wolfSSL 7:481bce714567 4429 }
wolfSSL 7:481bce714567 4430 break;
wolfSSL 7:481bce714567 4431 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 4432
wolfSSL 7:481bce714567 4433 default:
wolfSSL 7:481bce714567 4434 WOLFSSL_MSG("No key size check done on certificate");
wolfSSL 7:481bce714567 4435 break; /* do no check if not a case for the key */
wolfSSL 7:481bce714567 4436 }
wolfSSL 7:481bce714567 4437
wolfSSL 7:481bce714567 4438 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 4439 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4440 XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4441 #endif
wolfSSL 7:481bce714567 4442
wolfSSL 7:481bce714567 4443 if (ret != 0) {
wolfSSL 7:481bce714567 4444 return ret;
wolfSSL 7:481bce714567 4445 }
wolfSSL 7:481bce714567 4446 }
wolfSSL 7:481bce714567 4447
wolfSSL 7:481bce714567 4448 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4449 }
wolfSSL 7:481bce714567 4450
wolfSSL 7:481bce714567 4451
wolfSSL 7:481bce714567 4452 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 7:481bce714567 4453 static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 7:481bce714567 4454 long sz, int format, int type, WOLFSSL* ssl)
wolfSSL 7:481bce714567 4455 {
wolfSSL 7:481bce714567 4456 long used = 0;
wolfSSL 7:481bce714567 4457 int ret = 0;
wolfSSL 7:481bce714567 4458 int gotOne = 0;
wolfSSL 7:481bce714567 4459
wolfSSL 7:481bce714567 4460 WOLFSSL_MSG("Processing CA PEM file");
wolfSSL 7:481bce714567 4461 while (used < sz) {
wolfSSL 7:481bce714567 4462 long consumed = 0;
wolfSSL 7:481bce714567 4463
wolfSSL 7:481bce714567 4464 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 7:481bce714567 4465 &consumed, 0);
wolfSSL 7:481bce714567 4466
wolfSSL 7:481bce714567 4467 if (ret < 0)
wolfSSL 7:481bce714567 4468 {
wolfSSL 7:481bce714567 4469 if(consumed > 0) { /* Made progress in file */
wolfSSL 7:481bce714567 4470 WOLFSSL_ERROR(ret);
wolfSSL 7:481bce714567 4471 WOLFSSL_MSG("CA Parse failed, with progress in file.");
wolfSSL 7:481bce714567 4472 WOLFSSL_MSG("Search for other certs in file");
wolfSSL 7:481bce714567 4473 } else {
wolfSSL 7:481bce714567 4474 WOLFSSL_MSG("CA Parse failed, no progress in file.");
wolfSSL 7:481bce714567 4475 WOLFSSL_MSG("Do not continue search for other certs in file");
wolfSSL 7:481bce714567 4476 break;
wolfSSL 7:481bce714567 4477 }
wolfSSL 7:481bce714567 4478 } else {
wolfSSL 7:481bce714567 4479 WOLFSSL_MSG(" Processed a CA");
wolfSSL 7:481bce714567 4480 gotOne = 1;
wolfSSL 7:481bce714567 4481 }
wolfSSL 7:481bce714567 4482 used += consumed;
wolfSSL 7:481bce714567 4483 }
wolfSSL 7:481bce714567 4484
wolfSSL 7:481bce714567 4485 if(gotOne)
wolfSSL 7:481bce714567 4486 {
wolfSSL 7:481bce714567 4487 WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
wolfSSL 7:481bce714567 4488 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4489 }
wolfSSL 7:481bce714567 4490 return ret;
wolfSSL 7:481bce714567 4491 }
wolfSSL 7:481bce714567 4492
wolfSSL 7:481bce714567 4493
wolfSSL 7:481bce714567 4494 static INLINE WOLFSSL_METHOD* cm_pick_method(void)
wolfSSL 7:481bce714567 4495 {
wolfSSL 7:481bce714567 4496 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 4497 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 4498 return wolfSSLv3_client_method();
wolfSSL 7:481bce714567 4499 #else
wolfSSL 7:481bce714567 4500 return wolfTLSv1_2_client_method();
wolfSSL 7:481bce714567 4501 #endif
wolfSSL 7:481bce714567 4502 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 7:481bce714567 4503 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 4504 return wolfSSLv3_server_method();
wolfSSL 7:481bce714567 4505 #else
wolfSSL 7:481bce714567 4506 return wolfTLSv1_2_server_method();
wolfSSL 7:481bce714567 4507 #endif
wolfSSL 7:481bce714567 4508 #else
wolfSSL 7:481bce714567 4509 return NULL;
wolfSSL 7:481bce714567 4510 #endif
wolfSSL 7:481bce714567 4511 }
wolfSSL 7:481bce714567 4512
wolfSSL 7:481bce714567 4513
wolfSSL 7:481bce714567 4514 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 7:481bce714567 4515 int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 7:481bce714567 4516 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 4517 {
wolfSSL 7:481bce714567 4518 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 4519 WOLFSSL_CTX* tmp;
wolfSSL 7:481bce714567 4520
wolfSSL 7:481bce714567 4521 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer");
wolfSSL 7:481bce714567 4522
wolfSSL 7:481bce714567 4523 if (cm == NULL) {
wolfSSL 7:481bce714567 4524 WOLFSSL_MSG("No CertManager error");
wolfSSL 7:481bce714567 4525 return ret;
wolfSSL 7:481bce714567 4526 }
wolfSSL 7:481bce714567 4527 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 7:481bce714567 4528
wolfSSL 7:481bce714567 4529 if (tmp == NULL) {
wolfSSL 7:481bce714567 4530 WOLFSSL_MSG("CTX new failed");
wolfSSL 7:481bce714567 4531 return ret;
wolfSSL 7:481bce714567 4532 }
wolfSSL 7:481bce714567 4533
wolfSSL 7:481bce714567 4534 /* for tmp use */
wolfSSL 7:481bce714567 4535 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 7:481bce714567 4536 tmp->cm = cm;
wolfSSL 7:481bce714567 4537
wolfSSL 7:481bce714567 4538 ret = wolfSSL_CTX_load_verify_buffer(tmp, in, sz, format);
wolfSSL 7:481bce714567 4539
wolfSSL 7:481bce714567 4540 /* don't loose our good one */
wolfSSL 7:481bce714567 4541 tmp->cm = NULL;
wolfSSL 7:481bce714567 4542 wolfSSL_CTX_free(tmp);
wolfSSL 7:481bce714567 4543
wolfSSL 7:481bce714567 4544 return ret;
wolfSSL 7:481bce714567 4545 }
wolfSSL 7:481bce714567 4546
wolfSSL 7:481bce714567 4547 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 4548
wolfSSL 7:481bce714567 4549 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 7:481bce714567 4550 const unsigned char* buff, long sz, int type)
wolfSSL 7:481bce714567 4551 {
wolfSSL 7:481bce714567 4552 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRLBuffer");
wolfSSL 7:481bce714567 4553 if (cm == NULL)
wolfSSL 7:481bce714567 4554 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4555
wolfSSL 7:481bce714567 4556 if (cm->crl == NULL) {
wolfSSL 7:481bce714567 4557 if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 4558 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 7:481bce714567 4559 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 4560 }
wolfSSL 7:481bce714567 4561 }
wolfSSL 7:481bce714567 4562
wolfSSL 7:481bce714567 4563 return BufferLoadCRL(cm->crl, buff, sz, type);
wolfSSL 7:481bce714567 4564 }
wolfSSL 7:481bce714567 4565
wolfSSL 7:481bce714567 4566
wolfSSL 7:481bce714567 4567 int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 7:481bce714567 4568 long sz, int type)
wolfSSL 7:481bce714567 4569 {
wolfSSL 7:481bce714567 4570 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer");
wolfSSL 7:481bce714567 4571
wolfSSL 7:481bce714567 4572 if (ctx == NULL)
wolfSSL 7:481bce714567 4573 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4574
wolfSSL 7:481bce714567 4575 return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type);
wolfSSL 7:481bce714567 4576 }
wolfSSL 7:481bce714567 4577
wolfSSL 7:481bce714567 4578
wolfSSL 7:481bce714567 4579 int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
wolfSSL 7:481bce714567 4580 long sz, int type)
wolfSSL 7:481bce714567 4581 {
wolfSSL 7:481bce714567 4582 WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer");
wolfSSL 7:481bce714567 4583
wolfSSL 7:481bce714567 4584 if (ssl == NULL || ssl->ctx == NULL)
wolfSSL 7:481bce714567 4585 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4586
wolfSSL 7:481bce714567 4587 return wolfSSL_CertManagerLoadCRLBuffer(ssl->ctx->cm, buff, sz, type);
wolfSSL 7:481bce714567 4588 }
wolfSSL 7:481bce714567 4589
wolfSSL 7:481bce714567 4590
wolfSSL 7:481bce714567 4591 #endif /* HAVE_CRL */
wolfSSL 7:481bce714567 4592
wolfSSL 7:481bce714567 4593 /* turn on CRL if off and compiled in, set options */
wolfSSL 7:481bce714567 4594 int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 7:481bce714567 4595 {
wolfSSL 7:481bce714567 4596 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 4597
wolfSSL 7:481bce714567 4598 (void)options;
wolfSSL 7:481bce714567 4599
wolfSSL 7:481bce714567 4600 WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
wolfSSL 7:481bce714567 4601 if (cm == NULL)
wolfSSL 7:481bce714567 4602 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4603
wolfSSL 7:481bce714567 4604 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 4605 if (cm->crl == NULL) {
wolfSSL 7:481bce714567 4606 cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
wolfSSL 7:481bce714567 4607 DYNAMIC_TYPE_CRL);
wolfSSL 7:481bce714567 4608 if (cm->crl == NULL)
wolfSSL 7:481bce714567 4609 return MEMORY_E;
wolfSSL 7:481bce714567 4610
wolfSSL 7:481bce714567 4611 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 7:481bce714567 4612 WOLFSSL_MSG("Init CRL failed");
wolfSSL 7:481bce714567 4613 FreeCRL(cm->crl, 1);
wolfSSL 7:481bce714567 4614 cm->crl = NULL;
wolfSSL 7:481bce714567 4615 return SSL_FAILURE;
wolfSSL 7:481bce714567 4616 }
wolfSSL 7:481bce714567 4617 }
wolfSSL 7:481bce714567 4618 cm->crlEnabled = 1;
wolfSSL 7:481bce714567 4619 if (options & WOLFSSL_CRL_CHECKALL)
wolfSSL 7:481bce714567 4620 cm->crlCheckAll = 1;
wolfSSL 7:481bce714567 4621 #else
wolfSSL 7:481bce714567 4622 ret = NOT_COMPILED_IN;
wolfSSL 7:481bce714567 4623 #endif
wolfSSL 7:481bce714567 4624
wolfSSL 7:481bce714567 4625 return ret;
wolfSSL 7:481bce714567 4626 }
wolfSSL 7:481bce714567 4627
wolfSSL 7:481bce714567 4628
wolfSSL 7:481bce714567 4629 int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 4630 {
wolfSSL 7:481bce714567 4631 WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
wolfSSL 7:481bce714567 4632 if (cm == NULL)
wolfSSL 7:481bce714567 4633 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4634
wolfSSL 7:481bce714567 4635 cm->crlEnabled = 0;
wolfSSL 7:481bce714567 4636
wolfSSL 7:481bce714567 4637 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4638 }
wolfSSL 7:481bce714567 4639 /* Verify the certificate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 7:481bce714567 4640 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 7:481bce714567 4641 long sz, int format)
wolfSSL 7:481bce714567 4642 {
wolfSSL 7:481bce714567 4643 int ret = 0;
wolfSSL 7:481bce714567 4644 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 4645 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4646 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 4647 #else
wolfSSL 7:481bce714567 4648 DecodedCert cert[1];
wolfSSL 7:481bce714567 4649 #endif
wolfSSL 7:481bce714567 4650
wolfSSL 7:481bce714567 4651 WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
wolfSSL 7:481bce714567 4652
wolfSSL 7:481bce714567 4653 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4654 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 7:481bce714567 4655 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4656 if (cert == NULL)
wolfSSL 7:481bce714567 4657 return MEMORY_E;
wolfSSL 7:481bce714567 4658 #endif
wolfSSL 7:481bce714567 4659
wolfSSL 7:481bce714567 4660 if (format == SSL_FILETYPE_PEM) {
wolfSSL 7:481bce714567 4661 int eccKey = 0; /* not used */
wolfSSL 7:481bce714567 4662 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4663 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 4664 #else
wolfSSL 7:481bce714567 4665 EncryptedInfo info[1];
wolfSSL 7:481bce714567 4666 #endif
wolfSSL 7:481bce714567 4667
wolfSSL 7:481bce714567 4668 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4669 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), cm->heap,
wolfSSL 7:481bce714567 4670 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4671 if (info == NULL) {
wolfSSL 7:481bce714567 4672 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4673 return MEMORY_E;
wolfSSL 7:481bce714567 4674 }
wolfSSL 7:481bce714567 4675 #endif
wolfSSL 7:481bce714567 4676
wolfSSL 7:481bce714567 4677 info->set = 0;
wolfSSL 7:481bce714567 4678 info->ctx = NULL;
wolfSSL 7:481bce714567 4679 info->consumed = 0;
wolfSSL 7:481bce714567 4680
wolfSSL 7:481bce714567 4681 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
wolfSSL 7:481bce714567 4682 if (ret != 0) {
wolfSSL 7:481bce714567 4683 FreeDer(&der);
wolfSSL 7:481bce714567 4684 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4685 XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4686 #endif
wolfSSL 7:481bce714567 4687 return ret;
wolfSSL 7:481bce714567 4688 }
wolfSSL 7:481bce714567 4689 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 7:481bce714567 4690
wolfSSL 7:481bce714567 4691 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4692 XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4693 #endif
wolfSSL 7:481bce714567 4694 }
wolfSSL 7:481bce714567 4695 else
wolfSSL 7:481bce714567 4696 InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 7:481bce714567 4697
wolfSSL 7:481bce714567 4698 if (ret == 0)
wolfSSL 7:481bce714567 4699 ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
wolfSSL 7:481bce714567 4700
wolfSSL 7:481bce714567 4701 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 4702 if (ret == 0 && cm->crlEnabled)
wolfSSL 7:481bce714567 4703 ret = CheckCertCRL(cm->crl, cert);
wolfSSL 7:481bce714567 4704 #endif
wolfSSL 7:481bce714567 4705
wolfSSL 7:481bce714567 4706 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 4707 FreeDer(&der);
wolfSSL 7:481bce714567 4708 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4709 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4710 #endif
wolfSSL 7:481bce714567 4711
wolfSSL 7:481bce714567 4712 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 7:481bce714567 4713 }
wolfSSL 7:481bce714567 4714
wolfSSL 7:481bce714567 4715
wolfSSL 7:481bce714567 4716 /* turn on OCSP if off and compiled in, set options */
wolfSSL 7:481bce714567 4717 int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 7:481bce714567 4718 {
wolfSSL 7:481bce714567 4719 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 4720
wolfSSL 7:481bce714567 4721 (void)options;
wolfSSL 7:481bce714567 4722
wolfSSL 7:481bce714567 4723 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
wolfSSL 7:481bce714567 4724 if (cm == NULL)
wolfSSL 7:481bce714567 4725 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4726
wolfSSL 7:481bce714567 4727 #ifdef HAVE_OCSP
wolfSSL 7:481bce714567 4728 if (cm->ocsp == NULL) {
wolfSSL 7:481bce714567 4729 cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
wolfSSL 7:481bce714567 4730 DYNAMIC_TYPE_OCSP);
wolfSSL 7:481bce714567 4731 if (cm->ocsp == NULL)
wolfSSL 7:481bce714567 4732 return MEMORY_E;
wolfSSL 7:481bce714567 4733
wolfSSL 7:481bce714567 4734 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 7:481bce714567 4735 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 7:481bce714567 4736 FreeOCSP(cm->ocsp, 1);
wolfSSL 7:481bce714567 4737 cm->ocsp = NULL;
wolfSSL 7:481bce714567 4738 return SSL_FAILURE;
wolfSSL 7:481bce714567 4739 }
wolfSSL 7:481bce714567 4740 }
wolfSSL 7:481bce714567 4741 cm->ocspEnabled = 1;
wolfSSL 7:481bce714567 4742 if (options & WOLFSSL_OCSP_URL_OVERRIDE)
wolfSSL 7:481bce714567 4743 cm->ocspUseOverrideURL = 1;
wolfSSL 7:481bce714567 4744 if (options & WOLFSSL_OCSP_NO_NONCE)
wolfSSL 7:481bce714567 4745 cm->ocspSendNonce = 0;
wolfSSL 7:481bce714567 4746 else
wolfSSL 7:481bce714567 4747 cm->ocspSendNonce = 1;
wolfSSL 7:481bce714567 4748 if (options & WOLFSSL_OCSP_CHECKALL)
wolfSSL 7:481bce714567 4749 cm->ocspCheckAll = 1;
wolfSSL 7:481bce714567 4750 #ifndef WOLFSSL_USER_IO
wolfSSL 7:481bce714567 4751 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 7:481bce714567 4752 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 7:481bce714567 4753 cm->ocspIOCtx = cm->heap;
wolfSSL 7:481bce714567 4754 #endif /* WOLFSSL_USER_IO */
wolfSSL 7:481bce714567 4755 #else
wolfSSL 7:481bce714567 4756 ret = NOT_COMPILED_IN;
wolfSSL 7:481bce714567 4757 #endif
wolfSSL 7:481bce714567 4758
wolfSSL 7:481bce714567 4759 return ret;
wolfSSL 7:481bce714567 4760 }
wolfSSL 7:481bce714567 4761
wolfSSL 7:481bce714567 4762
wolfSSL 7:481bce714567 4763 int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 4764 {
wolfSSL 7:481bce714567 4765 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
wolfSSL 7:481bce714567 4766 if (cm == NULL)
wolfSSL 7:481bce714567 4767 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4768
wolfSSL 7:481bce714567 4769 cm->ocspEnabled = 0;
wolfSSL 7:481bce714567 4770
wolfSSL 7:481bce714567 4771 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4772 }
wolfSSL 7:481bce714567 4773
wolfSSL 7:481bce714567 4774 /* turn on OCSP Stapling if off and compiled in, set options */
wolfSSL 7:481bce714567 4775 int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 4776 {
wolfSSL 7:481bce714567 4777 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 4778
wolfSSL 7:481bce714567 4779 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling");
wolfSSL 7:481bce714567 4780 if (cm == NULL)
wolfSSL 7:481bce714567 4781 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4782
wolfSSL 7:481bce714567 4783 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 4784 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 4785 if (cm->ocsp_stapling == NULL) {
wolfSSL 7:481bce714567 4786 cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP),
wolfSSL 7:481bce714567 4787 cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL 7:481bce714567 4788 if (cm->ocsp_stapling == NULL)
wolfSSL 7:481bce714567 4789 return MEMORY_E;
wolfSSL 7:481bce714567 4790
wolfSSL 7:481bce714567 4791 if (InitOCSP(cm->ocsp_stapling, cm) != 0) {
wolfSSL 7:481bce714567 4792 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 7:481bce714567 4793 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 7:481bce714567 4794 cm->ocsp_stapling = NULL;
wolfSSL 7:481bce714567 4795 return SSL_FAILURE;
wolfSSL 7:481bce714567 4796 }
wolfSSL 7:481bce714567 4797 }
wolfSSL 7:481bce714567 4798 cm->ocspStaplingEnabled = 1;
wolfSSL 7:481bce714567 4799
wolfSSL 7:481bce714567 4800 #ifndef WOLFSSL_USER_IO
wolfSSL 7:481bce714567 4801 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 7:481bce714567 4802 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 7:481bce714567 4803 cm->ocspIOCtx = cm->heap;
wolfSSL 7:481bce714567 4804 #endif /* WOLFSSL_USER_IO */
wolfSSL 7:481bce714567 4805 #else
wolfSSL 7:481bce714567 4806 ret = NOT_COMPILED_IN;
wolfSSL 7:481bce714567 4807 #endif
wolfSSL 7:481bce714567 4808
wolfSSL 7:481bce714567 4809 return ret;
wolfSSL 7:481bce714567 4810 }
wolfSSL 7:481bce714567 4811
wolfSSL 7:481bce714567 4812
wolfSSL 7:481bce714567 4813 #ifdef HAVE_OCSP
wolfSSL 7:481bce714567 4814
wolfSSL 7:481bce714567 4815
wolfSSL 7:481bce714567 4816 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 7:481bce714567 4817 int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 7:481bce714567 4818 {
wolfSSL 7:481bce714567 4819 int ret;
wolfSSL 7:481bce714567 4820 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4821 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 4822 #else
wolfSSL 7:481bce714567 4823 DecodedCert cert[1];
wolfSSL 7:481bce714567 4824 #endif
wolfSSL 7:481bce714567 4825
wolfSSL 7:481bce714567 4826 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
wolfSSL 7:481bce714567 4827
wolfSSL 7:481bce714567 4828 if (cm == NULL)
wolfSSL 7:481bce714567 4829 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4830
wolfSSL 7:481bce714567 4831 if (cm->ocspEnabled == 0)
wolfSSL 7:481bce714567 4832 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4833
wolfSSL 7:481bce714567 4834 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4835 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 4836 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4837 if (cert == NULL)
wolfSSL 7:481bce714567 4838 return MEMORY_E;
wolfSSL 7:481bce714567 4839 #endif
wolfSSL 7:481bce714567 4840
wolfSSL 7:481bce714567 4841 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 7:481bce714567 4842
wolfSSL 7:481bce714567 4843 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
wolfSSL 7:481bce714567 4844 WOLFSSL_MSG("ParseCert failed");
wolfSSL 7:481bce714567 4845 }
wolfSSL 7:481bce714567 4846 else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
wolfSSL 7:481bce714567 4847 WOLFSSL_MSG("CheckCertOCSP failed");
wolfSSL 7:481bce714567 4848 }
wolfSSL 7:481bce714567 4849
wolfSSL 7:481bce714567 4850 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 4851 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 4852 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 4853 #endif
wolfSSL 7:481bce714567 4854
wolfSSL 7:481bce714567 4855 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 7:481bce714567 4856 }
wolfSSL 7:481bce714567 4857
wolfSSL 7:481bce714567 4858
wolfSSL 7:481bce714567 4859 int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 7:481bce714567 4860 const char* url)
wolfSSL 7:481bce714567 4861 {
wolfSSL 7:481bce714567 4862 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 7:481bce714567 4863 if (cm == NULL)
wolfSSL 7:481bce714567 4864 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4865
wolfSSL 7:481bce714567 4866 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 7:481bce714567 4867 if (url != NULL) {
wolfSSL 7:481bce714567 4868 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 7:481bce714567 4869 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 7:481bce714567 4870 if (cm->ocspOverrideURL != NULL) {
wolfSSL 7:481bce714567 4871 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 7:481bce714567 4872 }
wolfSSL 7:481bce714567 4873 else
wolfSSL 7:481bce714567 4874 return MEMORY_E;
wolfSSL 7:481bce714567 4875 }
wolfSSL 7:481bce714567 4876 else
wolfSSL 7:481bce714567 4877 cm->ocspOverrideURL = NULL;
wolfSSL 7:481bce714567 4878
wolfSSL 7:481bce714567 4879 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4880 }
wolfSSL 7:481bce714567 4881
wolfSSL 7:481bce714567 4882
wolfSSL 7:481bce714567 4883 int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 7:481bce714567 4884 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 7:481bce714567 4885 {
wolfSSL 7:481bce714567 4886 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
wolfSSL 7:481bce714567 4887 if (cm == NULL)
wolfSSL 7:481bce714567 4888 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4889
wolfSSL 7:481bce714567 4890 cm->ocspIOCb = ioCb;
wolfSSL 7:481bce714567 4891 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 7:481bce714567 4892 cm->ocspIOCtx = ioCbCtx;
wolfSSL 7:481bce714567 4893
wolfSSL 7:481bce714567 4894 return SSL_SUCCESS;
wolfSSL 7:481bce714567 4895 }
wolfSSL 7:481bce714567 4896
wolfSSL 7:481bce714567 4897
wolfSSL 7:481bce714567 4898 int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
wolfSSL 7:481bce714567 4899 {
wolfSSL 7:481bce714567 4900 WOLFSSL_ENTER("wolfSSL_EnableOCSP");
wolfSSL 7:481bce714567 4901 if (ssl)
wolfSSL 7:481bce714567 4902 return wolfSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 7:481bce714567 4903 else
wolfSSL 7:481bce714567 4904 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4905 }
wolfSSL 7:481bce714567 4906
wolfSSL 7:481bce714567 4907
wolfSSL 7:481bce714567 4908 int wolfSSL_DisableOCSP(WOLFSSL* ssl)
wolfSSL 7:481bce714567 4909 {
wolfSSL 7:481bce714567 4910 WOLFSSL_ENTER("wolfSSL_DisableOCSP");
wolfSSL 7:481bce714567 4911 if (ssl)
wolfSSL 7:481bce714567 4912 return wolfSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 7:481bce714567 4913 else
wolfSSL 7:481bce714567 4914 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4915 }
wolfSSL 7:481bce714567 4916
wolfSSL 7:481bce714567 4917
wolfSSL 7:481bce714567 4918 int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
wolfSSL 7:481bce714567 4919 {
wolfSSL 7:481bce714567 4920 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 7:481bce714567 4921 if (ssl)
wolfSSL 7:481bce714567 4922 return wolfSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 7:481bce714567 4923 else
wolfSSL 7:481bce714567 4924 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4925 }
wolfSSL 7:481bce714567 4926
wolfSSL 7:481bce714567 4927
wolfSSL 7:481bce714567 4928 int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
wolfSSL 7:481bce714567 4929 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 7:481bce714567 4930 {
wolfSSL 7:481bce714567 4931 WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
wolfSSL 7:481bce714567 4932 if (ssl)
wolfSSL 7:481bce714567 4933 return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 7:481bce714567 4934 ioCb, respFreeCb, ioCbCtx);
wolfSSL 7:481bce714567 4935 else
wolfSSL 7:481bce714567 4936 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4937 }
wolfSSL 7:481bce714567 4938
wolfSSL 7:481bce714567 4939
wolfSSL 7:481bce714567 4940 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
wolfSSL 7:481bce714567 4941 {
wolfSSL 7:481bce714567 4942 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
wolfSSL 7:481bce714567 4943 if (ctx)
wolfSSL 7:481bce714567 4944 return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 7:481bce714567 4945 else
wolfSSL 7:481bce714567 4946 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4947 }
wolfSSL 7:481bce714567 4948
wolfSSL 7:481bce714567 4949
wolfSSL 7:481bce714567 4950 int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 4951 {
wolfSSL 7:481bce714567 4952 WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
wolfSSL 7:481bce714567 4953 if (ctx)
wolfSSL 7:481bce714567 4954 return wolfSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 7:481bce714567 4955 else
wolfSSL 7:481bce714567 4956 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4957 }
wolfSSL 7:481bce714567 4958
wolfSSL 7:481bce714567 4959
wolfSSL 7:481bce714567 4960 int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
wolfSSL 7:481bce714567 4961 {
wolfSSL 7:481bce714567 4962 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 7:481bce714567 4963 if (ctx)
wolfSSL 7:481bce714567 4964 return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 7:481bce714567 4965 else
wolfSSL 7:481bce714567 4966 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4967 }
wolfSSL 7:481bce714567 4968
wolfSSL 7:481bce714567 4969
wolfSSL 7:481bce714567 4970 int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
wolfSSL 7:481bce714567 4971 CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 7:481bce714567 4972 {
wolfSSL 7:481bce714567 4973 WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
wolfSSL 7:481bce714567 4974 if (ctx)
wolfSSL 7:481bce714567 4975 return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
wolfSSL 7:481bce714567 4976 respFreeCb, ioCbCtx);
wolfSSL 7:481bce714567 4977 else
wolfSSL 7:481bce714567 4978 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4979 }
wolfSSL 7:481bce714567 4980
wolfSSL 7:481bce714567 4981 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 4982 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 4983 int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 4984 {
wolfSSL 7:481bce714567 4985 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling");
wolfSSL 7:481bce714567 4986 if (ctx)
wolfSSL 7:481bce714567 4987 return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
wolfSSL 7:481bce714567 4988 else
wolfSSL 7:481bce714567 4989 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 4990 }
wolfSSL 7:481bce714567 4991 #endif
wolfSSL 7:481bce714567 4992
wolfSSL 7:481bce714567 4993 #endif /* HAVE_OCSP */
wolfSSL 7:481bce714567 4994
wolfSSL 7:481bce714567 4995
wolfSSL 7:481bce714567 4996 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 4997
wolfSSL 7:481bce714567 4998 /* process a file with name fname into ctx of format and type
wolfSSL 7:481bce714567 4999 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 7:481bce714567 5000 int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 7:481bce714567 5001 WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl)
wolfSSL 7:481bce714567 5002 {
wolfSSL 7:481bce714567 5003 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5004 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 5005 #else
wolfSSL 7:481bce714567 5006 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 5007 #endif
wolfSSL 7:481bce714567 5008 byte* myBuffer = staticBuffer;
wolfSSL 7:481bce714567 5009 int dynamic = 0;
wolfSSL 7:481bce714567 5010 int ret;
wolfSSL 7:481bce714567 5011 long sz = 0;
wolfSSL 7:481bce714567 5012 XFILE file;
wolfSSL 7:481bce714567 5013 void* heapHint = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 7:481bce714567 5014
wolfSSL 7:481bce714567 5015 (void)crl;
wolfSSL 7:481bce714567 5016 (void)heapHint;
wolfSSL 7:481bce714567 5017
wolfSSL 7:481bce714567 5018 if (fname == NULL) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5019
wolfSSL 7:481bce714567 5020 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 5021 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5022 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 5023 sz = XFTELL(file);
wolfSSL 7:481bce714567 5024 XREWIND(file);
wolfSSL 7:481bce714567 5025
wolfSSL 7:481bce714567 5026 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 5027 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 7:481bce714567 5028 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5029 if (myBuffer == NULL) {
wolfSSL 7:481bce714567 5030 XFCLOSE(file);
wolfSSL 7:481bce714567 5031 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5032 }
wolfSSL 7:481bce714567 5033 dynamic = 1;
wolfSSL 7:481bce714567 5034 }
wolfSSL 7:481bce714567 5035 else if (sz < 0) {
wolfSSL 7:481bce714567 5036 XFCLOSE(file);
wolfSSL 7:481bce714567 5037 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5038 }
wolfSSL 7:481bce714567 5039
wolfSSL 7:481bce714567 5040 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 7:481bce714567 5041 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5042 else {
wolfSSL 7:481bce714567 5043 if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
wolfSSL 7:481bce714567 5044 && format == SSL_FILETYPE_PEM)
wolfSSL 7:481bce714567 5045 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL 7:481bce714567 5046 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 5047 else if (type == CRL_TYPE)
wolfSSL 7:481bce714567 5048 ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL 7:481bce714567 5049 #endif
wolfSSL 7:481bce714567 5050 else
wolfSSL 7:481bce714567 5051 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 7:481bce714567 5052 userChain);
wolfSSL 7:481bce714567 5053 }
wolfSSL 7:481bce714567 5054
wolfSSL 7:481bce714567 5055 XFCLOSE(file);
wolfSSL 7:481bce714567 5056 if (dynamic)
wolfSSL 7:481bce714567 5057 XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5058
wolfSSL 7:481bce714567 5059 return ret;
wolfSSL 7:481bce714567 5060 }
wolfSSL 7:481bce714567 5061
wolfSSL 7:481bce714567 5062
wolfSSL 7:481bce714567 5063 /* loads file then loads each file in path, no c_rehash */
wolfSSL 7:481bce714567 5064 int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 7:481bce714567 5065 const char* path)
wolfSSL 7:481bce714567 5066 {
wolfSSL 7:481bce714567 5067 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 5068
wolfSSL 7:481bce714567 5069 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
wolfSSL 7:481bce714567 5070
wolfSSL 7:481bce714567 5071 if (ctx == NULL || (file == NULL && path == NULL) )
wolfSSL 7:481bce714567 5072 return SSL_FAILURE;
wolfSSL 7:481bce714567 5073
wolfSSL 7:481bce714567 5074 if (file)
wolfSSL 7:481bce714567 5075 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL 7:481bce714567 5076
wolfSSL 7:481bce714567 5077 if (ret == SSL_SUCCESS && path) {
wolfSSL 7:481bce714567 5078 char* name = NULL;
wolfSSL 7:481bce714567 5079 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5080 ReadDirCtx* readCtx = NULL;
wolfSSL 7:481bce714567 5081 readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
wolfSSL 7:481bce714567 5082 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5083 if (name == NULL)
wolfSSL 7:481bce714567 5084 return MEMORY_E;
wolfSSL 7:481bce714567 5085 #else
wolfSSL 7:481bce714567 5086 ReadDirCtx readCtx[1];
wolfSSL 7:481bce714567 5087 #endif
wolfSSL 7:481bce714567 5088
wolfSSL 7:481bce714567 5089 /* try to load each regular file in path */
wolfSSL 7:481bce714567 5090 ret = wc_ReadDirFirst(readCtx, path, &name);
wolfSSL 7:481bce714567 5091 while (ret == 0 && name) {
wolfSSL 7:481bce714567 5092 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
wolfSSL 7:481bce714567 5093 NULL, 0, NULL);
wolfSSL 7:481bce714567 5094 if (ret != SSL_SUCCESS)
wolfSSL 7:481bce714567 5095 break;
wolfSSL 7:481bce714567 5096 ret = wc_ReadDirNext(readCtx, path, &name);
wolfSSL 7:481bce714567 5097 }
wolfSSL 7:481bce714567 5098 wc_ReadDirClose(readCtx);
wolfSSL 7:481bce714567 5099
wolfSSL 7:481bce714567 5100 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5101 XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5102 #endif
wolfSSL 7:481bce714567 5103 }
wolfSSL 7:481bce714567 5104
wolfSSL 7:481bce714567 5105 return ret;
wolfSSL 7:481bce714567 5106 }
wolfSSL 7:481bce714567 5107
wolfSSL 7:481bce714567 5108
wolfSSL 7:481bce714567 5109 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 5110 /* Used to specify a peer cert to match when connecting
wolfSSL 7:481bce714567 5111 ctx : the ctx structure to load in peer cert
wolfSSL 7:481bce714567 5112 file: the string name of cert file
wolfSSL 7:481bce714567 5113 type: type of format such as PEM/DER
wolfSSL 7:481bce714567 5114 */
wolfSSL 7:481bce714567 5115 int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type)
wolfSSL 7:481bce714567 5116 {
wolfSSL 7:481bce714567 5117 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
wolfSSL 7:481bce714567 5118
wolfSSL 7:481bce714567 5119 if (ctx == NULL || file == NULL) {
wolfSSL 7:481bce714567 5120 return SSL_FAILURE;
wolfSSL 7:481bce714567 5121 }
wolfSSL 7:481bce714567 5122
wolfSSL 7:481bce714567 5123 return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL);
wolfSSL 7:481bce714567 5124 }
wolfSSL 7:481bce714567 5125 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 5126
wolfSSL 7:481bce714567 5127
wolfSSL 7:481bce714567 5128 /* Verify the certificate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 7:481bce714567 5129 int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 7:481bce714567 5130 int format)
wolfSSL 7:481bce714567 5131 {
wolfSSL 7:481bce714567 5132 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 5133 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5134 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 5135 #else
wolfSSL 7:481bce714567 5136 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 5137 #endif
wolfSSL 7:481bce714567 5138 byte* myBuffer = staticBuffer;
wolfSSL 7:481bce714567 5139 int dynamic = 0;
wolfSSL 7:481bce714567 5140 long sz = 0;
wolfSSL 7:481bce714567 5141 XFILE file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 5142
wolfSSL 7:481bce714567 5143 WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
wolfSSL 7:481bce714567 5144
wolfSSL 7:481bce714567 5145 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5146 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 5147 sz = XFTELL(file);
wolfSSL 7:481bce714567 5148 XREWIND(file);
wolfSSL 7:481bce714567 5149
wolfSSL 7:481bce714567 5150 if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
wolfSSL 7:481bce714567 5151 WOLFSSL_MSG("CertManagerVerify file bad size");
wolfSSL 7:481bce714567 5152 XFCLOSE(file);
wolfSSL 7:481bce714567 5153 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5154 }
wolfSSL 7:481bce714567 5155
wolfSSL 7:481bce714567 5156 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 5157 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 7:481bce714567 5158 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5159 if (myBuffer == NULL) {
wolfSSL 7:481bce714567 5160 XFCLOSE(file);
wolfSSL 7:481bce714567 5161 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5162 }
wolfSSL 7:481bce714567 5163 dynamic = 1;
wolfSSL 7:481bce714567 5164 }
wolfSSL 7:481bce714567 5165
wolfSSL 7:481bce714567 5166 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 7:481bce714567 5167 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5168 else
wolfSSL 7:481bce714567 5169 ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 7:481bce714567 5170
wolfSSL 7:481bce714567 5171 XFCLOSE(file);
wolfSSL 7:481bce714567 5172 if (dynamic)
wolfSSL 7:481bce714567 5173 XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5174
wolfSSL 7:481bce714567 5175 return ret;
wolfSSL 7:481bce714567 5176 }
wolfSSL 7:481bce714567 5177
wolfSSL 7:481bce714567 5178
wolfSSL 7:481bce714567 5179 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 7:481bce714567 5180 int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
wolfSSL 7:481bce714567 5181 const char* path)
wolfSSL 7:481bce714567 5182 {
wolfSSL 7:481bce714567 5183 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 5184 WOLFSSL_CTX* tmp;
wolfSSL 7:481bce714567 5185
wolfSSL 7:481bce714567 5186 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
wolfSSL 7:481bce714567 5187
wolfSSL 7:481bce714567 5188 if (cm == NULL) {
wolfSSL 7:481bce714567 5189 WOLFSSL_MSG("No CertManager error");
wolfSSL 7:481bce714567 5190 return ret;
wolfSSL 7:481bce714567 5191 }
wolfSSL 7:481bce714567 5192 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 7:481bce714567 5193
wolfSSL 7:481bce714567 5194 if (tmp == NULL) {
wolfSSL 7:481bce714567 5195 WOLFSSL_MSG("CTX new failed");
wolfSSL 7:481bce714567 5196 return ret;
wolfSSL 7:481bce714567 5197 }
wolfSSL 7:481bce714567 5198
wolfSSL 7:481bce714567 5199 /* for tmp use */
wolfSSL 7:481bce714567 5200 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 7:481bce714567 5201 tmp->cm = cm;
wolfSSL 7:481bce714567 5202
wolfSSL 7:481bce714567 5203 ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 7:481bce714567 5204
wolfSSL 7:481bce714567 5205 /* don't loose our good one */
wolfSSL 7:481bce714567 5206 tmp->cm = NULL;
wolfSSL 7:481bce714567 5207 wolfSSL_CTX_free(tmp);
wolfSSL 7:481bce714567 5208
wolfSSL 7:481bce714567 5209 return ret;
wolfSSL 7:481bce714567 5210 }
wolfSSL 7:481bce714567 5211
wolfSSL 7:481bce714567 5212
wolfSSL 7:481bce714567 5213
wolfSSL 7:481bce714567 5214
wolfSSL 7:481bce714567 5215 int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 5216 {
wolfSSL 7:481bce714567 5217 /* TODO: check private against public for RSA match */
wolfSSL 7:481bce714567 5218 (void)ctx;
wolfSSL 7:481bce714567 5219 WOLFSSL_ENTER("SSL_CTX_check_private_key");
wolfSSL 7:481bce714567 5220 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5221 }
wolfSSL 7:481bce714567 5222
wolfSSL 7:481bce714567 5223
wolfSSL 7:481bce714567 5224 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 5225
wolfSSL 7:481bce714567 5226
wolfSSL 7:481bce714567 5227 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 7:481bce714567 5228 int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 7:481bce714567 5229 {
wolfSSL 7:481bce714567 5230 int ret = 0;
wolfSSL 7:481bce714567 5231 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5232 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 5233 #else
wolfSSL 7:481bce714567 5234 DecodedCert cert[1];
wolfSSL 7:481bce714567 5235 #endif
wolfSSL 7:481bce714567 5236
wolfSSL 7:481bce714567 5237 WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
wolfSSL 7:481bce714567 5238
wolfSSL 7:481bce714567 5239 if (cm == NULL)
wolfSSL 7:481bce714567 5240 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5241
wolfSSL 7:481bce714567 5242 if (cm->crlEnabled == 0)
wolfSSL 7:481bce714567 5243 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5244
wolfSSL 7:481bce714567 5245 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5246 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 5247 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5248 if (cert == NULL)
wolfSSL 7:481bce714567 5249 return MEMORY_E;
wolfSSL 7:481bce714567 5250 #endif
wolfSSL 7:481bce714567 5251
wolfSSL 7:481bce714567 5252 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 7:481bce714567 5253
wolfSSL 7:481bce714567 5254 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
wolfSSL 7:481bce714567 5255 WOLFSSL_MSG("ParseCert failed");
wolfSSL 7:481bce714567 5256 }
wolfSSL 7:481bce714567 5257 else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
wolfSSL 7:481bce714567 5258 WOLFSSL_MSG("CheckCertCRL failed");
wolfSSL 7:481bce714567 5259 }
wolfSSL 7:481bce714567 5260
wolfSSL 7:481bce714567 5261 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 5262 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5263 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5264 #endif
wolfSSL 7:481bce714567 5265
wolfSSL 7:481bce714567 5266 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 7:481bce714567 5267 }
wolfSSL 7:481bce714567 5268
wolfSSL 7:481bce714567 5269
wolfSSL 7:481bce714567 5270 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 7:481bce714567 5271 {
wolfSSL 7:481bce714567 5272 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
wolfSSL 7:481bce714567 5273 if (cm == NULL)
wolfSSL 7:481bce714567 5274 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5275
wolfSSL 7:481bce714567 5276 cm->cbMissingCRL = cb;
wolfSSL 7:481bce714567 5277
wolfSSL 7:481bce714567 5278 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5279 }
wolfSSL 7:481bce714567 5280
wolfSSL 7:481bce714567 5281
wolfSSL 7:481bce714567 5282 int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
wolfSSL 7:481bce714567 5283 int type, int monitor)
wolfSSL 7:481bce714567 5284 {
wolfSSL 7:481bce714567 5285 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
wolfSSL 7:481bce714567 5286 if (cm == NULL)
wolfSSL 7:481bce714567 5287 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5288
wolfSSL 7:481bce714567 5289 if (cm->crl == NULL) {
wolfSSL 7:481bce714567 5290 if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 5291 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 7:481bce714567 5292 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 5293 }
wolfSSL 7:481bce714567 5294 }
wolfSSL 7:481bce714567 5295
wolfSSL 7:481bce714567 5296 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 7:481bce714567 5297 }
wolfSSL 7:481bce714567 5298
wolfSSL 7:481bce714567 5299
wolfSSL 7:481bce714567 5300 int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
wolfSSL 7:481bce714567 5301 {
wolfSSL 7:481bce714567 5302 WOLFSSL_ENTER("wolfSSL_EnableCRL");
wolfSSL 7:481bce714567 5303 if (ssl)
wolfSSL 7:481bce714567 5304 return wolfSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 7:481bce714567 5305 else
wolfSSL 7:481bce714567 5306 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5307 }
wolfSSL 7:481bce714567 5308
wolfSSL 7:481bce714567 5309
wolfSSL 7:481bce714567 5310 int wolfSSL_DisableCRL(WOLFSSL* ssl)
wolfSSL 7:481bce714567 5311 {
wolfSSL 7:481bce714567 5312 WOLFSSL_ENTER("wolfSSL_DisableCRL");
wolfSSL 7:481bce714567 5313 if (ssl)
wolfSSL 7:481bce714567 5314 return wolfSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 7:481bce714567 5315 else
wolfSSL 7:481bce714567 5316 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5317 }
wolfSSL 7:481bce714567 5318
wolfSSL 7:481bce714567 5319
wolfSSL 7:481bce714567 5320 int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
wolfSSL 7:481bce714567 5321 {
wolfSSL 7:481bce714567 5322 WOLFSSL_ENTER("wolfSSL_LoadCRL");
wolfSSL 7:481bce714567 5323 if (ssl)
wolfSSL 7:481bce714567 5324 return wolfSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 7:481bce714567 5325 else
wolfSSL 7:481bce714567 5326 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5327 }
wolfSSL 7:481bce714567 5328
wolfSSL 7:481bce714567 5329
wolfSSL 7:481bce714567 5330 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
wolfSSL 7:481bce714567 5331 {
wolfSSL 7:481bce714567 5332 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 7:481bce714567 5333 if (ssl)
wolfSSL 7:481bce714567 5334 return wolfSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 7:481bce714567 5335 else
wolfSSL 7:481bce714567 5336 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5337 }
wolfSSL 7:481bce714567 5338
wolfSSL 7:481bce714567 5339
wolfSSL 7:481bce714567 5340 int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
wolfSSL 7:481bce714567 5341 {
wolfSSL 7:481bce714567 5342 WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
wolfSSL 7:481bce714567 5343 if (ctx)
wolfSSL 7:481bce714567 5344 return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 7:481bce714567 5345 else
wolfSSL 7:481bce714567 5346 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5347 }
wolfSSL 7:481bce714567 5348
wolfSSL 7:481bce714567 5349
wolfSSL 7:481bce714567 5350 int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 5351 {
wolfSSL 7:481bce714567 5352 WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
wolfSSL 7:481bce714567 5353 if (ctx)
wolfSSL 7:481bce714567 5354 return wolfSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 7:481bce714567 5355 else
wolfSSL 7:481bce714567 5356 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5357 }
wolfSSL 7:481bce714567 5358
wolfSSL 7:481bce714567 5359
wolfSSL 7:481bce714567 5360 int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
wolfSSL 7:481bce714567 5361 int type, int monitor)
wolfSSL 7:481bce714567 5362 {
wolfSSL 7:481bce714567 5363 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
wolfSSL 7:481bce714567 5364 if (ctx)
wolfSSL 7:481bce714567 5365 return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 7:481bce714567 5366 else
wolfSSL 7:481bce714567 5367 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5368 }
wolfSSL 7:481bce714567 5369
wolfSSL 7:481bce714567 5370
wolfSSL 7:481bce714567 5371 int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 7:481bce714567 5372 {
wolfSSL 7:481bce714567 5373 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
wolfSSL 7:481bce714567 5374 if (ctx)
wolfSSL 7:481bce714567 5375 return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 7:481bce714567 5376 else
wolfSSL 7:481bce714567 5377 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5378 }
wolfSSL 7:481bce714567 5379
wolfSSL 7:481bce714567 5380
wolfSSL 7:481bce714567 5381 #endif /* HAVE_CRL */
wolfSSL 7:481bce714567 5382
wolfSSL 7:481bce714567 5383
wolfSSL 7:481bce714567 5384 #ifdef WOLFSSL_DER_LOAD
wolfSSL 7:481bce714567 5385
wolfSSL 7:481bce714567 5386 /* Add format parameter to allow DER load of CA files */
wolfSSL 7:481bce714567 5387 int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 7:481bce714567 5388 int format)
wolfSSL 7:481bce714567 5389 {
wolfSSL 7:481bce714567 5390 WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
wolfSSL 7:481bce714567 5391 if (ctx == NULL || file == NULL)
wolfSSL 7:481bce714567 5392 return SSL_FAILURE;
wolfSSL 7:481bce714567 5393
wolfSSL 7:481bce714567 5394 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 7:481bce714567 5395 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5396
wolfSSL 7:481bce714567 5397 return SSL_FAILURE;
wolfSSL 7:481bce714567 5398 }
wolfSSL 7:481bce714567 5399
wolfSSL 7:481bce714567 5400 #endif /* WOLFSSL_DER_LOAD */
wolfSSL 7:481bce714567 5401
wolfSSL 7:481bce714567 5402
wolfSSL 7:481bce714567 5403 #ifdef WOLFSSL_CERT_GEN
wolfSSL 7:481bce714567 5404
wolfSSL 7:481bce714567 5405 /* load pem cert from file into der buffer, return der size or error */
wolfSSL 7:481bce714567 5406 int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL 7:481bce714567 5407 {
wolfSSL 7:481bce714567 5408 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5409 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 5410 byte staticBuffer[1]; /* force XMALLOC */
wolfSSL 7:481bce714567 5411 #else
wolfSSL 7:481bce714567 5412 EncryptedInfo info[1];
wolfSSL 7:481bce714567 5413 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 5414 #endif
wolfSSL 7:481bce714567 5415 byte* fileBuf = staticBuffer;
wolfSSL 7:481bce714567 5416 int dynamic = 0;
wolfSSL 7:481bce714567 5417 int ret = 0;
wolfSSL 7:481bce714567 5418 int ecc = 0;
wolfSSL 7:481bce714567 5419 long sz = 0;
wolfSSL 7:481bce714567 5420 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 7:481bce714567 5421 DerBuffer* converted = NULL;
wolfSSL 7:481bce714567 5422
wolfSSL 7:481bce714567 5423 WOLFSSL_ENTER("wolfSSL_PemCertToDer");
wolfSSL 7:481bce714567 5424
wolfSSL 7:481bce714567 5425 if (file == XBADFILE) {
wolfSSL 7:481bce714567 5426 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5427 }
wolfSSL 7:481bce714567 5428 else {
wolfSSL 7:481bce714567 5429 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 5430 sz = XFTELL(file);
wolfSSL 7:481bce714567 5431 XREWIND(file);
wolfSSL 7:481bce714567 5432
wolfSSL 7:481bce714567 5433 if (sz < 0) {
wolfSSL 7:481bce714567 5434 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5435 }
wolfSSL 7:481bce714567 5436 else if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 5437 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 5438 WOLFSSL_MSG("File was larger then static buffer");
wolfSSL 7:481bce714567 5439 return MEMORY_E;
wolfSSL 7:481bce714567 5440 #endif
wolfSSL 7:481bce714567 5441 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5442 if (fileBuf == NULL)
wolfSSL 7:481bce714567 5443 ret = MEMORY_E;
wolfSSL 7:481bce714567 5444 else
wolfSSL 7:481bce714567 5445 dynamic = 1;
wolfSSL 7:481bce714567 5446 }
wolfSSL 7:481bce714567 5447
wolfSSL 7:481bce714567 5448 if (ret == 0) {
wolfSSL 7:481bce714567 5449 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) {
wolfSSL 7:481bce714567 5450 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5451 }
wolfSSL 7:481bce714567 5452 else {
wolfSSL 7:481bce714567 5453 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5454 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 5455 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5456 if (info == NULL)
wolfSSL 7:481bce714567 5457 ret = MEMORY_E;
wolfSSL 7:481bce714567 5458 else
wolfSSL 7:481bce714567 5459 #endif
wolfSSL 7:481bce714567 5460 {
wolfSSL 7:481bce714567 5461 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,
wolfSSL 7:481bce714567 5462 0, info, &ecc);
wolfSSL 7:481bce714567 5463 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5464 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5465 #endif
wolfSSL 7:481bce714567 5466 }
wolfSSL 7:481bce714567 5467 }
wolfSSL 7:481bce714567 5468
wolfSSL 7:481bce714567 5469 if (ret == 0) {
wolfSSL 7:481bce714567 5470 if (converted->length < (word32)derSz) {
wolfSSL 7:481bce714567 5471 XMEMCPY(derBuf, converted->buffer, converted->length);
wolfSSL 7:481bce714567 5472 ret = converted->length;
wolfSSL 7:481bce714567 5473 }
wolfSSL 7:481bce714567 5474 else
wolfSSL 7:481bce714567 5475 ret = BUFFER_E;
wolfSSL 7:481bce714567 5476 }
wolfSSL 7:481bce714567 5477
wolfSSL 7:481bce714567 5478 FreeDer(&converted);
wolfSSL 7:481bce714567 5479 }
wolfSSL 7:481bce714567 5480
wolfSSL 7:481bce714567 5481 XFCLOSE(file);
wolfSSL 7:481bce714567 5482 if (dynamic)
wolfSSL 7:481bce714567 5483 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5484 }
wolfSSL 7:481bce714567 5485
wolfSSL 7:481bce714567 5486 return ret;
wolfSSL 7:481bce714567 5487 }
wolfSSL 7:481bce714567 5488
wolfSSL 7:481bce714567 5489 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 7:481bce714567 5490
wolfSSL 7:481bce714567 5491 #ifdef WOLFSSL_CERT_EXT
wolfSSL 7:481bce714567 5492 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 5493 /* load pem public key from file into der buffer, return der size or error */
wolfSSL 7:481bce714567 5494 int wolfSSL_PemPubKeyToDer(const char* fileName,
wolfSSL 7:481bce714567 5495 unsigned char* derBuf, int derSz)
wolfSSL 7:481bce714567 5496 {
wolfSSL 7:481bce714567 5497 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5498 byte staticBuffer[1]; /* force XMALLOC */
wolfSSL 7:481bce714567 5499 #else
wolfSSL 7:481bce714567 5500 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 5501 #endif
wolfSSL 7:481bce714567 5502 byte* fileBuf = staticBuffer;
wolfSSL 7:481bce714567 5503 int dynamic = 0;
wolfSSL 7:481bce714567 5504 int ret = 0;
wolfSSL 7:481bce714567 5505 long sz = 0;
wolfSSL 7:481bce714567 5506 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 7:481bce714567 5507 DerBuffer* converted = NULL;
wolfSSL 7:481bce714567 5508
wolfSSL 7:481bce714567 5509 WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer");
wolfSSL 7:481bce714567 5510
wolfSSL 7:481bce714567 5511 if (file == XBADFILE) {
wolfSSL 7:481bce714567 5512 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5513 }
wolfSSL 7:481bce714567 5514 else {
wolfSSL 7:481bce714567 5515 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 5516 sz = XFTELL(file);
wolfSSL 7:481bce714567 5517 XREWIND(file);
wolfSSL 7:481bce714567 5518
wolfSSL 7:481bce714567 5519 if (sz < 0) {
wolfSSL 7:481bce714567 5520 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5521 }
wolfSSL 7:481bce714567 5522 else if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 5523 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 5524 WOLFSSL_MSG("File was larger then static buffer");
wolfSSL 7:481bce714567 5525 return MEMORY_E;
wolfSSL 7:481bce714567 5526 #endif
wolfSSL 7:481bce714567 5527 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5528 if (fileBuf == NULL)
wolfSSL 7:481bce714567 5529 ret = MEMORY_E;
wolfSSL 7:481bce714567 5530 else
wolfSSL 7:481bce714567 5531 dynamic = 1;
wolfSSL 7:481bce714567 5532 }
wolfSSL 7:481bce714567 5533 if (ret == 0) {
wolfSSL 7:481bce714567 5534 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
wolfSSL 7:481bce714567 5535 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5536 else
wolfSSL 7:481bce714567 5537 ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
wolfSSL 7:481bce714567 5538 0, NULL, NULL);
wolfSSL 7:481bce714567 5539
wolfSSL 7:481bce714567 5540 if (ret == 0) {
wolfSSL 7:481bce714567 5541 if (converted->length < (word32)derSz) {
wolfSSL 7:481bce714567 5542 XMEMCPY(derBuf, converted->buffer, converted->length);
wolfSSL 7:481bce714567 5543 ret = converted->length;
wolfSSL 7:481bce714567 5544 }
wolfSSL 7:481bce714567 5545 else
wolfSSL 7:481bce714567 5546 ret = BUFFER_E;
wolfSSL 7:481bce714567 5547 }
wolfSSL 7:481bce714567 5548
wolfSSL 7:481bce714567 5549 FreeDer(&converted);
wolfSSL 7:481bce714567 5550 }
wolfSSL 7:481bce714567 5551
wolfSSL 7:481bce714567 5552 XFCLOSE(file);
wolfSSL 7:481bce714567 5553 if (dynamic)
wolfSSL 7:481bce714567 5554 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5555 }
wolfSSL 7:481bce714567 5556
wolfSSL 7:481bce714567 5557 return ret;
wolfSSL 7:481bce714567 5558 }
wolfSSL 7:481bce714567 5559 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 5560
wolfSSL 7:481bce714567 5561 /* Return bytes written to buff or < 0 for error */
wolfSSL 7:481bce714567 5562 int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 7:481bce714567 5563 unsigned char* buff, int buffSz)
wolfSSL 7:481bce714567 5564 {
wolfSSL 7:481bce714567 5565 int ret;
wolfSSL 7:481bce714567 5566 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 5567
wolfSSL 7:481bce714567 5568 WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
wolfSSL 7:481bce714567 5569
wolfSSL 7:481bce714567 5570 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 7:481bce714567 5571 WOLFSSL_MSG("Bad pem der args");
wolfSSL 7:481bce714567 5572 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5573 }
wolfSSL 7:481bce714567 5574
wolfSSL 7:481bce714567 5575 ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
wolfSSL 7:481bce714567 5576 if (ret < 0) {
wolfSSL 7:481bce714567 5577 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 7:481bce714567 5578 }
wolfSSL 7:481bce714567 5579 else {
wolfSSL 7:481bce714567 5580 if (der->length <= (word32)buffSz) {
wolfSSL 7:481bce714567 5581 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 7:481bce714567 5582 ret = der->length;
wolfSSL 7:481bce714567 5583 }
wolfSSL 7:481bce714567 5584 else {
wolfSSL 7:481bce714567 5585 WOLFSSL_MSG("Bad der length");
wolfSSL 7:481bce714567 5586 ret = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5587 }
wolfSSL 7:481bce714567 5588 }
wolfSSL 7:481bce714567 5589
wolfSSL 7:481bce714567 5590 FreeDer(&der);
wolfSSL 7:481bce714567 5591 return ret;
wolfSSL 7:481bce714567 5592 }
wolfSSL 7:481bce714567 5593
wolfSSL 7:481bce714567 5594 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 7:481bce714567 5595
wolfSSL 7:481bce714567 5596 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 7:481bce714567 5597 int format)
wolfSSL 7:481bce714567 5598 {
wolfSSL 7:481bce714567 5599 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
wolfSSL 7:481bce714567 5600 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 7:481bce714567 5601 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5602
wolfSSL 7:481bce714567 5603 return SSL_FAILURE;
wolfSSL 7:481bce714567 5604 }
wolfSSL 7:481bce714567 5605
wolfSSL 7:481bce714567 5606
wolfSSL 7:481bce714567 5607 int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 7:481bce714567 5608 int format)
wolfSSL 7:481bce714567 5609 {
wolfSSL 7:481bce714567 5610 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
wolfSSL 7:481bce714567 5611 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 7:481bce714567 5612 == SSL_SUCCESS)
wolfSSL 7:481bce714567 5613 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5614
wolfSSL 7:481bce714567 5615 return SSL_FAILURE;
wolfSSL 7:481bce714567 5616 }
wolfSSL 7:481bce714567 5617
wolfSSL 7:481bce714567 5618
wolfSSL 7:481bce714567 5619 /* get cert chaining depth using ssl struct */
wolfSSL 7:481bce714567 5620 long wolfSSL_get_verify_depth(WOLFSSL* ssl)
wolfSSL 7:481bce714567 5621 {
wolfSSL 7:481bce714567 5622 if(ssl == NULL) {
wolfSSL 7:481bce714567 5623 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5624 }
wolfSSL 7:481bce714567 5625 return MAX_CHAIN_DEPTH;
wolfSSL 7:481bce714567 5626 }
wolfSSL 7:481bce714567 5627
wolfSSL 7:481bce714567 5628
wolfSSL 7:481bce714567 5629 /* get cert chaining depth using ctx struct */
wolfSSL 7:481bce714567 5630 long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 5631 {
wolfSSL 7:481bce714567 5632 if(ctx == NULL) {
wolfSSL 7:481bce714567 5633 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5634 }
wolfSSL 7:481bce714567 5635 return MAX_CHAIN_DEPTH;
wolfSSL 7:481bce714567 5636 }
wolfSSL 7:481bce714567 5637
wolfSSL 7:481bce714567 5638
wolfSSL 7:481bce714567 5639 int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 7:481bce714567 5640 {
wolfSSL 7:481bce714567 5641 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 7:481bce714567 5642 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
wolfSSL 7:481bce714567 5643 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL 7:481bce714567 5644 == SSL_SUCCESS)
wolfSSL 7:481bce714567 5645 return SSL_SUCCESS;
wolfSSL 7:481bce714567 5646
wolfSSL 7:481bce714567 5647 return SSL_FAILURE;
wolfSSL 7:481bce714567 5648 }
wolfSSL 7:481bce714567 5649
wolfSSL 7:481bce714567 5650
wolfSSL 7:481bce714567 5651 #ifndef NO_DH
wolfSSL 7:481bce714567 5652
wolfSSL 7:481bce714567 5653 /* server Diffie-Hellman parameters */
wolfSSL 7:481bce714567 5654 static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 7:481bce714567 5655 const char* fname, int format)
wolfSSL 7:481bce714567 5656 {
wolfSSL 7:481bce714567 5657 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5658 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 5659 #else
wolfSSL 7:481bce714567 5660 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 5661 #endif
wolfSSL 7:481bce714567 5662 byte* myBuffer = staticBuffer;
wolfSSL 7:481bce714567 5663 int dynamic = 0;
wolfSSL 7:481bce714567 5664 int ret;
wolfSSL 7:481bce714567 5665 long sz = 0;
wolfSSL 7:481bce714567 5666 XFILE file;
wolfSSL 7:481bce714567 5667
wolfSSL 7:481bce714567 5668 if (ctx == NULL || fname == NULL)
wolfSSL 7:481bce714567 5669 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5670
wolfSSL 7:481bce714567 5671 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 5672 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5673 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 5674 sz = XFTELL(file);
wolfSSL 7:481bce714567 5675 XREWIND(file);
wolfSSL 7:481bce714567 5676
wolfSSL 7:481bce714567 5677 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 5678 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 7:481bce714567 5679 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5680 if (myBuffer == NULL) {
wolfSSL 7:481bce714567 5681 XFCLOSE(file);
wolfSSL 7:481bce714567 5682 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5683 }
wolfSSL 7:481bce714567 5684 dynamic = 1;
wolfSSL 7:481bce714567 5685 }
wolfSSL 7:481bce714567 5686 else if (sz < 0) {
wolfSSL 7:481bce714567 5687 XFCLOSE(file);
wolfSSL 7:481bce714567 5688 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 5689 }
wolfSSL 7:481bce714567 5690
wolfSSL 7:481bce714567 5691 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 7:481bce714567 5692 ret = SSL_BAD_FILE;
wolfSSL 7:481bce714567 5693 else {
wolfSSL 7:481bce714567 5694 if (ssl)
wolfSSL 7:481bce714567 5695 ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 7:481bce714567 5696 else
wolfSSL 7:481bce714567 5697 ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 7:481bce714567 5698 }
wolfSSL 7:481bce714567 5699
wolfSSL 7:481bce714567 5700 XFCLOSE(file);
wolfSSL 7:481bce714567 5701 if (dynamic)
wolfSSL 7:481bce714567 5702 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 5703
wolfSSL 7:481bce714567 5704 return ret;
wolfSSL 7:481bce714567 5705 }
wolfSSL 7:481bce714567 5706
wolfSSL 7:481bce714567 5707 /* server Diffie-Hellman parameters */
wolfSSL 7:481bce714567 5708 int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
wolfSSL 7:481bce714567 5709 {
wolfSSL 7:481bce714567 5710 if (ssl == NULL)
wolfSSL 7:481bce714567 5711 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5712
wolfSSL 7:481bce714567 5713 return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 7:481bce714567 5714 }
wolfSSL 7:481bce714567 5715
wolfSSL 7:481bce714567 5716
wolfSSL 7:481bce714567 5717 /* server Diffie-Hellman parameters */
wolfSSL 7:481bce714567 5718 int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
wolfSSL 7:481bce714567 5719 {
wolfSSL 7:481bce714567 5720 return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 7:481bce714567 5721 }
wolfSSL 7:481bce714567 5722
wolfSSL 7:481bce714567 5723 #endif /* NO_DH */
wolfSSL 7:481bce714567 5724
wolfSSL 7:481bce714567 5725
wolfSSL 7:481bce714567 5726 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 5727 /* put SSL type in extra for now, not very common */
wolfSSL 7:481bce714567 5728
wolfSSL 7:481bce714567 5729 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
wolfSSL 7:481bce714567 5730 const unsigned char **in, long inSz)
wolfSSL 7:481bce714567 5731 {
wolfSSL 7:481bce714567 5732 WOLFSSL_EVP_PKEY* local;
wolfSSL 7:481bce714567 5733
wolfSSL 7:481bce714567 5734 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey");
wolfSSL 7:481bce714567 5735
wolfSSL 7:481bce714567 5736 if (in == NULL || inSz < 0) {
wolfSSL 7:481bce714567 5737 WOLFSSL_MSG("Bad argument");
wolfSSL 7:481bce714567 5738 return NULL;
wolfSSL 7:481bce714567 5739 }
wolfSSL 7:481bce714567 5740
wolfSSL 7:481bce714567 5741 local = wolfSSL_PKEY_new();
wolfSSL 7:481bce714567 5742 if (local == NULL) {
wolfSSL 7:481bce714567 5743 return NULL;
wolfSSL 7:481bce714567 5744 }
wolfSSL 7:481bce714567 5745
wolfSSL 7:481bce714567 5746 local->type = type;
wolfSSL 7:481bce714567 5747 local->pkey_sz = (int)inSz;
wolfSSL 7:481bce714567 5748 local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 5749 if (local->pkey.ptr == NULL) {
wolfSSL 7:481bce714567 5750 wolfSSL_EVP_PKEY_free(local);
wolfSSL 7:481bce714567 5751 local = NULL;
wolfSSL 7:481bce714567 5752 }
wolfSSL 7:481bce714567 5753 else {
wolfSSL 7:481bce714567 5754 XMEMCPY(local->pkey.ptr, *in, inSz);
wolfSSL 7:481bce714567 5755 }
wolfSSL 7:481bce714567 5756
wolfSSL 7:481bce714567 5757 if (out != NULL) {
wolfSSL 7:481bce714567 5758 *out = local;
wolfSSL 7:481bce714567 5759 }
wolfSSL 7:481bce714567 5760
wolfSSL 7:481bce714567 5761 return local;
wolfSSL 7:481bce714567 5762 }
wolfSSL 7:481bce714567 5763
wolfSSL 7:481bce714567 5764
wolfSSL 7:481bce714567 5765 long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
wolfSSL 7:481bce714567 5766 {
wolfSSL 7:481bce714567 5767 WOLFSSL_STUB("wolfSSL_ctrl");
wolfSSL 7:481bce714567 5768 (void)ssl;
wolfSSL 7:481bce714567 5769 (void)cmd;
wolfSSL 7:481bce714567 5770 (void)opt;
wolfSSL 7:481bce714567 5771 (void)pt;
wolfSSL 7:481bce714567 5772 return SSL_FAILURE;
wolfSSL 7:481bce714567 5773 }
wolfSSL 7:481bce714567 5774
wolfSSL 7:481bce714567 5775
wolfSSL 7:481bce714567 5776 long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
wolfSSL 7:481bce714567 5777 {
wolfSSL 7:481bce714567 5778 WOLFSSL_STUB("wolfSSL_CTX_ctrl");
wolfSSL 7:481bce714567 5779 (void)ctx;
wolfSSL 7:481bce714567 5780 (void)cmd;
wolfSSL 7:481bce714567 5781 (void)opt;
wolfSSL 7:481bce714567 5782 (void)pt;
wolfSSL 7:481bce714567 5783 return SSL_FAILURE;
wolfSSL 7:481bce714567 5784 }
wolfSSL 7:481bce714567 5785
wolfSSL 7:481bce714567 5786 #ifndef NO_CERTS
wolfSSL 7:481bce714567 5787 int wolfSSL_check_private_key(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 5788 {
wolfSSL 7:481bce714567 5789 DecodedCert der;
wolfSSL 7:481bce714567 5790 word32 size;
wolfSSL 7:481bce714567 5791 byte* buff;
wolfSSL 7:481bce714567 5792 int ret;
wolfSSL 7:481bce714567 5793
wolfSSL 7:481bce714567 5794 if (ssl == NULL) {
wolfSSL 7:481bce714567 5795 return SSL_FAILURE;
wolfSSL 7:481bce714567 5796 }
wolfSSL 7:481bce714567 5797
wolfSSL 7:481bce714567 5798 size = ssl->buffers.certificate->length;
wolfSSL 7:481bce714567 5799 buff = ssl->buffers.certificate->buffer;
wolfSSL 7:481bce714567 5800 InitDecodedCert(&der, buff, size, ssl->heap);
wolfSSL 7:481bce714567 5801 if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 7:481bce714567 5802 FreeDecodedCert(&der);
wolfSSL 7:481bce714567 5803 return SSL_FAILURE;
wolfSSL 7:481bce714567 5804 }
wolfSSL 7:481bce714567 5805
wolfSSL 7:481bce714567 5806 size = ssl->buffers.key->length;
wolfSSL 7:481bce714567 5807 buff = ssl->buffers.key->buffer;
wolfSSL 7:481bce714567 5808 ret = wc_CheckPrivateKey(buff, size, &der);
wolfSSL 7:481bce714567 5809 FreeDecodedCert(&der);
wolfSSL 7:481bce714567 5810 return ret;
wolfSSL 7:481bce714567 5811 }
wolfSSL 7:481bce714567 5812
wolfSSL 7:481bce714567 5813
wolfSSL 7:481bce714567 5814 /* Looks for the extension matching the passed in nid
wolfSSL 7:481bce714567 5815 *
wolfSSL 7:481bce714567 5816 * c : if not null then is set to status value -2 if multiple occurances
wolfSSL 7:481bce714567 5817 * of the extension are found, -1 if not found, 0 if found and not
wolfSSL 7:481bce714567 5818 * critical, and 1 if found and critical.
wolfSSL 7:481bce714567 5819 * nid : Extension OID to be found.
wolfSSL 7:481bce714567 5820 * idx : if NULL return first extension found match, otherwise start search at
wolfSSL 7:481bce714567 5821 * idx location and set idx to the location of extension returned.
wolfSSL 7:481bce714567 5822 * returns NULL or a pointer to an WOLFSSL_STACK holding extension structure
wolfSSL 7:481bce714567 5823 *
wolfSSL 7:481bce714567 5824 * NOTE code for decoding extensions is in asn.c DecodeCertExtensions --
wolfSSL 7:481bce714567 5825 * use already decoded extension in this function to avoid decoding twice.
wolfSSL 7:481bce714567 5826 * Currently we do not make use of idx since getting pre decoded extensions.
wolfSSL 7:481bce714567 5827 */
wolfSSL 7:481bce714567 5828 void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
wolfSSL 7:481bce714567 5829 int nid, int* c, int* idx)
wolfSSL 7:481bce714567 5830 {
wolfSSL 7:481bce714567 5831 WOLFSSL_STACK* sk = NULL;
wolfSSL 7:481bce714567 5832 WOLFSSL_ASN1_OBJECT* obj = NULL;
wolfSSL 7:481bce714567 5833
wolfSSL 7:481bce714567 5834 WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i");
wolfSSL 7:481bce714567 5835
wolfSSL 7:481bce714567 5836 if (x509 == NULL) {
wolfSSL 7:481bce714567 5837 return NULL;
wolfSSL 7:481bce714567 5838 }
wolfSSL 7:481bce714567 5839
wolfSSL 7:481bce714567 5840 if (c != NULL) {
wolfSSL 7:481bce714567 5841 *c = -1; /* default to not found */
wolfSSL 7:481bce714567 5842 }
wolfSSL 7:481bce714567 5843
wolfSSL 7:481bce714567 5844 sk = (STACK_OF(WOLFSSL_ASN1_OBJECT)*)XMALLOC(
wolfSSL 7:481bce714567 5845 sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT)), NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 5846 if (sk == NULL) {
wolfSSL 7:481bce714567 5847 return NULL;
wolfSSL 7:481bce714567 5848 }
wolfSSL 7:481bce714567 5849 XMEMSET(sk, 0, sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT)));
wolfSSL 7:481bce714567 5850
wolfSSL 7:481bce714567 5851 switch (nid) {
wolfSSL 7:481bce714567 5852 case BASIC_CA_OID:
wolfSSL 7:481bce714567 5853 if (x509->basicConstSet) {
wolfSSL 7:481bce714567 5854 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5855 if (c != NULL) {
wolfSSL 7:481bce714567 5856 *c = x509->basicConstCrit;
wolfSSL 7:481bce714567 5857 }
wolfSSL 7:481bce714567 5858 obj->type = BASIC_CA_OID;
wolfSSL 7:481bce714567 5859 }
wolfSSL 7:481bce714567 5860 else {
wolfSSL 7:481bce714567 5861 WOLFSSL_MSG("No Basic Constraint set");
wolfSSL 7:481bce714567 5862 }
wolfSSL 7:481bce714567 5863 break;
wolfSSL 7:481bce714567 5864
wolfSSL 7:481bce714567 5865 case ALT_NAMES_OID:
wolfSSL 7:481bce714567 5866 {
wolfSSL 7:481bce714567 5867 DNS_entry* dns;
wolfSSL 7:481bce714567 5868
wolfSSL 7:481bce714567 5869 if (x509->subjAltNameSet && x509->altNames != NULL) {
wolfSSL 7:481bce714567 5870 /* alt names are DNS_entry structs */
wolfSSL 7:481bce714567 5871 if (c != NULL) {
wolfSSL 7:481bce714567 5872 if (x509->altNames->next != NULL) {
wolfSSL 7:481bce714567 5873 *c = -2; /* more then one found */
wolfSSL 7:481bce714567 5874 }
wolfSSL 7:481bce714567 5875 else {
wolfSSL 7:481bce714567 5876 *c = x509->subjAltNameCrit;
wolfSSL 7:481bce714567 5877 }
wolfSSL 7:481bce714567 5878 }
wolfSSL 7:481bce714567 5879
wolfSSL 7:481bce714567 5880 dns = x509->altNames;
wolfSSL 7:481bce714567 5881 while (dns != NULL) {
wolfSSL 7:481bce714567 5882 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5883 obj->type = ALT_NAMES_OID;
wolfSSL 7:481bce714567 5884 obj->obj = (byte*)dns->name;
wolfSSL 7:481bce714567 5885 dns = dns->next;
wolfSSL 7:481bce714567 5886 /* last dns in list add at end of function */
wolfSSL 7:481bce714567 5887 if (dns != NULL) {
wolfSSL 7:481bce714567 5888 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) !=
wolfSSL 7:481bce714567 5889 SSL_SUCCESS) {
wolfSSL 7:481bce714567 5890 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 7:481bce714567 5891 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 7:481bce714567 5892 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 7:481bce714567 5893 sk = NULL;
wolfSSL 7:481bce714567 5894 }
wolfSSL 7:481bce714567 5895 }
wolfSSL 7:481bce714567 5896 }
wolfSSL 7:481bce714567 5897 }
wolfSSL 7:481bce714567 5898 else {
wolfSSL 7:481bce714567 5899 WOLFSSL_MSG("No Alt Names set");
wolfSSL 7:481bce714567 5900 }
wolfSSL 7:481bce714567 5901 }
wolfSSL 7:481bce714567 5902 break;
wolfSSL 7:481bce714567 5903
wolfSSL 7:481bce714567 5904 case CRL_DIST_OID:
wolfSSL 7:481bce714567 5905 if (x509->CRLdistSet && x509->CRLInfo != NULL) {
wolfSSL 7:481bce714567 5906 if (c != NULL) {
wolfSSL 7:481bce714567 5907 *c = x509->CRLdistCrit;
wolfSSL 7:481bce714567 5908 }
wolfSSL 7:481bce714567 5909 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5910 obj->type = CRL_DIST_OID;
wolfSSL 7:481bce714567 5911 obj->obj = x509->CRLInfo;
wolfSSL 7:481bce714567 5912 obj->objSz = x509->CRLInfoSz;
wolfSSL 7:481bce714567 5913 }
wolfSSL 7:481bce714567 5914 else {
wolfSSL 7:481bce714567 5915 WOLFSSL_MSG("No CRL dist set");
wolfSSL 7:481bce714567 5916 }
wolfSSL 7:481bce714567 5917 break;
wolfSSL 7:481bce714567 5918
wolfSSL 7:481bce714567 5919 case AUTH_INFO_OID:
wolfSSL 7:481bce714567 5920 if (x509->authInfoSet && x509->authInfo != NULL) {
wolfSSL 7:481bce714567 5921 if (c != NULL) {
wolfSSL 7:481bce714567 5922 *c = x509->authInfoCrit;
wolfSSL 7:481bce714567 5923 }
wolfSSL 7:481bce714567 5924 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5925 obj->type = AUTH_INFO_OID;
wolfSSL 7:481bce714567 5926 obj->obj = x509->authInfo;
wolfSSL 7:481bce714567 5927 obj->objSz = x509->authInfoSz;
wolfSSL 7:481bce714567 5928 }
wolfSSL 7:481bce714567 5929 else {
wolfSSL 7:481bce714567 5930 WOLFSSL_MSG("No Auth Info set");
wolfSSL 7:481bce714567 5931 }
wolfSSL 7:481bce714567 5932 break;
wolfSSL 7:481bce714567 5933
wolfSSL 7:481bce714567 5934 case AUTH_KEY_OID:
wolfSSL 7:481bce714567 5935 if (x509->authKeyIdSet) {
wolfSSL 7:481bce714567 5936 if (c != NULL) {
wolfSSL 7:481bce714567 5937 *c = x509->authKeyIdCrit;
wolfSSL 7:481bce714567 5938 }
wolfSSL 7:481bce714567 5939 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5940 obj->type = AUTH_KEY_OID;
wolfSSL 7:481bce714567 5941 obj->obj = x509->authKeyId;
wolfSSL 7:481bce714567 5942 obj->objSz = x509->authKeyIdSz;
wolfSSL 7:481bce714567 5943 }
wolfSSL 7:481bce714567 5944 else {
wolfSSL 7:481bce714567 5945 WOLFSSL_MSG("No Auth Key set");
wolfSSL 7:481bce714567 5946 }
wolfSSL 7:481bce714567 5947 break;
wolfSSL 7:481bce714567 5948
wolfSSL 7:481bce714567 5949 case SUBJ_KEY_OID:
wolfSSL 7:481bce714567 5950 if (x509->subjKeyIdSet) {
wolfSSL 7:481bce714567 5951 if (c != NULL) {
wolfSSL 7:481bce714567 5952 *c = x509->subjKeyIdCrit;
wolfSSL 7:481bce714567 5953 }
wolfSSL 7:481bce714567 5954 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5955 obj->type = SUBJ_KEY_OID;
wolfSSL 7:481bce714567 5956 obj->obj = x509->subjKeyId;
wolfSSL 7:481bce714567 5957 obj->objSz = x509->subjKeyIdSz;
wolfSSL 7:481bce714567 5958 }
wolfSSL 7:481bce714567 5959 else {
wolfSSL 7:481bce714567 5960 WOLFSSL_MSG("No Subject Key set");
wolfSSL 7:481bce714567 5961 }
wolfSSL 7:481bce714567 5962 break;
wolfSSL 7:481bce714567 5963
wolfSSL 7:481bce714567 5964 case CERT_POLICY_OID:
wolfSSL 7:481bce714567 5965 #ifdef WOLFSSL_CERT_EXT
wolfSSL 7:481bce714567 5966 {
wolfSSL 7:481bce714567 5967 int i;
wolfSSL 7:481bce714567 5968
wolfSSL 7:481bce714567 5969 if (x509->certPoliciesNb > 0) {
wolfSSL 7:481bce714567 5970 if (c != NULL) {
wolfSSL 7:481bce714567 5971 if (x509->certPoliciesNb > 1) {
wolfSSL 7:481bce714567 5972 *c = -2;
wolfSSL 7:481bce714567 5973 }
wolfSSL 7:481bce714567 5974 else {
wolfSSL 7:481bce714567 5975 *c = 0;
wolfSSL 7:481bce714567 5976 }
wolfSSL 7:481bce714567 5977 }
wolfSSL 7:481bce714567 5978
wolfSSL 7:481bce714567 5979 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
wolfSSL 7:481bce714567 5980 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5981 obj->type = CERT_POLICY_OID;
wolfSSL 7:481bce714567 5982 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 7:481bce714567 5983 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 7:481bce714567 5984 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
wolfSSL 7:481bce714567 5985 != SSL_SUCCESS) {
wolfSSL 7:481bce714567 5986 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 7:481bce714567 5987 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 7:481bce714567 5988 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 7:481bce714567 5989 sk = NULL;
wolfSSL 7:481bce714567 5990 }
wolfSSL 7:481bce714567 5991 }
wolfSSL 7:481bce714567 5992 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 5993 obj->type = CERT_POLICY_OID;
wolfSSL 7:481bce714567 5994 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 7:481bce714567 5995 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 7:481bce714567 5996 }
wolfSSL 7:481bce714567 5997 else {
wolfSSL 7:481bce714567 5998 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 7:481bce714567 5999 }
wolfSSL 7:481bce714567 6000 }
wolfSSL 7:481bce714567 6001 #else
wolfSSL 7:481bce714567 6002 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 6003 if (x509->certPolicySet) {
wolfSSL 7:481bce714567 6004 if (c != NULL) {
wolfSSL 7:481bce714567 6005 *c = x509->certPolicyCrit;
wolfSSL 7:481bce714567 6006 }
wolfSSL 7:481bce714567 6007 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 6008 obj->type = CERT_POLICY_OID;
wolfSSL 7:481bce714567 6009 }
wolfSSL 7:481bce714567 6010 else {
wolfSSL 7:481bce714567 6011 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 7:481bce714567 6012 }
wolfSSL 7:481bce714567 6013 #else
wolfSSL 7:481bce714567 6014 WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
wolfSSL 7:481bce714567 6015 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 6016 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 7:481bce714567 6017 break;
wolfSSL 7:481bce714567 6018
wolfSSL 7:481bce714567 6019 case KEY_USAGE_OID:
wolfSSL 7:481bce714567 6020 if (x509->keyUsageSet) {
wolfSSL 7:481bce714567 6021 if (c != NULL) {
wolfSSL 7:481bce714567 6022 *c = x509->keyUsageCrit;
wolfSSL 7:481bce714567 6023 }
wolfSSL 7:481bce714567 6024 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 6025 obj->type = KEY_USAGE_OID;
wolfSSL 7:481bce714567 6026 obj->obj = (byte*)&(x509->keyUsage);
wolfSSL 7:481bce714567 6027 obj->objSz = sizeof(word16);
wolfSSL 7:481bce714567 6028 }
wolfSSL 7:481bce714567 6029 else {
wolfSSL 7:481bce714567 6030 WOLFSSL_MSG("No Key Usage set");
wolfSSL 7:481bce714567 6031 }
wolfSSL 7:481bce714567 6032 break;
wolfSSL 7:481bce714567 6033
wolfSSL 7:481bce714567 6034 case INHIBIT_ANY_OID:
wolfSSL 7:481bce714567 6035 WOLFSSL_MSG("INHIBIT ANY extension not supported");
wolfSSL 7:481bce714567 6036 break;
wolfSSL 7:481bce714567 6037
wolfSSL 7:481bce714567 6038 case EXT_KEY_USAGE_OID:
wolfSSL 7:481bce714567 6039 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 7:481bce714567 6040 if (c != NULL) {
wolfSSL 7:481bce714567 6041 if (x509->extKeyUsageCount > 1) {
wolfSSL 7:481bce714567 6042 *c = -2;
wolfSSL 7:481bce714567 6043 }
wolfSSL 7:481bce714567 6044 else {
wolfSSL 7:481bce714567 6045 *c = x509->extKeyUsageCrit;
wolfSSL 7:481bce714567 6046 }
wolfSSL 7:481bce714567 6047 }
wolfSSL 7:481bce714567 6048 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 7:481bce714567 6049 obj->type = EXT_KEY_USAGE_OID;
wolfSSL 7:481bce714567 6050 obj->obj = x509->extKeyUsageSrc;
wolfSSL 7:481bce714567 6051 obj->objSz = x509->extKeyUsageSz;
wolfSSL 7:481bce714567 6052 }
wolfSSL 7:481bce714567 6053 else {
wolfSSL 7:481bce714567 6054 WOLFSSL_MSG("No Extended Key Usage set");
wolfSSL 7:481bce714567 6055 }
wolfSSL 7:481bce714567 6056 break;
wolfSSL 7:481bce714567 6057
wolfSSL 7:481bce714567 6058 case NAME_CONS_OID:
wolfSSL 7:481bce714567 6059 WOLFSSL_MSG("Name Constraint OID extension not supported");
wolfSSL 7:481bce714567 6060 break;
wolfSSL 7:481bce714567 6061
wolfSSL 7:481bce714567 6062 case PRIV_KEY_USAGE_PERIOD_OID:
wolfSSL 7:481bce714567 6063 WOLFSSL_MSG("Private Key Usage Period extension not supported");
wolfSSL 7:481bce714567 6064 break;
wolfSSL 7:481bce714567 6065
wolfSSL 7:481bce714567 6066 case SUBJECT_INFO_ACCESS:
wolfSSL 7:481bce714567 6067 WOLFSSL_MSG("Subject Info Access extension not supported");
wolfSSL 7:481bce714567 6068 break;
wolfSSL 7:481bce714567 6069
wolfSSL 7:481bce714567 6070 case POLICY_MAP_OID:
wolfSSL 7:481bce714567 6071 WOLFSSL_MSG("Policy Map extension not supported");
wolfSSL 7:481bce714567 6072 break;
wolfSSL 7:481bce714567 6073
wolfSSL 7:481bce714567 6074 case POLICY_CONST_OID:
wolfSSL 7:481bce714567 6075 WOLFSSL_MSG("Policy Constraint extension not supported");
wolfSSL 7:481bce714567 6076 break;
wolfSSL 7:481bce714567 6077
wolfSSL 7:481bce714567 6078 case ISSUE_ALT_NAMES_OID:
wolfSSL 7:481bce714567 6079 WOLFSSL_MSG("Issue Alt Names extension not supported");
wolfSSL 7:481bce714567 6080 break;
wolfSSL 7:481bce714567 6081
wolfSSL 7:481bce714567 6082 case TLS_FEATURE_OID:
wolfSSL 7:481bce714567 6083 WOLFSSL_MSG("TLS Feature extension not supported");
wolfSSL 7:481bce714567 6084 break;
wolfSSL 7:481bce714567 6085
wolfSSL 7:481bce714567 6086 default:
wolfSSL 7:481bce714567 6087 WOLFSSL_MSG("Unsupported/Unknown extension OID");
wolfSSL 7:481bce714567 6088 }
wolfSSL 7:481bce714567 6089
wolfSSL 7:481bce714567 6090 if (obj != NULL) {
wolfSSL 7:481bce714567 6091 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 6092 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 7:481bce714567 6093 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 7:481bce714567 6094 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 7:481bce714567 6095 sk = NULL;
wolfSSL 7:481bce714567 6096 }
wolfSSL 7:481bce714567 6097 }
wolfSSL 7:481bce714567 6098 else { /* no ASN1 object found for extension, free stack */
wolfSSL 7:481bce714567 6099 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 7:481bce714567 6100 sk = NULL;
wolfSSL 7:481bce714567 6101 }
wolfSSL 7:481bce714567 6102
wolfSSL 7:481bce714567 6103 (void)idx;
wolfSSL 7:481bce714567 6104
wolfSSL 7:481bce714567 6105 return sk;
wolfSSL 7:481bce714567 6106 }
wolfSSL 7:481bce714567 6107
wolfSSL 7:481bce714567 6108
wolfSSL 7:481bce714567 6109 /* this function makes the assumption that out buffer is big enough for digest*/
wolfSSL 7:481bce714567 6110 static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out,
wolfSSL 7:481bce714567 6111 unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
wolfSSL 7:481bce714567 6112 WOLFSSL_ENGINE* eng)
wolfSSL 7:481bce714567 6113 {
wolfSSL 7:481bce714567 6114 enum wc_HashType hash = WC_HASH_TYPE_NONE;
wolfSSL 7:481bce714567 6115 int hashSz;
wolfSSL 7:481bce714567 6116
wolfSSL 7:481bce714567 6117 if (XSTRLEN(evp) < 3) {
wolfSSL 7:481bce714567 6118 /* do not try comparing strings if size is too small */
wolfSSL 7:481bce714567 6119 return SSL_FAILURE;
wolfSSL 7:481bce714567 6120 }
wolfSSL 7:481bce714567 6121
wolfSSL 7:481bce714567 6122 if (XSTRNCMP("SHA", evp, 3) == 0) {
wolfSSL 7:481bce714567 6123 if (XSTRLEN(evp) > 3) {
wolfSSL 7:481bce714567 6124 if (XSTRNCMP("SHA256", evp, 6) == 0) {
wolfSSL 7:481bce714567 6125 hash = WC_HASH_TYPE_SHA256;
wolfSSL 7:481bce714567 6126 }
wolfSSL 7:481bce714567 6127 else if (XSTRNCMP("SHA384", evp, 6) == 0) {
wolfSSL 7:481bce714567 6128 hash = WC_HASH_TYPE_SHA384;
wolfSSL 7:481bce714567 6129 }
wolfSSL 7:481bce714567 6130 else if (XSTRNCMP("SHA512", evp, 6) == 0) {
wolfSSL 7:481bce714567 6131 hash = WC_HASH_TYPE_SHA512;
wolfSSL 7:481bce714567 6132 }
wolfSSL 7:481bce714567 6133 else {
wolfSSL 7:481bce714567 6134 WOLFSSL_MSG("Unknown SHA hash");
wolfSSL 7:481bce714567 6135 }
wolfSSL 7:481bce714567 6136 }
wolfSSL 7:481bce714567 6137 else {
wolfSSL 7:481bce714567 6138 hash = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 6139 }
wolfSSL 7:481bce714567 6140 }
wolfSSL 7:481bce714567 6141 else if (XSTRNCMP("MD2", evp, 3) == 0) {
wolfSSL 7:481bce714567 6142 hash = WC_HASH_TYPE_MD2;
wolfSSL 7:481bce714567 6143 }
wolfSSL 7:481bce714567 6144 else if (XSTRNCMP("MD4", evp, 3) == 0) {
wolfSSL 7:481bce714567 6145 hash = WC_HASH_TYPE_MD4;
wolfSSL 7:481bce714567 6146 }
wolfSSL 7:481bce714567 6147 else if (XSTRNCMP("MD5", evp, 3) == 0) {
wolfSSL 7:481bce714567 6148 hash = WC_HASH_TYPE_MD5;
wolfSSL 7:481bce714567 6149 }
wolfSSL 7:481bce714567 6150
wolfSSL 7:481bce714567 6151 hashSz = wc_HashGetDigestSize(hash);
wolfSSL 7:481bce714567 6152 if (hashSz < 0) {
wolfSSL 7:481bce714567 6153 WOLFSSL_LEAVE("wolfSSL_EVP_Digest", hashSz);
wolfSSL 7:481bce714567 6154 return SSL_FAILURE;
wolfSSL 7:481bce714567 6155 }
wolfSSL 7:481bce714567 6156 *outSz = hashSz;
wolfSSL 7:481bce714567 6157
wolfSSL 7:481bce714567 6158 (void)eng;
wolfSSL 7:481bce714567 6159 if (wc_Hash(hash, in, inSz, out, *outSz) == 0) {
wolfSSL 7:481bce714567 6160 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6161 }
wolfSSL 7:481bce714567 6162 else {
wolfSSL 7:481bce714567 6163 return SSL_FAILURE;
wolfSSL 7:481bce714567 6164 }
wolfSSL 7:481bce714567 6165 }
wolfSSL 7:481bce714567 6166
wolfSSL 7:481bce714567 6167
wolfSSL 7:481bce714567 6168 int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
wolfSSL 7:481bce714567 6169 unsigned char* buf, unsigned int* len)
wolfSSL 7:481bce714567 6170 {
wolfSSL 7:481bce714567 6171 WOLFSSL_ENTER("wolfSSL_X509_digest");
wolfSSL 7:481bce714567 6172
wolfSSL 7:481bce714567 6173 if (x509 == NULL || digest == NULL) {
wolfSSL 7:481bce714567 6174 return SSL_FAILURE;
wolfSSL 7:481bce714567 6175 }
wolfSSL 7:481bce714567 6176
wolfSSL 7:481bce714567 6177 return wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf,
wolfSSL 7:481bce714567 6178 len, digest, NULL);
wolfSSL 7:481bce714567 6179 }
wolfSSL 7:481bce714567 6180
wolfSSL 7:481bce714567 6181
wolfSSL 7:481bce714567 6182 int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
wolfSSL 7:481bce714567 6183 {
wolfSSL 7:481bce714567 6184 WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
wolfSSL 7:481bce714567 6185 if (ssl == NULL || pkey == NULL ) {
wolfSSL 7:481bce714567 6186 return SSL_FAILURE;
wolfSSL 7:481bce714567 6187 }
wolfSSL 7:481bce714567 6188
wolfSSL 7:481bce714567 6189 return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
wolfSSL 7:481bce714567 6190 pkey->pkey_sz, SSL_FILETYPE_ASN1);
wolfSSL 7:481bce714567 6191 }
wolfSSL 7:481bce714567 6192
wolfSSL 7:481bce714567 6193
wolfSSL 7:481bce714567 6194 int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der,
wolfSSL 7:481bce714567 6195 long derSz)
wolfSSL 7:481bce714567 6196 {
wolfSSL 7:481bce714567 6197 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
wolfSSL 7:481bce714567 6198 if (ssl == NULL || der == NULL ) {
wolfSSL 7:481bce714567 6199 return SSL_FAILURE;
wolfSSL 7:481bce714567 6200 }
wolfSSL 7:481bce714567 6201
wolfSSL 7:481bce714567 6202 (void)pri; /* type of private key */
wolfSSL 7:481bce714567 6203 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1);
wolfSSL 7:481bce714567 6204 }
wolfSSL 7:481bce714567 6205
wolfSSL 7:481bce714567 6206
wolfSSL 7:481bce714567 6207 #ifndef NO_RSA
wolfSSL 7:481bce714567 6208 int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
wolfSSL 7:481bce714567 6209 {
wolfSSL 7:481bce714567 6210 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
wolfSSL 7:481bce714567 6211 if (ssl == NULL || der == NULL ) {
wolfSSL 7:481bce714567 6212 return SSL_FAILURE;
wolfSSL 7:481bce714567 6213 }
wolfSSL 7:481bce714567 6214
wolfSSL 7:481bce714567 6215 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1);
wolfSSL 7:481bce714567 6216 }
wolfSSL 7:481bce714567 6217 #endif
wolfSSL 7:481bce714567 6218
wolfSSL 7:481bce714567 6219 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz)
wolfSSL 7:481bce714567 6220 {
wolfSSL 7:481bce714567 6221 long idx;
wolfSSL 7:481bce714567 6222
wolfSSL 7:481bce714567 6223 WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
wolfSSL 7:481bce714567 6224 if (der != NULL && ssl != NULL) {
wolfSSL 7:481bce714567 6225 if (ProcessBuffer(NULL, der, derSz, SSL_FILETYPE_ASN1, CERT_TYPE, ssl,
wolfSSL 7:481bce714567 6226 &idx, 0) == SSL_SUCCESS)
wolfSSL 7:481bce714567 6227 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6228 }
wolfSSL 7:481bce714567 6229
wolfSSL 7:481bce714567 6230 (void)idx;
wolfSSL 7:481bce714567 6231 return SSL_FAILURE;
wolfSSL 7:481bce714567 6232 }
wolfSSL 7:481bce714567 6233
wolfSSL 7:481bce714567 6234
wolfSSL 7:481bce714567 6235 int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 6236 {
wolfSSL 7:481bce714567 6237 long idx;
wolfSSL 7:481bce714567 6238
wolfSSL 7:481bce714567 6239 WOLFSSL_ENTER("wolfSSL_use_certificate");
wolfSSL 7:481bce714567 6240 if (x509 != NULL && ssl != NULL && x509->derCert != NULL) {
wolfSSL 7:481bce714567 6241 if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
wolfSSL 7:481bce714567 6242 SSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0) == SSL_SUCCESS)
wolfSSL 7:481bce714567 6243 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6244 }
wolfSSL 7:481bce714567 6245
wolfSSL 7:481bce714567 6246 (void)idx;
wolfSSL 7:481bce714567 6247 return SSL_FAILURE;
wolfSSL 7:481bce714567 6248 }
wolfSSL 7:481bce714567 6249 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 6250
wolfSSL 7:481bce714567 6251
wolfSSL 7:481bce714567 6252 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 7:481bce714567 6253 {
wolfSSL 7:481bce714567 6254 WOLFSSL_ENTER("wolfSSL_use_certificate_file");
wolfSSL 7:481bce714567 6255 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
wolfSSL 7:481bce714567 6256 ssl, 0, NULL) == SSL_SUCCESS)
wolfSSL 7:481bce714567 6257 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6258
wolfSSL 7:481bce714567 6259 return SSL_FAILURE;
wolfSSL 7:481bce714567 6260 }
wolfSSL 7:481bce714567 6261
wolfSSL 7:481bce714567 6262
wolfSSL 7:481bce714567 6263 int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 7:481bce714567 6264 {
wolfSSL 7:481bce714567 6265 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
wolfSSL 7:481bce714567 6266 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
wolfSSL 7:481bce714567 6267 ssl, 0, NULL) == SSL_SUCCESS)
wolfSSL 7:481bce714567 6268 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6269
wolfSSL 7:481bce714567 6270 return SSL_FAILURE;
wolfSSL 7:481bce714567 6271 }
wolfSSL 7:481bce714567 6272
wolfSSL 7:481bce714567 6273
wolfSSL 7:481bce714567 6274 int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
wolfSSL 7:481bce714567 6275 {
wolfSSL 7:481bce714567 6276 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 7:481bce714567 6277 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
wolfSSL 7:481bce714567 6278 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 7:481bce714567 6279 ssl, 1, NULL) == SSL_SUCCESS)
wolfSSL 7:481bce714567 6280 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6281
wolfSSL 7:481bce714567 6282 return SSL_FAILURE;
wolfSSL 7:481bce714567 6283 }
wolfSSL 7:481bce714567 6284
wolfSSL 7:481bce714567 6285
wolfSSL 7:481bce714567 6286 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 6287
wolfSSL 7:481bce714567 6288 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 7:481bce714567 6289 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
wolfSSL 7:481bce714567 6290 {
wolfSSL 7:481bce714567 6291 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 7:481bce714567 6292 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6293
wolfSSL 7:481bce714567 6294 ctx->eccTempKeySz = sz;
wolfSSL 7:481bce714567 6295
wolfSSL 7:481bce714567 6296 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6297 }
wolfSSL 7:481bce714567 6298
wolfSSL 7:481bce714567 6299
wolfSSL 7:481bce714567 6300 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 7:481bce714567 6301 int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
wolfSSL 7:481bce714567 6302 {
wolfSSL 7:481bce714567 6303 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 7:481bce714567 6304 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6305
wolfSSL 7:481bce714567 6306 ssl->eccTempKeySz = sz;
wolfSSL 7:481bce714567 6307
wolfSSL 7:481bce714567 6308 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6309 }
wolfSSL 7:481bce714567 6310
wolfSSL 7:481bce714567 6311 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 6312
wolfSSL 7:481bce714567 6313
wolfSSL 7:481bce714567 6314
wolfSSL 7:481bce714567 6315
wolfSSL 7:481bce714567 6316 int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
wolfSSL 7:481bce714567 6317 int format)
wolfSSL 7:481bce714567 6318 {
wolfSSL 7:481bce714567 6319 WOLFSSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 7:481bce714567 6320
wolfSSL 7:481bce714567 6321 return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 7:481bce714567 6322 }
wolfSSL 7:481bce714567 6323
wolfSSL 7:481bce714567 6324
wolfSSL 7:481bce714567 6325 int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 7:481bce714567 6326 {
wolfSSL 7:481bce714567 6327 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
wolfSSL 7:481bce714567 6328
wolfSSL 7:481bce714567 6329 return wolfSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 7:481bce714567 6330 }
wolfSSL 7:481bce714567 6331
wolfSSL 7:481bce714567 6332
wolfSSL 7:481bce714567 6333 /* Copies the master secret over to out buffer. If outSz is 0 returns the size
wolfSSL 7:481bce714567 6334 * of master secret.
wolfSSL 7:481bce714567 6335 *
wolfSSL 7:481bce714567 6336 * ses : a session from completed TLS/SSL handshake
wolfSSL 7:481bce714567 6337 * out : buffer to hold copy of master secret
wolfSSL 7:481bce714567 6338 * outSz : size of out buffer
wolfSSL 7:481bce714567 6339 * returns : number of bytes copied into out buffer on success
wolfSSL 7:481bce714567 6340 * less then or equal to 0 is considered a failure case
wolfSSL 7:481bce714567 6341 */
wolfSSL 7:481bce714567 6342 int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
wolfSSL 7:481bce714567 6343 unsigned char* out, int outSz)
wolfSSL 7:481bce714567 6344 {
wolfSSL 7:481bce714567 6345 int size;
wolfSSL 7:481bce714567 6346
wolfSSL 7:481bce714567 6347 if (outSz == 0) {
wolfSSL 7:481bce714567 6348 return SECRET_LEN;
wolfSSL 7:481bce714567 6349 }
wolfSSL 7:481bce714567 6350
wolfSSL 7:481bce714567 6351 if (ses == NULL || out == NULL || outSz < 0) {
wolfSSL 7:481bce714567 6352 return 0;
wolfSSL 7:481bce714567 6353 }
wolfSSL 7:481bce714567 6354
wolfSSL 7:481bce714567 6355 if (outSz > SECRET_LEN) {
wolfSSL 7:481bce714567 6356 size = SECRET_LEN;
wolfSSL 7:481bce714567 6357 }
wolfSSL 7:481bce714567 6358 else {
wolfSSL 7:481bce714567 6359 size = outSz;
wolfSSL 7:481bce714567 6360 }
wolfSSL 7:481bce714567 6361
wolfSSL 7:481bce714567 6362 XMEMCPY(out, ses->masterSecret, size);
wolfSSL 7:481bce714567 6363 return size;
wolfSSL 7:481bce714567 6364 }
wolfSSL 7:481bce714567 6365
wolfSSL 7:481bce714567 6366
wolfSSL 7:481bce714567 6367 int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
wolfSSL 7:481bce714567 6368 {
wolfSSL 7:481bce714567 6369 (void)ses;
wolfSSL 7:481bce714567 6370 return SECRET_LEN;
wolfSSL 7:481bce714567 6371 }
wolfSSL 7:481bce714567 6372
wolfSSL 7:481bce714567 6373 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 6374
wolfSSL 7:481bce714567 6375 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 6376
wolfSSL 7:481bce714567 6377 int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 7:481bce714567 6378 {
wolfSSL 7:481bce714567 6379 WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 7:481bce714567 6380 if (ctx == NULL)
wolfSSL 7:481bce714567 6381 return SSL_FAILURE;
wolfSSL 7:481bce714567 6382
wolfSSL 7:481bce714567 6383 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 7:481bce714567 6384 == SSL_SUCCESS) {
wolfSSL 7:481bce714567 6385 ctx->haveNTRU = 1;
wolfSSL 7:481bce714567 6386 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6387 }
wolfSSL 7:481bce714567 6388
wolfSSL 7:481bce714567 6389 return SSL_FAILURE;
wolfSSL 7:481bce714567 6390 }
wolfSSL 7:481bce714567 6391
wolfSSL 7:481bce714567 6392 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 6393
wolfSSL 7:481bce714567 6394
wolfSSL 7:481bce714567 6395 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 6396
wolfSSL 7:481bce714567 6397
wolfSSL 7:481bce714567 6398 void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 7:481bce714567 6399 {
wolfSSL 7:481bce714567 6400 WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
wolfSSL 7:481bce714567 6401 if (mode & SSL_VERIFY_PEER) {
wolfSSL 7:481bce714567 6402 ctx->verifyPeer = 1;
wolfSSL 7:481bce714567 6403 ctx->verifyNone = 0; /* in case previously set */
wolfSSL 7:481bce714567 6404 }
wolfSSL 7:481bce714567 6405
wolfSSL 7:481bce714567 6406 if (mode == SSL_VERIFY_NONE) {
wolfSSL 7:481bce714567 6407 ctx->verifyNone = 1;
wolfSSL 7:481bce714567 6408 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 7:481bce714567 6409 }
wolfSSL 7:481bce714567 6410
wolfSSL 7:481bce714567 6411 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 7:481bce714567 6412 ctx->failNoCert = 1;
wolfSSL 7:481bce714567 6413
wolfSSL 7:481bce714567 6414 if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 7:481bce714567 6415 ctx->failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 7:481bce714567 6416 ctx->failNoCertxPSK = 1;
wolfSSL 7:481bce714567 6417 }
wolfSSL 7:481bce714567 6418
wolfSSL 7:481bce714567 6419 ctx->verifyCallback = vc;
wolfSSL 7:481bce714567 6420 }
wolfSSL 7:481bce714567 6421
wolfSSL 7:481bce714567 6422
wolfSSL 7:481bce714567 6423 void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
wolfSSL 7:481bce714567 6424 {
wolfSSL 7:481bce714567 6425 WOLFSSL_ENTER("wolfSSL_set_verify");
wolfSSL 7:481bce714567 6426 if (mode & SSL_VERIFY_PEER) {
wolfSSL 7:481bce714567 6427 ssl->options.verifyPeer = 1;
wolfSSL 7:481bce714567 6428 ssl->options.verifyNone = 0; /* in case previously set */
wolfSSL 7:481bce714567 6429 }
wolfSSL 7:481bce714567 6430
wolfSSL 7:481bce714567 6431 if (mode == SSL_VERIFY_NONE) {
wolfSSL 7:481bce714567 6432 ssl->options.verifyNone = 1;
wolfSSL 7:481bce714567 6433 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 7:481bce714567 6434 }
wolfSSL 7:481bce714567 6435
wolfSSL 7:481bce714567 6436 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 7:481bce714567 6437 ssl->options.failNoCert = 1;
wolfSSL 7:481bce714567 6438
wolfSSL 7:481bce714567 6439 if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 7:481bce714567 6440 ssl->options.failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 7:481bce714567 6441 ssl->options.failNoCertxPSK = 1;
wolfSSL 7:481bce714567 6442 }
wolfSSL 7:481bce714567 6443
wolfSSL 7:481bce714567 6444 ssl->verifyCallback = vc;
wolfSSL 7:481bce714567 6445 }
wolfSSL 7:481bce714567 6446
wolfSSL 7:481bce714567 6447
wolfSSL 7:481bce714567 6448 /* store user ctx for verify callback */
wolfSSL 7:481bce714567 6449 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
wolfSSL 7:481bce714567 6450 {
wolfSSL 7:481bce714567 6451 WOLFSSL_ENTER("wolfSSL_SetCertCbCtx");
wolfSSL 7:481bce714567 6452 if (ssl)
wolfSSL 7:481bce714567 6453 ssl->verifyCbCtx = ctx;
wolfSSL 7:481bce714567 6454 }
wolfSSL 7:481bce714567 6455
wolfSSL 7:481bce714567 6456
wolfSSL 7:481bce714567 6457 /* store context CA Cache addition callback */
wolfSSL 7:481bce714567 6458 void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
wolfSSL 7:481bce714567 6459 {
wolfSSL 7:481bce714567 6460 if (ctx && ctx->cm)
wolfSSL 7:481bce714567 6461 ctx->cm->caCacheCallback = cb;
wolfSSL 7:481bce714567 6462 }
wolfSSL 7:481bce714567 6463
wolfSSL 7:481bce714567 6464
wolfSSL 7:481bce714567 6465 #if defined(PERSIST_CERT_CACHE)
wolfSSL 7:481bce714567 6466
wolfSSL 7:481bce714567 6467 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 6468
wolfSSL 7:481bce714567 6469 /* Persist cert cache to file */
wolfSSL 7:481bce714567 6470 int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 7:481bce714567 6471 {
wolfSSL 7:481bce714567 6472 WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache");
wolfSSL 7:481bce714567 6473
wolfSSL 7:481bce714567 6474 if (ctx == NULL || fname == NULL)
wolfSSL 7:481bce714567 6475 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6476
wolfSSL 7:481bce714567 6477 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 7:481bce714567 6478 }
wolfSSL 7:481bce714567 6479
wolfSSL 7:481bce714567 6480
wolfSSL 7:481bce714567 6481 /* Persist cert cache from file */
wolfSSL 7:481bce714567 6482 int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 7:481bce714567 6483 {
wolfSSL 7:481bce714567 6484 WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache");
wolfSSL 7:481bce714567 6485
wolfSSL 7:481bce714567 6486 if (ctx == NULL || fname == NULL)
wolfSSL 7:481bce714567 6487 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6488
wolfSSL 7:481bce714567 6489 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 7:481bce714567 6490 }
wolfSSL 7:481bce714567 6491
wolfSSL 7:481bce714567 6492 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 6493
wolfSSL 7:481bce714567 6494 /* Persist cert cache to memory */
wolfSSL 7:481bce714567 6495 int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem,
wolfSSL 7:481bce714567 6496 int sz, int* used)
wolfSSL 7:481bce714567 6497 {
wolfSSL 7:481bce714567 6498 WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
wolfSSL 7:481bce714567 6499
wolfSSL 7:481bce714567 6500 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 7:481bce714567 6501 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6502
wolfSSL 7:481bce714567 6503 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 7:481bce714567 6504 }
wolfSSL 7:481bce714567 6505
wolfSSL 7:481bce714567 6506
wolfSSL 7:481bce714567 6507 /* Restore cert cache from memory */
wolfSSL 7:481bce714567 6508 int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz)
wolfSSL 7:481bce714567 6509 {
wolfSSL 7:481bce714567 6510 WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache");
wolfSSL 7:481bce714567 6511
wolfSSL 7:481bce714567 6512 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 7:481bce714567 6513 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6514
wolfSSL 7:481bce714567 6515 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 7:481bce714567 6516 }
wolfSSL 7:481bce714567 6517
wolfSSL 7:481bce714567 6518
wolfSSL 7:481bce714567 6519 /* get how big the the cert cache save buffer needs to be */
wolfSSL 7:481bce714567 6520 int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 6521 {
wolfSSL 7:481bce714567 6522 WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize");
wolfSSL 7:481bce714567 6523
wolfSSL 7:481bce714567 6524 if (ctx == NULL)
wolfSSL 7:481bce714567 6525 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6526
wolfSSL 7:481bce714567 6527 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 7:481bce714567 6528 }
wolfSSL 7:481bce714567 6529
wolfSSL 7:481bce714567 6530 #endif /* PERSISTE_CERT_CACHE */
wolfSSL 7:481bce714567 6531 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 6532
wolfSSL 7:481bce714567 6533
wolfSSL 7:481bce714567 6534 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 6535
wolfSSL 7:481bce714567 6536 WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
wolfSSL 7:481bce714567 6537 {
wolfSSL 7:481bce714567 6538 WOLFSSL_ENTER("SSL_get_session");
wolfSSL 7:481bce714567 6539 if (ssl)
wolfSSL 7:481bce714567 6540 return GetSession(ssl, 0, 0);
wolfSSL 7:481bce714567 6541
wolfSSL 7:481bce714567 6542 return NULL;
wolfSSL 7:481bce714567 6543 }
wolfSSL 7:481bce714567 6544
wolfSSL 7:481bce714567 6545
wolfSSL 7:481bce714567 6546 int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 6547 {
wolfSSL 7:481bce714567 6548 WOLFSSL_ENTER("SSL_set_session");
wolfSSL 7:481bce714567 6549 if (session)
wolfSSL 7:481bce714567 6550 return SetSession(ssl, session);
wolfSSL 7:481bce714567 6551
wolfSSL 7:481bce714567 6552 return SSL_FAILURE;
wolfSSL 7:481bce714567 6553 }
wolfSSL 7:481bce714567 6554
wolfSSL 7:481bce714567 6555
wolfSSL 7:481bce714567 6556 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6557
wolfSSL 7:481bce714567 6558 /* Associate client session with serverID, find existing or store for saving
wolfSSL 7:481bce714567 6559 if newSession flag on, don't reuse existing session
wolfSSL 7:481bce714567 6560 SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 6561 int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
wolfSSL 7:481bce714567 6562 {
wolfSSL 7:481bce714567 6563 WOLFSSL_SESSION* session = NULL;
wolfSSL 7:481bce714567 6564
wolfSSL 7:481bce714567 6565 WOLFSSL_ENTER("wolfSSL_SetServerID");
wolfSSL 7:481bce714567 6566
wolfSSL 7:481bce714567 6567 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 7:481bce714567 6568 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6569
wolfSSL 7:481bce714567 6570 if (newSession == 0) {
wolfSSL 7:481bce714567 6571 session = GetSessionClient(ssl, id, len);
wolfSSL 7:481bce714567 6572 if (session) {
wolfSSL 7:481bce714567 6573 if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 6574 WOLFSSL_MSG("SetSession failed");
wolfSSL 7:481bce714567 6575 session = NULL;
wolfSSL 7:481bce714567 6576 }
wolfSSL 7:481bce714567 6577 }
wolfSSL 7:481bce714567 6578 }
wolfSSL 7:481bce714567 6579
wolfSSL 7:481bce714567 6580 if (session == NULL) {
wolfSSL 7:481bce714567 6581 WOLFSSL_MSG("Valid ServerID not cached already");
wolfSSL 7:481bce714567 6582
wolfSSL 7:481bce714567 6583 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 7:481bce714567 6584 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 7:481bce714567 6585 }
wolfSSL 7:481bce714567 6586
wolfSSL 7:481bce714567 6587 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6588 }
wolfSSL 7:481bce714567 6589
wolfSSL 7:481bce714567 6590 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 6591
wolfSSL 7:481bce714567 6592 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 7:481bce714567 6593
wolfSSL 7:481bce714567 6594 /* for persistence, if changes to layout need to increment and modify
wolfSSL 7:481bce714567 6595 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 7:481bce714567 6596 #define WOLFSSL_CACHE_VERSION 2
wolfSSL 7:481bce714567 6597
wolfSSL 7:481bce714567 6598 /* Session Cache Header information */
wolfSSL 7:481bce714567 6599 typedef struct {
wolfSSL 7:481bce714567 6600 int version; /* cache layout version id */
wolfSSL 7:481bce714567 6601 int rows; /* session rows */
wolfSSL 7:481bce714567 6602 int columns; /* session columns */
wolfSSL 7:481bce714567 6603 int sessionSz; /* sizeof WOLFSSL_SESSION */
wolfSSL 7:481bce714567 6604 } cache_header_t;
wolfSSL 7:481bce714567 6605
wolfSSL 7:481bce714567 6606 /* current persistence layout is:
wolfSSL 7:481bce714567 6607
wolfSSL 7:481bce714567 6608 1) cache_header_t
wolfSSL 7:481bce714567 6609 2) SessionCache
wolfSSL 7:481bce714567 6610 3) ClientCache
wolfSSL 7:481bce714567 6611
wolfSSL 7:481bce714567 6612 update WOLFSSL_CACHE_VERSION if change layout for the following
wolfSSL 7:481bce714567 6613 PERSISTENT_SESSION_CACHE functions
wolfSSL 7:481bce714567 6614 */
wolfSSL 7:481bce714567 6615
wolfSSL 7:481bce714567 6616
wolfSSL 7:481bce714567 6617 /* get how big the the session cache save buffer needs to be */
wolfSSL 7:481bce714567 6618 int wolfSSL_get_session_cache_memsize(void)
wolfSSL 7:481bce714567 6619 {
wolfSSL 7:481bce714567 6620 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 7:481bce714567 6621
wolfSSL 7:481bce714567 6622 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6623 sz += (int)(sizeof(ClientCache));
wolfSSL 7:481bce714567 6624 #endif
wolfSSL 7:481bce714567 6625
wolfSSL 7:481bce714567 6626 return sz;
wolfSSL 7:481bce714567 6627 }
wolfSSL 7:481bce714567 6628
wolfSSL 7:481bce714567 6629
wolfSSL 7:481bce714567 6630 /* Persist session cache to memory */
wolfSSL 7:481bce714567 6631 int wolfSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 7:481bce714567 6632 {
wolfSSL 7:481bce714567 6633 int i;
wolfSSL 7:481bce714567 6634 cache_header_t cache_header;
wolfSSL 7:481bce714567 6635 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 7:481bce714567 6636 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6637 ClientRow* clRow;
wolfSSL 7:481bce714567 6638 #endif
wolfSSL 7:481bce714567 6639
wolfSSL 7:481bce714567 6640 WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
wolfSSL 7:481bce714567 6641
wolfSSL 7:481bce714567 6642 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 7:481bce714567 6643 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 7:481bce714567 6644 return BUFFER_E;
wolfSSL 7:481bce714567 6645 }
wolfSSL 7:481bce714567 6646
wolfSSL 7:481bce714567 6647 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 7:481bce714567 6648 cache_header.rows = SESSION_ROWS;
wolfSSL 7:481bce714567 6649 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 7:481bce714567 6650 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 7:481bce714567 6651 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 7:481bce714567 6652
wolfSSL 7:481bce714567 6653 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 6654 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 7:481bce714567 6655 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 6656 }
wolfSSL 7:481bce714567 6657
wolfSSL 7:481bce714567 6658 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 7:481bce714567 6659 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 7:481bce714567 6660
wolfSSL 7:481bce714567 6661 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6662 clRow = (ClientRow*)row;
wolfSSL 7:481bce714567 6663 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 7:481bce714567 6664 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 7:481bce714567 6665 #endif
wolfSSL 7:481bce714567 6666
wolfSSL 7:481bce714567 6667 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 6668
wolfSSL 7:481bce714567 6669 WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL 7:481bce714567 6670
wolfSSL 7:481bce714567 6671 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6672 }
wolfSSL 7:481bce714567 6673
wolfSSL 7:481bce714567 6674
wolfSSL 7:481bce714567 6675 /* Restore the persistent session cache from memory */
wolfSSL 7:481bce714567 6676 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 7:481bce714567 6677 {
wolfSSL 7:481bce714567 6678 int i;
wolfSSL 7:481bce714567 6679 cache_header_t cache_header;
wolfSSL 7:481bce714567 6680 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 7:481bce714567 6681 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6682 ClientRow* clRow;
wolfSSL 7:481bce714567 6683 #endif
wolfSSL 7:481bce714567 6684
wolfSSL 7:481bce714567 6685 WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
wolfSSL 7:481bce714567 6686
wolfSSL 7:481bce714567 6687 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 7:481bce714567 6688 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 7:481bce714567 6689 return BUFFER_E;
wolfSSL 7:481bce714567 6690 }
wolfSSL 7:481bce714567 6691
wolfSSL 7:481bce714567 6692 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 7:481bce714567 6693 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 7:481bce714567 6694 cache_header.rows != SESSION_ROWS ||
wolfSSL 7:481bce714567 6695 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 7:481bce714567 6696 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 7:481bce714567 6697
wolfSSL 7:481bce714567 6698 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 7:481bce714567 6699 return CACHE_MATCH_ERROR;
wolfSSL 7:481bce714567 6700 }
wolfSSL 7:481bce714567 6701
wolfSSL 7:481bce714567 6702 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 6703 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 7:481bce714567 6704 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 6705 }
wolfSSL 7:481bce714567 6706
wolfSSL 7:481bce714567 6707 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 7:481bce714567 6708 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 7:481bce714567 6709
wolfSSL 7:481bce714567 6710 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6711 clRow = (ClientRow*)row;
wolfSSL 7:481bce714567 6712 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 7:481bce714567 6713 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 7:481bce714567 6714 #endif
wolfSSL 7:481bce714567 6715
wolfSSL 7:481bce714567 6716 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 6717
wolfSSL 7:481bce714567 6718 WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL 7:481bce714567 6719
wolfSSL 7:481bce714567 6720 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6721 }
wolfSSL 7:481bce714567 6722
wolfSSL 7:481bce714567 6723 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 6724
wolfSSL 7:481bce714567 6725 /* Persist session cache to file */
wolfSSL 7:481bce714567 6726 /* doesn't use memsave because of additional memory use */
wolfSSL 7:481bce714567 6727 int wolfSSL_save_session_cache(const char *fname)
wolfSSL 7:481bce714567 6728 {
wolfSSL 7:481bce714567 6729 XFILE file;
wolfSSL 7:481bce714567 6730 int ret;
wolfSSL 7:481bce714567 6731 int rc = SSL_SUCCESS;
wolfSSL 7:481bce714567 6732 int i;
wolfSSL 7:481bce714567 6733 cache_header_t cache_header;
wolfSSL 7:481bce714567 6734
wolfSSL 7:481bce714567 6735 WOLFSSL_ENTER("wolfSSL_save_session_cache");
wolfSSL 7:481bce714567 6736
wolfSSL 7:481bce714567 6737 file = XFOPEN(fname, "w+b");
wolfSSL 7:481bce714567 6738 if (file == XBADFILE) {
wolfSSL 7:481bce714567 6739 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 7:481bce714567 6740 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 6741 }
wolfSSL 7:481bce714567 6742 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 7:481bce714567 6743 cache_header.rows = SESSION_ROWS;
wolfSSL 7:481bce714567 6744 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 7:481bce714567 6745 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 7:481bce714567 6746
wolfSSL 7:481bce714567 6747 /* cache header */
wolfSSL 7:481bce714567 6748 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 7:481bce714567 6749 if (ret != 1) {
wolfSSL 7:481bce714567 6750 WOLFSSL_MSG("Session cache header file write failed");
wolfSSL 7:481bce714567 6751 XFCLOSE(file);
wolfSSL 7:481bce714567 6752 return FWRITE_ERROR;
wolfSSL 7:481bce714567 6753 }
wolfSSL 7:481bce714567 6754
wolfSSL 7:481bce714567 6755 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 6756 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 7:481bce714567 6757 XFCLOSE(file);
wolfSSL 7:481bce714567 6758 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 6759 }
wolfSSL 7:481bce714567 6760
wolfSSL 7:481bce714567 6761 /* session cache */
wolfSSL 7:481bce714567 6762 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 7:481bce714567 6763 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 7:481bce714567 6764 if (ret != 1) {
wolfSSL 7:481bce714567 6765 WOLFSSL_MSG("Session cache member file write failed");
wolfSSL 7:481bce714567 6766 rc = FWRITE_ERROR;
wolfSSL 7:481bce714567 6767 break;
wolfSSL 7:481bce714567 6768 }
wolfSSL 7:481bce714567 6769 }
wolfSSL 7:481bce714567 6770
wolfSSL 7:481bce714567 6771 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6772 /* client cache */
wolfSSL 7:481bce714567 6773 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 7:481bce714567 6774 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 7:481bce714567 6775 if (ret != 1) {
wolfSSL 7:481bce714567 6776 WOLFSSL_MSG("Client cache member file write failed");
wolfSSL 7:481bce714567 6777 rc = FWRITE_ERROR;
wolfSSL 7:481bce714567 6778 break;
wolfSSL 7:481bce714567 6779 }
wolfSSL 7:481bce714567 6780 }
wolfSSL 7:481bce714567 6781 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 6782
wolfSSL 7:481bce714567 6783 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 6784
wolfSSL 7:481bce714567 6785 XFCLOSE(file);
wolfSSL 7:481bce714567 6786 WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
wolfSSL 7:481bce714567 6787
wolfSSL 7:481bce714567 6788 return rc;
wolfSSL 7:481bce714567 6789 }
wolfSSL 7:481bce714567 6790
wolfSSL 7:481bce714567 6791
wolfSSL 7:481bce714567 6792 /* Restore the persistent session cache from file */
wolfSSL 7:481bce714567 6793 /* doesn't use memstore because of additional memory use */
wolfSSL 7:481bce714567 6794 int wolfSSL_restore_session_cache(const char *fname)
wolfSSL 7:481bce714567 6795 {
wolfSSL 7:481bce714567 6796 XFILE file;
wolfSSL 7:481bce714567 6797 int rc = SSL_SUCCESS;
wolfSSL 7:481bce714567 6798 int ret;
wolfSSL 7:481bce714567 6799 int i;
wolfSSL 7:481bce714567 6800 cache_header_t cache_header;
wolfSSL 7:481bce714567 6801
wolfSSL 7:481bce714567 6802 WOLFSSL_ENTER("wolfSSL_restore_session_cache");
wolfSSL 7:481bce714567 6803
wolfSSL 7:481bce714567 6804 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 6805 if (file == XBADFILE) {
wolfSSL 7:481bce714567 6806 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 7:481bce714567 6807 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 6808 }
wolfSSL 7:481bce714567 6809 /* cache header */
wolfSSL 7:481bce714567 6810 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 7:481bce714567 6811 if (ret != 1) {
wolfSSL 7:481bce714567 6812 WOLFSSL_MSG("Session cache header file read failed");
wolfSSL 7:481bce714567 6813 XFCLOSE(file);
wolfSSL 7:481bce714567 6814 return FREAD_ERROR;
wolfSSL 7:481bce714567 6815 }
wolfSSL 7:481bce714567 6816 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 7:481bce714567 6817 cache_header.rows != SESSION_ROWS ||
wolfSSL 7:481bce714567 6818 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 7:481bce714567 6819 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 7:481bce714567 6820
wolfSSL 7:481bce714567 6821 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 7:481bce714567 6822 XFCLOSE(file);
wolfSSL 7:481bce714567 6823 return CACHE_MATCH_ERROR;
wolfSSL 7:481bce714567 6824 }
wolfSSL 7:481bce714567 6825
wolfSSL 7:481bce714567 6826 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 6827 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 7:481bce714567 6828 XFCLOSE(file);
wolfSSL 7:481bce714567 6829 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 6830 }
wolfSSL 7:481bce714567 6831
wolfSSL 7:481bce714567 6832 /* session cache */
wolfSSL 7:481bce714567 6833 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 7:481bce714567 6834 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 7:481bce714567 6835 if (ret != 1) {
wolfSSL 7:481bce714567 6836 WOLFSSL_MSG("Session cache member file read failed");
wolfSSL 7:481bce714567 6837 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 7:481bce714567 6838 rc = FREAD_ERROR;
wolfSSL 7:481bce714567 6839 break;
wolfSSL 7:481bce714567 6840 }
wolfSSL 7:481bce714567 6841 }
wolfSSL 7:481bce714567 6842
wolfSSL 7:481bce714567 6843 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 6844 /* client cache */
wolfSSL 7:481bce714567 6845 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 7:481bce714567 6846 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 7:481bce714567 6847 if (ret != 1) {
wolfSSL 7:481bce714567 6848 WOLFSSL_MSG("Client cache member file read failed");
wolfSSL 7:481bce714567 6849 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 7:481bce714567 6850 rc = FREAD_ERROR;
wolfSSL 7:481bce714567 6851 break;
wolfSSL 7:481bce714567 6852 }
wolfSSL 7:481bce714567 6853 }
wolfSSL 7:481bce714567 6854
wolfSSL 7:481bce714567 6855 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 6856
wolfSSL 7:481bce714567 6857 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 6858
wolfSSL 7:481bce714567 6859 XFCLOSE(file);
wolfSSL 7:481bce714567 6860 WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
wolfSSL 7:481bce714567 6861
wolfSSL 7:481bce714567 6862 return rc;
wolfSSL 7:481bce714567 6863 }
wolfSSL 7:481bce714567 6864
wolfSSL 7:481bce714567 6865 #endif /* !NO_FILESYSTEM */
wolfSSL 7:481bce714567 6866 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 7:481bce714567 6867 #endif /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 6868
wolfSSL 7:481bce714567 6869
wolfSSL 7:481bce714567 6870 void wolfSSL_load_error_strings(void) /* compatibility only */
wolfSSL 7:481bce714567 6871 {}
wolfSSL 7:481bce714567 6872
wolfSSL 7:481bce714567 6873
wolfSSL 7:481bce714567 6874 int wolfSSL_library_init(void)
wolfSSL 7:481bce714567 6875 {
wolfSSL 7:481bce714567 6876 WOLFSSL_ENTER("SSL_library_init");
wolfSSL 7:481bce714567 6877 if (wolfSSL_Init() == SSL_SUCCESS)
wolfSSL 7:481bce714567 6878 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6879 else
wolfSSL 7:481bce714567 6880 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 6881 }
wolfSSL 7:481bce714567 6882
wolfSSL 7:481bce714567 6883
wolfSSL 7:481bce714567 6884 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 7:481bce714567 6885
wolfSSL 7:481bce714567 6886 int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
wolfSSL 7:481bce714567 6887 {
wolfSSL 7:481bce714567 6888 WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
wolfSSL 7:481bce714567 6889 if (ssl == NULL)
wolfSSL 7:481bce714567 6890 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 6891
wolfSSL 7:481bce714567 6892 ssl->sessionSecretCb = cb;
wolfSSL 7:481bce714567 6893 ssl->sessionSecretCtx = ctx;
wolfSSL 7:481bce714567 6894 /* If using a pre-set key, assume session resumption. */
wolfSSL 7:481bce714567 6895 ssl->session.sessionIDSz = 0;
wolfSSL 7:481bce714567 6896 ssl->options.resuming = 1;
wolfSSL 7:481bce714567 6897
wolfSSL 7:481bce714567 6898 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6899 }
wolfSSL 7:481bce714567 6900
wolfSSL 7:481bce714567 6901 #endif
wolfSSL 7:481bce714567 6902
wolfSSL 7:481bce714567 6903
wolfSSL 7:481bce714567 6904 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 6905
wolfSSL 7:481bce714567 6906 /* on by default if built in but allow user to turn off */
wolfSSL 7:481bce714567 6907 long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 7:481bce714567 6908 {
wolfSSL 7:481bce714567 6909 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 7:481bce714567 6910 if (mode == SSL_SESS_CACHE_OFF)
wolfSSL 7:481bce714567 6911 ctx->sessionCacheOff = 1;
wolfSSL 7:481bce714567 6912
wolfSSL 7:481bce714567 6913 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
wolfSSL 7:481bce714567 6914 ctx->sessionCacheFlushOff = 1;
wolfSSL 7:481bce714567 6915
wolfSSL 7:481bce714567 6916 return SSL_SUCCESS;
wolfSSL 7:481bce714567 6917 }
wolfSSL 7:481bce714567 6918
wolfSSL 7:481bce714567 6919 #endif /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 6920
wolfSSL 7:481bce714567 6921
wolfSSL 7:481bce714567 6922 #if !defined(NO_CERTS)
wolfSSL 7:481bce714567 6923 #if defined(PERSIST_CERT_CACHE)
wolfSSL 7:481bce714567 6924
wolfSSL 7:481bce714567 6925
wolfSSL 7:481bce714567 6926 #define WOLFSSL_CACHE_CERT_VERSION 1
wolfSSL 7:481bce714567 6927
wolfSSL 7:481bce714567 6928 typedef struct {
wolfSSL 7:481bce714567 6929 int version; /* cache cert layout version id */
wolfSSL 7:481bce714567 6930 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 7:481bce714567 6931 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 7:481bce714567 6932 int signerSz; /* sizeof Signer object */
wolfSSL 7:481bce714567 6933 } CertCacheHeader;
wolfSSL 7:481bce714567 6934
wolfSSL 7:481bce714567 6935 /* current cert persistence layout is:
wolfSSL 7:481bce714567 6936
wolfSSL 7:481bce714567 6937 1) CertCacheHeader
wolfSSL 7:481bce714567 6938 2) caTable
wolfSSL 7:481bce714567 6939
wolfSSL 7:481bce714567 6940 update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 7:481bce714567 6941 PERSIST_CERT_CACHE functions
wolfSSL 7:481bce714567 6942 */
wolfSSL 7:481bce714567 6943
wolfSSL 7:481bce714567 6944
wolfSSL 7:481bce714567 6945 /* Return memory needed to persist this signer, have lock */
wolfSSL 7:481bce714567 6946 static INLINE int GetSignerMemory(Signer* signer)
wolfSSL 7:481bce714567 6947 {
wolfSSL 7:481bce714567 6948 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 7:481bce714567 6949 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 7:481bce714567 6950
wolfSSL 7:481bce714567 6951 #if !defined(NO_SKID)
wolfSSL 7:481bce714567 6952 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 7:481bce714567 6953 #endif
wolfSSL 7:481bce714567 6954
wolfSSL 7:481bce714567 6955 /* add dynamic bytes needed */
wolfSSL 7:481bce714567 6956 sz += signer->pubKeySize;
wolfSSL 7:481bce714567 6957 sz += signer->nameLen;
wolfSSL 7:481bce714567 6958
wolfSSL 7:481bce714567 6959 return sz;
wolfSSL 7:481bce714567 6960 }
wolfSSL 7:481bce714567 6961
wolfSSL 7:481bce714567 6962
wolfSSL 7:481bce714567 6963 /* Return memory needed to persist this row, have lock */
wolfSSL 7:481bce714567 6964 static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 7:481bce714567 6965 {
wolfSSL 7:481bce714567 6966 int sz = 0;
wolfSSL 7:481bce714567 6967
wolfSSL 7:481bce714567 6968 while (row) {
wolfSSL 7:481bce714567 6969 sz += GetSignerMemory(row);
wolfSSL 7:481bce714567 6970 row = row->next;
wolfSSL 7:481bce714567 6971 }
wolfSSL 7:481bce714567 6972
wolfSSL 7:481bce714567 6973 return sz;
wolfSSL 7:481bce714567 6974 }
wolfSSL 7:481bce714567 6975
wolfSSL 7:481bce714567 6976
wolfSSL 7:481bce714567 6977 /* get the size of persist cert cache, have lock */
wolfSSL 7:481bce714567 6978 static INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 6979 {
wolfSSL 7:481bce714567 6980 int sz;
wolfSSL 7:481bce714567 6981 int i;
wolfSSL 7:481bce714567 6982
wolfSSL 7:481bce714567 6983 sz = sizeof(CertCacheHeader);
wolfSSL 7:481bce714567 6984
wolfSSL 7:481bce714567 6985 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 7:481bce714567 6986 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 7:481bce714567 6987
wolfSSL 7:481bce714567 6988 return sz;
wolfSSL 7:481bce714567 6989 }
wolfSSL 7:481bce714567 6990
wolfSSL 7:481bce714567 6991
wolfSSL 7:481bce714567 6992 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 7:481bce714567 6993 static INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)
wolfSSL 7:481bce714567 6994 {
wolfSSL 7:481bce714567 6995 int i;
wolfSSL 7:481bce714567 6996 Signer* row;
wolfSSL 7:481bce714567 6997
wolfSSL 7:481bce714567 6998 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 7:481bce714567 6999 int count = 0;
wolfSSL 7:481bce714567 7000 row = cm->caTable[i];
wolfSSL 7:481bce714567 7001
wolfSSL 7:481bce714567 7002 while (row) {
wolfSSL 7:481bce714567 7003 ++count;
wolfSSL 7:481bce714567 7004 row = row->next;
wolfSSL 7:481bce714567 7005 }
wolfSSL 7:481bce714567 7006 columns[i] = count;
wolfSSL 7:481bce714567 7007 }
wolfSSL 7:481bce714567 7008 }
wolfSSL 7:481bce714567 7009
wolfSSL 7:481bce714567 7010
wolfSSL 7:481bce714567 7011 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 7:481bce714567 7012 < 0 on error, have lock */
wolfSSL 7:481bce714567 7013 static INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
wolfSSL 7:481bce714567 7014 int row, int listSz, const byte* end)
wolfSSL 7:481bce714567 7015 {
wolfSSL 7:481bce714567 7016 int idx = 0;
wolfSSL 7:481bce714567 7017
wolfSSL 7:481bce714567 7018 if (listSz < 0) {
wolfSSL 7:481bce714567 7019 WOLFSSL_MSG("Row header corrupted, negative value");
wolfSSL 7:481bce714567 7020 return PARSE_ERROR;
wolfSSL 7:481bce714567 7021 }
wolfSSL 7:481bce714567 7022
wolfSSL 7:481bce714567 7023 while (listSz) {
wolfSSL 7:481bce714567 7024 Signer* signer;
wolfSSL 7:481bce714567 7025 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 7:481bce714567 7026 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 7:481bce714567 7027 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 7:481bce714567 7028 #ifndef NO_SKID
wolfSSL 7:481bce714567 7029 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 7:481bce714567 7030 #endif
wolfSSL 7:481bce714567 7031
wolfSSL 7:481bce714567 7032 if (start + minSz > end) {
wolfSSL 7:481bce714567 7033 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 7:481bce714567 7034 return BUFFER_E;
wolfSSL 7:481bce714567 7035 }
wolfSSL 7:481bce714567 7036 signer = MakeSigner(cm->heap);
wolfSSL 7:481bce714567 7037 if (signer == NULL)
wolfSSL 7:481bce714567 7038 return MEMORY_E;
wolfSSL 7:481bce714567 7039
wolfSSL 7:481bce714567 7040 /* pubKeySize */
wolfSSL 7:481bce714567 7041 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 7:481bce714567 7042 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 7:481bce714567 7043
wolfSSL 7:481bce714567 7044 /* keyOID */
wolfSSL 7:481bce714567 7045 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 7:481bce714567 7046 idx += (int)sizeof(signer->keyOID);
wolfSSL 7:481bce714567 7047
wolfSSL 7:481bce714567 7048 /* pulicKey */
wolfSSL 7:481bce714567 7049 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 7:481bce714567 7050 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 7:481bce714567 7051 FreeSigner(signer, cm->heap);
wolfSSL 7:481bce714567 7052 return BUFFER_E;
wolfSSL 7:481bce714567 7053 }
wolfSSL 7:481bce714567 7054 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 7:481bce714567 7055 DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 7056 if (signer->publicKey == NULL) {
wolfSSL 7:481bce714567 7057 FreeSigner(signer, cm->heap);
wolfSSL 7:481bce714567 7058 return MEMORY_E;
wolfSSL 7:481bce714567 7059 }
wolfSSL 7:481bce714567 7060
wolfSSL 7:481bce714567 7061 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL 7:481bce714567 7062 idx += signer->pubKeySize;
wolfSSL 7:481bce714567 7063
wolfSSL 7:481bce714567 7064 /* nameLen */
wolfSSL 7:481bce714567 7065 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 7:481bce714567 7066 idx += (int)sizeof(signer->nameLen);
wolfSSL 7:481bce714567 7067
wolfSSL 7:481bce714567 7068 /* name */
wolfSSL 7:481bce714567 7069 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 7:481bce714567 7070 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 7:481bce714567 7071 FreeSigner(signer, cm->heap);
wolfSSL 7:481bce714567 7072 return BUFFER_E;
wolfSSL 7:481bce714567 7073 }
wolfSSL 7:481bce714567 7074 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 7:481bce714567 7075 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 7:481bce714567 7076 if (signer->name == NULL) {
wolfSSL 7:481bce714567 7077 FreeSigner(signer, cm->heap);
wolfSSL 7:481bce714567 7078 return MEMORY_E;
wolfSSL 7:481bce714567 7079 }
wolfSSL 7:481bce714567 7080
wolfSSL 7:481bce714567 7081 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 7:481bce714567 7082 idx += signer->nameLen;
wolfSSL 7:481bce714567 7083
wolfSSL 7:481bce714567 7084 /* subjectNameHash */
wolfSSL 7:481bce714567 7085 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 7086 idx += SIGNER_DIGEST_SIZE;
wolfSSL 7:481bce714567 7087
wolfSSL 7:481bce714567 7088 #ifndef NO_SKID
wolfSSL 7:481bce714567 7089 /* subjectKeyIdHash */
wolfSSL 7:481bce714567 7090 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 7091 idx += SIGNER_DIGEST_SIZE;
wolfSSL 7:481bce714567 7092 #endif
wolfSSL 7:481bce714567 7093
wolfSSL 7:481bce714567 7094 signer->next = cm->caTable[row];
wolfSSL 7:481bce714567 7095 cm->caTable[row] = signer;
wolfSSL 7:481bce714567 7096
wolfSSL 7:481bce714567 7097 --listSz;
wolfSSL 7:481bce714567 7098 }
wolfSSL 7:481bce714567 7099
wolfSSL 7:481bce714567 7100 return idx;
wolfSSL 7:481bce714567 7101 }
wolfSSL 7:481bce714567 7102
wolfSSL 7:481bce714567 7103
wolfSSL 7:481bce714567 7104 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 7:481bce714567 7105 static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 7:481bce714567 7106 {
wolfSSL 7:481bce714567 7107 int added = 0;
wolfSSL 7:481bce714567 7108 Signer* list = cm->caTable[row];
wolfSSL 7:481bce714567 7109
wolfSSL 7:481bce714567 7110 while (list) {
wolfSSL 7:481bce714567 7111 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 7:481bce714567 7112 added += (int)sizeof(list->pubKeySize);
wolfSSL 7:481bce714567 7113
wolfSSL 7:481bce714567 7114 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 7:481bce714567 7115 added += (int)sizeof(list->keyOID);
wolfSSL 7:481bce714567 7116
wolfSSL 7:481bce714567 7117 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 7:481bce714567 7118 added += list->pubKeySize;
wolfSSL 7:481bce714567 7119
wolfSSL 7:481bce714567 7120 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 7:481bce714567 7121 added += (int)sizeof(list->nameLen);
wolfSSL 7:481bce714567 7122
wolfSSL 7:481bce714567 7123 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 7:481bce714567 7124 added += list->nameLen;
wolfSSL 7:481bce714567 7125
wolfSSL 7:481bce714567 7126 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 7127 added += SIGNER_DIGEST_SIZE;
wolfSSL 7:481bce714567 7128
wolfSSL 7:481bce714567 7129 #ifndef NO_SKID
wolfSSL 7:481bce714567 7130 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 7:481bce714567 7131 added += SIGNER_DIGEST_SIZE;
wolfSSL 7:481bce714567 7132 #endif
wolfSSL 7:481bce714567 7133
wolfSSL 7:481bce714567 7134 list = list->next;
wolfSSL 7:481bce714567 7135 }
wolfSSL 7:481bce714567 7136
wolfSSL 7:481bce714567 7137 return added;
wolfSSL 7:481bce714567 7138 }
wolfSSL 7:481bce714567 7139
wolfSSL 7:481bce714567 7140
wolfSSL 7:481bce714567 7141 /* Persist cert cache to memory, have lock */
wolfSSL 7:481bce714567 7142 static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 7:481bce714567 7143 void* mem, int sz)
wolfSSL 7:481bce714567 7144 {
wolfSSL 7:481bce714567 7145 int realSz;
wolfSSL 7:481bce714567 7146 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 7147 int i;
wolfSSL 7:481bce714567 7148
wolfSSL 7:481bce714567 7149 WOLFSSL_ENTER("DoMemSaveCertCache");
wolfSSL 7:481bce714567 7150
wolfSSL 7:481bce714567 7151 realSz = GetCertCacheMemSize(cm);
wolfSSL 7:481bce714567 7152 if (realSz > sz) {
wolfSSL 7:481bce714567 7153 WOLFSSL_MSG("Mem output buffer too small");
wolfSSL 7:481bce714567 7154 ret = BUFFER_E;
wolfSSL 7:481bce714567 7155 }
wolfSSL 7:481bce714567 7156 else {
wolfSSL 7:481bce714567 7157 byte* current;
wolfSSL 7:481bce714567 7158 CertCacheHeader hdr;
wolfSSL 7:481bce714567 7159
wolfSSL 7:481bce714567 7160 hdr.version = WOLFSSL_CACHE_CERT_VERSION;
wolfSSL 7:481bce714567 7161 hdr.rows = CA_TABLE_SIZE;
wolfSSL 7:481bce714567 7162 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 7:481bce714567 7163 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 7:481bce714567 7164
wolfSSL 7:481bce714567 7165 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 7:481bce714567 7166 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 7:481bce714567 7167
wolfSSL 7:481bce714567 7168 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 7:481bce714567 7169 current += StoreCertRow(cm, current, i);
wolfSSL 7:481bce714567 7170 }
wolfSSL 7:481bce714567 7171
wolfSSL 7:481bce714567 7172 return ret;
wolfSSL 7:481bce714567 7173 }
wolfSSL 7:481bce714567 7174
wolfSSL 7:481bce714567 7175
wolfSSL 7:481bce714567 7176 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 7177
wolfSSL 7:481bce714567 7178 /* Persist cert cache to file */
wolfSSL 7:481bce714567 7179 int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 7:481bce714567 7180 {
wolfSSL 7:481bce714567 7181 XFILE file;
wolfSSL 7:481bce714567 7182 int rc = SSL_SUCCESS;
wolfSSL 7:481bce714567 7183 int memSz;
wolfSSL 7:481bce714567 7184 byte* mem;
wolfSSL 7:481bce714567 7185
wolfSSL 7:481bce714567 7186 WOLFSSL_ENTER("CM_SaveCertCache");
wolfSSL 7:481bce714567 7187
wolfSSL 7:481bce714567 7188 file = XFOPEN(fname, "w+b");
wolfSSL 7:481bce714567 7189 if (file == XBADFILE) {
wolfSSL 7:481bce714567 7190 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 7:481bce714567 7191 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 7192 }
wolfSSL 7:481bce714567 7193
wolfSSL 7:481bce714567 7194 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 7:481bce714567 7195 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 7:481bce714567 7196 XFCLOSE(file);
wolfSSL 7:481bce714567 7197 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 7198 }
wolfSSL 7:481bce714567 7199
wolfSSL 7:481bce714567 7200 memSz = GetCertCacheMemSize(cm);
wolfSSL 7:481bce714567 7201 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7202 if (mem == NULL) {
wolfSSL 7:481bce714567 7203 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 7:481bce714567 7204 rc = MEMORY_E;
wolfSSL 7:481bce714567 7205 } else {
wolfSSL 7:481bce714567 7206 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 7:481bce714567 7207 if (rc == SSL_SUCCESS) {
wolfSSL 7:481bce714567 7208 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 7:481bce714567 7209 if (ret != 1) {
wolfSSL 7:481bce714567 7210 WOLFSSL_MSG("Cert cache file write failed");
wolfSSL 7:481bce714567 7211 rc = FWRITE_ERROR;
wolfSSL 7:481bce714567 7212 }
wolfSSL 7:481bce714567 7213 }
wolfSSL 7:481bce714567 7214 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7215 }
wolfSSL 7:481bce714567 7216
wolfSSL 7:481bce714567 7217 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 7218 XFCLOSE(file);
wolfSSL 7:481bce714567 7219
wolfSSL 7:481bce714567 7220 return rc;
wolfSSL 7:481bce714567 7221 }
wolfSSL 7:481bce714567 7222
wolfSSL 7:481bce714567 7223
wolfSSL 7:481bce714567 7224 /* Restore cert cache from file */
wolfSSL 7:481bce714567 7225 int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 7:481bce714567 7226 {
wolfSSL 7:481bce714567 7227 XFILE file;
wolfSSL 7:481bce714567 7228 int rc = SSL_SUCCESS;
wolfSSL 7:481bce714567 7229 int ret;
wolfSSL 7:481bce714567 7230 int memSz;
wolfSSL 7:481bce714567 7231 byte* mem;
wolfSSL 7:481bce714567 7232
wolfSSL 7:481bce714567 7233 WOLFSSL_ENTER("CM_RestoreCertCache");
wolfSSL 7:481bce714567 7234
wolfSSL 7:481bce714567 7235 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 7236 if (file == XBADFILE) {
wolfSSL 7:481bce714567 7237 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 7:481bce714567 7238 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 7239 }
wolfSSL 7:481bce714567 7240
wolfSSL 7:481bce714567 7241 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 7242 memSz = (int)XFTELL(file);
wolfSSL 7:481bce714567 7243 XREWIND(file);
wolfSSL 7:481bce714567 7244
wolfSSL 7:481bce714567 7245 if (memSz <= 0) {
wolfSSL 7:481bce714567 7246 WOLFSSL_MSG("Bad file size");
wolfSSL 7:481bce714567 7247 XFCLOSE(file);
wolfSSL 7:481bce714567 7248 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 7249 }
wolfSSL 7:481bce714567 7250
wolfSSL 7:481bce714567 7251 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7252 if (mem == NULL) {
wolfSSL 7:481bce714567 7253 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 7:481bce714567 7254 XFCLOSE(file);
wolfSSL 7:481bce714567 7255 return MEMORY_E;
wolfSSL 7:481bce714567 7256 }
wolfSSL 7:481bce714567 7257
wolfSSL 7:481bce714567 7258 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 7:481bce714567 7259 if (ret != 1) {
wolfSSL 7:481bce714567 7260 WOLFSSL_MSG("Cert file read error");
wolfSSL 7:481bce714567 7261 rc = FREAD_ERROR;
wolfSSL 7:481bce714567 7262 } else {
wolfSSL 7:481bce714567 7263 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 7:481bce714567 7264 if (rc != SSL_SUCCESS) {
wolfSSL 7:481bce714567 7265 WOLFSSL_MSG("Mem restore cert cache failed");
wolfSSL 7:481bce714567 7266 }
wolfSSL 7:481bce714567 7267 }
wolfSSL 7:481bce714567 7268
wolfSSL 7:481bce714567 7269 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7270 XFCLOSE(file);
wolfSSL 7:481bce714567 7271
wolfSSL 7:481bce714567 7272 return rc;
wolfSSL 7:481bce714567 7273 }
wolfSSL 7:481bce714567 7274
wolfSSL 7:481bce714567 7275 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 7276
wolfSSL 7:481bce714567 7277
wolfSSL 7:481bce714567 7278 /* Persist cert cache to memory */
wolfSSL 7:481bce714567 7279 int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 7:481bce714567 7280 {
wolfSSL 7:481bce714567 7281 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 7282
wolfSSL 7:481bce714567 7283 WOLFSSL_ENTER("CM_MemSaveCertCache");
wolfSSL 7:481bce714567 7284
wolfSSL 7:481bce714567 7285 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 7:481bce714567 7286 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 7:481bce714567 7287 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 7288 }
wolfSSL 7:481bce714567 7289
wolfSSL 7:481bce714567 7290 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 7:481bce714567 7291 if (ret == SSL_SUCCESS)
wolfSSL 7:481bce714567 7292 *used = GetCertCacheMemSize(cm);
wolfSSL 7:481bce714567 7293
wolfSSL 7:481bce714567 7294 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 7295
wolfSSL 7:481bce714567 7296 return ret;
wolfSSL 7:481bce714567 7297 }
wolfSSL 7:481bce714567 7298
wolfSSL 7:481bce714567 7299
wolfSSL 7:481bce714567 7300 /* Restore cert cache from memory */
wolfSSL 7:481bce714567 7301 int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 7:481bce714567 7302 {
wolfSSL 7:481bce714567 7303 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 7304 int i;
wolfSSL 7:481bce714567 7305 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 7:481bce714567 7306 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 7:481bce714567 7307 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 7:481bce714567 7308
wolfSSL 7:481bce714567 7309 WOLFSSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 7:481bce714567 7310
wolfSSL 7:481bce714567 7311 if (current > end) {
wolfSSL 7:481bce714567 7312 WOLFSSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 7:481bce714567 7313 return BUFFER_E;
wolfSSL 7:481bce714567 7314 }
wolfSSL 7:481bce714567 7315
wolfSSL 7:481bce714567 7316 if (hdr->version != WOLFSSL_CACHE_CERT_VERSION ||
wolfSSL 7:481bce714567 7317 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 7:481bce714567 7318 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 7:481bce714567 7319
wolfSSL 7:481bce714567 7320 WOLFSSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 7:481bce714567 7321 return CACHE_MATCH_ERROR;
wolfSSL 7:481bce714567 7322 }
wolfSSL 7:481bce714567 7323
wolfSSL 7:481bce714567 7324 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 7:481bce714567 7325 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 7:481bce714567 7326 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 7327 }
wolfSSL 7:481bce714567 7328
wolfSSL 7:481bce714567 7329 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 7:481bce714567 7330
wolfSSL 7:481bce714567 7331 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 7:481bce714567 7332 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 7:481bce714567 7333 if (added < 0) {
wolfSSL 7:481bce714567 7334 WOLFSSL_MSG("RestoreCertRow error");
wolfSSL 7:481bce714567 7335 ret = added;
wolfSSL 7:481bce714567 7336 break;
wolfSSL 7:481bce714567 7337 }
wolfSSL 7:481bce714567 7338 current += added;
wolfSSL 7:481bce714567 7339 }
wolfSSL 7:481bce714567 7340
wolfSSL 7:481bce714567 7341 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 7342
wolfSSL 7:481bce714567 7343 return ret;
wolfSSL 7:481bce714567 7344 }
wolfSSL 7:481bce714567 7345
wolfSSL 7:481bce714567 7346
wolfSSL 7:481bce714567 7347 /* get how big the the cert cache save buffer needs to be */
wolfSSL 7:481bce714567 7348 int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 7:481bce714567 7349 {
wolfSSL 7:481bce714567 7350 int sz;
wolfSSL 7:481bce714567 7351
wolfSSL 7:481bce714567 7352 WOLFSSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 7:481bce714567 7353
wolfSSL 7:481bce714567 7354 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 7:481bce714567 7355 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 7:481bce714567 7356 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 7357 }
wolfSSL 7:481bce714567 7358
wolfSSL 7:481bce714567 7359 sz = GetCertCacheMemSize(cm);
wolfSSL 7:481bce714567 7360
wolfSSL 7:481bce714567 7361 wc_UnLockMutex(&cm->caLock);
wolfSSL 7:481bce714567 7362
wolfSSL 7:481bce714567 7363 return sz;
wolfSSL 7:481bce714567 7364 }
wolfSSL 7:481bce714567 7365
wolfSSL 7:481bce714567 7366 #endif /* PERSIST_CERT_CACHE */
wolfSSL 7:481bce714567 7367 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 7368
wolfSSL 7:481bce714567 7369
wolfSSL 7:481bce714567 7370 int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
wolfSSL 7:481bce714567 7371 {
wolfSSL 7:481bce714567 7372 WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list");
wolfSSL 7:481bce714567 7373
wolfSSL 7:481bce714567 7374 /* alloc/init on demand only */
wolfSSL 7:481bce714567 7375 if (ctx->suites == NULL) {
wolfSSL 7:481bce714567 7376 ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
wolfSSL 7:481bce714567 7377 DYNAMIC_TYPE_SUITES);
wolfSSL 7:481bce714567 7378 if (ctx->suites == NULL) {
wolfSSL 7:481bce714567 7379 WOLFSSL_MSG("Memory alloc for Suites failed");
wolfSSL 7:481bce714567 7380 return SSL_FAILURE;
wolfSSL 7:481bce714567 7381 }
wolfSSL 7:481bce714567 7382 XMEMSET(ctx->suites, 0, sizeof(Suites));
wolfSSL 7:481bce714567 7383 }
wolfSSL 7:481bce714567 7384
wolfSSL 7:481bce714567 7385 return (SetCipherList(ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 7:481bce714567 7386 }
wolfSSL 7:481bce714567 7387
wolfSSL 7:481bce714567 7388
wolfSSL 7:481bce714567 7389 int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
wolfSSL 7:481bce714567 7390 {
wolfSSL 7:481bce714567 7391 WOLFSSL_ENTER("wolfSSL_set_cipher_list");
wolfSSL 7:481bce714567 7392 return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 7:481bce714567 7393 }
wolfSSL 7:481bce714567 7394
wolfSSL 7:481bce714567 7395
wolfSSL 7:481bce714567 7396 #ifndef WOLFSSL_LEANPSK
wolfSSL 7:481bce714567 7397 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7398
wolfSSL 7:481bce714567 7399 int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl)
wolfSSL 7:481bce714567 7400 {
wolfSSL 7:481bce714567 7401 (void)ssl;
wolfSSL 7:481bce714567 7402
wolfSSL 7:481bce714567 7403 return ssl->dtls_timeout;
wolfSSL 7:481bce714567 7404 }
wolfSSL 7:481bce714567 7405
wolfSSL 7:481bce714567 7406
wolfSSL 7:481bce714567 7407 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 7408 int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
wolfSSL 7:481bce714567 7409 {
wolfSSL 7:481bce714567 7410 if (ssl == NULL || timeout < 0)
wolfSSL 7:481bce714567 7411 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7412
wolfSSL 7:481bce714567 7413 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 7:481bce714567 7414 WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 7:481bce714567 7415 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7416 }
wolfSSL 7:481bce714567 7417
wolfSSL 7:481bce714567 7418 ssl->dtls_timeout_init = timeout;
wolfSSL 7:481bce714567 7419 ssl->dtls_timeout = timeout;
wolfSSL 7:481bce714567 7420
wolfSSL 7:481bce714567 7421 return SSL_SUCCESS;
wolfSSL 7:481bce714567 7422 }
wolfSSL 7:481bce714567 7423
wolfSSL 7:481bce714567 7424
wolfSSL 7:481bce714567 7425 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 7426 int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout)
wolfSSL 7:481bce714567 7427 {
wolfSSL 7:481bce714567 7428 if (ssl == NULL || timeout < 0)
wolfSSL 7:481bce714567 7429 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7430
wolfSSL 7:481bce714567 7431 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 7:481bce714567 7432 WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 7:481bce714567 7433 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7434 }
wolfSSL 7:481bce714567 7435
wolfSSL 7:481bce714567 7436 ssl->dtls_timeout_max = timeout;
wolfSSL 7:481bce714567 7437
wolfSSL 7:481bce714567 7438 return SSL_SUCCESS;
wolfSSL 7:481bce714567 7439 }
wolfSSL 7:481bce714567 7440
wolfSSL 7:481bce714567 7441
wolfSSL 7:481bce714567 7442 int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
wolfSSL 7:481bce714567 7443 {
wolfSSL 7:481bce714567 7444 int result = SSL_SUCCESS;
wolfSSL 7:481bce714567 7445
wolfSSL 7:481bce714567 7446 if (!ssl->options.handShakeDone &&
wolfSSL 7:481bce714567 7447 (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) {
wolfSSL 7:481bce714567 7448
wolfSSL 7:481bce714567 7449 result = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7450 }
wolfSSL 7:481bce714567 7451 return result;
wolfSSL 7:481bce714567 7452 }
wolfSSL 7:481bce714567 7453
wolfSSL 7:481bce714567 7454 #endif /* DTLS */
wolfSSL 7:481bce714567 7455 #endif /* LEANPSK */
wolfSSL 7:481bce714567 7456
wolfSSL 7:481bce714567 7457
wolfSSL 7:481bce714567 7458 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 7:481bce714567 7459
wolfSSL 7:481bce714567 7460 /* Not an SSL function, return 0 for success, error code otherwise */
wolfSSL 7:481bce714567 7461 /* Prereq: ssl's RNG needs to be initialized. */
wolfSSL 7:481bce714567 7462 int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
wolfSSL 7:481bce714567 7463 const byte* secret, word32 secretSz)
wolfSSL 7:481bce714567 7464 {
wolfSSL 7:481bce714567 7465 WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret");
wolfSSL 7:481bce714567 7466
wolfSSL 7:481bce714567 7467 if (ssl == NULL) {
wolfSSL 7:481bce714567 7468 WOLFSSL_MSG("need a SSL object");
wolfSSL 7:481bce714567 7469 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7470 }
wolfSSL 7:481bce714567 7471
wolfSSL 7:481bce714567 7472 if (secret != NULL && secretSz == 0) {
wolfSSL 7:481bce714567 7473 WOLFSSL_MSG("can't have a new secret without a size");
wolfSSL 7:481bce714567 7474 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7475 }
wolfSSL 7:481bce714567 7476
wolfSSL 7:481bce714567 7477 /* If secretSz is 0, use the default size. */
wolfSSL 7:481bce714567 7478 if (secretSz == 0)
wolfSSL 7:481bce714567 7479 secretSz = COOKIE_SECRET_SZ;
wolfSSL 7:481bce714567 7480
wolfSSL 7:481bce714567 7481 if (secretSz != ssl->buffers.dtlsCookieSecret.length) {
wolfSSL 7:481bce714567 7482 byte* newSecret;
wolfSSL 7:481bce714567 7483
wolfSSL 7:481bce714567 7484 if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
wolfSSL 7:481bce714567 7485 ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 7:481bce714567 7486 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 7:481bce714567 7487 XFREE(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 7:481bce714567 7488 ssl->heap, DYNAMIC_TYPE_NONE);
wolfSSL 7:481bce714567 7489 }
wolfSSL 7:481bce714567 7490
wolfSSL 7:481bce714567 7491 newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 7:481bce714567 7492 if (newSecret == NULL) {
wolfSSL 7:481bce714567 7493 ssl->buffers.dtlsCookieSecret.buffer = NULL;
wolfSSL 7:481bce714567 7494 ssl->buffers.dtlsCookieSecret.length = 0;
wolfSSL 7:481bce714567 7495 WOLFSSL_MSG("couldn't allocate new cookie secret");
wolfSSL 7:481bce714567 7496 return MEMORY_ERROR;
wolfSSL 7:481bce714567 7497 }
wolfSSL 7:481bce714567 7498 ssl->buffers.dtlsCookieSecret.buffer = newSecret;
wolfSSL 7:481bce714567 7499 ssl->buffers.dtlsCookieSecret.length = secretSz;
wolfSSL 7:481bce714567 7500 }
wolfSSL 7:481bce714567 7501
wolfSSL 7:481bce714567 7502 /* If the supplied secret is NULL, randomly generate a new secret. */
wolfSSL 7:481bce714567 7503 if (secret == NULL)
wolfSSL 7:481bce714567 7504 wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 7:481bce714567 7505 ssl->buffers.dtlsCookieSecret.buffer, secretSz);
wolfSSL 7:481bce714567 7506 else
wolfSSL 7:481bce714567 7507 XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz);
wolfSSL 7:481bce714567 7508
wolfSSL 7:481bce714567 7509 WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0);
wolfSSL 7:481bce714567 7510 return 0;
wolfSSL 7:481bce714567 7511 }
wolfSSL 7:481bce714567 7512
wolfSSL 7:481bce714567 7513 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 7514
wolfSSL 7:481bce714567 7515 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 7516 WOLFSSL_METHOD* wolfSSLv23_method(void) {
wolfSSL 7:481bce714567 7517 WOLFSSL_METHOD* m;
wolfSSL 7:481bce714567 7518 WOLFSSL_ENTER("wolfSSLv23_method");
wolfSSL 7:481bce714567 7519 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7520 m = wolfSSLv23_client_method();
wolfSSL 7:481bce714567 7521 #else
wolfSSL 7:481bce714567 7522 m = wolfSSLv23_server_method();
wolfSSL 7:481bce714567 7523 #endif
wolfSSL 7:481bce714567 7524 if (m != NULL) {
wolfSSL 7:481bce714567 7525 m->side = WOLFSSL_NEITHER_END;
wolfSSL 7:481bce714567 7526 }
wolfSSL 7:481bce714567 7527
wolfSSL 7:481bce714567 7528 return m;
wolfSSL 7:481bce714567 7529 }
wolfSSL 7:481bce714567 7530 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 7531
wolfSSL 7:481bce714567 7532 /* client only parts */
wolfSSL 7:481bce714567 7533 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7534
wolfSSL 7:481bce714567 7535 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 7536 WOLFSSL_METHOD* wolfSSLv3_client_method(void)
wolfSSL 7:481bce714567 7537 {
wolfSSL 7:481bce714567 7538 WOLFSSL_ENTER("SSLv3_client_method");
wolfSSL 7:481bce714567 7539 return wolfSSLv3_client_method_ex(NULL);
wolfSSL 7:481bce714567 7540 }
wolfSSL 7:481bce714567 7541 #endif
wolfSSL 7:481bce714567 7542
wolfSSL 7:481bce714567 7543 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7544
wolfSSL 7:481bce714567 7545 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 7546 WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
wolfSSL 7:481bce714567 7547 {
wolfSSL 7:481bce714567 7548 WOLFSSL_ENTER("DTLSv1_client_method");
wolfSSL 7:481bce714567 7549 return wolfDTLSv1_client_method_ex(NULL);
wolfSSL 7:481bce714567 7550 }
wolfSSL 7:481bce714567 7551 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 7552
wolfSSL 7:481bce714567 7553 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
wolfSSL 7:481bce714567 7554 {
wolfSSL 7:481bce714567 7555 WOLFSSL_ENTER("DTLSv1_2_client_method");
wolfSSL 7:481bce714567 7556 return wolfDTLSv1_2_client_method_ex(NULL);
wolfSSL 7:481bce714567 7557 }
wolfSSL 7:481bce714567 7558 #endif
wolfSSL 7:481bce714567 7559
wolfSSL 7:481bce714567 7560 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 7561 WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap)
wolfSSL 7:481bce714567 7562 {
wolfSSL 7:481bce714567 7563 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7564 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7565 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7566 WOLFSSL_ENTER("SSLv3_client_method_ex");
wolfSSL 7:481bce714567 7567 if (method)
wolfSSL 7:481bce714567 7568 InitSSL_Method(method, MakeSSLv3());
wolfSSL 7:481bce714567 7569 return method;
wolfSSL 7:481bce714567 7570 }
wolfSSL 7:481bce714567 7571 #endif
wolfSSL 7:481bce714567 7572
wolfSSL 7:481bce714567 7573 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7574
wolfSSL 7:481bce714567 7575 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 7576 WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap)
wolfSSL 7:481bce714567 7577 {
wolfSSL 7:481bce714567 7578 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7579 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7580 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7581 WOLFSSL_ENTER("DTLSv1_client_method_ex");
wolfSSL 7:481bce714567 7582 if (method)
wolfSSL 7:481bce714567 7583 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 7:481bce714567 7584 return method;
wolfSSL 7:481bce714567 7585 }
wolfSSL 7:481bce714567 7586 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 7587
wolfSSL 7:481bce714567 7588 WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap)
wolfSSL 7:481bce714567 7589 {
wolfSSL 7:481bce714567 7590 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7591 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7592 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7593 WOLFSSL_ENTER("DTLSv1_2_client_method_ex");
wolfSSL 7:481bce714567 7594 if (method)
wolfSSL 7:481bce714567 7595 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 7:481bce714567 7596 (void)heap;
wolfSSL 7:481bce714567 7597 return method;
wolfSSL 7:481bce714567 7598 }
wolfSSL 7:481bce714567 7599 #endif
wolfSSL 7:481bce714567 7600
wolfSSL 7:481bce714567 7601 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 7:481bce714567 7602 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 7:481bce714567 7603 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 7:481bce714567 7604 {
wolfSSL 7:481bce714567 7605 int result = ssl->options.dtls;
wolfSSL 7:481bce714567 7606
wolfSSL 7:481bce714567 7607 if (result) {
wolfSSL 7:481bce714567 7608 #ifdef WOLFSSL_SCTP
wolfSSL 7:481bce714567 7609 result = !ssl->options.dtlsSctp;
wolfSSL 7:481bce714567 7610 #endif
wolfSSL 7:481bce714567 7611 }
wolfSSL 7:481bce714567 7612
wolfSSL 7:481bce714567 7613 return result;
wolfSSL 7:481bce714567 7614 }
wolfSSL 7:481bce714567 7615
wolfSSL 7:481bce714567 7616 /* please see note at top of README if you get an error from connect */
wolfSSL 7:481bce714567 7617 int wolfSSL_connect(WOLFSSL* ssl)
wolfSSL 7:481bce714567 7618 {
wolfSSL 7:481bce714567 7619 int neededState;
wolfSSL 7:481bce714567 7620
wolfSSL 7:481bce714567 7621 WOLFSSL_ENTER("SSL_connect()");
wolfSSL 7:481bce714567 7622
wolfSSL 7:481bce714567 7623 #ifdef HAVE_ERRNO_H
wolfSSL 7:481bce714567 7624 errno = 0;
wolfSSL 7:481bce714567 7625 #endif
wolfSSL 7:481bce714567 7626
wolfSSL 7:481bce714567 7627 if (ssl == NULL)
wolfSSL 7:481bce714567 7628 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 7629
wolfSSL 7:481bce714567 7630 if (ssl->options.side != WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 7631 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 7:481bce714567 7632 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7633 }
wolfSSL 7:481bce714567 7634
wolfSSL 7:481bce714567 7635 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7636 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 7637 ssl->options.dtls = 1;
wolfSSL 7:481bce714567 7638 ssl->options.tls = 1;
wolfSSL 7:481bce714567 7639 ssl->options.tls1_1 = 1;
wolfSSL 7:481bce714567 7640 }
wolfSSL 7:481bce714567 7641 #endif
wolfSSL 7:481bce714567 7642
wolfSSL 7:481bce714567 7643 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 7:481bce714567 7644 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 7:481bce714567 7645 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 7:481bce714567 7646 * fragment, fragOffset is zero again, and the state can be
wolfSSL 7:481bce714567 7647 * advanced. */
wolfSSL 7:481bce714567 7648 if (ssl->fragOffset == 0) {
wolfSSL 7:481bce714567 7649 ssl->options.connectState++;
wolfSSL 7:481bce714567 7650 WOLFSSL_MSG("connect state: "
wolfSSL 7:481bce714567 7651 "Advanced from last buffered fragment send");
wolfSSL 7:481bce714567 7652 }
wolfSSL 7:481bce714567 7653 else {
wolfSSL 7:481bce714567 7654 WOLFSSL_MSG("connect state: "
wolfSSL 7:481bce714567 7655 "Not advanced, more fragments to send");
wolfSSL 7:481bce714567 7656 }
wolfSSL 7:481bce714567 7657 }
wolfSSL 7:481bce714567 7658 else {
wolfSSL 7:481bce714567 7659 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7660 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7661 }
wolfSSL 7:481bce714567 7662 }
wolfSSL 7:481bce714567 7663
wolfSSL 7:481bce714567 7664 switch (ssl->options.connectState) {
wolfSSL 7:481bce714567 7665
wolfSSL 7:481bce714567 7666 case CONNECT_BEGIN :
wolfSSL 7:481bce714567 7667 /* always send client hello first */
wolfSSL 7:481bce714567 7668 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 7:481bce714567 7669 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7670 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7671 }
wolfSSL 7:481bce714567 7672 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 7:481bce714567 7673 WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 7:481bce714567 7674
wolfSSL 7:481bce714567 7675 case CLIENT_HELLO_SENT :
wolfSSL 7:481bce714567 7676 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 7:481bce714567 7677 SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 7678 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7679 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 7:481bce714567 7680 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 7:481bce714567 7681 * we need the cookie exchange first. */
wolfSSL 7:481bce714567 7682 if (IsDtlsNotSctpMode(ssl))
wolfSSL 7:481bce714567 7683 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 7:481bce714567 7684 #endif
wolfSSL 7:481bce714567 7685 /* get response */
wolfSSL 7:481bce714567 7686 while (ssl->options.serverState < neededState) {
wolfSSL 7:481bce714567 7687 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 7688 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7689 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7690 }
wolfSSL 7:481bce714567 7691 /* if resumption failed, reset needed state */
wolfSSL 7:481bce714567 7692 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 7:481bce714567 7693 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 7694 if (!IsDtlsNotSctpMode(ssl))
wolfSSL 7:481bce714567 7695 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 7696 else
wolfSSL 7:481bce714567 7697 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 7:481bce714567 7698 }
wolfSSL 7:481bce714567 7699 }
wolfSSL 7:481bce714567 7700
wolfSSL 7:481bce714567 7701 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 7:481bce714567 7702 WOLFSSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 7:481bce714567 7703
wolfSSL 7:481bce714567 7704 case HELLO_AGAIN :
wolfSSL 7:481bce714567 7705 if (ssl->options.certOnly)
wolfSSL 7:481bce714567 7706 return SSL_SUCCESS;
wolfSSL 7:481bce714567 7707
wolfSSL 7:481bce714567 7708 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7709 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 7710 /* re-init hashes, exclude first hello and verify request */
wolfSSL 7:481bce714567 7711 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 7712 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 7:481bce714567 7713 if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
wolfSSL 7:481bce714567 7714 != 0) {
wolfSSL 7:481bce714567 7715 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7716 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7717 }
wolfSSL 7:481bce714567 7718 #endif
wolfSSL 7:481bce714567 7719 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 7720 #ifndef NO_SHA256
wolfSSL 7:481bce714567 7721 if ( (ssl->error = wc_InitSha256(
wolfSSL 7:481bce714567 7722 &ssl->hsHashes->hashSha256)) != 0) {
wolfSSL 7:481bce714567 7723 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7724 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7725 }
wolfSSL 7:481bce714567 7726 #endif
wolfSSL 7:481bce714567 7727 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 7728 if ( (ssl->error = wc_InitSha384(
wolfSSL 7:481bce714567 7729 &ssl->hsHashes->hashSha384)) != 0) {
wolfSSL 7:481bce714567 7730 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7731 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7732 }
wolfSSL 7:481bce714567 7733 #endif
wolfSSL 7:481bce714567 7734 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 7735 if ( (ssl->error = wc_InitSha512(
wolfSSL 7:481bce714567 7736 &ssl->hsHashes->hashSha512)) != 0) {
wolfSSL 7:481bce714567 7737 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7738 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7739 }
wolfSSL 7:481bce714567 7740 #endif
wolfSSL 7:481bce714567 7741 }
wolfSSL 7:481bce714567 7742 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 7:481bce714567 7743 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7744 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7745 }
wolfSSL 7:481bce714567 7746 }
wolfSSL 7:481bce714567 7747 #endif
wolfSSL 7:481bce714567 7748
wolfSSL 7:481bce714567 7749 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 7:481bce714567 7750 WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 7:481bce714567 7751
wolfSSL 7:481bce714567 7752 case HELLO_AGAIN_REPLY :
wolfSSL 7:481bce714567 7753 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7754 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 7755 neededState = ssl->options.resuming ?
wolfSSL 7:481bce714567 7756 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 7757
wolfSSL 7:481bce714567 7758 /* get response */
wolfSSL 7:481bce714567 7759 while (ssl->options.serverState < neededState) {
wolfSSL 7:481bce714567 7760 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 7761 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7762 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7763 }
wolfSSL 7:481bce714567 7764 /* if resumption failed, reset needed state */
wolfSSL 7:481bce714567 7765 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 7:481bce714567 7766 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 7767 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 7768 }
wolfSSL 7:481bce714567 7769 }
wolfSSL 7:481bce714567 7770 #endif
wolfSSL 7:481bce714567 7771
wolfSSL 7:481bce714567 7772 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 7:481bce714567 7773 WOLFSSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 7:481bce714567 7774
wolfSSL 7:481bce714567 7775 case FIRST_REPLY_DONE :
wolfSSL 7:481bce714567 7776 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7777 if (ssl->options.sendVerify) {
wolfSSL 7:481bce714567 7778 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 7:481bce714567 7779 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7780 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7781 }
wolfSSL 7:481bce714567 7782 WOLFSSL_MSG("sent: certificate");
wolfSSL 7:481bce714567 7783 }
wolfSSL 7:481bce714567 7784
wolfSSL 7:481bce714567 7785 #endif
wolfSSL 7:481bce714567 7786 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 7:481bce714567 7787 WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 7:481bce714567 7788
wolfSSL 7:481bce714567 7789 case FIRST_REPLY_FIRST :
wolfSSL 7:481bce714567 7790 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 7791 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 7:481bce714567 7792 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7793 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7794 }
wolfSSL 7:481bce714567 7795 WOLFSSL_MSG("sent: client key exchange");
wolfSSL 7:481bce714567 7796 }
wolfSSL 7:481bce714567 7797
wolfSSL 7:481bce714567 7798 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 7:481bce714567 7799 WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 7:481bce714567 7800
wolfSSL 7:481bce714567 7801 case FIRST_REPLY_SECOND :
wolfSSL 7:481bce714567 7802 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7803 if (ssl->options.sendVerify) {
wolfSSL 7:481bce714567 7804 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 7:481bce714567 7805 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7806 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7807 }
wolfSSL 7:481bce714567 7808 WOLFSSL_MSG("sent: certificate verify");
wolfSSL 7:481bce714567 7809 }
wolfSSL 7:481bce714567 7810 #endif
wolfSSL 7:481bce714567 7811 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 7:481bce714567 7812 WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 7:481bce714567 7813
wolfSSL 7:481bce714567 7814 case FIRST_REPLY_THIRD :
wolfSSL 7:481bce714567 7815 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 7:481bce714567 7816 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7817 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7818 }
wolfSSL 7:481bce714567 7819 WOLFSSL_MSG("sent: change cipher spec");
wolfSSL 7:481bce714567 7820 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 7:481bce714567 7821 WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 7:481bce714567 7822
wolfSSL 7:481bce714567 7823 case FIRST_REPLY_FOURTH :
wolfSSL 7:481bce714567 7824 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 7:481bce714567 7825 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7826 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7827 }
wolfSSL 7:481bce714567 7828 WOLFSSL_MSG("sent: finished");
wolfSSL 7:481bce714567 7829 ssl->options.connectState = FINISHED_DONE;
wolfSSL 7:481bce714567 7830 WOLFSSL_MSG("connect state: FINISHED_DONE");
wolfSSL 7:481bce714567 7831
wolfSSL 7:481bce714567 7832 case FINISHED_DONE :
wolfSSL 7:481bce714567 7833 /* get response */
wolfSSL 7:481bce714567 7834 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 7:481bce714567 7835 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 7836 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7837 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7838 }
wolfSSL 7:481bce714567 7839
wolfSSL 7:481bce714567 7840 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 7:481bce714567 7841 WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 7:481bce714567 7842
wolfSSL 7:481bce714567 7843 case SECOND_REPLY_DONE:
wolfSSL 7:481bce714567 7844 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 7:481bce714567 7845 if (ssl->hsDoneCb) {
wolfSSL 7:481bce714567 7846 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 7:481bce714567 7847 if (cbret < 0) {
wolfSSL 7:481bce714567 7848 ssl->error = cbret;
wolfSSL 7:481bce714567 7849 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 7:481bce714567 7850 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7851 }
wolfSSL 7:481bce714567 7852 }
wolfSSL 7:481bce714567 7853 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 7:481bce714567 7854
wolfSSL 7:481bce714567 7855 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 7856 FreeHandshakeResources(ssl);
wolfSSL 7:481bce714567 7857 }
wolfSSL 7:481bce714567 7858 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7859 else {
wolfSSL 7:481bce714567 7860 ssl->options.dtlsHsRetain = 1;
wolfSSL 7:481bce714567 7861 }
wolfSSL 7:481bce714567 7862 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 7863
wolfSSL 7:481bce714567 7864 WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL 7:481bce714567 7865 return SSL_SUCCESS;
wolfSSL 7:481bce714567 7866
wolfSSL 7:481bce714567 7867 default:
wolfSSL 7:481bce714567 7868 WOLFSSL_MSG("Unknown connect state ERROR");
wolfSSL 7:481bce714567 7869 return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 7:481bce714567 7870 }
wolfSSL 7:481bce714567 7871 }
wolfSSL 7:481bce714567 7872
wolfSSL 7:481bce714567 7873 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 7874
wolfSSL 7:481bce714567 7875
wolfSSL 7:481bce714567 7876 /* server only parts */
wolfSSL 7:481bce714567 7877 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7878
wolfSSL 7:481bce714567 7879 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 7880 WOLFSSL_METHOD* wolfSSLv3_server_method(void)
wolfSSL 7:481bce714567 7881 {
wolfSSL 7:481bce714567 7882 WOLFSSL_ENTER("SSLv3_server_method");
wolfSSL 7:481bce714567 7883 return wolfSSLv3_server_method_ex(NULL);
wolfSSL 7:481bce714567 7884 }
wolfSSL 7:481bce714567 7885 #endif
wolfSSL 7:481bce714567 7886
wolfSSL 7:481bce714567 7887
wolfSSL 7:481bce714567 7888 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7889
wolfSSL 7:481bce714567 7890 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 7891 WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
wolfSSL 7:481bce714567 7892 {
wolfSSL 7:481bce714567 7893 WOLFSSL_ENTER("DTLSv1_server_method");
wolfSSL 7:481bce714567 7894 return wolfDTLSv1_server_method_ex(NULL);
wolfSSL 7:481bce714567 7895 }
wolfSSL 7:481bce714567 7896 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 7897
wolfSSL 7:481bce714567 7898 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
wolfSSL 7:481bce714567 7899 {
wolfSSL 7:481bce714567 7900 WOLFSSL_ENTER("DTLSv1_2_server_method");
wolfSSL 7:481bce714567 7901 return wolfDTLSv1_2_server_method_ex(NULL);
wolfSSL 7:481bce714567 7902 }
wolfSSL 7:481bce714567 7903 #endif
wolfSSL 7:481bce714567 7904
wolfSSL 7:481bce714567 7905 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 7906 WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap)
wolfSSL 7:481bce714567 7907 {
wolfSSL 7:481bce714567 7908 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7909 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7910 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7911 WOLFSSL_ENTER("SSLv3_server_method_ex");
wolfSSL 7:481bce714567 7912 if (method) {
wolfSSL 7:481bce714567 7913 InitSSL_Method(method, MakeSSLv3());
wolfSSL 7:481bce714567 7914 method->side = WOLFSSL_SERVER_END;
wolfSSL 7:481bce714567 7915 }
wolfSSL 7:481bce714567 7916 return method;
wolfSSL 7:481bce714567 7917 }
wolfSSL 7:481bce714567 7918 #endif
wolfSSL 7:481bce714567 7919
wolfSSL 7:481bce714567 7920
wolfSSL 7:481bce714567 7921 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7922
wolfSSL 7:481bce714567 7923 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 7924 WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap)
wolfSSL 7:481bce714567 7925 {
wolfSSL 7:481bce714567 7926 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7927 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7928 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7929 WOLFSSL_ENTER("DTLSv1_server_method_ex");
wolfSSL 7:481bce714567 7930 if (method) {
wolfSSL 7:481bce714567 7931 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 7:481bce714567 7932 method->side = WOLFSSL_SERVER_END;
wolfSSL 7:481bce714567 7933 }
wolfSSL 7:481bce714567 7934 return method;
wolfSSL 7:481bce714567 7935 }
wolfSSL 7:481bce714567 7936 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 7937
wolfSSL 7:481bce714567 7938 WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap)
wolfSSL 7:481bce714567 7939 {
wolfSSL 7:481bce714567 7940 WOLFSSL_METHOD* method =
wolfSSL 7:481bce714567 7941 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 7:481bce714567 7942 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 7943 WOLFSSL_ENTER("DTLSv1_2_server_method_ex");
wolfSSL 7:481bce714567 7944 if (method) {
wolfSSL 7:481bce714567 7945 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 7:481bce714567 7946 method->side = WOLFSSL_SERVER_END;
wolfSSL 7:481bce714567 7947 }
wolfSSL 7:481bce714567 7948 (void)heap;
wolfSSL 7:481bce714567 7949 return method;
wolfSSL 7:481bce714567 7950 }
wolfSSL 7:481bce714567 7951 #endif
wolfSSL 7:481bce714567 7952
wolfSSL 7:481bce714567 7953 int wolfSSL_accept(WOLFSSL* ssl)
wolfSSL 7:481bce714567 7954 {
wolfSSL 7:481bce714567 7955 word16 havePSK = 0;
wolfSSL 7:481bce714567 7956 word16 haveAnon = 0;
wolfSSL 7:481bce714567 7957 WOLFSSL_ENTER("SSL_accept()");
wolfSSL 7:481bce714567 7958
wolfSSL 7:481bce714567 7959 #ifdef HAVE_ERRNO_H
wolfSSL 7:481bce714567 7960 errno = 0;
wolfSSL 7:481bce714567 7961 #endif
wolfSSL 7:481bce714567 7962
wolfSSL 7:481bce714567 7963 #ifndef NO_PSK
wolfSSL 7:481bce714567 7964 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 7965 #endif
wolfSSL 7:481bce714567 7966 (void)havePSK;
wolfSSL 7:481bce714567 7967
wolfSSL 7:481bce714567 7968 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 7969 haveAnon = ssl->options.haveAnon;
wolfSSL 7:481bce714567 7970 #endif
wolfSSL 7:481bce714567 7971 (void)haveAnon;
wolfSSL 7:481bce714567 7972
wolfSSL 7:481bce714567 7973 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 7974 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 7:481bce714567 7975 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7976 }
wolfSSL 7:481bce714567 7977
wolfSSL 7:481bce714567 7978 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7979 /* in case used set_accept_state after init */
wolfSSL 7:481bce714567 7980 if (!havePSK && !haveAnon &&
wolfSSL 7:481bce714567 7981 (!ssl->buffers.certificate ||
wolfSSL 7:481bce714567 7982 !ssl->buffers.certificate->buffer ||
wolfSSL 7:481bce714567 7983 !ssl->buffers.key ||
wolfSSL 7:481bce714567 7984 !ssl->buffers.key->buffer)) {
wolfSSL 7:481bce714567 7985 WOLFSSL_MSG("accept error: don't have server cert and key");
wolfSSL 7:481bce714567 7986 ssl->error = NO_PRIVATE_KEY;
wolfSSL 7:481bce714567 7987 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 7988 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 7989 }
wolfSSL 7:481bce714567 7990 #endif
wolfSSL 7:481bce714567 7991
wolfSSL 7:481bce714567 7992 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7993 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 7994 ssl->options.dtls = 1;
wolfSSL 7:481bce714567 7995 ssl->options.tls = 1;
wolfSSL 7:481bce714567 7996 ssl->options.tls1_1 = 1;
wolfSSL 7:481bce714567 7997 }
wolfSSL 7:481bce714567 7998 #endif
wolfSSL 7:481bce714567 7999
wolfSSL 7:481bce714567 8000 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 7:481bce714567 8001 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 7:481bce714567 8002 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 7:481bce714567 8003 * fragment, fragOffset is zero again, and the state can be
wolfSSL 7:481bce714567 8004 * advanced. */
wolfSSL 7:481bce714567 8005 if (ssl->fragOffset == 0) {
wolfSSL 7:481bce714567 8006 ssl->options.acceptState++;
wolfSSL 7:481bce714567 8007 WOLFSSL_MSG("accept state: "
wolfSSL 7:481bce714567 8008 "Advanced from last buffered fragment send");
wolfSSL 7:481bce714567 8009 }
wolfSSL 7:481bce714567 8010 else {
wolfSSL 7:481bce714567 8011 WOLFSSL_MSG("accept state: "
wolfSSL 7:481bce714567 8012 "Not advanced, more fragments to send");
wolfSSL 7:481bce714567 8013 }
wolfSSL 7:481bce714567 8014 }
wolfSSL 7:481bce714567 8015 else {
wolfSSL 7:481bce714567 8016 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8017 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8018 }
wolfSSL 7:481bce714567 8019 }
wolfSSL 7:481bce714567 8020
wolfSSL 7:481bce714567 8021 switch (ssl->options.acceptState) {
wolfSSL 7:481bce714567 8022
wolfSSL 7:481bce714567 8023 case ACCEPT_BEGIN :
wolfSSL 7:481bce714567 8024 /* get response */
wolfSSL 7:481bce714567 8025 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 7:481bce714567 8026 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 8027 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8028 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8029 }
wolfSSL 7:481bce714567 8030 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 7:481bce714567 8031 WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 7:481bce714567 8032
wolfSSL 7:481bce714567 8033 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 7:481bce714567 8034 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 7:481bce714567 8035 WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 7:481bce714567 8036
wolfSSL 7:481bce714567 8037 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 7:481bce714567 8038 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 7:481bce714567 8039 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8040 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8041 }
wolfSSL 7:481bce714567 8042 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 7:481bce714567 8043 WOLFSSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 7:481bce714567 8044
wolfSSL 7:481bce714567 8045 case SERVER_HELLO_SENT :
wolfSSL 7:481bce714567 8046 #ifndef NO_CERTS
wolfSSL 7:481bce714567 8047 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 8048 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 7:481bce714567 8049 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8050 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8051 }
wolfSSL 7:481bce714567 8052 #endif
wolfSSL 7:481bce714567 8053 ssl->options.acceptState = CERT_SENT;
wolfSSL 7:481bce714567 8054 WOLFSSL_MSG("accept state CERT_SENT");
wolfSSL 7:481bce714567 8055
wolfSSL 7:481bce714567 8056 case CERT_SENT :
wolfSSL 7:481bce714567 8057 #ifndef NO_CERTS
wolfSSL 7:481bce714567 8058 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 8059 if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
wolfSSL 7:481bce714567 8060 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8061 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8062 }
wolfSSL 7:481bce714567 8063 #endif
wolfSSL 7:481bce714567 8064 ssl->options.acceptState = CERT_STATUS_SENT;
wolfSSL 7:481bce714567 8065 WOLFSSL_MSG("accept state CERT_STATUS_SENT");
wolfSSL 7:481bce714567 8066
wolfSSL 7:481bce714567 8067 case CERT_STATUS_SENT :
wolfSSL 7:481bce714567 8068 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 8069 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 7:481bce714567 8070 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8071 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8072 }
wolfSSL 7:481bce714567 8073 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 7:481bce714567 8074 WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 7:481bce714567 8075
wolfSSL 7:481bce714567 8076 case KEY_EXCHANGE_SENT :
wolfSSL 7:481bce714567 8077 #ifndef NO_CERTS
wolfSSL 7:481bce714567 8078 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 8079 if (ssl->options.verifyPeer)
wolfSSL 7:481bce714567 8080 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 7:481bce714567 8081 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8082 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8083 }
wolfSSL 7:481bce714567 8084 #endif
wolfSSL 7:481bce714567 8085 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 7:481bce714567 8086 WOLFSSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 7:481bce714567 8087
wolfSSL 7:481bce714567 8088 case CERT_REQ_SENT :
wolfSSL 7:481bce714567 8089 if (!ssl->options.resuming)
wolfSSL 7:481bce714567 8090 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 7:481bce714567 8091 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8092 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8093 }
wolfSSL 7:481bce714567 8094 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 7:481bce714567 8095 WOLFSSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 7:481bce714567 8096
wolfSSL 7:481bce714567 8097 case SERVER_HELLO_DONE :
wolfSSL 7:481bce714567 8098 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 8099 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 7:481bce714567 8100 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 8101 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8102 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8103 }
wolfSSL 7:481bce714567 8104 }
wolfSSL 7:481bce714567 8105 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 7:481bce714567 8106 WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 7:481bce714567 8107
wolfSSL 7:481bce714567 8108 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 7:481bce714567 8109 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8110 if (ssl->options.createTicket) {
wolfSSL 7:481bce714567 8111 if ( (ssl->error = SendTicket(ssl)) != 0) {
wolfSSL 7:481bce714567 8112 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8113 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8114 }
wolfSSL 7:481bce714567 8115 }
wolfSSL 7:481bce714567 8116 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 8117 ssl->options.acceptState = TICKET_SENT;
wolfSSL 7:481bce714567 8118 WOLFSSL_MSG("accept state TICKET_SENT");
wolfSSL 7:481bce714567 8119
wolfSSL 7:481bce714567 8120 case TICKET_SENT:
wolfSSL 7:481bce714567 8121 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 7:481bce714567 8122 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8123 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8124 }
wolfSSL 7:481bce714567 8125 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 7:481bce714567 8126 WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 7:481bce714567 8127
wolfSSL 7:481bce714567 8128 case CHANGE_CIPHER_SENT :
wolfSSL 7:481bce714567 8129 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 7:481bce714567 8130 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8131 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8132 }
wolfSSL 7:481bce714567 8133
wolfSSL 7:481bce714567 8134 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 7:481bce714567 8135 WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 7:481bce714567 8136
wolfSSL 7:481bce714567 8137 case ACCEPT_FINISHED_DONE :
wolfSSL 7:481bce714567 8138 if (ssl->options.resuming)
wolfSSL 7:481bce714567 8139 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 7:481bce714567 8140 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 8141 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8142 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8143 }
wolfSSL 7:481bce714567 8144
wolfSSL 7:481bce714567 8145 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 7:481bce714567 8146 WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 7:481bce714567 8147
wolfSSL 7:481bce714567 8148 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 7:481bce714567 8149 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 7:481bce714567 8150 if (ssl->hsDoneCb) {
wolfSSL 7:481bce714567 8151 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 7:481bce714567 8152 if (cbret < 0) {
wolfSSL 7:481bce714567 8153 ssl->error = cbret;
wolfSSL 7:481bce714567 8154 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 7:481bce714567 8155 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8156 }
wolfSSL 7:481bce714567 8157 }
wolfSSL 7:481bce714567 8158 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 7:481bce714567 8159
wolfSSL 7:481bce714567 8160 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 8161 FreeHandshakeResources(ssl);
wolfSSL 7:481bce714567 8162 }
wolfSSL 7:481bce714567 8163 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8164 else {
wolfSSL 7:481bce714567 8165 ssl->options.dtlsHsRetain = 1;
wolfSSL 7:481bce714567 8166 }
wolfSSL 7:481bce714567 8167 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 8168
wolfSSL 7:481bce714567 8169 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 7:481bce714567 8170 if (ssl->dtls_export) {
wolfSSL 7:481bce714567 8171 if ((ssl->error = wolfSSL_send_session(ssl)) != 0) {
wolfSSL 7:481bce714567 8172 WOLFSSL_MSG("Export DTLS session error");
wolfSSL 7:481bce714567 8173 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 8174 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8175 }
wolfSSL 7:481bce714567 8176 }
wolfSSL 7:481bce714567 8177 #endif
wolfSSL 7:481bce714567 8178
wolfSSL 7:481bce714567 8179 WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL 7:481bce714567 8180 return SSL_SUCCESS;
wolfSSL 7:481bce714567 8181
wolfSSL 7:481bce714567 8182 default :
wolfSSL 7:481bce714567 8183 WOLFSSL_MSG("Unknown accept state ERROR");
wolfSSL 7:481bce714567 8184 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 8185 }
wolfSSL 7:481bce714567 8186 }
wolfSSL 7:481bce714567 8187
wolfSSL 7:481bce714567 8188 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 8189
wolfSSL 7:481bce714567 8190
wolfSSL 7:481bce714567 8191 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 7:481bce714567 8192
wolfSSL 7:481bce714567 8193 int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
wolfSSL 7:481bce714567 8194 {
wolfSSL 7:481bce714567 8195 WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
wolfSSL 7:481bce714567 8196
wolfSSL 7:481bce714567 8197 if (ssl == NULL)
wolfSSL 7:481bce714567 8198 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 8199
wolfSSL 7:481bce714567 8200 ssl->hsDoneCb = cb;
wolfSSL 7:481bce714567 8201 ssl->hsDoneCtx = user_ctx;
wolfSSL 7:481bce714567 8202
wolfSSL 7:481bce714567 8203
wolfSSL 7:481bce714567 8204 return SSL_SUCCESS;
wolfSSL 7:481bce714567 8205 }
wolfSSL 7:481bce714567 8206
wolfSSL 7:481bce714567 8207 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 7:481bce714567 8208
wolfSSL 7:481bce714567 8209
wolfSSL 7:481bce714567 8210 int wolfSSL_Cleanup(void)
wolfSSL 7:481bce714567 8211 {
wolfSSL 7:481bce714567 8212 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 8213 int release = 0;
wolfSSL 7:481bce714567 8214
wolfSSL 7:481bce714567 8215 WOLFSSL_ENTER("wolfSSL_Cleanup");
wolfSSL 7:481bce714567 8216
wolfSSL 7:481bce714567 8217 if (initRefCount == 0)
wolfSSL 7:481bce714567 8218 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 7:481bce714567 8219
wolfSSL 7:481bce714567 8220 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 7:481bce714567 8221 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 7:481bce714567 8222 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8223 }
wolfSSL 7:481bce714567 8224
wolfSSL 7:481bce714567 8225 release = initRefCount-- == 1;
wolfSSL 7:481bce714567 8226 if (initRefCount < 0)
wolfSSL 7:481bce714567 8227 initRefCount = 0;
wolfSSL 7:481bce714567 8228
wolfSSL 7:481bce714567 8229 wc_UnLockMutex(&count_mutex);
wolfSSL 7:481bce714567 8230
wolfSSL 7:481bce714567 8231 if (!release)
wolfSSL 7:481bce714567 8232 return ret;
wolfSSL 7:481bce714567 8233
wolfSSL 7:481bce714567 8234 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 8235 if (wc_FreeMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8236 ret = BAD_MUTEX_E;
wolfSSL 7:481bce714567 8237 #endif
wolfSSL 7:481bce714567 8238 if (wc_FreeMutex(&count_mutex) != 0)
wolfSSL 7:481bce714567 8239 ret = BAD_MUTEX_E;
wolfSSL 7:481bce714567 8240
wolfSSL 7:481bce714567 8241 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 8242 #ifdef FP_ECC
wolfSSL 7:481bce714567 8243 wc_ecc_fp_free();
wolfSSL 7:481bce714567 8244 #endif
wolfSSL 7:481bce714567 8245 #ifdef ECC_CACHE_CURVE
wolfSSL 7:481bce714567 8246 wc_ecc_curve_cache_free();
wolfSSL 7:481bce714567 8247 #endif
wolfSSL 7:481bce714567 8248 #endif
wolfSSL 7:481bce714567 8249
wolfSSL 7:481bce714567 8250 if (wolfCrypt_Cleanup() != 0) {
wolfSSL 7:481bce714567 8251 WOLFSSL_MSG("Error with wolfCrypt_Cleanup call");
wolfSSL 7:481bce714567 8252 ret = WC_CLEANUP_E;
wolfSSL 7:481bce714567 8253 }
wolfSSL 7:481bce714567 8254
wolfSSL 7:481bce714567 8255 return ret;
wolfSSL 7:481bce714567 8256 }
wolfSSL 7:481bce714567 8257
wolfSSL 7:481bce714567 8258
wolfSSL 7:481bce714567 8259 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 8260
wolfSSL 7:481bce714567 8261
wolfSSL 7:481bce714567 8262 /* some session IDs aren't random after all, let's make them random */
wolfSSL 7:481bce714567 8263 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 7:481bce714567 8264 {
wolfSSL 7:481bce714567 8265 byte digest[MAX_DIGEST_SIZE];
wolfSSL 7:481bce714567 8266
wolfSSL 7:481bce714567 8267 #ifndef NO_MD5
wolfSSL 7:481bce714567 8268 *error = wc_Md5Hash(sessionID, len, digest);
wolfSSL 7:481bce714567 8269 #elif !defined(NO_SHA)
wolfSSL 7:481bce714567 8270 *error = wc_ShaHash(sessionID, len, digest);
wolfSSL 7:481bce714567 8271 #elif !defined(NO_SHA256)
wolfSSL 7:481bce714567 8272 *error = wc_Sha256Hash(sessionID, len, digest);
wolfSSL 7:481bce714567 8273 #else
wolfSSL 7:481bce714567 8274 #error "We need a digest to hash the session IDs"
wolfSSL 7:481bce714567 8275 #endif
wolfSSL 7:481bce714567 8276
wolfSSL 7:481bce714567 8277 return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
wolfSSL 7:481bce714567 8278 }
wolfSSL 7:481bce714567 8279
wolfSSL 7:481bce714567 8280
wolfSSL 7:481bce714567 8281 void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
wolfSSL 7:481bce714567 8282 {
wolfSSL 7:481bce714567 8283 /* static table now, no flushing needed */
wolfSSL 7:481bce714567 8284 (void)ctx;
wolfSSL 7:481bce714567 8285 (void)tm;
wolfSSL 7:481bce714567 8286 }
wolfSSL 7:481bce714567 8287
wolfSSL 7:481bce714567 8288
wolfSSL 7:481bce714567 8289 /* set ssl session timeout in seconds */
wolfSSL 7:481bce714567 8290 int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
wolfSSL 7:481bce714567 8291 {
wolfSSL 7:481bce714567 8292 if (ssl == NULL)
wolfSSL 7:481bce714567 8293 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 8294
wolfSSL 7:481bce714567 8295 ssl->timeout = to;
wolfSSL 7:481bce714567 8296
wolfSSL 7:481bce714567 8297 return SSL_SUCCESS;
wolfSSL 7:481bce714567 8298 }
wolfSSL 7:481bce714567 8299
wolfSSL 7:481bce714567 8300
wolfSSL 7:481bce714567 8301 /* set ctx session timeout in seconds */
wolfSSL 7:481bce714567 8302 int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
wolfSSL 7:481bce714567 8303 {
wolfSSL 7:481bce714567 8304 if (ctx == NULL)
wolfSSL 7:481bce714567 8305 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 8306
wolfSSL 7:481bce714567 8307 ctx->timeout = to;
wolfSSL 7:481bce714567 8308
wolfSSL 7:481bce714567 8309 return SSL_SUCCESS;
wolfSSL 7:481bce714567 8310 }
wolfSSL 7:481bce714567 8311
wolfSSL 7:481bce714567 8312
wolfSSL 7:481bce714567 8313 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 8314
wolfSSL 7:481bce714567 8315 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 7:481bce714567 8316 WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
wolfSSL 7:481bce714567 8317 {
wolfSSL 7:481bce714567 8318 WOLFSSL_SESSION* ret = NULL;
wolfSSL 7:481bce714567 8319 word32 row;
wolfSSL 7:481bce714567 8320 int idx;
wolfSSL 7:481bce714567 8321 int count;
wolfSSL 7:481bce714567 8322 int error = 0;
wolfSSL 7:481bce714567 8323
wolfSSL 7:481bce714567 8324 WOLFSSL_ENTER("GetSessionClient");
wolfSSL 7:481bce714567 8325
wolfSSL 7:481bce714567 8326 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 8327 return NULL;
wolfSSL 7:481bce714567 8328
wolfSSL 7:481bce714567 8329 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 7:481bce714567 8330 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 7:481bce714567 8331 if (error != 0) {
wolfSSL 7:481bce714567 8332 WOLFSSL_MSG("Hash session failed");
wolfSSL 7:481bce714567 8333 return NULL;
wolfSSL 7:481bce714567 8334 }
wolfSSL 7:481bce714567 8335
wolfSSL 7:481bce714567 8336 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8337 WOLFSSL_MSG("Lock session mutex failed");
wolfSSL 7:481bce714567 8338 return NULL;
wolfSSL 7:481bce714567 8339 }
wolfSSL 7:481bce714567 8340
wolfSSL 7:481bce714567 8341 /* start from most recently used */
wolfSSL 7:481bce714567 8342 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 7:481bce714567 8343 idx = ClientCache[row].nextIdx - 1;
wolfSSL 7:481bce714567 8344 if (idx < 0)
wolfSSL 7:481bce714567 8345 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 7:481bce714567 8346
wolfSSL 7:481bce714567 8347 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 7:481bce714567 8348 WOLFSSL_SESSION* current;
wolfSSL 7:481bce714567 8349 ClientSession clSess;
wolfSSL 7:481bce714567 8350
wolfSSL 7:481bce714567 8351 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 7:481bce714567 8352 WOLFSSL_MSG("Bad idx");
wolfSSL 7:481bce714567 8353 break;
wolfSSL 7:481bce714567 8354 }
wolfSSL 7:481bce714567 8355
wolfSSL 7:481bce714567 8356 clSess = ClientCache[row].Clients[idx];
wolfSSL 7:481bce714567 8357
wolfSSL 7:481bce714567 8358 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 7:481bce714567 8359 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 7:481bce714567 8360 WOLFSSL_MSG("Found a serverid match for client");
wolfSSL 7:481bce714567 8361 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 7:481bce714567 8362 WOLFSSL_MSG("Session valid");
wolfSSL 7:481bce714567 8363 ret = current;
wolfSSL 7:481bce714567 8364 break;
wolfSSL 7:481bce714567 8365 } else {
wolfSSL 7:481bce714567 8366 WOLFSSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 7:481bce714567 8367 }
wolfSSL 7:481bce714567 8368 } else {
wolfSSL 7:481bce714567 8369 WOLFSSL_MSG("ServerID not a match from client table");
wolfSSL 7:481bce714567 8370 }
wolfSSL 7:481bce714567 8371 }
wolfSSL 7:481bce714567 8372
wolfSSL 7:481bce714567 8373 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 8374
wolfSSL 7:481bce714567 8375 return ret;
wolfSSL 7:481bce714567 8376 }
wolfSSL 7:481bce714567 8377
wolfSSL 7:481bce714567 8378 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 8379
wolfSSL 7:481bce714567 8380
wolfSSL 7:481bce714567 8381 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 7:481bce714567 8382 byte restoreSessionCerts)
wolfSSL 7:481bce714567 8383 {
wolfSSL 7:481bce714567 8384 WOLFSSL_SESSION* ret = 0;
wolfSSL 7:481bce714567 8385 const byte* id = NULL;
wolfSSL 7:481bce714567 8386 word32 row;
wolfSSL 7:481bce714567 8387 int idx;
wolfSSL 7:481bce714567 8388 int count;
wolfSSL 7:481bce714567 8389 int error = 0;
wolfSSL 7:481bce714567 8390
wolfSSL 7:481bce714567 8391 (void) restoreSessionCerts;
wolfSSL 7:481bce714567 8392
wolfSSL 7:481bce714567 8393 if (ssl->options.sessionCacheOff)
wolfSSL 7:481bce714567 8394 return NULL;
wolfSSL 7:481bce714567 8395
wolfSSL 7:481bce714567 8396 if (ssl->options.haveSessionId == 0)
wolfSSL 7:481bce714567 8397 return NULL;
wolfSSL 7:481bce714567 8398
wolfSSL 7:481bce714567 8399 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8400 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 7:481bce714567 8401 return NULL;
wolfSSL 7:481bce714567 8402 #endif
wolfSSL 7:481bce714567 8403
wolfSSL 7:481bce714567 8404 if (ssl->arrays)
wolfSSL 7:481bce714567 8405 id = ssl->arrays->sessionID;
wolfSSL 7:481bce714567 8406 else
wolfSSL 7:481bce714567 8407 id = ssl->session.sessionID;
wolfSSL 7:481bce714567 8408
wolfSSL 7:481bce714567 8409 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 7:481bce714567 8410 if (error != 0) {
wolfSSL 7:481bce714567 8411 WOLFSSL_MSG("Hash session failed");
wolfSSL 7:481bce714567 8412 return NULL;
wolfSSL 7:481bce714567 8413 }
wolfSSL 7:481bce714567 8414
wolfSSL 7:481bce714567 8415 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8416 return 0;
wolfSSL 7:481bce714567 8417
wolfSSL 7:481bce714567 8418 /* start from most recently used */
wolfSSL 7:481bce714567 8419 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 7:481bce714567 8420 idx = SessionCache[row].nextIdx - 1;
wolfSSL 7:481bce714567 8421 if (idx < 0)
wolfSSL 7:481bce714567 8422 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 7:481bce714567 8423
wolfSSL 7:481bce714567 8424 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 7:481bce714567 8425 WOLFSSL_SESSION* current;
wolfSSL 7:481bce714567 8426
wolfSSL 7:481bce714567 8427 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 7:481bce714567 8428 WOLFSSL_MSG("Bad idx");
wolfSSL 7:481bce714567 8429 break;
wolfSSL 7:481bce714567 8430 }
wolfSSL 7:481bce714567 8431
wolfSSL 7:481bce714567 8432 current = &SessionCache[row].Sessions[idx];
wolfSSL 7:481bce714567 8433 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 7:481bce714567 8434 WOLFSSL_MSG("Found a session match");
wolfSSL 7:481bce714567 8435 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 7:481bce714567 8436 WOLFSSL_MSG("Session valid");
wolfSSL 7:481bce714567 8437 ret = current;
wolfSSL 7:481bce714567 8438 if (masterSecret)
wolfSSL 7:481bce714567 8439 XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 8440 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 8441 /* If set, we should copy the session certs into the ssl object
wolfSSL 7:481bce714567 8442 * from the session we are returning so we can resume */
wolfSSL 7:481bce714567 8443 if (restoreSessionCerts) {
wolfSSL 7:481bce714567 8444 ssl->session.chain = ret->chain;
wolfSSL 7:481bce714567 8445 ssl->session.version = ret->version;
wolfSSL 7:481bce714567 8446 ssl->session.cipherSuite0 = ret->cipherSuite0;
wolfSSL 7:481bce714567 8447 ssl->session.cipherSuite = ret->cipherSuite;
wolfSSL 7:481bce714567 8448 }
wolfSSL 7:481bce714567 8449 #endif /* SESSION_CERTS */
wolfSSL 7:481bce714567 8450
wolfSSL 7:481bce714567 8451 } else {
wolfSSL 7:481bce714567 8452 WOLFSSL_MSG("Session timed out");
wolfSSL 7:481bce714567 8453 }
wolfSSL 7:481bce714567 8454 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 7:481bce714567 8455 } else {
wolfSSL 7:481bce714567 8456 WOLFSSL_MSG("SessionID not a match at this idx");
wolfSSL 7:481bce714567 8457 }
wolfSSL 7:481bce714567 8458 }
wolfSSL 7:481bce714567 8459
wolfSSL 7:481bce714567 8460 wc_UnLockMutex(&session_mutex);
wolfSSL 7:481bce714567 8461
wolfSSL 7:481bce714567 8462 return ret;
wolfSSL 7:481bce714567 8463 }
wolfSSL 7:481bce714567 8464
wolfSSL 7:481bce714567 8465
wolfSSL 7:481bce714567 8466 static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
wolfSSL 7:481bce714567 8467 {
wolfSSL 7:481bce714567 8468 WOLFSSL_SESSION* copyInto = &ssl->session;
wolfSSL 7:481bce714567 8469 void* tmpBuff = NULL;
wolfSSL 7:481bce714567 8470 int ticketLen = 0;
wolfSSL 7:481bce714567 8471 int doDynamicCopy = 0;
wolfSSL 7:481bce714567 8472 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 8473
wolfSSL 7:481bce714567 8474 (void)ticketLen;
wolfSSL 7:481bce714567 8475 (void)doDynamicCopy;
wolfSSL 7:481bce714567 8476 (void)tmpBuff;
wolfSSL 7:481bce714567 8477
wolfSSL 7:481bce714567 8478 if (!ssl || !copyFrom)
wolfSSL 7:481bce714567 8479 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 8480
wolfSSL 7:481bce714567 8481 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8482 /* Free old dynamic ticket if we had one to avoid leak */
wolfSSL 7:481bce714567 8483 if (copyInto->isDynamic) {
wolfSSL 7:481bce714567 8484 XFREE(copyInto->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8485 copyInto->ticket = copyInto->staticTicket;
wolfSSL 7:481bce714567 8486 copyInto->isDynamic = 0;
wolfSSL 7:481bce714567 8487 }
wolfSSL 7:481bce714567 8488 #endif
wolfSSL 7:481bce714567 8489
wolfSSL 7:481bce714567 8490 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8491 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8492
wolfSSL 7:481bce714567 8493 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8494 /* Size of ticket to alloc if needed; Use later for alloc outside lock */
wolfSSL 7:481bce714567 8495 doDynamicCopy = copyFrom->isDynamic;
wolfSSL 7:481bce714567 8496 ticketLen = copyFrom->ticketLen;
wolfSSL 7:481bce714567 8497 #endif
wolfSSL 7:481bce714567 8498
wolfSSL 7:481bce714567 8499 *copyInto = *copyFrom;
wolfSSL 7:481bce714567 8500
wolfSSL 7:481bce714567 8501 /* Default ticket to non dynamic. This will avoid crash if we fail below */
wolfSSL 7:481bce714567 8502 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8503 copyInto->ticket = copyInto->staticTicket;
wolfSSL 7:481bce714567 8504 copyInto->isDynamic = 0;
wolfSSL 7:481bce714567 8505 #endif
wolfSSL 7:481bce714567 8506
wolfSSL 7:481bce714567 8507 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8508 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8509 }
wolfSSL 7:481bce714567 8510
wolfSSL 7:481bce714567 8511 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8512 /* If doing dynamic copy, need to alloc outside lock, then inside a lock
wolfSSL 7:481bce714567 8513 * confirm the size still matches and memcpy */
wolfSSL 7:481bce714567 8514 if (doDynamicCopy) {
wolfSSL 7:481bce714567 8515 tmpBuff = (byte*)XMALLOC(ticketLen, ssl->heap,
wolfSSL 7:481bce714567 8516 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8517 if (!tmpBuff)
wolfSSL 7:481bce714567 8518 return MEMORY_ERROR;
wolfSSL 7:481bce714567 8519
wolfSSL 7:481bce714567 8520 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8521 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8522 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8523 }
wolfSSL 7:481bce714567 8524
wolfSSL 7:481bce714567 8525 if (ticketLen != copyFrom->ticketLen) {
wolfSSL 7:481bce714567 8526 /* Another thread modified the ssl-> session ticket during alloc.
wolfSSL 7:481bce714567 8527 * Treat as error, since ticket different than when copy requested */
wolfSSL 7:481bce714567 8528 ret = VAR_STATE_CHANGE_E;
wolfSSL 7:481bce714567 8529 }
wolfSSL 7:481bce714567 8530
wolfSSL 7:481bce714567 8531 if (ret == SSL_SUCCESS) {
wolfSSL 7:481bce714567 8532 copyInto->ticket = (byte*)tmpBuff;
wolfSSL 7:481bce714567 8533 copyInto->isDynamic = 1;
wolfSSL 7:481bce714567 8534 XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen);
wolfSSL 7:481bce714567 8535 }
wolfSSL 7:481bce714567 8536 } else {
wolfSSL 7:481bce714567 8537 /* Need to ensure ticket pointer gets updated to own buffer
wolfSSL 7:481bce714567 8538 * and is not pointing to buff of session copied from */
wolfSSL 7:481bce714567 8539 copyInto->ticket = copyInto->staticTicket;
wolfSSL 7:481bce714567 8540 }
wolfSSL 7:481bce714567 8541
wolfSSL 7:481bce714567 8542 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8543 if (ret == SSL_SUCCESS)
wolfSSL 7:481bce714567 8544 ret = BAD_MUTEX_E;
wolfSSL 7:481bce714567 8545 }
wolfSSL 7:481bce714567 8546
wolfSSL 7:481bce714567 8547 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 8548 /* cleanup */
wolfSSL 7:481bce714567 8549 if (tmpBuff)
wolfSSL 7:481bce714567 8550 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8551 copyInto->ticket = copyInto->staticTicket;
wolfSSL 7:481bce714567 8552 copyInto->isDynamic = 0;
wolfSSL 7:481bce714567 8553 }
wolfSSL 7:481bce714567 8554 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 8555 return ret;
wolfSSL 7:481bce714567 8556 }
wolfSSL 7:481bce714567 8557
wolfSSL 7:481bce714567 8558
wolfSSL 7:481bce714567 8559 int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 8560 {
wolfSSL 7:481bce714567 8561 if (ssl->options.sessionCacheOff)
wolfSSL 7:481bce714567 8562 return SSL_FAILURE;
wolfSSL 7:481bce714567 8563
wolfSSL 7:481bce714567 8564 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 7:481bce714567 8565 int ret = GetDeepCopySession(ssl, session);
wolfSSL 7:481bce714567 8566 if (ret == SSL_SUCCESS) {
wolfSSL 7:481bce714567 8567 ssl->options.resuming = 1;
wolfSSL 7:481bce714567 8568
wolfSSL 7:481bce714567 8569 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 8570 ssl->version = session->version;
wolfSSL 7:481bce714567 8571 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 7:481bce714567 8572 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 7:481bce714567 8573 #endif
wolfSSL 7:481bce714567 8574 }
wolfSSL 7:481bce714567 8575
wolfSSL 7:481bce714567 8576 return ret;
wolfSSL 7:481bce714567 8577 }
wolfSSL 7:481bce714567 8578 return SSL_FAILURE; /* session timed out */
wolfSSL 7:481bce714567 8579 }
wolfSSL 7:481bce714567 8580
wolfSSL 7:481bce714567 8581
wolfSSL 7:481bce714567 8582 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 7:481bce714567 8583 static int get_locked_session_stats(word32* active, word32* total,
wolfSSL 7:481bce714567 8584 word32* peak);
wolfSSL 7:481bce714567 8585 #endif
wolfSSL 7:481bce714567 8586
wolfSSL 7:481bce714567 8587 int AddSession(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8588 {
wolfSSL 7:481bce714567 8589 word32 row, idx;
wolfSSL 7:481bce714567 8590 int error = 0;
wolfSSL 7:481bce714567 8591 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8592 byte* tmpBuff = NULL;
wolfSSL 7:481bce714567 8593 int ticLen = 0;
wolfSSL 7:481bce714567 8594 #endif
wolfSSL 7:481bce714567 8595
wolfSSL 7:481bce714567 8596 if (ssl->options.sessionCacheOff)
wolfSSL 7:481bce714567 8597 return 0;
wolfSSL 7:481bce714567 8598
wolfSSL 7:481bce714567 8599 if (ssl->options.haveSessionId == 0)
wolfSSL 7:481bce714567 8600 return 0;
wolfSSL 7:481bce714567 8601
wolfSSL 7:481bce714567 8602 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8603 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 7:481bce714567 8604 return 0;
wolfSSL 7:481bce714567 8605 #endif
wolfSSL 7:481bce714567 8606
wolfSSL 7:481bce714567 8607 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 7:481bce714567 8608 if (error != 0) {
wolfSSL 7:481bce714567 8609 WOLFSSL_MSG("Hash session failed");
wolfSSL 7:481bce714567 8610 return error;
wolfSSL 7:481bce714567 8611 }
wolfSSL 7:481bce714567 8612
wolfSSL 7:481bce714567 8613 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8614 ticLen = ssl->session.ticketLen;
wolfSSL 7:481bce714567 8615 /* Alloc Memory here so if Malloc fails can exit outside of lock */
wolfSSL 7:481bce714567 8616 if(ticLen > SESSION_TICKET_LEN) {
wolfSSL 7:481bce714567 8617 tmpBuff = (byte*)XMALLOC(ticLen, ssl->heap,
wolfSSL 7:481bce714567 8618 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8619 if(!tmpBuff)
wolfSSL 7:481bce714567 8620 return MEMORY_E;
wolfSSL 7:481bce714567 8621 }
wolfSSL 7:481bce714567 8622 #endif
wolfSSL 7:481bce714567 8623
wolfSSL 7:481bce714567 8624 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8625 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8626 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8627 #endif
wolfSSL 7:481bce714567 8628 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8629 }
wolfSSL 7:481bce714567 8630
wolfSSL 7:481bce714567 8631 idx = SessionCache[row].nextIdx++;
wolfSSL 7:481bce714567 8632 #ifdef SESSION_INDEX
wolfSSL 7:481bce714567 8633 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 7:481bce714567 8634 #endif
wolfSSL 7:481bce714567 8635
wolfSSL 7:481bce714567 8636 XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
wolfSSL 7:481bce714567 8637 ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 8638 SessionCache[row].Sessions[idx].haveEMS = ssl->options.haveEMS;
wolfSSL 7:481bce714567 8639 XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
wolfSSL 7:481bce714567 8640 ID_LEN);
wolfSSL 7:481bce714567 8641 SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 7:481bce714567 8642
wolfSSL 7:481bce714567 8643 SessionCache[row].Sessions[idx].timeout = ssl->timeout;
wolfSSL 7:481bce714567 8644 SessionCache[row].Sessions[idx].bornOn = LowResTimer();
wolfSSL 7:481bce714567 8645
wolfSSL 7:481bce714567 8646 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 8647 /* Check if another thread modified ticket since alloc */
wolfSSL 7:481bce714567 8648 if (ticLen != ssl->session.ticketLen) {
wolfSSL 7:481bce714567 8649 error = VAR_STATE_CHANGE_E;
wolfSSL 7:481bce714567 8650 }
wolfSSL 7:481bce714567 8651
wolfSSL 7:481bce714567 8652 if (error == 0) {
wolfSSL 7:481bce714567 8653 /* Cleanup cache row's old Dynamic buff if exists */
wolfSSL 7:481bce714567 8654 if(SessionCache[row].Sessions[idx].isDynamic) {
wolfSSL 7:481bce714567 8655 XFREE(SessionCache[row].Sessions[idx].ticket,
wolfSSL 7:481bce714567 8656 ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8657 SessionCache[row].Sessions[idx].ticket = NULL;
wolfSSL 7:481bce714567 8658 }
wolfSSL 7:481bce714567 8659
wolfSSL 7:481bce714567 8660 /* If too large to store in static buffer, use dyn buffer */
wolfSSL 7:481bce714567 8661 if (ticLen > SESSION_TICKET_LEN) {
wolfSSL 7:481bce714567 8662 SessionCache[row].Sessions[idx].ticket = tmpBuff;
wolfSSL 7:481bce714567 8663 SessionCache[row].Sessions[idx].isDynamic = 1;
wolfSSL 7:481bce714567 8664 } else {
wolfSSL 7:481bce714567 8665 SessionCache[row].Sessions[idx].ticket =
wolfSSL 7:481bce714567 8666 SessionCache[row].Sessions[idx].staticTicket;
wolfSSL 7:481bce714567 8667 SessionCache[row].Sessions[idx].isDynamic = 0;
wolfSSL 7:481bce714567 8668 }
wolfSSL 7:481bce714567 8669 }
wolfSSL 7:481bce714567 8670
wolfSSL 7:481bce714567 8671 if (error == 0) {
wolfSSL 7:481bce714567 8672 SessionCache[row].Sessions[idx].ticketLen = ticLen;
wolfSSL 7:481bce714567 8673 XMEMCPY(SessionCache[row].Sessions[idx].ticket,
wolfSSL 7:481bce714567 8674 ssl->session.ticket, ticLen);
wolfSSL 7:481bce714567 8675 } else { /* cleanup, reset state */
wolfSSL 7:481bce714567 8676 SessionCache[row].Sessions[idx].ticket =
wolfSSL 7:481bce714567 8677 SessionCache[row].Sessions[idx].staticTicket;
wolfSSL 7:481bce714567 8678 SessionCache[row].Sessions[idx].isDynamic = 0;
wolfSSL 7:481bce714567 8679 SessionCache[row].Sessions[idx].ticketLen = 0;
wolfSSL 7:481bce714567 8680 if (tmpBuff) {
wolfSSL 7:481bce714567 8681 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 8682 tmpBuff = NULL;
wolfSSL 7:481bce714567 8683 }
wolfSSL 7:481bce714567 8684 }
wolfSSL 7:481bce714567 8685 #endif
wolfSSL 7:481bce714567 8686
wolfSSL 7:481bce714567 8687 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 8688 if (error == 0) {
wolfSSL 7:481bce714567 8689 SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
wolfSSL 7:481bce714567 8690 XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
wolfSSL 7:481bce714567 8691 ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL 7:481bce714567 8692
wolfSSL 7:481bce714567 8693 SessionCache[row].Sessions[idx].version = ssl->version;
wolfSSL 7:481bce714567 8694 SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 7:481bce714567 8695 SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
wolfSSL 7:481bce714567 8696 }
wolfSSL 7:481bce714567 8697 #endif /* SESSION_CERTS */
wolfSSL 7:481bce714567 8698 if (error == 0) {
wolfSSL 7:481bce714567 8699 SessionCache[row].totalCount++;
wolfSSL 7:481bce714567 8700 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 7:481bce714567 8701 SessionCache[row].nextIdx = 0;
wolfSSL 7:481bce714567 8702 }
wolfSSL 7:481bce714567 8703 #ifndef NO_CLIENT_CACHE
wolfSSL 7:481bce714567 8704 if (error == 0) {
wolfSSL 7:481bce714567 8705 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 7:481bce714567 8706 word32 clientRow, clientIdx;
wolfSSL 7:481bce714567 8707
wolfSSL 7:481bce714567 8708 WOLFSSL_MSG("Adding client cache entry");
wolfSSL 7:481bce714567 8709
wolfSSL 7:481bce714567 8710 SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
wolfSSL 7:481bce714567 8711 XMEMCPY(SessionCache[row].Sessions[idx].serverID,
wolfSSL 7:481bce714567 8712 ssl->session.serverID, ssl->session.idLen);
wolfSSL 7:481bce714567 8713
wolfSSL 7:481bce714567 8714 clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
wolfSSL 7:481bce714567 8715 &error) % SESSION_ROWS;
wolfSSL 7:481bce714567 8716 if (error != 0) {
wolfSSL 7:481bce714567 8717 WOLFSSL_MSG("Hash session failed");
wolfSSL 7:481bce714567 8718 } else {
wolfSSL 7:481bce714567 8719 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 7:481bce714567 8720
wolfSSL 7:481bce714567 8721 ClientCache[clientRow].Clients[clientIdx].serverRow =
wolfSSL 7:481bce714567 8722 (word16)row;
wolfSSL 7:481bce714567 8723 ClientCache[clientRow].Clients[clientIdx].serverIdx =
wolfSSL 7:481bce714567 8724 (word16)idx;
wolfSSL 7:481bce714567 8725
wolfSSL 7:481bce714567 8726 ClientCache[clientRow].totalCount++;
wolfSSL 7:481bce714567 8727 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 7:481bce714567 8728 ClientCache[clientRow].nextIdx = 0;
wolfSSL 7:481bce714567 8729 }
wolfSSL 7:481bce714567 8730 }
wolfSSL 7:481bce714567 8731 else
wolfSSL 7:481bce714567 8732 SessionCache[row].Sessions[idx].idLen = 0;
wolfSSL 7:481bce714567 8733 }
wolfSSL 7:481bce714567 8734 #endif /* NO_CLIENT_CACHE */
wolfSSL 7:481bce714567 8735
wolfSSL 7:481bce714567 8736 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 7:481bce714567 8737 if (error == 0) {
wolfSSL 7:481bce714567 8738 word32 active = 0;
wolfSSL 7:481bce714567 8739
wolfSSL 7:481bce714567 8740 error = get_locked_session_stats(&active, NULL, NULL);
wolfSSL 7:481bce714567 8741 if (error == SSL_SUCCESS) {
wolfSSL 7:481bce714567 8742 error = 0; /* back to this function ok */
wolfSSL 7:481bce714567 8743
wolfSSL 7:481bce714567 8744 if (active > PeakSessions)
wolfSSL 7:481bce714567 8745 PeakSessions = active;
wolfSSL 7:481bce714567 8746 }
wolfSSL 7:481bce714567 8747 }
wolfSSL 7:481bce714567 8748 #endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
wolfSSL 7:481bce714567 8749
wolfSSL 7:481bce714567 8750 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8751 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8752
wolfSSL 7:481bce714567 8753 return error;
wolfSSL 7:481bce714567 8754 }
wolfSSL 7:481bce714567 8755
wolfSSL 7:481bce714567 8756
wolfSSL 7:481bce714567 8757 #ifdef SESSION_INDEX
wolfSSL 7:481bce714567 8758
wolfSSL 7:481bce714567 8759 int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8760 {
wolfSSL 7:481bce714567 8761 WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
wolfSSL 7:481bce714567 8762 WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 7:481bce714567 8763 return ssl->sessionIndex;
wolfSSL 7:481bce714567 8764 }
wolfSSL 7:481bce714567 8765
wolfSSL 7:481bce714567 8766
wolfSSL 7:481bce714567 8767 int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 8768 {
wolfSSL 7:481bce714567 8769 int row, col, result = SSL_FAILURE;
wolfSSL 7:481bce714567 8770
wolfSSL 7:481bce714567 8771 WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
wolfSSL 7:481bce714567 8772
wolfSSL 7:481bce714567 8773 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 7:481bce714567 8774 col = idx & SESSIDX_IDX_MASK;
wolfSSL 7:481bce714567 8775
wolfSSL 7:481bce714567 8776 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8777 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8778 }
wolfSSL 7:481bce714567 8779
wolfSSL 7:481bce714567 8780 if (row < SESSION_ROWS &&
wolfSSL 7:481bce714567 8781 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 7:481bce714567 8782 XMEMCPY(session,
wolfSSL 7:481bce714567 8783 &SessionCache[row].Sessions[col], sizeof(WOLFSSL_SESSION));
wolfSSL 7:481bce714567 8784 result = SSL_SUCCESS;
wolfSSL 7:481bce714567 8785 }
wolfSSL 7:481bce714567 8786
wolfSSL 7:481bce714567 8787 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8788 result = BAD_MUTEX_E;
wolfSSL 7:481bce714567 8789
wolfSSL 7:481bce714567 8790 WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
wolfSSL 7:481bce714567 8791 return result;
wolfSSL 7:481bce714567 8792 }
wolfSSL 7:481bce714567 8793
wolfSSL 7:481bce714567 8794 #endif /* SESSION_INDEX */
wolfSSL 7:481bce714567 8795
wolfSSL 7:481bce714567 8796 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL 7:481bce714567 8797
wolfSSL 7:481bce714567 8798 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 8799 {
wolfSSL 7:481bce714567 8800 WOLFSSL_X509_CHAIN* chain = NULL;
wolfSSL 7:481bce714567 8801
wolfSSL 7:481bce714567 8802 WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
wolfSSL 7:481bce714567 8803 if (session)
wolfSSL 7:481bce714567 8804 chain = &session->chain;
wolfSSL 7:481bce714567 8805
wolfSSL 7:481bce714567 8806 WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 7:481bce714567 8807 return chain;
wolfSSL 7:481bce714567 8808 }
wolfSSL 7:481bce714567 8809
wolfSSL 7:481bce714567 8810 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 7:481bce714567 8811
wolfSSL 7:481bce714567 8812
wolfSSL 7:481bce714567 8813 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 7:481bce714567 8814
wolfSSL 7:481bce714567 8815 /* requires session_mutex lock held, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 8816 static int get_locked_session_stats(word32* active, word32* total, word32* peak)
wolfSSL 7:481bce714567 8817 {
wolfSSL 7:481bce714567 8818 int result = SSL_SUCCESS;
wolfSSL 7:481bce714567 8819 int i;
wolfSSL 7:481bce714567 8820 int count;
wolfSSL 7:481bce714567 8821 int idx;
wolfSSL 7:481bce714567 8822 word32 now = 0;
wolfSSL 7:481bce714567 8823 word32 seen = 0;
wolfSSL 7:481bce714567 8824 word32 ticks = LowResTimer();
wolfSSL 7:481bce714567 8825
wolfSSL 7:481bce714567 8826 (void)peak;
wolfSSL 7:481bce714567 8827
wolfSSL 7:481bce714567 8828 WOLFSSL_ENTER("get_locked_session_stats");
wolfSSL 7:481bce714567 8829
wolfSSL 7:481bce714567 8830 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 7:481bce714567 8831 seen += SessionCache[i].totalCount;
wolfSSL 7:481bce714567 8832
wolfSSL 7:481bce714567 8833 if (active == NULL)
wolfSSL 7:481bce714567 8834 continue; /* no need to calculate what we can't set */
wolfSSL 7:481bce714567 8835
wolfSSL 7:481bce714567 8836 count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
wolfSSL 7:481bce714567 8837 idx = SessionCache[i].nextIdx - 1;
wolfSSL 7:481bce714567 8838 if (idx < 0)
wolfSSL 7:481bce714567 8839 idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
wolfSSL 7:481bce714567 8840
wolfSSL 7:481bce714567 8841 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 7:481bce714567 8842 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 7:481bce714567 8843 WOLFSSL_MSG("Bad idx");
wolfSSL 7:481bce714567 8844 break;
wolfSSL 7:481bce714567 8845 }
wolfSSL 7:481bce714567 8846
wolfSSL 7:481bce714567 8847 /* if not expried then good */
wolfSSL 7:481bce714567 8848 if (ticks < (SessionCache[i].Sessions[idx].bornOn +
wolfSSL 7:481bce714567 8849 SessionCache[i].Sessions[idx].timeout) ) {
wolfSSL 7:481bce714567 8850 now++;
wolfSSL 7:481bce714567 8851 }
wolfSSL 7:481bce714567 8852 }
wolfSSL 7:481bce714567 8853 }
wolfSSL 7:481bce714567 8854
wolfSSL 7:481bce714567 8855 if (active)
wolfSSL 7:481bce714567 8856 *active = now;
wolfSSL 7:481bce714567 8857
wolfSSL 7:481bce714567 8858 if (total)
wolfSSL 7:481bce714567 8859 *total = seen;
wolfSSL 7:481bce714567 8860
wolfSSL 7:481bce714567 8861 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 7:481bce714567 8862 if (peak)
wolfSSL 7:481bce714567 8863 *peak = PeakSessions;
wolfSSL 7:481bce714567 8864 #endif
wolfSSL 7:481bce714567 8865
wolfSSL 7:481bce714567 8866 WOLFSSL_LEAVE("get_locked_session_stats", result);
wolfSSL 7:481bce714567 8867
wolfSSL 7:481bce714567 8868 return result;
wolfSSL 7:481bce714567 8869 }
wolfSSL 7:481bce714567 8870
wolfSSL 7:481bce714567 8871
wolfSSL 7:481bce714567 8872 /* return SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 8873 int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
wolfSSL 7:481bce714567 8874 word32* maxSessions)
wolfSSL 7:481bce714567 8875 {
wolfSSL 7:481bce714567 8876 int result = SSL_SUCCESS;
wolfSSL 7:481bce714567 8877
wolfSSL 7:481bce714567 8878 WOLFSSL_ENTER("wolfSSL_get_session_stats");
wolfSSL 7:481bce714567 8879
wolfSSL 7:481bce714567 8880 if (maxSessions) {
wolfSSL 7:481bce714567 8881 *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 7:481bce714567 8882
wolfSSL 7:481bce714567 8883 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 7:481bce714567 8884 return result; /* we're done */
wolfSSL 7:481bce714567 8885 }
wolfSSL 7:481bce714567 8886
wolfSSL 7:481bce714567 8887 /* user must provide at least one query value */
wolfSSL 7:481bce714567 8888 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 7:481bce714567 8889 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 8890
wolfSSL 7:481bce714567 8891 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 7:481bce714567 8892 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 8893 }
wolfSSL 7:481bce714567 8894
wolfSSL 7:481bce714567 8895 result = get_locked_session_stats(active, total, peak);
wolfSSL 7:481bce714567 8896
wolfSSL 7:481bce714567 8897 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 7:481bce714567 8898 result = BAD_MUTEX_E;
wolfSSL 7:481bce714567 8899
wolfSSL 7:481bce714567 8900 WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
wolfSSL 7:481bce714567 8901
wolfSSL 7:481bce714567 8902 return result;
wolfSSL 7:481bce714567 8903 }
wolfSSL 7:481bce714567 8904
wolfSSL 7:481bce714567 8905 #endif /* WOLFSSL_SESSION_STATS */
wolfSSL 7:481bce714567 8906
wolfSSL 7:481bce714567 8907
wolfSSL 7:481bce714567 8908 #ifdef PRINT_SESSION_STATS
wolfSSL 7:481bce714567 8909
wolfSSL 7:481bce714567 8910 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 8911 int wolfSSL_PrintSessionStats(void)
wolfSSL 7:481bce714567 8912 {
wolfSSL 7:481bce714567 8913 word32 totalSessionsSeen = 0;
wolfSSL 7:481bce714567 8914 word32 totalSessionsNow = 0;
wolfSSL 7:481bce714567 8915 word32 peak = 0;
wolfSSL 7:481bce714567 8916 word32 maxSessions = 0;
wolfSSL 7:481bce714567 8917 int i;
wolfSSL 7:481bce714567 8918 int ret;
wolfSSL 7:481bce714567 8919 double E; /* expected freq */
wolfSSL 7:481bce714567 8920 double chiSquare = 0;
wolfSSL 7:481bce714567 8921
wolfSSL 7:481bce714567 8922 ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
wolfSSL 7:481bce714567 8923 &peak, &maxSessions);
wolfSSL 7:481bce714567 8924 if (ret != SSL_SUCCESS)
wolfSSL 7:481bce714567 8925 return ret;
wolfSSL 7:481bce714567 8926 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 7:481bce714567 8927 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 7:481bce714567 8928 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 7:481bce714567 8929 printf("Peak Sessions = %d\n", peak);
wolfSSL 7:481bce714567 8930 #endif
wolfSSL 7:481bce714567 8931 printf("Max Sessions = %d\n", maxSessions);
wolfSSL 7:481bce714567 8932
wolfSSL 7:481bce714567 8933 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 7:481bce714567 8934
wolfSSL 7:481bce714567 8935 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 7:481bce714567 8936 double diff = SessionCache[i].totalCount - E;
wolfSSL 7:481bce714567 8937 diff *= diff; /* square */
wolfSSL 7:481bce714567 8938 diff /= E; /* normalize */
wolfSSL 7:481bce714567 8939
wolfSSL 7:481bce714567 8940 chiSquare += diff;
wolfSSL 7:481bce714567 8941 }
wolfSSL 7:481bce714567 8942 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 7:481bce714567 8943 SESSION_ROWS - 1);
wolfSSL 7:481bce714567 8944 #if (SESSION_ROWS == 11)
wolfSSL 7:481bce714567 8945 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 7:481bce714567 8946 #elif (SESSION_ROWS == 211)
wolfSSL 7:481bce714567 8947 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 7:481bce714567 8948 #elif (SESSION_ROWS == 5981)
wolfSSL 7:481bce714567 8949 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 7:481bce714567 8950 #elif (SESSION_ROWS == 3)
wolfSSL 7:481bce714567 8951 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 7:481bce714567 8952 #elif (SESSION_ROWS == 2861)
wolfSSL 7:481bce714567 8953 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 7:481bce714567 8954 #endif
wolfSSL 7:481bce714567 8955 printf("\n");
wolfSSL 7:481bce714567 8956
wolfSSL 7:481bce714567 8957 return ret;
wolfSSL 7:481bce714567 8958 }
wolfSSL 7:481bce714567 8959
wolfSSL 7:481bce714567 8960 #endif /* SESSION_STATS */
wolfSSL 7:481bce714567 8961
wolfSSL 7:481bce714567 8962 #else /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 8963
wolfSSL 7:481bce714567 8964 /* No session cache version */
wolfSSL 7:481bce714567 8965 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 7:481bce714567 8966 byte restoreSessionCerts)
wolfSSL 7:481bce714567 8967 {
wolfSSL 7:481bce714567 8968 (void)ssl;
wolfSSL 7:481bce714567 8969 (void)masterSecret;
wolfSSL 7:481bce714567 8970 (void)restoreSessionCerts;
wolfSSL 7:481bce714567 8971
wolfSSL 7:481bce714567 8972 return NULL;
wolfSSL 7:481bce714567 8973 }
wolfSSL 7:481bce714567 8974
wolfSSL 7:481bce714567 8975 #endif /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 8976
wolfSSL 7:481bce714567 8977
wolfSSL 7:481bce714567 8978 /* call before SSL_connect, if verifying will add name check to
wolfSSL 7:481bce714567 8979 date check and signature check */
wolfSSL 7:481bce714567 8980 int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
wolfSSL 7:481bce714567 8981 {
wolfSSL 7:481bce714567 8982 WOLFSSL_ENTER("wolfSSL_check_domain_name");
wolfSSL 7:481bce714567 8983 if (ssl->buffers.domainName.buffer)
wolfSSL 7:481bce714567 8984 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 7:481bce714567 8985
wolfSSL 7:481bce714567 8986 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL 7:481bce714567 8987 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL 7:481bce714567 8988 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 7:481bce714567 8989
wolfSSL 7:481bce714567 8990 if (ssl->buffers.domainName.buffer) {
wolfSSL 7:481bce714567 8991 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL 7:481bce714567 8992 ssl->buffers.domainName.length);
wolfSSL 7:481bce714567 8993 return SSL_SUCCESS;
wolfSSL 7:481bce714567 8994 }
wolfSSL 7:481bce714567 8995 else {
wolfSSL 7:481bce714567 8996 ssl->error = MEMORY_ERROR;
wolfSSL 7:481bce714567 8997 return SSL_FAILURE;
wolfSSL 7:481bce714567 8998 }
wolfSSL 7:481bce714567 8999 }
wolfSSL 7:481bce714567 9000
wolfSSL 7:481bce714567 9001
wolfSSL 7:481bce714567 9002 /* turn on wolfSSL zlib compression
wolfSSL 7:481bce714567 9003 returns SSL_SUCCESS for success, else error (not built in)
wolfSSL 7:481bce714567 9004 */
wolfSSL 7:481bce714567 9005 int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9006 {
wolfSSL 7:481bce714567 9007 WOLFSSL_ENTER("wolfSSL_set_compression");
wolfSSL 7:481bce714567 9008 (void)ssl;
wolfSSL 7:481bce714567 9009 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 9010 ssl->options.usingCompression = 1;
wolfSSL 7:481bce714567 9011 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9012 #else
wolfSSL 7:481bce714567 9013 return NOT_COMPILED_IN;
wolfSSL 7:481bce714567 9014 #endif
wolfSSL 7:481bce714567 9015 }
wolfSSL 7:481bce714567 9016
wolfSSL 7:481bce714567 9017
wolfSSL 7:481bce714567 9018 #ifndef USE_WINDOWS_API
wolfSSL 7:481bce714567 9019 #ifndef NO_WRITEV
wolfSSL 7:481bce714567 9020
wolfSSL 7:481bce714567 9021 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 7:481bce714567 9022 because of SSL_write behavior and because front adds may be small */
wolfSSL 7:481bce714567 9023 int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 7:481bce714567 9024 {
wolfSSL 7:481bce714567 9025 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 9026 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 9027 #else
wolfSSL 7:481bce714567 9028 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 9029 #endif
wolfSSL 7:481bce714567 9030 byte* myBuffer = staticBuffer;
wolfSSL 7:481bce714567 9031 int dynamic = 0;
wolfSSL 7:481bce714567 9032 int sending = 0;
wolfSSL 7:481bce714567 9033 int idx = 0;
wolfSSL 7:481bce714567 9034 int i;
wolfSSL 7:481bce714567 9035 int ret;
wolfSSL 7:481bce714567 9036
wolfSSL 7:481bce714567 9037 WOLFSSL_ENTER("wolfSSL_writev");
wolfSSL 7:481bce714567 9038
wolfSSL 7:481bce714567 9039 for (i = 0; i < iovcnt; i++)
wolfSSL 7:481bce714567 9040 sending += (int)iov[i].iov_len;
wolfSSL 7:481bce714567 9041
wolfSSL 7:481bce714567 9042 if (sending > (int)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 9043 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
wolfSSL 7:481bce714567 9044 DYNAMIC_TYPE_WRITEV);
wolfSSL 7:481bce714567 9045 if (!myBuffer)
wolfSSL 7:481bce714567 9046 return MEMORY_ERROR;
wolfSSL 7:481bce714567 9047
wolfSSL 7:481bce714567 9048 dynamic = 1;
wolfSSL 7:481bce714567 9049 }
wolfSSL 7:481bce714567 9050
wolfSSL 7:481bce714567 9051 for (i = 0; i < iovcnt; i++) {
wolfSSL 7:481bce714567 9052 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 7:481bce714567 9053 idx += (int)iov[i].iov_len;
wolfSSL 7:481bce714567 9054 }
wolfSSL 7:481bce714567 9055
wolfSSL 7:481bce714567 9056 ret = wolfSSL_write(ssl, myBuffer, sending);
wolfSSL 7:481bce714567 9057
wolfSSL 7:481bce714567 9058 if (dynamic)
wolfSSL 7:481bce714567 9059 XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 7:481bce714567 9060
wolfSSL 7:481bce714567 9061 return ret;
wolfSSL 7:481bce714567 9062 }
wolfSSL 7:481bce714567 9063 #endif
wolfSSL 7:481bce714567 9064 #endif
wolfSSL 7:481bce714567 9065
wolfSSL 7:481bce714567 9066
wolfSSL 7:481bce714567 9067 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 9068
wolfSSL 7:481bce714567 9069 typedef struct itimerval Itimerval;
wolfSSL 7:481bce714567 9070
wolfSSL 7:481bce714567 9071 /* don't keep calling simple functions while setting up timer and signals
wolfSSL 7:481bce714567 9072 if no inlining these are the next best */
wolfSSL 7:481bce714567 9073
wolfSSL 7:481bce714567 9074 #define AddTimes(a, b, c) \
wolfSSL 7:481bce714567 9075 do { \
wolfSSL 7:481bce714567 9076 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 7:481bce714567 9077 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 7:481bce714567 9078 if (c.tv_usec >= 1000000) { \
wolfSSL 7:481bce714567 9079 c.tv_sec++; \
wolfSSL 7:481bce714567 9080 c.tv_usec -= 1000000; \
wolfSSL 7:481bce714567 9081 } \
wolfSSL 7:481bce714567 9082 } while (0)
wolfSSL 7:481bce714567 9083
wolfSSL 7:481bce714567 9084
wolfSSL 7:481bce714567 9085 #define SubtractTimes(a, b, c) \
wolfSSL 7:481bce714567 9086 do { \
wolfSSL 7:481bce714567 9087 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 7:481bce714567 9088 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 7:481bce714567 9089 if (c.tv_usec < 0) { \
wolfSSL 7:481bce714567 9090 c.tv_sec--; \
wolfSSL 7:481bce714567 9091 c.tv_usec += 1000000; \
wolfSSL 7:481bce714567 9092 } \
wolfSSL 7:481bce714567 9093 } while (0)
wolfSSL 7:481bce714567 9094
wolfSSL 7:481bce714567 9095 #define CmpTimes(a, b, cmp) \
wolfSSL 7:481bce714567 9096 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 7:481bce714567 9097 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 7:481bce714567 9098 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 7:481bce714567 9099
wolfSSL 7:481bce714567 9100
wolfSSL 7:481bce714567 9101 /* do nothing handler */
wolfSSL 7:481bce714567 9102 static void myHandler(int signo)
wolfSSL 7:481bce714567 9103 {
wolfSSL 7:481bce714567 9104 (void)signo;
wolfSSL 7:481bce714567 9105 return;
wolfSSL 7:481bce714567 9106 }
wolfSSL 7:481bce714567 9107
wolfSSL 7:481bce714567 9108
wolfSSL 7:481bce714567 9109 static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 7:481bce714567 9110 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 7:481bce714567 9111 {
wolfSSL 7:481bce714567 9112 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 9113 int oldTimerOn = 0; /* was timer already on */
wolfSSL 7:481bce714567 9114 Timeval startTime;
wolfSSL 7:481bce714567 9115 Timeval endTime;
wolfSSL 7:481bce714567 9116 Timeval totalTime;
wolfSSL 7:481bce714567 9117 Itimerval myTimeout;
wolfSSL 7:481bce714567 9118 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 7:481bce714567 9119 struct sigaction act, oact;
wolfSSL 7:481bce714567 9120
wolfSSL 7:481bce714567 9121 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 7:481bce714567 9122
wolfSSL 7:481bce714567 9123 if (hsCb) {
wolfSSL 7:481bce714567 9124 ssl->hsInfoOn = 1;
wolfSSL 7:481bce714567 9125 InitHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 7:481bce714567 9126 }
wolfSSL 7:481bce714567 9127 if (toCb) {
wolfSSL 7:481bce714567 9128 ssl->toInfoOn = 1;
wolfSSL 7:481bce714567 9129 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 7:481bce714567 9130
wolfSSL 7:481bce714567 9131 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 7:481bce714567 9132 ERR_OUT(GETTIME_ERROR);
wolfSSL 7:481bce714567 9133
wolfSSL 7:481bce714567 9134 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 7:481bce714567 9135 myTimeout.it_interval.tv_sec = 0;
wolfSSL 7:481bce714567 9136 myTimeout.it_interval.tv_usec = 0;
wolfSSL 7:481bce714567 9137 myTimeout.it_value.tv_sec = 0;
wolfSSL 7:481bce714567 9138 myTimeout.it_value.tv_usec = 0;
wolfSSL 7:481bce714567 9139 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 7:481bce714567 9140 ERR_OUT(SETITIMER_ERROR);
wolfSSL 7:481bce714567 9141
wolfSSL 7:481bce714567 9142 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 7:481bce714567 9143 oldTimerOn = 1;
wolfSSL 7:481bce714567 9144
wolfSSL 7:481bce714567 9145 /* is old timer going to expire before ours */
wolfSSL 7:481bce714567 9146 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 7:481bce714567 9147 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 7:481bce714567 9148 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 7:481bce714567 9149 }
wolfSSL 7:481bce714567 9150 }
wolfSSL 7:481bce714567 9151 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 7:481bce714567 9152 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 7:481bce714567 9153
wolfSSL 7:481bce714567 9154 /* set up signal handler, don't restart socket send/recv */
wolfSSL 7:481bce714567 9155 act.sa_handler = myHandler;
wolfSSL 7:481bce714567 9156 sigemptyset(&act.sa_mask);
wolfSSL 7:481bce714567 9157 act.sa_flags = 0;
wolfSSL 7:481bce714567 9158 #ifdef SA_INTERRUPT
wolfSSL 7:481bce714567 9159 act.sa_flags |= SA_INTERRUPT;
wolfSSL 7:481bce714567 9160 #endif
wolfSSL 7:481bce714567 9161 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 7:481bce714567 9162 ERR_OUT(SIGACT_ERROR);
wolfSSL 7:481bce714567 9163
wolfSSL 7:481bce714567 9164 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 7:481bce714567 9165 ERR_OUT(SETITIMER_ERROR);
wolfSSL 7:481bce714567 9166 }
wolfSSL 7:481bce714567 9167
wolfSSL 7:481bce714567 9168 /* do main work */
wolfSSL 7:481bce714567 9169 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 9170 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 9171 ret = wolfSSL_connect(ssl);
wolfSSL 7:481bce714567 9172 #endif
wolfSSL 7:481bce714567 9173 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 9174 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 9175 ret = wolfSSL_accept(ssl);
wolfSSL 7:481bce714567 9176 #endif
wolfSSL 7:481bce714567 9177
wolfSSL 7:481bce714567 9178 /* do callbacks */
wolfSSL 7:481bce714567 9179 if (toCb) {
wolfSSL 7:481bce714567 9180 if (oldTimerOn) {
wolfSSL 7:481bce714567 9181 gettimeofday(&endTime, 0);
wolfSSL 7:481bce714567 9182 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 7:481bce714567 9183 /* adjust old timer for elapsed time */
wolfSSL 7:481bce714567 9184 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 7:481bce714567 9185 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 7:481bce714567 9186 oldTimeout.it_value);
wolfSSL 7:481bce714567 9187 else {
wolfSSL 7:481bce714567 9188 /* reset value to interval, may be off */
wolfSSL 7:481bce714567 9189 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 7:481bce714567 9190 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 7:481bce714567 9191 }
wolfSSL 7:481bce714567 9192 /* keep iter the same whether there or not */
wolfSSL 7:481bce714567 9193 }
wolfSSL 7:481bce714567 9194 /* restore old handler */
wolfSSL 7:481bce714567 9195 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 7:481bce714567 9196 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 7:481bce714567 9197 else
wolfSSL 7:481bce714567 9198 /* use old settings which may turn off (expired or not there) */
wolfSSL 7:481bce714567 9199 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 7:481bce714567 9200 ret = SETITIMER_ERROR;
wolfSSL 7:481bce714567 9201
wolfSSL 7:481bce714567 9202 /* if we had a timeout call callback */
wolfSSL 7:481bce714567 9203 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 7:481bce714567 9204 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 7:481bce714567 9205 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 7:481bce714567 9206 (toCb)(&ssl->timeoutInfo);
wolfSSL 7:481bce714567 9207 }
wolfSSL 7:481bce714567 9208 /* clean up */
wolfSSL 7:481bce714567 9209 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 7:481bce714567 9210 ssl->toInfoOn = 0;
wolfSSL 7:481bce714567 9211 }
wolfSSL 7:481bce714567 9212 if (hsCb) {
wolfSSL 7:481bce714567 9213 FinishHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 7:481bce714567 9214 (hsCb)(&ssl->handShakeInfo);
wolfSSL 7:481bce714567 9215 ssl->hsInfoOn = 0;
wolfSSL 7:481bce714567 9216 }
wolfSSL 7:481bce714567 9217 return ret;
wolfSSL 7:481bce714567 9218 }
wolfSSL 7:481bce714567 9219
wolfSSL 7:481bce714567 9220
wolfSSL 7:481bce714567 9221 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 9222
wolfSSL 7:481bce714567 9223 int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 7:481bce714567 9224 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 7:481bce714567 9225 {
wolfSSL 7:481bce714567 9226 WOLFSSL_ENTER("wolfSSL_connect_ex");
wolfSSL 7:481bce714567 9227 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 7:481bce714567 9228 }
wolfSSL 7:481bce714567 9229
wolfSSL 7:481bce714567 9230 #endif
wolfSSL 7:481bce714567 9231
wolfSSL 7:481bce714567 9232
wolfSSL 7:481bce714567 9233 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 9234
wolfSSL 7:481bce714567 9235 int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 7:481bce714567 9236 TimeoutCallBack toCb,Timeval timeout)
wolfSSL 7:481bce714567 9237 {
wolfSSL 7:481bce714567 9238 WOLFSSL_ENTER("wolfSSL_accept_ex");
wolfSSL 7:481bce714567 9239 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 7:481bce714567 9240 }
wolfSSL 7:481bce714567 9241
wolfSSL 7:481bce714567 9242 #endif
wolfSSL 7:481bce714567 9243
wolfSSL 7:481bce714567 9244 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 7:481bce714567 9245
wolfSSL 7:481bce714567 9246
wolfSSL 7:481bce714567 9247 #ifndef NO_PSK
wolfSSL 7:481bce714567 9248
wolfSSL 7:481bce714567 9249 void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9250 wc_psk_client_callback cb)
wolfSSL 7:481bce714567 9251 {
wolfSSL 7:481bce714567 9252 WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 7:481bce714567 9253 ctx->havePSK = 1;
wolfSSL 7:481bce714567 9254 ctx->client_psk_cb = cb;
wolfSSL 7:481bce714567 9255 }
wolfSSL 7:481bce714567 9256
wolfSSL 7:481bce714567 9257
wolfSSL 7:481bce714567 9258 void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb)
wolfSSL 7:481bce714567 9259 {
wolfSSL 7:481bce714567 9260 byte haveRSA = 1;
wolfSSL 7:481bce714567 9261
wolfSSL 7:481bce714567 9262 WOLFSSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 7:481bce714567 9263 ssl->options.havePSK = 1;
wolfSSL 7:481bce714567 9264 ssl->options.client_psk_cb = cb;
wolfSSL 7:481bce714567 9265
wolfSSL 7:481bce714567 9266 #ifdef NO_RSA
wolfSSL 7:481bce714567 9267 haveRSA = 0;
wolfSSL 7:481bce714567 9268 #endif
wolfSSL 7:481bce714567 9269 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 7:481bce714567 9270 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 9271 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 9272 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 9273 }
wolfSSL 7:481bce714567 9274
wolfSSL 7:481bce714567 9275
wolfSSL 7:481bce714567 9276 void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9277 wc_psk_server_callback cb)
wolfSSL 7:481bce714567 9278 {
wolfSSL 7:481bce714567 9279 WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 7:481bce714567 9280 ctx->havePSK = 1;
wolfSSL 7:481bce714567 9281 ctx->server_psk_cb = cb;
wolfSSL 7:481bce714567 9282 }
wolfSSL 7:481bce714567 9283
wolfSSL 7:481bce714567 9284
wolfSSL 7:481bce714567 9285 void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb)
wolfSSL 7:481bce714567 9286 {
wolfSSL 7:481bce714567 9287 byte haveRSA = 1;
wolfSSL 7:481bce714567 9288
wolfSSL 7:481bce714567 9289 WOLFSSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 7:481bce714567 9290 ssl->options.havePSK = 1;
wolfSSL 7:481bce714567 9291 ssl->options.server_psk_cb = cb;
wolfSSL 7:481bce714567 9292
wolfSSL 7:481bce714567 9293 #ifdef NO_RSA
wolfSSL 7:481bce714567 9294 haveRSA = 0;
wolfSSL 7:481bce714567 9295 #endif
wolfSSL 7:481bce714567 9296 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 7:481bce714567 9297 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 9298 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 9299 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 9300 }
wolfSSL 7:481bce714567 9301
wolfSSL 7:481bce714567 9302
wolfSSL 7:481bce714567 9303 const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 9304 {
wolfSSL 7:481bce714567 9305 WOLFSSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 7:481bce714567 9306
wolfSSL 7:481bce714567 9307 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 7:481bce714567 9308 return NULL;
wolfSSL 7:481bce714567 9309
wolfSSL 7:481bce714567 9310 return ssl->arrays->server_hint;
wolfSSL 7:481bce714567 9311 }
wolfSSL 7:481bce714567 9312
wolfSSL 7:481bce714567 9313
wolfSSL 7:481bce714567 9314 const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 9315 {
wolfSSL 7:481bce714567 9316 WOLFSSL_ENTER("SSL_get_psk_identity");
wolfSSL 7:481bce714567 9317
wolfSSL 7:481bce714567 9318 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 7:481bce714567 9319 return NULL;
wolfSSL 7:481bce714567 9320
wolfSSL 7:481bce714567 9321 return ssl->arrays->client_identity;
wolfSSL 7:481bce714567 9322 }
wolfSSL 7:481bce714567 9323
wolfSSL 7:481bce714567 9324
wolfSSL 7:481bce714567 9325 int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint)
wolfSSL 7:481bce714567 9326 {
wolfSSL 7:481bce714567 9327 WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 7:481bce714567 9328 if (hint == 0)
wolfSSL 7:481bce714567 9329 ctx->server_hint[0] = 0;
wolfSSL 7:481bce714567 9330 else {
wolfSSL 7:481bce714567 9331 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 7:481bce714567 9332 ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 7:481bce714567 9333 }
wolfSSL 7:481bce714567 9334 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9335 }
wolfSSL 7:481bce714567 9336
wolfSSL 7:481bce714567 9337
wolfSSL 7:481bce714567 9338 int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint)
wolfSSL 7:481bce714567 9339 {
wolfSSL 7:481bce714567 9340 WOLFSSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 7:481bce714567 9341
wolfSSL 7:481bce714567 9342 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 7:481bce714567 9343 return SSL_FAILURE;
wolfSSL 7:481bce714567 9344
wolfSSL 7:481bce714567 9345 if (hint == 0)
wolfSSL 7:481bce714567 9346 ssl->arrays->server_hint[0] = 0;
wolfSSL 7:481bce714567 9347 else {
wolfSSL 7:481bce714567 9348 XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 7:481bce714567 9349 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 7:481bce714567 9350 }
wolfSSL 7:481bce714567 9351 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9352 }
wolfSSL 7:481bce714567 9353
wolfSSL 7:481bce714567 9354 #endif /* NO_PSK */
wolfSSL 7:481bce714567 9355
wolfSSL 7:481bce714567 9356
wolfSSL 7:481bce714567 9357 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 9358
wolfSSL 7:481bce714567 9359 int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9360 {
wolfSSL 7:481bce714567 9361 WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher");
wolfSSL 7:481bce714567 9362
wolfSSL 7:481bce714567 9363 if (ctx == NULL)
wolfSSL 7:481bce714567 9364 return SSL_FAILURE;
wolfSSL 7:481bce714567 9365
wolfSSL 7:481bce714567 9366 ctx->haveAnon = 1;
wolfSSL 7:481bce714567 9367
wolfSSL 7:481bce714567 9368 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9369 }
wolfSSL 7:481bce714567 9370
wolfSSL 7:481bce714567 9371 #endif /* HAVE_ANON */
wolfSSL 7:481bce714567 9372
wolfSSL 7:481bce714567 9373
wolfSSL 7:481bce714567 9374 #ifndef NO_CERTS
wolfSSL 7:481bce714567 9375 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 7:481bce714567 9376
wolfSSL 7:481bce714567 9377 /* wolfSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 7:481bce714567 9378 int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9379 const unsigned char* in,
wolfSSL 7:481bce714567 9380 long sz, int format)
wolfSSL 7:481bce714567 9381 {
wolfSSL 7:481bce714567 9382 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
wolfSSL 7:481bce714567 9383 if (format == SSL_FILETYPE_PEM)
wolfSSL 7:481bce714567 9384 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL 7:481bce714567 9385 else
wolfSSL 7:481bce714567 9386 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL 7:481bce714567 9387 }
wolfSSL 7:481bce714567 9388
wolfSSL 7:481bce714567 9389
wolfSSL 7:481bce714567 9390 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 9391 int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9392 const unsigned char* in,
wolfSSL 7:481bce714567 9393 long sz, int format)
wolfSSL 7:481bce714567 9394 {
wolfSSL 7:481bce714567 9395 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
wolfSSL 7:481bce714567 9396
wolfSSL 7:481bce714567 9397 /* sanity check on arguments */
wolfSSL 7:481bce714567 9398 if (sz < 0 || in == NULL || ctx == NULL) {
wolfSSL 7:481bce714567 9399 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9400 }
wolfSSL 7:481bce714567 9401
wolfSSL 7:481bce714567 9402 if (format == SSL_FILETYPE_PEM)
wolfSSL 7:481bce714567 9403 return ProcessChainBuffer(ctx, in, sz, format,
wolfSSL 7:481bce714567 9404 TRUSTED_PEER_TYPE, NULL);
wolfSSL 7:481bce714567 9405 else
wolfSSL 7:481bce714567 9406 return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE,
wolfSSL 7:481bce714567 9407 NULL,NULL,0);
wolfSSL 7:481bce714567 9408 }
wolfSSL 7:481bce714567 9409 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 9410
wolfSSL 7:481bce714567 9411
wolfSSL 7:481bce714567 9412 int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9413 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9414 {
wolfSSL 7:481bce714567 9415 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
wolfSSL 7:481bce714567 9416 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL 7:481bce714567 9417 }
wolfSSL 7:481bce714567 9418
wolfSSL 7:481bce714567 9419
wolfSSL 7:481bce714567 9420 int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9421 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9422 {
wolfSSL 7:481bce714567 9423 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
wolfSSL 7:481bce714567 9424 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL 7:481bce714567 9425 }
wolfSSL 7:481bce714567 9426
wolfSSL 7:481bce714567 9427
wolfSSL 7:481bce714567 9428 int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9429 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9430 {
wolfSSL 7:481bce714567 9431 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
wolfSSL 7:481bce714567 9432 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1);
wolfSSL 7:481bce714567 9433 }
wolfSSL 7:481bce714567 9434
wolfSSL 7:481bce714567 9435 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9436 const unsigned char* in, long sz)
wolfSSL 7:481bce714567 9437 {
wolfSSL 7:481bce714567 9438 return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
wolfSSL 7:481bce714567 9439 SSL_FILETYPE_PEM);
wolfSSL 7:481bce714567 9440 }
wolfSSL 7:481bce714567 9441
wolfSSL 7:481bce714567 9442
wolfSSL 7:481bce714567 9443 #ifndef NO_DH
wolfSSL 7:481bce714567 9444
wolfSSL 7:481bce714567 9445 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 7:481bce714567 9446 static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 7:481bce714567 9447 const unsigned char* buf,
wolfSSL 7:481bce714567 9448 long sz, int format)
wolfSSL 7:481bce714567 9449 {
wolfSSL 7:481bce714567 9450 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 9451 int ret = 0;
wolfSSL 7:481bce714567 9452 word32 pSz = MAX_DH_SIZE;
wolfSSL 7:481bce714567 9453 word32 gSz = MAX_DH_SIZE;
wolfSSL 7:481bce714567 9454 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 9455 byte* p = NULL;
wolfSSL 7:481bce714567 9456 byte* g = NULL;
wolfSSL 7:481bce714567 9457 #else
wolfSSL 7:481bce714567 9458 byte p[MAX_DH_SIZE];
wolfSSL 7:481bce714567 9459 byte g[MAX_DH_SIZE];
wolfSSL 7:481bce714567 9460 #endif
wolfSSL 7:481bce714567 9461
wolfSSL 7:481bce714567 9462 if (ctx == NULL || buf == NULL)
wolfSSL 7:481bce714567 9463 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9464
wolfSSL 7:481bce714567 9465 ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap);
wolfSSL 7:481bce714567 9466 if (ret != 0) {
wolfSSL 7:481bce714567 9467 return ret;
wolfSSL 7:481bce714567 9468 }
wolfSSL 7:481bce714567 9469 der->buffer = (byte*)buf;
wolfSSL 7:481bce714567 9470 der->length = (word32)sz;
wolfSSL 7:481bce714567 9471
wolfSSL 7:481bce714567 9472 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 9473 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9474 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9475
wolfSSL 7:481bce714567 9476 if (p == NULL || g == NULL) {
wolfSSL 7:481bce714567 9477 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9478 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9479 return MEMORY_E;
wolfSSL 7:481bce714567 9480 }
wolfSSL 7:481bce714567 9481 #endif
wolfSSL 7:481bce714567 9482
wolfSSL 7:481bce714567 9483 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL 7:481bce714567 9484 ret = SSL_BAD_FILETYPE;
wolfSSL 7:481bce714567 9485 else {
wolfSSL 7:481bce714567 9486 if (format == SSL_FILETYPE_PEM) {
wolfSSL 7:481bce714567 9487 FreeDer(&der);
wolfSSL 7:481bce714567 9488 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
wolfSSL 7:481bce714567 9489 NULL, NULL);
wolfSSL 7:481bce714567 9490 }
wolfSSL 7:481bce714567 9491
wolfSSL 7:481bce714567 9492 if (ret == 0) {
wolfSSL 7:481bce714567 9493 if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0)
wolfSSL 7:481bce714567 9494 ret = SSL_BAD_FILETYPE;
wolfSSL 7:481bce714567 9495 else if (ssl)
wolfSSL 7:481bce714567 9496 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 7:481bce714567 9497 else
wolfSSL 7:481bce714567 9498 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 7:481bce714567 9499 }
wolfSSL 7:481bce714567 9500 }
wolfSSL 7:481bce714567 9501
wolfSSL 7:481bce714567 9502 FreeDer(&der);
wolfSSL 7:481bce714567 9503
wolfSSL 7:481bce714567 9504 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 9505 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9506 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 9507 #endif
wolfSSL 7:481bce714567 9508
wolfSSL 7:481bce714567 9509 return ret;
wolfSSL 7:481bce714567 9510 }
wolfSSL 7:481bce714567 9511
wolfSSL 7:481bce714567 9512
wolfSSL 7:481bce714567 9513 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 9514 int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
wolfSSL 7:481bce714567 9515 int format)
wolfSSL 7:481bce714567 9516 {
wolfSSL 7:481bce714567 9517 if (ssl == NULL)
wolfSSL 7:481bce714567 9518 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9519
wolfSSL 7:481bce714567 9520 return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 7:481bce714567 9521 }
wolfSSL 7:481bce714567 9522
wolfSSL 7:481bce714567 9523
wolfSSL 7:481bce714567 9524 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 9525 int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
wolfSSL 7:481bce714567 9526 long sz, int format)
wolfSSL 7:481bce714567 9527 {
wolfSSL 7:481bce714567 9528 return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 7:481bce714567 9529 }
wolfSSL 7:481bce714567 9530
wolfSSL 7:481bce714567 9531 #endif /* NO_DH */
wolfSSL 7:481bce714567 9532
wolfSSL 7:481bce714567 9533
wolfSSL 7:481bce714567 9534 int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
wolfSSL 7:481bce714567 9535 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9536 {
wolfSSL 7:481bce714567 9537 WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
wolfSSL 7:481bce714567 9538 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL 7:481bce714567 9539 }
wolfSSL 7:481bce714567 9540
wolfSSL 7:481bce714567 9541
wolfSSL 7:481bce714567 9542 int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
wolfSSL 7:481bce714567 9543 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9544 {
wolfSSL 7:481bce714567 9545 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
wolfSSL 7:481bce714567 9546 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 7:481bce714567 9547 ssl, NULL, 0);
wolfSSL 7:481bce714567 9548 }
wolfSSL 7:481bce714567 9549
wolfSSL 7:481bce714567 9550 int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
wolfSSL 7:481bce714567 9551 const unsigned char* in, long sz, int format)
wolfSSL 7:481bce714567 9552 {
wolfSSL 7:481bce714567 9553 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
wolfSSL 7:481bce714567 9554 return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
wolfSSL 7:481bce714567 9555 ssl, NULL, 1);
wolfSSL 7:481bce714567 9556 }
wolfSSL 7:481bce714567 9557
wolfSSL 7:481bce714567 9558 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
wolfSSL 7:481bce714567 9559 const unsigned char* in, long sz)
wolfSSL 7:481bce714567 9560 {
wolfSSL 7:481bce714567 9561 return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
wolfSSL 7:481bce714567 9562 SSL_FILETYPE_PEM);
wolfSSL 7:481bce714567 9563 }
wolfSSL 7:481bce714567 9564
wolfSSL 7:481bce714567 9565
wolfSSL 7:481bce714567 9566 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 7:481bce714567 9567 SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 9568 int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9569 {
wolfSSL 7:481bce714567 9570 if (ssl == NULL) {
wolfSSL 7:481bce714567 9571 WOLFSSL_MSG("Null function arg");
wolfSSL 7:481bce714567 9572 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9573 }
wolfSSL 7:481bce714567 9574
wolfSSL 7:481bce714567 9575 if (ssl->buffers.weOwnCert && !ssl->keepCert) {
wolfSSL 7:481bce714567 9576 WOLFSSL_MSG("Unloading cert");
wolfSSL 7:481bce714567 9577 FreeDer(&ssl->buffers.certificate);
wolfSSL 7:481bce714567 9578 #ifdef KEEP_OUR_CERT
wolfSSL 7:481bce714567 9579 FreeX509(ssl->ourCert);
wolfSSL 7:481bce714567 9580 if (ssl->ourCert) {
wolfSSL 7:481bce714567 9581 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 9582 ssl->ourCert = NULL;
wolfSSL 7:481bce714567 9583 }
wolfSSL 7:481bce714567 9584 #endif
wolfSSL 7:481bce714567 9585 ssl->buffers.weOwnCert = 0;
wolfSSL 7:481bce714567 9586 }
wolfSSL 7:481bce714567 9587
wolfSSL 7:481bce714567 9588 if (ssl->buffers.weOwnCertChain) {
wolfSSL 7:481bce714567 9589 WOLFSSL_MSG("Unloading cert chain");
wolfSSL 7:481bce714567 9590 FreeDer(&ssl->buffers.certChain);
wolfSSL 7:481bce714567 9591 ssl->buffers.weOwnCertChain = 0;
wolfSSL 7:481bce714567 9592 }
wolfSSL 7:481bce714567 9593
wolfSSL 7:481bce714567 9594 if (ssl->buffers.weOwnKey) {
wolfSSL 7:481bce714567 9595 WOLFSSL_MSG("Unloading key");
wolfSSL 7:481bce714567 9596 FreeDer(&ssl->buffers.key);
wolfSSL 7:481bce714567 9597 ssl->buffers.weOwnKey = 0;
wolfSSL 7:481bce714567 9598 }
wolfSSL 7:481bce714567 9599
wolfSSL 7:481bce714567 9600 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9601 }
wolfSSL 7:481bce714567 9602
wolfSSL 7:481bce714567 9603
wolfSSL 7:481bce714567 9604 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9605 {
wolfSSL 7:481bce714567 9606 WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs");
wolfSSL 7:481bce714567 9607
wolfSSL 7:481bce714567 9608 if (ctx == NULL)
wolfSSL 7:481bce714567 9609 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9610
wolfSSL 7:481bce714567 9611 return wolfSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 7:481bce714567 9612 }
wolfSSL 7:481bce714567 9613
wolfSSL 7:481bce714567 9614
wolfSSL 7:481bce714567 9615 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 9616 int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9617 {
wolfSSL 7:481bce714567 9618 WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers");
wolfSSL 7:481bce714567 9619
wolfSSL 7:481bce714567 9620 if (ctx == NULL)
wolfSSL 7:481bce714567 9621 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 9622
wolfSSL 7:481bce714567 9623 return wolfSSL_CertManagerUnload_trust_peers(ctx->cm);
wolfSSL 7:481bce714567 9624 }
wolfSSL 7:481bce714567 9625 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 9626 /* old NO_FILESYSTEM end */
wolfSSL 7:481bce714567 9627 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 9628
wolfSSL 7:481bce714567 9629
wolfSSL 7:481bce714567 9630 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 7:481bce714567 9631
wolfSSL 7:481bce714567 9632
wolfSSL 7:481bce714567 9633 int wolfSSL_add_all_algorithms(void)
wolfSSL 7:481bce714567 9634 {
wolfSSL 7:481bce714567 9635 WOLFSSL_ENTER("wolfSSL_add_all_algorithms");
wolfSSL 7:481bce714567 9636 if (wolfSSL_Init() == SSL_SUCCESS)
wolfSSL 7:481bce714567 9637 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9638 else
wolfSSL 7:481bce714567 9639 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 9640 }
wolfSSL 7:481bce714567 9641
wolfSSL 7:481bce714567 9642
wolfSSL 7:481bce714567 9643 /* returns previous set cache size which stays constant */
wolfSSL 7:481bce714567 9644 long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
wolfSSL 7:481bce714567 9645 {
wolfSSL 7:481bce714567 9646 /* cache size fixed at compile time in wolfSSL */
wolfSSL 7:481bce714567 9647 (void)ctx;
wolfSSL 7:481bce714567 9648 (void)sz;
wolfSSL 7:481bce714567 9649 WOLFSSL_MSG("session cache is set at compile time");
wolfSSL 7:481bce714567 9650 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 9651 return SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 7:481bce714567 9652 #else
wolfSSL 7:481bce714567 9653 return 0;
wolfSSL 7:481bce714567 9654 #endif
wolfSSL 7:481bce714567 9655 }
wolfSSL 7:481bce714567 9656
wolfSSL 7:481bce714567 9657
wolfSSL 7:481bce714567 9658 void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
wolfSSL 7:481bce714567 9659 {
wolfSSL 7:481bce714567 9660 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 7:481bce714567 9661 if (mode)
wolfSSL 7:481bce714567 9662 ctx->quietShutdown = 1;
wolfSSL 7:481bce714567 9663 }
wolfSSL 7:481bce714567 9664
wolfSSL 7:481bce714567 9665
wolfSSL 7:481bce714567 9666 void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode)
wolfSSL 7:481bce714567 9667 {
wolfSSL 7:481bce714567 9668 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 7:481bce714567 9669 if (mode)
wolfSSL 7:481bce714567 9670 ssl->options.quietShutdown = 1;
wolfSSL 7:481bce714567 9671 }
wolfSSL 7:481bce714567 9672
wolfSSL 7:481bce714567 9673
wolfSSL 7:481bce714567 9674 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
wolfSSL 7:481bce714567 9675 {
wolfSSL 7:481bce714567 9676 WOLFSSL_ENTER("SSL_set_bio");
wolfSSL 7:481bce714567 9677 wolfSSL_set_rfd(ssl, rd->fd);
wolfSSL 7:481bce714567 9678 wolfSSL_set_wfd(ssl, wr->fd);
wolfSSL 7:481bce714567 9679
wolfSSL 7:481bce714567 9680 ssl->biord = rd;
wolfSSL 7:481bce714567 9681 ssl->biowr = wr;
wolfSSL 7:481bce714567 9682 }
wolfSSL 7:481bce714567 9683
wolfSSL 7:481bce714567 9684
wolfSSL 7:481bce714567 9685 void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9686 STACK_OF(WOLFSSL_X509_NAME)* names)
wolfSSL 7:481bce714567 9687 {
wolfSSL 7:481bce714567 9688 (void)ctx;
wolfSSL 7:481bce714567 9689 (void)names;
wolfSSL 7:481bce714567 9690 }
wolfSSL 7:481bce714567 9691
wolfSSL 7:481bce714567 9692
wolfSSL 7:481bce714567 9693 STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
wolfSSL 7:481bce714567 9694 {
wolfSSL 7:481bce714567 9695 (void)fname;
wolfSSL 7:481bce714567 9696 return 0;
wolfSSL 7:481bce714567 9697 }
wolfSSL 7:481bce714567 9698
wolfSSL 7:481bce714567 9699
wolfSSL 7:481bce714567 9700 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9701 {
wolfSSL 7:481bce714567 9702 /* TODO:, not needed in goahead */
wolfSSL 7:481bce714567 9703 (void)ctx;
wolfSSL 7:481bce714567 9704 return SSL_NOT_IMPLEMENTED;
wolfSSL 7:481bce714567 9705 }
wolfSSL 7:481bce714567 9706
wolfSSL 7:481bce714567 9707
wolfSSL 7:481bce714567 9708 /* keyblock size in bytes or -1 */
wolfSSL 7:481bce714567 9709 int wolfSSL_get_keyblock_size(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9710 {
wolfSSL 7:481bce714567 9711 if (ssl == NULL)
wolfSSL 7:481bce714567 9712 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 9713
wolfSSL 7:481bce714567 9714 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 7:481bce714567 9715 ssl->specs.hash_size);
wolfSSL 7:481bce714567 9716 }
wolfSSL 7:481bce714567 9717
wolfSSL 7:481bce714567 9718
wolfSSL 7:481bce714567 9719 /* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL 7:481bce714567 9720 int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 7:481bce714567 9721 unsigned char** sr, unsigned int* srLen,
wolfSSL 7:481bce714567 9722 unsigned char** cr, unsigned int* crLen)
wolfSSL 7:481bce714567 9723 {
wolfSSL 7:481bce714567 9724 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 7:481bce714567 9725 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 9726
wolfSSL 7:481bce714567 9727 *ms = ssl->arrays->masterSecret;
wolfSSL 7:481bce714567 9728 *sr = ssl->arrays->serverRandom;
wolfSSL 7:481bce714567 9729 *cr = ssl->arrays->clientRandom;
wolfSSL 7:481bce714567 9730
wolfSSL 7:481bce714567 9731 *msLen = SECRET_LEN;
wolfSSL 7:481bce714567 9732 *srLen = RAN_LEN;
wolfSSL 7:481bce714567 9733 *crLen = RAN_LEN;
wolfSSL 7:481bce714567 9734
wolfSSL 7:481bce714567 9735 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9736 }
wolfSSL 7:481bce714567 9737
wolfSSL 7:481bce714567 9738
wolfSSL 7:481bce714567 9739 void wolfSSL_set_accept_state(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9740 {
wolfSSL 7:481bce714567 9741 word16 haveRSA = 1;
wolfSSL 7:481bce714567 9742 word16 havePSK = 0;
wolfSSL 7:481bce714567 9743
wolfSSL 7:481bce714567 9744 WOLFSSL_ENTER("SSL_set_accept_state");
wolfSSL 7:481bce714567 9745 ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL 7:481bce714567 9746 /* reset suites in case user switched */
wolfSSL 7:481bce714567 9747
wolfSSL 7:481bce714567 9748 #ifdef NO_RSA
wolfSSL 7:481bce714567 9749 haveRSA = 0;
wolfSSL 7:481bce714567 9750 #endif
wolfSSL 7:481bce714567 9751 #ifndef NO_PSK
wolfSSL 7:481bce714567 9752 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 9753 #endif
wolfSSL 7:481bce714567 9754 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 7:481bce714567 9755 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 9756 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 9757 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 9758 }
wolfSSL 7:481bce714567 9759 #endif
wolfSSL 7:481bce714567 9760
wolfSSL 7:481bce714567 9761 /* return true if connection established */
wolfSSL 7:481bce714567 9762 int wolfSSL_is_init_finished(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9763 {
wolfSSL 7:481bce714567 9764 if (ssl == NULL)
wolfSSL 7:481bce714567 9765 return 0;
wolfSSL 7:481bce714567 9766
wolfSSL 7:481bce714567 9767 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 7:481bce714567 9768 return 1;
wolfSSL 7:481bce714567 9769
wolfSSL 7:481bce714567 9770 return 0;
wolfSSL 7:481bce714567 9771 }
wolfSSL 7:481bce714567 9772
wolfSSL 7:481bce714567 9773 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 7:481bce714567 9774 void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 9775 WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
wolfSSL 7:481bce714567 9776 {
wolfSSL 7:481bce714567 9777 /* wolfSSL verifies all these internally */
wolfSSL 7:481bce714567 9778 (void)ctx;
wolfSSL 7:481bce714567 9779 (void)f;
wolfSSL 7:481bce714567 9780 }
wolfSSL 7:481bce714567 9781
wolfSSL 7:481bce714567 9782
wolfSSL 7:481bce714567 9783 void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
wolfSSL 7:481bce714567 9784 {
wolfSSL 7:481bce714567 9785 WOLFSSL_ENTER("wolfSSL_set_shutdown");
wolfSSL 7:481bce714567 9786 if(ssl==NULL) {
wolfSSL 7:481bce714567 9787 WOLFSSL_MSG("Shutdown not set. ssl is null");
wolfSSL 7:481bce714567 9788 return;
wolfSSL 7:481bce714567 9789 }
wolfSSL 7:481bce714567 9790
wolfSSL 7:481bce714567 9791 ssl->options.sentNotify = (opt&SSL_SENT_SHUTDOWN) > 0;
wolfSSL 7:481bce714567 9792 ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0;
wolfSSL 7:481bce714567 9793 }
wolfSSL 7:481bce714567 9794
wolfSSL 7:481bce714567 9795
wolfSSL 7:481bce714567 9796 long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9797 {
wolfSSL 7:481bce714567 9798 (void)ctx;
wolfSSL 7:481bce714567 9799 WOLFSSL_ENTER("wolfSSL_CTX_get_options");
wolfSSL 7:481bce714567 9800 WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
wolfSSL 7:481bce714567 9801
wolfSSL 7:481bce714567 9802 return 0;
wolfSSL 7:481bce714567 9803 }
wolfSSL 7:481bce714567 9804
wolfSSL 7:481bce714567 9805
wolfSSL 7:481bce714567 9806 long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 7:481bce714567 9807 {
wolfSSL 7:481bce714567 9808 /* goahead calls with 0, do nothing */
wolfSSL 7:481bce714567 9809 WOLFSSL_ENTER("SSL_CTX_set_options");
wolfSSL 7:481bce714567 9810 (void)ctx;
wolfSSL 7:481bce714567 9811 return opt;
wolfSSL 7:481bce714567 9812 }
wolfSSL 7:481bce714567 9813
wolfSSL 7:481bce714567 9814
wolfSSL 7:481bce714567 9815 int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
wolfSSL 7:481bce714567 9816 {
wolfSSL 7:481bce714567 9817 WOLFSSL_ENTER("SSL_set_rfd");
wolfSSL 7:481bce714567 9818 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 7:481bce714567 9819
wolfSSL 7:481bce714567 9820 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 7:481bce714567 9821
wolfSSL 7:481bce714567 9822 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9823 }
wolfSSL 7:481bce714567 9824
wolfSSL 7:481bce714567 9825
wolfSSL 7:481bce714567 9826 int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd)
wolfSSL 7:481bce714567 9827 {
wolfSSL 7:481bce714567 9828 WOLFSSL_ENTER("SSL_set_wfd");
wolfSSL 7:481bce714567 9829 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 7:481bce714567 9830
wolfSSL 7:481bce714567 9831 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 7:481bce714567 9832
wolfSSL 7:481bce714567 9833 return SSL_SUCCESS;
wolfSSL 7:481bce714567 9834 }
wolfSSL 7:481bce714567 9835
wolfSSL 7:481bce714567 9836
wolfSSL 7:481bce714567 9837 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL 7:481bce714567 9838 void(*f)(int, int, void*), void* data)
wolfSSL 7:481bce714567 9839 {
wolfSSL 7:481bce714567 9840 /* no tmp key needed, actual generation not supported */
wolfSSL 7:481bce714567 9841 WOLFSSL_ENTER("RSA_generate_key");
wolfSSL 7:481bce714567 9842 (void)len;
wolfSSL 7:481bce714567 9843 (void)bits;
wolfSSL 7:481bce714567 9844 (void)f;
wolfSSL 7:481bce714567 9845 (void)data;
wolfSSL 7:481bce714567 9846 return NULL;
wolfSSL 7:481bce714567 9847 }
wolfSSL 7:481bce714567 9848
wolfSSL 7:481bce714567 9849
wolfSSL 7:481bce714567 9850 WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 9851 {
wolfSSL 7:481bce714567 9852 if (ctx == NULL) {
wolfSSL 7:481bce714567 9853 return NULL;
wolfSSL 7:481bce714567 9854 }
wolfSSL 7:481bce714567 9855
wolfSSL 7:481bce714567 9856 return &(ctx->x509_store);
wolfSSL 7:481bce714567 9857 }
wolfSSL 7:481bce714567 9858
wolfSSL 7:481bce714567 9859
wolfSSL 7:481bce714567 9860 #ifndef NO_CERTS
wolfSSL 7:481bce714567 9861 void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
wolfSSL 7:481bce714567 9862 {
wolfSSL 7:481bce714567 9863 if (ctx == NULL || str == NULL) {
wolfSSL 7:481bce714567 9864 return;
wolfSSL 7:481bce714567 9865 }
wolfSSL 7:481bce714567 9866
wolfSSL 7:481bce714567 9867 /* free cert manager if have one */
wolfSSL 7:481bce714567 9868 if (ctx->cm != NULL) {
wolfSSL 7:481bce714567 9869 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 7:481bce714567 9870 }
wolfSSL 7:481bce714567 9871 ctx->cm = str->cm;
wolfSSL 7:481bce714567 9872 ctx->x509_store.cache = str->cache;
wolfSSL 7:481bce714567 9873 }
wolfSSL 7:481bce714567 9874
wolfSSL 7:481bce714567 9875
wolfSSL 7:481bce714567 9876 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 7:481bce714567 9877 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 9878 {
wolfSSL 7:481bce714567 9879 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
wolfSSL 7:481bce714567 9880 if(ctx)
wolfSSL 7:481bce714567 9881 return ctx->current_cert;
wolfSSL 7:481bce714567 9882 return NULL;
wolfSSL 7:481bce714567 9883 }
wolfSSL 7:481bce714567 9884
wolfSSL 7:481bce714567 9885
wolfSSL 7:481bce714567 9886 int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 9887 {
wolfSSL 7:481bce714567 9888 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
wolfSSL 7:481bce714567 9889 if (ctx != NULL)
wolfSSL 7:481bce714567 9890 return ctx->error;
wolfSSL 7:481bce714567 9891 return 0;
wolfSSL 7:481bce714567 9892 }
wolfSSL 7:481bce714567 9893
wolfSSL 7:481bce714567 9894
wolfSSL 7:481bce714567 9895 int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 9896 {
wolfSSL 7:481bce714567 9897 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
wolfSSL 7:481bce714567 9898 if(ctx)
wolfSSL 7:481bce714567 9899 return ctx->error_depth;
wolfSSL 7:481bce714567 9900 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 9901 }
wolfSSL 7:481bce714567 9902 #endif
wolfSSL 7:481bce714567 9903
wolfSSL 7:481bce714567 9904
wolfSSL 7:481bce714567 9905 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
wolfSSL 7:481bce714567 9906 {
wolfSSL 7:481bce714567 9907 static WOLFSSL_BIO_METHOD meth;
wolfSSL 7:481bce714567 9908
wolfSSL 7:481bce714567 9909 WOLFSSL_ENTER("BIO_f_buffer");
wolfSSL 7:481bce714567 9910 meth.type = BIO_BUFFER;
wolfSSL 7:481bce714567 9911
wolfSSL 7:481bce714567 9912 return &meth;
wolfSSL 7:481bce714567 9913 }
wolfSSL 7:481bce714567 9914
wolfSSL 7:481bce714567 9915
wolfSSL 7:481bce714567 9916 long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size)
wolfSSL 7:481bce714567 9917 {
wolfSSL 7:481bce714567 9918 /* wolfSSL has internal buffer, compatibility only */
wolfSSL 7:481bce714567 9919 WOLFSSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 7:481bce714567 9920 (void)bio;
wolfSSL 7:481bce714567 9921 return size;
wolfSSL 7:481bce714567 9922 }
wolfSSL 7:481bce714567 9923
wolfSSL 7:481bce714567 9924
wolfSSL 7:481bce714567 9925 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_bio(void)
wolfSSL 7:481bce714567 9926 {
wolfSSL 7:481bce714567 9927 static WOLFSSL_BIO_METHOD bio_meth;
wolfSSL 7:481bce714567 9928
wolfSSL 7:481bce714567 9929 WOLFSSL_ENTER("wolfSSL_BIO_f_bio");
wolfSSL 7:481bce714567 9930 bio_meth.type = BIO_BIO;
wolfSSL 7:481bce714567 9931
wolfSSL 7:481bce714567 9932 return &bio_meth;
wolfSSL 7:481bce714567 9933 }
wolfSSL 7:481bce714567 9934
wolfSSL 7:481bce714567 9935
wolfSSL 7:481bce714567 9936 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 9937 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void)
wolfSSL 7:481bce714567 9938 {
wolfSSL 7:481bce714567 9939 static WOLFSSL_BIO_METHOD file_meth;
wolfSSL 7:481bce714567 9940
wolfSSL 7:481bce714567 9941 WOLFSSL_ENTER("wolfSSL_BIO_f_file");
wolfSSL 7:481bce714567 9942 file_meth.type = BIO_FILE;
wolfSSL 7:481bce714567 9943
wolfSSL 7:481bce714567 9944 return &file_meth;
wolfSSL 7:481bce714567 9945 }
wolfSSL 7:481bce714567 9946 #endif
wolfSSL 7:481bce714567 9947
wolfSSL 7:481bce714567 9948
wolfSSL 7:481bce714567 9949 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void)
wolfSSL 7:481bce714567 9950 {
wolfSSL 7:481bce714567 9951 static WOLFSSL_BIO_METHOD meth;
wolfSSL 7:481bce714567 9952
wolfSSL 7:481bce714567 9953 WOLFSSL_ENTER("BIO_f_ssl");
wolfSSL 7:481bce714567 9954 meth.type = BIO_SSL;
wolfSSL 7:481bce714567 9955
wolfSSL 7:481bce714567 9956 return &meth;
wolfSSL 7:481bce714567 9957 }
wolfSSL 7:481bce714567 9958
wolfSSL 7:481bce714567 9959
wolfSSL 7:481bce714567 9960 WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
wolfSSL 7:481bce714567 9961 {
wolfSSL 7:481bce714567 9962 static WOLFSSL_BIO_METHOD meth;
wolfSSL 7:481bce714567 9963
wolfSSL 7:481bce714567 9964 WOLFSSL_ENTER("BIO_s_socket");
wolfSSL 7:481bce714567 9965 meth.type = BIO_SOCKET;
wolfSSL 7:481bce714567 9966
wolfSSL 7:481bce714567 9967 return &meth;
wolfSSL 7:481bce714567 9968 }
wolfSSL 7:481bce714567 9969
wolfSSL 7:481bce714567 9970
wolfSSL 7:481bce714567 9971 WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 7:481bce714567 9972 {
wolfSSL 7:481bce714567 9973 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 7:481bce714567 9974 DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 9975
wolfSSL 7:481bce714567 9976 WOLFSSL_ENTER("BIO_new_socket");
wolfSSL 7:481bce714567 9977 if (bio) {
wolfSSL 7:481bce714567 9978 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
wolfSSL 7:481bce714567 9979 bio->type = BIO_SOCKET;
wolfSSL 7:481bce714567 9980 bio->close = (byte)closeF;
wolfSSL 7:481bce714567 9981 bio->fd = sfd;
wolfSSL 7:481bce714567 9982 bio->mem = NULL;
wolfSSL 7:481bce714567 9983 }
wolfSSL 7:481bce714567 9984 return bio;
wolfSSL 7:481bce714567 9985 }
wolfSSL 7:481bce714567 9986
wolfSSL 7:481bce714567 9987
wolfSSL 7:481bce714567 9988 int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
wolfSSL 7:481bce714567 9989 {
wolfSSL 7:481bce714567 9990 WOLFSSL_ENTER("BIO_eof");
wolfSSL 7:481bce714567 9991 if (b->eof)
wolfSSL 7:481bce714567 9992 return 1;
wolfSSL 7:481bce714567 9993
wolfSSL 7:481bce714567 9994 return 0;
wolfSSL 7:481bce714567 9995 }
wolfSSL 7:481bce714567 9996
wolfSSL 7:481bce714567 9997
wolfSSL 7:481bce714567 9998 long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
wolfSSL 7:481bce714567 9999 {
wolfSSL 7:481bce714567 10000 WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
wolfSSL 7:481bce714567 10001
wolfSSL 7:481bce714567 10002 if (b != NULL) {
wolfSSL 7:481bce714567 10003 b->ssl = ssl;
wolfSSL 7:481bce714567 10004 b->close = (byte)closeF;
wolfSSL 7:481bce714567 10005 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 7:481bce714567 10006 }
wolfSSL 7:481bce714567 10007
wolfSSL 7:481bce714567 10008 return 0;
wolfSSL 7:481bce714567 10009 }
wolfSSL 7:481bce714567 10010
wolfSSL 7:481bce714567 10011
wolfSSL 7:481bce714567 10012 long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF)
wolfSSL 7:481bce714567 10013 {
wolfSSL 7:481bce714567 10014 WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
wolfSSL 7:481bce714567 10015
wolfSSL 7:481bce714567 10016 if (b != NULL) {
wolfSSL 7:481bce714567 10017 b->fd = fd;
wolfSSL 7:481bce714567 10018 b->close = (byte)closeF;
wolfSSL 7:481bce714567 10019 }
wolfSSL 7:481bce714567 10020
wolfSSL 7:481bce714567 10021 return SSL_SUCCESS;
wolfSSL 7:481bce714567 10022 }
wolfSSL 7:481bce714567 10023
wolfSSL 7:481bce714567 10024
wolfSSL 7:481bce714567 10025 WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method)
wolfSSL 7:481bce714567 10026 {
wolfSSL 7:481bce714567 10027 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 7:481bce714567 10028 DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 10029 WOLFSSL_ENTER("BIO_new");
wolfSSL 7:481bce714567 10030 if (bio) {
wolfSSL 7:481bce714567 10031 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
wolfSSL 7:481bce714567 10032 bio->type = method->type;
wolfSSL 7:481bce714567 10033 bio->ssl = NULL;
wolfSSL 7:481bce714567 10034 bio->mem = NULL;
wolfSSL 7:481bce714567 10035 bio->prev = NULL;
wolfSSL 7:481bce714567 10036 bio->next = NULL;
wolfSSL 7:481bce714567 10037 }
wolfSSL 7:481bce714567 10038 return bio;
wolfSSL 7:481bce714567 10039 }
wolfSSL 7:481bce714567 10040
wolfSSL 7:481bce714567 10041
wolfSSL 7:481bce714567 10042 int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, const byte** p)
wolfSSL 7:481bce714567 10043 {
wolfSSL 7:481bce714567 10044 if (bio == NULL || p == NULL)
wolfSSL 7:481bce714567 10045 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 10046
wolfSSL 7:481bce714567 10047 *p = bio->mem;
wolfSSL 7:481bce714567 10048
wolfSSL 7:481bce714567 10049 return bio->memLen;
wolfSSL 7:481bce714567 10050 }
wolfSSL 7:481bce714567 10051
wolfSSL 7:481bce714567 10052
wolfSSL 7:481bce714567 10053 WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL 7:481bce714567 10054 {
wolfSSL 7:481bce714567 10055 WOLFSSL_BIO* bio = NULL;
wolfSSL 7:481bce714567 10056 if (buf == NULL)
wolfSSL 7:481bce714567 10057 return bio;
wolfSSL 7:481bce714567 10058
wolfSSL 7:481bce714567 10059 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
wolfSSL 7:481bce714567 10060 if (bio == NULL)
wolfSSL 7:481bce714567 10061 return bio;
wolfSSL 7:481bce714567 10062
wolfSSL 7:481bce714567 10063 bio->memLen = len;
wolfSSL 7:481bce714567 10064 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 10065 if (bio->mem == NULL) {
wolfSSL 7:481bce714567 10066 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 10067 return NULL;
wolfSSL 7:481bce714567 10068 }
wolfSSL 7:481bce714567 10069
wolfSSL 7:481bce714567 10070 XMEMCPY(bio->mem, buf, len);
wolfSSL 7:481bce714567 10071
wolfSSL 7:481bce714567 10072 return bio;
wolfSSL 7:481bce714567 10073 }
wolfSSL 7:481bce714567 10074
wolfSSL 7:481bce714567 10075
wolfSSL 7:481bce714567 10076 #ifdef USE_WINDOWS_API
wolfSSL 7:481bce714567 10077 #define CloseSocket(s) closesocket(s)
wolfSSL 7:481bce714567 10078 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL 7:481bce714567 10079 #define CloseSocket(s) closesocket(s)
wolfSSL 7:481bce714567 10080 extern int closesocket(int) ;
wolfSSL 7:481bce714567 10081 #else
wolfSSL 7:481bce714567 10082 #define CloseSocket(s) close(s)
wolfSSL 7:481bce714567 10083 #endif
wolfSSL 7:481bce714567 10084
wolfSSL 7:481bce714567 10085 int wolfSSL_BIO_free(WOLFSSL_BIO* bio)
wolfSSL 7:481bce714567 10086 {
wolfSSL 7:481bce714567 10087 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 7:481bce714567 10088 WOLFSSL_ENTER("wolfSSL_BIO_free");
wolfSSL 7:481bce714567 10089 if (bio) {
wolfSSL 7:481bce714567 10090 /* remove from pair by setting the paired bios pair to NULL */
wolfSSL 7:481bce714567 10091 if (bio->pair != NULL) {
wolfSSL 7:481bce714567 10092 bio->pair->pair = NULL;
wolfSSL 7:481bce714567 10093 }
wolfSSL 7:481bce714567 10094
wolfSSL 7:481bce714567 10095 if (bio->close) {
wolfSSL 7:481bce714567 10096 if (bio->ssl)
wolfSSL 7:481bce714567 10097 wolfSSL_free(bio->ssl);
wolfSSL 7:481bce714567 10098 if (bio->fd)
wolfSSL 7:481bce714567 10099 CloseSocket(bio->fd);
wolfSSL 7:481bce714567 10100 }
wolfSSL 7:481bce714567 10101
wolfSSL 7:481bce714567 10102 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 10103 if (bio->type == BIO_FILE && bio->close == BIO_CLOSE) {
wolfSSL 7:481bce714567 10104 if (bio->file) {
wolfSSL 7:481bce714567 10105 XFCLOSE(bio->file);
wolfSSL 7:481bce714567 10106 }
wolfSSL 7:481bce714567 10107 }
wolfSSL 7:481bce714567 10108 #endif
wolfSSL 7:481bce714567 10109
wolfSSL 7:481bce714567 10110 if (bio->mem)
wolfSSL 7:481bce714567 10111 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 10112 XFREE(bio, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 10113 }
wolfSSL 7:481bce714567 10114 return 0;
wolfSSL 7:481bce714567 10115 }
wolfSSL 7:481bce714567 10116
wolfSSL 7:481bce714567 10117
wolfSSL 7:481bce714567 10118 int wolfSSL_BIO_free_all(WOLFSSL_BIO* bio)
wolfSSL 7:481bce714567 10119 {
wolfSSL 7:481bce714567 10120 WOLFSSL_ENTER("BIO_free_all");
wolfSSL 7:481bce714567 10121 while (bio) {
wolfSSL 7:481bce714567 10122 WOLFSSL_BIO* next = bio->next;
wolfSSL 7:481bce714567 10123 wolfSSL_BIO_free(bio);
wolfSSL 7:481bce714567 10124 bio = next;
wolfSSL 7:481bce714567 10125 }
wolfSSL 7:481bce714567 10126 return 0;
wolfSSL 7:481bce714567 10127 }
wolfSSL 7:481bce714567 10128
wolfSSL 7:481bce714567 10129
wolfSSL 7:481bce714567 10130 static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
wolfSSL 7:481bce714567 10131 {
wolfSSL 7:481bce714567 10132 int sz;
wolfSSL 7:481bce714567 10133 char* pt;
wolfSSL 7:481bce714567 10134
wolfSSL 7:481bce714567 10135 sz = wolfSSL_BIO_nread(bio, &pt, len);
wolfSSL 7:481bce714567 10136
wolfSSL 7:481bce714567 10137 if (sz > 0) {
wolfSSL 7:481bce714567 10138 XMEMCPY(buf, pt, sz);
wolfSSL 7:481bce714567 10139 }
wolfSSL 7:481bce714567 10140
wolfSSL 7:481bce714567 10141 return sz;
wolfSSL 7:481bce714567 10142 }
wolfSSL 7:481bce714567 10143
wolfSSL 7:481bce714567 10144
wolfSSL 7:481bce714567 10145 int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
wolfSSL 7:481bce714567 10146 {
wolfSSL 7:481bce714567 10147 int ret;
wolfSSL 7:481bce714567 10148 WOLFSSL* ssl = 0;
wolfSSL 7:481bce714567 10149 WOLFSSL_BIO* front = bio;
wolfSSL 7:481bce714567 10150
wolfSSL 7:481bce714567 10151 WOLFSSL_ENTER("wolfSSL_BIO_read");
wolfSSL 7:481bce714567 10152
wolfSSL 7:481bce714567 10153 if (bio && bio->type == BIO_BIO) {
wolfSSL 7:481bce714567 10154 return wolfSSL_BIO_BIO_read(bio, buf, len);
wolfSSL 7:481bce714567 10155 }
wolfSSL 7:481bce714567 10156
wolfSSL 7:481bce714567 10157 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 10158 if (bio && bio->type == BIO_FILE) {
wolfSSL 7:481bce714567 10159 return (int)XFREAD(buf, 1, len, bio->file);
wolfSSL 7:481bce714567 10160 }
wolfSSL 7:481bce714567 10161 #endif
wolfSSL 7:481bce714567 10162
wolfSSL 7:481bce714567 10163 /* already got eof, again is error */
wolfSSL 7:481bce714567 10164 if (bio && front->eof)
wolfSSL 7:481bce714567 10165 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 10166
wolfSSL 7:481bce714567 10167 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 7:481bce714567 10168 bio = bio->next;
wolfSSL 7:481bce714567 10169
wolfSSL 7:481bce714567 10170 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 10171
wolfSSL 7:481bce714567 10172 ret = wolfSSL_read(ssl, buf, len);
wolfSSL 7:481bce714567 10173 if (ret == 0)
wolfSSL 7:481bce714567 10174 front->eof = 1;
wolfSSL 7:481bce714567 10175 else if (ret < 0) {
wolfSSL 7:481bce714567 10176 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 7:481bce714567 10177 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 7:481bce714567 10178 front->eof = 1;
wolfSSL 7:481bce714567 10179 }
wolfSSL 7:481bce714567 10180 return ret;
wolfSSL 7:481bce714567 10181 }
wolfSSL 7:481bce714567 10182
wolfSSL 7:481bce714567 10183
wolfSSL 7:481bce714567 10184 static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
wolfSSL 7:481bce714567 10185 int len)
wolfSSL 7:481bce714567 10186 {
wolfSSL 7:481bce714567 10187 /* internal function where arguments have already been sanity checked */
wolfSSL 7:481bce714567 10188 int sz;
wolfSSL 7:481bce714567 10189 char* buf;
wolfSSL 7:481bce714567 10190
wolfSSL 7:481bce714567 10191 sz = wolfSSL_BIO_nwrite(bio, &buf, len);
wolfSSL 7:481bce714567 10192
wolfSSL 7:481bce714567 10193 /* test space for write */
wolfSSL 7:481bce714567 10194 if (sz <= 0) {
wolfSSL 7:481bce714567 10195 WOLFSSL_MSG("No room left to write");
wolfSSL 7:481bce714567 10196 return sz;
wolfSSL 7:481bce714567 10197 }
wolfSSL 7:481bce714567 10198
wolfSSL 7:481bce714567 10199 XMEMCPY(buf, data, sz);
wolfSSL 7:481bce714567 10200
wolfSSL 7:481bce714567 10201 return sz;
wolfSSL 7:481bce714567 10202 }
wolfSSL 7:481bce714567 10203
wolfSSL 7:481bce714567 10204
wolfSSL 7:481bce714567 10205 int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
wolfSSL 7:481bce714567 10206 {
wolfSSL 7:481bce714567 10207 int ret;
wolfSSL 7:481bce714567 10208 WOLFSSL* ssl = 0;
wolfSSL 7:481bce714567 10209 WOLFSSL_BIO* front = bio;
wolfSSL 7:481bce714567 10210
wolfSSL 7:481bce714567 10211 WOLFSSL_ENTER("wolfSSL_BIO_write");
wolfSSL 7:481bce714567 10212
wolfSSL 7:481bce714567 10213 if (bio && bio->type == BIO_BIO) {
wolfSSL 7:481bce714567 10214 return wolfSSL_BIO_BIO_write(bio, data, len);
wolfSSL 7:481bce714567 10215 }
wolfSSL 7:481bce714567 10216
wolfSSL 7:481bce714567 10217 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 10218 if (bio && bio->type == BIO_FILE) {
wolfSSL 7:481bce714567 10219 return (int)XFWRITE(data, 1, len, bio->file);
wolfSSL 7:481bce714567 10220 }
wolfSSL 7:481bce714567 10221 #endif
wolfSSL 7:481bce714567 10222
wolfSSL 7:481bce714567 10223 /* already got eof, again is error */
wolfSSL 7:481bce714567 10224 if (bio && front->eof)
wolfSSL 7:481bce714567 10225 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 10226
wolfSSL 7:481bce714567 10227 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 7:481bce714567 10228 bio = bio->next;
wolfSSL 7:481bce714567 10229
wolfSSL 7:481bce714567 10230 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 10231
wolfSSL 7:481bce714567 10232 ret = wolfSSL_write(ssl, data, len);
wolfSSL 7:481bce714567 10233 if (ret == 0)
wolfSSL 7:481bce714567 10234 front->eof = 1;
wolfSSL 7:481bce714567 10235 else if (ret < 0) {
wolfSSL 7:481bce714567 10236 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 7:481bce714567 10237 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 7:481bce714567 10238 front->eof = 1;
wolfSSL 7:481bce714567 10239 }
wolfSSL 7:481bce714567 10240
wolfSSL 7:481bce714567 10241 return ret;
wolfSSL 7:481bce714567 10242 }
wolfSSL 7:481bce714567 10243
wolfSSL 7:481bce714567 10244
wolfSSL 7:481bce714567 10245 WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append)
wolfSSL 7:481bce714567 10246 {
wolfSSL 7:481bce714567 10247 WOLFSSL_ENTER("BIO_push");
wolfSSL 7:481bce714567 10248 top->next = append;
wolfSSL 7:481bce714567 10249 append->prev = top;
wolfSSL 7:481bce714567 10250
wolfSSL 7:481bce714567 10251 return top;
wolfSSL 7:481bce714567 10252 }
wolfSSL 7:481bce714567 10253
wolfSSL 7:481bce714567 10254
wolfSSL 7:481bce714567 10255 int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
wolfSSL 7:481bce714567 10256 {
wolfSSL 7:481bce714567 10257 /* for wolfSSL no flushing needed */
wolfSSL 7:481bce714567 10258 WOLFSSL_ENTER("BIO_flush");
wolfSSL 7:481bce714567 10259 (void)bio;
wolfSSL 7:481bce714567 10260 return 1;
wolfSSL 7:481bce714567 10261 }
wolfSSL 7:481bce714567 10262
wolfSSL 7:481bce714567 10263
wolfSSL 7:481bce714567 10264 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
wolfSSL 7:481bce714567 10265
wolfSSL 7:481bce714567 10266
wolfSSL 7:481bce714567 10267 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 7:481bce714567 10268
wolfSSL 7:481bce714567 10269 void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 10270 void* userdata)
wolfSSL 7:481bce714567 10271 {
wolfSSL 7:481bce714567 10272 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 7:481bce714567 10273 ctx->userdata = userdata;
wolfSSL 7:481bce714567 10274 }
wolfSSL 7:481bce714567 10275
wolfSSL 7:481bce714567 10276
wolfSSL 7:481bce714567 10277 void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,pem_password_cb* cb)
wolfSSL 7:481bce714567 10278 {
wolfSSL 7:481bce714567 10279 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 7:481bce714567 10280 if (ctx != NULL) {
wolfSSL 7:481bce714567 10281 ctx->passwd_cb = cb;
wolfSSL 7:481bce714567 10282 }
wolfSSL 7:481bce714567 10283 }
wolfSSL 7:481bce714567 10284
wolfSSL 7:481bce714567 10285 int wolfSSL_num_locks(void)
wolfSSL 7:481bce714567 10286 {
wolfSSL 7:481bce714567 10287 return 0;
wolfSSL 7:481bce714567 10288 }
wolfSSL 7:481bce714567 10289
wolfSSL 7:481bce714567 10290 void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 7:481bce714567 10291 {
wolfSSL 7:481bce714567 10292 (void)f;
wolfSSL 7:481bce714567 10293 }
wolfSSL 7:481bce714567 10294
wolfSSL 7:481bce714567 10295 void wolfSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 7:481bce714567 10296 {
wolfSSL 7:481bce714567 10297 (void)f;
wolfSSL 7:481bce714567 10298 }
wolfSSL 7:481bce714567 10299
wolfSSL 7:481bce714567 10300 unsigned long wolfSSL_ERR_get_error(void)
wolfSSL 7:481bce714567 10301 {
wolfSSL 7:481bce714567 10302 /* TODO: */
wolfSSL 7:481bce714567 10303 return 0;
wolfSSL 7:481bce714567 10304 }
wolfSSL 7:481bce714567 10305
wolfSSL 7:481bce714567 10306 #ifndef NO_MD5
wolfSSL 7:481bce714567 10307
wolfSSL 7:481bce714567 10308 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
wolfSSL 7:481bce714567 10309 const WOLFSSL_EVP_MD* md, const byte* salt,
wolfSSL 7:481bce714567 10310 const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL 7:481bce714567 10311 {
wolfSSL 7:481bce714567 10312 int keyLen = 0;
wolfSSL 7:481bce714567 10313 int ivLen = 0;
wolfSSL 7:481bce714567 10314 int j;
wolfSSL 7:481bce714567 10315 int keyLeft;
wolfSSL 7:481bce714567 10316 int ivLeft;
wolfSSL 7:481bce714567 10317 int keyOutput = 0;
wolfSSL 7:481bce714567 10318 byte digest[MD5_DIGEST_SIZE];
wolfSSL 7:481bce714567 10319 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10320 Md5* md5 = NULL;
wolfSSL 7:481bce714567 10321 #else
wolfSSL 7:481bce714567 10322 Md5 md5[1];
wolfSSL 7:481bce714567 10323 #endif
wolfSSL 7:481bce714567 10324
wolfSSL 7:481bce714567 10325 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10326 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10327 if (md5 == NULL)
wolfSSL 7:481bce714567 10328 return 0;
wolfSSL 7:481bce714567 10329 #endif
wolfSSL 7:481bce714567 10330
wolfSSL 7:481bce714567 10331 (void)type;
wolfSSL 7:481bce714567 10332
wolfSSL 7:481bce714567 10333 WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
wolfSSL 7:481bce714567 10334 wc_InitMd5(md5);
wolfSSL 7:481bce714567 10335
wolfSSL 7:481bce714567 10336 /* only support MD5 for now */
wolfSSL 7:481bce714567 10337 if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
wolfSSL 7:481bce714567 10338
wolfSSL 7:481bce714567 10339 /* only support CBC DES and AES for now */
wolfSSL 7:481bce714567 10340 #ifndef NO_DES3
wolfSSL 7:481bce714567 10341 if (XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0) {
wolfSSL 7:481bce714567 10342 keyLen = DES_KEY_SIZE;
wolfSSL 7:481bce714567 10343 ivLen = DES_IV_SIZE;
wolfSSL 7:481bce714567 10344 }
wolfSSL 7:481bce714567 10345 else if (XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) {
wolfSSL 7:481bce714567 10346 keyLen = DES3_KEY_SIZE;
wolfSSL 7:481bce714567 10347 ivLen = DES_IV_SIZE;
wolfSSL 7:481bce714567 10348 }
wolfSSL 7:481bce714567 10349 else
wolfSSL 7:481bce714567 10350 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 10351 #ifndef NO_AES
wolfSSL 7:481bce714567 10352 if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 7:481bce714567 10353 keyLen = AES_128_KEY_SIZE;
wolfSSL 7:481bce714567 10354 ivLen = AES_IV_SIZE;
wolfSSL 7:481bce714567 10355 }
wolfSSL 7:481bce714567 10356 else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 7:481bce714567 10357 keyLen = AES_192_KEY_SIZE;
wolfSSL 7:481bce714567 10358 ivLen = AES_IV_SIZE;
wolfSSL 7:481bce714567 10359 }
wolfSSL 7:481bce714567 10360 else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 7:481bce714567 10361 keyLen = AES_256_KEY_SIZE;
wolfSSL 7:481bce714567 10362 ivLen = AES_IV_SIZE;
wolfSSL 7:481bce714567 10363 }
wolfSSL 7:481bce714567 10364 else
wolfSSL 7:481bce714567 10365 #endif /* NO_AES */
wolfSSL 7:481bce714567 10366 {
wolfSSL 7:481bce714567 10367 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10368 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10369 #endif
wolfSSL 7:481bce714567 10370 return 0;
wolfSSL 7:481bce714567 10371 }
wolfSSL 7:481bce714567 10372
wolfSSL 7:481bce714567 10373 keyLeft = keyLen;
wolfSSL 7:481bce714567 10374 ivLeft = ivLen;
wolfSSL 7:481bce714567 10375
wolfSSL 7:481bce714567 10376 while (keyOutput < (keyLen + ivLen)) {
wolfSSL 7:481bce714567 10377 int digestLeft = MD5_DIGEST_SIZE;
wolfSSL 7:481bce714567 10378 /* D_(i - 1) */
wolfSSL 7:481bce714567 10379 if (keyOutput) /* first time D_0 is empty */
wolfSSL 7:481bce714567 10380 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 7:481bce714567 10381 /* data */
wolfSSL 7:481bce714567 10382 wc_Md5Update(md5, data, sz);
wolfSSL 7:481bce714567 10383 /* salt */
wolfSSL 7:481bce714567 10384 if (salt)
wolfSSL 7:481bce714567 10385 wc_Md5Update(md5, salt, EVP_SALT_SIZE);
wolfSSL 7:481bce714567 10386 wc_Md5Final(md5, digest);
wolfSSL 7:481bce714567 10387 /* count */
wolfSSL 7:481bce714567 10388 for (j = 1; j < count; j++) {
wolfSSL 7:481bce714567 10389 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 7:481bce714567 10390 wc_Md5Final(md5, digest);
wolfSSL 7:481bce714567 10391 }
wolfSSL 7:481bce714567 10392
wolfSSL 7:481bce714567 10393 if (keyLeft) {
wolfSSL 7:481bce714567 10394 int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL 7:481bce714567 10395 XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL 7:481bce714567 10396
wolfSSL 7:481bce714567 10397 keyOutput += store;
wolfSSL 7:481bce714567 10398 keyLeft -= store;
wolfSSL 7:481bce714567 10399 digestLeft -= store;
wolfSSL 7:481bce714567 10400 }
wolfSSL 7:481bce714567 10401
wolfSSL 7:481bce714567 10402 if (ivLeft && digestLeft) {
wolfSSL 7:481bce714567 10403 int store = min(ivLeft, digestLeft);
wolfSSL 7:481bce714567 10404 if (iv != NULL)
wolfSSL 7:481bce714567 10405 XMEMCPY(&iv[ivLen - ivLeft],
wolfSSL 7:481bce714567 10406 &digest[MD5_DIGEST_SIZE - digestLeft], store);
wolfSSL 7:481bce714567 10407 keyOutput += store;
wolfSSL 7:481bce714567 10408 ivLeft -= store;
wolfSSL 7:481bce714567 10409 }
wolfSSL 7:481bce714567 10410 }
wolfSSL 7:481bce714567 10411
wolfSSL 7:481bce714567 10412 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10413 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10414 #endif
wolfSSL 7:481bce714567 10415
wolfSSL 7:481bce714567 10416 return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
wolfSSL 7:481bce714567 10417 }
wolfSSL 7:481bce714567 10418
wolfSSL 7:481bce714567 10419 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 10420
wolfSSL 7:481bce714567 10421 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 7:481bce714567 10422
wolfSSL 7:481bce714567 10423
wolfSSL 7:481bce714567 10424 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 10425
wolfSSL 7:481bce714567 10426 #if !defined(NO_WOLFSSL_SERVER)
wolfSSL 7:481bce714567 10427 size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
wolfSSL 7:481bce714567 10428 size_t outSz)
wolfSSL 7:481bce714567 10429 {
wolfSSL 7:481bce714567 10430 size_t size;
wolfSSL 7:481bce714567 10431
wolfSSL 7:481bce714567 10432 /* return max size of buffer */
wolfSSL 7:481bce714567 10433 if (outSz == 0) {
wolfSSL 7:481bce714567 10434 return RAN_LEN;
wolfSSL 7:481bce714567 10435 }
wolfSSL 7:481bce714567 10436
wolfSSL 7:481bce714567 10437 if (ssl == NULL || out == NULL) {
wolfSSL 7:481bce714567 10438 return 0;
wolfSSL 7:481bce714567 10439 }
wolfSSL 7:481bce714567 10440
wolfSSL 7:481bce714567 10441 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 7:481bce714567 10442 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 7:481bce714567 10443 return 0;
wolfSSL 7:481bce714567 10444 }
wolfSSL 7:481bce714567 10445
wolfSSL 7:481bce714567 10446 if (outSz > RAN_LEN) {
wolfSSL 7:481bce714567 10447 size = RAN_LEN;
wolfSSL 7:481bce714567 10448 }
wolfSSL 7:481bce714567 10449 else {
wolfSSL 7:481bce714567 10450 size = outSz;
wolfSSL 7:481bce714567 10451 }
wolfSSL 7:481bce714567 10452
wolfSSL 7:481bce714567 10453 XMEMCPY(out, ssl->arrays->serverRandom, size);
wolfSSL 7:481bce714567 10454 return size;
wolfSSL 7:481bce714567 10455 }
wolfSSL 7:481bce714567 10456 #endif /* !defined(NO_WOLFSSL_SERVER) */
wolfSSL 7:481bce714567 10457
wolfSSL 7:481bce714567 10458
wolfSSL 7:481bce714567 10459 #if !defined(NO_WOLFSSL_CLIENT)
wolfSSL 7:481bce714567 10460 /* Return the amount of random bytes copied over or error case.
wolfSSL 7:481bce714567 10461 * ssl : ssl struct after handshake
wolfSSL 7:481bce714567 10462 * out : buffer to hold random bytes
wolfSSL 7:481bce714567 10463 * outSz : either 0 (return max buffer sz) or size of out buffer
wolfSSL 7:481bce714567 10464 *
wolfSSL 7:481bce714567 10465 * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information.
wolfSSL 7:481bce714567 10466 */
wolfSSL 7:481bce714567 10467 size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
wolfSSL 7:481bce714567 10468 size_t outSz)
wolfSSL 7:481bce714567 10469 {
wolfSSL 7:481bce714567 10470 size_t size;
wolfSSL 7:481bce714567 10471
wolfSSL 7:481bce714567 10472 /* return max size of buffer */
wolfSSL 7:481bce714567 10473 if (outSz == 0) {
wolfSSL 7:481bce714567 10474 return RAN_LEN;
wolfSSL 7:481bce714567 10475 }
wolfSSL 7:481bce714567 10476
wolfSSL 7:481bce714567 10477 if (ssl == NULL || out == NULL) {
wolfSSL 7:481bce714567 10478 return 0;
wolfSSL 7:481bce714567 10479 }
wolfSSL 7:481bce714567 10480
wolfSSL 7:481bce714567 10481 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 7:481bce714567 10482 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 7:481bce714567 10483 return 0;
wolfSSL 7:481bce714567 10484 }
wolfSSL 7:481bce714567 10485
wolfSSL 7:481bce714567 10486 if (outSz > RAN_LEN) {
wolfSSL 7:481bce714567 10487 size = RAN_LEN;
wolfSSL 7:481bce714567 10488 }
wolfSSL 7:481bce714567 10489 else {
wolfSSL 7:481bce714567 10490 size = outSz;
wolfSSL 7:481bce714567 10491 }
wolfSSL 7:481bce714567 10492
wolfSSL 7:481bce714567 10493 XMEMCPY(out, ssl->arrays->clientRandom, size);
wolfSSL 7:481bce714567 10494 return size;
wolfSSL 7:481bce714567 10495 }
wolfSSL 7:481bce714567 10496 #endif /* !defined(NO_WOLFSSL_CLIENT) */
wolfSSL 7:481bce714567 10497
wolfSSL 7:481bce714567 10498
wolfSSL 7:481bce714567 10499 unsigned long wolfSSLeay(void)
wolfSSL 7:481bce714567 10500 {
wolfSSL 7:481bce714567 10501 return SSLEAY_VERSION_NUMBER;
wolfSSL 7:481bce714567 10502 }
wolfSSL 7:481bce714567 10503
wolfSSL 7:481bce714567 10504
wolfSSL 7:481bce714567 10505 const char* wolfSSLeay_version(int type)
wolfSSL 7:481bce714567 10506 {
wolfSSL 7:481bce714567 10507 static const char* version = "SSLeay wolfSSL compatibility";
wolfSSL 7:481bce714567 10508 (void)type;
wolfSSL 7:481bce714567 10509 return version;
wolfSSL 7:481bce714567 10510 }
wolfSSL 7:481bce714567 10511
wolfSSL 7:481bce714567 10512
wolfSSL 7:481bce714567 10513 #ifndef NO_MD5
wolfSSL 7:481bce714567 10514 void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
wolfSSL 7:481bce714567 10515 {
wolfSSL 7:481bce714567 10516 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL 7:481bce714567 10517 (void)sizeof(md5_test);
wolfSSL 7:481bce714567 10518
wolfSSL 7:481bce714567 10519 WOLFSSL_ENTER("MD5_Init");
wolfSSL 7:481bce714567 10520 wc_InitMd5((Md5*)md5);
wolfSSL 7:481bce714567 10521 }
wolfSSL 7:481bce714567 10522
wolfSSL 7:481bce714567 10523
wolfSSL 7:481bce714567 10524 void wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
wolfSSL 7:481bce714567 10525 unsigned long sz)
wolfSSL 7:481bce714567 10526 {
wolfSSL 7:481bce714567 10527 WOLFSSL_ENTER("wolfSSL_MD5_Update");
wolfSSL 7:481bce714567 10528 wc_Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10529 }
wolfSSL 7:481bce714567 10530
wolfSSL 7:481bce714567 10531
wolfSSL 7:481bce714567 10532 void wolfSSL_MD5_Final(byte* input, WOLFSSL_MD5_CTX* md5)
wolfSSL 7:481bce714567 10533 {
wolfSSL 7:481bce714567 10534 WOLFSSL_ENTER("MD5_Final");
wolfSSL 7:481bce714567 10535 wc_Md5Final((Md5*)md5, input);
wolfSSL 7:481bce714567 10536 }
wolfSSL 7:481bce714567 10537 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 10538
wolfSSL 7:481bce714567 10539
wolfSSL 7:481bce714567 10540 #ifndef NO_SHA
wolfSSL 7:481bce714567 10541 void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 7:481bce714567 10542 {
wolfSSL 7:481bce714567 10543 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL 7:481bce714567 10544 (void)sizeof(sha_test);
wolfSSL 7:481bce714567 10545
wolfSSL 7:481bce714567 10546 WOLFSSL_ENTER("SHA_Init");
wolfSSL 7:481bce714567 10547 wc_InitSha((Sha*)sha); /* OpenSSL compat, no ret */
wolfSSL 7:481bce714567 10548 }
wolfSSL 7:481bce714567 10549
wolfSSL 7:481bce714567 10550
wolfSSL 7:481bce714567 10551 void wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10552 unsigned long sz)
wolfSSL 7:481bce714567 10553 {
wolfSSL 7:481bce714567 10554 WOLFSSL_ENTER("SHA_Update");
wolfSSL 7:481bce714567 10555 wc_ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10556 }
wolfSSL 7:481bce714567 10557
wolfSSL 7:481bce714567 10558
wolfSSL 7:481bce714567 10559 void wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 7:481bce714567 10560 {
wolfSSL 7:481bce714567 10561 WOLFSSL_ENTER("SHA_Final");
wolfSSL 7:481bce714567 10562 wc_ShaFinal((Sha*)sha, input);
wolfSSL 7:481bce714567 10563 }
wolfSSL 7:481bce714567 10564
wolfSSL 7:481bce714567 10565
wolfSSL 7:481bce714567 10566 void wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 7:481bce714567 10567 {
wolfSSL 7:481bce714567 10568 WOLFSSL_ENTER("SHA1_Init");
wolfSSL 7:481bce714567 10569 SHA_Init(sha);
wolfSSL 7:481bce714567 10570 }
wolfSSL 7:481bce714567 10571
wolfSSL 7:481bce714567 10572
wolfSSL 7:481bce714567 10573 void wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10574 unsigned long sz)
wolfSSL 7:481bce714567 10575 {
wolfSSL 7:481bce714567 10576 WOLFSSL_ENTER("SHA1_Update");
wolfSSL 7:481bce714567 10577 SHA_Update(sha, input, sz);
wolfSSL 7:481bce714567 10578 }
wolfSSL 7:481bce714567 10579
wolfSSL 7:481bce714567 10580
wolfSSL 7:481bce714567 10581 void wolfSSL_SHA1_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 7:481bce714567 10582 {
wolfSSL 7:481bce714567 10583 WOLFSSL_ENTER("SHA1_Final");
wolfSSL 7:481bce714567 10584 SHA_Final(input, sha);
wolfSSL 7:481bce714567 10585 }
wolfSSL 7:481bce714567 10586 #endif /* NO_SHA */
wolfSSL 7:481bce714567 10587
wolfSSL 7:481bce714567 10588 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 10589
wolfSSL 7:481bce714567 10590 void wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha)
wolfSSL 7:481bce714567 10591 {
wolfSSL 7:481bce714567 10592 typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(Sha224) ? 1 : -1];
wolfSSL 7:481bce714567 10593 (void)sizeof(sha_test);
wolfSSL 7:481bce714567 10594
wolfSSL 7:481bce714567 10595 WOLFSSL_ENTER("SHA224_Init");
wolfSSL 7:481bce714567 10596 wc_InitSha224((Sha224*)sha); /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10597 }
wolfSSL 7:481bce714567 10598
wolfSSL 7:481bce714567 10599
wolfSSL 7:481bce714567 10600 void wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10601 unsigned long sz)
wolfSSL 7:481bce714567 10602 {
wolfSSL 7:481bce714567 10603 WOLFSSL_ENTER("SHA224_Update");
wolfSSL 7:481bce714567 10604 wc_Sha224Update((Sha224*)sha, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10605 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10606 }
wolfSSL 7:481bce714567 10607
wolfSSL 7:481bce714567 10608
wolfSSL 7:481bce714567 10609 void wolfSSL_SHA224_Final(byte* input, WOLFSSL_SHA224_CTX* sha)
wolfSSL 7:481bce714567 10610 {
wolfSSL 7:481bce714567 10611 WOLFSSL_ENTER("SHA224_Final");
wolfSSL 7:481bce714567 10612 wc_Sha224Final((Sha224*)sha, input);
wolfSSL 7:481bce714567 10613 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10614 }
wolfSSL 7:481bce714567 10615
wolfSSL 7:481bce714567 10616 #endif /* WOLFSSL_SHA224 */
wolfSSL 7:481bce714567 10617
wolfSSL 7:481bce714567 10618
wolfSSL 7:481bce714567 10619 void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
wolfSSL 7:481bce714567 10620 {
wolfSSL 7:481bce714567 10621 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL 7:481bce714567 10622 (void)sizeof(sha_test);
wolfSSL 7:481bce714567 10623
wolfSSL 7:481bce714567 10624 WOLFSSL_ENTER("SHA256_Init");
wolfSSL 7:481bce714567 10625 wc_InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10626 }
wolfSSL 7:481bce714567 10627
wolfSSL 7:481bce714567 10628
wolfSSL 7:481bce714567 10629 void wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10630 unsigned long sz)
wolfSSL 7:481bce714567 10631 {
wolfSSL 7:481bce714567 10632 WOLFSSL_ENTER("SHA256_Update");
wolfSSL 7:481bce714567 10633 wc_Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10634 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10635 }
wolfSSL 7:481bce714567 10636
wolfSSL 7:481bce714567 10637
wolfSSL 7:481bce714567 10638 void wolfSSL_SHA256_Final(byte* input, WOLFSSL_SHA256_CTX* sha)
wolfSSL 7:481bce714567 10639 {
wolfSSL 7:481bce714567 10640 WOLFSSL_ENTER("SHA256_Final");
wolfSSL 7:481bce714567 10641 wc_Sha256Final((Sha256*)sha, input);
wolfSSL 7:481bce714567 10642 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10643 }
wolfSSL 7:481bce714567 10644
wolfSSL 7:481bce714567 10645
wolfSSL 7:481bce714567 10646 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 10647
wolfSSL 7:481bce714567 10648 void wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
wolfSSL 7:481bce714567 10649 {
wolfSSL 7:481bce714567 10650 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL 7:481bce714567 10651 (void)sizeof(sha_test);
wolfSSL 7:481bce714567 10652
wolfSSL 7:481bce714567 10653 WOLFSSL_ENTER("SHA384_Init");
wolfSSL 7:481bce714567 10654 wc_InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10655 }
wolfSSL 7:481bce714567 10656
wolfSSL 7:481bce714567 10657
wolfSSL 7:481bce714567 10658 void wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10659 unsigned long sz)
wolfSSL 7:481bce714567 10660 {
wolfSSL 7:481bce714567 10661 WOLFSSL_ENTER("SHA384_Update");
wolfSSL 7:481bce714567 10662 wc_Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10663 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10664 }
wolfSSL 7:481bce714567 10665
wolfSSL 7:481bce714567 10666
wolfSSL 7:481bce714567 10667 void wolfSSL_SHA384_Final(byte* input, WOLFSSL_SHA384_CTX* sha)
wolfSSL 7:481bce714567 10668 {
wolfSSL 7:481bce714567 10669 WOLFSSL_ENTER("SHA384_Final");
wolfSSL 7:481bce714567 10670 wc_Sha384Final((Sha384*)sha, input);
wolfSSL 7:481bce714567 10671 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10672 }
wolfSSL 7:481bce714567 10673
wolfSSL 7:481bce714567 10674 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 10675
wolfSSL 7:481bce714567 10676
wolfSSL 7:481bce714567 10677 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 10678
wolfSSL 7:481bce714567 10679 void wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha)
wolfSSL 7:481bce714567 10680 {
wolfSSL 7:481bce714567 10681 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL 7:481bce714567 10682 (void)sizeof(sha_test);
wolfSSL 7:481bce714567 10683
wolfSSL 7:481bce714567 10684 WOLFSSL_ENTER("SHA512_Init");
wolfSSL 7:481bce714567 10685 wc_InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10686 }
wolfSSL 7:481bce714567 10687
wolfSSL 7:481bce714567 10688
wolfSSL 7:481bce714567 10689 void wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, const void* input,
wolfSSL 7:481bce714567 10690 unsigned long sz)
wolfSSL 7:481bce714567 10691 {
wolfSSL 7:481bce714567 10692 WOLFSSL_ENTER("SHA512_Update");
wolfSSL 7:481bce714567 10693 wc_Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 7:481bce714567 10694 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10695 }
wolfSSL 7:481bce714567 10696
wolfSSL 7:481bce714567 10697
wolfSSL 7:481bce714567 10698 void wolfSSL_SHA512_Final(byte* input, WOLFSSL_SHA512_CTX* sha)
wolfSSL 7:481bce714567 10699 {
wolfSSL 7:481bce714567 10700 WOLFSSL_ENTER("SHA512_Final");
wolfSSL 7:481bce714567 10701 wc_Sha512Final((Sha512*)sha, input);
wolfSSL 7:481bce714567 10702 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 10703 }
wolfSSL 7:481bce714567 10704
wolfSSL 7:481bce714567 10705 #endif /* WOLFSSL_SHA512 */
wolfSSL 7:481bce714567 10706
wolfSSL 7:481bce714567 10707 static struct s_ent{
wolfSSL 7:481bce714567 10708 const unsigned char macType;
wolfSSL 7:481bce714567 10709 const char *name;
wolfSSL 7:481bce714567 10710 } md_tbl[] = {
wolfSSL 7:481bce714567 10711 #ifndef NO_MD5
wolfSSL 7:481bce714567 10712 {MD5, "MD5"},
wolfSSL 7:481bce714567 10713 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 10714
wolfSSL 7:481bce714567 10715 #ifndef NO_SHA
wolfSSL 7:481bce714567 10716 {SHA, "SHA"},
wolfSSL 7:481bce714567 10717 #endif /* NO_SHA */
wolfSSL 7:481bce714567 10718
wolfSSL 7:481bce714567 10719 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 10720 {SHA224, "SHA224"},
wolfSSL 7:481bce714567 10721 #endif /* WOLFSSL_SHA224 */
wolfSSL 7:481bce714567 10722
wolfSSL 7:481bce714567 10723 {SHA256, "SHA256"},
wolfSSL 7:481bce714567 10724
wolfSSL 7:481bce714567 10725 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 10726 {SHA384, "SHA384"},
wolfSSL 7:481bce714567 10727 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 10728
wolfSSL 7:481bce714567 10729 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 10730 {SHA512, "SHA512"},
wolfSSL 7:481bce714567 10731 #endif /* WOLFSSL_SHA512 */
wolfSSL 7:481bce714567 10732
wolfSSL 7:481bce714567 10733 {0, NULL}
wolfSSL 7:481bce714567 10734 } ;
wolfSSL 7:481bce714567 10735
wolfSSL 7:481bce714567 10736 const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
wolfSSL 7:481bce714567 10737 {
wolfSSL 7:481bce714567 10738 static const struct alias {
wolfSSL 7:481bce714567 10739 const char *name;
wolfSSL 7:481bce714567 10740 const char *alias;
wolfSSL 7:481bce714567 10741 } alias_tbl[] =
wolfSSL 7:481bce714567 10742 {
wolfSSL 7:481bce714567 10743 {"MD5", "ssl3-md5"},
wolfSSL 7:481bce714567 10744 {"SHA1", "ssl3-sha1"},
wolfSSL 7:481bce714567 10745 { NULL, NULL}
wolfSSL 7:481bce714567 10746 };
wolfSSL 7:481bce714567 10747
wolfSSL 7:481bce714567 10748 const struct alias *al ;
wolfSSL 7:481bce714567 10749 const struct s_ent *ent ;
wolfSSL 7:481bce714567 10750
wolfSSL 7:481bce714567 10751 for( al = alias_tbl; al->name != NULL; al++)
wolfSSL 7:481bce714567 10752 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
wolfSSL 7:481bce714567 10753 name = al->name;
wolfSSL 7:481bce714567 10754 break;
wolfSSL 7:481bce714567 10755 }
wolfSSL 7:481bce714567 10756
wolfSSL 7:481bce714567 10757 for( ent = md_tbl; ent->name != NULL; ent++)
wolfSSL 7:481bce714567 10758 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 7:481bce714567 10759 return (EVP_MD *)ent->name;
wolfSSL 7:481bce714567 10760 }
wolfSSL 7:481bce714567 10761 return NULL;
wolfSSL 7:481bce714567 10762 }
wolfSSL 7:481bce714567 10763
wolfSSL 7:481bce714567 10764 static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type)
wolfSSL 7:481bce714567 10765 {
wolfSSL 7:481bce714567 10766 const struct s_ent *ent ;
wolfSSL 7:481bce714567 10767 for( ent = md_tbl; ent->macType != 0; ent++)
wolfSSL 7:481bce714567 10768 if(type == ent->macType) {
wolfSSL 7:481bce714567 10769 return (WOLFSSL_EVP_MD *)ent->name;
wolfSSL 7:481bce714567 10770 }
wolfSSL 7:481bce714567 10771 return 0;
wolfSSL 7:481bce714567 10772 }
wolfSSL 7:481bce714567 10773
wolfSSL 7:481bce714567 10774 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
wolfSSL 7:481bce714567 10775 {
wolfSSL 7:481bce714567 10776 const struct s_ent *ent ;
wolfSSL 7:481bce714567 10777 for( ent = md_tbl; ent->name != NULL; ent++)
wolfSSL 7:481bce714567 10778 if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 7:481bce714567 10779 return ent->macType;
wolfSSL 7:481bce714567 10780 }
wolfSSL 7:481bce714567 10781 return 0;
wolfSSL 7:481bce714567 10782 }
wolfSSL 7:481bce714567 10783
wolfSSL 7:481bce714567 10784
wolfSSL 7:481bce714567 10785 #ifndef NO_MD5
wolfSSL 7:481bce714567 10786
wolfSSL 7:481bce714567 10787 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
wolfSSL 7:481bce714567 10788 {
wolfSSL 7:481bce714567 10789 const char* type = EVP_get_digestbyname("MD5");
wolfSSL 7:481bce714567 10790 WOLFSSL_ENTER("EVP_md5");
wolfSSL 7:481bce714567 10791 return type;
wolfSSL 7:481bce714567 10792 }
wolfSSL 7:481bce714567 10793
wolfSSL 7:481bce714567 10794 #endif /* NO_MD5 */
wolfSSL 7:481bce714567 10795
wolfSSL 7:481bce714567 10796
wolfSSL 7:481bce714567 10797 #ifndef NO_SHA
wolfSSL 7:481bce714567 10798 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
wolfSSL 7:481bce714567 10799 {
wolfSSL 7:481bce714567 10800 const char* type = EVP_get_digestbyname("SHA");
wolfSSL 7:481bce714567 10801 WOLFSSL_ENTER("EVP_sha1");
wolfSSL 7:481bce714567 10802 return type;
wolfSSL 7:481bce714567 10803 }
wolfSSL 7:481bce714567 10804 #endif /* NO_SHA */
wolfSSL 7:481bce714567 10805
wolfSSL 7:481bce714567 10806 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 10807
wolfSSL 7:481bce714567 10808 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
wolfSSL 7:481bce714567 10809 {
wolfSSL 7:481bce714567 10810 const char* type = EVP_get_digestbyname("SHA224");
wolfSSL 7:481bce714567 10811 WOLFSSL_ENTER("EVP_sha224");
wolfSSL 7:481bce714567 10812 return type;
wolfSSL 7:481bce714567 10813 }
wolfSSL 7:481bce714567 10814
wolfSSL 7:481bce714567 10815 #endif /* WOLFSSL_SHA224 */
wolfSSL 7:481bce714567 10816
wolfSSL 7:481bce714567 10817
wolfSSL 7:481bce714567 10818 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
wolfSSL 7:481bce714567 10819 {
wolfSSL 7:481bce714567 10820 const char* type = EVP_get_digestbyname("SHA256");
wolfSSL 7:481bce714567 10821 WOLFSSL_ENTER("EVP_sha256");
wolfSSL 7:481bce714567 10822 return type;
wolfSSL 7:481bce714567 10823 }
wolfSSL 7:481bce714567 10824
wolfSSL 7:481bce714567 10825 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 10826
wolfSSL 7:481bce714567 10827 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
wolfSSL 7:481bce714567 10828 {
wolfSSL 7:481bce714567 10829 const char* type = EVP_get_digestbyname("SHA384");
wolfSSL 7:481bce714567 10830 WOLFSSL_ENTER("EVP_sha384");
wolfSSL 7:481bce714567 10831 return type;
wolfSSL 7:481bce714567 10832 }
wolfSSL 7:481bce714567 10833
wolfSSL 7:481bce714567 10834 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 10835
wolfSSL 7:481bce714567 10836 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 10837
wolfSSL 7:481bce714567 10838 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
wolfSSL 7:481bce714567 10839 {
wolfSSL 7:481bce714567 10840 const char* type = EVP_get_digestbyname("SHA512");
wolfSSL 7:481bce714567 10841 WOLFSSL_ENTER("EVP_sha512");
wolfSSL 7:481bce714567 10842 return type;
wolfSSL 7:481bce714567 10843 }
wolfSSL 7:481bce714567 10844
wolfSSL 7:481bce714567 10845 #endif /* WOLFSSL_SHA512 */
wolfSSL 7:481bce714567 10846
wolfSSL 7:481bce714567 10847 WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void)
wolfSSL 7:481bce714567 10848 {
wolfSSL 7:481bce714567 10849 WOLFSSL_EVP_MD_CTX* ctx;
wolfSSL 7:481bce714567 10850 WOLFSSL_ENTER("EVP_MD_CTX_new");
wolfSSL 7:481bce714567 10851 ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL,
wolfSSL 7:481bce714567 10852 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10853 if (ctx){
wolfSSL 7:481bce714567 10854 wolfSSL_EVP_MD_CTX_init(ctx);
wolfSSL 7:481bce714567 10855 }
wolfSSL 7:481bce714567 10856 return ctx;
wolfSSL 7:481bce714567 10857 }
wolfSSL 7:481bce714567 10858
wolfSSL 7:481bce714567 10859 WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx)
wolfSSL 7:481bce714567 10860 {
wolfSSL 7:481bce714567 10861 if (ctx) {
wolfSSL 7:481bce714567 10862 WOLFSSL_ENTER("EVP_MD_CTX_free");
wolfSSL 7:481bce714567 10863 wolfSSL_EVP_MD_CTX_cleanup(ctx);
wolfSSL 7:481bce714567 10864 XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10865 }
wolfSSL 7:481bce714567 10866 }
wolfSSL 7:481bce714567 10867
wolfSSL 7:481bce714567 10868 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 7:481bce714567 10869 {
wolfSSL 7:481bce714567 10870 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL 7:481bce714567 10871 (void)ctx;
wolfSSL 7:481bce714567 10872 /* do nothing */
wolfSSL 7:481bce714567 10873 }
wolfSSL 7:481bce714567 10874
wolfSSL 7:481bce714567 10875 const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx)
wolfSSL 7:481bce714567 10876 {
wolfSSL 7:481bce714567 10877 if (!ctx)
wolfSSL 7:481bce714567 10878 return NULL;
wolfSSL 7:481bce714567 10879 return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType);
wolfSSL 7:481bce714567 10880 }
wolfSSL 7:481bce714567 10881
wolfSSL 7:481bce714567 10882 #ifndef NO_AES
wolfSSL 7:481bce714567 10883
wolfSSL 7:481bce714567 10884 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
wolfSSL 7:481bce714567 10885 {
wolfSSL 7:481bce714567 10886 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
wolfSSL 7:481bce714567 10887 return EVP_AES_128_CBC;
wolfSSL 7:481bce714567 10888 }
wolfSSL 7:481bce714567 10889
wolfSSL 7:481bce714567 10890
wolfSSL 7:481bce714567 10891 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
wolfSSL 7:481bce714567 10892 {
wolfSSL 7:481bce714567 10893 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
wolfSSL 7:481bce714567 10894 return EVP_AES_192_CBC;
wolfSSL 7:481bce714567 10895 }
wolfSSL 7:481bce714567 10896
wolfSSL 7:481bce714567 10897
wolfSSL 7:481bce714567 10898 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
wolfSSL 7:481bce714567 10899 {
wolfSSL 7:481bce714567 10900 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
wolfSSL 7:481bce714567 10901 return EVP_AES_256_CBC;
wolfSSL 7:481bce714567 10902 }
wolfSSL 7:481bce714567 10903
wolfSSL 7:481bce714567 10904
wolfSSL 7:481bce714567 10905 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
wolfSSL 7:481bce714567 10906 {
wolfSSL 7:481bce714567 10907 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
wolfSSL 7:481bce714567 10908 return EVP_AES_128_CTR;
wolfSSL 7:481bce714567 10909 }
wolfSSL 7:481bce714567 10910
wolfSSL 7:481bce714567 10911
wolfSSL 7:481bce714567 10912 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
wolfSSL 7:481bce714567 10913 {
wolfSSL 7:481bce714567 10914 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
wolfSSL 7:481bce714567 10915 return EVP_AES_192_CTR;
wolfSSL 7:481bce714567 10916 }
wolfSSL 7:481bce714567 10917
wolfSSL 7:481bce714567 10918
wolfSSL 7:481bce714567 10919 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
wolfSSL 7:481bce714567 10920 {
wolfSSL 7:481bce714567 10921 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
wolfSSL 7:481bce714567 10922 return EVP_AES_256_CTR;
wolfSSL 7:481bce714567 10923 }
wolfSSL 7:481bce714567 10924
wolfSSL 7:481bce714567 10925 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void)
wolfSSL 7:481bce714567 10926 {
wolfSSL 7:481bce714567 10927 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb");
wolfSSL 7:481bce714567 10928 return EVP_AES_128_ECB;
wolfSSL 7:481bce714567 10929 }
wolfSSL 7:481bce714567 10930
wolfSSL 7:481bce714567 10931
wolfSSL 7:481bce714567 10932 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void)
wolfSSL 7:481bce714567 10933 {
wolfSSL 7:481bce714567 10934 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb");
wolfSSL 7:481bce714567 10935 return EVP_AES_192_ECB;
wolfSSL 7:481bce714567 10936 }
wolfSSL 7:481bce714567 10937
wolfSSL 7:481bce714567 10938
wolfSSL 7:481bce714567 10939 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void)
wolfSSL 7:481bce714567 10940 {
wolfSSL 7:481bce714567 10941 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb");
wolfSSL 7:481bce714567 10942 return EVP_AES_256_ECB;
wolfSSL 7:481bce714567 10943 }
wolfSSL 7:481bce714567 10944 #endif /* NO_AES */
wolfSSL 7:481bce714567 10945
wolfSSL 7:481bce714567 10946 #ifndef NO_DES3
wolfSSL 7:481bce714567 10947 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
wolfSSL 7:481bce714567 10948 {
wolfSSL 7:481bce714567 10949 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
wolfSSL 7:481bce714567 10950 return EVP_DES_CBC;
wolfSSL 7:481bce714567 10951 }
wolfSSL 7:481bce714567 10952 #ifdef WOLFSSL_DES_ECB
wolfSSL 7:481bce714567 10953 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void)
wolfSSL 7:481bce714567 10954 {
wolfSSL 7:481bce714567 10955 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb");
wolfSSL 7:481bce714567 10956 return EVP_DES_ECB;
wolfSSL 7:481bce714567 10957 }
wolfSSL 7:481bce714567 10958 #endif
wolfSSL 7:481bce714567 10959 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
wolfSSL 7:481bce714567 10960 {
wolfSSL 7:481bce714567 10961 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
wolfSSL 7:481bce714567 10962 return EVP_DES_EDE3_CBC;
wolfSSL 7:481bce714567 10963 }
wolfSSL 7:481bce714567 10964 #ifdef WOLFSSL_DES_ECB
wolfSSL 7:481bce714567 10965 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void)
wolfSSL 7:481bce714567 10966 {
wolfSSL 7:481bce714567 10967 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb");
wolfSSL 7:481bce714567 10968 return EVP_DES_EDE3_ECB;
wolfSSL 7:481bce714567 10969 }
wolfSSL 7:481bce714567 10970 #endif
wolfSSL 7:481bce714567 10971 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 10972
wolfSSL 7:481bce714567 10973 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
wolfSSL 7:481bce714567 10974 {
wolfSSL 7:481bce714567 10975 static const char* type = "ARC4";
wolfSSL 7:481bce714567 10976 WOLFSSL_ENTER("wolfSSL_EVP_rc4");
wolfSSL 7:481bce714567 10977 return type;
wolfSSL 7:481bce714567 10978 }
wolfSSL 7:481bce714567 10979
wolfSSL 7:481bce714567 10980 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 10981 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void)
wolfSSL 7:481bce714567 10982 {
wolfSSL 7:481bce714567 10983 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc");
wolfSSL 7:481bce714567 10984 return EVP_IDEA_CBC;
wolfSSL 7:481bce714567 10985 }
wolfSSL 7:481bce714567 10986 #endif
wolfSSL 7:481bce714567 10987 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
wolfSSL 7:481bce714567 10988 {
wolfSSL 7:481bce714567 10989 static const char* type = "NULL";
wolfSSL 7:481bce714567 10990 WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
wolfSSL 7:481bce714567 10991 return type;
wolfSSL 7:481bce714567 10992 }
wolfSSL 7:481bce714567 10993
wolfSSL 7:481bce714567 10994
wolfSSL 7:481bce714567 10995 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 7:481bce714567 10996 {
wolfSSL 7:481bce714567 10997 WOLFSSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL 7:481bce714567 10998 (void)ctx;
wolfSSL 7:481bce714567 10999 return 0;
wolfSSL 7:481bce714567 11000 }
wolfSSL 7:481bce714567 11001
wolfSSL 7:481bce714567 11002
wolfSSL 7:481bce714567 11003
wolfSSL 7:481bce714567 11004 void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 11005 {
wolfSSL 7:481bce714567 11006 WOLFSSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL 7:481bce714567 11007 if (ctx) {
wolfSSL 7:481bce714567 11008 ctx->cipherType = 0xff; /* no init */
wolfSSL 7:481bce714567 11009 ctx->keyLen = 0;
wolfSSL 7:481bce714567 11010 ctx->enc = 1; /* start in encrypt mode */
wolfSSL 7:481bce714567 11011 }
wolfSSL 7:481bce714567 11012 }
wolfSSL 7:481bce714567 11013
wolfSSL 7:481bce714567 11014
wolfSSL 7:481bce714567 11015 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11016 int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 11017 {
wolfSSL 7:481bce714567 11018 WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL 7:481bce714567 11019 if (ctx) {
wolfSSL 7:481bce714567 11020 ctx->cipherType = 0xff; /* no more init */
wolfSSL 7:481bce714567 11021 ctx->keyLen = 0;
wolfSSL 7:481bce714567 11022 }
wolfSSL 7:481bce714567 11023
wolfSSL 7:481bce714567 11024 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11025 }
wolfSSL 7:481bce714567 11026
wolfSSL 7:481bce714567 11027
wolfSSL 7:481bce714567 11028 /* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
wolfSSL 7:481bce714567 11029 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 7:481bce714567 11030 const WOLFSSL_EVP_CIPHER* type, byte* key,
wolfSSL 7:481bce714567 11031 byte* iv, int enc)
wolfSSL 7:481bce714567 11032 {
wolfSSL 7:481bce714567 11033 int ret = -1; /* failure local, during function 0 means success
wolfSSL 7:481bce714567 11034 because internal functions work that way */
wolfSSL 7:481bce714567 11035 (void)key;
wolfSSL 7:481bce714567 11036 (void)iv;
wolfSSL 7:481bce714567 11037 (void)enc;
wolfSSL 7:481bce714567 11038
wolfSSL 7:481bce714567 11039 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
wolfSSL 7:481bce714567 11040 if (ctx == NULL) {
wolfSSL 7:481bce714567 11041 WOLFSSL_MSG("no ctx");
wolfSSL 7:481bce714567 11042 return 0; /* failure */
wolfSSL 7:481bce714567 11043 }
wolfSSL 7:481bce714567 11044
wolfSSL 7:481bce714567 11045 if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL 7:481bce714567 11046 WOLFSSL_MSG("no type set");
wolfSSL 7:481bce714567 11047 return 0; /* failure */
wolfSSL 7:481bce714567 11048 }
wolfSSL 7:481bce714567 11049 ctx->bufUsed = 0;
wolfSSL 7:481bce714567 11050 ctx->lastUsed = 0;
wolfSSL 7:481bce714567 11051 ctx->flags = 0;
wolfSSL 7:481bce714567 11052
wolfSSL 7:481bce714567 11053 #ifndef NO_AES
wolfSSL 7:481bce714567 11054 /* printf("cipherType=%d\n", ctx->cipherType); */
wolfSSL 7:481bce714567 11055 if (ctx->cipherType == AES_128_CBC_TYPE ||
wolfSSL 7:481bce714567 11056 (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11057 WOLFSSL_MSG("EVP_AES_128_CBC");
wolfSSL 7:481bce714567 11058 ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL 7:481bce714567 11059 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11060 ctx->keyLen = 16;
wolfSSL 7:481bce714567 11061 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11062 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11063 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11064 if (key) {
wolfSSL 7:481bce714567 11065 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11066 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11067 if (ret != 0)
wolfSSL 7:481bce714567 11068 return ret;
wolfSSL 7:481bce714567 11069 }
wolfSSL 7:481bce714567 11070 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11071 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11072 if (ret != 0)
wolfSSL 7:481bce714567 11073 return ret;
wolfSSL 7:481bce714567 11074 }
wolfSSL 7:481bce714567 11075 }
wolfSSL 7:481bce714567 11076 else if (ctx->cipherType == AES_192_CBC_TYPE ||
wolfSSL 7:481bce714567 11077 (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11078 WOLFSSL_MSG("EVP_AES_192_CBC");
wolfSSL 7:481bce714567 11079 ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL 7:481bce714567 11080 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11081 ctx->keyLen = 24;
wolfSSL 7:481bce714567 11082 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11083 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11084 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11085 if (key) {
wolfSSL 7:481bce714567 11086 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11087 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11088 if (ret != 0)
wolfSSL 7:481bce714567 11089 return ret;
wolfSSL 7:481bce714567 11090 }
wolfSSL 7:481bce714567 11091 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11092 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11093 if (ret != 0)
wolfSSL 7:481bce714567 11094 return ret;
wolfSSL 7:481bce714567 11095 }
wolfSSL 7:481bce714567 11096 }
wolfSSL 7:481bce714567 11097 else if (ctx->cipherType == AES_256_CBC_TYPE ||
wolfSSL 7:481bce714567 11098 (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11099 WOLFSSL_MSG("EVP_AES_256_CBC");
wolfSSL 7:481bce714567 11100 ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL 7:481bce714567 11101 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11102 ctx->keyLen = 32;
wolfSSL 7:481bce714567 11103 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11104 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11105 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11106 if (key) {
wolfSSL 7:481bce714567 11107 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11108 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11109 if (ret != 0)
wolfSSL 7:481bce714567 11110 return ret;
wolfSSL 7:481bce714567 11111 }
wolfSSL 7:481bce714567 11112 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11113 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11114 if (ret != 0)
wolfSSL 7:481bce714567 11115 return ret;
wolfSSL 7:481bce714567 11116 }
wolfSSL 7:481bce714567 11117 }
wolfSSL 7:481bce714567 11118 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 7:481bce714567 11119 else if (ctx->cipherType == AES_128_CTR_TYPE ||
wolfSSL 7:481bce714567 11120 (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11121 WOLFSSL_MSG("EVP_AES_128_CTR");
wolfSSL 7:481bce714567 11122 ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL 7:481bce714567 11123 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 7:481bce714567 11124 ctx->keyLen = 16;
wolfSSL 7:481bce714567 11125 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11126 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11127 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11128 if (key) {
wolfSSL 7:481bce714567 11129 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11130 AES_ENCRYPTION);
wolfSSL 7:481bce714567 11131 if (ret != 0)
wolfSSL 7:481bce714567 11132 return ret;
wolfSSL 7:481bce714567 11133 }
wolfSSL 7:481bce714567 11134 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11135 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11136 if (ret != 0)
wolfSSL 7:481bce714567 11137 return ret;
wolfSSL 7:481bce714567 11138 }
wolfSSL 7:481bce714567 11139 }
wolfSSL 7:481bce714567 11140 else if (ctx->cipherType == AES_192_CTR_TYPE ||
wolfSSL 7:481bce714567 11141 (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11142 WOLFSSL_MSG("EVP_AES_192_CTR");
wolfSSL 7:481bce714567 11143 ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL 7:481bce714567 11144 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 7:481bce714567 11145 ctx->keyLen = 24;
wolfSSL 7:481bce714567 11146 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11147 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11148 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11149 if (key) {
wolfSSL 7:481bce714567 11150 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11151 AES_ENCRYPTION);
wolfSSL 7:481bce714567 11152 if (ret != 0)
wolfSSL 7:481bce714567 11153 return ret;
wolfSSL 7:481bce714567 11154 }
wolfSSL 7:481bce714567 11155 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11156 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11157 if (ret != 0)
wolfSSL 7:481bce714567 11158 return ret;
wolfSSL 7:481bce714567 11159 }
wolfSSL 7:481bce714567 11160 }
wolfSSL 7:481bce714567 11161 else if (ctx->cipherType == AES_256_CTR_TYPE ||
wolfSSL 7:481bce714567 11162 (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11163 WOLFSSL_MSG("EVP_AES_256_CTR");
wolfSSL 7:481bce714567 11164 ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL 7:481bce714567 11165 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 7:481bce714567 11166 ctx->keyLen = 32;
wolfSSL 7:481bce714567 11167 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11168 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11169 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11170 if (key) {
wolfSSL 7:481bce714567 11171 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 7:481bce714567 11172 AES_ENCRYPTION);
wolfSSL 7:481bce714567 11173 if (ret != 0)
wolfSSL 7:481bce714567 11174 return ret;
wolfSSL 7:481bce714567 11175 }
wolfSSL 7:481bce714567 11176 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11177 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 7:481bce714567 11178 if (ret != 0)
wolfSSL 7:481bce714567 11179 return ret;
wolfSSL 7:481bce714567 11180 }
wolfSSL 7:481bce714567 11181 }
wolfSSL 7:481bce714567 11182 #endif /* WOLFSSL_AES_CTR */
wolfSSL 7:481bce714567 11183 else if (ctx->cipherType == AES_128_ECB_TYPE ||
wolfSSL 7:481bce714567 11184 (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11185 WOLFSSL_MSG("EVP_AES_128_ECB");
wolfSSL 7:481bce714567 11186 ctx->cipherType = AES_128_ECB_TYPE;
wolfSSL 7:481bce714567 11187 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 7:481bce714567 11188 ctx->keyLen = 16;
wolfSSL 7:481bce714567 11189 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11190 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11191 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11192 if (key) {
wolfSSL 7:481bce714567 11193 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 7:481bce714567 11194 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11195 }
wolfSSL 7:481bce714567 11196 if (ret != 0)
wolfSSL 7:481bce714567 11197 return ret;
wolfSSL 7:481bce714567 11198 }
wolfSSL 7:481bce714567 11199 else if (ctx->cipherType == AES_192_ECB_TYPE ||
wolfSSL 7:481bce714567 11200 (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11201 WOLFSSL_MSG("EVP_AES_192_ECB");
wolfSSL 7:481bce714567 11202 ctx->cipherType = AES_192_ECB_TYPE;
wolfSSL 7:481bce714567 11203 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 7:481bce714567 11204 ctx->keyLen = 24;
wolfSSL 7:481bce714567 11205 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11206 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11207 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11208 if (key) {
wolfSSL 7:481bce714567 11209 if(ctx->enc)
wolfSSL 7:481bce714567 11210 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 7:481bce714567 11211 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11212 }
wolfSSL 7:481bce714567 11213 if (ret != 0)
wolfSSL 7:481bce714567 11214 return ret;
wolfSSL 7:481bce714567 11215 }
wolfSSL 7:481bce714567 11216 else if (ctx->cipherType == AES_256_ECB_TYPE ||
wolfSSL 7:481bce714567 11217 (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11218 WOLFSSL_MSG("EVP_AES_256_ECB");
wolfSSL 7:481bce714567 11219 ctx->cipherType = AES_256_ECB_TYPE;
wolfSSL 7:481bce714567 11220 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 7:481bce714567 11221 ctx->keyLen = 32;
wolfSSL 7:481bce714567 11222 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11223 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11224 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11225 if (key) {
wolfSSL 7:481bce714567 11226 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 7:481bce714567 11227 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 7:481bce714567 11228 }
wolfSSL 7:481bce714567 11229 if (ret != 0)
wolfSSL 7:481bce714567 11230 return ret;
wolfSSL 7:481bce714567 11231 }
wolfSSL 7:481bce714567 11232 #endif /* NO_AES */
wolfSSL 7:481bce714567 11233
wolfSSL 7:481bce714567 11234 #ifndef NO_DES3
wolfSSL 7:481bce714567 11235 if (ctx->cipherType == DES_CBC_TYPE ||
wolfSSL 7:481bce714567 11236 (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11237 WOLFSSL_MSG("EVP_DES_CBC");
wolfSSL 7:481bce714567 11238 ctx->cipherType = DES_CBC_TYPE;
wolfSSL 7:481bce714567 11239 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11240 ctx->keyLen = 8;
wolfSSL 7:481bce714567 11241 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11242 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11243 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11244 if (key) {
wolfSSL 7:481bce714567 11245 ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL 7:481bce714567 11246 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 7:481bce714567 11247 if (ret != 0)
wolfSSL 7:481bce714567 11248 return ret;
wolfSSL 7:481bce714567 11249 }
wolfSSL 7:481bce714567 11250
wolfSSL 7:481bce714567 11251 if (iv && key == NULL)
wolfSSL 7:481bce714567 11252 wc_Des_SetIV(&ctx->cipher.des, iv);
wolfSSL 7:481bce714567 11253 }
wolfSSL 7:481bce714567 11254 #ifdef WOLFSSL_DES_ECB
wolfSSL 7:481bce714567 11255 else if (ctx->cipherType == DES_ECB_TYPE ||
wolfSSL 7:481bce714567 11256 (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) {
wolfSSL 7:481bce714567 11257 WOLFSSL_MSG("EVP_DES_ECB");
wolfSSL 7:481bce714567 11258 ctx->cipherType = DES_ECB_TYPE;
wolfSSL 7:481bce714567 11259 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 7:481bce714567 11260 ctx->keyLen = 8;
wolfSSL 7:481bce714567 11261 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11262 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11263 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11264 if (key) {
wolfSSL 7:481bce714567 11265 ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL,
wolfSSL 7:481bce714567 11266 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 7:481bce714567 11267 if (ret != 0)
wolfSSL 7:481bce714567 11268 return ret;
wolfSSL 7:481bce714567 11269 }
wolfSSL 7:481bce714567 11270 }
wolfSSL 7:481bce714567 11271 #endif
wolfSSL 7:481bce714567 11272 else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
wolfSSL 7:481bce714567 11273 (type &&
wolfSSL 7:481bce714567 11274 XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) {
wolfSSL 7:481bce714567 11275 WOLFSSL_MSG("EVP_DES_EDE3_CBC");
wolfSSL 7:481bce714567 11276 ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL 7:481bce714567 11277 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11278 ctx->keyLen = 24;
wolfSSL 7:481bce714567 11279 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11280 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11281 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11282 if (key) {
wolfSSL 7:481bce714567 11283 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL 7:481bce714567 11284 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 7:481bce714567 11285 if (ret != 0)
wolfSSL 7:481bce714567 11286 return ret;
wolfSSL 7:481bce714567 11287 }
wolfSSL 7:481bce714567 11288
wolfSSL 7:481bce714567 11289 if (iv && key == NULL) {
wolfSSL 7:481bce714567 11290 ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL 7:481bce714567 11291 if (ret != 0)
wolfSSL 7:481bce714567 11292 return ret;
wolfSSL 7:481bce714567 11293 }
wolfSSL 7:481bce714567 11294 }
wolfSSL 7:481bce714567 11295 else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
wolfSSL 7:481bce714567 11296 (type &&
wolfSSL 7:481bce714567 11297 XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) {
wolfSSL 7:481bce714567 11298 WOLFSSL_MSG("EVP_DES_EDE3_ECB");
wolfSSL 7:481bce714567 11299 ctx->cipherType = DES_EDE3_ECB_TYPE;
wolfSSL 7:481bce714567 11300 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 7:481bce714567 11301 ctx->keyLen = 24;
wolfSSL 7:481bce714567 11302 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 11303 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11304 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11305 if (key) {
wolfSSL 7:481bce714567 11306 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL,
wolfSSL 7:481bce714567 11307 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 7:481bce714567 11308 if (ret != 0)
wolfSSL 7:481bce714567 11309 return ret;
wolfSSL 7:481bce714567 11310 }
wolfSSL 7:481bce714567 11311 }
wolfSSL 7:481bce714567 11312 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 11313 #ifndef NO_RC4
wolfSSL 7:481bce714567 11314 if (ctx->cipherType == ARC4_TYPE || (type &&
wolfSSL 7:481bce714567 11315 XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL 7:481bce714567 11316 WOLFSSL_MSG("ARC4");
wolfSSL 7:481bce714567 11317 ctx->cipherType = ARC4_TYPE;
wolfSSL 7:481bce714567 11318 ctx->flags = WOLFSSL_EVP_CIPH_STREAM_CIPHER;
wolfSSL 7:481bce714567 11319 if (ctx->keyLen == 0) /* user may have already set */
wolfSSL 7:481bce714567 11320 ctx->keyLen = 16; /* default to 128 */
wolfSSL 7:481bce714567 11321 if (key)
wolfSSL 7:481bce714567 11322 wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL 7:481bce714567 11323 ret = 0; /* success */
wolfSSL 7:481bce714567 11324 }
wolfSSL 7:481bce714567 11325 #endif /* NO_RC4 */
wolfSSL 7:481bce714567 11326 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 11327 if (ctx->cipherType == IDEA_CBC_TYPE ||
wolfSSL 7:481bce714567 11328 (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
wolfSSL 7:481bce714567 11329 WOLFSSL_MSG("EVP_IDEA_CBC");
wolfSSL 7:481bce714567 11330 ctx->cipherType = IDEA_CBC_TYPE;
wolfSSL 7:481bce714567 11331 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 7:481bce714567 11332 ctx->keyLen = IDEA_KEY_SIZE;
wolfSSL 7:481bce714567 11333 if (enc == 0 || enc == 1)
wolfSSL 7:481bce714567 11334 ctx->enc = enc ? 1 : 0;
wolfSSL 7:481bce714567 11335 if (key) {
wolfSSL 7:481bce714567 11336 ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen,
wolfSSL 7:481bce714567 11337 iv, ctx->enc ? IDEA_ENCRYPTION :
wolfSSL 7:481bce714567 11338 IDEA_DECRYPTION);
wolfSSL 7:481bce714567 11339 if (ret != 0)
wolfSSL 7:481bce714567 11340 return ret;
wolfSSL 7:481bce714567 11341 }
wolfSSL 7:481bce714567 11342
wolfSSL 7:481bce714567 11343 if (iv && key == NULL)
wolfSSL 7:481bce714567 11344 wc_IdeaSetIV(&ctx->cipher.idea, iv);
wolfSSL 7:481bce714567 11345 }
wolfSSL 7:481bce714567 11346 #endif /* HAVE_IDEA */
wolfSSL 7:481bce714567 11347 if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
wolfSSL 7:481bce714567 11348 XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL 7:481bce714567 11349 WOLFSSL_MSG("NULL cipher");
wolfSSL 7:481bce714567 11350 ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL 7:481bce714567 11351 ctx->keyLen = 0;
wolfSSL 7:481bce714567 11352 ret = 0; /* success */
wolfSSL 7:481bce714567 11353 }
wolfSSL 7:481bce714567 11354
wolfSSL 7:481bce714567 11355 if (ret == 0)
wolfSSL 7:481bce714567 11356 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11357 else
wolfSSL 7:481bce714567 11358 return 0; /* overall failure */
wolfSSL 7:481bce714567 11359 }
wolfSSL 7:481bce714567 11360
wolfSSL 7:481bce714567 11361
wolfSSL 7:481bce714567 11362 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11363 int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 11364 {
wolfSSL 7:481bce714567 11365 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
wolfSSL 7:481bce714567 11366 if (ctx)
wolfSSL 7:481bce714567 11367 return ctx->keyLen;
wolfSSL 7:481bce714567 11368
wolfSSL 7:481bce714567 11369 return 0; /* failure */
wolfSSL 7:481bce714567 11370 }
wolfSSL 7:481bce714567 11371
wolfSSL 7:481bce714567 11372
wolfSSL 7:481bce714567 11373 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11374 int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 7:481bce714567 11375 int keylen)
wolfSSL 7:481bce714567 11376 {
wolfSSL 7:481bce714567 11377 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL 7:481bce714567 11378 if (ctx)
wolfSSL 7:481bce714567 11379 ctx->keyLen = keylen;
wolfSSL 7:481bce714567 11380 else
wolfSSL 7:481bce714567 11381 return 0; /* failure */
wolfSSL 7:481bce714567 11382
wolfSSL 7:481bce714567 11383 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11384 }
wolfSSL 7:481bce714567 11385
wolfSSL 7:481bce714567 11386
wolfSSL 7:481bce714567 11387 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11388 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL 7:481bce714567 11389 word32 len)
wolfSSL 7:481bce714567 11390 {
wolfSSL 7:481bce714567 11391 int ret = 0;
wolfSSL 7:481bce714567 11392 WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
wolfSSL 7:481bce714567 11393
wolfSSL 7:481bce714567 11394 if (ctx == NULL || dst == NULL || src == NULL) {
wolfSSL 7:481bce714567 11395 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 11396 return 0; /* failure */
wolfSSL 7:481bce714567 11397 }
wolfSSL 7:481bce714567 11398
wolfSSL 7:481bce714567 11399 if (ctx->cipherType == 0xff) {
wolfSSL 7:481bce714567 11400 WOLFSSL_MSG("no init");
wolfSSL 7:481bce714567 11401 return 0; /* failure */
wolfSSL 7:481bce714567 11402 }
wolfSSL 7:481bce714567 11403
wolfSSL 7:481bce714567 11404 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 11405
wolfSSL 7:481bce714567 11406 #ifndef NO_AES
wolfSSL 7:481bce714567 11407 #ifdef HAVE_AES_CBC
wolfSSL 7:481bce714567 11408 case AES_128_CBC_TYPE :
wolfSSL 7:481bce714567 11409 case AES_192_CBC_TYPE :
wolfSSL 7:481bce714567 11410 case AES_256_CBC_TYPE :
wolfSSL 7:481bce714567 11411 WOLFSSL_MSG("AES CBC");
wolfSSL 7:481bce714567 11412 if (ctx->enc)
wolfSSL 7:481bce714567 11413 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 7:481bce714567 11414 else
wolfSSL 7:481bce714567 11415 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 7:481bce714567 11416 break;
wolfSSL 7:481bce714567 11417 #endif /* HAVE_AES_CBC */
wolfSSL 7:481bce714567 11418 #ifdef HAVE_AES_ECB
wolfSSL 7:481bce714567 11419 case AES_128_ECB_TYPE :
wolfSSL 7:481bce714567 11420 case AES_192_ECB_TYPE :
wolfSSL 7:481bce714567 11421 case AES_256_ECB_TYPE :
wolfSSL 7:481bce714567 11422 WOLFSSL_MSG("AES ECB");
wolfSSL 7:481bce714567 11423 if (ctx->enc)
wolfSSL 7:481bce714567 11424 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 7:481bce714567 11425 else
wolfSSL 7:481bce714567 11426 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 7:481bce714567 11427 break;
wolfSSL 7:481bce714567 11428 #endif
wolfSSL 7:481bce714567 11429 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 7:481bce714567 11430 case AES_128_CTR_TYPE :
wolfSSL 7:481bce714567 11431 case AES_192_CTR_TYPE :
wolfSSL 7:481bce714567 11432 case AES_256_CTR_TYPE :
wolfSSL 7:481bce714567 11433 WOLFSSL_MSG("AES CTR");
wolfSSL 7:481bce714567 11434 wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 7:481bce714567 11435 break;
wolfSSL 7:481bce714567 11436 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 7:481bce714567 11437 #endif /* NO_AES */
wolfSSL 7:481bce714567 11438
wolfSSL 7:481bce714567 11439 #ifndef NO_DES3
wolfSSL 7:481bce714567 11440 case DES_CBC_TYPE :
wolfSSL 7:481bce714567 11441 if (ctx->enc)
wolfSSL 7:481bce714567 11442 wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 7:481bce714567 11443 else
wolfSSL 7:481bce714567 11444 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 7:481bce714567 11445 break;
wolfSSL 7:481bce714567 11446 #ifdef WOLFSSL_DES_ECB
wolfSSL 7:481bce714567 11447 case DES_ECB_TYPE :
wolfSSL 7:481bce714567 11448 if (ctx->enc)
wolfSSL 7:481bce714567 11449 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 7:481bce714567 11450 else
wolfSSL 7:481bce714567 11451 ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 7:481bce714567 11452 break;
wolfSSL 7:481bce714567 11453 #endif
wolfSSL 7:481bce714567 11454 case DES_EDE3_CBC_TYPE :
wolfSSL 7:481bce714567 11455 if (ctx->enc)
wolfSSL 7:481bce714567 11456 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 7:481bce714567 11457 else
wolfSSL 7:481bce714567 11458 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 7:481bce714567 11459 break;
wolfSSL 7:481bce714567 11460 #ifdef WOLFSSL_DES_ECB
wolfSSL 7:481bce714567 11461 case DES_EDE3_ECB_TYPE :
wolfSSL 7:481bce714567 11462 if (ctx->enc)
wolfSSL 7:481bce714567 11463 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 7:481bce714567 11464 else
wolfSSL 7:481bce714567 11465 ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 7:481bce714567 11466 break;
wolfSSL 7:481bce714567 11467 #endif
wolfSSL 7:481bce714567 11468 #endif
wolfSSL 7:481bce714567 11469
wolfSSL 7:481bce714567 11470 #ifndef NO_RC4
wolfSSL 7:481bce714567 11471 case ARC4_TYPE :
wolfSSL 7:481bce714567 11472 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL 7:481bce714567 11473 break;
wolfSSL 7:481bce714567 11474 #endif
wolfSSL 7:481bce714567 11475
wolfSSL 7:481bce714567 11476 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 11477 case IDEA_CBC_TYPE :
wolfSSL 7:481bce714567 11478 if (ctx->enc)
wolfSSL 7:481bce714567 11479 wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len);
wolfSSL 7:481bce714567 11480 else
wolfSSL 7:481bce714567 11481 wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len);
wolfSSL 7:481bce714567 11482 break;
wolfSSL 7:481bce714567 11483 #endif
wolfSSL 7:481bce714567 11484 case NULL_CIPHER_TYPE :
wolfSSL 7:481bce714567 11485 XMEMCPY(dst, src, len);
wolfSSL 7:481bce714567 11486 break;
wolfSSL 7:481bce714567 11487
wolfSSL 7:481bce714567 11488 default: {
wolfSSL 7:481bce714567 11489 WOLFSSL_MSG("bad type");
wolfSSL 7:481bce714567 11490 return 0; /* failure */
wolfSSL 7:481bce714567 11491 }
wolfSSL 7:481bce714567 11492 }
wolfSSL 7:481bce714567 11493
wolfSSL 7:481bce714567 11494 if (ret != 0) {
wolfSSL 7:481bce714567 11495 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
wolfSSL 7:481bce714567 11496 return 0; /* failuer */
wolfSSL 7:481bce714567 11497 }
wolfSSL 7:481bce714567 11498
wolfSSL 7:481bce714567 11499 WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
wolfSSL 7:481bce714567 11500 return SSL_SUCCESS; /* success */
wolfSSL 7:481bce714567 11501 }
wolfSSL 7:481bce714567 11502
wolfSSL 7:481bce714567 11503 #include "wolfcrypt/src/evp.c"
wolfSSL 7:481bce714567 11504
wolfSSL 7:481bce714567 11505
wolfSSL 7:481bce714567 11506 /* store for external read of iv, SSL_SUCCESS on success */
wolfSSL 7:481bce714567 11507 int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 11508 {
wolfSSL 7:481bce714567 11509 WOLFSSL_ENTER("wolfSSL_StoreExternalIV");
wolfSSL 7:481bce714567 11510
wolfSSL 7:481bce714567 11511 if (ctx == NULL) {
wolfSSL 7:481bce714567 11512 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 11513 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 11514 }
wolfSSL 7:481bce714567 11515
wolfSSL 7:481bce714567 11516 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 11517
wolfSSL 7:481bce714567 11518 #ifndef NO_AES
wolfSSL 7:481bce714567 11519 case AES_128_CBC_TYPE :
wolfSSL 7:481bce714567 11520 case AES_192_CBC_TYPE :
wolfSSL 7:481bce714567 11521 case AES_256_CBC_TYPE :
wolfSSL 7:481bce714567 11522 WOLFSSL_MSG("AES CBC");
wolfSSL 7:481bce714567 11523 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11524 break;
wolfSSL 7:481bce714567 11525
wolfSSL 7:481bce714567 11526 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 7:481bce714567 11527 case AES_128_CTR_TYPE :
wolfSSL 7:481bce714567 11528 case AES_192_CTR_TYPE :
wolfSSL 7:481bce714567 11529 case AES_256_CTR_TYPE :
wolfSSL 7:481bce714567 11530 WOLFSSL_MSG("AES CTR");
wolfSSL 7:481bce714567 11531 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11532 break;
wolfSSL 7:481bce714567 11533 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 7:481bce714567 11534
wolfSSL 7:481bce714567 11535 #endif /* NO_AES */
wolfSSL 7:481bce714567 11536
wolfSSL 7:481bce714567 11537 #ifndef NO_DES3
wolfSSL 7:481bce714567 11538 case DES_CBC_TYPE :
wolfSSL 7:481bce714567 11539 WOLFSSL_MSG("DES CBC");
wolfSSL 7:481bce714567 11540 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11541 break;
wolfSSL 7:481bce714567 11542
wolfSSL 7:481bce714567 11543 case DES_EDE3_CBC_TYPE :
wolfSSL 7:481bce714567 11544 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 7:481bce714567 11545 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11546 break;
wolfSSL 7:481bce714567 11547 #endif
wolfSSL 7:481bce714567 11548
wolfSSL 7:481bce714567 11549 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 11550 case IDEA_CBC_TYPE :
wolfSSL 7:481bce714567 11551 WOLFSSL_MSG("IDEA CBC");
wolfSSL 7:481bce714567 11552 XMEMCPY(ctx->iv, &ctx->cipher.idea.reg, IDEA_BLOCK_SIZE);
wolfSSL 7:481bce714567 11553 break;
wolfSSL 7:481bce714567 11554 #endif
wolfSSL 7:481bce714567 11555 case ARC4_TYPE :
wolfSSL 7:481bce714567 11556 WOLFSSL_MSG("ARC4");
wolfSSL 7:481bce714567 11557 break;
wolfSSL 7:481bce714567 11558
wolfSSL 7:481bce714567 11559 case NULL_CIPHER_TYPE :
wolfSSL 7:481bce714567 11560 WOLFSSL_MSG("NULL");
wolfSSL 7:481bce714567 11561 break;
wolfSSL 7:481bce714567 11562
wolfSSL 7:481bce714567 11563 default: {
wolfSSL 7:481bce714567 11564 WOLFSSL_MSG("bad type");
wolfSSL 7:481bce714567 11565 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 11566 }
wolfSSL 7:481bce714567 11567 }
wolfSSL 7:481bce714567 11568 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11569 }
wolfSSL 7:481bce714567 11570
wolfSSL 7:481bce714567 11571
wolfSSL 7:481bce714567 11572 /* set internal IV from external, SSL_SUCCESS on success */
wolfSSL 7:481bce714567 11573 int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 11574 {
wolfSSL 7:481bce714567 11575
wolfSSL 7:481bce714567 11576 WOLFSSL_ENTER("wolfSSL_SetInternalIV");
wolfSSL 7:481bce714567 11577
wolfSSL 7:481bce714567 11578 if (ctx == NULL) {
wolfSSL 7:481bce714567 11579 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 11580 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 11581 }
wolfSSL 7:481bce714567 11582
wolfSSL 7:481bce714567 11583 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 11584
wolfSSL 7:481bce714567 11585 #ifndef NO_AES
wolfSSL 7:481bce714567 11586 case AES_128_CBC_TYPE :
wolfSSL 7:481bce714567 11587 case AES_192_CBC_TYPE :
wolfSSL 7:481bce714567 11588 case AES_256_CBC_TYPE :
wolfSSL 7:481bce714567 11589 WOLFSSL_MSG("AES CBC");
wolfSSL 7:481bce714567 11590 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11591 break;
wolfSSL 7:481bce714567 11592
wolfSSL 7:481bce714567 11593 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 7:481bce714567 11594 case AES_128_CTR_TYPE :
wolfSSL 7:481bce714567 11595 case AES_192_CTR_TYPE :
wolfSSL 7:481bce714567 11596 case AES_256_CTR_TYPE :
wolfSSL 7:481bce714567 11597 WOLFSSL_MSG("AES CTR");
wolfSSL 7:481bce714567 11598 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11599 break;
wolfSSL 7:481bce714567 11600 #endif
wolfSSL 7:481bce714567 11601
wolfSSL 7:481bce714567 11602 #endif /* NO_AES */
wolfSSL 7:481bce714567 11603
wolfSSL 7:481bce714567 11604 #ifndef NO_DES3
wolfSSL 7:481bce714567 11605 case DES_CBC_TYPE :
wolfSSL 7:481bce714567 11606 WOLFSSL_MSG("DES CBC");
wolfSSL 7:481bce714567 11607 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11608 break;
wolfSSL 7:481bce714567 11609
wolfSSL 7:481bce714567 11610 case DES_EDE3_CBC_TYPE :
wolfSSL 7:481bce714567 11611 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 7:481bce714567 11612 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11613 break;
wolfSSL 7:481bce714567 11614 #endif
wolfSSL 7:481bce714567 11615
wolfSSL 7:481bce714567 11616 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 11617 case IDEA_CBC_TYPE :
wolfSSL 7:481bce714567 11618 WOLFSSL_MSG("IDEA CBC");
wolfSSL 7:481bce714567 11619 XMEMCPY(&ctx->cipher.idea.reg, ctx->iv, IDEA_BLOCK_SIZE);
wolfSSL 7:481bce714567 11620 break;
wolfSSL 7:481bce714567 11621 #endif
wolfSSL 7:481bce714567 11622 case ARC4_TYPE :
wolfSSL 7:481bce714567 11623 WOLFSSL_MSG("ARC4");
wolfSSL 7:481bce714567 11624 break;
wolfSSL 7:481bce714567 11625
wolfSSL 7:481bce714567 11626 case NULL_CIPHER_TYPE :
wolfSSL 7:481bce714567 11627 WOLFSSL_MSG("NULL");
wolfSSL 7:481bce714567 11628 break;
wolfSSL 7:481bce714567 11629
wolfSSL 7:481bce714567 11630 default: {
wolfSSL 7:481bce714567 11631 WOLFSSL_MSG("bad type");
wolfSSL 7:481bce714567 11632 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 11633 }
wolfSSL 7:481bce714567 11634 }
wolfSSL 7:481bce714567 11635 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11636 }
wolfSSL 7:481bce714567 11637
wolfSSL 7:481bce714567 11638
wolfSSL 7:481bce714567 11639 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11640 int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
wolfSSL 7:481bce714567 11641 const WOLFSSL_EVP_MD* type)
wolfSSL 7:481bce714567 11642 {
wolfSSL 7:481bce714567 11643 WOLFSSL_ENTER("EVP_DigestInit");
wolfSSL 7:481bce714567 11644
wolfSSL 7:481bce714567 11645 if (ctx == NULL || type == NULL) {
wolfSSL 7:481bce714567 11646 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11647 }
wolfSSL 7:481bce714567 11648
wolfSSL 7:481bce714567 11649 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 7:481bce714567 11650 ctx->macType = SHA256;
wolfSSL 7:481bce714567 11651 wolfSSL_SHA256_Init(&(ctx->hash.sha256));
wolfSSL 7:481bce714567 11652 }
wolfSSL 7:481bce714567 11653 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 11654 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
wolfSSL 7:481bce714567 11655 ctx->macType = SHA224;
wolfSSL 7:481bce714567 11656 wolfSSL_SHA224_Init(&(ctx->hash.sha224));
wolfSSL 7:481bce714567 11657 }
wolfSSL 7:481bce714567 11658 #endif
wolfSSL 7:481bce714567 11659 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 11660 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 7:481bce714567 11661 ctx->macType = SHA384;
wolfSSL 7:481bce714567 11662 wolfSSL_SHA384_Init(&(ctx->hash.sha384));
wolfSSL 7:481bce714567 11663 }
wolfSSL 7:481bce714567 11664 #endif
wolfSSL 7:481bce714567 11665 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 11666 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 7:481bce714567 11667 ctx->macType = SHA512;
wolfSSL 7:481bce714567 11668 wolfSSL_SHA512_Init(&(ctx->hash.sha512));
wolfSSL 7:481bce714567 11669 }
wolfSSL 7:481bce714567 11670 #endif
wolfSSL 7:481bce714567 11671 #ifndef NO_MD5
wolfSSL 7:481bce714567 11672 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 7:481bce714567 11673 ctx->macType = MD5;
wolfSSL 7:481bce714567 11674 wolfSSL_MD5_Init(&(ctx->hash.md5));
wolfSSL 7:481bce714567 11675 }
wolfSSL 7:481bce714567 11676 #endif
wolfSSL 7:481bce714567 11677 #ifndef NO_SHA
wolfSSL 7:481bce714567 11678 /* has to be last since would pick or 224, 256, 384, or 512 too */
wolfSSL 7:481bce714567 11679 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 7:481bce714567 11680 ctx->macType = SHA;
wolfSSL 7:481bce714567 11681 wolfSSL_SHA_Init(&(ctx->hash.sha));
wolfSSL 7:481bce714567 11682 }
wolfSSL 7:481bce714567 11683 #endif /* NO_SHA */
wolfSSL 7:481bce714567 11684 else
wolfSSL 7:481bce714567 11685 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11686
wolfSSL 7:481bce714567 11687 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11688 }
wolfSSL 7:481bce714567 11689
wolfSSL 7:481bce714567 11690
wolfSSL 7:481bce714567 11691 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11692 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL 7:481bce714567 11693 unsigned long sz)
wolfSSL 7:481bce714567 11694 {
wolfSSL 7:481bce714567 11695 WOLFSSL_ENTER("EVP_DigestUpdate");
wolfSSL 7:481bce714567 11696
wolfSSL 7:481bce714567 11697 switch (ctx->macType) {
wolfSSL 7:481bce714567 11698 #ifndef NO_MD5
wolfSSL 7:481bce714567 11699 case MD5:
wolfSSL 7:481bce714567 11700 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11701 (unsigned long)sz);
wolfSSL 7:481bce714567 11702 break;
wolfSSL 7:481bce714567 11703 #endif
wolfSSL 7:481bce714567 11704 #ifndef NO_SHA
wolfSSL 7:481bce714567 11705 case SHA:
wolfSSL 7:481bce714567 11706 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11707 (unsigned long)sz);
wolfSSL 7:481bce714567 11708 break;
wolfSSL 7:481bce714567 11709 #endif
wolfSSL 7:481bce714567 11710 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 11711 case SHA224:
wolfSSL 7:481bce714567 11712 wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11713 (unsigned long)sz);
wolfSSL 7:481bce714567 11714 break;
wolfSSL 7:481bce714567 11715 #endif
wolfSSL 7:481bce714567 11716 #ifndef NO_SHA256
wolfSSL 7:481bce714567 11717 case SHA256:
wolfSSL 7:481bce714567 11718 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11719 (unsigned long)sz);
wolfSSL 7:481bce714567 11720 break;
wolfSSL 7:481bce714567 11721 #endif
wolfSSL 7:481bce714567 11722 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 11723 case SHA384:
wolfSSL 7:481bce714567 11724 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11725 (unsigned long)sz);
wolfSSL 7:481bce714567 11726 break;
wolfSSL 7:481bce714567 11727 #endif
wolfSSL 7:481bce714567 11728 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 11729 case SHA512:
wolfSSL 7:481bce714567 11730 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL 7:481bce714567 11731 (unsigned long)sz);
wolfSSL 7:481bce714567 11732 break;
wolfSSL 7:481bce714567 11733 #endif
wolfSSL 7:481bce714567 11734 default:
wolfSSL 7:481bce714567 11735 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11736 }
wolfSSL 7:481bce714567 11737
wolfSSL 7:481bce714567 11738 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11739 }
wolfSSL 7:481bce714567 11740
wolfSSL 7:481bce714567 11741
wolfSSL 7:481bce714567 11742 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11743 int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 7:481bce714567 11744 unsigned int* s)
wolfSSL 7:481bce714567 11745 {
wolfSSL 7:481bce714567 11746 WOLFSSL_ENTER("EVP_DigestFinal");
wolfSSL 7:481bce714567 11747 switch (ctx->macType) {
wolfSSL 7:481bce714567 11748 #ifndef NO_MD5
wolfSSL 7:481bce714567 11749 case MD5:
wolfSSL 7:481bce714567 11750 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11751 if (s) *s = MD5_DIGEST_SIZE;
wolfSSL 7:481bce714567 11752 break;
wolfSSL 7:481bce714567 11753 #endif
wolfSSL 7:481bce714567 11754 #ifndef NO_SHA
wolfSSL 7:481bce714567 11755 case SHA:
wolfSSL 7:481bce714567 11756 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11757 if (s) *s = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 11758 break;
wolfSSL 7:481bce714567 11759 #endif
wolfSSL 7:481bce714567 11760 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 11761 case SHA224:
wolfSSL 7:481bce714567 11762 wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11763 if (s) *s = SHA224_DIGEST_SIZE;
wolfSSL 7:481bce714567 11764 break;
wolfSSL 7:481bce714567 11765 #endif
wolfSSL 7:481bce714567 11766 #ifndef NO_SHA256
wolfSSL 7:481bce714567 11767 case SHA256:
wolfSSL 7:481bce714567 11768 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11769 if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 11770 break;
wolfSSL 7:481bce714567 11771 #endif
wolfSSL 7:481bce714567 11772 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 11773 case SHA384:
wolfSSL 7:481bce714567 11774 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11775 if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL 7:481bce714567 11776 break;
wolfSSL 7:481bce714567 11777 #endif
wolfSSL 7:481bce714567 11778 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 11779 case SHA512:
wolfSSL 7:481bce714567 11780 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL 7:481bce714567 11781 if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL 7:481bce714567 11782 break;
wolfSSL 7:481bce714567 11783 #endif
wolfSSL 7:481bce714567 11784 default:
wolfSSL 7:481bce714567 11785 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11786 }
wolfSSL 7:481bce714567 11787
wolfSSL 7:481bce714567 11788 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11789 }
wolfSSL 7:481bce714567 11790
wolfSSL 7:481bce714567 11791
wolfSSL 7:481bce714567 11792 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11793 int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 7:481bce714567 11794 unsigned int* s)
wolfSSL 7:481bce714567 11795 {
wolfSSL 7:481bce714567 11796 WOLFSSL_ENTER("EVP_DigestFinal_ex");
wolfSSL 7:481bce714567 11797 return EVP_DigestFinal(ctx, md, s);
wolfSSL 7:481bce714567 11798 }
wolfSSL 7:481bce714567 11799
wolfSSL 7:481bce714567 11800
wolfSSL 7:481bce714567 11801 unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
wolfSSL 7:481bce714567 11802 int key_len, const unsigned char* d, int n,
wolfSSL 7:481bce714567 11803 unsigned char* md, unsigned int* md_len)
wolfSSL 7:481bce714567 11804 {
wolfSSL 7:481bce714567 11805 int type;
wolfSSL 7:481bce714567 11806 unsigned char* ret = NULL;
wolfSSL 7:481bce714567 11807 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11808 Hmac* hmac = NULL;
wolfSSL 7:481bce714567 11809 #else
wolfSSL 7:481bce714567 11810 Hmac hmac[1];
wolfSSL 7:481bce714567 11811 #endif
wolfSSL 7:481bce714567 11812
wolfSSL 7:481bce714567 11813 WOLFSSL_ENTER("HMAC");
wolfSSL 7:481bce714567 11814 if (!md)
wolfSSL 7:481bce714567 11815 return NULL; /* no static buffer support */
wolfSSL 7:481bce714567 11816
wolfSSL 7:481bce714567 11817 if (XSTRNCMP(evp_md, "MD5", 3) == 0)
wolfSSL 7:481bce714567 11818 type = MD5;
wolfSSL 7:481bce714567 11819 else if (XSTRNCMP(evp_md, "SHA", 3) == 0)
wolfSSL 7:481bce714567 11820 type = SHA;
wolfSSL 7:481bce714567 11821 else
wolfSSL 7:481bce714567 11822 return NULL;
wolfSSL 7:481bce714567 11823
wolfSSL 7:481bce714567 11824 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11825 hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11826 if (hmac == NULL)
wolfSSL 7:481bce714567 11827 return NULL;
wolfSSL 7:481bce714567 11828 #endif
wolfSSL 7:481bce714567 11829
wolfSSL 7:481bce714567 11830 if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0)
wolfSSL 7:481bce714567 11831 if (wc_HmacUpdate(hmac, d, n) == 0)
wolfSSL 7:481bce714567 11832 if (wc_HmacFinal(hmac, md) == 0) {
wolfSSL 7:481bce714567 11833 if (md_len)
wolfSSL 7:481bce714567 11834 *md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
wolfSSL 7:481bce714567 11835 : (int)SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 11836 ret = md;
wolfSSL 7:481bce714567 11837 }
wolfSSL 7:481bce714567 11838
wolfSSL 7:481bce714567 11839 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11840 XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11841 #endif
wolfSSL 7:481bce714567 11842
wolfSSL 7:481bce714567 11843 return ret;
wolfSSL 7:481bce714567 11844 }
wolfSSL 7:481bce714567 11845
wolfSSL 7:481bce714567 11846 void wolfSSL_ERR_clear_error(void)
wolfSSL 7:481bce714567 11847 {
wolfSSL 7:481bce714567 11848 /* TODO: */
wolfSSL 7:481bce714567 11849 }
wolfSSL 7:481bce714567 11850
wolfSSL 7:481bce714567 11851
wolfSSL 7:481bce714567 11852 int wolfSSL_RAND_status(void)
wolfSSL 7:481bce714567 11853 {
wolfSSL 7:481bce714567 11854 return SSL_SUCCESS; /* wolfCrypt provides enough seed internally */
wolfSSL 7:481bce714567 11855 }
wolfSSL 7:481bce714567 11856
wolfSSL 7:481bce714567 11857
wolfSSL 7:481bce714567 11858
wolfSSL 7:481bce714567 11859 void wolfSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 7:481bce714567 11860 {
wolfSSL 7:481bce714567 11861 (void)add;
wolfSSL 7:481bce714567 11862 (void)len;
wolfSSL 7:481bce714567 11863 (void)entropy;
wolfSSL 7:481bce714567 11864
wolfSSL 7:481bce714567 11865 /* wolfSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 7:481bce714567 11866 to take control */
wolfSSL 7:481bce714567 11867 }
wolfSSL 7:481bce714567 11868
wolfSSL 7:481bce714567 11869
wolfSSL 7:481bce714567 11870 #ifndef NO_DES3
wolfSSL 7:481bce714567 11871 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 11872 int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
wolfSSL 7:481bce714567 11873 WOLFSSL_DES_key_schedule* schedule)
wolfSSL 7:481bce714567 11874 {
wolfSSL 7:481bce714567 11875 WOLFSSL_ENTER("DES_key_sched");
wolfSSL 7:481bce714567 11876 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL 7:481bce714567 11877 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11878 }
wolfSSL 7:481bce714567 11879
wolfSSL 7:481bce714567 11880
wolfSSL 7:481bce714567 11881 void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 7:481bce714567 11882 unsigned char* output, long length,
wolfSSL 7:481bce714567 11883 WOLFSSL_DES_key_schedule* schedule,
wolfSSL 7:481bce714567 11884 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 7:481bce714567 11885 {
wolfSSL 7:481bce714567 11886 Des myDes;
wolfSSL 7:481bce714567 11887
wolfSSL 7:481bce714567 11888 WOLFSSL_ENTER("DES_cbc_encrypt");
wolfSSL 7:481bce714567 11889
wolfSSL 7:481bce714567 11890 /* OpenSSL compat, no ret */
wolfSSL 7:481bce714567 11891 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 7:481bce714567 11892
wolfSSL 7:481bce714567 11893 if (enc)
wolfSSL 7:481bce714567 11894 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 7:481bce714567 11895 else
wolfSSL 7:481bce714567 11896 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 7:481bce714567 11897 }
wolfSSL 7:481bce714567 11898
wolfSSL 7:481bce714567 11899
wolfSSL 7:481bce714567 11900 /* WOLFSSL_DES_key_schedule is a unsigned char array of size 8 */
wolfSSL 7:481bce714567 11901 void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
wolfSSL 7:481bce714567 11902 unsigned char* output, long sz,
wolfSSL 7:481bce714567 11903 WOLFSSL_DES_key_schedule* ks1,
wolfSSL 7:481bce714567 11904 WOLFSSL_DES_key_schedule* ks2,
wolfSSL 7:481bce714567 11905 WOLFSSL_DES_key_schedule* ks3,
wolfSSL 7:481bce714567 11906 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 7:481bce714567 11907 {
wolfSSL 7:481bce714567 11908 Des3 des;
wolfSSL 7:481bce714567 11909 byte key[24];/* EDE uses 24 size key */
wolfSSL 7:481bce714567 11910
wolfSSL 7:481bce714567 11911 WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
wolfSSL 7:481bce714567 11912
wolfSSL 7:481bce714567 11913 XMEMSET(key, 0, sizeof(key));
wolfSSL 7:481bce714567 11914 XMEMCPY(key, *ks1, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11915 XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11916 XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 11917
wolfSSL 7:481bce714567 11918 if (enc) {
wolfSSL 7:481bce714567 11919 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
wolfSSL 7:481bce714567 11920 wc_Des3_CbcEncrypt(&des, output, input, (word32)sz);
wolfSSL 7:481bce714567 11921 }
wolfSSL 7:481bce714567 11922 else {
wolfSSL 7:481bce714567 11923 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION);
wolfSSL 7:481bce714567 11924 wc_Des3_CbcDecrypt(&des, output, input, (word32)sz);
wolfSSL 7:481bce714567 11925 }
wolfSSL 7:481bce714567 11926 }
wolfSSL 7:481bce714567 11927
wolfSSL 7:481bce714567 11928
wolfSSL 7:481bce714567 11929 /* correctly sets ivec for next call */
wolfSSL 7:481bce714567 11930 void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 7:481bce714567 11931 unsigned char* output, long length,
wolfSSL 7:481bce714567 11932 WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
wolfSSL 7:481bce714567 11933 int enc)
wolfSSL 7:481bce714567 11934 {
wolfSSL 7:481bce714567 11935 Des myDes;
wolfSSL 7:481bce714567 11936
wolfSSL 7:481bce714567 11937 WOLFSSL_ENTER("DES_ncbc_encrypt");
wolfSSL 7:481bce714567 11938
wolfSSL 7:481bce714567 11939 /* OpenSSL compat, no ret */
wolfSSL 7:481bce714567 11940 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 7:481bce714567 11941
wolfSSL 7:481bce714567 11942 if (enc)
wolfSSL 7:481bce714567 11943 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 7:481bce714567 11944 else
wolfSSL 7:481bce714567 11945 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 7:481bce714567 11946
wolfSSL 7:481bce714567 11947 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL 7:481bce714567 11948 }
wolfSSL 7:481bce714567 11949
wolfSSL 7:481bce714567 11950 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 11951
wolfSSL 7:481bce714567 11952
wolfSSL 7:481bce714567 11953 void wolfSSL_ERR_free_strings(void)
wolfSSL 7:481bce714567 11954 {
wolfSSL 7:481bce714567 11955 /* handled internally */
wolfSSL 7:481bce714567 11956 }
wolfSSL 7:481bce714567 11957
wolfSSL 7:481bce714567 11958
wolfSSL 7:481bce714567 11959 void wolfSSL_ERR_remove_state(unsigned long state)
wolfSSL 7:481bce714567 11960 {
wolfSSL 7:481bce714567 11961 /* TODO: GetErrors().Remove(); */
wolfSSL 7:481bce714567 11962 (void)state;
wolfSSL 7:481bce714567 11963 }
wolfSSL 7:481bce714567 11964
wolfSSL 7:481bce714567 11965
wolfSSL 7:481bce714567 11966 void wolfSSL_EVP_cleanup(void)
wolfSSL 7:481bce714567 11967 {
wolfSSL 7:481bce714567 11968 /* nothing to do here */
wolfSSL 7:481bce714567 11969 }
wolfSSL 7:481bce714567 11970
wolfSSL 7:481bce714567 11971
wolfSSL 7:481bce714567 11972 void wolfSSL_cleanup_all_ex_data(void)
wolfSSL 7:481bce714567 11973 {
wolfSSL 7:481bce714567 11974 /* nothing to do here */
wolfSSL 7:481bce714567 11975 }
wolfSSL 7:481bce714567 11976
wolfSSL 7:481bce714567 11977
wolfSSL 7:481bce714567 11978 int wolfSSL_clear(WOLFSSL* ssl)
wolfSSL 7:481bce714567 11979 {
wolfSSL 7:481bce714567 11980 (void)ssl;
wolfSSL 7:481bce714567 11981 /* TODO: GetErrors().Remove(); */
wolfSSL 7:481bce714567 11982 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11983 }
wolfSSL 7:481bce714567 11984
wolfSSL 7:481bce714567 11985
wolfSSL 7:481bce714567 11986 long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
wolfSSL 7:481bce714567 11987 {
wolfSSL 7:481bce714567 11988 word32 tmptime;
wolfSSL 7:481bce714567 11989 if (!ses || t < 0)
wolfSSL 7:481bce714567 11990 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11991
wolfSSL 7:481bce714567 11992 tmptime = t & 0xFFFFFFFF;
wolfSSL 7:481bce714567 11993
wolfSSL 7:481bce714567 11994 ses->timeout = tmptime;
wolfSSL 7:481bce714567 11995
wolfSSL 7:481bce714567 11996 return SSL_SUCCESS;
wolfSSL 7:481bce714567 11997 }
wolfSSL 7:481bce714567 11998
wolfSSL 7:481bce714567 11999
wolfSSL 7:481bce714567 12000 long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 7:481bce714567 12001 {
wolfSSL 7:481bce714567 12002 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */
wolfSSL 7:481bce714567 12003
wolfSSL 7:481bce714567 12004 WOLFSSL_ENTER("SSL_CTX_set_mode");
wolfSSL 7:481bce714567 12005 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL 7:481bce714567 12006 ctx->partialWrite = 1;
wolfSSL 7:481bce714567 12007
wolfSSL 7:481bce714567 12008 return mode;
wolfSSL 7:481bce714567 12009 }
wolfSSL 7:481bce714567 12010
wolfSSL 7:481bce714567 12011
wolfSSL 7:481bce714567 12012 long wolfSSL_SSL_get_mode(WOLFSSL* ssl)
wolfSSL 7:481bce714567 12013 {
wolfSSL 7:481bce714567 12014 /* TODO: */
wolfSSL 7:481bce714567 12015 (void)ssl;
wolfSSL 7:481bce714567 12016 return 0;
wolfSSL 7:481bce714567 12017 }
wolfSSL 7:481bce714567 12018
wolfSSL 7:481bce714567 12019
wolfSSL 7:481bce714567 12020 long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 12021 {
wolfSSL 7:481bce714567 12022 /* TODO: */
wolfSSL 7:481bce714567 12023 (void)ctx;
wolfSSL 7:481bce714567 12024 return 0;
wolfSSL 7:481bce714567 12025 }
wolfSSL 7:481bce714567 12026
wolfSSL 7:481bce714567 12027
wolfSSL 7:481bce714567 12028 void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m)
wolfSSL 7:481bce714567 12029 {
wolfSSL 7:481bce714567 12030 /* TODO: maybe? */
wolfSSL 7:481bce714567 12031 (void)ctx;
wolfSSL 7:481bce714567 12032 (void)m;
wolfSSL 7:481bce714567 12033 }
wolfSSL 7:481bce714567 12034
wolfSSL 7:481bce714567 12035
wolfSSL 7:481bce714567 12036 int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 12037 const unsigned char* sid_ctx,
wolfSSL 7:481bce714567 12038 unsigned int sid_ctx_len)
wolfSSL 7:481bce714567 12039 {
wolfSSL 7:481bce714567 12040 /* No application specific context needed for wolfSSL */
wolfSSL 7:481bce714567 12041 (void)ctx;
wolfSSL 7:481bce714567 12042 (void)sid_ctx;
wolfSSL 7:481bce714567 12043 (void)sid_ctx_len;
wolfSSL 7:481bce714567 12044 return SSL_SUCCESS;
wolfSSL 7:481bce714567 12045 }
wolfSSL 7:481bce714567 12046
wolfSSL 7:481bce714567 12047
wolfSSL 7:481bce714567 12048 long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 12049 {
wolfSSL 7:481bce714567 12050 (void)ctx;
wolfSSL 7:481bce714567 12051 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 12052 return SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 7:481bce714567 12053 #else
wolfSSL 7:481bce714567 12054 return 0;
wolfSSL 7:481bce714567 12055 #endif
wolfSSL 7:481bce714567 12056 }
wolfSSL 7:481bce714567 12057
wolfSSL 7:481bce714567 12058 unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 7:481bce714567 12059 const char** data, int *flags)
wolfSSL 7:481bce714567 12060 {
wolfSSL 7:481bce714567 12061 /* Not implemented */
wolfSSL 7:481bce714567 12062 (void)file;
wolfSSL 7:481bce714567 12063 (void)line;
wolfSSL 7:481bce714567 12064 (void)data;
wolfSSL 7:481bce714567 12065 (void)flags;
wolfSSL 7:481bce714567 12066 return 0;
wolfSSL 7:481bce714567 12067 }
wolfSSL 7:481bce714567 12068
wolfSSL 7:481bce714567 12069 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(
wolfSSL 7:481bce714567 12070 WOLFSSL_CTX *ctx)
wolfSSL 7:481bce714567 12071 {
wolfSSL 7:481bce714567 12072 if (ctx == NULL || ctx->passwd_cb == NULL) {
wolfSSL 7:481bce714567 12073 return NULL;
wolfSSL 7:481bce714567 12074 }
wolfSSL 7:481bce714567 12075
wolfSSL 7:481bce714567 12076 return ctx->passwd_cb;
wolfSSL 7:481bce714567 12077 }
wolfSSL 7:481bce714567 12078
wolfSSL 7:481bce714567 12079
wolfSSL 7:481bce714567 12080 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(
wolfSSL 7:481bce714567 12081 WOLFSSL_CTX *ctx)
wolfSSL 7:481bce714567 12082 {
wolfSSL 7:481bce714567 12083 if (ctx == NULL) {
wolfSSL 7:481bce714567 12084 return NULL;
wolfSSL 7:481bce714567 12085 }
wolfSSL 7:481bce714567 12086
wolfSSL 7:481bce714567 12087 return ctx->userdata;
wolfSSL 7:481bce714567 12088 }
wolfSSL 7:481bce714567 12089
wolfSSL 7:481bce714567 12090 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 12091
wolfSSL 7:481bce714567 12092
wolfSSL 7:481bce714567 12093 #if defined(KEEP_PEER_CERT)
wolfSSL 7:481bce714567 12094
wolfSSL 7:481bce714567 12095 WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl)
wolfSSL 7:481bce714567 12096 {
wolfSSL 7:481bce714567 12097 WOLFSSL_ENTER("SSL_get_peer_certificate");
wolfSSL 7:481bce714567 12098 if (ssl->peerCert.issuer.sz)
wolfSSL 7:481bce714567 12099 return &ssl->peerCert;
wolfSSL 7:481bce714567 12100 else
wolfSSL 7:481bce714567 12101 return 0;
wolfSSL 7:481bce714567 12102 }
wolfSSL 7:481bce714567 12103
wolfSSL 7:481bce714567 12104 #endif /* KEEP_PEER_CERT */
wolfSSL 7:481bce714567 12105
wolfSSL 7:481bce714567 12106
wolfSSL 7:481bce714567 12107 #ifndef NO_CERTS
wolfSSL 7:481bce714567 12108 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 12109
wolfSSL 7:481bce714567 12110 /* user externally called free X509, if dynamic go ahead with free, otherwise
wolfSSL 7:481bce714567 12111 * don't */
wolfSSL 7:481bce714567 12112 static void ExternalFreeX509(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12113 {
wolfSSL 7:481bce714567 12114 WOLFSSL_ENTER("ExternalFreeX509");
wolfSSL 7:481bce714567 12115 if (x509) {
wolfSSL 7:481bce714567 12116 if (x509->dynamicMemory) {
wolfSSL 7:481bce714567 12117 FreeX509(x509);
wolfSSL 7:481bce714567 12118 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12119 } else {
wolfSSL 7:481bce714567 12120 WOLFSSL_MSG("free called on non dynamic object, not freeing");
wolfSSL 7:481bce714567 12121 }
wolfSSL 7:481bce714567 12122 }
wolfSSL 7:481bce714567 12123 }
wolfSSL 7:481bce714567 12124
wolfSSL 7:481bce714567 12125 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSSL_EXTRA */
wolfSSL 7:481bce714567 12126
wolfSSL 7:481bce714567 12127 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 7:481bce714567 12128
wolfSSL 7:481bce714567 12129 void wolfSSL_FreeX509(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12130 {
wolfSSL 7:481bce714567 12131 WOLFSSL_ENTER("wolfSSL_FreeX509");
wolfSSL 7:481bce714567 12132 ExternalFreeX509(x509);
wolfSSL 7:481bce714567 12133 }
wolfSSL 7:481bce714567 12134
wolfSSL 7:481bce714567 12135 /* return the next, if any, altname from the peer cert */
wolfSSL 7:481bce714567 12136 char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
wolfSSL 7:481bce714567 12137 {
wolfSSL 7:481bce714567 12138 char* ret = NULL;
wolfSSL 7:481bce714567 12139 WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
wolfSSL 7:481bce714567 12140
wolfSSL 7:481bce714567 12141 /* don't have any to work with */
wolfSSL 7:481bce714567 12142 if (cert == NULL || cert->altNames == NULL)
wolfSSL 7:481bce714567 12143 return NULL;
wolfSSL 7:481bce714567 12144
wolfSSL 7:481bce714567 12145 /* already went through them */
wolfSSL 7:481bce714567 12146 if (cert->altNamesNext == NULL)
wolfSSL 7:481bce714567 12147 return NULL;
wolfSSL 7:481bce714567 12148
wolfSSL 7:481bce714567 12149 ret = cert->altNamesNext->name;
wolfSSL 7:481bce714567 12150 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 7:481bce714567 12151
wolfSSL 7:481bce714567 12152 return ret;
wolfSSL 7:481bce714567 12153 }
wolfSSL 7:481bce714567 12154
wolfSSL 7:481bce714567 12155
wolfSSL 7:481bce714567 12156 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
wolfSSL 7:481bce714567 12157 {
wolfSSL 7:481bce714567 12158 WOLFSSL_ENTER("X509_get_issuer_name");
wolfSSL 7:481bce714567 12159 if(cert)
wolfSSL 7:481bce714567 12160 return &cert->issuer;
wolfSSL 7:481bce714567 12161 return NULL;
wolfSSL 7:481bce714567 12162 }
wolfSSL 7:481bce714567 12163
wolfSSL 7:481bce714567 12164
wolfSSL 7:481bce714567 12165 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
wolfSSL 7:481bce714567 12166 {
wolfSSL 7:481bce714567 12167 WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
wolfSSL 7:481bce714567 12168 if(cert)
wolfSSL 7:481bce714567 12169 return &cert->subject;
wolfSSL 7:481bce714567 12170 return NULL;
wolfSSL 7:481bce714567 12171 }
wolfSSL 7:481bce714567 12172
wolfSSL 7:481bce714567 12173
wolfSSL 7:481bce714567 12174 int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12175 {
wolfSSL 7:481bce714567 12176 int isCA = 0;
wolfSSL 7:481bce714567 12177
wolfSSL 7:481bce714567 12178 WOLFSSL_ENTER("wolfSSL_X509_get_isCA");
wolfSSL 7:481bce714567 12179
wolfSSL 7:481bce714567 12180 if (x509 != NULL)
wolfSSL 7:481bce714567 12181 isCA = x509->isCa;
wolfSSL 7:481bce714567 12182
wolfSSL 7:481bce714567 12183 WOLFSSL_LEAVE("wolfSSL_X509_get_isCA", isCA);
wolfSSL 7:481bce714567 12184
wolfSSL 7:481bce714567 12185 return isCA;
wolfSSL 7:481bce714567 12186 }
wolfSSL 7:481bce714567 12187
wolfSSL 7:481bce714567 12188
wolfSSL 7:481bce714567 12189 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 12190 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 7:481bce714567 12191 {
wolfSSL 7:481bce714567 12192 int isSet = 0;
wolfSSL 7:481bce714567 12193
wolfSSL 7:481bce714567 12194 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");
wolfSSL 7:481bce714567 12195
wolfSSL 7:481bce714567 12196 if (x509 != NULL) {
wolfSSL 7:481bce714567 12197 switch (nid) {
wolfSSL 7:481bce714567 12198 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 7:481bce714567 12199 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 7:481bce714567 12200 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 7:481bce714567 12201 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 7:481bce714567 12202 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 7:481bce714567 12203 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 12204 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 7:481bce714567 12205 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 12206 }
wolfSSL 7:481bce714567 12207 }
wolfSSL 7:481bce714567 12208
wolfSSL 7:481bce714567 12209 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 7:481bce714567 12210
wolfSSL 7:481bce714567 12211 return isSet;
wolfSSL 7:481bce714567 12212 }
wolfSSL 7:481bce714567 12213
wolfSSL 7:481bce714567 12214
wolfSSL 7:481bce714567 12215 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 7:481bce714567 12216 {
wolfSSL 7:481bce714567 12217 int crit = 0;
wolfSSL 7:481bce714567 12218
wolfSSL 7:481bce714567 12219 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");
wolfSSL 7:481bce714567 12220
wolfSSL 7:481bce714567 12221 if (x509 != NULL) {
wolfSSL 7:481bce714567 12222 switch (nid) {
wolfSSL 7:481bce714567 12223 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 7:481bce714567 12224 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 7:481bce714567 12225 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 7:481bce714567 12226 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 7:481bce714567 12227 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 7:481bce714567 12228 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 12229 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 7:481bce714567 12230 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 12231 }
wolfSSL 7:481bce714567 12232 }
wolfSSL 7:481bce714567 12233
wolfSSL 7:481bce714567 12234 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 7:481bce714567 12235
wolfSSL 7:481bce714567 12236 return crit;
wolfSSL 7:481bce714567 12237 }
wolfSSL 7:481bce714567 12238
wolfSSL 7:481bce714567 12239
wolfSSL 7:481bce714567 12240 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12241 {
wolfSSL 7:481bce714567 12242 int isSet = 0;
wolfSSL 7:481bce714567 12243
wolfSSL 7:481bce714567 12244 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");
wolfSSL 7:481bce714567 12245
wolfSSL 7:481bce714567 12246 if (x509 != NULL)
wolfSSL 7:481bce714567 12247 isSet = x509->basicConstPlSet;
wolfSSL 7:481bce714567 12248
wolfSSL 7:481bce714567 12249 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 7:481bce714567 12250
wolfSSL 7:481bce714567 12251 return isSet;
wolfSSL 7:481bce714567 12252 }
wolfSSL 7:481bce714567 12253
wolfSSL 7:481bce714567 12254
wolfSSL 7:481bce714567 12255 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12256 {
wolfSSL 7:481bce714567 12257 word32 pathLength = 0;
wolfSSL 7:481bce714567 12258
wolfSSL 7:481bce714567 12259 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");
wolfSSL 7:481bce714567 12260
wolfSSL 7:481bce714567 12261 if (x509 != NULL)
wolfSSL 7:481bce714567 12262 pathLength = x509->pathLength;
wolfSSL 7:481bce714567 12263
wolfSSL 7:481bce714567 12264 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);
wolfSSL 7:481bce714567 12265
wolfSSL 7:481bce714567 12266 return pathLength;
wolfSSL 7:481bce714567 12267 }
wolfSSL 7:481bce714567 12268
wolfSSL 7:481bce714567 12269
wolfSSL 7:481bce714567 12270 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12271 {
wolfSSL 7:481bce714567 12272 word16 usage = 0;
wolfSSL 7:481bce714567 12273
wolfSSL 7:481bce714567 12274 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");
wolfSSL 7:481bce714567 12275
wolfSSL 7:481bce714567 12276 if (x509 != NULL)
wolfSSL 7:481bce714567 12277 usage = x509->keyUsage;
wolfSSL 7:481bce714567 12278
wolfSSL 7:481bce714567 12279 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);
wolfSSL 7:481bce714567 12280
wolfSSL 7:481bce714567 12281 return usage;
wolfSSL 7:481bce714567 12282 }
wolfSSL 7:481bce714567 12283
wolfSSL 7:481bce714567 12284
wolfSSL 7:481bce714567 12285 byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,
wolfSSL 7:481bce714567 12286 byte* dst, int* dstLen)
wolfSSL 7:481bce714567 12287 {
wolfSSL 7:481bce714567 12288 byte *id = NULL;
wolfSSL 7:481bce714567 12289 int copySz = 0;
wolfSSL 7:481bce714567 12290
wolfSSL 7:481bce714567 12291 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");
wolfSSL 7:481bce714567 12292
wolfSSL 7:481bce714567 12293 if (x509 != NULL) {
wolfSSL 7:481bce714567 12294 if (x509->authKeyIdSet) {
wolfSSL 7:481bce714567 12295 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 7:481bce714567 12296 (int)x509->authKeyIdSz);
wolfSSL 7:481bce714567 12297 id = x509->authKeyId;
wolfSSL 7:481bce714567 12298 }
wolfSSL 7:481bce714567 12299
wolfSSL 7:481bce714567 12300 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 7:481bce714567 12301 XMEMCPY(dst, id, copySz);
wolfSSL 7:481bce714567 12302 id = dst;
wolfSSL 7:481bce714567 12303 *dstLen = copySz;
wolfSSL 7:481bce714567 12304 }
wolfSSL 7:481bce714567 12305 }
wolfSSL 7:481bce714567 12306
wolfSSL 7:481bce714567 12307 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);
wolfSSL 7:481bce714567 12308
wolfSSL 7:481bce714567 12309 return id;
wolfSSL 7:481bce714567 12310 }
wolfSSL 7:481bce714567 12311
wolfSSL 7:481bce714567 12312
wolfSSL 7:481bce714567 12313 byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,
wolfSSL 7:481bce714567 12314 byte* dst, int* dstLen)
wolfSSL 7:481bce714567 12315 {
wolfSSL 7:481bce714567 12316 byte *id = NULL;
wolfSSL 7:481bce714567 12317 int copySz = 0;
wolfSSL 7:481bce714567 12318
wolfSSL 7:481bce714567 12319 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");
wolfSSL 7:481bce714567 12320
wolfSSL 7:481bce714567 12321 if (x509 != NULL) {
wolfSSL 7:481bce714567 12322 if (x509->subjKeyIdSet) {
wolfSSL 7:481bce714567 12323 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 7:481bce714567 12324 (int)x509->subjKeyIdSz);
wolfSSL 7:481bce714567 12325 id = x509->subjKeyId;
wolfSSL 7:481bce714567 12326 }
wolfSSL 7:481bce714567 12327
wolfSSL 7:481bce714567 12328 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 7:481bce714567 12329 XMEMCPY(dst, id, copySz);
wolfSSL 7:481bce714567 12330 id = dst;
wolfSSL 7:481bce714567 12331 *dstLen = copySz;
wolfSSL 7:481bce714567 12332 }
wolfSSL 7:481bce714567 12333 }
wolfSSL 7:481bce714567 12334
wolfSSL 7:481bce714567 12335 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);
wolfSSL 7:481bce714567 12336
wolfSSL 7:481bce714567 12337 return id;
wolfSSL 7:481bce714567 12338 }
wolfSSL 7:481bce714567 12339
wolfSSL 7:481bce714567 12340
wolfSSL 7:481bce714567 12341 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
wolfSSL 7:481bce714567 12342 {
wolfSSL 7:481bce714567 12343 int count = 0;
wolfSSL 7:481bce714567 12344
wolfSSL 7:481bce714567 12345 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");
wolfSSL 7:481bce714567 12346
wolfSSL 7:481bce714567 12347 if (name != NULL)
wolfSSL 7:481bce714567 12348 count = name->fullName.entryCount;
wolfSSL 7:481bce714567 12349
wolfSSL 7:481bce714567 12350 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
wolfSSL 7:481bce714567 12351 return count;
wolfSSL 7:481bce714567 12352 }
wolfSSL 7:481bce714567 12353
wolfSSL 7:481bce714567 12354
wolfSSL 7:481bce714567 12355 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 7:481bce714567 12356 int nid, char* buf, int len)
wolfSSL 7:481bce714567 12357 {
wolfSSL 7:481bce714567 12358 char *text = NULL;
wolfSSL 7:481bce714567 12359 int textSz = 0;
wolfSSL 7:481bce714567 12360
wolfSSL 7:481bce714567 12361 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");
wolfSSL 7:481bce714567 12362
wolfSSL 7:481bce714567 12363 switch (nid) {
wolfSSL 7:481bce714567 12364 case ASN_COMMON_NAME:
wolfSSL 7:481bce714567 12365 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 7:481bce714567 12366 textSz = name->fullName.cnLen;
wolfSSL 7:481bce714567 12367 break;
wolfSSL 7:481bce714567 12368 case ASN_SUR_NAME:
wolfSSL 7:481bce714567 12369 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 7:481bce714567 12370 textSz = name->fullName.snLen;
wolfSSL 7:481bce714567 12371 break;
wolfSSL 7:481bce714567 12372 case ASN_SERIAL_NUMBER:
wolfSSL 7:481bce714567 12373 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 7:481bce714567 12374 textSz = name->fullName.serialLen;
wolfSSL 7:481bce714567 12375 break;
wolfSSL 7:481bce714567 12376 case ASN_COUNTRY_NAME:
wolfSSL 7:481bce714567 12377 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 7:481bce714567 12378 textSz = name->fullName.cLen;
wolfSSL 7:481bce714567 12379 break;
wolfSSL 7:481bce714567 12380 case ASN_LOCALITY_NAME:
wolfSSL 7:481bce714567 12381 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 7:481bce714567 12382 textSz = name->fullName.lLen;
wolfSSL 7:481bce714567 12383 break;
wolfSSL 7:481bce714567 12384 case ASN_STATE_NAME:
wolfSSL 7:481bce714567 12385 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 7:481bce714567 12386 textSz = name->fullName.stLen;
wolfSSL 7:481bce714567 12387 break;
wolfSSL 7:481bce714567 12388 case ASN_ORG_NAME:
wolfSSL 7:481bce714567 12389 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 7:481bce714567 12390 textSz = name->fullName.oLen;
wolfSSL 7:481bce714567 12391 break;
wolfSSL 7:481bce714567 12392 case ASN_ORGUNIT_NAME:
wolfSSL 7:481bce714567 12393 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 7:481bce714567 12394 textSz = name->fullName.ouLen;
wolfSSL 7:481bce714567 12395 break;
wolfSSL 7:481bce714567 12396 default:
wolfSSL 7:481bce714567 12397 break;
wolfSSL 7:481bce714567 12398 }
wolfSSL 7:481bce714567 12399
wolfSSL 7:481bce714567 12400 if (buf != NULL && text != NULL) {
wolfSSL 7:481bce714567 12401 textSz = min(textSz, len);
wolfSSL 7:481bce714567 12402 XMEMCPY(buf, text, textSz);
wolfSSL 7:481bce714567 12403 buf[textSz] = '\0';
wolfSSL 7:481bce714567 12404 }
wolfSSL 7:481bce714567 12405
wolfSSL 7:481bce714567 12406 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 7:481bce714567 12407 return textSz;
wolfSSL 7:481bce714567 12408 }
wolfSSL 7:481bce714567 12409
wolfSSL 7:481bce714567 12410 int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 7:481bce714567 12411 int nid, int pos)
wolfSSL 7:481bce714567 12412 {
wolfSSL 7:481bce714567 12413 int ret = -1;
wolfSSL 7:481bce714567 12414
wolfSSL 7:481bce714567 12415 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");
wolfSSL 7:481bce714567 12416
wolfSSL 7:481bce714567 12417 if (name == NULL) {
wolfSSL 7:481bce714567 12418 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 12419 }
wolfSSL 7:481bce714567 12420
wolfSSL 7:481bce714567 12421 /* these index values are already stored in DecodedName
wolfSSL 7:481bce714567 12422 use those when available */
wolfSSL 7:481bce714567 12423 if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
wolfSSL 7:481bce714567 12424 switch (nid) {
wolfSSL 7:481bce714567 12425 case ASN_COMMON_NAME:
wolfSSL 7:481bce714567 12426 ret = name->fullName.cnIdx;
wolfSSL 7:481bce714567 12427 break;
wolfSSL 7:481bce714567 12428 default:
wolfSSL 7:481bce714567 12429 WOLFSSL_MSG("NID not yet implemented");
wolfSSL 7:481bce714567 12430 break;
wolfSSL 7:481bce714567 12431 }
wolfSSL 7:481bce714567 12432 }
wolfSSL 7:481bce714567 12433
wolfSSL 7:481bce714567 12434 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret);
wolfSSL 7:481bce714567 12435
wolfSSL 7:481bce714567 12436 (void)pos;
wolfSSL 7:481bce714567 12437 (void)nid;
wolfSSL 7:481bce714567 12438
wolfSSL 7:481bce714567 12439 return ret;
wolfSSL 7:481bce714567 12440 }
wolfSSL 7:481bce714567 12441
wolfSSL 7:481bce714567 12442
wolfSSL 7:481bce714567 12443 WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
wolfSSL 7:481bce714567 12444 WOLFSSL_X509_NAME_ENTRY* in)
wolfSSL 7:481bce714567 12445 {
wolfSSL 7:481bce714567 12446 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
wolfSSL 7:481bce714567 12447 return in->value;
wolfSSL 7:481bce714567 12448 }
wolfSSL 7:481bce714567 12449
wolfSSL 7:481bce714567 12450
wolfSSL 7:481bce714567 12451 char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
wolfSSL 7:481bce714567 12452 {
wolfSSL 7:481bce714567 12453 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
wolfSSL 7:481bce714567 12454
wolfSSL 7:481bce714567 12455 if (asn) {
wolfSSL 7:481bce714567 12456 return asn->data;
wolfSSL 7:481bce714567 12457 }
wolfSSL 7:481bce714567 12458 else {
wolfSSL 7:481bce714567 12459 return NULL;
wolfSSL 7:481bce714567 12460 }
wolfSSL 7:481bce714567 12461 }
wolfSSL 7:481bce714567 12462
wolfSSL 7:481bce714567 12463
wolfSSL 7:481bce714567 12464 int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
wolfSSL 7:481bce714567 12465 {
wolfSSL 7:481bce714567 12466 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
wolfSSL 7:481bce714567 12467
wolfSSL 7:481bce714567 12468 if (asn) {
wolfSSL 7:481bce714567 12469 return asn->length;
wolfSSL 7:481bce714567 12470 }
wolfSSL 7:481bce714567 12471 else {
wolfSSL 7:481bce714567 12472 return 0;
wolfSSL 7:481bce714567 12473 }
wolfSSL 7:481bce714567 12474 }
wolfSSL 7:481bce714567 12475 #endif
wolfSSL 7:481bce714567 12476
wolfSSL 7:481bce714567 12477
wolfSSL 7:481bce714567 12478 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 7:481bce714567 12479 malloc buffer, call responsible for freeing */
wolfSSL 7:481bce714567 12480 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
wolfSSL 7:481bce714567 12481 {
wolfSSL 7:481bce714567 12482 int copySz = min(sz, name->sz);
wolfSSL 7:481bce714567 12483
wolfSSL 7:481bce714567 12484 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
wolfSSL 7:481bce714567 12485 if (!name->sz) return in;
wolfSSL 7:481bce714567 12486
wolfSSL 7:481bce714567 12487 if (!in) {
wolfSSL 7:481bce714567 12488 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 12489 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 7:481bce714567 12490 return NULL;
wolfSSL 7:481bce714567 12491 #else
wolfSSL 7:481bce714567 12492 in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 12493 if (!in ) return in;
wolfSSL 7:481bce714567 12494 copySz = name->sz;
wolfSSL 7:481bce714567 12495 #endif
wolfSSL 7:481bce714567 12496 }
wolfSSL 7:481bce714567 12497
wolfSSL 7:481bce714567 12498 if (copySz == 0)
wolfSSL 7:481bce714567 12499 return in;
wolfSSL 7:481bce714567 12500
wolfSSL 7:481bce714567 12501 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 7:481bce714567 12502 in[copySz - 1] = 0;
wolfSSL 7:481bce714567 12503
wolfSSL 7:481bce714567 12504 return in;
wolfSSL 7:481bce714567 12505 }
wolfSSL 7:481bce714567 12506
wolfSSL 7:481bce714567 12507
wolfSSL 7:481bce714567 12508 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12509 {
wolfSSL 7:481bce714567 12510 int type = 0;
wolfSSL 7:481bce714567 12511
wolfSSL 7:481bce714567 12512 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");
wolfSSL 7:481bce714567 12513
wolfSSL 7:481bce714567 12514 if (x509 != NULL)
wolfSSL 7:481bce714567 12515 type = x509->sigOID;
wolfSSL 7:481bce714567 12516
wolfSSL 7:481bce714567 12517 return type;
wolfSSL 7:481bce714567 12518 }
wolfSSL 7:481bce714567 12519
wolfSSL 7:481bce714567 12520
wolfSSL 7:481bce714567 12521 int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
wolfSSL 7:481bce714567 12522 unsigned char* buf, int* bufSz)
wolfSSL 7:481bce714567 12523 {
wolfSSL 7:481bce714567 12524 WOLFSSL_ENTER("wolfSSL_X509_get_signature");
wolfSSL 7:481bce714567 12525 if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
wolfSSL 7:481bce714567 12526 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 12527
wolfSSL 7:481bce714567 12528 if (buf != NULL)
wolfSSL 7:481bce714567 12529 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 7:481bce714567 12530 *bufSz = x509->sig.length;
wolfSSL 7:481bce714567 12531
wolfSSL 7:481bce714567 12532 return SSL_SUCCESS;
wolfSSL 7:481bce714567 12533 }
wolfSSL 7:481bce714567 12534
wolfSSL 7:481bce714567 12535
wolfSSL 7:481bce714567 12536 /* write X509 serial number in unsigned binary to buffer
wolfSSL 7:481bce714567 12537 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 7:481bce714567 12538 return SSL_SUCCESS on success */
wolfSSL 7:481bce714567 12539 int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
wolfSSL 7:481bce714567 12540 byte* in, int* inOutSz)
wolfSSL 7:481bce714567 12541 {
wolfSSL 7:481bce714567 12542 WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
wolfSSL 7:481bce714567 12543 if (x509 == NULL || in == NULL ||
wolfSSL 7:481bce714567 12544 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 7:481bce714567 12545 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 12546
wolfSSL 7:481bce714567 12547 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 7:481bce714567 12548 *inOutSz = x509->serialSz;
wolfSSL 7:481bce714567 12549
wolfSSL 7:481bce714567 12550 return SSL_SUCCESS;
wolfSSL 7:481bce714567 12551 }
wolfSSL 7:481bce714567 12552
wolfSSL 7:481bce714567 12553
wolfSSL 7:481bce714567 12554 const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
wolfSSL 7:481bce714567 12555 {
wolfSSL 7:481bce714567 12556 WOLFSSL_ENTER("wolfSSL_X509_get_der");
wolfSSL 7:481bce714567 12557
wolfSSL 7:481bce714567 12558 if (x509 == NULL || outSz == NULL)
wolfSSL 7:481bce714567 12559 return NULL;
wolfSSL 7:481bce714567 12560
wolfSSL 7:481bce714567 12561 *outSz = (int)x509->derCert->length;
wolfSSL 7:481bce714567 12562 return x509->derCert->buffer;
wolfSSL 7:481bce714567 12563 }
wolfSSL 7:481bce714567 12564
wolfSSL 7:481bce714567 12565
wolfSSL 7:481bce714567 12566 int wolfSSL_X509_version(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12567 {
wolfSSL 7:481bce714567 12568 WOLFSSL_ENTER("wolfSSL_X509_version");
wolfSSL 7:481bce714567 12569
wolfSSL 7:481bce714567 12570 if (x509 == NULL)
wolfSSL 7:481bce714567 12571 return 0;
wolfSSL 7:481bce714567 12572
wolfSSL 7:481bce714567 12573 return x509->version;
wolfSSL 7:481bce714567 12574 }
wolfSSL 7:481bce714567 12575
wolfSSL 7:481bce714567 12576
wolfSSL 7:481bce714567 12577 const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12578 {
wolfSSL 7:481bce714567 12579 WOLFSSL_ENTER("wolfSSL_X509_notBefore");
wolfSSL 7:481bce714567 12580
wolfSSL 7:481bce714567 12581 if (x509 == NULL)
wolfSSL 7:481bce714567 12582 return NULL;
wolfSSL 7:481bce714567 12583
wolfSSL 7:481bce714567 12584 return x509->notBefore;
wolfSSL 7:481bce714567 12585 }
wolfSSL 7:481bce714567 12586
wolfSSL 7:481bce714567 12587
wolfSSL 7:481bce714567 12588 const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12589 {
wolfSSL 7:481bce714567 12590 WOLFSSL_ENTER("wolfSSL_X509_notAfter");
wolfSSL 7:481bce714567 12591
wolfSSL 7:481bce714567 12592 if (x509 == NULL)
wolfSSL 7:481bce714567 12593 return NULL;
wolfSSL 7:481bce714567 12594
wolfSSL 7:481bce714567 12595 return x509->notAfter;
wolfSSL 7:481bce714567 12596 }
wolfSSL 7:481bce714567 12597
wolfSSL 7:481bce714567 12598
wolfSSL 7:481bce714567 12599 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 12600
wolfSSL 7:481bce714567 12601 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 7:481bce714567 12602 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 7:481bce714567 12603 *inOutSz. Requires inOutSz be non-null */
wolfSSL 7:481bce714567 12604 byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 7:481bce714567 12605 {
wolfSSL 7:481bce714567 12606 int copySz;
wolfSSL 7:481bce714567 12607
wolfSSL 7:481bce714567 12608 WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
wolfSSL 7:481bce714567 12609 if (inOutSz == NULL) return NULL;
wolfSSL 7:481bce714567 12610 if (!x509->deviceTypeSz) return in;
wolfSSL 7:481bce714567 12611
wolfSSL 7:481bce714567 12612 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 7:481bce714567 12613
wolfSSL 7:481bce714567 12614 if (!in) {
wolfSSL 7:481bce714567 12615 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 12616 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 7:481bce714567 12617 return NULL;
wolfSSL 7:481bce714567 12618 #else
wolfSSL 7:481bce714567 12619 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 12620 if (!in) return in;
wolfSSL 7:481bce714567 12621 copySz = x509->deviceTypeSz;
wolfSSL 7:481bce714567 12622 #endif
wolfSSL 7:481bce714567 12623 }
wolfSSL 7:481bce714567 12624
wolfSSL 7:481bce714567 12625 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 7:481bce714567 12626 *inOutSz = copySz;
wolfSSL 7:481bce714567 12627
wolfSSL 7:481bce714567 12628 return in;
wolfSSL 7:481bce714567 12629 }
wolfSSL 7:481bce714567 12630
wolfSSL 7:481bce714567 12631
wolfSSL 7:481bce714567 12632 byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 7:481bce714567 12633 {
wolfSSL 7:481bce714567 12634 int copySz;
wolfSSL 7:481bce714567 12635
wolfSSL 7:481bce714567 12636 WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
wolfSSL 7:481bce714567 12637 if (inOutSz == NULL) return NULL;
wolfSSL 7:481bce714567 12638 if (!x509->hwTypeSz) return in;
wolfSSL 7:481bce714567 12639
wolfSSL 7:481bce714567 12640 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 7:481bce714567 12641
wolfSSL 7:481bce714567 12642 if (!in) {
wolfSSL 7:481bce714567 12643 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 12644 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 7:481bce714567 12645 return NULL;
wolfSSL 7:481bce714567 12646 #else
wolfSSL 7:481bce714567 12647 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 12648 if (!in) return in;
wolfSSL 7:481bce714567 12649 copySz = x509->hwTypeSz;
wolfSSL 7:481bce714567 12650 #endif
wolfSSL 7:481bce714567 12651 }
wolfSSL 7:481bce714567 12652
wolfSSL 7:481bce714567 12653 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 7:481bce714567 12654 *inOutSz = copySz;
wolfSSL 7:481bce714567 12655
wolfSSL 7:481bce714567 12656 return in;
wolfSSL 7:481bce714567 12657 }
wolfSSL 7:481bce714567 12658
wolfSSL 7:481bce714567 12659
wolfSSL 7:481bce714567 12660 byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
wolfSSL 7:481bce714567 12661 int* inOutSz)
wolfSSL 7:481bce714567 12662 {
wolfSSL 7:481bce714567 12663 int copySz;
wolfSSL 7:481bce714567 12664
wolfSSL 7:481bce714567 12665 WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
wolfSSL 7:481bce714567 12666 if (inOutSz == NULL) return NULL;
wolfSSL 7:481bce714567 12667 if (!x509->hwTypeSz) return in;
wolfSSL 7:481bce714567 12668
wolfSSL 7:481bce714567 12669 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 7:481bce714567 12670
wolfSSL 7:481bce714567 12671 if (!in) {
wolfSSL 7:481bce714567 12672 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 12673 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 7:481bce714567 12674 return NULL;
wolfSSL 7:481bce714567 12675 #else
wolfSSL 7:481bce714567 12676 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 12677 if (!in) return in;
wolfSSL 7:481bce714567 12678 copySz = x509->hwSerialNumSz;
wolfSSL 7:481bce714567 12679 #endif
wolfSSL 7:481bce714567 12680 }
wolfSSL 7:481bce714567 12681
wolfSSL 7:481bce714567 12682 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 7:481bce714567 12683 *inOutSz = copySz;
wolfSSL 7:481bce714567 12684
wolfSSL 7:481bce714567 12685 return in;
wolfSSL 7:481bce714567 12686 }
wolfSSL 7:481bce714567 12687
wolfSSL 7:481bce714567 12688 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 12689
wolfSSL 7:481bce714567 12690 /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
wolfSSL 7:481bce714567 12691 #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 12692 /* return 1 on success 0 on fail */
wolfSSL 7:481bce714567 12693 int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 12694 {
wolfSSL 7:481bce714567 12695 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 12696
wolfSSL 7:481bce714567 12697 if (sk == NULL || x509 == NULL) {
wolfSSL 7:481bce714567 12698 return SSL_FAILURE;
wolfSSL 7:481bce714567 12699 }
wolfSSL 7:481bce714567 12700
wolfSSL 7:481bce714567 12701 /* no previous values in stack */
wolfSSL 7:481bce714567 12702 if (sk->data.x509 == NULL) {
wolfSSL 7:481bce714567 12703 sk->data.x509 = x509;
wolfSSL 7:481bce714567 12704 sk->num += 1;
wolfSSL 7:481bce714567 12705 return SSL_SUCCESS;
wolfSSL 7:481bce714567 12706 }
wolfSSL 7:481bce714567 12707
wolfSSL 7:481bce714567 12708 /* stack already has value(s) create a new node and add more */
wolfSSL 7:481bce714567 12709 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 7:481bce714567 12710 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12711 if (node == NULL) {
wolfSSL 7:481bce714567 12712 WOLFSSL_MSG("Memory error");
wolfSSL 7:481bce714567 12713 return SSL_FAILURE;
wolfSSL 7:481bce714567 12714 }
wolfSSL 7:481bce714567 12715 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 7:481bce714567 12716
wolfSSL 7:481bce714567 12717 /* push new x509 onto head of stack */
wolfSSL 7:481bce714567 12718 node->data.x509 = sk->data.x509;
wolfSSL 7:481bce714567 12719 node->next = sk->next;
wolfSSL 7:481bce714567 12720 sk->next = node;
wolfSSL 7:481bce714567 12721 sk->data.x509 = x509;
wolfSSL 7:481bce714567 12722 sk->num += 1;
wolfSSL 7:481bce714567 12723
wolfSSL 7:481bce714567 12724 return SSL_SUCCESS;
wolfSSL 7:481bce714567 12725 }
wolfSSL 7:481bce714567 12726
wolfSSL 7:481bce714567 12727
wolfSSL 7:481bce714567 12728 WOLFSSL_X509* wolfSSL_sk_X509_pop(STACK_OF(WOLFSSL_X509_NAME)* sk) {
wolfSSL 7:481bce714567 12729 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 12730 WOLFSSL_X509* x509;
wolfSSL 7:481bce714567 12731
wolfSSL 7:481bce714567 12732 if (sk == NULL) {
wolfSSL 7:481bce714567 12733 return NULL;
wolfSSL 7:481bce714567 12734 }
wolfSSL 7:481bce714567 12735
wolfSSL 7:481bce714567 12736 node = sk->next;
wolfSSL 7:481bce714567 12737 x509 = sk->data.x509;
wolfSSL 7:481bce714567 12738
wolfSSL 7:481bce714567 12739 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 7:481bce714567 12740 sk->data.x509 = node->data.x509;
wolfSSL 7:481bce714567 12741 sk->next = node->next;
wolfSSL 7:481bce714567 12742 XFREE(node, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12743 }
wolfSSL 7:481bce714567 12744 else { /* last x509 in stack */
wolfSSL 7:481bce714567 12745 sk->data.x509 = NULL;
wolfSSL 7:481bce714567 12746 }
wolfSSL 7:481bce714567 12747
wolfSSL 7:481bce714567 12748 if (sk->num > 0) {
wolfSSL 7:481bce714567 12749 sk->num -= 1;
wolfSSL 7:481bce714567 12750 }
wolfSSL 7:481bce714567 12751
wolfSSL 7:481bce714567 12752 return x509;
wolfSSL 7:481bce714567 12753 }
wolfSSL 7:481bce714567 12754
wolfSSL 7:481bce714567 12755
wolfSSL 7:481bce714567 12756 /* free structure for x509 stack */
wolfSSL 7:481bce714567 12757 void wolfSSL_sk_X509_free(STACK_OF(WOLFSSL_X509_NAME)* sk) {
wolfSSL 7:481bce714567 12758 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 12759
wolfSSL 7:481bce714567 12760 if (sk == NULL) {
wolfSSL 7:481bce714567 12761 return;
wolfSSL 7:481bce714567 12762 }
wolfSSL 7:481bce714567 12763
wolfSSL 7:481bce714567 12764 /* parse through stack freeing each node */
wolfSSL 7:481bce714567 12765 node = sk->next;
wolfSSL 7:481bce714567 12766 while (sk->num > 1) {
wolfSSL 7:481bce714567 12767 WOLFSSL_STACK* tmp = node;
wolfSSL 7:481bce714567 12768 node = node->next;
wolfSSL 7:481bce714567 12769
wolfSSL 7:481bce714567 12770 wolfSSL_X509_free(tmp->data.x509);
wolfSSL 7:481bce714567 12771 XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12772 sk->num -= 1;
wolfSSL 7:481bce714567 12773 }
wolfSSL 7:481bce714567 12774
wolfSSL 7:481bce714567 12775 /* free head of stack */
wolfSSL 7:481bce714567 12776 if (sk->num == 1) {
wolfSSL 7:481bce714567 12777 wolfSSL_X509_free(sk->data.x509);
wolfSSL 7:481bce714567 12778 }
wolfSSL 7:481bce714567 12779 XFREE(sk, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12780 }
wolfSSL 7:481bce714567 12781 #endif /* NO_CERTS && OPENSSL_EXTRA */
wolfSSL 7:481bce714567 12782
wolfSSL 7:481bce714567 12783
wolfSSL 7:481bce714567 12784 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
wolfSSL 7:481bce714567 12785 {
wolfSSL 7:481bce714567 12786 WOLFSSL_X509 *newX509 = NULL;
wolfSSL 7:481bce714567 12787
wolfSSL 7:481bce714567 12788 WOLFSSL_ENTER("wolfSSL_X509_d2i");
wolfSSL 7:481bce714567 12789
wolfSSL 7:481bce714567 12790 if (in != NULL && len != 0) {
wolfSSL 7:481bce714567 12791 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12792 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 12793 #else
wolfSSL 7:481bce714567 12794 DecodedCert cert[1];
wolfSSL 7:481bce714567 12795 #endif
wolfSSL 7:481bce714567 12796
wolfSSL 7:481bce714567 12797 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12798 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 12799 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 12800 if (cert == NULL)
wolfSSL 7:481bce714567 12801 return NULL;
wolfSSL 7:481bce714567 12802 #endif
wolfSSL 7:481bce714567 12803
wolfSSL 7:481bce714567 12804 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 7:481bce714567 12805 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 7:481bce714567 12806 newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 7:481bce714567 12807 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12808 if (newX509 != NULL) {
wolfSSL 7:481bce714567 12809 InitX509(newX509, 1, NULL);
wolfSSL 7:481bce714567 12810 if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL 7:481bce714567 12811 XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12812 newX509 = NULL;
wolfSSL 7:481bce714567 12813 }
wolfSSL 7:481bce714567 12814 }
wolfSSL 7:481bce714567 12815 }
wolfSSL 7:481bce714567 12816 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 12817 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12818 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 12819 #endif
wolfSSL 7:481bce714567 12820 }
wolfSSL 7:481bce714567 12821
wolfSSL 7:481bce714567 12822 if (x509 != NULL)
wolfSSL 7:481bce714567 12823 *x509 = newX509;
wolfSSL 7:481bce714567 12824
wolfSSL 7:481bce714567 12825 return newX509;
wolfSSL 7:481bce714567 12826 }
wolfSSL 7:481bce714567 12827
wolfSSL 7:481bce714567 12828
wolfSSL 7:481bce714567 12829 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 12830
wolfSSL 7:481bce714567 12831 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 7:481bce714567 12832
wolfSSL 7:481bce714567 12833 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
wolfSSL 7:481bce714567 12834 {
wolfSSL 7:481bce714567 12835 WOLFSSL_X509* newX509 = NULL;
wolfSSL 7:481bce714567 12836
wolfSSL 7:481bce714567 12837 WOLFSSL_ENTER("wolfSSL_X509_d2i_fp");
wolfSSL 7:481bce714567 12838
wolfSSL 7:481bce714567 12839 if (file != XBADFILE) {
wolfSSL 7:481bce714567 12840 byte* fileBuffer = NULL;
wolfSSL 7:481bce714567 12841 long sz = 0;
wolfSSL 7:481bce714567 12842
wolfSSL 7:481bce714567 12843 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 12844 sz = XFTELL(file);
wolfSSL 7:481bce714567 12845 XREWIND(file);
wolfSSL 7:481bce714567 12846
wolfSSL 7:481bce714567 12847 if (sz < 0) {
wolfSSL 7:481bce714567 12848 WOLFSSL_MSG("Bad tell on FILE");
wolfSSL 7:481bce714567 12849 return NULL;
wolfSSL 7:481bce714567 12850 }
wolfSSL 7:481bce714567 12851
wolfSSL 7:481bce714567 12852 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 12853 if (fileBuffer != NULL) {
wolfSSL 7:481bce714567 12854 int ret = (int)XFREAD(fileBuffer, sz, 1, file);
wolfSSL 7:481bce714567 12855 if (ret > 0) {
wolfSSL 7:481bce714567 12856 newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 7:481bce714567 12857 }
wolfSSL 7:481bce714567 12858 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 12859 }
wolfSSL 7:481bce714567 12860 }
wolfSSL 7:481bce714567 12861
wolfSSL 7:481bce714567 12862 if (x509 != NULL)
wolfSSL 7:481bce714567 12863 *x509 = newX509;
wolfSSL 7:481bce714567 12864
wolfSSL 7:481bce714567 12865 return newX509;
wolfSSL 7:481bce714567 12866 }
wolfSSL 7:481bce714567 12867
wolfSSL 7:481bce714567 12868 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 7:481bce714567 12869
wolfSSL 7:481bce714567 12870 WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 7:481bce714567 12871 {
wolfSSL 7:481bce714567 12872 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12873 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 12874 #else
wolfSSL 7:481bce714567 12875 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 12876 #endif
wolfSSL 7:481bce714567 12877 byte* fileBuffer = staticBuffer;
wolfSSL 7:481bce714567 12878 int dynamic = 0;
wolfSSL 7:481bce714567 12879 int ret;
wolfSSL 7:481bce714567 12880 long sz = 0;
wolfSSL 7:481bce714567 12881 XFILE file;
wolfSSL 7:481bce714567 12882
wolfSSL 7:481bce714567 12883 WOLFSSL_X509* x509 = NULL;
wolfSSL 7:481bce714567 12884
wolfSSL 7:481bce714567 12885 /* Check the inputs */
wolfSSL 7:481bce714567 12886 if ((fname == NULL) ||
wolfSSL 7:481bce714567 12887 (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL 7:481bce714567 12888 return NULL;
wolfSSL 7:481bce714567 12889
wolfSSL 7:481bce714567 12890 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 12891 if (file == XBADFILE)
wolfSSL 7:481bce714567 12892 return NULL;
wolfSSL 7:481bce714567 12893
wolfSSL 7:481bce714567 12894 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 12895 sz = XFTELL(file);
wolfSSL 7:481bce714567 12896 XREWIND(file);
wolfSSL 7:481bce714567 12897
wolfSSL 7:481bce714567 12898 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 12899 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 12900 if (fileBuffer == NULL) {
wolfSSL 7:481bce714567 12901 XFCLOSE(file);
wolfSSL 7:481bce714567 12902 return NULL;
wolfSSL 7:481bce714567 12903 }
wolfSSL 7:481bce714567 12904 dynamic = 1;
wolfSSL 7:481bce714567 12905 }
wolfSSL 7:481bce714567 12906 else if (sz < 0) {
wolfSSL 7:481bce714567 12907 XFCLOSE(file);
wolfSSL 7:481bce714567 12908 return NULL;
wolfSSL 7:481bce714567 12909 }
wolfSSL 7:481bce714567 12910
wolfSSL 7:481bce714567 12911 ret = (int)XFREAD(fileBuffer, sz, 1, file);
wolfSSL 7:481bce714567 12912 if (ret < 0) {
wolfSSL 7:481bce714567 12913 XFCLOSE(file);
wolfSSL 7:481bce714567 12914 if (dynamic)
wolfSSL 7:481bce714567 12915 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 12916 return NULL;
wolfSSL 7:481bce714567 12917 }
wolfSSL 7:481bce714567 12918
wolfSSL 7:481bce714567 12919 XFCLOSE(file);
wolfSSL 7:481bce714567 12920
wolfSSL 7:481bce714567 12921 x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format);
wolfSSL 7:481bce714567 12922
wolfSSL 7:481bce714567 12923 if (dynamic)
wolfSSL 7:481bce714567 12924 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 12925
wolfSSL 7:481bce714567 12926 return x509;
wolfSSL 7:481bce714567 12927 }
wolfSSL 7:481bce714567 12928
wolfSSL 7:481bce714567 12929 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 12930
wolfSSL 7:481bce714567 12931
wolfSSL 7:481bce714567 12932 WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
wolfSSL 7:481bce714567 12933 const unsigned char* buf, int sz, int format)
wolfSSL 7:481bce714567 12934 {
wolfSSL 7:481bce714567 12935 int ret;
wolfSSL 7:481bce714567 12936 WOLFSSL_X509* x509 = NULL;
wolfSSL 7:481bce714567 12937 DerBuffer* der = NULL;
wolfSSL 7:481bce714567 12938
wolfSSL 7:481bce714567 12939 WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
wolfSSL 7:481bce714567 12940
wolfSSL 7:481bce714567 12941 if (format == SSL_FILETYPE_PEM) {
wolfSSL 7:481bce714567 12942 int ecc = 0;
wolfSSL 7:481bce714567 12943 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12944 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 12945 #else
wolfSSL 7:481bce714567 12946 EncryptedInfo info[1];
wolfSSL 7:481bce714567 12947 #endif
wolfSSL 7:481bce714567 12948
wolfSSL 7:481bce714567 12949 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12950 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 12951 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 12952 if (info == NULL) {
wolfSSL 7:481bce714567 12953 return NULL;
wolfSSL 7:481bce714567 12954 }
wolfSSL 7:481bce714567 12955 #endif
wolfSSL 7:481bce714567 12956
wolfSSL 7:481bce714567 12957 info->set = 0;
wolfSSL 7:481bce714567 12958 info->ctx = NULL;
wolfSSL 7:481bce714567 12959 info->consumed = 0;
wolfSSL 7:481bce714567 12960
wolfSSL 7:481bce714567 12961 if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) {
wolfSSL 7:481bce714567 12962 FreeDer(&der);
wolfSSL 7:481bce714567 12963 }
wolfSSL 7:481bce714567 12964
wolfSSL 7:481bce714567 12965 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12966 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 12967 #endif
wolfSSL 7:481bce714567 12968 }
wolfSSL 7:481bce714567 12969 else {
wolfSSL 7:481bce714567 12970 ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
wolfSSL 7:481bce714567 12971 if (ret == 0) {
wolfSSL 7:481bce714567 12972 XMEMCPY(der->buffer, buf, sz);
wolfSSL 7:481bce714567 12973 }
wolfSSL 7:481bce714567 12974 }
wolfSSL 7:481bce714567 12975
wolfSSL 7:481bce714567 12976 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 7:481bce714567 12977 /* ready to be decoded. */
wolfSSL 7:481bce714567 12978 if (der != NULL && der->buffer != NULL) {
wolfSSL 7:481bce714567 12979 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12980 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 12981 #else
wolfSSL 7:481bce714567 12982 DecodedCert cert[1];
wolfSSL 7:481bce714567 12983 #endif
wolfSSL 7:481bce714567 12984
wolfSSL 7:481bce714567 12985 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 12986 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 12987 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 12988 if (cert != NULL)
wolfSSL 7:481bce714567 12989 #endif
wolfSSL 7:481bce714567 12990 {
wolfSSL 7:481bce714567 12991 InitDecodedCert(cert, der->buffer, der->length, NULL);
wolfSSL 7:481bce714567 12992 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 7:481bce714567 12993 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 7:481bce714567 12994 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12995 if (x509 != NULL) {
wolfSSL 7:481bce714567 12996 InitX509(x509, 1, NULL);
wolfSSL 7:481bce714567 12997 if (CopyDecodedToX509(x509, cert) != 0) {
wolfSSL 7:481bce714567 12998 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 12999 x509 = NULL;
wolfSSL 7:481bce714567 13000 }
wolfSSL 7:481bce714567 13001 }
wolfSSL 7:481bce714567 13002 }
wolfSSL 7:481bce714567 13003
wolfSSL 7:481bce714567 13004 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 13005 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 13006 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 13007 #endif
wolfSSL 7:481bce714567 13008 }
wolfSSL 7:481bce714567 13009
wolfSSL 7:481bce714567 13010 FreeDer(&der);
wolfSSL 7:481bce714567 13011 }
wolfSSL 7:481bce714567 13012
wolfSSL 7:481bce714567 13013 return x509;
wolfSSL 7:481bce714567 13014 }
wolfSSL 7:481bce714567 13015
wolfSSL 7:481bce714567 13016 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 7:481bce714567 13017
wolfSSL 7:481bce714567 13018 /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
wolfSSL 7:481bce714567 13019 KEEP_OUR_CERT is to insure ability for returning ssl certificate */
wolfSSL 7:481bce714567 13020 #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
wolfSSL 7:481bce714567 13021 WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13022 {
wolfSSL 7:481bce714567 13023 if (ssl == NULL) {
wolfSSL 7:481bce714567 13024 return NULL;
wolfSSL 7:481bce714567 13025 }
wolfSSL 7:481bce714567 13026
wolfSSL 7:481bce714567 13027 if (ssl->buffers.weOwnCert) {
wolfSSL 7:481bce714567 13028 if (ssl->ourCert == NULL) {
wolfSSL 7:481bce714567 13029 if (ssl->buffers.certificate == NULL) {
wolfSSL 7:481bce714567 13030 WOLFSSL_MSG("Certificate buffer not set!");
wolfSSL 7:481bce714567 13031 return NULL;
wolfSSL 7:481bce714567 13032 }
wolfSSL 7:481bce714567 13033 ssl->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 7:481bce714567 13034 ssl->buffers.certificate->buffer,
wolfSSL 7:481bce714567 13035 ssl->buffers.certificate->length);
wolfSSL 7:481bce714567 13036 }
wolfSSL 7:481bce714567 13037 return ssl->ourCert;
wolfSSL 7:481bce714567 13038 }
wolfSSL 7:481bce714567 13039 else { /* if cert not owned get parent ctx cert or return null */
wolfSSL 7:481bce714567 13040 if (ssl->ctx) {
wolfSSL 7:481bce714567 13041 if (ssl->ctx->ourCert == NULL) {
wolfSSL 7:481bce714567 13042 if (ssl->ctx->certificate == NULL) {
wolfSSL 7:481bce714567 13043 WOLFSSL_MSG("Ctx Certificate buffer not set!");
wolfSSL 7:481bce714567 13044 return NULL;
wolfSSL 7:481bce714567 13045 }
wolfSSL 7:481bce714567 13046 ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 7:481bce714567 13047 ssl->ctx->certificate->buffer,
wolfSSL 7:481bce714567 13048 ssl->ctx->certificate->length);
wolfSSL 7:481bce714567 13049 }
wolfSSL 7:481bce714567 13050 return ssl->ctx->ourCert;
wolfSSL 7:481bce714567 13051 }
wolfSSL 7:481bce714567 13052 }
wolfSSL 7:481bce714567 13053
wolfSSL 7:481bce714567 13054 return NULL;
wolfSSL 7:481bce714567 13055 }
wolfSSL 7:481bce714567 13056 #endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
wolfSSL 7:481bce714567 13057 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 13058
wolfSSL 7:481bce714567 13059
wolfSSL 7:481bce714567 13060 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 13061 /* return 1 on success 0 on fail */
wolfSSL 7:481bce714567 13062 int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
wolfSSL 7:481bce714567 13063 WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 7:481bce714567 13064 {
wolfSSL 7:481bce714567 13065 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 13066
wolfSSL 7:481bce714567 13067 if (sk == NULL || obj == NULL) {
wolfSSL 7:481bce714567 13068 return SSL_FAILURE;
wolfSSL 7:481bce714567 13069 }
wolfSSL 7:481bce714567 13070
wolfSSL 7:481bce714567 13071 /* no previous values in stack */
wolfSSL 7:481bce714567 13072 if (sk->data.obj == NULL) {
wolfSSL 7:481bce714567 13073 sk->data.obj = obj;
wolfSSL 7:481bce714567 13074 sk->num += 1;
wolfSSL 7:481bce714567 13075 return SSL_SUCCESS;
wolfSSL 7:481bce714567 13076 }
wolfSSL 7:481bce714567 13077
wolfSSL 7:481bce714567 13078 /* stack already has value(s) create a new node and add more */
wolfSSL 7:481bce714567 13079 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 7:481bce714567 13080 DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13081 if (node == NULL) {
wolfSSL 7:481bce714567 13082 WOLFSSL_MSG("Memory error");
wolfSSL 7:481bce714567 13083 return SSL_FAILURE;
wolfSSL 7:481bce714567 13084 }
wolfSSL 7:481bce714567 13085 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 7:481bce714567 13086
wolfSSL 7:481bce714567 13087 /* push new obj onto head of stack */
wolfSSL 7:481bce714567 13088 node->data.obj = sk->data.obj;
wolfSSL 7:481bce714567 13089 node->next = sk->next;
wolfSSL 7:481bce714567 13090 sk->next = node;
wolfSSL 7:481bce714567 13091 sk->data.obj = obj;
wolfSSL 7:481bce714567 13092 sk->num += 1;
wolfSSL 7:481bce714567 13093
wolfSSL 7:481bce714567 13094 return SSL_SUCCESS;
wolfSSL 7:481bce714567 13095 }
wolfSSL 7:481bce714567 13096
wolfSSL 7:481bce714567 13097
wolfSSL 7:481bce714567 13098 WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
wolfSSL 7:481bce714567 13099 STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 7:481bce714567 13100 {
wolfSSL 7:481bce714567 13101 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 13102 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 7:481bce714567 13103
wolfSSL 7:481bce714567 13104 if (sk == NULL) {
wolfSSL 7:481bce714567 13105 return NULL;
wolfSSL 7:481bce714567 13106 }
wolfSSL 7:481bce714567 13107
wolfSSL 7:481bce714567 13108 node = sk->next;
wolfSSL 7:481bce714567 13109 obj = sk->data.obj;
wolfSSL 7:481bce714567 13110
wolfSSL 7:481bce714567 13111 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 7:481bce714567 13112 sk->data.obj = node->data.obj;
wolfSSL 7:481bce714567 13113 sk->next = node->next;
wolfSSL 7:481bce714567 13114 XFREE(node, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13115 }
wolfSSL 7:481bce714567 13116 else { /* last obj in stack */
wolfSSL 7:481bce714567 13117 sk->data.obj = NULL;
wolfSSL 7:481bce714567 13118 }
wolfSSL 7:481bce714567 13119
wolfSSL 7:481bce714567 13120 if (sk->num > 0) {
wolfSSL 7:481bce714567 13121 sk->num -= 1;
wolfSSL 7:481bce714567 13122 }
wolfSSL 7:481bce714567 13123
wolfSSL 7:481bce714567 13124 return obj;
wolfSSL 7:481bce714567 13125 }
wolfSSL 7:481bce714567 13126
wolfSSL 7:481bce714567 13127
wolfSSL 7:481bce714567 13128 #ifndef NO_ASN
wolfSSL 7:481bce714567 13129 WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
wolfSSL 7:481bce714567 13130 {
wolfSSL 7:481bce714567 13131 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 7:481bce714567 13132
wolfSSL 7:481bce714567 13133 obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
wolfSSL 7:481bce714567 13134 DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13135 if (obj == NULL) {
wolfSSL 7:481bce714567 13136 return NULL;
wolfSSL 7:481bce714567 13137 }
wolfSSL 7:481bce714567 13138
wolfSSL 7:481bce714567 13139 XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
wolfSSL 7:481bce714567 13140 return obj;
wolfSSL 7:481bce714567 13141 }
wolfSSL 7:481bce714567 13142
wolfSSL 7:481bce714567 13143
wolfSSL 7:481bce714567 13144 void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 7:481bce714567 13145 {
wolfSSL 7:481bce714567 13146 if (obj == NULL) {
wolfSSL 7:481bce714567 13147 return;
wolfSSL 7:481bce714567 13148 }
wolfSSL 7:481bce714567 13149
wolfSSL 7:481bce714567 13150 if (obj->dynamic == 1) {
wolfSSL 7:481bce714567 13151 if (obj->obj != NULL) {
wolfSSL 7:481bce714567 13152 WOLFSSL_MSG("Freeing ASN1 OBJECT data");
wolfSSL 7:481bce714567 13153 XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13154 }
wolfSSL 7:481bce714567 13155 }
wolfSSL 7:481bce714567 13156
wolfSSL 7:481bce714567 13157 XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13158 }
wolfSSL 7:481bce714567 13159
wolfSSL 7:481bce714567 13160
wolfSSL 7:481bce714567 13161 /* free structure for x509 stack */
wolfSSL 7:481bce714567 13162 void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 7:481bce714567 13163 {
wolfSSL 7:481bce714567 13164 WOLFSSL_STACK* node;
wolfSSL 7:481bce714567 13165
wolfSSL 7:481bce714567 13166 if (sk == NULL) {
wolfSSL 7:481bce714567 13167 return;
wolfSSL 7:481bce714567 13168 }
wolfSSL 7:481bce714567 13169
wolfSSL 7:481bce714567 13170 /* parse through stack freeing each node */
wolfSSL 7:481bce714567 13171 node = sk->next;
wolfSSL 7:481bce714567 13172 while (sk->num > 1) {
wolfSSL 7:481bce714567 13173 WOLFSSL_STACK* tmp = node;
wolfSSL 7:481bce714567 13174 node = node->next;
wolfSSL 7:481bce714567 13175
wolfSSL 7:481bce714567 13176 wolfSSL_ASN1_OBJECT_free(tmp->data.obj);
wolfSSL 7:481bce714567 13177 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13178 sk->num -= 1;
wolfSSL 7:481bce714567 13179 }
wolfSSL 7:481bce714567 13180
wolfSSL 7:481bce714567 13181 /* free head of stack */
wolfSSL 7:481bce714567 13182 if (sk->num == 1) {
wolfSSL 7:481bce714567 13183 wolfSSL_ASN1_OBJECT_free(sk->data.obj);
wolfSSL 7:481bce714567 13184 }
wolfSSL 7:481bce714567 13185 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 7:481bce714567 13186 }
wolfSSL 7:481bce714567 13187 #endif /* NO_ASN */
wolfSSL 7:481bce714567 13188
wolfSSL 7:481bce714567 13189
wolfSSL 7:481bce714567 13190 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
wolfSSL 7:481bce714567 13191 unsigned int len)
wolfSSL 7:481bce714567 13192 {
wolfSSL 7:481bce714567 13193 (void)ssl;
wolfSSL 7:481bce714567 13194 (void)id;
wolfSSL 7:481bce714567 13195 (void)len;
wolfSSL 7:481bce714567 13196 return 0;
wolfSSL 7:481bce714567 13197 }
wolfSSL 7:481bce714567 13198
wolfSSL 7:481bce714567 13199
wolfSSL 7:481bce714567 13200 void wolfSSL_set_connect_state(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13201 {
wolfSSL 7:481bce714567 13202 (void)ssl;
wolfSSL 7:481bce714567 13203 /* client by default */
wolfSSL 7:481bce714567 13204 }
wolfSSL 7:481bce714567 13205 #endif
wolfSSL 7:481bce714567 13206
wolfSSL 7:481bce714567 13207 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 13208 {
wolfSSL 7:481bce714567 13209 WOLFSSL_ENTER("wolfSSL_get_shutdown");
wolfSSL 7:481bce714567 13210 /* in OpenSSL, SSL_SENT_SHUTDOWN = 1, when closeNotifySent *
wolfSSL 7:481bce714567 13211 * SSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
wolfSSL 7:481bce714567 13212 return ((ssl->options.closeNotify||ssl->options.connReset) << 1)
wolfSSL 7:481bce714567 13213 | (ssl->options.sentNotify);
wolfSSL 7:481bce714567 13214 }
wolfSSL 7:481bce714567 13215
wolfSSL 7:481bce714567 13216
wolfSSL 7:481bce714567 13217 int wolfSSL_session_reused(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13218 {
wolfSSL 7:481bce714567 13219 return ssl->options.resuming;
wolfSSL 7:481bce714567 13220 }
wolfSSL 7:481bce714567 13221
wolfSSL 7:481bce714567 13222 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 13223 void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 13224 {
wolfSSL 7:481bce714567 13225 /* No need to free since cache is static */
wolfSSL 7:481bce714567 13226 (void)session;
wolfSSL 7:481bce714567 13227 }
wolfSSL 7:481bce714567 13228 #endif
wolfSSL 7:481bce714567 13229
wolfSSL 7:481bce714567 13230 const char* wolfSSL_get_version(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13231 {
wolfSSL 7:481bce714567 13232 WOLFSSL_ENTER("SSL_get_version");
wolfSSL 7:481bce714567 13233 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 7:481bce714567 13234 switch (ssl->version.minor) {
wolfSSL 7:481bce714567 13235 case SSLv3_MINOR :
wolfSSL 7:481bce714567 13236 return "SSLv3";
wolfSSL 7:481bce714567 13237 case TLSv1_MINOR :
wolfSSL 7:481bce714567 13238 return "TLSv1";
wolfSSL 7:481bce714567 13239 case TLSv1_1_MINOR :
wolfSSL 7:481bce714567 13240 return "TLSv1.1";
wolfSSL 7:481bce714567 13241 case TLSv1_2_MINOR :
wolfSSL 7:481bce714567 13242 return "TLSv1.2";
wolfSSL 7:481bce714567 13243 default:
wolfSSL 7:481bce714567 13244 return "unknown";
wolfSSL 7:481bce714567 13245 }
wolfSSL 7:481bce714567 13246 }
wolfSSL 7:481bce714567 13247 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 13248 switch (ssl->version.minor) {
wolfSSL 7:481bce714567 13249 case DTLS_MINOR :
wolfSSL 7:481bce714567 13250 return "DTLS";
wolfSSL 7:481bce714567 13251 case DTLSv1_2_MINOR :
wolfSSL 7:481bce714567 13252 return "DTLSv1.2";
wolfSSL 7:481bce714567 13253 default:
wolfSSL 7:481bce714567 13254 return "unknown";
wolfSSL 7:481bce714567 13255 }
wolfSSL 7:481bce714567 13256 }
wolfSSL 7:481bce714567 13257 return "unknown";
wolfSSL 7:481bce714567 13258 }
wolfSSL 7:481bce714567 13259
wolfSSL 7:481bce714567 13260
wolfSSL 7:481bce714567 13261 /* current library version */
wolfSSL 7:481bce714567 13262 const char* wolfSSL_lib_version(void)
wolfSSL 7:481bce714567 13263 {
wolfSSL 7:481bce714567 13264 return LIBWOLFSSL_VERSION_STRING;
wolfSSL 7:481bce714567 13265 }
wolfSSL 7:481bce714567 13266
wolfSSL 7:481bce714567 13267
wolfSSL 7:481bce714567 13268 /* current library version in hex */
wolfSSL 7:481bce714567 13269 word32 wolfSSL_lib_version_hex(void)
wolfSSL 7:481bce714567 13270 {
wolfSSL 7:481bce714567 13271 return LIBWOLFSSL_VERSION_HEX;
wolfSSL 7:481bce714567 13272 }
wolfSSL 7:481bce714567 13273
wolfSSL 7:481bce714567 13274
wolfSSL 7:481bce714567 13275 int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13276 {
wolfSSL 7:481bce714567 13277 WOLFSSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 7:481bce714567 13278 if (ssl)
wolfSSL 7:481bce714567 13279 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 7:481bce714567 13280 return 0;
wolfSSL 7:481bce714567 13281 }
wolfSSL 7:481bce714567 13282
wolfSSL 7:481bce714567 13283 WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13284 {
wolfSSL 7:481bce714567 13285 WOLFSSL_ENTER("SSL_get_current_cipher");
wolfSSL 7:481bce714567 13286 if (ssl)
wolfSSL 7:481bce714567 13287 return &ssl->cipher;
wolfSSL 7:481bce714567 13288 else
wolfSSL 7:481bce714567 13289 return NULL;
wolfSSL 7:481bce714567 13290 }
wolfSSL 7:481bce714567 13291
wolfSSL 7:481bce714567 13292
wolfSSL 7:481bce714567 13293 const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
wolfSSL 7:481bce714567 13294 {
wolfSSL 7:481bce714567 13295 WOLFSSL_ENTER("SSL_CIPHER_get_name");
wolfSSL 7:481bce714567 13296
wolfSSL 7:481bce714567 13297 if (cipher == NULL || cipher->ssl == NULL) {
wolfSSL 7:481bce714567 13298 return NULL;
wolfSSL 7:481bce714567 13299 }
wolfSSL 7:481bce714567 13300
wolfSSL 7:481bce714567 13301 return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite,
wolfSSL 7:481bce714567 13302 cipher->ssl->options.cipherSuite0);
wolfSSL 7:481bce714567 13303 }
wolfSSL 7:481bce714567 13304
wolfSSL 7:481bce714567 13305 const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 13306 {
wolfSSL 7:481bce714567 13307 if (session == NULL) {
wolfSSL 7:481bce714567 13308 return NULL;
wolfSSL 7:481bce714567 13309 }
wolfSSL 7:481bce714567 13310
wolfSSL 7:481bce714567 13311 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 13312 return wolfSSL_get_cipher_name_from_suite(session->cipherSuite,
wolfSSL 7:481bce714567 13313 session->cipherSuite0);
wolfSSL 7:481bce714567 13314 #else
wolfSSL 7:481bce714567 13315 return NULL;
wolfSSL 7:481bce714567 13316 #endif
wolfSSL 7:481bce714567 13317 }
wolfSSL 7:481bce714567 13318
wolfSSL 7:481bce714567 13319 const char* wolfSSL_get_cipher(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13320 {
wolfSSL 7:481bce714567 13321 WOLFSSL_ENTER("wolfSSL_get_cipher");
wolfSSL 7:481bce714567 13322 return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
wolfSSL 7:481bce714567 13323 }
wolfSSL 7:481bce714567 13324
wolfSSL 7:481bce714567 13325 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 7:481bce714567 13326 const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13327 {
wolfSSL 7:481bce714567 13328 /* get access to cipher_name_idx in internal.c */
wolfSSL 7:481bce714567 13329 return wolfSSL_get_cipher_name_internal(ssl);
wolfSSL 7:481bce714567 13330 }
wolfSSL 7:481bce714567 13331
wolfSSL 7:481bce714567 13332
wolfSSL 7:481bce714567 13333 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 13334
wolfSSL 7:481bce714567 13335 char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
wolfSSL 7:481bce714567 13336 {
wolfSSL 7:481bce714567 13337 (void)cipher;
wolfSSL 7:481bce714567 13338 (void)in;
wolfSSL 7:481bce714567 13339 (void)len;
wolfSSL 7:481bce714567 13340 return 0;
wolfSSL 7:481bce714567 13341 }
wolfSSL 7:481bce714567 13342
wolfSSL 7:481bce714567 13343
wolfSSL 7:481bce714567 13344 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 13345
wolfSSL 7:481bce714567 13346 WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13347 {
wolfSSL 7:481bce714567 13348 if (ssl == NULL) {
wolfSSL 7:481bce714567 13349 return NULL;
wolfSSL 7:481bce714567 13350 }
wolfSSL 7:481bce714567 13351
wolfSSL 7:481bce714567 13352 /* sessions are stored statically, no need for reference count */
wolfSSL 7:481bce714567 13353 return wolfSSL_get_session(ssl);
wolfSSL 7:481bce714567 13354 }
wolfSSL 7:481bce714567 13355
wolfSSL 7:481bce714567 13356 #endif /* NO_SESSION_CACHE */
wolfSSL 7:481bce714567 13357
wolfSSL 7:481bce714567 13358 #ifndef NO_CERTS
wolfSSL 7:481bce714567 13359 void wolfSSL_X509_free(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 13360 {
wolfSSL 7:481bce714567 13361 WOLFSSL_ENTER("wolfSSL_X509_free");
wolfSSL 7:481bce714567 13362 ExternalFreeX509(x509);
wolfSSL 7:481bce714567 13363 }
wolfSSL 7:481bce714567 13364 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 13365
wolfSSL 7:481bce714567 13366
wolfSSL 7:481bce714567 13367 /* was do nothing */
wolfSSL 7:481bce714567 13368 /*
wolfSSL 7:481bce714567 13369 void OPENSSL_free(void* buf)
wolfSSL 7:481bce714567 13370 {
wolfSSL 7:481bce714567 13371 (void)buf;
wolfSSL 7:481bce714567 13372 }
wolfSSL 7:481bce714567 13373 */
wolfSSL 7:481bce714567 13374
wolfSSL 7:481bce714567 13375
wolfSSL 7:481bce714567 13376 int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 7:481bce714567 13377 int* ssl)
wolfSSL 7:481bce714567 13378 {
wolfSSL 7:481bce714567 13379 (void)url;
wolfSSL 7:481bce714567 13380 (void)host;
wolfSSL 7:481bce714567 13381 (void)port;
wolfSSL 7:481bce714567 13382 (void)path;
wolfSSL 7:481bce714567 13383 (void)ssl;
wolfSSL 7:481bce714567 13384 return 0;
wolfSSL 7:481bce714567 13385 }
wolfSSL 7:481bce714567 13386
wolfSSL 7:481bce714567 13387
wolfSSL 7:481bce714567 13388 WOLFSSL_METHOD* wolfSSLv2_client_method(void)
wolfSSL 7:481bce714567 13389 {
wolfSSL 7:481bce714567 13390 return 0;
wolfSSL 7:481bce714567 13391 }
wolfSSL 7:481bce714567 13392
wolfSSL 7:481bce714567 13393
wolfSSL 7:481bce714567 13394 WOLFSSL_METHOD* wolfSSLv2_server_method(void)
wolfSSL 7:481bce714567 13395 {
wolfSSL 7:481bce714567 13396 return 0;
wolfSSL 7:481bce714567 13397 }
wolfSSL 7:481bce714567 13398
wolfSSL 7:481bce714567 13399
wolfSSL 7:481bce714567 13400 #ifndef NO_MD4
wolfSSL 7:481bce714567 13401
wolfSSL 7:481bce714567 13402 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
wolfSSL 7:481bce714567 13403 {
wolfSSL 7:481bce714567 13404 /* make sure we have a big enough buffer */
wolfSSL 7:481bce714567 13405 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 7:481bce714567 13406 (void) sizeof(ok);
wolfSSL 7:481bce714567 13407
wolfSSL 7:481bce714567 13408 WOLFSSL_ENTER("MD4_Init");
wolfSSL 7:481bce714567 13409 wc_InitMd4((Md4*)md4);
wolfSSL 7:481bce714567 13410 }
wolfSSL 7:481bce714567 13411
wolfSSL 7:481bce714567 13412
wolfSSL 7:481bce714567 13413 void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
wolfSSL 7:481bce714567 13414 unsigned long len)
wolfSSL 7:481bce714567 13415 {
wolfSSL 7:481bce714567 13416 WOLFSSL_ENTER("MD4_Update");
wolfSSL 7:481bce714567 13417 wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 7:481bce714567 13418 }
wolfSSL 7:481bce714567 13419
wolfSSL 7:481bce714567 13420
wolfSSL 7:481bce714567 13421 void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
wolfSSL 7:481bce714567 13422 {
wolfSSL 7:481bce714567 13423 WOLFSSL_ENTER("MD4_Final");
wolfSSL 7:481bce714567 13424 wc_Md4Final((Md4*)md4, digest);
wolfSSL 7:481bce714567 13425 }
wolfSSL 7:481bce714567 13426
wolfSSL 7:481bce714567 13427 #endif /* NO_MD4 */
wolfSSL 7:481bce714567 13428
wolfSSL 7:481bce714567 13429
wolfSSL 7:481bce714567 13430 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* top)
wolfSSL 7:481bce714567 13431 {
wolfSSL 7:481bce714567 13432 (void)top;
wolfSSL 7:481bce714567 13433 return 0;
wolfSSL 7:481bce714567 13434 }
wolfSSL 7:481bce714567 13435
wolfSSL 7:481bce714567 13436
wolfSSL 7:481bce714567 13437 int wolfSSL_BIO_pending(WOLFSSL_BIO* bio)
wolfSSL 7:481bce714567 13438 {
wolfSSL 7:481bce714567 13439 (void)bio;
wolfSSL 7:481bce714567 13440 return 0;
wolfSSL 7:481bce714567 13441 }
wolfSSL 7:481bce714567 13442
wolfSSL 7:481bce714567 13443
wolfSSL 7:481bce714567 13444
wolfSSL 7:481bce714567 13445 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void)
wolfSSL 7:481bce714567 13446 {
wolfSSL 7:481bce714567 13447 static WOLFSSL_BIO_METHOD meth;
wolfSSL 7:481bce714567 13448
wolfSSL 7:481bce714567 13449 WOLFSSL_ENTER("BIO_s_mem");
wolfSSL 7:481bce714567 13450 meth.type = BIO_MEMORY;
wolfSSL 7:481bce714567 13451
wolfSSL 7:481bce714567 13452 return &meth;
wolfSSL 7:481bce714567 13453 }
wolfSSL 7:481bce714567 13454
wolfSSL 7:481bce714567 13455
wolfSSL 7:481bce714567 13456 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void)
wolfSSL 7:481bce714567 13457 {
wolfSSL 7:481bce714567 13458 return 0;
wolfSSL 7:481bce714567 13459 }
wolfSSL 7:481bce714567 13460
wolfSSL 7:481bce714567 13461
wolfSSL 7:481bce714567 13462 void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags)
wolfSSL 7:481bce714567 13463 {
wolfSSL 7:481bce714567 13464 (void)bio;
wolfSSL 7:481bce714567 13465 (void)flags;
wolfSSL 7:481bce714567 13466 }
wolfSSL 7:481bce714567 13467
wolfSSL 7:481bce714567 13468
wolfSSL 7:481bce714567 13469
wolfSSL 7:481bce714567 13470 void wolfSSL_RAND_screen(void)
wolfSSL 7:481bce714567 13471 {
wolfSSL 7:481bce714567 13472
wolfSSL 7:481bce714567 13473 }
wolfSSL 7:481bce714567 13474
wolfSSL 7:481bce714567 13475
wolfSSL 7:481bce714567 13476 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 7:481bce714567 13477 {
wolfSSL 7:481bce714567 13478 (void)fname;
wolfSSL 7:481bce714567 13479 (void)len;
wolfSSL 7:481bce714567 13480 return 0;
wolfSSL 7:481bce714567 13481 }
wolfSSL 7:481bce714567 13482
wolfSSL 7:481bce714567 13483
wolfSSL 7:481bce714567 13484 int wolfSSL_RAND_write_file(const char* fname)
wolfSSL 7:481bce714567 13485 {
wolfSSL 7:481bce714567 13486 (void)fname;
wolfSSL 7:481bce714567 13487 return 0;
wolfSSL 7:481bce714567 13488 }
wolfSSL 7:481bce714567 13489
wolfSSL 7:481bce714567 13490
wolfSSL 7:481bce714567 13491 int wolfSSL_RAND_load_file(const char* fname, long len)
wolfSSL 7:481bce714567 13492 {
wolfSSL 7:481bce714567 13493 (void)fname;
wolfSSL 7:481bce714567 13494 /* wolfCrypt provides enough entropy internally or will report error */
wolfSSL 7:481bce714567 13495 if (len == -1)
wolfSSL 7:481bce714567 13496 return 1024;
wolfSSL 7:481bce714567 13497 else
wolfSSL 7:481bce714567 13498 return (int)len;
wolfSSL 7:481bce714567 13499 }
wolfSSL 7:481bce714567 13500
wolfSSL 7:481bce714567 13501
wolfSSL 7:481bce714567 13502 int wolfSSL_RAND_egd(const char* path)
wolfSSL 7:481bce714567 13503 {
wolfSSL 7:481bce714567 13504 (void)path;
wolfSSL 7:481bce714567 13505 return 0;
wolfSSL 7:481bce714567 13506 }
wolfSSL 7:481bce714567 13507
wolfSSL 7:481bce714567 13508
wolfSSL 7:481bce714567 13509
wolfSSL 7:481bce714567 13510 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
wolfSSL 7:481bce714567 13511 {
wolfSSL 7:481bce714567 13512 return 0;
wolfSSL 7:481bce714567 13513 }
wolfSSL 7:481bce714567 13514
wolfSSL 7:481bce714567 13515
wolfSSL 7:481bce714567 13516 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
wolfSSL 7:481bce714567 13517 {
wolfSSL 7:481bce714567 13518 return 0;
wolfSSL 7:481bce714567 13519 }
wolfSSL 7:481bce714567 13520
wolfSSL 7:481bce714567 13521
wolfSSL 7:481bce714567 13522 int wolfSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 7:481bce714567 13523 {
wolfSSL 7:481bce714567 13524 (void)method;
wolfSSL 7:481bce714567 13525 (void)data;
wolfSSL 7:481bce714567 13526 return 0;
wolfSSL 7:481bce714567 13527 }
wolfSSL 7:481bce714567 13528
wolfSSL 7:481bce714567 13529
wolfSSL 7:481bce714567 13530 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
wolfSSL 7:481bce714567 13531 const char*, int))
wolfSSL 7:481bce714567 13532 {
wolfSSL 7:481bce714567 13533 (void)f;
wolfSSL 7:481bce714567 13534 }
wolfSSL 7:481bce714567 13535
wolfSSL 7:481bce714567 13536
wolfSSL 7:481bce714567 13537 void wolfSSL_set_dynlock_lock_callback(
wolfSSL 7:481bce714567 13538 void (*f)(int, WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 7:481bce714567 13539 {
wolfSSL 7:481bce714567 13540 (void)f;
wolfSSL 7:481bce714567 13541 }
wolfSSL 7:481bce714567 13542
wolfSSL 7:481bce714567 13543
wolfSSL 7:481bce714567 13544 void wolfSSL_set_dynlock_destroy_callback(
wolfSSL 7:481bce714567 13545 void (*f)(WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 7:481bce714567 13546 {
wolfSSL 7:481bce714567 13547 (void)f;
wolfSSL 7:481bce714567 13548 }
wolfSSL 7:481bce714567 13549
wolfSSL 7:481bce714567 13550
wolfSSL 7:481bce714567 13551
wolfSSL 7:481bce714567 13552 const char* wolfSSL_X509_verify_cert_error_string(long err)
wolfSSL 7:481bce714567 13553 {
wolfSSL 7:481bce714567 13554 return wolfSSL_ERR_reason_error_string(err);
wolfSSL 7:481bce714567 13555 }
wolfSSL 7:481bce714567 13556
wolfSSL 7:481bce714567 13557
wolfSSL 7:481bce714567 13558
wolfSSL 7:481bce714567 13559 int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 7:481bce714567 13560 long len)
wolfSSL 7:481bce714567 13561 {
wolfSSL 7:481bce714567 13562 (void)lookup;
wolfSSL 7:481bce714567 13563 (void)dir;
wolfSSL 7:481bce714567 13564 (void)len;
wolfSSL 7:481bce714567 13565 return 0;
wolfSSL 7:481bce714567 13566 }
wolfSSL 7:481bce714567 13567
wolfSSL 7:481bce714567 13568
wolfSSL 7:481bce714567 13569 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
wolfSSL 7:481bce714567 13570 const char* file, long len)
wolfSSL 7:481bce714567 13571 {
wolfSSL 7:481bce714567 13572 (void)lookup;
wolfSSL 7:481bce714567 13573 (void)file;
wolfSSL 7:481bce714567 13574 (void)len;
wolfSSL 7:481bce714567 13575 return 0;
wolfSSL 7:481bce714567 13576 }
wolfSSL 7:481bce714567 13577
wolfSSL 7:481bce714567 13578
wolfSSL 7:481bce714567 13579 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 7:481bce714567 13580 {
wolfSSL 7:481bce714567 13581 return 0;
wolfSSL 7:481bce714567 13582 }
wolfSSL 7:481bce714567 13583
wolfSSL 7:481bce714567 13584
wolfSSL 7:481bce714567 13585 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
wolfSSL 7:481bce714567 13586 {
wolfSSL 7:481bce714567 13587 return 0;
wolfSSL 7:481bce714567 13588 }
wolfSSL 7:481bce714567 13589
wolfSSL 7:481bce714567 13590
wolfSSL 7:481bce714567 13591
wolfSSL 7:481bce714567 13592 WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
wolfSSL 7:481bce714567 13593 WOLFSSL_X509_LOOKUP_METHOD* m)
wolfSSL 7:481bce714567 13594 {
wolfSSL 7:481bce714567 13595 (void)store;
wolfSSL 7:481bce714567 13596 (void)m;
wolfSSL 7:481bce714567 13597 return 0;
wolfSSL 7:481bce714567 13598 }
wolfSSL 7:481bce714567 13599
wolfSSL 7:481bce714567 13600
wolfSSL 7:481bce714567 13601 #ifndef NO_CERTS
wolfSSL 7:481bce714567 13602 WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
wolfSSL 7:481bce714567 13603 {
wolfSSL 7:481bce714567 13604 WOLFSSL_X509* localX509 = NULL;
wolfSSL 7:481bce714567 13605 const unsigned char* mem = NULL;
wolfSSL 7:481bce714567 13606 int ret;
wolfSSL 7:481bce714567 13607 word32 size;
wolfSSL 7:481bce714567 13608
wolfSSL 7:481bce714567 13609 WOLFSSL_ENTER("wolfSSL_d2i_X509_bio");
wolfSSL 7:481bce714567 13610
wolfSSL 7:481bce714567 13611 if (bio == NULL) {
wolfSSL 7:481bce714567 13612 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 7:481bce714567 13613 return NULL;
wolfSSL 7:481bce714567 13614 }
wolfSSL 7:481bce714567 13615
wolfSSL 7:481bce714567 13616 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 7:481bce714567 13617 if (mem == NULL || ret <= 0) {
wolfSSL 7:481bce714567 13618 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 7:481bce714567 13619 return NULL;
wolfSSL 7:481bce714567 13620 }
wolfSSL 7:481bce714567 13621 size = ret;
wolfSSL 7:481bce714567 13622
wolfSSL 7:481bce714567 13623 localX509 = wolfSSL_X509_d2i(NULL, mem, size);
wolfSSL 7:481bce714567 13624 if (localX509 == NULL) {
wolfSSL 7:481bce714567 13625 return NULL;
wolfSSL 7:481bce714567 13626 }
wolfSSL 7:481bce714567 13627
wolfSSL 7:481bce714567 13628 if (x509 != NULL) {
wolfSSL 7:481bce714567 13629 *x509 = localX509;
wolfSSL 7:481bce714567 13630 }
wolfSSL 7:481bce714567 13631
wolfSSL 7:481bce714567 13632 return localX509;
wolfSSL 7:481bce714567 13633 }
wolfSSL 7:481bce714567 13634
wolfSSL 7:481bce714567 13635
wolfSSL 7:481bce714567 13636 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
wolfSSL 7:481bce714567 13637 WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
wolfSSL 7:481bce714567 13638 {
wolfSSL 7:481bce714567 13639 WC_PKCS12* localPkcs12 = NULL;
wolfSSL 7:481bce714567 13640 const unsigned char* mem = NULL;
wolfSSL 7:481bce714567 13641 int ret;
wolfSSL 7:481bce714567 13642 word32 size;
wolfSSL 7:481bce714567 13643
wolfSSL 7:481bce714567 13644 WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
wolfSSL 7:481bce714567 13645
wolfSSL 7:481bce714567 13646 if (bio == NULL) {
wolfSSL 7:481bce714567 13647 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 7:481bce714567 13648 return NULL;
wolfSSL 7:481bce714567 13649 }
wolfSSL 7:481bce714567 13650
wolfSSL 7:481bce714567 13651 localPkcs12 = wc_PKCS12_new();
wolfSSL 7:481bce714567 13652 if (localPkcs12 == NULL) {
wolfSSL 7:481bce714567 13653 WOLFSSL_MSG("Memory error");
wolfSSL 7:481bce714567 13654 return NULL;
wolfSSL 7:481bce714567 13655 }
wolfSSL 7:481bce714567 13656
wolfSSL 7:481bce714567 13657 if (pkcs12 != NULL) {
wolfSSL 7:481bce714567 13658 *pkcs12 = localPkcs12;
wolfSSL 7:481bce714567 13659 }
wolfSSL 7:481bce714567 13660
wolfSSL 7:481bce714567 13661 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 7:481bce714567 13662 if (mem == NULL || ret <= 0) {
wolfSSL 7:481bce714567 13663 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 7:481bce714567 13664 wc_PKCS12_free(localPkcs12);
wolfSSL 7:481bce714567 13665 if (pkcs12 != NULL) {
wolfSSL 7:481bce714567 13666 *pkcs12 = NULL;
wolfSSL 7:481bce714567 13667 }
wolfSSL 7:481bce714567 13668 return NULL;
wolfSSL 7:481bce714567 13669 }
wolfSSL 7:481bce714567 13670 size = ret;
wolfSSL 7:481bce714567 13671
wolfSSL 7:481bce714567 13672 ret = wc_d2i_PKCS12(mem, size, localPkcs12);
wolfSSL 7:481bce714567 13673 if (ret <= 0) {
wolfSSL 7:481bce714567 13674 WOLFSSL_MSG("Failed to get PKCS12 sequence");
wolfSSL 7:481bce714567 13675 wc_PKCS12_free(localPkcs12);
wolfSSL 7:481bce714567 13676 if (pkcs12 != NULL) {
wolfSSL 7:481bce714567 13677 *pkcs12 = NULL;
wolfSSL 7:481bce714567 13678 }
wolfSSL 7:481bce714567 13679 return NULL;
wolfSSL 7:481bce714567 13680 }
wolfSSL 7:481bce714567 13681
wolfSSL 7:481bce714567 13682 return localPkcs12;
wolfSSL 7:481bce714567 13683 }
wolfSSL 7:481bce714567 13684
wolfSSL 7:481bce714567 13685
wolfSSL 7:481bce714567 13686 /* return 1 on success, 0 on failure */
wolfSSL 7:481bce714567 13687 int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL 7:481bce714567 13688 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca)
wolfSSL 7:481bce714567 13689 {
wolfSSL 7:481bce714567 13690 DecodedCert DeCert;
wolfSSL 7:481bce714567 13691 void* heap = NULL;
wolfSSL 7:481bce714567 13692 int ret;
wolfSSL 7:481bce714567 13693 byte* certData = NULL;
wolfSSL 7:481bce714567 13694 word32 certDataSz;
wolfSSL 7:481bce714567 13695 byte* pk = NULL;
wolfSSL 7:481bce714567 13696 word32 pkSz;
wolfSSL 7:481bce714567 13697 WC_DerCertList* certList = NULL;
wolfSSL 7:481bce714567 13698
wolfSSL 7:481bce714567 13699 WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
wolfSSL 7:481bce714567 13700
wolfSSL 7:481bce714567 13701 if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
wolfSSL 7:481bce714567 13702 WOLFSSL_MSG("Bad argument value");
wolfSSL 7:481bce714567 13703 return 0;
wolfSSL 7:481bce714567 13704 }
wolfSSL 7:481bce714567 13705
wolfSSL 7:481bce714567 13706 heap = wc_PKCS12_GetHeap(pkcs12);
wolfSSL 7:481bce714567 13707 *pkey = NULL;
wolfSSL 7:481bce714567 13708 *cert = NULL;
wolfSSL 7:481bce714567 13709
wolfSSL 7:481bce714567 13710 if (ca == NULL) {
wolfSSL 7:481bce714567 13711 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 7:481bce714567 13712 NULL);
wolfSSL 7:481bce714567 13713 }
wolfSSL 7:481bce714567 13714 else {
wolfSSL 7:481bce714567 13715 *ca = NULL;
wolfSSL 7:481bce714567 13716 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 7:481bce714567 13717 &certList);
wolfSSL 7:481bce714567 13718 }
wolfSSL 7:481bce714567 13719 if (ret < 0) {
wolfSSL 7:481bce714567 13720 WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
wolfSSL 7:481bce714567 13721 return 0;
wolfSSL 7:481bce714567 13722 }
wolfSSL 7:481bce714567 13723
wolfSSL 7:481bce714567 13724 /* Decode cert and place in X509 stack struct */
wolfSSL 7:481bce714567 13725 if (certList != NULL) {
wolfSSL 7:481bce714567 13726 WC_DerCertList* current = certList;
wolfSSL 7:481bce714567 13727
wolfSSL 7:481bce714567 13728 *ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)),
wolfSSL 7:481bce714567 13729 heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 13730 if (*ca == NULL) {
wolfSSL 7:481bce714567 13731 if (pk != NULL) {
wolfSSL 7:481bce714567 13732 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13733 }
wolfSSL 7:481bce714567 13734 if (certData != NULL) {
wolfSSL 7:481bce714567 13735 XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL;
wolfSSL 7:481bce714567 13736 }
wolfSSL 7:481bce714567 13737 /* Free up WC_DerCertList and move on */
wolfSSL 7:481bce714567 13738 while (current != NULL) {
wolfSSL 7:481bce714567 13739 WC_DerCertList* next = current->next;
wolfSSL 7:481bce714567 13740
wolfSSL 7:481bce714567 13741 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13742 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13743 current = next;
wolfSSL 7:481bce714567 13744 }
wolfSSL 7:481bce714567 13745 return 0;
wolfSSL 7:481bce714567 13746 }
wolfSSL 7:481bce714567 13747 XMEMSET(*ca, 0, sizeof(STACK_OF(WOLFSSL_X509)));
wolfSSL 7:481bce714567 13748
wolfSSL 7:481bce714567 13749 /* add list of DER certs as X509's to stack */
wolfSSL 7:481bce714567 13750 while (current != NULL) {
wolfSSL 7:481bce714567 13751 WC_DerCertList* toFree = current;
wolfSSL 7:481bce714567 13752 WOLFSSL_X509* x509;
wolfSSL 7:481bce714567 13753
wolfSSL 7:481bce714567 13754 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 7:481bce714567 13755 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 13756 InitX509(x509, 1, heap);
wolfSSL 7:481bce714567 13757 InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
wolfSSL 7:481bce714567 13758 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 7:481bce714567 13759 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 7:481bce714567 13760 FreeDecodedCert(&DeCert);
wolfSSL 7:481bce714567 13761 wolfSSL_X509_free(x509);
wolfSSL 7:481bce714567 13762 }
wolfSSL 7:481bce714567 13763 else {
wolfSSL 7:481bce714567 13764 if ((ret = CopyDecodedToX509(x509, &DeCert)) != 0) {
wolfSSL 7:481bce714567 13765 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 7:481bce714567 13766 FreeDecodedCert(&DeCert);
wolfSSL 7:481bce714567 13767 wolfSSL_X509_free(x509);
wolfSSL 7:481bce714567 13768 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13769 if (pk != NULL) {
wolfSSL 7:481bce714567 13770 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13771 }
wolfSSL 7:481bce714567 13772 if (certData != NULL) {
wolfSSL 7:481bce714567 13773 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13774 }
wolfSSL 7:481bce714567 13775 /* Free up WC_DerCertList */
wolfSSL 7:481bce714567 13776 while (current != NULL) {
wolfSSL 7:481bce714567 13777 WC_DerCertList* next = current->next;
wolfSSL 7:481bce714567 13778
wolfSSL 7:481bce714567 13779 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13780 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13781 current = next;
wolfSSL 7:481bce714567 13782 }
wolfSSL 7:481bce714567 13783 return 0;
wolfSSL 7:481bce714567 13784 }
wolfSSL 7:481bce714567 13785 FreeDecodedCert(&DeCert);
wolfSSL 7:481bce714567 13786
wolfSSL 7:481bce714567 13787 if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
wolfSSL 7:481bce714567 13788 WOLFSSL_MSG("Failed to push x509 onto stack");
wolfSSL 7:481bce714567 13789 wolfSSL_X509_free(x509);
wolfSSL 7:481bce714567 13790 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13791 if (pk != NULL) {
wolfSSL 7:481bce714567 13792 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13793 }
wolfSSL 7:481bce714567 13794 if (certData != NULL) {
wolfSSL 7:481bce714567 13795 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13796 }
wolfSSL 7:481bce714567 13797
wolfSSL 7:481bce714567 13798 /* Free up WC_DerCertList */
wolfSSL 7:481bce714567 13799 while (current != NULL) {
wolfSSL 7:481bce714567 13800 WC_DerCertList* next = current->next;
wolfSSL 7:481bce714567 13801
wolfSSL 7:481bce714567 13802 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13803 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13804 current = next;
wolfSSL 7:481bce714567 13805 }
wolfSSL 7:481bce714567 13806 return 0;
wolfSSL 7:481bce714567 13807 }
wolfSSL 7:481bce714567 13808 }
wolfSSL 7:481bce714567 13809 current = current->next;
wolfSSL 7:481bce714567 13810 XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13811 XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13812 }
wolfSSL 7:481bce714567 13813 }
wolfSSL 7:481bce714567 13814
wolfSSL 7:481bce714567 13815
wolfSSL 7:481bce714567 13816 /* Decode cert and place in X509 struct */
wolfSSL 7:481bce714567 13817 if (certData != NULL) {
wolfSSL 7:481bce714567 13818 *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 7:481bce714567 13819 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 13820 if (*cert == NULL) {
wolfSSL 7:481bce714567 13821 if (pk != NULL) {
wolfSSL 7:481bce714567 13822 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13823 }
wolfSSL 7:481bce714567 13824 if (ca != NULL) {
wolfSSL 7:481bce714567 13825 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13826 }
wolfSSL 7:481bce714567 13827 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13828 return 0;
wolfSSL 7:481bce714567 13829 }
wolfSSL 7:481bce714567 13830 InitX509(*cert, 1, heap);
wolfSSL 7:481bce714567 13831 InitDecodedCert(&DeCert, certData, certDataSz, heap);
wolfSSL 7:481bce714567 13832 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 7:481bce714567 13833 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 7:481bce714567 13834 }
wolfSSL 7:481bce714567 13835 if ((ret = CopyDecodedToX509(*cert, &DeCert)) != 0) {
wolfSSL 7:481bce714567 13836 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 7:481bce714567 13837 FreeDecodedCert(&DeCert);
wolfSSL 7:481bce714567 13838 if (pk != NULL) {
wolfSSL 7:481bce714567 13839 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13840 }
wolfSSL 7:481bce714567 13841 if (ca != NULL) {
wolfSSL 7:481bce714567 13842 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13843 }
wolfSSL 7:481bce714567 13844 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 7:481bce714567 13845 return 0;
wolfSSL 7:481bce714567 13846 }
wolfSSL 7:481bce714567 13847 FreeDecodedCert(&DeCert);
wolfSSL 7:481bce714567 13848 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13849 }
wolfSSL 7:481bce714567 13850
wolfSSL 7:481bce714567 13851
wolfSSL 7:481bce714567 13852 /* get key type */
wolfSSL 7:481bce714567 13853 ret = BAD_STATE_E;
wolfSSL 7:481bce714567 13854 if (pk != NULL) { /* decode key if present */
wolfSSL 7:481bce714567 13855 /* using dynamic type public key because of wolfSSL_EVP_PKEY_free */
wolfSSL 7:481bce714567 13856 *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY),
wolfSSL 7:481bce714567 13857 heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 13858 if (*pkey == NULL) {
wolfSSL 7:481bce714567 13859 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 7:481bce714567 13860 if (ca != NULL) {
wolfSSL 7:481bce714567 13861 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13862 }
wolfSSL 7:481bce714567 13863 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13864 return 0;
wolfSSL 7:481bce714567 13865 }
wolfSSL 7:481bce714567 13866 #ifndef NO_RSA
wolfSSL 7:481bce714567 13867 {
wolfSSL 7:481bce714567 13868 word32 keyIdx = 0;
wolfSSL 7:481bce714567 13869 RsaKey key;
wolfSSL 7:481bce714567 13870
wolfSSL 7:481bce714567 13871 if (wc_InitRsaKey(&key, heap) != 0) {
wolfSSL 7:481bce714567 13872 ret = BAD_STATE_E;
wolfSSL 7:481bce714567 13873 }
wolfSSL 7:481bce714567 13874 else {
wolfSSL 7:481bce714567 13875 if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 7:481bce714567 13876 == 0) {
wolfSSL 7:481bce714567 13877 (*pkey)->type = RSAk;
wolfSSL 7:481bce714567 13878 WOLFSSL_MSG("Found PKCS12 RSA key");
wolfSSL 7:481bce714567 13879 }
wolfSSL 7:481bce714567 13880 wc_FreeRsaKey(&key);
wolfSSL 7:481bce714567 13881 }
wolfSSL 7:481bce714567 13882 }
wolfSSL 7:481bce714567 13883 #endif /* NO_RSA */
wolfSSL 7:481bce714567 13884
wolfSSL 7:481bce714567 13885 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 13886 {
wolfSSL 7:481bce714567 13887 word32 keyIdx = 0;
wolfSSL 7:481bce714567 13888 ecc_key key;
wolfSSL 7:481bce714567 13889
wolfSSL 7:481bce714567 13890 if (ret != 0) { /* if is in fail state check if ECC key */
wolfSSL 7:481bce714567 13891 if (wc_ecc_init(&key) != 0) {
wolfSSL 7:481bce714567 13892 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 7:481bce714567 13893 if (ca != NULL) {
wolfSSL 7:481bce714567 13894 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13895 }
wolfSSL 7:481bce714567 13896 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 7:481bce714567 13897 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13898 return 0;
wolfSSL 7:481bce714567 13899 }
wolfSSL 7:481bce714567 13900
wolfSSL 7:481bce714567 13901 if ((ret = wc_EccPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 7:481bce714567 13902 != 0) {
wolfSSL 7:481bce714567 13903 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 7:481bce714567 13904 if (ca != NULL) {
wolfSSL 7:481bce714567 13905 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13906 }
wolfSSL 7:481bce714567 13907 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 7:481bce714567 13908 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13909 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 7:481bce714567 13910 return 0;
wolfSSL 7:481bce714567 13911 }
wolfSSL 7:481bce714567 13912 (*pkey)->type = ECDSAk;
wolfSSL 7:481bce714567 13913 (*pkey)->pkey_curve = key.dp->oidSum;
wolfSSL 7:481bce714567 13914 wc_ecc_free(&key);
wolfSSL 7:481bce714567 13915 WOLFSSL_MSG("Found PKCS12 ECC key");
wolfSSL 7:481bce714567 13916 }
wolfSSL 7:481bce714567 13917 }
wolfSSL 7:481bce714567 13918 #else
wolfSSL 7:481bce714567 13919 if (ret != 0) { /* if is in fail state and no ECC then fail */
wolfSSL 7:481bce714567 13920 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 7:481bce714567 13921 if (ca != NULL) {
wolfSSL 7:481bce714567 13922 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 7:481bce714567 13923 }
wolfSSL 7:481bce714567 13924 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 7:481bce714567 13925 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 7:481bce714567 13926 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 7:481bce714567 13927 return 0;
wolfSSL 7:481bce714567 13928 }
wolfSSL 7:481bce714567 13929 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 13930
wolfSSL 7:481bce714567 13931 (*pkey)->save_type = 0;
wolfSSL 7:481bce714567 13932 (*pkey)->pkey_sz = pkSz;
wolfSSL 7:481bce714567 13933 (*pkey)->pkey.ptr = (char*)pk;
wolfSSL 7:481bce714567 13934 }
wolfSSL 7:481bce714567 13935
wolfSSL 7:481bce714567 13936 (void)ret;
wolfSSL 7:481bce714567 13937 (void)ca;
wolfSSL 7:481bce714567 13938
wolfSSL 7:481bce714567 13939 return 1;
wolfSSL 7:481bce714567 13940 }
wolfSSL 7:481bce714567 13941 #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
wolfSSL 7:481bce714567 13942
wolfSSL 7:481bce714567 13943
wolfSSL 7:481bce714567 13944 /* no-op function. Was initially used for adding encryption algorithms available
wolfSSL 7:481bce714567 13945 * for PKCS12 */
wolfSSL 7:481bce714567 13946 void wolfSSL_PKCS12_PBE_add(void)
wolfSSL 7:481bce714567 13947 {
wolfSSL 7:481bce714567 13948 WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
wolfSSL 7:481bce714567 13949 }
wolfSSL 7:481bce714567 13950
wolfSSL 7:481bce714567 13951
wolfSSL 7:481bce714567 13952
wolfSSL 7:481bce714567 13953 WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 13954 {
wolfSSL 7:481bce714567 13955 if (ctx == NULL) {
wolfSSL 7:481bce714567 13956 return NULL;
wolfSSL 7:481bce714567 13957 }
wolfSSL 7:481bce714567 13958
wolfSSL 7:481bce714567 13959 return ctx->chain;
wolfSSL 7:481bce714567 13960 }
wolfSSL 7:481bce714567 13961
wolfSSL 7:481bce714567 13962
wolfSSL 7:481bce714567 13963 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 13964 {
wolfSSL 7:481bce714567 13965 int result = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 13966
wolfSSL 7:481bce714567 13967 WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
wolfSSL 7:481bce714567 13968 if (store != NULL && store->cm != NULL && x509 != NULL
wolfSSL 7:481bce714567 13969 && x509->derCert != NULL) {
wolfSSL 7:481bce714567 13970 DerBuffer* derCert = NULL;
wolfSSL 7:481bce714567 13971
wolfSSL 7:481bce714567 13972 result = AllocDer(&derCert, x509->derCert->length,
wolfSSL 7:481bce714567 13973 x509->derCert->type, NULL);
wolfSSL 7:481bce714567 13974 if (result == 0) {
wolfSSL 7:481bce714567 13975 /* AddCA() frees the buffer. */
wolfSSL 7:481bce714567 13976 XMEMCPY(derCert->buffer,
wolfSSL 7:481bce714567 13977 x509->derCert->buffer, x509->derCert->length);
wolfSSL 7:481bce714567 13978 result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, 1);
wolfSSL 7:481bce714567 13979 }
wolfSSL 7:481bce714567 13980 }
wolfSSL 7:481bce714567 13981
wolfSSL 7:481bce714567 13982 WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
wolfSSL 7:481bce714567 13983
wolfSSL 7:481bce714567 13984 if (result != SSL_SUCCESS) {
wolfSSL 7:481bce714567 13985 result = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 13986 }
wolfSSL 7:481bce714567 13987
wolfSSL 7:481bce714567 13988 return result;
wolfSSL 7:481bce714567 13989 }
wolfSSL 7:481bce714567 13990
wolfSSL 7:481bce714567 13991
wolfSSL 7:481bce714567 13992 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
wolfSSL 7:481bce714567 13993 {
wolfSSL 7:481bce714567 13994 WOLFSSL_X509_STORE* store = NULL;
wolfSSL 7:481bce714567 13995
wolfSSL 7:481bce714567 13996 store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
wolfSSL 7:481bce714567 13997 DYNAMIC_TYPE_X509_STORE);
wolfSSL 7:481bce714567 13998 if (store != NULL) {
wolfSSL 7:481bce714567 13999 store->cm = wolfSSL_CertManagerNew();
wolfSSL 7:481bce714567 14000 if (store->cm == NULL) {
wolfSSL 7:481bce714567 14001 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
wolfSSL 7:481bce714567 14002 store = NULL;
wolfSSL 7:481bce714567 14003 }
wolfSSL 7:481bce714567 14004 }
wolfSSL 7:481bce714567 14005
wolfSSL 7:481bce714567 14006 return store;
wolfSSL 7:481bce714567 14007 }
wolfSSL 7:481bce714567 14008
wolfSSL 7:481bce714567 14009
wolfSSL 7:481bce714567 14010 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
wolfSSL 7:481bce714567 14011 {
wolfSSL 7:481bce714567 14012 if (store != NULL) {
wolfSSL 7:481bce714567 14013 if (store->cm != NULL)
wolfSSL 7:481bce714567 14014 wolfSSL_CertManagerFree(store->cm);
wolfSSL 7:481bce714567 14015 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
wolfSSL 7:481bce714567 14016 }
wolfSSL 7:481bce714567 14017 }
wolfSSL 7:481bce714567 14018
wolfSSL 7:481bce714567 14019
wolfSSL 7:481bce714567 14020 int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
wolfSSL 7:481bce714567 14021 {
wolfSSL 7:481bce714567 14022 int ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 14023
wolfSSL 7:481bce714567 14024 WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags");
wolfSSL 7:481bce714567 14025
wolfSSL 7:481bce714567 14026 if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) {
wolfSSL 7:481bce714567 14027 ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag);
wolfSSL 7:481bce714567 14028 }
wolfSSL 7:481bce714567 14029
wolfSSL 7:481bce714567 14030 (void)store;
wolfSSL 7:481bce714567 14031 (void)flag;
wolfSSL 7:481bce714567 14032
wolfSSL 7:481bce714567 14033 return ret;
wolfSSL 7:481bce714567 14034 }
wolfSSL 7:481bce714567 14035
wolfSSL 7:481bce714567 14036
wolfSSL 7:481bce714567 14037 int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
wolfSSL 7:481bce714567 14038 {
wolfSSL 7:481bce714567 14039 (void)store;
wolfSSL 7:481bce714567 14040 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14041 }
wolfSSL 7:481bce714567 14042
wolfSSL 7:481bce714567 14043
wolfSSL 7:481bce714567 14044 int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 7:481bce714567 14045 WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
wolfSSL 7:481bce714567 14046 {
wolfSSL 7:481bce714567 14047 (void)ctx;
wolfSSL 7:481bce714567 14048 (void)idx;
wolfSSL 7:481bce714567 14049 (void)name;
wolfSSL 7:481bce714567 14050 (void)obj;
wolfSSL 7:481bce714567 14051 return 0;
wolfSSL 7:481bce714567 14052 }
wolfSSL 7:481bce714567 14053
wolfSSL 7:481bce714567 14054
wolfSSL 7:481bce714567 14055 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
wolfSSL 7:481bce714567 14056 {
wolfSSL 7:481bce714567 14057 WOLFSSL_X509_STORE_CTX* ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 7:481bce714567 14058 sizeof(WOLFSSL_X509_STORE_CTX), NULL,
wolfSSL 7:481bce714567 14059 DYNAMIC_TYPE_X509_CTX);
wolfSSL 7:481bce714567 14060 if (ctx != NULL)
wolfSSL 7:481bce714567 14061 wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 7:481bce714567 14062
wolfSSL 7:481bce714567 14063 return ctx;
wolfSSL 7:481bce714567 14064 }
wolfSSL 7:481bce714567 14065
wolfSSL 7:481bce714567 14066
wolfSSL 7:481bce714567 14067 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 7:481bce714567 14068 WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 7:481bce714567 14069 {
wolfSSL 7:481bce714567 14070 (void)sk;
wolfSSL 7:481bce714567 14071 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
wolfSSL 7:481bce714567 14072 if (ctx != NULL) {
wolfSSL 7:481bce714567 14073 ctx->store = store;
wolfSSL 7:481bce714567 14074 ctx->current_cert = x509;
wolfSSL 7:481bce714567 14075 ctx->chain = sk;
wolfSSL 7:481bce714567 14076 ctx->domain = NULL;
wolfSSL 7:481bce714567 14077 ctx->ex_data = NULL;
wolfSSL 7:481bce714567 14078 ctx->userCtx = NULL;
wolfSSL 7:481bce714567 14079 ctx->error = 0;
wolfSSL 7:481bce714567 14080 ctx->error_depth = 0;
wolfSSL 7:481bce714567 14081 ctx->discardSessionCerts = 0;
wolfSSL 7:481bce714567 14082 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14083 }
wolfSSL 7:481bce714567 14084 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 14085 }
wolfSSL 7:481bce714567 14086
wolfSSL 7:481bce714567 14087
wolfSSL 7:481bce714567 14088 void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 14089 {
wolfSSL 7:481bce714567 14090 if (ctx != NULL) {
wolfSSL 7:481bce714567 14091 if (ctx->store != NULL)
wolfSSL 7:481bce714567 14092 wolfSSL_X509_STORE_free(ctx->store);
wolfSSL 7:481bce714567 14093 if (ctx->current_cert != NULL)
wolfSSL 7:481bce714567 14094 wolfSSL_FreeX509(ctx->current_cert);
wolfSSL 7:481bce714567 14095 if (ctx->chain != NULL)
wolfSSL 7:481bce714567 14096 wolfSSL_sk_X509_free(ctx->chain);
wolfSSL 7:481bce714567 14097 XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
wolfSSL 7:481bce714567 14098 }
wolfSSL 7:481bce714567 14099 }
wolfSSL 7:481bce714567 14100
wolfSSL 7:481bce714567 14101
wolfSSL 7:481bce714567 14102 void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 14103 {
wolfSSL 7:481bce714567 14104 (void)ctx;
wolfSSL 7:481bce714567 14105 }
wolfSSL 7:481bce714567 14106
wolfSSL 7:481bce714567 14107
wolfSSL 7:481bce714567 14108 int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 7:481bce714567 14109 {
wolfSSL 7:481bce714567 14110 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 7:481bce714567 14111 && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
wolfSSL 7:481bce714567 14112 return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 7:481bce714567 14113 ctx->current_cert->derCert->buffer,
wolfSSL 7:481bce714567 14114 ctx->current_cert->derCert->length,
wolfSSL 7:481bce714567 14115 SSL_FILETYPE_ASN1);
wolfSSL 7:481bce714567 14116 }
wolfSSL 7:481bce714567 14117 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 14118 }
wolfSSL 7:481bce714567 14119 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 14120
wolfSSL 7:481bce714567 14121
wolfSSL 7:481bce714567 14122 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 7:481bce714567 14123 {
wolfSSL 7:481bce714567 14124 (void)crl;
wolfSSL 7:481bce714567 14125 return 0;
wolfSSL 7:481bce714567 14126 }
wolfSSL 7:481bce714567 14127
wolfSSL 7:481bce714567 14128
wolfSSL 7:481bce714567 14129 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 7:481bce714567 14130 {
wolfSSL 7:481bce714567 14131 (void)crl;
wolfSSL 7:481bce714567 14132 return 0;
wolfSSL 7:481bce714567 14133 }
wolfSSL 7:481bce714567 14134
wolfSSL 7:481bce714567 14135
wolfSSL 7:481bce714567 14136
wolfSSL 7:481bce714567 14137 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 14138 {
wolfSSL 7:481bce714567 14139 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 7:481bce714567 14140 if (x509 != NULL) {
wolfSSL 7:481bce714567 14141 key = (WOLFSSL_EVP_PKEY*)XMALLOC(
wolfSSL 7:481bce714567 14142 sizeof(WOLFSSL_EVP_PKEY), x509->heap,
wolfSSL 7:481bce714567 14143 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14144 if (key != NULL) {
wolfSSL 7:481bce714567 14145 key->type = x509->pubKeyOID;
wolfSSL 7:481bce714567 14146 key->save_type = 0;
wolfSSL 7:481bce714567 14147 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 7:481bce714567 14148 x509->pubKey.length, x509->heap,
wolfSSL 7:481bce714567 14149 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14150 if (key->pkey.ptr == NULL) {
wolfSSL 7:481bce714567 14151 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14152 return NULL;
wolfSSL 7:481bce714567 14153 }
wolfSSL 7:481bce714567 14154 XMEMCPY(key->pkey.ptr,
wolfSSL 7:481bce714567 14155 x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 7:481bce714567 14156 key->pkey_sz = x509->pubKey.length;
wolfSSL 7:481bce714567 14157 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 14158 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 7:481bce714567 14159 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 14160 }
wolfSSL 7:481bce714567 14161 }
wolfSSL 7:481bce714567 14162 return key;
wolfSSL 7:481bce714567 14163 }
wolfSSL 7:481bce714567 14164
wolfSSL 7:481bce714567 14165
wolfSSL 7:481bce714567 14166 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
wolfSSL 7:481bce714567 14167 {
wolfSSL 7:481bce714567 14168 (void)crl;
wolfSSL 7:481bce714567 14169 (void)key;
wolfSSL 7:481bce714567 14170 return 0;
wolfSSL 7:481bce714567 14171 }
wolfSSL 7:481bce714567 14172
wolfSSL 7:481bce714567 14173
wolfSSL 7:481bce714567 14174 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err)
wolfSSL 7:481bce714567 14175 {
wolfSSL 7:481bce714567 14176 (void)ctx;
wolfSSL 7:481bce714567 14177 (void)err;
wolfSSL 7:481bce714567 14178 }
wolfSSL 7:481bce714567 14179
wolfSSL 7:481bce714567 14180
wolfSSL 7:481bce714567 14181 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
wolfSSL 7:481bce714567 14182 {
wolfSSL 7:481bce714567 14183 (void)obj;
wolfSSL 7:481bce714567 14184 }
wolfSSL 7:481bce714567 14185
wolfSSL 7:481bce714567 14186
wolfSSL 7:481bce714567 14187 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new()
wolfSSL 7:481bce714567 14188 {
wolfSSL 7:481bce714567 14189 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 7:481bce714567 14190
wolfSSL 7:481bce714567 14191 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL,
wolfSSL 7:481bce714567 14192 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14193 if (pkey != NULL) {
wolfSSL 7:481bce714567 14194 XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
wolfSSL 7:481bce714567 14195 }
wolfSSL 7:481bce714567 14196
wolfSSL 7:481bce714567 14197 return pkey;
wolfSSL 7:481bce714567 14198 }
wolfSSL 7:481bce714567 14199
wolfSSL 7:481bce714567 14200
wolfSSL 7:481bce714567 14201 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
wolfSSL 7:481bce714567 14202 {
wolfSSL 7:481bce714567 14203 if (key != NULL) {
wolfSSL 7:481bce714567 14204 if (key->pkey.ptr != NULL)
wolfSSL 7:481bce714567 14205 XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14206 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 14207 }
wolfSSL 7:481bce714567 14208 }
wolfSSL 7:481bce714567 14209
wolfSSL 7:481bce714567 14210
wolfSSL 7:481bce714567 14211 int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 7:481bce714567 14212 {
wolfSSL 7:481bce714567 14213 (void)asnTime;
wolfSSL 7:481bce714567 14214 return 0;
wolfSSL 7:481bce714567 14215 }
wolfSSL 7:481bce714567 14216
wolfSSL 7:481bce714567 14217
wolfSSL 7:481bce714567 14218 int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked)
wolfSSL 7:481bce714567 14219 {
wolfSSL 7:481bce714567 14220 (void)revoked;
wolfSSL 7:481bce714567 14221 return 0;
wolfSSL 7:481bce714567 14222 }
wolfSSL 7:481bce714567 14223
wolfSSL 7:481bce714567 14224
wolfSSL 7:481bce714567 14225
wolfSSL 7:481bce714567 14226 WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
wolfSSL 7:481bce714567 14227 {
wolfSSL 7:481bce714567 14228 (void)crl;
wolfSSL 7:481bce714567 14229 return 0;
wolfSSL 7:481bce714567 14230 }
wolfSSL 7:481bce714567 14231
wolfSSL 7:481bce714567 14232
wolfSSL 7:481bce714567 14233 WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
wolfSSL 7:481bce714567 14234 WOLFSSL_X509_REVOKED* revoked, int value)
wolfSSL 7:481bce714567 14235 {
wolfSSL 7:481bce714567 14236 (void)revoked;
wolfSSL 7:481bce714567 14237 (void)value;
wolfSSL 7:481bce714567 14238 return 0;
wolfSSL 7:481bce714567 14239 }
wolfSSL 7:481bce714567 14240
wolfSSL 7:481bce714567 14241
wolfSSL 7:481bce714567 14242
wolfSSL 7:481bce714567 14243 WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 14244 {
wolfSSL 7:481bce714567 14245 (void)x509;
wolfSSL 7:481bce714567 14246 return 0;
wolfSSL 7:481bce714567 14247 }
wolfSSL 7:481bce714567 14248
wolfSSL 7:481bce714567 14249
wolfSSL 7:481bce714567 14250 int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 7:481bce714567 14251 {
wolfSSL 7:481bce714567 14252 (void)bio;
wolfSSL 7:481bce714567 14253 (void)asnTime;
wolfSSL 7:481bce714567 14254 return 0;
wolfSSL 7:481bce714567 14255 }
wolfSSL 7:481bce714567 14256
wolfSSL 7:481bce714567 14257
wolfSSL 7:481bce714567 14258 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 7:481bce714567 14259 char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len)
wolfSSL 7:481bce714567 14260 {
wolfSSL 7:481bce714567 14261 int format;
wolfSSL 7:481bce714567 14262 int dateLen;
wolfSSL 7:481bce714567 14263 byte* date = (byte*)time;
wolfSSL 7:481bce714567 14264
wolfSSL 7:481bce714567 14265 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
wolfSSL 7:481bce714567 14266
wolfSSL 7:481bce714567 14267 if (time == NULL || buf == NULL || len < 5) {
wolfSSL 7:481bce714567 14268 WOLFSSL_MSG("Bad argument");
wolfSSL 7:481bce714567 14269 return NULL;
wolfSSL 7:481bce714567 14270 }
wolfSSL 7:481bce714567 14271
wolfSSL 7:481bce714567 14272 format = *date; date++;
wolfSSL 7:481bce714567 14273 dateLen = *date; date++;
wolfSSL 7:481bce714567 14274 if (dateLen > len) {
wolfSSL 7:481bce714567 14275 WOLFSSL_MSG("Length of date is longer then buffer");
wolfSSL 7:481bce714567 14276 return NULL;
wolfSSL 7:481bce714567 14277 }
wolfSSL 7:481bce714567 14278
wolfSSL 7:481bce714567 14279 if (!GetTimeString(date, format, buf, len)) {
wolfSSL 7:481bce714567 14280 return NULL;
wolfSSL 7:481bce714567 14281 }
wolfSSL 7:481bce714567 14282
wolfSSL 7:481bce714567 14283 return buf;
wolfSSL 7:481bce714567 14284 }
wolfSSL 7:481bce714567 14285 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
wolfSSL 7:481bce714567 14286
wolfSSL 7:481bce714567 14287
wolfSSL 7:481bce714567 14288 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
wolfSSL 7:481bce714567 14289 const WOLFSSL_ASN1_INTEGER* b)
wolfSSL 7:481bce714567 14290 {
wolfSSL 7:481bce714567 14291 (void)a;
wolfSSL 7:481bce714567 14292 (void)b;
wolfSSL 7:481bce714567 14293 return 0;
wolfSSL 7:481bce714567 14294 }
wolfSSL 7:481bce714567 14295
wolfSSL 7:481bce714567 14296
wolfSSL 7:481bce714567 14297 long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
wolfSSL 7:481bce714567 14298 {
wolfSSL 7:481bce714567 14299 (void)i;
wolfSSL 7:481bce714567 14300 return 0;
wolfSSL 7:481bce714567 14301 }
wolfSSL 7:481bce714567 14302
wolfSSL 7:481bce714567 14303
wolfSSL 7:481bce714567 14304 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 7:481bce714567 14305 {
wolfSSL 7:481bce714567 14306 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
wolfSSL 7:481bce714567 14307 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 14308 if (ctx != NULL && idx == 0)
wolfSSL 7:481bce714567 14309 return ctx->ex_data;
wolfSSL 7:481bce714567 14310 #else
wolfSSL 7:481bce714567 14311 (void)ctx;
wolfSSL 7:481bce714567 14312 (void)idx;
wolfSSL 7:481bce714567 14313 #endif
wolfSSL 7:481bce714567 14314 return 0;
wolfSSL 7:481bce714567 14315 }
wolfSSL 7:481bce714567 14316
wolfSSL 7:481bce714567 14317
wolfSSL 7:481bce714567 14318 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 7:481bce714567 14319 {
wolfSSL 7:481bce714567 14320 WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
wolfSSL 7:481bce714567 14321 return 0;
wolfSSL 7:481bce714567 14322 }
wolfSSL 7:481bce714567 14323
wolfSSL 7:481bce714567 14324
wolfSSL 7:481bce714567 14325 void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 14326 void (*f)(const WOLFSSL* ssl, int type, int val))
wolfSSL 7:481bce714567 14327 {
wolfSSL 7:481bce714567 14328 (void)ctx;
wolfSSL 7:481bce714567 14329 (void)f;
wolfSSL 7:481bce714567 14330 }
wolfSSL 7:481bce714567 14331
wolfSSL 7:481bce714567 14332
wolfSSL 7:481bce714567 14333 unsigned long wolfSSL_ERR_peek_error(void)
wolfSSL 7:481bce714567 14334 {
wolfSSL 7:481bce714567 14335 return 0;
wolfSSL 7:481bce714567 14336 }
wolfSSL 7:481bce714567 14337
wolfSSL 7:481bce714567 14338
wolfSSL 7:481bce714567 14339 int wolfSSL_ERR_GET_REASON(unsigned long err)
wolfSSL 7:481bce714567 14340 {
wolfSSL 7:481bce714567 14341 (void)err;
wolfSSL 7:481bce714567 14342 return 0;
wolfSSL 7:481bce714567 14343 }
wolfSSL 7:481bce714567 14344
wolfSSL 7:481bce714567 14345
wolfSSL 7:481bce714567 14346 char* wolfSSL_alert_type_string_long(int alertID)
wolfSSL 7:481bce714567 14347 {
wolfSSL 7:481bce714567 14348 (void)alertID;
wolfSSL 7:481bce714567 14349 return 0;
wolfSSL 7:481bce714567 14350 }
wolfSSL 7:481bce714567 14351
wolfSSL 7:481bce714567 14352
wolfSSL 7:481bce714567 14353 char* wolfSSL_alert_desc_string_long(int alertID)
wolfSSL 7:481bce714567 14354 {
wolfSSL 7:481bce714567 14355 (void)alertID;
wolfSSL 7:481bce714567 14356 return 0;
wolfSSL 7:481bce714567 14357 }
wolfSSL 7:481bce714567 14358
wolfSSL 7:481bce714567 14359
wolfSSL 7:481bce714567 14360 char* wolfSSL_state_string_long(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 14361 {
wolfSSL 7:481bce714567 14362 (void)ssl;
wolfSSL 7:481bce714567 14363 return 0;
wolfSSL 7:481bce714567 14364 }
wolfSSL 7:481bce714567 14365
wolfSSL 7:481bce714567 14366
wolfSSL 7:481bce714567 14367 int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 7:481bce714567 14368 {
wolfSSL 7:481bce714567 14369 (void)name;
wolfSSL 7:481bce714567 14370 (void)num;
wolfSSL 7:481bce714567 14371 (void)w;
wolfSSL 7:481bce714567 14372 (void)key;
wolfSSL 7:481bce714567 14373 return 0;
wolfSSL 7:481bce714567 14374 }
wolfSSL 7:481bce714567 14375
wolfSSL 7:481bce714567 14376
wolfSSL 7:481bce714567 14377 unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
wolfSSL 7:481bce714567 14378 {
wolfSSL 7:481bce714567 14379 WOLFSSL_ENTER("wolfSSL_set_options");
wolfSSL 7:481bce714567 14380
wolfSSL 7:481bce714567 14381 if (ssl == NULL) {
wolfSSL 7:481bce714567 14382 return 0;
wolfSSL 7:481bce714567 14383 }
wolfSSL 7:481bce714567 14384
wolfSSL 7:481bce714567 14385 /* if SSL_OP_ALL then turn all bug workarounds one */
wolfSSL 7:481bce714567 14386 if ((op & SSL_OP_ALL) == SSL_OP_ALL) {
wolfSSL 7:481bce714567 14387 WOLFSSL_MSG("\tSSL_OP_ALL");
wolfSSL 7:481bce714567 14388
wolfSSL 7:481bce714567 14389 op |= SSL_OP_MICROSOFT_SESS_ID_BUG;
wolfSSL 7:481bce714567 14390 op |= SSL_OP_NETSCAPE_CHALLENGE_BUG;
wolfSSL 7:481bce714567 14391 op |= SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
wolfSSL 7:481bce714567 14392 op |= SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
wolfSSL 7:481bce714567 14393 op |= SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
wolfSSL 7:481bce714567 14394 op |= SSL_OP_MSIE_SSLV2_RSA_PADDING;
wolfSSL 7:481bce714567 14395 op |= SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
wolfSSL 7:481bce714567 14396 op |= SSL_OP_TLS_D5_BUG;
wolfSSL 7:481bce714567 14397 op |= SSL_OP_TLS_BLOCK_PADDING_BUG;
wolfSSL 7:481bce714567 14398 op |= SSL_OP_TLS_ROLLBACK_BUG;
wolfSSL 7:481bce714567 14399 op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
wolfSSL 7:481bce714567 14400 }
wolfSSL 7:481bce714567 14401
wolfSSL 7:481bce714567 14402
wolfSSL 7:481bce714567 14403 /* by default cookie exchange is on with DTLS */
wolfSSL 7:481bce714567 14404 if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {
wolfSSL 7:481bce714567 14405 WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default");
wolfSSL 7:481bce714567 14406 }
wolfSSL 7:481bce714567 14407
wolfSSL 7:481bce714567 14408 if ((op & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) {
wolfSSL 7:481bce714567 14409 WOLFSSL_MSG("\tSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2");
wolfSSL 7:481bce714567 14410 }
wolfSSL 7:481bce714567 14411
wolfSSL 7:481bce714567 14412 if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 7:481bce714567 14413 WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
wolfSSL 7:481bce714567 14414 }
wolfSSL 7:481bce714567 14415
wolfSSL 7:481bce714567 14416 if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 7:481bce714567 14417 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
wolfSSL 7:481bce714567 14418 }
wolfSSL 7:481bce714567 14419
wolfSSL 7:481bce714567 14420 if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 7:481bce714567 14421 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
wolfSSL 7:481bce714567 14422 }
wolfSSL 7:481bce714567 14423
wolfSSL 7:481bce714567 14424 if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 7:481bce714567 14425 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
wolfSSL 7:481bce714567 14426 }
wolfSSL 7:481bce714567 14427
wolfSSL 7:481bce714567 14428 if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
wolfSSL 7:481bce714567 14429 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 14430 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION");
wolfSSL 7:481bce714567 14431 ssl->options.usingCompression = 0;
wolfSSL 7:481bce714567 14432 #else
wolfSSL 7:481bce714567 14433 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in");
wolfSSL 7:481bce714567 14434 #endif
wolfSSL 7:481bce714567 14435 }
wolfSSL 7:481bce714567 14436
wolfSSL 7:481bce714567 14437 ssl->options.mask |= op;
wolfSSL 7:481bce714567 14438
wolfSSL 7:481bce714567 14439 return ssl->options.mask;
wolfSSL 7:481bce714567 14440 }
wolfSSL 7:481bce714567 14441
wolfSSL 7:481bce714567 14442
wolfSSL 7:481bce714567 14443 unsigned long wolfSSL_get_options(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 14444 {
wolfSSL 7:481bce714567 14445 WOLFSSL_ENTER("wolfSSL_get_options");
wolfSSL 7:481bce714567 14446
wolfSSL 7:481bce714567 14447 return ssl->options.mask;
wolfSSL 7:481bce714567 14448 }
wolfSSL 7:481bce714567 14449
wolfSSL 7:481bce714567 14450 /*** TBD ***/
wolfSSL 7:481bce714567 14451 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s)
wolfSSL 7:481bce714567 14452 {
wolfSSL 7:481bce714567 14453 (void)s;
wolfSSL 7:481bce714567 14454 return 0;
wolfSSL 7:481bce714567 14455 }
wolfSSL 7:481bce714567 14456
wolfSSL 7:481bce714567 14457 /*** TBD ***/
wolfSSL 7:481bce714567 14458 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s)
wolfSSL 7:481bce714567 14459 {
wolfSSL 7:481bce714567 14460 (void)s;
wolfSSL 7:481bce714567 14461 return 0;
wolfSSL 7:481bce714567 14462 }
wolfSSL 7:481bce714567 14463
wolfSSL 7:481bce714567 14464
wolfSSL 7:481bce714567 14465 #ifndef NO_DH
wolfSSL 7:481bce714567 14466 long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
wolfSSL 7:481bce714567 14467 {
wolfSSL 7:481bce714567 14468 int pSz, gSz;
wolfSSL 7:481bce714567 14469 byte *p, *g;
wolfSSL 7:481bce714567 14470 int ret = 0;
wolfSSL 7:481bce714567 14471
wolfSSL 7:481bce714567 14472 WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
wolfSSL 7:481bce714567 14473
wolfSSL 7:481bce714567 14474 if (!ssl || !dh)
wolfSSL 7:481bce714567 14475 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 14476
wolfSSL 7:481bce714567 14477 /* Get needed size for p and g */
wolfSSL 7:481bce714567 14478 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 7:481bce714567 14479 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 7:481bce714567 14480
wolfSSL 7:481bce714567 14481 if (pSz <= 0 || gSz <= 0)
wolfSSL 7:481bce714567 14482 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 14483
wolfSSL 7:481bce714567 14484 p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14485 if (!p)
wolfSSL 7:481bce714567 14486 return MEMORY_E;
wolfSSL 7:481bce714567 14487
wolfSSL 7:481bce714567 14488 g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14489 if (!g) {
wolfSSL 7:481bce714567 14490 XFREE(p, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14491 return MEMORY_E;
wolfSSL 7:481bce714567 14492 }
wolfSSL 7:481bce714567 14493
wolfSSL 7:481bce714567 14494 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 7:481bce714567 14495 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 7:481bce714567 14496
wolfSSL 7:481bce714567 14497 if (pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 7:481bce714567 14498 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 7:481bce714567 14499
wolfSSL 7:481bce714567 14500 XFREE(p, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14501 XFREE(g, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14502
wolfSSL 7:481bce714567 14503 return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 14504 }
wolfSSL 7:481bce714567 14505 #endif /* !NO_DH */
wolfSSL 7:481bce714567 14506
wolfSSL 7:481bce714567 14507
wolfSSL 7:481bce714567 14508 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 14509 long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
wolfSSL 7:481bce714567 14510 {
wolfSSL 7:481bce714567 14511 if (ssl == NULL) {
wolfSSL 7:481bce714567 14512 return SSL_FAILURE;
wolfSSL 7:481bce714567 14513 }
wolfSSL 7:481bce714567 14514
wolfSSL 7:481bce714567 14515 ssl->loggingCtx = arg;
wolfSSL 7:481bce714567 14516 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14517 }
wolfSSL 7:481bce714567 14518 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 14519
wolfSSL 7:481bce714567 14520 /*** TBD ***/
wolfSSL 7:481bce714567 14521 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
wolfSSL 7:481bce714567 14522 {
wolfSSL 7:481bce714567 14523 (void)s;
wolfSSL 7:481bce714567 14524 (void)type;
wolfSSL 7:481bce714567 14525 return 0;
wolfSSL 7:481bce714567 14526 }
wolfSSL 7:481bce714567 14527
wolfSSL 7:481bce714567 14528 /*** TBD ***/
wolfSSL 7:481bce714567 14529 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 7:481bce714567 14530 {
wolfSSL 7:481bce714567 14531 (void)s;
wolfSSL 7:481bce714567 14532 (void)arg;
wolfSSL 7:481bce714567 14533 return 0;
wolfSSL 7:481bce714567 14534 }
wolfSSL 7:481bce714567 14535
wolfSSL 7:481bce714567 14536 /*** TBD ***/
wolfSSL 7:481bce714567 14537 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 7:481bce714567 14538 {
wolfSSL 7:481bce714567 14539 (void)s;
wolfSSL 7:481bce714567 14540 (void)arg;
wolfSSL 7:481bce714567 14541 return 0;
wolfSSL 7:481bce714567 14542 }
wolfSSL 7:481bce714567 14543
wolfSSL 7:481bce714567 14544 /*** TBD ***/
wolfSSL 7:481bce714567 14545 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 7:481bce714567 14546 {
wolfSSL 7:481bce714567 14547 (void)s;
wolfSSL 7:481bce714567 14548 (void)arg;
wolfSSL 7:481bce714567 14549 return 0;
wolfSSL 7:481bce714567 14550 }
wolfSSL 7:481bce714567 14551
wolfSSL 7:481bce714567 14552 /*** TBD ***/
wolfSSL 7:481bce714567 14553 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 7:481bce714567 14554 {
wolfSSL 7:481bce714567 14555 (void)s;
wolfSSL 7:481bce714567 14556 (void)arg;
wolfSSL 7:481bce714567 14557 return 0;
wolfSSL 7:481bce714567 14558 }
wolfSSL 7:481bce714567 14559
wolfSSL 7:481bce714567 14560 /*** TBD ***/
wolfSSL 7:481bce714567 14561 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
wolfSSL 7:481bce714567 14562 {
wolfSSL 7:481bce714567 14563 (void)s;
wolfSSL 7:481bce714567 14564 (void)resp;
wolfSSL 7:481bce714567 14565 return 0;
wolfSSL 7:481bce714567 14566 }
wolfSSL 7:481bce714567 14567
wolfSSL 7:481bce714567 14568 /*** TBD ***/
wolfSSL 7:481bce714567 14569 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len)
wolfSSL 7:481bce714567 14570 {
wolfSSL 7:481bce714567 14571 (void)s;
wolfSSL 7:481bce714567 14572 (void)resp;
wolfSSL 7:481bce714567 14573 (void)len;
wolfSSL 7:481bce714567 14574 return 0;
wolfSSL 7:481bce714567 14575 }
wolfSSL 7:481bce714567 14576
wolfSSL 7:481bce714567 14577
wolfSSL 7:481bce714567 14578 long wolfSSL_get_verify_result(const WOLFSSL *ssl)
wolfSSL 7:481bce714567 14579 {
wolfSSL 7:481bce714567 14580 if (ssl == NULL) {
wolfSSL 7:481bce714567 14581 return SSL_FAILURE;
wolfSSL 7:481bce714567 14582 }
wolfSSL 7:481bce714567 14583
wolfSSL 7:481bce714567 14584 return ssl->peerVerifyRet;
wolfSSL 7:481bce714567 14585 }
wolfSSL 7:481bce714567 14586
wolfSSL 7:481bce714567 14587
wolfSSL 7:481bce714567 14588 long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14589 {
wolfSSL 7:481bce714567 14590 (void)ctx;
wolfSSL 7:481bce714567 14591 return 0;
wolfSSL 7:481bce714567 14592 }
wolfSSL 7:481bce714567 14593
wolfSSL 7:481bce714567 14594 long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14595 {
wolfSSL 7:481bce714567 14596 (void)ctx;
wolfSSL 7:481bce714567 14597 return 0;
wolfSSL 7:481bce714567 14598 }
wolfSSL 7:481bce714567 14599
wolfSSL 7:481bce714567 14600
wolfSSL 7:481bce714567 14601 long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14602 {
wolfSSL 7:481bce714567 14603 (void)ctx;
wolfSSL 7:481bce714567 14604 return 0;
wolfSSL 7:481bce714567 14605 }
wolfSSL 7:481bce714567 14606
wolfSSL 7:481bce714567 14607
wolfSSL 7:481bce714567 14608 long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14609 {
wolfSSL 7:481bce714567 14610 (void)ctx;
wolfSSL 7:481bce714567 14611 return 0;
wolfSSL 7:481bce714567 14612 }
wolfSSL 7:481bce714567 14613
wolfSSL 7:481bce714567 14614
wolfSSL 7:481bce714567 14615 long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14616 {
wolfSSL 7:481bce714567 14617 (void)ctx;
wolfSSL 7:481bce714567 14618 return 0;
wolfSSL 7:481bce714567 14619 }
wolfSSL 7:481bce714567 14620
wolfSSL 7:481bce714567 14621
wolfSSL 7:481bce714567 14622 long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14623 {
wolfSSL 7:481bce714567 14624 (void)ctx;
wolfSSL 7:481bce714567 14625 return 0;
wolfSSL 7:481bce714567 14626 }
wolfSSL 7:481bce714567 14627
wolfSSL 7:481bce714567 14628
wolfSSL 7:481bce714567 14629 long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14630 {
wolfSSL 7:481bce714567 14631 (void)ctx;
wolfSSL 7:481bce714567 14632 return 0;
wolfSSL 7:481bce714567 14633 }
wolfSSL 7:481bce714567 14634
wolfSSL 7:481bce714567 14635
wolfSSL 7:481bce714567 14636 long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14637 {
wolfSSL 7:481bce714567 14638 (void)ctx;
wolfSSL 7:481bce714567 14639 return 0;
wolfSSL 7:481bce714567 14640 }
wolfSSL 7:481bce714567 14641
wolfSSL 7:481bce714567 14642
wolfSSL 7:481bce714567 14643 long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14644 {
wolfSSL 7:481bce714567 14645 (void)ctx;
wolfSSL 7:481bce714567 14646 return 0;
wolfSSL 7:481bce714567 14647 }
wolfSSL 7:481bce714567 14648
wolfSSL 7:481bce714567 14649
wolfSSL 7:481bce714567 14650 long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14651 {
wolfSSL 7:481bce714567 14652 (void)ctx;
wolfSSL 7:481bce714567 14653 return 0;
wolfSSL 7:481bce714567 14654 }
wolfSSL 7:481bce714567 14655
wolfSSL 7:481bce714567 14656
wolfSSL 7:481bce714567 14657 long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14658 {
wolfSSL 7:481bce714567 14659 (void)ctx;
wolfSSL 7:481bce714567 14660 return 0;
wolfSSL 7:481bce714567 14661 }
wolfSSL 7:481bce714567 14662
wolfSSL 7:481bce714567 14663
wolfSSL 7:481bce714567 14664 long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14665 {
wolfSSL 7:481bce714567 14666 (void)ctx;
wolfSSL 7:481bce714567 14667 return 0;
wolfSSL 7:481bce714567 14668 }
wolfSSL 7:481bce714567 14669
wolfSSL 7:481bce714567 14670
wolfSSL 7:481bce714567 14671 #ifndef NO_CERTS
wolfSSL 7:481bce714567 14672 long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 14673 {
wolfSSL 7:481bce714567 14674 byte* chain;
wolfSSL 7:481bce714567 14675 long chainSz = 0;
wolfSSL 7:481bce714567 14676 int derSz;
wolfSSL 7:481bce714567 14677 const byte* der;
wolfSSL 7:481bce714567 14678 int ret;
wolfSSL 7:481bce714567 14679
wolfSSL 7:481bce714567 14680 WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
wolfSSL 7:481bce714567 14681
wolfSSL 7:481bce714567 14682 if (ctx == NULL || x509 == NULL) {
wolfSSL 7:481bce714567 14683 WOLFSSL_MSG("Bad Argument");
wolfSSL 7:481bce714567 14684 return SSL_FAILURE;
wolfSSL 7:481bce714567 14685 }
wolfSSL 7:481bce714567 14686
wolfSSL 7:481bce714567 14687 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 7:481bce714567 14688 if (der == NULL || derSz <= 0) {
wolfSSL 7:481bce714567 14689 WOLFSSL_MSG("Error getting X509 DER");
wolfSSL 7:481bce714567 14690 return SSL_FAILURE;
wolfSSL 7:481bce714567 14691 }
wolfSSL 7:481bce714567 14692
wolfSSL 7:481bce714567 14693 /* adding cert to existing chain */
wolfSSL 7:481bce714567 14694 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 7:481bce714567 14695 chainSz += ctx->certChain->length;
wolfSSL 7:481bce714567 14696 }
wolfSSL 7:481bce714567 14697 chainSz += derSz;
wolfSSL 7:481bce714567 14698
wolfSSL 7:481bce714567 14699 chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14700 if (chain == NULL) {
wolfSSL 7:481bce714567 14701 WOLFSSL_MSG("Memory Error");
wolfSSL 7:481bce714567 14702 return SSL_FAILURE;
wolfSSL 7:481bce714567 14703 }
wolfSSL 7:481bce714567 14704
wolfSSL 7:481bce714567 14705 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 7:481bce714567 14706 XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length);
wolfSSL 7:481bce714567 14707 XMEMCPY(chain + ctx->certChain->length, der, derSz);
wolfSSL 7:481bce714567 14708 }
wolfSSL 7:481bce714567 14709 else {
wolfSSL 7:481bce714567 14710 XMEMCPY(chain, der, derSz);
wolfSSL 7:481bce714567 14711 }
wolfSSL 7:481bce714567 14712
wolfSSL 7:481bce714567 14713 ret = ProcessBuffer(ctx, chain, chainSz, SSL_FILETYPE_ASN1, CERT_TYPE,
wolfSSL 7:481bce714567 14714 NULL, NULL, 1);
wolfSSL 7:481bce714567 14715 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 14716 WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
wolfSSL 7:481bce714567 14717 XFREE(chain, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14718 return SSL_FAILURE;
wolfSSL 7:481bce714567 14719 }
wolfSSL 7:481bce714567 14720
wolfSSL 7:481bce714567 14721 /* on success WOLFSSL_X509 memory is responsibility of ctx */
wolfSSL 7:481bce714567 14722 wolfSSL_X509_free(x509);
wolfSSL 7:481bce714567 14723 XFREE(chain, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14724
wolfSSL 7:481bce714567 14725 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14726 }
wolfSSL 7:481bce714567 14727
wolfSSL 7:481bce714567 14728
wolfSSL 7:481bce714567 14729 long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 7:481bce714567 14730 {
wolfSSL 7:481bce714567 14731 if (ctx == NULL || ctx->cm == NULL) {
wolfSSL 7:481bce714567 14732 return SSL_FAILURE;
wolfSSL 7:481bce714567 14733 }
wolfSSL 7:481bce714567 14734
wolfSSL 7:481bce714567 14735 ctx->cm->ocspIOCtx = arg;
wolfSSL 7:481bce714567 14736 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14737 }
wolfSSL 7:481bce714567 14738
wolfSSL 7:481bce714567 14739 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 14740
wolfSSL 7:481bce714567 14741
wolfSSL 7:481bce714567 14742 /*** TBC ***/
wolfSSL 7:481bce714567 14743 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14744 {
wolfSSL 7:481bce714567 14745 (void)ctx;
wolfSSL 7:481bce714567 14746 return 0;
wolfSSL 7:481bce714567 14747 }
wolfSSL 7:481bce714567 14748
wolfSSL 7:481bce714567 14749
wolfSSL 7:481bce714567 14750 int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 14751 {
wolfSSL 7:481bce714567 14752 if (ctx == NULL) {
wolfSSL 7:481bce714567 14753 return SSL_FAILURE;
wolfSSL 7:481bce714567 14754 }
wolfSSL 7:481bce714567 14755
wolfSSL 7:481bce714567 14756 return ctx->readAhead;
wolfSSL 7:481bce714567 14757 }
wolfSSL 7:481bce714567 14758
wolfSSL 7:481bce714567 14759
wolfSSL 7:481bce714567 14760 int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v)
wolfSSL 7:481bce714567 14761 {
wolfSSL 7:481bce714567 14762 if (ctx == NULL) {
wolfSSL 7:481bce714567 14763 return SSL_FAILURE;
wolfSSL 7:481bce714567 14764 }
wolfSSL 7:481bce714567 14765
wolfSSL 7:481bce714567 14766 ctx->readAhead = (byte)v;
wolfSSL 7:481bce714567 14767
wolfSSL 7:481bce714567 14768 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14769 }
wolfSSL 7:481bce714567 14770
wolfSSL 7:481bce714567 14771
wolfSSL 7:481bce714567 14772 long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 14773 void* arg)
wolfSSL 7:481bce714567 14774 {
wolfSSL 7:481bce714567 14775 if (ctx == NULL) {
wolfSSL 7:481bce714567 14776 return SSL_FAILURE;
wolfSSL 7:481bce714567 14777 }
wolfSSL 7:481bce714567 14778
wolfSSL 7:481bce714567 14779 ctx->userPRFArg = arg;
wolfSSL 7:481bce714567 14780 return SSL_SUCCESS;
wolfSSL 7:481bce714567 14781 }
wolfSSL 7:481bce714567 14782
wolfSSL 7:481bce714567 14783
wolfSSL 7:481bce714567 14784 #ifndef NO_DES3
wolfSSL 7:481bce714567 14785 /* 0 on success */
wolfSSL 7:481bce714567 14786 int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 7:481bce714567 14787 WOLFSSL_DES_key_schedule* key)
wolfSSL 7:481bce714567 14788 {
wolfSSL 7:481bce714567 14789 #ifdef WOLFSSL_CHECK_DESKEY
wolfSSL 7:481bce714567 14790 return wolfSSL_DES_set_key_checked(myDes, key);
wolfSSL 7:481bce714567 14791 #else
wolfSSL 7:481bce714567 14792 wolfSSL_DES_set_key_unchecked(myDes, key);
wolfSSL 7:481bce714567 14793 return 0;
wolfSSL 7:481bce714567 14794 #endif
wolfSSL 7:481bce714567 14795 }
wolfSSL 7:481bce714567 14796
wolfSSL 7:481bce714567 14797
wolfSSL 7:481bce714567 14798
wolfSSL 7:481bce714567 14799 /* return true in fail case (1) */
wolfSSL 7:481bce714567 14800 static int DES_check(word32 mask, word32 mask2, unsigned char* key)
wolfSSL 7:481bce714567 14801 {
wolfSSL 7:481bce714567 14802 word32 value[2];
wolfSSL 7:481bce714567 14803
wolfSSL 7:481bce714567 14804 /* sanity check on length made in wolfSSL_DES_set_key_checked */
wolfSSL 7:481bce714567 14805 value[0] = mask;
wolfSSL 7:481bce714567 14806 value[1] = mask2;
wolfSSL 7:481bce714567 14807 return (XMEMCMP(value, key, sizeof(value)) == 0)? 1: 0;
wolfSSL 7:481bce714567 14808 }
wolfSSL 7:481bce714567 14809
wolfSSL 7:481bce714567 14810
wolfSSL 7:481bce714567 14811 /* check that the key is odd parity and is not a weak key
wolfSSL 7:481bce714567 14812 * returns -1 if parity is wrong, -2 if weak/null key and 0 on success */
wolfSSL 7:481bce714567 14813 int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 7:481bce714567 14814 WOLFSSL_DES_key_schedule* key)
wolfSSL 7:481bce714567 14815 {
wolfSSL 7:481bce714567 14816 if (myDes == NULL || key == NULL) {
wolfSSL 7:481bce714567 14817 WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_set_key_checked");
wolfSSL 7:481bce714567 14818 return -2;
wolfSSL 7:481bce714567 14819 }
wolfSSL 7:481bce714567 14820 else {
wolfSSL 7:481bce714567 14821 word32 i, mask, mask2;
wolfSSL 7:481bce714567 14822 word32 sz = sizeof(WOLFSSL_DES_key_schedule);
wolfSSL 7:481bce714567 14823
wolfSSL 7:481bce714567 14824 /* sanity check before call to DES_check */
wolfSSL 7:481bce714567 14825 if (sz != (sizeof(word32) * 2)) {
wolfSSL 7:481bce714567 14826 WOLFSSL_MSG("Unexpected WOLFSSL_DES_key_schedule size");
wolfSSL 7:481bce714567 14827 return -2;
wolfSSL 7:481bce714567 14828 }
wolfSSL 7:481bce714567 14829
wolfSSL 7:481bce714567 14830 /* check odd parity */
wolfSSL 7:481bce714567 14831 for (i = 0; i < sz; i++) {
wolfSSL 7:481bce714567 14832 unsigned char c = *((unsigned char*)key + i);
wolfSSL 7:481bce714567 14833 if (((c & 0x01) ^
wolfSSL 7:481bce714567 14834 ((c >> 1) & 0x01) ^
wolfSSL 7:481bce714567 14835 ((c >> 2) & 0x01) ^
wolfSSL 7:481bce714567 14836 ((c >> 3) & 0x01) ^
wolfSSL 7:481bce714567 14837 ((c >> 4) & 0x01) ^
wolfSSL 7:481bce714567 14838 ((c >> 5) & 0x01) ^
wolfSSL 7:481bce714567 14839 ((c >> 6) & 0x01) ^
wolfSSL 7:481bce714567 14840 ((c >> 7) & 0x01)) != 1) {
wolfSSL 7:481bce714567 14841 WOLFSSL_MSG("Odd parity test fail");
wolfSSL 7:481bce714567 14842 return -1;
wolfSSL 7:481bce714567 14843 }
wolfSSL 7:481bce714567 14844 }
wolfSSL 7:481bce714567 14845
wolfSSL 7:481bce714567 14846 /* check is not weak. Weak key list from Nist
wolfSSL 7:481bce714567 14847 "Recommendation for the Triple
wolfSSL 7:481bce714567 14848 Data Encryption Algorithm
wolfSSL 7:481bce714567 14849 (TDEA) Block Cipher" */
wolfSSL 7:481bce714567 14850 mask = 0x01010101; mask2 = 0x01010101;
wolfSSL 7:481bce714567 14851 if (DES_check(mask, mask2, *key)) {
wolfSSL 7:481bce714567 14852 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14853 return -2;
wolfSSL 7:481bce714567 14854 }
wolfSSL 7:481bce714567 14855
wolfSSL 7:481bce714567 14856 mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;
wolfSSL 7:481bce714567 14857 if (DES_check(mask, mask2, *key)) {
wolfSSL 7:481bce714567 14858 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14859 return -2;
wolfSSL 7:481bce714567 14860 }
wolfSSL 7:481bce714567 14861
wolfSSL 7:481bce714567 14862 mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;
wolfSSL 7:481bce714567 14863 if (DES_check(mask, mask2, *key)) {
wolfSSL 7:481bce714567 14864 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14865 return -2;
wolfSSL 7:481bce714567 14866 }
wolfSSL 7:481bce714567 14867
wolfSSL 7:481bce714567 14868 mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;
wolfSSL 7:481bce714567 14869 if (DES_check(mask, mask2, *key)) {
wolfSSL 7:481bce714567 14870 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14871 return -2;
wolfSSL 7:481bce714567 14872 }
wolfSSL 7:481bce714567 14873
wolfSSL 7:481bce714567 14874 /* semi-weak *key check (list from same Nist paper) */
wolfSSL 7:481bce714567 14875 mask = 0x011F011F; mask2 = 0x010E010E;
wolfSSL 7:481bce714567 14876 if (DES_check(mask, mask2, *key) ||
wolfSSL 7:481bce714567 14877 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 7:481bce714567 14878 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14879 return -2;
wolfSSL 7:481bce714567 14880 }
wolfSSL 7:481bce714567 14881
wolfSSL 7:481bce714567 14882 mask = 0x01E001E0; mask2 = 0x01F101F1;
wolfSSL 7:481bce714567 14883 if (DES_check(mask, mask2, *key) ||
wolfSSL 7:481bce714567 14884 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 7:481bce714567 14885 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14886 return -2;
wolfSSL 7:481bce714567 14887 }
wolfSSL 7:481bce714567 14888
wolfSSL 7:481bce714567 14889 mask = 0x01FE01FE; mask2 = 0x01FE01FE;
wolfSSL 7:481bce714567 14890 if (DES_check(mask, mask2, *key) ||
wolfSSL 7:481bce714567 14891 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 7:481bce714567 14892 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14893 return -2;
wolfSSL 7:481bce714567 14894 }
wolfSSL 7:481bce714567 14895
wolfSSL 7:481bce714567 14896 mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;
wolfSSL 7:481bce714567 14897 if (DES_check(mask, mask2, *key) ||
wolfSSL 7:481bce714567 14898 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 7:481bce714567 14899 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14900 return -2;
wolfSSL 7:481bce714567 14901 }
wolfSSL 7:481bce714567 14902
wolfSSL 7:481bce714567 14903 mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;
wolfSSL 7:481bce714567 14904 if (DES_check(mask, mask2, *key) ||
wolfSSL 7:481bce714567 14905 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 7:481bce714567 14906 WOLFSSL_MSG("Weak key found");
wolfSSL 7:481bce714567 14907 return -2;
wolfSSL 7:481bce714567 14908 }
wolfSSL 7:481bce714567 14909
wolfSSL 7:481bce714567 14910 /* passed tests, now copy over key */
wolfSSL 7:481bce714567 14911 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 7:481bce714567 14912
wolfSSL 7:481bce714567 14913 return 0;
wolfSSL 7:481bce714567 14914 }
wolfSSL 7:481bce714567 14915 }
wolfSSL 7:481bce714567 14916
wolfSSL 7:481bce714567 14917
wolfSSL 7:481bce714567 14918 void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 7:481bce714567 14919 WOLFSSL_DES_key_schedule* key)
wolfSSL 7:481bce714567 14920 {
wolfSSL 7:481bce714567 14921 if (myDes != NULL && key != NULL) {
wolfSSL 7:481bce714567 14922 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 7:481bce714567 14923 }
wolfSSL 7:481bce714567 14924 }
wolfSSL 7:481bce714567 14925
wolfSSL 7:481bce714567 14926
wolfSSL 7:481bce714567 14927 void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
wolfSSL 7:481bce714567 14928 {
wolfSSL 7:481bce714567 14929 (void)myDes;
wolfSSL 7:481bce714567 14930 WOLFSSL_STUB("wolfSSL_DES_set_odd_parity");
wolfSSL 7:481bce714567 14931 }
wolfSSL 7:481bce714567 14932
wolfSSL 7:481bce714567 14933
wolfSSL 7:481bce714567 14934 void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
wolfSSL 7:481bce714567 14935 WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len)
wolfSSL 7:481bce714567 14936 {
wolfSSL 7:481bce714567 14937 (void)desa;
wolfSSL 7:481bce714567 14938 (void)desb;
wolfSSL 7:481bce714567 14939 (void)key;
wolfSSL 7:481bce714567 14940 (void)len;
wolfSSL 7:481bce714567 14941 WOLFSSL_STUB("wolfSSL_DES_ecb_encrypt");
wolfSSL 7:481bce714567 14942 }
wolfSSL 7:481bce714567 14943
wolfSSL 7:481bce714567 14944 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 14945
wolfSSL 7:481bce714567 14946 int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
wolfSSL 7:481bce714567 14947 {
wolfSSL 7:481bce714567 14948 (void)bio;
wolfSSL 7:481bce714567 14949 (void)format;
wolfSSL 7:481bce714567 14950 return 0;
wolfSSL 7:481bce714567 14951 }
wolfSSL 7:481bce714567 14952
wolfSSL 7:481bce714567 14953
wolfSSL 7:481bce714567 14954 int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
wolfSSL 7:481bce714567 14955 {
wolfSSL 7:481bce714567 14956 (void)bio;
wolfSSL 7:481bce714567 14957 (void)a;
wolfSSL 7:481bce714567 14958 return 0;
wolfSSL 7:481bce714567 14959 }
wolfSSL 7:481bce714567 14960
wolfSSL 7:481bce714567 14961
wolfSSL 7:481bce714567 14962 int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev)
wolfSSL 7:481bce714567 14963 {
wolfSSL 7:481bce714567 14964 (void)rev;
wolfSSL 7:481bce714567 14965 return 0;
wolfSSL 7:481bce714567 14966 }
wolfSSL 7:481bce714567 14967
wolfSSL 7:481bce714567 14968
wolfSSL 7:481bce714567 14969 void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
wolfSSL 7:481bce714567 14970 {
wolfSSL 7:481bce714567 14971 (void)rev;
wolfSSL 7:481bce714567 14972 (void)i;
wolfSSL 7:481bce714567 14973 return 0;
wolfSSL 7:481bce714567 14974 }
wolfSSL 7:481bce714567 14975
wolfSSL 7:481bce714567 14976
wolfSSL 7:481bce714567 14977 /* stunnel 4.28 needs */
wolfSSL 7:481bce714567 14978 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 14979 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
wolfSSL 7:481bce714567 14980 {
wolfSSL 7:481bce714567 14981 (void)ctx;
wolfSSL 7:481bce714567 14982 (void)f;
wolfSSL 7:481bce714567 14983 }
wolfSSL 7:481bce714567 14984
wolfSSL 7:481bce714567 14985
wolfSSL 7:481bce714567 14986 void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
wolfSSL 7:481bce714567 14987 int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
wolfSSL 7:481bce714567 14988 {
wolfSSL 7:481bce714567 14989 (void)ctx;
wolfSSL 7:481bce714567 14990 (void)f;
wolfSSL 7:481bce714567 14991 }
wolfSSL 7:481bce714567 14992
wolfSSL 7:481bce714567 14993
wolfSSL 7:481bce714567 14994 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
wolfSSL 7:481bce714567 14995 WOLFSSL_SESSION*))
wolfSSL 7:481bce714567 14996 {
wolfSSL 7:481bce714567 14997 (void)ctx;
wolfSSL 7:481bce714567 14998 (void)f;
wolfSSL 7:481bce714567 14999 }
wolfSSL 7:481bce714567 15000
wolfSSL 7:481bce714567 15001
wolfSSL 7:481bce714567 15002 int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
wolfSSL 7:481bce714567 15003 {
wolfSSL 7:481bce714567 15004 (void)sess;
wolfSSL 7:481bce714567 15005 (void)p;
wolfSSL 7:481bce714567 15006 return sizeof(WOLFSSL_SESSION);
wolfSSL 7:481bce714567 15007 }
wolfSSL 7:481bce714567 15008
wolfSSL 7:481bce714567 15009
wolfSSL 7:481bce714567 15010 WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
wolfSSL 7:481bce714567 15011 const unsigned char** p, long i)
wolfSSL 7:481bce714567 15012 {
wolfSSL 7:481bce714567 15013 (void)p;
wolfSSL 7:481bce714567 15014 (void)i;
wolfSSL 7:481bce714567 15015 if (sess)
wolfSSL 7:481bce714567 15016 return *sess;
wolfSSL 7:481bce714567 15017 return NULL;
wolfSSL 7:481bce714567 15018 }
wolfSSL 7:481bce714567 15019
wolfSSL 7:481bce714567 15020
wolfSSL 7:481bce714567 15021 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
wolfSSL 7:481bce714567 15022 {
wolfSSL 7:481bce714567 15023 WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
wolfSSL 7:481bce714567 15024 return sess->timeout;
wolfSSL 7:481bce714567 15025 }
wolfSSL 7:481bce714567 15026
wolfSSL 7:481bce714567 15027
wolfSSL 7:481bce714567 15028 long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
wolfSSL 7:481bce714567 15029 {
wolfSSL 7:481bce714567 15030 WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
wolfSSL 7:481bce714567 15031 return sess->bornOn;
wolfSSL 7:481bce714567 15032 }
wolfSSL 7:481bce714567 15033
wolfSSL 7:481bce714567 15034
wolfSSL 7:481bce714567 15035 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 15036
wolfSSL 7:481bce714567 15037
wolfSSL 7:481bce714567 15038 #ifdef KEEP_PEER_CERT
wolfSSL 7:481bce714567 15039 char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 15040 {
wolfSSL 7:481bce714567 15041 if (x509 == NULL)
wolfSSL 7:481bce714567 15042 return NULL;
wolfSSL 7:481bce714567 15043
wolfSSL 7:481bce714567 15044 return x509->subjectCN;
wolfSSL 7:481bce714567 15045 }
wolfSSL 7:481bce714567 15046 #endif /* KEEP_PEER_CERT */
wolfSSL 7:481bce714567 15047
wolfSSL 7:481bce714567 15048 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 15049
wolfSSL 7:481bce714567 15050 #ifdef FORTRESS
wolfSSL 7:481bce714567 15051 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
wolfSSL 7:481bce714567 15052 {
wolfSSL 7:481bce714567 15053 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15054
wolfSSL 7:481bce714567 15055 WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
wolfSSL 7:481bce714567 15056 if (ssl != NULL && fname != NULL)
wolfSSL 7:481bce714567 15057 {
wolfSSL 7:481bce714567 15058 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15059 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 15060 byte staticBuffer[1]; /* force heap usage */
wolfSSL 7:481bce714567 15061 #else
wolfSSL 7:481bce714567 15062 EncryptedInfo info[1];
wolfSSL 7:481bce714567 15063 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 7:481bce714567 15064 #endif
wolfSSL 7:481bce714567 15065 byte* myBuffer = staticBuffer;
wolfSSL 7:481bce714567 15066 int dynamic = 0;
wolfSSL 7:481bce714567 15067 XFILE file = XBADFILE;
wolfSSL 7:481bce714567 15068 long sz = 0;
wolfSSL 7:481bce714567 15069 int eccKey = 0;
wolfSSL 7:481bce714567 15070 WOLFSSL_CTX* ctx = ssl->ctx;
wolfSSL 7:481bce714567 15071 WOLFSSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 7:481bce714567 15072 DerBuffer* fileDer = NULL;
wolfSSL 7:481bce714567 15073
wolfSSL 7:481bce714567 15074 file = XFOPEN(fname, "rb");
wolfSSL 7:481bce714567 15075 if (file == XBADFILE)
wolfSSL 7:481bce714567 15076 return SSL_BAD_FILE;
wolfSSL 7:481bce714567 15077
wolfSSL 7:481bce714567 15078 XFSEEK(file, 0, XSEEK_END);
wolfSSL 7:481bce714567 15079 sz = XFTELL(file);
wolfSSL 7:481bce714567 15080 XREWIND(file);
wolfSSL 7:481bce714567 15081
wolfSSL 7:481bce714567 15082 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 7:481bce714567 15083 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 7:481bce714567 15084 myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 15085 dynamic = 1;
wolfSSL 7:481bce714567 15086 }
wolfSSL 7:481bce714567 15087
wolfSSL 7:481bce714567 15088 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15089 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 15090 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15091 if (info == NULL)
wolfSSL 7:481bce714567 15092 ret = MEMORY_E;
wolfSSL 7:481bce714567 15093 else
wolfSSL 7:481bce714567 15094 #endif
wolfSSL 7:481bce714567 15095 {
wolfSSL 7:481bce714567 15096 info->set = 0;
wolfSSL 7:481bce714567 15097 info->ctx = ctx;
wolfSSL 7:481bce714567 15098 info->consumed = 0;
wolfSSL 7:481bce714567 15099
wolfSSL 7:481bce714567 15100 if ((myBuffer != NULL) &&
wolfSSL 7:481bce714567 15101 (sz > 0) &&
wolfSSL 7:481bce714567 15102 (XFREAD(myBuffer, sz, 1, file) > 0) &&
wolfSSL 7:481bce714567 15103 (PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL 7:481bce714567 15104 &fileDer, ctx->heap, info, &eccKey) == 0) &&
wolfSSL 7:481bce714567 15105 (fileDer->length != 0) &&
wolfSSL 7:481bce714567 15106 (fileDer->length == peer_cert->derCert->length) &&
wolfSSL 7:481bce714567 15107 (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer,
wolfSSL 7:481bce714567 15108 fileDer->length) == 0))
wolfSSL 7:481bce714567 15109 {
wolfSSL 7:481bce714567 15110 ret = 0;
wolfSSL 7:481bce714567 15111 }
wolfSSL 7:481bce714567 15112
wolfSSL 7:481bce714567 15113 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15114 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15115 #endif
wolfSSL 7:481bce714567 15116 }
wolfSSL 7:481bce714567 15117
wolfSSL 7:481bce714567 15118 FreeDer(&fileDer);
wolfSSL 7:481bce714567 15119
wolfSSL 7:481bce714567 15120 if (dynamic)
wolfSSL 7:481bce714567 15121 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 7:481bce714567 15122
wolfSSL 7:481bce714567 15123 XFCLOSE(file);
wolfSSL 7:481bce714567 15124 }
wolfSSL 7:481bce714567 15125
wolfSSL 7:481bce714567 15126 return ret;
wolfSSL 7:481bce714567 15127 }
wolfSSL 7:481bce714567 15128 #endif
wolfSSL 7:481bce714567 15129
wolfSSL 7:481bce714567 15130
wolfSSL 7:481bce714567 15131 static WC_RNG globalRNG;
wolfSSL 7:481bce714567 15132 static int initGlobalRNG = 0;
wolfSSL 7:481bce714567 15133
wolfSSL 7:481bce714567 15134 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15135 int wolfSSL_RAND_seed(const void* seed, int len)
wolfSSL 7:481bce714567 15136 {
wolfSSL 7:481bce714567 15137
wolfSSL 7:481bce714567 15138 WOLFSSL_MSG("wolfSSL_RAND_seed");
wolfSSL 7:481bce714567 15139
wolfSSL 7:481bce714567 15140 (void)seed;
wolfSSL 7:481bce714567 15141 (void)len;
wolfSSL 7:481bce714567 15142
wolfSSL 7:481bce714567 15143 if (initGlobalRNG == 0) {
wolfSSL 7:481bce714567 15144 if (wc_InitRng(&globalRNG) < 0) {
wolfSSL 7:481bce714567 15145 WOLFSSL_MSG("wolfSSL Init Global RNG failed");
wolfSSL 7:481bce714567 15146 return 0;
wolfSSL 7:481bce714567 15147 }
wolfSSL 7:481bce714567 15148 initGlobalRNG = 1;
wolfSSL 7:481bce714567 15149 }
wolfSSL 7:481bce714567 15150
wolfSSL 7:481bce714567 15151 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15152 }
wolfSSL 7:481bce714567 15153
wolfSSL 7:481bce714567 15154
wolfSSL 7:481bce714567 15155 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15156 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 7:481bce714567 15157 {
wolfSSL 7:481bce714567 15158 int ret = 0;
wolfSSL 7:481bce714567 15159 int initTmpRng = 0;
wolfSSL 7:481bce714567 15160 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 15161 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15162 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 15163 #else
wolfSSL 7:481bce714567 15164 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 15165 #endif
wolfSSL 7:481bce714567 15166
wolfSSL 7:481bce714567 15167 WOLFSSL_ENTER("wolfSSL_RAND_bytes");
wolfSSL 7:481bce714567 15168
wolfSSL 7:481bce714567 15169 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15170 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15171 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 15172 return ret;
wolfSSL 7:481bce714567 15173 #endif
wolfSSL 7:481bce714567 15174
wolfSSL 7:481bce714567 15175 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 15176 rng = tmpRNG;
wolfSSL 7:481bce714567 15177 initTmpRng = 1;
wolfSSL 7:481bce714567 15178 }
wolfSSL 7:481bce714567 15179 else if (initGlobalRNG)
wolfSSL 7:481bce714567 15180 rng = &globalRNG;
wolfSSL 7:481bce714567 15181
wolfSSL 7:481bce714567 15182 if (rng) {
wolfSSL 7:481bce714567 15183 if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
wolfSSL 7:481bce714567 15184 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 7:481bce714567 15185 else
wolfSSL 7:481bce714567 15186 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 15187 }
wolfSSL 7:481bce714567 15188
wolfSSL 7:481bce714567 15189 if (initTmpRng)
wolfSSL 7:481bce714567 15190 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 15191
wolfSSL 7:481bce714567 15192 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15193 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15194 #endif
wolfSSL 7:481bce714567 15195
wolfSSL 7:481bce714567 15196 return ret;
wolfSSL 7:481bce714567 15197 }
wolfSSL 7:481bce714567 15198
wolfSSL 7:481bce714567 15199 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
wolfSSL 7:481bce714567 15200 {
wolfSSL 7:481bce714567 15201 static int ctx; /* wolfcrypt doesn't now need ctx */
wolfSSL 7:481bce714567 15202
wolfSSL 7:481bce714567 15203 WOLFSSL_MSG("wolfSSL_BN_CTX_new");
wolfSSL 7:481bce714567 15204
wolfSSL 7:481bce714567 15205 return (WOLFSSL_BN_CTX*)&ctx;
wolfSSL 7:481bce714567 15206 }
wolfSSL 7:481bce714567 15207
wolfSSL 7:481bce714567 15208 void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
wolfSSL 7:481bce714567 15209 {
wolfSSL 7:481bce714567 15210 (void)ctx;
wolfSSL 7:481bce714567 15211 WOLFSSL_MSG("wolfSSL_BN_CTX_init");
wolfSSL 7:481bce714567 15212 }
wolfSSL 7:481bce714567 15213
wolfSSL 7:481bce714567 15214
wolfSSL 7:481bce714567 15215 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
wolfSSL 7:481bce714567 15216 {
wolfSSL 7:481bce714567 15217 (void)ctx;
wolfSSL 7:481bce714567 15218 WOLFSSL_MSG("wolfSSL_BN_CTX_free");
wolfSSL 7:481bce714567 15219
wolfSSL 7:481bce714567 15220 /* do free since static ctx that does nothing */
wolfSSL 7:481bce714567 15221 }
wolfSSL 7:481bce714567 15222
wolfSSL 7:481bce714567 15223
wolfSSL 7:481bce714567 15224 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15225 {
wolfSSL 7:481bce714567 15226 WOLFSSL_MSG("InitwolfSSL_BigNum");
wolfSSL 7:481bce714567 15227 if (bn) {
wolfSSL 7:481bce714567 15228 bn->neg = 0;
wolfSSL 7:481bce714567 15229 bn->internal = NULL;
wolfSSL 7:481bce714567 15230 }
wolfSSL 7:481bce714567 15231 }
wolfSSL 7:481bce714567 15232
wolfSSL 7:481bce714567 15233
wolfSSL 7:481bce714567 15234 WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
wolfSSL 7:481bce714567 15235 {
wolfSSL 7:481bce714567 15236 WOLFSSL_BIGNUM* external;
wolfSSL 7:481bce714567 15237 mp_int* mpi;
wolfSSL 7:481bce714567 15238
wolfSSL 7:481bce714567 15239 WOLFSSL_MSG("wolfSSL_BN_new");
wolfSSL 7:481bce714567 15240
wolfSSL 7:481bce714567 15241 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 7:481bce714567 15242 if (mpi == NULL) {
wolfSSL 7:481bce714567 15243 WOLFSSL_MSG("wolfSSL_BN_new malloc mpi failure");
wolfSSL 7:481bce714567 15244 return NULL;
wolfSSL 7:481bce714567 15245 }
wolfSSL 7:481bce714567 15246
wolfSSL 7:481bce714567 15247 external = (WOLFSSL_BIGNUM*) XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
wolfSSL 7:481bce714567 15248 DYNAMIC_TYPE_BIGINT);
wolfSSL 7:481bce714567 15249 if (external == NULL) {
wolfSSL 7:481bce714567 15250 WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
wolfSSL 7:481bce714567 15251 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 7:481bce714567 15252 return NULL;
wolfSSL 7:481bce714567 15253 }
wolfSSL 7:481bce714567 15254
wolfSSL 7:481bce714567 15255 InitwolfSSL_BigNum(external);
wolfSSL 7:481bce714567 15256 external->internal = mpi;
wolfSSL 7:481bce714567 15257 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 7:481bce714567 15258 wolfSSL_BN_free(external);
wolfSSL 7:481bce714567 15259 return NULL;
wolfSSL 7:481bce714567 15260 }
wolfSSL 7:481bce714567 15261
wolfSSL 7:481bce714567 15262 return external;
wolfSSL 7:481bce714567 15263 }
wolfSSL 7:481bce714567 15264
wolfSSL 7:481bce714567 15265
wolfSSL 7:481bce714567 15266 void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15267 {
wolfSSL 7:481bce714567 15268 WOLFSSL_MSG("wolfSSL_BN_free");
wolfSSL 7:481bce714567 15269 if (bn) {
wolfSSL 7:481bce714567 15270 if (bn->internal) {
wolfSSL 7:481bce714567 15271 mp_clear((mp_int*)bn->internal);
wolfSSL 7:481bce714567 15272 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 7:481bce714567 15273 bn->internal = NULL;
wolfSSL 7:481bce714567 15274 }
wolfSSL 7:481bce714567 15275 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 7:481bce714567 15276 bn = NULL;
wolfSSL 7:481bce714567 15277 }
wolfSSL 7:481bce714567 15278 }
wolfSSL 7:481bce714567 15279
wolfSSL 7:481bce714567 15280
wolfSSL 7:481bce714567 15281 void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15282 {
wolfSSL 7:481bce714567 15283 WOLFSSL_MSG("wolfSSL_BN_clear_free");
wolfSSL 7:481bce714567 15284
wolfSSL 7:481bce714567 15285 wolfSSL_BN_free(bn);
wolfSSL 7:481bce714567 15286 }
wolfSSL 7:481bce714567 15287
wolfSSL 7:481bce714567 15288
wolfSSL 7:481bce714567 15289 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15290 int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 7:481bce714567 15291 const WOLFSSL_BIGNUM* b)
wolfSSL 7:481bce714567 15292 {
wolfSSL 7:481bce714567 15293 WOLFSSL_MSG("wolfSSL_BN_sub");
wolfSSL 7:481bce714567 15294
wolfSSL 7:481bce714567 15295 if (r == NULL || a == NULL || b == NULL)
wolfSSL 7:481bce714567 15296 return 0;
wolfSSL 7:481bce714567 15297
wolfSSL 7:481bce714567 15298 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 7:481bce714567 15299 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 7:481bce714567 15300 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15301
wolfSSL 7:481bce714567 15302 WOLFSSL_MSG("wolfSSL_BN_sub mp_sub failed");
wolfSSL 7:481bce714567 15303 return 0;
wolfSSL 7:481bce714567 15304 }
wolfSSL 7:481bce714567 15305
wolfSSL 7:481bce714567 15306
wolfSSL 7:481bce714567 15307 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15308 int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 7:481bce714567 15309 const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
wolfSSL 7:481bce714567 15310 {
wolfSSL 7:481bce714567 15311 (void)c;
wolfSSL 7:481bce714567 15312 WOLFSSL_MSG("wolfSSL_BN_mod");
wolfSSL 7:481bce714567 15313
wolfSSL 7:481bce714567 15314 if (r == NULL || a == NULL || b == NULL)
wolfSSL 7:481bce714567 15315 return 0;
wolfSSL 7:481bce714567 15316
wolfSSL 7:481bce714567 15317 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 7:481bce714567 15318 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 7:481bce714567 15319 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15320
wolfSSL 7:481bce714567 15321 WOLFSSL_MSG("wolfSSL_BN_mod mp_mod failed");
wolfSSL 7:481bce714567 15322 return 0;
wolfSSL 7:481bce714567 15323 }
wolfSSL 7:481bce714567 15324
wolfSSL 7:481bce714567 15325
wolfSSL 7:481bce714567 15326 /* r = (a^p) % m */
wolfSSL 7:481bce714567 15327 int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
wolfSSL 7:481bce714567 15328 const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 15329 {
wolfSSL 7:481bce714567 15330 int ret;
wolfSSL 7:481bce714567 15331
wolfSSL 7:481bce714567 15332 WOLFSSL_ENTER("wolfSSL_BN_mod_exp");
wolfSSL 7:481bce714567 15333
wolfSSL 7:481bce714567 15334 (void) ctx;
wolfSSL 7:481bce714567 15335 if (r == NULL || a == NULL || p == NULL || m == NULL) {
wolfSSL 7:481bce714567 15336 WOLFSSL_MSG("Bad Argument");
wolfSSL 7:481bce714567 15337 return SSL_FAILURE;
wolfSSL 7:481bce714567 15338 }
wolfSSL 7:481bce714567 15339
wolfSSL 7:481bce714567 15340 if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal,
wolfSSL 7:481bce714567 15341 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
wolfSSL 7:481bce714567 15342 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15343 }
wolfSSL 7:481bce714567 15344
wolfSSL 7:481bce714567 15345 WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret);
wolfSSL 7:481bce714567 15346 return SSL_FAILURE;
wolfSSL 7:481bce714567 15347 }
wolfSSL 7:481bce714567 15348
wolfSSL 7:481bce714567 15349 const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
wolfSSL 7:481bce714567 15350 {
wolfSSL 7:481bce714567 15351 static WOLFSSL_BIGNUM* bn_one = NULL;
wolfSSL 7:481bce714567 15352
wolfSSL 7:481bce714567 15353 WOLFSSL_MSG("wolfSSL_BN_value_one");
wolfSSL 7:481bce714567 15354
wolfSSL 7:481bce714567 15355 if (bn_one == NULL) {
wolfSSL 7:481bce714567 15356 bn_one = wolfSSL_BN_new();
wolfSSL 7:481bce714567 15357 if (bn_one)
wolfSSL 7:481bce714567 15358 mp_set_int((mp_int*)bn_one->internal, 1);
wolfSSL 7:481bce714567 15359 }
wolfSSL 7:481bce714567 15360
wolfSSL 7:481bce714567 15361 return bn_one;
wolfSSL 7:481bce714567 15362 }
wolfSSL 7:481bce714567 15363
wolfSSL 7:481bce714567 15364 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15365 * size of BIGNUM in bytes, 0 if error */
wolfSSL 7:481bce714567 15366 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15367 {
wolfSSL 7:481bce714567 15368 WOLFSSL_MSG("wolfSSL_BN_num_bytes");
wolfSSL 7:481bce714567 15369
wolfSSL 7:481bce714567 15370 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15371 return SSL_FAILURE;
wolfSSL 7:481bce714567 15372
wolfSSL 7:481bce714567 15373 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 7:481bce714567 15374 }
wolfSSL 7:481bce714567 15375
wolfSSL 7:481bce714567 15376 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15377 * size of BIGNUM in bits, 0 if error */
wolfSSL 7:481bce714567 15378 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15379 {
wolfSSL 7:481bce714567 15380 WOLFSSL_MSG("wolfSSL_BN_num_bits");
wolfSSL 7:481bce714567 15381
wolfSSL 7:481bce714567 15382 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15383 return SSL_FAILURE;
wolfSSL 7:481bce714567 15384
wolfSSL 7:481bce714567 15385 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 7:481bce714567 15386 }
wolfSSL 7:481bce714567 15387
wolfSSL 7:481bce714567 15388 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15389 * 1 if BIGNUM is zero, 0 else */
wolfSSL 7:481bce714567 15390 int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15391 {
wolfSSL 7:481bce714567 15392 WOLFSSL_MSG("wolfSSL_BN_is_zero");
wolfSSL 7:481bce714567 15393
wolfSSL 7:481bce714567 15394 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15395 return SSL_FAILURE;
wolfSSL 7:481bce714567 15396
wolfSSL 7:481bce714567 15397 if (mp_iszero((mp_int*)bn->internal) == MP_YES)
wolfSSL 7:481bce714567 15398 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15399
wolfSSL 7:481bce714567 15400 return SSL_FAILURE;
wolfSSL 7:481bce714567 15401 }
wolfSSL 7:481bce714567 15402
wolfSSL 7:481bce714567 15403 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15404 * 1 if BIGNUM is one, 0 else */
wolfSSL 7:481bce714567 15405 int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15406 {
wolfSSL 7:481bce714567 15407 WOLFSSL_MSG("wolfSSL_BN_is_one");
wolfSSL 7:481bce714567 15408
wolfSSL 7:481bce714567 15409 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15410 return SSL_FAILURE;
wolfSSL 7:481bce714567 15411
wolfSSL 7:481bce714567 15412 if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ)
wolfSSL 7:481bce714567 15413 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15414
wolfSSL 7:481bce714567 15415 return SSL_FAILURE;
wolfSSL 7:481bce714567 15416 }
wolfSSL 7:481bce714567 15417
wolfSSL 7:481bce714567 15418 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15419 * 1 if BIGNUM is odd, 0 else */
wolfSSL 7:481bce714567 15420 int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15421 {
wolfSSL 7:481bce714567 15422 WOLFSSL_MSG("wolfSSL_BN_is_odd");
wolfSSL 7:481bce714567 15423
wolfSSL 7:481bce714567 15424 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15425 return SSL_FAILURE;
wolfSSL 7:481bce714567 15426
wolfSSL 7:481bce714567 15427 if (mp_isodd((mp_int*)bn->internal) == MP_YES)
wolfSSL 7:481bce714567 15428 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15429
wolfSSL 7:481bce714567 15430 return SSL_FAILURE;
wolfSSL 7:481bce714567 15431 }
wolfSSL 7:481bce714567 15432
wolfSSL 7:481bce714567 15433 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15434 * -1 if a < b, 0 if a == b and 1 if a > b
wolfSSL 7:481bce714567 15435 */
wolfSSL 7:481bce714567 15436 int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
wolfSSL 7:481bce714567 15437 {
wolfSSL 7:481bce714567 15438 int ret;
wolfSSL 7:481bce714567 15439
wolfSSL 7:481bce714567 15440 WOLFSSL_MSG("wolfSSL_BN_cmp");
wolfSSL 7:481bce714567 15441
wolfSSL 7:481bce714567 15442 if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL)
wolfSSL 7:481bce714567 15443 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15444
wolfSSL 7:481bce714567 15445 ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 7:481bce714567 15446
wolfSSL 7:481bce714567 15447 return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1));
wolfSSL 7:481bce714567 15448 }
wolfSSL 7:481bce714567 15449
wolfSSL 7:481bce714567 15450 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15451 * length of BIGNUM in bytes, -1 if error */
wolfSSL 7:481bce714567 15452 int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
wolfSSL 7:481bce714567 15453 {
wolfSSL 7:481bce714567 15454 WOLFSSL_MSG("wolfSSL_BN_bn2bin");
wolfSSL 7:481bce714567 15455
wolfSSL 7:481bce714567 15456 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15457 WOLFSSL_MSG("NULL bn error");
wolfSSL 7:481bce714567 15458 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15459 }
wolfSSL 7:481bce714567 15460
wolfSSL 7:481bce714567 15461 if (r == NULL)
wolfSSL 7:481bce714567 15462 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 7:481bce714567 15463
wolfSSL 7:481bce714567 15464 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 7:481bce714567 15465 WOLFSSL_MSG("mp_to_unsigned_bin error");
wolfSSL 7:481bce714567 15466 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15467 }
wolfSSL 7:481bce714567 15468
wolfSSL 7:481bce714567 15469 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 7:481bce714567 15470 }
wolfSSL 7:481bce714567 15471
wolfSSL 7:481bce714567 15472
wolfSSL 7:481bce714567 15473 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 7:481bce714567 15474 WOLFSSL_BIGNUM* ret)
wolfSSL 7:481bce714567 15475 {
wolfSSL 7:481bce714567 15476 int weOwn = 0;
wolfSSL 7:481bce714567 15477
wolfSSL 7:481bce714567 15478 WOLFSSL_MSG("wolfSSL_BN_bin2bn");
wolfSSL 7:481bce714567 15479
wolfSSL 7:481bce714567 15480 /* if ret is null create a BN */
wolfSSL 7:481bce714567 15481 if (ret == NULL) {
wolfSSL 7:481bce714567 15482 ret = wolfSSL_BN_new();
wolfSSL 7:481bce714567 15483 weOwn = 1;
wolfSSL 7:481bce714567 15484 if (ret == NULL)
wolfSSL 7:481bce714567 15485 return NULL;
wolfSSL 7:481bce714567 15486 }
wolfSSL 7:481bce714567 15487
wolfSSL 7:481bce714567 15488 /* check ret and ret->internal then read in value */
wolfSSL 7:481bce714567 15489 if (ret && ret->internal) {
wolfSSL 7:481bce714567 15490 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 7:481bce714567 15491 WOLFSSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 7:481bce714567 15492 if (weOwn)
wolfSSL 7:481bce714567 15493 wolfSSL_BN_free(ret);
wolfSSL 7:481bce714567 15494 return NULL;
wolfSSL 7:481bce714567 15495 }
wolfSSL 7:481bce714567 15496 }
wolfSSL 7:481bce714567 15497
wolfSSL 7:481bce714567 15498 return ret;
wolfSSL 7:481bce714567 15499 }
wolfSSL 7:481bce714567 15500
wolfSSL 7:481bce714567 15501 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 15502 * 1 if success, 0 if error */
wolfSSL 7:481bce714567 15503 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 7:481bce714567 15504 {
wolfSSL 7:481bce714567 15505 (void)bn;
wolfSSL 7:481bce714567 15506 (void)n;
wolfSSL 7:481bce714567 15507 WOLFSSL_MSG("wolfSSL_BN_mask_bits");
wolfSSL 7:481bce714567 15508
wolfSSL 7:481bce714567 15509 return SSL_FAILURE;
wolfSSL 7:481bce714567 15510 }
wolfSSL 7:481bce714567 15511
wolfSSL 7:481bce714567 15512
wolfSSL 7:481bce714567 15513 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15514 int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 7:481bce714567 15515 {
wolfSSL 7:481bce714567 15516 int ret = 0;
wolfSSL 7:481bce714567 15517 int len = bits / 8;
wolfSSL 7:481bce714567 15518 int initTmpRng = 0;
wolfSSL 7:481bce714567 15519 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 15520 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15521 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 15522 byte* buff = NULL;
wolfSSL 7:481bce714567 15523 #else
wolfSSL 7:481bce714567 15524 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 15525 byte buff[1024];
wolfSSL 7:481bce714567 15526 #endif
wolfSSL 7:481bce714567 15527
wolfSSL 7:481bce714567 15528 (void)top;
wolfSSL 7:481bce714567 15529 (void)bottom;
wolfSSL 7:481bce714567 15530 WOLFSSL_MSG("wolfSSL_BN_rand");
wolfSSL 7:481bce714567 15531
wolfSSL 7:481bce714567 15532 if (bits % 8)
wolfSSL 7:481bce714567 15533 len++;
wolfSSL 7:481bce714567 15534
wolfSSL 7:481bce714567 15535 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15536 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15537 tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15538 if (buff == NULL || tmpRNG == NULL) {
wolfSSL 7:481bce714567 15539 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15540 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15541 return ret;
wolfSSL 7:481bce714567 15542 }
wolfSSL 7:481bce714567 15543 #endif
wolfSSL 7:481bce714567 15544
wolfSSL 7:481bce714567 15545 if (bn == NULL || bn->internal == NULL)
wolfSSL 7:481bce714567 15546 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 15547 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 15548 rng = tmpRNG;
wolfSSL 7:481bce714567 15549 initTmpRng = 1;
wolfSSL 7:481bce714567 15550 }
wolfSSL 7:481bce714567 15551 else if (initGlobalRNG)
wolfSSL 7:481bce714567 15552 rng = &globalRNG;
wolfSSL 7:481bce714567 15553
wolfSSL 7:481bce714567 15554 if (rng) {
wolfSSL 7:481bce714567 15555 if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
wolfSSL 7:481bce714567 15556 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 7:481bce714567 15557 else {
wolfSSL 7:481bce714567 15558 buff[0] |= 0x80 | 0x40;
wolfSSL 7:481bce714567 15559 buff[len-1] |= 0x01;
wolfSSL 7:481bce714567 15560
wolfSSL 7:481bce714567 15561 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
wolfSSL 7:481bce714567 15562 WOLFSSL_MSG("mp read bin failed");
wolfSSL 7:481bce714567 15563 else
wolfSSL 7:481bce714567 15564 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 15565 }
wolfSSL 7:481bce714567 15566 }
wolfSSL 7:481bce714567 15567
wolfSSL 7:481bce714567 15568 if (initTmpRng)
wolfSSL 7:481bce714567 15569 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 15570
wolfSSL 7:481bce714567 15571 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15572 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15573 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15574 #endif
wolfSSL 7:481bce714567 15575
wolfSSL 7:481bce714567 15576 return ret;
wolfSSL 7:481bce714567 15577 }
wolfSSL 7:481bce714567 15578
wolfSSL 7:481bce714567 15579 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15580 * 1 if bit set, 0 else
wolfSSL 7:481bce714567 15581 */
wolfSSL 7:481bce714567 15582 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
wolfSSL 7:481bce714567 15583 {
wolfSSL 7:481bce714567 15584 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15585 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15586 return SSL_FAILURE;
wolfSSL 7:481bce714567 15587 }
wolfSSL 7:481bce714567 15588
wolfSSL 7:481bce714567 15589 if (n > DIGIT_BIT) {
wolfSSL 7:481bce714567 15590 WOLFSSL_MSG("input bit count too large");
wolfSSL 7:481bce714567 15591 return SSL_FAILURE;
wolfSSL 7:481bce714567 15592 }
wolfSSL 7:481bce714567 15593
wolfSSL 7:481bce714567 15594 return mp_is_bit_set((mp_int*)bn->internal, (mp_digit)n);
wolfSSL 7:481bce714567 15595 }
wolfSSL 7:481bce714567 15596
wolfSSL 7:481bce714567 15597 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15598 * 1 if success, 0 else
wolfSSL 7:481bce714567 15599 */
wolfSSL 7:481bce714567 15600 int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 7:481bce714567 15601 {
wolfSSL 7:481bce714567 15602 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15603 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15604 return SSL_FAILURE;
wolfSSL 7:481bce714567 15605 }
wolfSSL 7:481bce714567 15606
wolfSSL 7:481bce714567 15607 if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
wolfSSL 7:481bce714567 15608 WOLFSSL_MSG("mp_set_int error");
wolfSSL 7:481bce714567 15609 return SSL_FAILURE;
wolfSSL 7:481bce714567 15610 }
wolfSSL 7:481bce714567 15611
wolfSSL 7:481bce714567 15612 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15613 }
wolfSSL 7:481bce714567 15614
wolfSSL 7:481bce714567 15615
wolfSSL 7:481bce714567 15616 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 15617 int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 7:481bce714567 15618 {
wolfSSL 7:481bce714567 15619 int ret = 0;
wolfSSL 7:481bce714567 15620 word32 decSz = 1024;
wolfSSL 7:481bce714567 15621 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15622 byte* decoded = NULL;
wolfSSL 7:481bce714567 15623 #else
wolfSSL 7:481bce714567 15624 byte decoded[1024];
wolfSSL 7:481bce714567 15625 #endif
wolfSSL 7:481bce714567 15626
wolfSSL 7:481bce714567 15627 WOLFSSL_MSG("wolfSSL_BN_hex2bn");
wolfSSL 7:481bce714567 15628
wolfSSL 7:481bce714567 15629 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15630 decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15631 if (decoded == NULL)
wolfSSL 7:481bce714567 15632 return ret;
wolfSSL 7:481bce714567 15633 #endif
wolfSSL 7:481bce714567 15634
wolfSSL 7:481bce714567 15635 if (str == NULL)
wolfSSL 7:481bce714567 15636 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 15637 else if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0)
wolfSSL 7:481bce714567 15638 WOLFSSL_MSG("Bad Base16_Decode error");
wolfSSL 7:481bce714567 15639 else if (bn == NULL)
wolfSSL 7:481bce714567 15640 ret = decSz;
wolfSSL 7:481bce714567 15641 else {
wolfSSL 7:481bce714567 15642 if (*bn == NULL)
wolfSSL 7:481bce714567 15643 *bn = wolfSSL_BN_new();
wolfSSL 7:481bce714567 15644
wolfSSL 7:481bce714567 15645 if (*bn == NULL)
wolfSSL 7:481bce714567 15646 WOLFSSL_MSG("BN new failed");
wolfSSL 7:481bce714567 15647 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL)
wolfSSL 7:481bce714567 15648 WOLFSSL_MSG("Bad bin2bn error");
wolfSSL 7:481bce714567 15649 else
wolfSSL 7:481bce714567 15650 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 15651 }
wolfSSL 7:481bce714567 15652
wolfSSL 7:481bce714567 15653 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15654 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15655 #endif
wolfSSL 7:481bce714567 15656
wolfSSL 7:481bce714567 15657 return ret;
wolfSSL 7:481bce714567 15658 }
wolfSSL 7:481bce714567 15659
wolfSSL 7:481bce714567 15660
wolfSSL 7:481bce714567 15661 WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15662 {
wolfSSL 7:481bce714567 15663 WOLFSSL_BIGNUM* ret;
wolfSSL 7:481bce714567 15664
wolfSSL 7:481bce714567 15665 WOLFSSL_MSG("wolfSSL_BN_dup");
wolfSSL 7:481bce714567 15666
wolfSSL 7:481bce714567 15667 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15668 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15669 return NULL;
wolfSSL 7:481bce714567 15670 }
wolfSSL 7:481bce714567 15671
wolfSSL 7:481bce714567 15672 ret = wolfSSL_BN_new();
wolfSSL 7:481bce714567 15673 if (ret == NULL) {
wolfSSL 7:481bce714567 15674 WOLFSSL_MSG("bn new error");
wolfSSL 7:481bce714567 15675 return NULL;
wolfSSL 7:481bce714567 15676 }
wolfSSL 7:481bce714567 15677
wolfSSL 7:481bce714567 15678 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 15679 WOLFSSL_MSG("mp_copy error");
wolfSSL 7:481bce714567 15680 wolfSSL_BN_free(ret);
wolfSSL 7:481bce714567 15681 return NULL;
wolfSSL 7:481bce714567 15682 }
wolfSSL 7:481bce714567 15683
wolfSSL 7:481bce714567 15684 ret->neg = bn->neg;
wolfSSL 7:481bce714567 15685
wolfSSL 7:481bce714567 15686 return ret;
wolfSSL 7:481bce714567 15687 }
wolfSSL 7:481bce714567 15688
wolfSSL 7:481bce714567 15689
wolfSSL 7:481bce714567 15690 WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15691 {
wolfSSL 7:481bce714567 15692 WOLFSSL_MSG("wolfSSL_BN_copy");
wolfSSL 7:481bce714567 15693
wolfSSL 7:481bce714567 15694 if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 15695 WOLFSSL_MSG("mp_copy error");
wolfSSL 7:481bce714567 15696 return NULL;
wolfSSL 7:481bce714567 15697 }
wolfSSL 7:481bce714567 15698
wolfSSL 7:481bce714567 15699 r->neg = bn->neg;
wolfSSL 7:481bce714567 15700
wolfSSL 7:481bce714567 15701 return r;
wolfSSL 7:481bce714567 15702 }
wolfSSL 7:481bce714567 15703
wolfSSL 7:481bce714567 15704 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15705 * 1 if success, 0 else
wolfSSL 7:481bce714567 15706 */
wolfSSL 7:481bce714567 15707 int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
wolfSSL 7:481bce714567 15708 {
wolfSSL 7:481bce714567 15709 WOLFSSL_MSG("wolfSSL_BN_set_word");
wolfSSL 7:481bce714567 15710
wolfSSL 7:481bce714567 15711 if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
wolfSSL 7:481bce714567 15712 WOLFSSL_MSG("mp_init_set_int error");
wolfSSL 7:481bce714567 15713 return SSL_FAILURE;
wolfSSL 7:481bce714567 15714 }
wolfSSL 7:481bce714567 15715
wolfSSL 7:481bce714567 15716 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15717 }
wolfSSL 7:481bce714567 15718
wolfSSL 7:481bce714567 15719 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15720 * number length in decimal if success, 0 if error
wolfSSL 7:481bce714567 15721 */
wolfSSL 7:481bce714567 15722 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 7:481bce714567 15723 {
wolfSSL 7:481bce714567 15724 (void)bn;
wolfSSL 7:481bce714567 15725 (void)str;
wolfSSL 7:481bce714567 15726
wolfSSL 7:481bce714567 15727 WOLFSSL_MSG("wolfSSL_BN_dec2bn");
wolfSSL 7:481bce714567 15728
wolfSSL 7:481bce714567 15729 return SSL_FAILURE;
wolfSSL 7:481bce714567 15730 }
wolfSSL 7:481bce714567 15731
wolfSSL 7:481bce714567 15732
wolfSSL 7:481bce714567 15733 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
wolfSSL 7:481bce714567 15734 char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 15735 {
wolfSSL 7:481bce714567 15736 int len = 0;
wolfSSL 7:481bce714567 15737 char *buf;
wolfSSL 7:481bce714567 15738
wolfSSL 7:481bce714567 15739 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 7:481bce714567 15740
wolfSSL 7:481bce714567 15741 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15742 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15743 return NULL;
wolfSSL 7:481bce714567 15744 }
wolfSSL 7:481bce714567 15745
wolfSSL 7:481bce714567 15746 if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {
wolfSSL 7:481bce714567 15747 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 7:481bce714567 15748 return NULL;
wolfSSL 7:481bce714567 15749 }
wolfSSL 7:481bce714567 15750
wolfSSL 7:481bce714567 15751 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15752 if (buf == NULL) {
wolfSSL 7:481bce714567 15753 WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
wolfSSL 7:481bce714567 15754 return NULL;
wolfSSL 7:481bce714567 15755 }
wolfSSL 7:481bce714567 15756
wolfSSL 7:481bce714567 15757 if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {
wolfSSL 7:481bce714567 15758 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15759 return NULL;
wolfSSL 7:481bce714567 15760 }
wolfSSL 7:481bce714567 15761
wolfSSL 7:481bce714567 15762 return buf;
wolfSSL 7:481bce714567 15763 }
wolfSSL 7:481bce714567 15764 #else
wolfSSL 7:481bce714567 15765 char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
wolfSSL 7:481bce714567 15766 {
wolfSSL 7:481bce714567 15767 (void)bn;
wolfSSL 7:481bce714567 15768
wolfSSL 7:481bce714567 15769 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 7:481bce714567 15770
wolfSSL 7:481bce714567 15771 return NULL;
wolfSSL 7:481bce714567 15772 }
wolfSSL 7:481bce714567 15773 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 7:481bce714567 15774
wolfSSL 7:481bce714567 15775 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15776 * 1 if success, 0 else
wolfSSL 7:481bce714567 15777 */
wolfSSL 7:481bce714567 15778 int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 7:481bce714567 15779 {
wolfSSL 7:481bce714567 15780 WOLFSSL_MSG("wolfSSL_BN_lshift");
wolfSSL 7:481bce714567 15781
wolfSSL 7:481bce714567 15782 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 7:481bce714567 15783 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15784 return SSL_FAILURE;
wolfSSL 7:481bce714567 15785 }
wolfSSL 7:481bce714567 15786
wolfSSL 7:481bce714567 15787 if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 15788 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 7:481bce714567 15789 return SSL_FAILURE;
wolfSSL 7:481bce714567 15790 }
wolfSSL 7:481bce714567 15791
wolfSSL 7:481bce714567 15792 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15793 }
wolfSSL 7:481bce714567 15794
wolfSSL 7:481bce714567 15795 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15796 * 1 if success, 0 else
wolfSSL 7:481bce714567 15797 */
wolfSSL 7:481bce714567 15798 int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 7:481bce714567 15799 {
wolfSSL 7:481bce714567 15800 WOLFSSL_MSG("wolfSSL_BN_rshift");
wolfSSL 7:481bce714567 15801
wolfSSL 7:481bce714567 15802 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 7:481bce714567 15803 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15804 return SSL_FAILURE;
wolfSSL 7:481bce714567 15805 }
wolfSSL 7:481bce714567 15806
wolfSSL 7:481bce714567 15807 if (mp_div_2d((mp_int*)bn->internal, n,
wolfSSL 7:481bce714567 15808 (mp_int*)r->internal, NULL) != MP_OKAY) {
wolfSSL 7:481bce714567 15809 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 7:481bce714567 15810 return SSL_FAILURE;
wolfSSL 7:481bce714567 15811 }
wolfSSL 7:481bce714567 15812
wolfSSL 7:481bce714567 15813 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15814 }
wolfSSL 7:481bce714567 15815
wolfSSL 7:481bce714567 15816 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15817 * 1 if success, 0 else
wolfSSL 7:481bce714567 15818 */
wolfSSL 7:481bce714567 15819 int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
wolfSSL 7:481bce714567 15820 {
wolfSSL 7:481bce714567 15821 WOLFSSL_MSG("wolfSSL_BN_add_word");
wolfSSL 7:481bce714567 15822
wolfSSL 7:481bce714567 15823 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15824 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15825 return SSL_FAILURE;
wolfSSL 7:481bce714567 15826 }
wolfSSL 7:481bce714567 15827
wolfSSL 7:481bce714567 15828 if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 15829 WOLFSSL_MSG("mp_add_d error");
wolfSSL 7:481bce714567 15830 return SSL_FAILURE;
wolfSSL 7:481bce714567 15831 }
wolfSSL 7:481bce714567 15832
wolfSSL 7:481bce714567 15833 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15834 }
wolfSSL 7:481bce714567 15835
wolfSSL 7:481bce714567 15836 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15837 * 1 if success, 0 else
wolfSSL 7:481bce714567 15838 */
wolfSSL 7:481bce714567 15839 int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
wolfSSL 7:481bce714567 15840 {
wolfSSL 7:481bce714567 15841 WOLFSSL_MSG("wolfSSL_BN_add");
wolfSSL 7:481bce714567 15842
wolfSSL 7:481bce714567 15843 if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL ||
wolfSSL 7:481bce714567 15844 b == NULL || b->internal == NULL) {
wolfSSL 7:481bce714567 15845 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15846 return SSL_FAILURE;
wolfSSL 7:481bce714567 15847 }
wolfSSL 7:481bce714567 15848
wolfSSL 7:481bce714567 15849 if (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
wolfSSL 7:481bce714567 15850 (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 15851 WOLFSSL_MSG("mp_add_d error");
wolfSSL 7:481bce714567 15852 return SSL_FAILURE;
wolfSSL 7:481bce714567 15853 }
wolfSSL 7:481bce714567 15854
wolfSSL 7:481bce714567 15855 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15856 }
wolfSSL 7:481bce714567 15857
wolfSSL 7:481bce714567 15858 #ifdef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 15859
wolfSSL 7:481bce714567 15860 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15861 * 1 if prime, 0 if not, -1 if error
wolfSSL 7:481bce714567 15862 */
wolfSSL 7:481bce714567 15863 int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
wolfSSL 7:481bce714567 15864 WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
wolfSSL 7:481bce714567 15865 {
wolfSSL 7:481bce714567 15866 int res;
wolfSSL 7:481bce714567 15867
wolfSSL 7:481bce714567 15868 (void)ctx;
wolfSSL 7:481bce714567 15869 (void)cb;
wolfSSL 7:481bce714567 15870
wolfSSL 7:481bce714567 15871 WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
wolfSSL 7:481bce714567 15872
wolfSSL 7:481bce714567 15873 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15874 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15875 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15876 }
wolfSSL 7:481bce714567 15877
wolfSSL 7:481bce714567 15878 if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
wolfSSL 7:481bce714567 15879 WOLFSSL_MSG("mp_prime_is_prime error");
wolfSSL 7:481bce714567 15880 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15881 }
wolfSSL 7:481bce714567 15882
wolfSSL 7:481bce714567 15883 if (res != MP_YES) {
wolfSSL 7:481bce714567 15884 WOLFSSL_MSG("mp_prime_is_prime not prime");
wolfSSL 7:481bce714567 15885 return SSL_FAILURE;
wolfSSL 7:481bce714567 15886 }
wolfSSL 7:481bce714567 15887
wolfSSL 7:481bce714567 15888 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15889 }
wolfSSL 7:481bce714567 15890
wolfSSL 7:481bce714567 15891 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15892 * (bn mod w) if success, -1 if error
wolfSSL 7:481bce714567 15893 */
wolfSSL 7:481bce714567 15894 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
wolfSSL 7:481bce714567 15895 WOLFSSL_BN_ULONG w)
wolfSSL 7:481bce714567 15896 {
wolfSSL 7:481bce714567 15897 WOLFSSL_BN_ULONG ret = 0;
wolfSSL 7:481bce714567 15898
wolfSSL 7:481bce714567 15899 WOLFSSL_MSG("wolfSSL_BN_mod_word");
wolfSSL 7:481bce714567 15900
wolfSSL 7:481bce714567 15901 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15902 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15903 return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15904 }
wolfSSL 7:481bce714567 15905
wolfSSL 7:481bce714567 15906 if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
wolfSSL 7:481bce714567 15907 WOLFSSL_MSG("mp_add_d error");
wolfSSL 7:481bce714567 15908 return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 15909 }
wolfSSL 7:481bce714567 15910
wolfSSL 7:481bce714567 15911 return ret;
wolfSSL 7:481bce714567 15912 }
wolfSSL 7:481bce714567 15913 #endif /* #ifdef WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 15914
wolfSSL 7:481bce714567 15915 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
wolfSSL 7:481bce714567 15916 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 15917 {
wolfSSL 7:481bce714567 15918 int len = 0;
wolfSSL 7:481bce714567 15919 char *buf;
wolfSSL 7:481bce714567 15920
wolfSSL 7:481bce714567 15921 WOLFSSL_MSG("wolfSSL_BN_bn2hex");
wolfSSL 7:481bce714567 15922
wolfSSL 7:481bce714567 15923 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15924 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15925 return NULL;
wolfSSL 7:481bce714567 15926 }
wolfSSL 7:481bce714567 15927
wolfSSL 7:481bce714567 15928 if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
wolfSSL 7:481bce714567 15929 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 7:481bce714567 15930 return NULL;
wolfSSL 7:481bce714567 15931 }
wolfSSL 7:481bce714567 15932
wolfSSL 7:481bce714567 15933 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15934 if (buf == NULL) {
wolfSSL 7:481bce714567 15935 WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
wolfSSL 7:481bce714567 15936 return NULL;
wolfSSL 7:481bce714567 15937 }
wolfSSL 7:481bce714567 15938
wolfSSL 7:481bce714567 15939 if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
wolfSSL 7:481bce714567 15940 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15941 return NULL;
wolfSSL 7:481bce714567 15942 }
wolfSSL 7:481bce714567 15943
wolfSSL 7:481bce714567 15944 return buf;
wolfSSL 7:481bce714567 15945 }
wolfSSL 7:481bce714567 15946
wolfSSL 7:481bce714567 15947 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 15948 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15949 * 1 if success, 0 if error
wolfSSL 7:481bce714567 15950 */
wolfSSL 7:481bce714567 15951 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 15952 {
wolfSSL 7:481bce714567 15953 char *buf;
wolfSSL 7:481bce714567 15954
wolfSSL 7:481bce714567 15955 WOLFSSL_MSG("wolfSSL_BN_print_fp");
wolfSSL 7:481bce714567 15956
wolfSSL 7:481bce714567 15957 if (fp == NULL || bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 15958 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 15959 return SSL_FAILURE;
wolfSSL 7:481bce714567 15960 }
wolfSSL 7:481bce714567 15961
wolfSSL 7:481bce714567 15962 buf = wolfSSL_BN_bn2hex(bn);
wolfSSL 7:481bce714567 15963 if (buf == NULL) {
wolfSSL 7:481bce714567 15964 WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
wolfSSL 7:481bce714567 15965 return SSL_FAILURE;
wolfSSL 7:481bce714567 15966 }
wolfSSL 7:481bce714567 15967
wolfSSL 7:481bce714567 15968 fprintf(fp, "%s", buf);
wolfSSL 7:481bce714567 15969 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15970
wolfSSL 7:481bce714567 15971 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15972 }
wolfSSL 7:481bce714567 15973 #endif /* !defined(NO_FILESYSTEM) */
wolfSSL 7:481bce714567 15974
wolfSSL 7:481bce714567 15975 #else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 7:481bce714567 15976
wolfSSL 7:481bce714567 15977 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 15978 {
wolfSSL 7:481bce714567 15979 (void)bn;
wolfSSL 7:481bce714567 15980
wolfSSL 7:481bce714567 15981 WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY");
wolfSSL 7:481bce714567 15982
wolfSSL 7:481bce714567 15983 return (char*)"";
wolfSSL 7:481bce714567 15984 }
wolfSSL 7:481bce714567 15985
wolfSSL 7:481bce714567 15986 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 15987 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 15988 * 1 if success, 0 if error
wolfSSL 7:481bce714567 15989 */
wolfSSL 7:481bce714567 15990 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 15991 {
wolfSSL 7:481bce714567 15992 (void)fp;
wolfSSL 7:481bce714567 15993 (void)bn;
wolfSSL 7:481bce714567 15994
wolfSSL 7:481bce714567 15995 WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
wolfSSL 7:481bce714567 15996
wolfSSL 7:481bce714567 15997 return SSL_SUCCESS;
wolfSSL 7:481bce714567 15998 }
wolfSSL 7:481bce714567 15999 #endif /* !defined(NO_FILESYSTEM) */
wolfSSL 7:481bce714567 16000
wolfSSL 7:481bce714567 16001 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 7:481bce714567 16002
wolfSSL 7:481bce714567 16003 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 16004 {
wolfSSL 7:481bce714567 16005 /* ctx is not used, return new Bignum */
wolfSSL 7:481bce714567 16006 (void)ctx;
wolfSSL 7:481bce714567 16007
wolfSSL 7:481bce714567 16008 WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
wolfSSL 7:481bce714567 16009
wolfSSL 7:481bce714567 16010 return wolfSSL_BN_new();
wolfSSL 7:481bce714567 16011 }
wolfSSL 7:481bce714567 16012
wolfSSL 7:481bce714567 16013 void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 16014 {
wolfSSL 7:481bce714567 16015 (void)ctx;
wolfSSL 7:481bce714567 16016
wolfSSL 7:481bce714567 16017 WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
wolfSSL 7:481bce714567 16018 WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
wolfSSL 7:481bce714567 16019 }
wolfSSL 7:481bce714567 16020
wolfSSL 7:481bce714567 16021 #ifndef NO_DH
wolfSSL 7:481bce714567 16022
wolfSSL 7:481bce714567 16023 static void InitwolfSSL_DH(WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16024 {
wolfSSL 7:481bce714567 16025 if (dh) {
wolfSSL 7:481bce714567 16026 dh->p = NULL;
wolfSSL 7:481bce714567 16027 dh->g = NULL;
wolfSSL 7:481bce714567 16028 dh->q = NULL;
wolfSSL 7:481bce714567 16029 dh->pub_key = NULL;
wolfSSL 7:481bce714567 16030 dh->priv_key = NULL;
wolfSSL 7:481bce714567 16031 dh->internal = NULL;
wolfSSL 7:481bce714567 16032 dh->inSet = 0;
wolfSSL 7:481bce714567 16033 dh->exSet = 0;
wolfSSL 7:481bce714567 16034 }
wolfSSL 7:481bce714567 16035 }
wolfSSL 7:481bce714567 16036
wolfSSL 7:481bce714567 16037
wolfSSL 7:481bce714567 16038 WOLFSSL_DH* wolfSSL_DH_new(void)
wolfSSL 7:481bce714567 16039 {
wolfSSL 7:481bce714567 16040 WOLFSSL_DH* external;
wolfSSL 7:481bce714567 16041 DhKey* key;
wolfSSL 7:481bce714567 16042
wolfSSL 7:481bce714567 16043 WOLFSSL_MSG("wolfSSL_DH_new");
wolfSSL 7:481bce714567 16044
wolfSSL 7:481bce714567 16045 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16046 if (key == NULL) {
wolfSSL 7:481bce714567 16047 WOLFSSL_MSG("wolfSSL_DH_new malloc DhKey failure");
wolfSSL 7:481bce714567 16048 return NULL;
wolfSSL 7:481bce714567 16049 }
wolfSSL 7:481bce714567 16050
wolfSSL 7:481bce714567 16051 external = (WOLFSSL_DH*) XMALLOC(sizeof(WOLFSSL_DH), NULL,
wolfSSL 7:481bce714567 16052 DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16053 if (external == NULL) {
wolfSSL 7:481bce714567 16054 WOLFSSL_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
wolfSSL 7:481bce714567 16055 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16056 return NULL;
wolfSSL 7:481bce714567 16057 }
wolfSSL 7:481bce714567 16058
wolfSSL 7:481bce714567 16059 InitwolfSSL_DH(external);
wolfSSL 7:481bce714567 16060 if (wc_InitDhKey(key) != 0) {
wolfSSL 7:481bce714567 16061 WOLFSSL_MSG("wolfSSL_DH_new InitDhKey failure");
wolfSSL 7:481bce714567 16062 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16063 XFREE(external, NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16064 return NULL;
wolfSSL 7:481bce714567 16065 }
wolfSSL 7:481bce714567 16066 external->internal = key;
wolfSSL 7:481bce714567 16067
wolfSSL 7:481bce714567 16068 return external;
wolfSSL 7:481bce714567 16069 }
wolfSSL 7:481bce714567 16070
wolfSSL 7:481bce714567 16071
wolfSSL 7:481bce714567 16072 void wolfSSL_DH_free(WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16073 {
wolfSSL 7:481bce714567 16074 WOLFSSL_MSG("wolfSSL_DH_free");
wolfSSL 7:481bce714567 16075
wolfSSL 7:481bce714567 16076 if (dh) {
wolfSSL 7:481bce714567 16077 if (dh->internal) {
wolfSSL 7:481bce714567 16078 wc_FreeDhKey((DhKey*)dh->internal);
wolfSSL 7:481bce714567 16079 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16080 dh->internal = NULL;
wolfSSL 7:481bce714567 16081 }
wolfSSL 7:481bce714567 16082 wolfSSL_BN_free(dh->priv_key);
wolfSSL 7:481bce714567 16083 wolfSSL_BN_free(dh->pub_key);
wolfSSL 7:481bce714567 16084 wolfSSL_BN_free(dh->g);
wolfSSL 7:481bce714567 16085 wolfSSL_BN_free(dh->p);
wolfSSL 7:481bce714567 16086 wolfSSL_BN_free(dh->q);
wolfSSL 7:481bce714567 16087 InitwolfSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 7:481bce714567 16088
wolfSSL 7:481bce714567 16089 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 16090 }
wolfSSL 7:481bce714567 16091 }
wolfSSL 7:481bce714567 16092
wolfSSL 7:481bce714567 16093
wolfSSL 7:481bce714567 16094 static int SetDhInternal(WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16095 {
wolfSSL 7:481bce714567 16096 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16097 int pSz = 1024;
wolfSSL 7:481bce714567 16098 int gSz = 1024;
wolfSSL 7:481bce714567 16099 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16100 unsigned char* p = NULL;
wolfSSL 7:481bce714567 16101 unsigned char* g = NULL;
wolfSSL 7:481bce714567 16102 #else
wolfSSL 7:481bce714567 16103 unsigned char p[1024];
wolfSSL 7:481bce714567 16104 unsigned char g[1024];
wolfSSL 7:481bce714567 16105 #endif
wolfSSL 7:481bce714567 16106
wolfSSL 7:481bce714567 16107 WOLFSSL_ENTER("SetDhInternal");
wolfSSL 7:481bce714567 16108
wolfSSL 7:481bce714567 16109 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 7:481bce714567 16110 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 16111 else if (wolfSSL_BN_bn2bin(dh->p, NULL) > pSz)
wolfSSL 7:481bce714567 16112 WOLFSSL_MSG("Bad p internal size");
wolfSSL 7:481bce714567 16113 else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz)
wolfSSL 7:481bce714567 16114 WOLFSSL_MSG("Bad g internal size");
wolfSSL 7:481bce714567 16115 else {
wolfSSL 7:481bce714567 16116 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16117 p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16118 g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16119
wolfSSL 7:481bce714567 16120 if (p == NULL || g == NULL) {
wolfSSL 7:481bce714567 16121 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16122 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16123 return ret;
wolfSSL 7:481bce714567 16124 }
wolfSSL 7:481bce714567 16125 #endif
wolfSSL 7:481bce714567 16126
wolfSSL 7:481bce714567 16127 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 7:481bce714567 16128 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 7:481bce714567 16129
wolfSSL 7:481bce714567 16130 if (pSz <= 0 || gSz <= 0)
wolfSSL 7:481bce714567 16131 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 7:481bce714567 16132 else if (wc_DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
wolfSSL 7:481bce714567 16133 WOLFSSL_MSG("Bad DH SetKey");
wolfSSL 7:481bce714567 16134 else {
wolfSSL 7:481bce714567 16135 dh->inSet = 1;
wolfSSL 7:481bce714567 16136 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 16137 }
wolfSSL 7:481bce714567 16138
wolfSSL 7:481bce714567 16139 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16140 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16141 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16142 #endif
wolfSSL 7:481bce714567 16143 }
wolfSSL 7:481bce714567 16144
wolfSSL 7:481bce714567 16145
wolfSSL 7:481bce714567 16146 return ret;
wolfSSL 7:481bce714567 16147 }
wolfSSL 7:481bce714567 16148
wolfSSL 7:481bce714567 16149 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 16150 * DH prime size in bytes if success, 0 if error
wolfSSL 7:481bce714567 16151 */
wolfSSL 7:481bce714567 16152 int wolfSSL_DH_size(WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16153 {
wolfSSL 7:481bce714567 16154 WOLFSSL_MSG("wolfSSL_DH_size");
wolfSSL 7:481bce714567 16155
wolfSSL 7:481bce714567 16156 if (dh == NULL)
wolfSSL 7:481bce714567 16157 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16158
wolfSSL 7:481bce714567 16159 return wolfSSL_BN_num_bytes(dh->p);
wolfSSL 7:481bce714567 16160 }
wolfSSL 7:481bce714567 16161
wolfSSL 7:481bce714567 16162
wolfSSL 7:481bce714567 16163 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 16164 * 1 if success, 0 if error
wolfSSL 7:481bce714567 16165 */
wolfSSL 7:481bce714567 16166 int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16167 {
wolfSSL 7:481bce714567 16168 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 16169 word32 pubSz = 768;
wolfSSL 7:481bce714567 16170 word32 privSz = 768;
wolfSSL 7:481bce714567 16171 int initTmpRng = 0;
wolfSSL 7:481bce714567 16172 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 16173 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16174 unsigned char* pub = NULL;
wolfSSL 7:481bce714567 16175 unsigned char* priv = NULL;
wolfSSL 7:481bce714567 16176 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 16177 #else
wolfSSL 7:481bce714567 16178 unsigned char pub [768];
wolfSSL 7:481bce714567 16179 unsigned char priv[768];
wolfSSL 7:481bce714567 16180 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 16181 #endif
wolfSSL 7:481bce714567 16182
wolfSSL 7:481bce714567 16183 WOLFSSL_MSG("wolfSSL_DH_generate_key");
wolfSSL 7:481bce714567 16184
wolfSSL 7:481bce714567 16185 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16186 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16187 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16188 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16189
wolfSSL 7:481bce714567 16190 if (tmpRNG == NULL || pub == NULL || priv == NULL) {
wolfSSL 7:481bce714567 16191 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16192 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16193 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16194 return ret;
wolfSSL 7:481bce714567 16195 }
wolfSSL 7:481bce714567 16196 #endif
wolfSSL 7:481bce714567 16197
wolfSSL 7:481bce714567 16198 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 7:481bce714567 16199 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 16200 else if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS)
wolfSSL 7:481bce714567 16201 WOLFSSL_MSG("Bad DH set internal");
wolfSSL 7:481bce714567 16202 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 16203 rng = tmpRNG;
wolfSSL 7:481bce714567 16204 initTmpRng = 1;
wolfSSL 7:481bce714567 16205 }
wolfSSL 7:481bce714567 16206 else {
wolfSSL 7:481bce714567 16207 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 16208 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 16209 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 16210 else
wolfSSL 7:481bce714567 16211 rng = &globalRNG;
wolfSSL 7:481bce714567 16212 }
wolfSSL 7:481bce714567 16213
wolfSSL 7:481bce714567 16214 if (rng) {
wolfSSL 7:481bce714567 16215 if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 7:481bce714567 16216 pub, &pubSz) < 0)
wolfSSL 7:481bce714567 16217 WOLFSSL_MSG("Bad wc_DhGenerateKeyPair");
wolfSSL 7:481bce714567 16218 else {
wolfSSL 7:481bce714567 16219 if (dh->pub_key)
wolfSSL 7:481bce714567 16220 wolfSSL_BN_free(dh->pub_key);
wolfSSL 7:481bce714567 16221
wolfSSL 7:481bce714567 16222 dh->pub_key = wolfSSL_BN_new();
wolfSSL 7:481bce714567 16223 if (dh->pub_key == NULL) {
wolfSSL 7:481bce714567 16224 WOLFSSL_MSG("Bad DH new pub");
wolfSSL 7:481bce714567 16225 }
wolfSSL 7:481bce714567 16226 if (dh->priv_key)
wolfSSL 7:481bce714567 16227 wolfSSL_BN_free(dh->priv_key);
wolfSSL 7:481bce714567 16228
wolfSSL 7:481bce714567 16229 dh->priv_key = wolfSSL_BN_new();
wolfSSL 7:481bce714567 16230
wolfSSL 7:481bce714567 16231 if (dh->priv_key == NULL) {
wolfSSL 7:481bce714567 16232 WOLFSSL_MSG("Bad DH new priv");
wolfSSL 7:481bce714567 16233 }
wolfSSL 7:481bce714567 16234
wolfSSL 7:481bce714567 16235 if (dh->pub_key && dh->priv_key) {
wolfSSL 7:481bce714567 16236 if (wolfSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
wolfSSL 7:481bce714567 16237 WOLFSSL_MSG("Bad DH bn2bin error pub");
wolfSSL 7:481bce714567 16238 else if (wolfSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
wolfSSL 7:481bce714567 16239 WOLFSSL_MSG("Bad DH bn2bin error priv");
wolfSSL 7:481bce714567 16240 else
wolfSSL 7:481bce714567 16241 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 16242 }
wolfSSL 7:481bce714567 16243 }
wolfSSL 7:481bce714567 16244 }
wolfSSL 7:481bce714567 16245
wolfSSL 7:481bce714567 16246 if (initTmpRng)
wolfSSL 7:481bce714567 16247 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 16248
wolfSSL 7:481bce714567 16249 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16250 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16251 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16252 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16253 #endif
wolfSSL 7:481bce714567 16254
wolfSSL 7:481bce714567 16255 return ret;
wolfSSL 7:481bce714567 16256 }
wolfSSL 7:481bce714567 16257
wolfSSL 7:481bce714567 16258
wolfSSL 7:481bce714567 16259 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 16260 * size of shared secret if success, -1 if error
wolfSSL 7:481bce714567 16261 */
wolfSSL 7:481bce714567 16262 int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
wolfSSL 7:481bce714567 16263 WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 16264 {
wolfSSL 7:481bce714567 16265 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16266 word32 keySz = 0;
wolfSSL 7:481bce714567 16267 word32 pubSz = 1024;
wolfSSL 7:481bce714567 16268 word32 privSz = 1024;
wolfSSL 7:481bce714567 16269 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16270 unsigned char* pub = NULL;
wolfSSL 7:481bce714567 16271 unsigned char* priv = NULL;
wolfSSL 7:481bce714567 16272 #else
wolfSSL 7:481bce714567 16273 unsigned char pub [1024];
wolfSSL 7:481bce714567 16274 unsigned char priv[1024];
wolfSSL 7:481bce714567 16275 #endif
wolfSSL 7:481bce714567 16276
wolfSSL 7:481bce714567 16277 WOLFSSL_MSG("wolfSSL_DH_compute_key");
wolfSSL 7:481bce714567 16278
wolfSSL 7:481bce714567 16279 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16280 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16281 if (pub == NULL)
wolfSSL 7:481bce714567 16282 return ret;
wolfSSL 7:481bce714567 16283
wolfSSL 7:481bce714567 16284 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16285 if (priv == NULL) {
wolfSSL 7:481bce714567 16286 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16287 return ret;
wolfSSL 7:481bce714567 16288 }
wolfSSL 7:481bce714567 16289 #endif
wolfSSL 7:481bce714567 16290
wolfSSL 7:481bce714567 16291 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL)
wolfSSL 7:481bce714567 16292 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 16293 else if ((keySz = (word32)DH_size(dh)) == 0)
wolfSSL 7:481bce714567 16294 WOLFSSL_MSG("Bad DH_size");
wolfSSL 7:481bce714567 16295 else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
wolfSSL 7:481bce714567 16296 WOLFSSL_MSG("Bad priv internal size");
wolfSSL 7:481bce714567 16297 else if (wolfSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
wolfSSL 7:481bce714567 16298 WOLFSSL_MSG("Bad otherPub size");
wolfSSL 7:481bce714567 16299 else {
wolfSSL 7:481bce714567 16300 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 7:481bce714567 16301 pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
wolfSSL 7:481bce714567 16302
wolfSSL 7:481bce714567 16303 if (privSz <= 0 || pubSz <= 0)
wolfSSL 7:481bce714567 16304 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 7:481bce714567 16305 else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz,
wolfSSL 7:481bce714567 16306 priv, privSz, pub, pubSz) < 0)
wolfSSL 7:481bce714567 16307 WOLFSSL_MSG("wc_DhAgree failed");
wolfSSL 7:481bce714567 16308 else
wolfSSL 7:481bce714567 16309 ret = (int)keySz;
wolfSSL 7:481bce714567 16310 }
wolfSSL 7:481bce714567 16311
wolfSSL 7:481bce714567 16312 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16313 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16314 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16315 #endif
wolfSSL 7:481bce714567 16316
wolfSSL 7:481bce714567 16317 return ret;
wolfSSL 7:481bce714567 16318 }
wolfSSL 7:481bce714567 16319 #endif /* NO_DH */
wolfSSL 7:481bce714567 16320
wolfSSL 7:481bce714567 16321
wolfSSL 7:481bce714567 16322 #ifndef NO_DSA
wolfSSL 7:481bce714567 16323 static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 16324 {
wolfSSL 7:481bce714567 16325 if (dsa) {
wolfSSL 7:481bce714567 16326 dsa->p = NULL;
wolfSSL 7:481bce714567 16327 dsa->q = NULL;
wolfSSL 7:481bce714567 16328 dsa->g = NULL;
wolfSSL 7:481bce714567 16329 dsa->pub_key = NULL;
wolfSSL 7:481bce714567 16330 dsa->priv_key = NULL;
wolfSSL 7:481bce714567 16331 dsa->internal = NULL;
wolfSSL 7:481bce714567 16332 dsa->inSet = 0;
wolfSSL 7:481bce714567 16333 dsa->exSet = 0;
wolfSSL 7:481bce714567 16334 }
wolfSSL 7:481bce714567 16335 }
wolfSSL 7:481bce714567 16336
wolfSSL 7:481bce714567 16337
wolfSSL 7:481bce714567 16338 WOLFSSL_DSA* wolfSSL_DSA_new(void)
wolfSSL 7:481bce714567 16339 {
wolfSSL 7:481bce714567 16340 WOLFSSL_DSA* external;
wolfSSL 7:481bce714567 16341 DsaKey* key;
wolfSSL 7:481bce714567 16342
wolfSSL 7:481bce714567 16343 WOLFSSL_MSG("wolfSSL_DSA_new");
wolfSSL 7:481bce714567 16344
wolfSSL 7:481bce714567 16345 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16346 if (key == NULL) {
wolfSSL 7:481bce714567 16347 WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
wolfSSL 7:481bce714567 16348 return NULL;
wolfSSL 7:481bce714567 16349 }
wolfSSL 7:481bce714567 16350
wolfSSL 7:481bce714567 16351 external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
wolfSSL 7:481bce714567 16352 DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16353 if (external == NULL) {
wolfSSL 7:481bce714567 16354 WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
wolfSSL 7:481bce714567 16355 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16356 return NULL;
wolfSSL 7:481bce714567 16357 }
wolfSSL 7:481bce714567 16358
wolfSSL 7:481bce714567 16359 InitwolfSSL_DSA(external);
wolfSSL 7:481bce714567 16360 if (wc_InitDsaKey(key) != 0) {
wolfSSL 7:481bce714567 16361 WOLFSSL_MSG("wolfSSL_DSA_new InitDsaKey failure");
wolfSSL 7:481bce714567 16362 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16363 return NULL;
wolfSSL 7:481bce714567 16364 }
wolfSSL 7:481bce714567 16365 external->internal = key;
wolfSSL 7:481bce714567 16366
wolfSSL 7:481bce714567 16367 return external;
wolfSSL 7:481bce714567 16368 }
wolfSSL 7:481bce714567 16369
wolfSSL 7:481bce714567 16370
wolfSSL 7:481bce714567 16371 void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 16372 {
wolfSSL 7:481bce714567 16373 WOLFSSL_MSG("wolfSSL_DSA_free");
wolfSSL 7:481bce714567 16374
wolfSSL 7:481bce714567 16375 if (dsa) {
wolfSSL 7:481bce714567 16376 if (dsa->internal) {
wolfSSL 7:481bce714567 16377 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 7:481bce714567 16378 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16379 dsa->internal = NULL;
wolfSSL 7:481bce714567 16380 }
wolfSSL 7:481bce714567 16381 wolfSSL_BN_free(dsa->priv_key);
wolfSSL 7:481bce714567 16382 wolfSSL_BN_free(dsa->pub_key);
wolfSSL 7:481bce714567 16383 wolfSSL_BN_free(dsa->g);
wolfSSL 7:481bce714567 16384 wolfSSL_BN_free(dsa->q);
wolfSSL 7:481bce714567 16385 wolfSSL_BN_free(dsa->p);
wolfSSL 7:481bce714567 16386 InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 7:481bce714567 16387
wolfSSL 7:481bce714567 16388 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 7:481bce714567 16389 dsa = NULL;
wolfSSL 7:481bce714567 16390 }
wolfSSL 7:481bce714567 16391 }
wolfSSL 7:481bce714567 16392
wolfSSL 7:481bce714567 16393 #endif /* NO_DSA */
wolfSSL 7:481bce714567 16394
wolfSSL 7:481bce714567 16395 #ifndef NO_RSA
wolfSSL 7:481bce714567 16396 static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 16397 {
wolfSSL 7:481bce714567 16398 if (rsa) {
wolfSSL 7:481bce714567 16399 rsa->n = NULL;
wolfSSL 7:481bce714567 16400 rsa->e = NULL;
wolfSSL 7:481bce714567 16401 rsa->d = NULL;
wolfSSL 7:481bce714567 16402 rsa->p = NULL;
wolfSSL 7:481bce714567 16403 rsa->q = NULL;
wolfSSL 7:481bce714567 16404 rsa->dmp1 = NULL;
wolfSSL 7:481bce714567 16405 rsa->dmq1 = NULL;
wolfSSL 7:481bce714567 16406 rsa->iqmp = NULL;
wolfSSL 7:481bce714567 16407 rsa->internal = NULL;
wolfSSL 7:481bce714567 16408 rsa->inSet = 0;
wolfSSL 7:481bce714567 16409 rsa->exSet = 0;
wolfSSL 7:481bce714567 16410 }
wolfSSL 7:481bce714567 16411 }
wolfSSL 7:481bce714567 16412
wolfSSL 7:481bce714567 16413
wolfSSL 7:481bce714567 16414 WOLFSSL_RSA* wolfSSL_RSA_new(void)
wolfSSL 7:481bce714567 16415 {
wolfSSL 7:481bce714567 16416 WOLFSSL_RSA* external;
wolfSSL 7:481bce714567 16417 RsaKey* key;
wolfSSL 7:481bce714567 16418
wolfSSL 7:481bce714567 16419 WOLFSSL_MSG("wolfSSL_RSA_new");
wolfSSL 7:481bce714567 16420
wolfSSL 7:481bce714567 16421 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16422 if (key == NULL) {
wolfSSL 7:481bce714567 16423 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure");
wolfSSL 7:481bce714567 16424 return NULL;
wolfSSL 7:481bce714567 16425 }
wolfSSL 7:481bce714567 16426
wolfSSL 7:481bce714567 16427 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL,
wolfSSL 7:481bce714567 16428 DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16429 if (external == NULL) {
wolfSSL 7:481bce714567 16430 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
wolfSSL 7:481bce714567 16431 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16432 return NULL;
wolfSSL 7:481bce714567 16433 }
wolfSSL 7:481bce714567 16434
wolfSSL 7:481bce714567 16435 InitwolfSSL_Rsa(external);
wolfSSL 7:481bce714567 16436 if (wc_InitRsaKey(key, NULL) != 0) {
wolfSSL 7:481bce714567 16437 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure");
wolfSSL 7:481bce714567 16438 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16439 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16440 return NULL;
wolfSSL 7:481bce714567 16441 }
wolfSSL 7:481bce714567 16442 external->internal = key;
wolfSSL 7:481bce714567 16443
wolfSSL 7:481bce714567 16444 return external;
wolfSSL 7:481bce714567 16445 }
wolfSSL 7:481bce714567 16446
wolfSSL 7:481bce714567 16447
wolfSSL 7:481bce714567 16448 void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 16449 {
wolfSSL 7:481bce714567 16450 WOLFSSL_MSG("wolfSSL_RSA_free");
wolfSSL 7:481bce714567 16451
wolfSSL 7:481bce714567 16452 if (rsa) {
wolfSSL 7:481bce714567 16453 if (rsa->internal) {
wolfSSL 7:481bce714567 16454 wc_FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 7:481bce714567 16455 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16456 rsa->internal = NULL;
wolfSSL 7:481bce714567 16457 }
wolfSSL 7:481bce714567 16458 wolfSSL_BN_free(rsa->iqmp);
wolfSSL 7:481bce714567 16459 wolfSSL_BN_free(rsa->dmq1);
wolfSSL 7:481bce714567 16460 wolfSSL_BN_free(rsa->dmp1);
wolfSSL 7:481bce714567 16461 wolfSSL_BN_free(rsa->q);
wolfSSL 7:481bce714567 16462 wolfSSL_BN_free(rsa->p);
wolfSSL 7:481bce714567 16463 wolfSSL_BN_free(rsa->d);
wolfSSL 7:481bce714567 16464 wolfSSL_BN_free(rsa->e);
wolfSSL 7:481bce714567 16465 wolfSSL_BN_free(rsa->n);
wolfSSL 7:481bce714567 16466 InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 7:481bce714567 16467
wolfSSL 7:481bce714567 16468 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16469 rsa = NULL;
wolfSSL 7:481bce714567 16470 }
wolfSSL 7:481bce714567 16471 }
wolfSSL 7:481bce714567 16472 #endif /* NO_RSA */
wolfSSL 7:481bce714567 16473
wolfSSL 7:481bce714567 16474
wolfSSL 7:481bce714567 16475 /* these defines are to make sure the functions SetIndividualExternal is not
wolfSSL 7:481bce714567 16476 * declared and then not used. */
wolfSSL 7:481bce714567 16477 #if !defined(NO_ASN) || !defined(NO_DSA) || defined(HAVE_ECC) || \
wolfSSL 7:481bce714567 16478 (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA))
wolfSSL 7:481bce714567 16479 /* when calling SetIndividualExternal, mpi should be cleared by caller if no
wolfSSL 7:481bce714567 16480 * longer used. ie mp_clear(mpi). This is to free data when fastmath is
wolfSSL 7:481bce714567 16481 * disabled since a copy of mpi is made by this function and placed into bn.
wolfSSL 7:481bce714567 16482 */
wolfSSL 7:481bce714567 16483 static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 7:481bce714567 16484 {
wolfSSL 7:481bce714567 16485 byte dynamic = 0;
wolfSSL 7:481bce714567 16486
wolfSSL 7:481bce714567 16487 WOLFSSL_MSG("Entering SetIndividualExternal");
wolfSSL 7:481bce714567 16488
wolfSSL 7:481bce714567 16489 if (mpi == NULL || bn == NULL) {
wolfSSL 7:481bce714567 16490 WOLFSSL_MSG("mpi NULL error");
wolfSSL 7:481bce714567 16491 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16492 }
wolfSSL 7:481bce714567 16493
wolfSSL 7:481bce714567 16494 if (*bn == NULL) {
wolfSSL 7:481bce714567 16495 *bn = wolfSSL_BN_new();
wolfSSL 7:481bce714567 16496 if (*bn == NULL) {
wolfSSL 7:481bce714567 16497 WOLFSSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 7:481bce714567 16498 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16499 }
wolfSSL 7:481bce714567 16500 dynamic = 1;
wolfSSL 7:481bce714567 16501 }
wolfSSL 7:481bce714567 16502
wolfSSL 7:481bce714567 16503 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 7:481bce714567 16504 WOLFSSL_MSG("mp_copy error");
wolfSSL 7:481bce714567 16505 if (dynamic == 1) {
wolfSSL 7:481bce714567 16506 wolfSSL_BN_free(*bn);
wolfSSL 7:481bce714567 16507 }
wolfSSL 7:481bce714567 16508 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16509 }
wolfSSL 7:481bce714567 16510
wolfSSL 7:481bce714567 16511 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16512 }
wolfSSL 7:481bce714567 16513
wolfSSL 7:481bce714567 16514 static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
wolfSSL 7:481bce714567 16515 {
wolfSSL 7:481bce714567 16516 WOLFSSL_MSG("Entering SetIndividualInternal");
wolfSSL 7:481bce714567 16517
wolfSSL 7:481bce714567 16518 if (bn == NULL || bn->internal == NULL) {
wolfSSL 7:481bce714567 16519 WOLFSSL_MSG("bn NULL error");
wolfSSL 7:481bce714567 16520 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16521 }
wolfSSL 7:481bce714567 16522
wolfSSL 7:481bce714567 16523 if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
wolfSSL 7:481bce714567 16524 WOLFSSL_MSG("mpi NULL error");
wolfSSL 7:481bce714567 16525 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16526 }
wolfSSL 7:481bce714567 16527
wolfSSL 7:481bce714567 16528 if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
wolfSSL 7:481bce714567 16529 WOLFSSL_MSG("mp_copy error");
wolfSSL 7:481bce714567 16530 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16531 }
wolfSSL 7:481bce714567 16532
wolfSSL 7:481bce714567 16533 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16534 }
wolfSSL 7:481bce714567 16535
wolfSSL 7:481bce714567 16536
wolfSSL 7:481bce714567 16537 #ifndef NO_ASN
wolfSSL 7:481bce714567 16538 WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
wolfSSL 7:481bce714567 16539 WOLFSSL_BIGNUM *bn)
wolfSSL 7:481bce714567 16540 {
wolfSSL 7:481bce714567 16541 mp_int mpi;
wolfSSL 7:481bce714567 16542 word32 idx = 0;
wolfSSL 7:481bce714567 16543 int ret;
wolfSSL 7:481bce714567 16544
wolfSSL 7:481bce714567 16545 WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
wolfSSL 7:481bce714567 16546
wolfSSL 7:481bce714567 16547 if (ai == NULL) {
wolfSSL 7:481bce714567 16548 return NULL;
wolfSSL 7:481bce714567 16549 }
wolfSSL 7:481bce714567 16550
wolfSSL 7:481bce714567 16551 if ((ret = GetInt(&mpi, ai->data, &idx, sizeof(ai->data))) != 0) {
wolfSSL 7:481bce714567 16552 /* expecting ASN1 format for INTEGER */
wolfSSL 7:481bce714567 16553 WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret);
wolfSSL 7:481bce714567 16554 return NULL;
wolfSSL 7:481bce714567 16555 }
wolfSSL 7:481bce714567 16556
wolfSSL 7:481bce714567 16557 /* mp_clear needs called because mpi is copied and causes memory leak with
wolfSSL 7:481bce714567 16558 * --disable-fastmath */
wolfSSL 7:481bce714567 16559 ret = SetIndividualExternal(&bn, &mpi);
wolfSSL 7:481bce714567 16560 mp_clear(&mpi);
wolfSSL 7:481bce714567 16561
wolfSSL 7:481bce714567 16562 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16563 return NULL;
wolfSSL 7:481bce714567 16564 }
wolfSSL 7:481bce714567 16565 return bn;
wolfSSL 7:481bce714567 16566 }
wolfSSL 7:481bce714567 16567 #endif /* !NO_ASN */
wolfSSL 7:481bce714567 16568
wolfSSL 7:481bce714567 16569 #if !defined(NO_DSA) && !defined(NO_DH)
wolfSSL 7:481bce714567 16570 WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)
wolfSSL 7:481bce714567 16571 {
wolfSSL 7:481bce714567 16572 WOLFSSL_DH* dh;
wolfSSL 7:481bce714567 16573 DhKey* key;
wolfSSL 7:481bce714567 16574
wolfSSL 7:481bce714567 16575 WOLFSSL_ENTER("wolfSSL_DSA_dup_DH");
wolfSSL 7:481bce714567 16576
wolfSSL 7:481bce714567 16577 if (dsa == NULL) {
wolfSSL 7:481bce714567 16578 return NULL;
wolfSSL 7:481bce714567 16579 }
wolfSSL 7:481bce714567 16580
wolfSSL 7:481bce714567 16581 dh = wolfSSL_DH_new();
wolfSSL 7:481bce714567 16582 if (dh == NULL) {
wolfSSL 7:481bce714567 16583 return NULL;
wolfSSL 7:481bce714567 16584 }
wolfSSL 7:481bce714567 16585 key = (DhKey*)dh->internal;
wolfSSL 7:481bce714567 16586
wolfSSL 7:481bce714567 16587 if (dsa->p != NULL &&
wolfSSL 7:481bce714567 16588 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16589 WOLFSSL_MSG("rsa p key error");
wolfSSL 7:481bce714567 16590 wolfSSL_DH_free(dh);
wolfSSL 7:481bce714567 16591 return NULL;
wolfSSL 7:481bce714567 16592 }
wolfSSL 7:481bce714567 16593 if (dsa->g != NULL &&
wolfSSL 7:481bce714567 16594 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->g, &key->g) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16595 WOLFSSL_MSG("rsa g key error");
wolfSSL 7:481bce714567 16596 wolfSSL_DH_free(dh);
wolfSSL 7:481bce714567 16597 return NULL;
wolfSSL 7:481bce714567 16598 }
wolfSSL 7:481bce714567 16599
wolfSSL 7:481bce714567 16600 if (SetIndividualExternal(&dh->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16601 WOLFSSL_MSG("dsa p key error");
wolfSSL 7:481bce714567 16602 wolfSSL_DH_free(dh);
wolfSSL 7:481bce714567 16603 return NULL;
wolfSSL 7:481bce714567 16604 }
wolfSSL 7:481bce714567 16605 if (SetIndividualExternal(&dh->g, &key->g) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16606 WOLFSSL_MSG("dsa g key error");
wolfSSL 7:481bce714567 16607 wolfSSL_DH_free(dh);
wolfSSL 7:481bce714567 16608 return NULL;
wolfSSL 7:481bce714567 16609 }
wolfSSL 7:481bce714567 16610
wolfSSL 7:481bce714567 16611 return dh;
wolfSSL 7:481bce714567 16612 }
wolfSSL 7:481bce714567 16613 #endif /* !defined(NO_DSA) && !defined(NO_DH) */
wolfSSL 7:481bce714567 16614
wolfSSL 7:481bce714567 16615 #endif /* !NO_RSA && !NO_DSA */
wolfSSL 7:481bce714567 16616
wolfSSL 7:481bce714567 16617
wolfSSL 7:481bce714567 16618 #ifndef NO_DSA
wolfSSL 7:481bce714567 16619 /* wolfSSL -> OpenSSL */
wolfSSL 7:481bce714567 16620 static int SetDsaExternal(WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 16621 {
wolfSSL 7:481bce714567 16622 DsaKey* key;
wolfSSL 7:481bce714567 16623 WOLFSSL_MSG("Entering SetDsaExternal");
wolfSSL 7:481bce714567 16624
wolfSSL 7:481bce714567 16625 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 16626 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 7:481bce714567 16627 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16628 }
wolfSSL 7:481bce714567 16629
wolfSSL 7:481bce714567 16630 key = (DsaKey*)dsa->internal;
wolfSSL 7:481bce714567 16631
wolfSSL 7:481bce714567 16632 if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16633 WOLFSSL_MSG("dsa p key error");
wolfSSL 7:481bce714567 16634 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16635 }
wolfSSL 7:481bce714567 16636
wolfSSL 7:481bce714567 16637 if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16638 WOLFSSL_MSG("dsa q key error");
wolfSSL 7:481bce714567 16639 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16640 }
wolfSSL 7:481bce714567 16641
wolfSSL 7:481bce714567 16642 if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16643 WOLFSSL_MSG("dsa g key error");
wolfSSL 7:481bce714567 16644 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16645 }
wolfSSL 7:481bce714567 16646
wolfSSL 7:481bce714567 16647 if (SetIndividualExternal(&dsa->pub_key, &key->y) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16648 WOLFSSL_MSG("dsa y key error");
wolfSSL 7:481bce714567 16649 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16650 }
wolfSSL 7:481bce714567 16651
wolfSSL 7:481bce714567 16652 if (SetIndividualExternal(&dsa->priv_key, &key->x) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16653 WOLFSSL_MSG("dsa x key error");
wolfSSL 7:481bce714567 16654 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16655 }
wolfSSL 7:481bce714567 16656
wolfSSL 7:481bce714567 16657 dsa->exSet = 1;
wolfSSL 7:481bce714567 16658
wolfSSL 7:481bce714567 16659 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16660 }
wolfSSL 7:481bce714567 16661
wolfSSL 7:481bce714567 16662 /* Openssl -> WolfSSL */
wolfSSL 7:481bce714567 16663 static int SetDsaInternal(WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 16664 {
wolfSSL 7:481bce714567 16665 DsaKey* key;
wolfSSL 7:481bce714567 16666 WOLFSSL_MSG("Entering SetDsaInternal");
wolfSSL 7:481bce714567 16667
wolfSSL 7:481bce714567 16668 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 16669 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 7:481bce714567 16670 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16671 }
wolfSSL 7:481bce714567 16672
wolfSSL 7:481bce714567 16673 key = (DsaKey*)dsa->internal;
wolfSSL 7:481bce714567 16674
wolfSSL 7:481bce714567 16675 if (dsa->p != NULL &&
wolfSSL 7:481bce714567 16676 SetIndividualInternal(dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16677 WOLFSSL_MSG("rsa p key error");
wolfSSL 7:481bce714567 16678 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16679 }
wolfSSL 7:481bce714567 16680
wolfSSL 7:481bce714567 16681 if (dsa->q != NULL &&
wolfSSL 7:481bce714567 16682 SetIndividualInternal(dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16683 WOLFSSL_MSG("rsa q key error");
wolfSSL 7:481bce714567 16684 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16685 }
wolfSSL 7:481bce714567 16686
wolfSSL 7:481bce714567 16687 if (dsa->g != NULL &&
wolfSSL 7:481bce714567 16688 SetIndividualInternal(dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16689 WOLFSSL_MSG("rsa g key error");
wolfSSL 7:481bce714567 16690 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16691 }
wolfSSL 7:481bce714567 16692
wolfSSL 7:481bce714567 16693 if (dsa->pub_key != NULL) {
wolfSSL 7:481bce714567 16694 if (SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16695 WOLFSSL_MSG("rsa pub_key error");
wolfSSL 7:481bce714567 16696 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16697 }
wolfSSL 7:481bce714567 16698
wolfSSL 7:481bce714567 16699 /* public key */
wolfSSL 7:481bce714567 16700 key->type = DSA_PUBLIC;
wolfSSL 7:481bce714567 16701 }
wolfSSL 7:481bce714567 16702
wolfSSL 7:481bce714567 16703 if (dsa->priv_key != NULL) {
wolfSSL 7:481bce714567 16704 if (SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16705 WOLFSSL_MSG("rsa priv_key error");
wolfSSL 7:481bce714567 16706 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16707 }
wolfSSL 7:481bce714567 16708
wolfSSL 7:481bce714567 16709 /* private key */
wolfSSL 7:481bce714567 16710 key->type = DSA_PRIVATE;
wolfSSL 7:481bce714567 16711 }
wolfSSL 7:481bce714567 16712
wolfSSL 7:481bce714567 16713 dsa->inSet = 1;
wolfSSL 7:481bce714567 16714
wolfSSL 7:481bce714567 16715 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16716 }
wolfSSL 7:481bce714567 16717 #endif /* NO_DSA */
wolfSSL 7:481bce714567 16718
wolfSSL 7:481bce714567 16719
wolfSSL 7:481bce714567 16720 #if !defined(NO_RSA)
wolfSSL 7:481bce714567 16721 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 7:481bce714567 16722 /* WolfSSL -> OpenSSL */
wolfSSL 7:481bce714567 16723 static int SetRsaExternal(WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 16724 {
wolfSSL 7:481bce714567 16725 RsaKey* key;
wolfSSL 7:481bce714567 16726 WOLFSSL_MSG("Entering SetRsaExternal");
wolfSSL 7:481bce714567 16727
wolfSSL 7:481bce714567 16728 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 7:481bce714567 16729 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 7:481bce714567 16730 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16731 }
wolfSSL 7:481bce714567 16732
wolfSSL 7:481bce714567 16733 key = (RsaKey*)rsa->internal;
wolfSSL 7:481bce714567 16734
wolfSSL 7:481bce714567 16735 if (SetIndividualExternal(&rsa->n, &key->n) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16736 WOLFSSL_MSG("rsa n key error");
wolfSSL 7:481bce714567 16737 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16738 }
wolfSSL 7:481bce714567 16739
wolfSSL 7:481bce714567 16740 if (SetIndividualExternal(&rsa->e, &key->e) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16741 WOLFSSL_MSG("rsa e key error");
wolfSSL 7:481bce714567 16742 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16743 }
wolfSSL 7:481bce714567 16744
wolfSSL 7:481bce714567 16745 if (SetIndividualExternal(&rsa->d, &key->d) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16746 WOLFSSL_MSG("rsa d key error");
wolfSSL 7:481bce714567 16747 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16748 }
wolfSSL 7:481bce714567 16749
wolfSSL 7:481bce714567 16750 if (SetIndividualExternal(&rsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16751 WOLFSSL_MSG("rsa p key error");
wolfSSL 7:481bce714567 16752 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16753 }
wolfSSL 7:481bce714567 16754
wolfSSL 7:481bce714567 16755 if (SetIndividualExternal(&rsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16756 WOLFSSL_MSG("rsa q key error");
wolfSSL 7:481bce714567 16757 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16758 }
wolfSSL 7:481bce714567 16759
wolfSSL 7:481bce714567 16760 if (SetIndividualExternal(&rsa->dmp1, &key->dP) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16761 WOLFSSL_MSG("rsa dP key error");
wolfSSL 7:481bce714567 16762 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16763 }
wolfSSL 7:481bce714567 16764
wolfSSL 7:481bce714567 16765 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16766 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 7:481bce714567 16767 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16768 }
wolfSSL 7:481bce714567 16769
wolfSSL 7:481bce714567 16770 if (SetIndividualExternal(&rsa->iqmp, &key->u) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16771 WOLFSSL_MSG("rsa u key error");
wolfSSL 7:481bce714567 16772 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16773 }
wolfSSL 7:481bce714567 16774
wolfSSL 7:481bce714567 16775 rsa->exSet = 1;
wolfSSL 7:481bce714567 16776
wolfSSL 7:481bce714567 16777 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16778 }
wolfSSL 7:481bce714567 16779
wolfSSL 7:481bce714567 16780 /* Openssl -> WolfSSL */
wolfSSL 7:481bce714567 16781 static int SetRsaInternal(WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 16782 {
wolfSSL 7:481bce714567 16783 RsaKey* key;
wolfSSL 7:481bce714567 16784 WOLFSSL_MSG("Entering SetRsaInternal");
wolfSSL 7:481bce714567 16785
wolfSSL 7:481bce714567 16786 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 7:481bce714567 16787 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 7:481bce714567 16788 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16789 }
wolfSSL 7:481bce714567 16790
wolfSSL 7:481bce714567 16791 key = (RsaKey*)rsa->internal;
wolfSSL 7:481bce714567 16792
wolfSSL 7:481bce714567 16793 if (SetIndividualInternal(rsa->n, &key->n) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16794 WOLFSSL_MSG("rsa n key error");
wolfSSL 7:481bce714567 16795 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16796 }
wolfSSL 7:481bce714567 16797
wolfSSL 7:481bce714567 16798 if (SetIndividualInternal(rsa->e, &key->e) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16799 WOLFSSL_MSG("rsa e key error");
wolfSSL 7:481bce714567 16800 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16801 }
wolfSSL 7:481bce714567 16802
wolfSSL 7:481bce714567 16803 /* public key */
wolfSSL 7:481bce714567 16804 key->type = RSA_PUBLIC;
wolfSSL 7:481bce714567 16805
wolfSSL 7:481bce714567 16806 if (rsa->d != NULL) {
wolfSSL 7:481bce714567 16807 if (SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16808 WOLFSSL_MSG("rsa d key error");
wolfSSL 7:481bce714567 16809 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16810 }
wolfSSL 7:481bce714567 16811
wolfSSL 7:481bce714567 16812 /* private key */
wolfSSL 7:481bce714567 16813 key->type = RSA_PRIVATE;
wolfSSL 7:481bce714567 16814 }
wolfSSL 7:481bce714567 16815
wolfSSL 7:481bce714567 16816 if (rsa->p != NULL &&
wolfSSL 7:481bce714567 16817 SetIndividualInternal(rsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16818 WOLFSSL_MSG("rsa p key error");
wolfSSL 7:481bce714567 16819 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16820 }
wolfSSL 7:481bce714567 16821
wolfSSL 7:481bce714567 16822 if (rsa->q != NULL &&
wolfSSL 7:481bce714567 16823 SetIndividualInternal(rsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16824 WOLFSSL_MSG("rsa q key error");
wolfSSL 7:481bce714567 16825 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16826 }
wolfSSL 7:481bce714567 16827
wolfSSL 7:481bce714567 16828 if (rsa->dmp1 != NULL &&
wolfSSL 7:481bce714567 16829 SetIndividualInternal(rsa->dmp1, &key->dP) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16830 WOLFSSL_MSG("rsa dP key error");
wolfSSL 7:481bce714567 16831 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16832 }
wolfSSL 7:481bce714567 16833
wolfSSL 7:481bce714567 16834 if (rsa->dmq1 != NULL &&
wolfSSL 7:481bce714567 16835 SetIndividualInternal(rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16836 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 7:481bce714567 16837 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16838 }
wolfSSL 7:481bce714567 16839
wolfSSL 7:481bce714567 16840 if (rsa->iqmp != NULL &&
wolfSSL 7:481bce714567 16841 SetIndividualInternal(rsa->iqmp, &key->u) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16842 WOLFSSL_MSG("rsa u key error");
wolfSSL 7:481bce714567 16843 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16844 }
wolfSSL 7:481bce714567 16845
wolfSSL 7:481bce714567 16846 rsa->inSet = 1;
wolfSSL 7:481bce714567 16847
wolfSSL 7:481bce714567 16848 return SSL_SUCCESS;
wolfSSL 7:481bce714567 16849 }
wolfSSL 7:481bce714567 16850 #endif /* HAVE_USER_RSA */
wolfSSL 7:481bce714567 16851
wolfSSL 7:481bce714567 16852 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 16853 * 1 if success, 0 if error
wolfSSL 7:481bce714567 16854 */
wolfSSL 7:481bce714567 16855 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
wolfSSL 7:481bce714567 16856 void* cb)
wolfSSL 7:481bce714567 16857 {
wolfSSL 7:481bce714567 16858 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 16859
wolfSSL 7:481bce714567 16860 (void)cb;
wolfSSL 7:481bce714567 16861 (void)bn;
wolfSSL 7:481bce714567 16862 (void)bits;
wolfSSL 7:481bce714567 16863
wolfSSL 7:481bce714567 16864 WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
wolfSSL 7:481bce714567 16865
wolfSSL 7:481bce714567 16866 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 7:481bce714567 16867 /* bit size checked during make key call */
wolfSSL 7:481bce714567 16868 WOLFSSL_MSG("bad arguments");
wolfSSL 7:481bce714567 16869 return SSL_FAILURE;
wolfSSL 7:481bce714567 16870 }
wolfSSL 7:481bce714567 16871
wolfSSL 7:481bce714567 16872 #ifdef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 16873 {
wolfSSL 7:481bce714567 16874 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16875 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 16876 #else
wolfSSL 7:481bce714567 16877 WC_RNG rng[1];
wolfSSL 7:481bce714567 16878 #endif
wolfSSL 7:481bce714567 16879
wolfSSL 7:481bce714567 16880 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16881 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16882 if (rng == NULL)
wolfSSL 7:481bce714567 16883 return SSL_FAILURE;
wolfSSL 7:481bce714567 16884 #endif
wolfSSL 7:481bce714567 16885
wolfSSL 7:481bce714567 16886 if (wc_InitRng(rng) < 0)
wolfSSL 7:481bce714567 16887 WOLFSSL_MSG("RNG init failed");
wolfSSL 7:481bce714567 16888 else if (wc_MakeRsaKey((RsaKey*)rsa->internal,
wolfSSL 7:481bce714567 16889 bits, 65537, rng) != MP_OKAY)
wolfSSL 7:481bce714567 16890 WOLFSSL_MSG("wc_MakeRsaKey failed");
wolfSSL 7:481bce714567 16891 else if (SetRsaExternal(rsa) != SSL_SUCCESS)
wolfSSL 7:481bce714567 16892 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 7:481bce714567 16893 else {
wolfSSL 7:481bce714567 16894 rsa->inSet = 1;
wolfSSL 7:481bce714567 16895 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 16896 }
wolfSSL 7:481bce714567 16897
wolfSSL 7:481bce714567 16898 wc_FreeRng(rng);
wolfSSL 7:481bce714567 16899 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16900 XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16901 #endif
wolfSSL 7:481bce714567 16902 }
wolfSSL 7:481bce714567 16903 #else
wolfSSL 7:481bce714567 16904 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 16905 #endif
wolfSSL 7:481bce714567 16906 return ret;
wolfSSL 7:481bce714567 16907 }
wolfSSL 7:481bce714567 16908
wolfSSL 7:481bce714567 16909
wolfSSL 7:481bce714567 16910 /* SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 16911 int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
wolfSSL 7:481bce714567 16912 {
wolfSSL 7:481bce714567 16913 (void)rsa;
wolfSSL 7:481bce714567 16914 (void)bn;
wolfSSL 7:481bce714567 16915
wolfSSL 7:481bce714567 16916 WOLFSSL_MSG("wolfSSL_RSA_blinding_on");
wolfSSL 7:481bce714567 16917
wolfSSL 7:481bce714567 16918 return SSL_SUCCESS; /* on by default */
wolfSSL 7:481bce714567 16919 }
wolfSSL 7:481bce714567 16920
wolfSSL 7:481bce714567 16921 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 16922 * size of encrypted data if success , -1 if error
wolfSSL 7:481bce714567 16923 */
wolfSSL 7:481bce714567 16924 int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL 7:481bce714567 16925 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 7:481bce714567 16926 {
wolfSSL 7:481bce714567 16927 (void)len;
wolfSSL 7:481bce714567 16928 (void)fr;
wolfSSL 7:481bce714567 16929 (void)to;
wolfSSL 7:481bce714567 16930 (void)rsa;
wolfSSL 7:481bce714567 16931 (void)padding;
wolfSSL 7:481bce714567 16932
wolfSSL 7:481bce714567 16933 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
wolfSSL 7:481bce714567 16934
wolfSSL 7:481bce714567 16935 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16936 }
wolfSSL 7:481bce714567 16937
wolfSSL 7:481bce714567 16938 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 16939 * size of plain recovered data if success , -1 if error
wolfSSL 7:481bce714567 16940 */
wolfSSL 7:481bce714567 16941 int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL 7:481bce714567 16942 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 7:481bce714567 16943 {
wolfSSL 7:481bce714567 16944 (void)len;
wolfSSL 7:481bce714567 16945 (void)fr;
wolfSSL 7:481bce714567 16946 (void)to;
wolfSSL 7:481bce714567 16947 (void)rsa;
wolfSSL 7:481bce714567 16948 (void)padding;
wolfSSL 7:481bce714567 16949
wolfSSL 7:481bce714567 16950 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
wolfSSL 7:481bce714567 16951
wolfSSL 7:481bce714567 16952 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16953 }
wolfSSL 7:481bce714567 16954
wolfSSL 7:481bce714567 16955 /* return compliant with OpenSSL
wolfSSL 7:481bce714567 16956 * RSA modulus size in bytes, -1 if error
wolfSSL 7:481bce714567 16957 */
wolfSSL 7:481bce714567 16958 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 16959 {
wolfSSL 7:481bce714567 16960 WOLFSSL_MSG("wolfSSL_RSA_size");
wolfSSL 7:481bce714567 16961
wolfSSL 7:481bce714567 16962 if (rsa == NULL)
wolfSSL 7:481bce714567 16963 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 16964
wolfSSL 7:481bce714567 16965 return wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 7:481bce714567 16966 }
wolfSSL 7:481bce714567 16967 #endif /* NO_RSA */
wolfSSL 7:481bce714567 16968
wolfSSL 7:481bce714567 16969 #ifndef NO_DSA
wolfSSL 7:481bce714567 16970 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 16971 * 1 if success, 0 if error
wolfSSL 7:481bce714567 16972 */
wolfSSL 7:481bce714567 16973 int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 16974 {
wolfSSL 7:481bce714567 16975 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 16976
wolfSSL 7:481bce714567 16977 WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
wolfSSL 7:481bce714567 16978
wolfSSL 7:481bce714567 16979 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 16980 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 16981 return SSL_FAILURE;
wolfSSL 7:481bce714567 16982 }
wolfSSL 7:481bce714567 16983
wolfSSL 7:481bce714567 16984 if (dsa->inSet == 0) {
wolfSSL 7:481bce714567 16985 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 7:481bce714567 16986
wolfSSL 7:481bce714567 16987 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 16988 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 7:481bce714567 16989 return ret;
wolfSSL 7:481bce714567 16990 }
wolfSSL 7:481bce714567 16991 }
wolfSSL 7:481bce714567 16992
wolfSSL 7:481bce714567 16993 #ifdef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 16994 {
wolfSSL 7:481bce714567 16995 int initTmpRng = 0;
wolfSSL 7:481bce714567 16996 WC_RNG *rng = NULL;
wolfSSL 7:481bce714567 16997 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 16998 WC_RNG *tmpRNG = NULL;
wolfSSL 7:481bce714567 16999 #else
wolfSSL 7:481bce714567 17000 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 17001 #endif
wolfSSL 7:481bce714567 17002
wolfSSL 7:481bce714567 17003 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17004 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17005 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 17006 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17007 #endif
wolfSSL 7:481bce714567 17008 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 17009 rng = tmpRNG;
wolfSSL 7:481bce714567 17010 initTmpRng = 1;
wolfSSL 7:481bce714567 17011 }
wolfSSL 7:481bce714567 17012 else {
wolfSSL 7:481bce714567 17013 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 17014 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 17015 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 17016 else
wolfSSL 7:481bce714567 17017 rng = &globalRNG;
wolfSSL 7:481bce714567 17018 }
wolfSSL 7:481bce714567 17019
wolfSSL 7:481bce714567 17020 if (rng) {
wolfSSL 7:481bce714567 17021 if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 7:481bce714567 17022 WOLFSSL_MSG("wc_MakeDsaKey failed");
wolfSSL 7:481bce714567 17023 else if (SetDsaExternal(dsa) != SSL_SUCCESS)
wolfSSL 7:481bce714567 17024 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 7:481bce714567 17025 else
wolfSSL 7:481bce714567 17026 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 17027 }
wolfSSL 7:481bce714567 17028
wolfSSL 7:481bce714567 17029 if (initTmpRng)
wolfSSL 7:481bce714567 17030 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 17031
wolfSSL 7:481bce714567 17032 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17033 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17034 #endif
wolfSSL 7:481bce714567 17035 }
wolfSSL 7:481bce714567 17036 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 17037 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 17038 #endif
wolfSSL 7:481bce714567 17039 return ret;
wolfSSL 7:481bce714567 17040 }
wolfSSL 7:481bce714567 17041
wolfSSL 7:481bce714567 17042 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 17043 * 1 if success, 0 if error
wolfSSL 7:481bce714567 17044 */
wolfSSL 7:481bce714567 17045 int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
wolfSSL 7:481bce714567 17046 unsigned char* seed, int seedLen,
wolfSSL 7:481bce714567 17047 int* counterRet,
wolfSSL 7:481bce714567 17048 unsigned long* hRet, void* cb)
wolfSSL 7:481bce714567 17049 {
wolfSSL 7:481bce714567 17050 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 17051
wolfSSL 7:481bce714567 17052 (void)bits;
wolfSSL 7:481bce714567 17053 (void)seed;
wolfSSL 7:481bce714567 17054 (void)seedLen;
wolfSSL 7:481bce714567 17055 (void)counterRet;
wolfSSL 7:481bce714567 17056 (void)hRet;
wolfSSL 7:481bce714567 17057 (void)cb;
wolfSSL 7:481bce714567 17058
wolfSSL 7:481bce714567 17059 WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
wolfSSL 7:481bce714567 17060
wolfSSL 7:481bce714567 17061 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 17062 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 17063 return SSL_FAILURE;
wolfSSL 7:481bce714567 17064 }
wolfSSL 7:481bce714567 17065
wolfSSL 7:481bce714567 17066 #ifdef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 17067 {
wolfSSL 7:481bce714567 17068 int initTmpRng = 0;
wolfSSL 7:481bce714567 17069 WC_RNG *rng = NULL;
wolfSSL 7:481bce714567 17070 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17071 WC_RNG *tmpRNG = NULL;
wolfSSL 7:481bce714567 17072 #else
wolfSSL 7:481bce714567 17073 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 17074 #endif
wolfSSL 7:481bce714567 17075
wolfSSL 7:481bce714567 17076 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17077 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17078 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 17079 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17080 #endif
wolfSSL 7:481bce714567 17081 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 17082 rng = tmpRNG;
wolfSSL 7:481bce714567 17083 initTmpRng = 1;
wolfSSL 7:481bce714567 17084 }
wolfSSL 7:481bce714567 17085 else {
wolfSSL 7:481bce714567 17086 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 17087 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 17088 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 17089 else
wolfSSL 7:481bce714567 17090 rng = &globalRNG;
wolfSSL 7:481bce714567 17091 }
wolfSSL 7:481bce714567 17092
wolfSSL 7:481bce714567 17093 if (rng) {
wolfSSL 7:481bce714567 17094 if (wc_MakeDsaParameters(rng, bits,
wolfSSL 7:481bce714567 17095 (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 7:481bce714567 17096 WOLFSSL_MSG("wc_MakeDsaParameters failed");
wolfSSL 7:481bce714567 17097 else if (SetDsaExternal(dsa) != SSL_SUCCESS)
wolfSSL 7:481bce714567 17098 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 7:481bce714567 17099 else
wolfSSL 7:481bce714567 17100 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 17101 }
wolfSSL 7:481bce714567 17102
wolfSSL 7:481bce714567 17103 if (initTmpRng)
wolfSSL 7:481bce714567 17104 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 17105
wolfSSL 7:481bce714567 17106 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17107 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17108 #endif
wolfSSL 7:481bce714567 17109 }
wolfSSL 7:481bce714567 17110 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 17111 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 17112 #endif
wolfSSL 7:481bce714567 17113
wolfSSL 7:481bce714567 17114 return ret;
wolfSSL 7:481bce714567 17115 }
wolfSSL 7:481bce714567 17116
wolfSSL 7:481bce714567 17117 /* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL 7:481bce714567 17118 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 7:481bce714567 17119 WOLFSSL_DSA* dsa)
wolfSSL 7:481bce714567 17120 {
wolfSSL 7:481bce714567 17121 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17122 int initTmpRng = 0;
wolfSSL 7:481bce714567 17123 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 17124 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17125 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 17126 #else
wolfSSL 7:481bce714567 17127 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 17128 #endif
wolfSSL 7:481bce714567 17129
wolfSSL 7:481bce714567 17130 WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
wolfSSL 7:481bce714567 17131
wolfSSL 7:481bce714567 17132 if (d == NULL || sigRet == NULL || dsa == NULL) {
wolfSSL 7:481bce714567 17133 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 17134 return ret;
wolfSSL 7:481bce714567 17135 }
wolfSSL 7:481bce714567 17136
wolfSSL 7:481bce714567 17137 if (dsa->inSet == 0)
wolfSSL 7:481bce714567 17138 {
wolfSSL 7:481bce714567 17139 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 7:481bce714567 17140
wolfSSL 7:481bce714567 17141 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17142 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 7:481bce714567 17143 return ret;
wolfSSL 7:481bce714567 17144 }
wolfSSL 7:481bce714567 17145 }
wolfSSL 7:481bce714567 17146
wolfSSL 7:481bce714567 17147 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17148 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17149 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 17150 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17151 #endif
wolfSSL 7:481bce714567 17152
wolfSSL 7:481bce714567 17153 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 17154 rng = tmpRNG;
wolfSSL 7:481bce714567 17155 initTmpRng = 1;
wolfSSL 7:481bce714567 17156 }
wolfSSL 7:481bce714567 17157 else {
wolfSSL 7:481bce714567 17158 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 17159 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 17160 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 17161 else
wolfSSL 7:481bce714567 17162 rng = &globalRNG;
wolfSSL 7:481bce714567 17163 }
wolfSSL 7:481bce714567 17164
wolfSSL 7:481bce714567 17165 if (rng) {
wolfSSL 7:481bce714567 17166 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
wolfSSL 7:481bce714567 17167 WOLFSSL_MSG("DsaSign failed");
wolfSSL 7:481bce714567 17168 else
wolfSSL 7:481bce714567 17169 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 17170 }
wolfSSL 7:481bce714567 17171
wolfSSL 7:481bce714567 17172 if (initTmpRng)
wolfSSL 7:481bce714567 17173 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 17174 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17175 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17176 #endif
wolfSSL 7:481bce714567 17177
wolfSSL 7:481bce714567 17178 return ret;
wolfSSL 7:481bce714567 17179 }
wolfSSL 7:481bce714567 17180
wolfSSL 7:481bce714567 17181
wolfSSL 7:481bce714567 17182 int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
wolfSSL 7:481bce714567 17183 WOLFSSL_DSA* dsa, int *dsacheck)
wolfSSL 7:481bce714567 17184 {
wolfSSL 7:481bce714567 17185 int ret = SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17186
wolfSSL 7:481bce714567 17187 WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
wolfSSL 7:481bce714567 17188
wolfSSL 7:481bce714567 17189 if (d == NULL || sig == NULL || dsa == NULL) {
wolfSSL 7:481bce714567 17190 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 17191 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17192 }
wolfSSL 7:481bce714567 17193 if (dsa->inSet == 0)
wolfSSL 7:481bce714567 17194 {
wolfSSL 7:481bce714567 17195 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 7:481bce714567 17196
wolfSSL 7:481bce714567 17197 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17198 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 7:481bce714567 17199 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17200 }
wolfSSL 7:481bce714567 17201 }
wolfSSL 7:481bce714567 17202
wolfSSL 7:481bce714567 17203 ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
wolfSSL 7:481bce714567 17204 if (ret != 0 || *dsacheck != 1) {
wolfSSL 7:481bce714567 17205 WOLFSSL_MSG("DsaVerify failed");
wolfSSL 7:481bce714567 17206 return ret;
wolfSSL 7:481bce714567 17207 }
wolfSSL 7:481bce714567 17208
wolfSSL 7:481bce714567 17209 return SSL_SUCCESS;
wolfSSL 7:481bce714567 17210 }
wolfSSL 7:481bce714567 17211 #endif /* NO_DSA */
wolfSSL 7:481bce714567 17212
wolfSSL 7:481bce714567 17213
wolfSSL 7:481bce714567 17214 #ifndef NO_RSA
wolfSSL 7:481bce714567 17215 /* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL 7:481bce714567 17216 int wolfSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 7:481bce714567 17217 unsigned int mLen, unsigned char* sigRet,
wolfSSL 7:481bce714567 17218 unsigned int* sigLen, WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 17219 {
wolfSSL 7:481bce714567 17220 word32 outLen;
wolfSSL 7:481bce714567 17221 word32 signSz;
wolfSSL 7:481bce714567 17222 int initTmpRng = 0;
wolfSSL 7:481bce714567 17223 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 17224 int ret = 0;
wolfSSL 7:481bce714567 17225 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17226 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 17227 byte* encodedSig = NULL;
wolfSSL 7:481bce714567 17228 #else
wolfSSL 7:481bce714567 17229 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 17230 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 7:481bce714567 17231 #endif
wolfSSL 7:481bce714567 17232
wolfSSL 7:481bce714567 17233 WOLFSSL_MSG("wolfSSL_RSA_sign");
wolfSSL 7:481bce714567 17234
wolfSSL 7:481bce714567 17235 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
wolfSSL 7:481bce714567 17236 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 17237 return 0;
wolfSSL 7:481bce714567 17238 }
wolfSSL 7:481bce714567 17239
wolfSSL 7:481bce714567 17240 switch (type) {
wolfSSL 7:481bce714567 17241 #ifdef WOLFSSL_MD2
wolfSSL 7:481bce714567 17242 case NID_md2: type = MD2h; break;
wolfSSL 7:481bce714567 17243 #endif
wolfSSL 7:481bce714567 17244 #ifndef NO_MD5
wolfSSL 7:481bce714567 17245 case NID_md5: type = MD5h; break;
wolfSSL 7:481bce714567 17246 #endif
wolfSSL 7:481bce714567 17247 #ifndef NO_SHA
wolfSSL 7:481bce714567 17248 case NID_sha1: type = SHAh; break;
wolfSSL 7:481bce714567 17249 #endif
wolfSSL 7:481bce714567 17250 #ifndef NO_SHA256
wolfSSL 7:481bce714567 17251 case NID_sha256: type = SHA256h; break;
wolfSSL 7:481bce714567 17252 #endif
wolfSSL 7:481bce714567 17253 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 17254 case NID_sha384: type = SHA384h; break;
wolfSSL 7:481bce714567 17255 #endif
wolfSSL 7:481bce714567 17256 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 17257 case NID_sha512: type = SHA512h; break;
wolfSSL 7:481bce714567 17258 #endif
wolfSSL 7:481bce714567 17259 default:
wolfSSL 7:481bce714567 17260 WOLFSSL_MSG("This NID (md type) not configured or not implemented");
wolfSSL 7:481bce714567 17261 return 0;
wolfSSL 7:481bce714567 17262 }
wolfSSL 7:481bce714567 17263
wolfSSL 7:481bce714567 17264 if (rsa->inSet == 0)
wolfSSL 7:481bce714567 17265 {
wolfSSL 7:481bce714567 17266 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 7:481bce714567 17267
wolfSSL 7:481bce714567 17268 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17269 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 7:481bce714567 17270 return 0;
wolfSSL 7:481bce714567 17271 }
wolfSSL 7:481bce714567 17272 }
wolfSSL 7:481bce714567 17273
wolfSSL 7:481bce714567 17274 outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 7:481bce714567 17275
wolfSSL 7:481bce714567 17276 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17277 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17278 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 17279 return 0;
wolfSSL 7:481bce714567 17280
wolfSSL 7:481bce714567 17281 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL 7:481bce714567 17282 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17283 if (encodedSig == NULL) {
wolfSSL 7:481bce714567 17284 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17285 return 0;
wolfSSL 7:481bce714567 17286 }
wolfSSL 7:481bce714567 17287 #endif
wolfSSL 7:481bce714567 17288
wolfSSL 7:481bce714567 17289 if (outLen == 0)
wolfSSL 7:481bce714567 17290 WOLFSSL_MSG("Bad RSA size");
wolfSSL 7:481bce714567 17291 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 17292 rng = tmpRNG;
wolfSSL 7:481bce714567 17293 initTmpRng = 1;
wolfSSL 7:481bce714567 17294 }
wolfSSL 7:481bce714567 17295 else {
wolfSSL 7:481bce714567 17296 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 17297
wolfSSL 7:481bce714567 17298 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 17299 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 17300 else
wolfSSL 7:481bce714567 17301 rng = &globalRNG;
wolfSSL 7:481bce714567 17302 }
wolfSSL 7:481bce714567 17303
wolfSSL 7:481bce714567 17304 if (rng) {
wolfSSL 7:481bce714567 17305
wolfSSL 7:481bce714567 17306 signSz = wc_EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 7:481bce714567 17307 if (signSz == 0) {
wolfSSL 7:481bce714567 17308 WOLFSSL_MSG("Bad Encode Signature");
wolfSSL 7:481bce714567 17309 }
wolfSSL 7:481bce714567 17310 else {
wolfSSL 7:481bce714567 17311 *sigLen = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 7:481bce714567 17312 (RsaKey*)rsa->internal, rng);
wolfSSL 7:481bce714567 17313 if (*sigLen <= 0)
wolfSSL 7:481bce714567 17314 WOLFSSL_MSG("Bad Rsa Sign");
wolfSSL 7:481bce714567 17315 else
wolfSSL 7:481bce714567 17316 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 17317 }
wolfSSL 7:481bce714567 17318
wolfSSL 7:481bce714567 17319 }
wolfSSL 7:481bce714567 17320
wolfSSL 7:481bce714567 17321 if (initTmpRng)
wolfSSL 7:481bce714567 17322 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 17323
wolfSSL 7:481bce714567 17324 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17325 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17326 XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17327 #endif
wolfSSL 7:481bce714567 17328
wolfSSL 7:481bce714567 17329 if (ret == SSL_SUCCESS)
wolfSSL 7:481bce714567 17330 WOLFSSL_MSG("wolfSSL_RSA_sign success");
wolfSSL 7:481bce714567 17331 else {
wolfSSL 7:481bce714567 17332 WOLFSSL_MSG("wolfSSL_RSA_sign failed");
wolfSSL 7:481bce714567 17333 }
wolfSSL 7:481bce714567 17334 return ret;
wolfSSL 7:481bce714567 17335 }
wolfSSL 7:481bce714567 17336
wolfSSL 7:481bce714567 17337
wolfSSL 7:481bce714567 17338 int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL 7:481bce714567 17339 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 7:481bce714567 17340 {
wolfSSL 7:481bce714567 17341 int tlen = 0;
wolfSSL 7:481bce714567 17342
wolfSSL 7:481bce714567 17343 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
wolfSSL 7:481bce714567 17344
wolfSSL 7:481bce714567 17345 if (rsa == NULL || rsa->internal == NULL || from == NULL) {
wolfSSL 7:481bce714567 17346 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 17347 return 0;
wolfSSL 7:481bce714567 17348 }
wolfSSL 7:481bce714567 17349
wolfSSL 7:481bce714567 17350 if (padding != RSA_PKCS1_PADDING) {
wolfSSL 7:481bce714567 17351 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
wolfSSL 7:481bce714567 17352 return 0;
wolfSSL 7:481bce714567 17353 }
wolfSSL 7:481bce714567 17354
wolfSSL 7:481bce714567 17355 if (rsa->inSet == 0)
wolfSSL 7:481bce714567 17356 {
wolfSSL 7:481bce714567 17357 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 7:481bce714567 17358
wolfSSL 7:481bce714567 17359 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17360 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 7:481bce714567 17361 return 0;
wolfSSL 7:481bce714567 17362 }
wolfSSL 7:481bce714567 17363 }
wolfSSL 7:481bce714567 17364
wolfSSL 7:481bce714567 17365 /* size of 'to' buffer must be size of RSA key */
wolfSSL 7:481bce714567 17366 tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
wolfSSL 7:481bce714567 17367 (RsaKey*)rsa->internal);
wolfSSL 7:481bce714567 17368 if (tlen <= 0)
wolfSSL 7:481bce714567 17369 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
wolfSSL 7:481bce714567 17370 else {
wolfSSL 7:481bce714567 17371 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
wolfSSL 7:481bce714567 17372 }
wolfSSL 7:481bce714567 17373 return tlen;
wolfSSL 7:481bce714567 17374 }
wolfSSL 7:481bce714567 17375
wolfSSL 7:481bce714567 17376
wolfSSL 7:481bce714567 17377 /* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 17378 int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
wolfSSL 7:481bce714567 17379 {
wolfSSL 7:481bce714567 17380 int err;
wolfSSL 7:481bce714567 17381 mp_int tmp;
wolfSSL 7:481bce714567 17382
wolfSSL 7:481bce714567 17383 WOLFSSL_MSG("wolfSSL_RsaGenAdd");
wolfSSL 7:481bce714567 17384
wolfSSL 7:481bce714567 17385 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 7:481bce714567 17386 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 7:481bce714567 17387 WOLFSSL_MSG("rsa no init error");
wolfSSL 7:481bce714567 17388 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17389 }
wolfSSL 7:481bce714567 17390
wolfSSL 7:481bce714567 17391 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 7:481bce714567 17392 WOLFSSL_MSG("mp_init error");
wolfSSL 7:481bce714567 17393 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17394 }
wolfSSL 7:481bce714567 17395
wolfSSL 7:481bce714567 17396 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 7:481bce714567 17397 if (err != MP_OKAY) {
wolfSSL 7:481bce714567 17398 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 7:481bce714567 17399 }
wolfSSL 7:481bce714567 17400 else
wolfSSL 7:481bce714567 17401 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 7:481bce714567 17402 (mp_int*)rsa->dmp1->internal);
wolfSSL 7:481bce714567 17403
wolfSSL 7:481bce714567 17404 if (err != MP_OKAY) {
wolfSSL 7:481bce714567 17405 WOLFSSL_MSG("mp_mod error");
wolfSSL 7:481bce714567 17406 }
wolfSSL 7:481bce714567 17407 else
wolfSSL 7:481bce714567 17408 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 7:481bce714567 17409 if (err != MP_OKAY) {
wolfSSL 7:481bce714567 17410 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 7:481bce714567 17411 }
wolfSSL 7:481bce714567 17412 else
wolfSSL 7:481bce714567 17413 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 7:481bce714567 17414 (mp_int*)rsa->dmq1->internal);
wolfSSL 7:481bce714567 17415
wolfSSL 7:481bce714567 17416 mp_clear(&tmp);
wolfSSL 7:481bce714567 17417
wolfSSL 7:481bce714567 17418 if (err == MP_OKAY)
wolfSSL 7:481bce714567 17419 return SSL_SUCCESS;
wolfSSL 7:481bce714567 17420 else
wolfSSL 7:481bce714567 17421 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 17422 }
wolfSSL 7:481bce714567 17423 #endif /* NO_RSA */
wolfSSL 7:481bce714567 17424
wolfSSL 7:481bce714567 17425
wolfSSL 7:481bce714567 17426 void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 7:481bce714567 17427 const EVP_MD* type)
wolfSSL 7:481bce714567 17428 {
wolfSSL 7:481bce714567 17429 WOLFSSL_MSG("wolfSSL_HMAC_Init");
wolfSSL 7:481bce714567 17430
wolfSSL 7:481bce714567 17431 if (ctx == NULL) {
wolfSSL 7:481bce714567 17432 WOLFSSL_MSG("no ctx on init");
wolfSSL 7:481bce714567 17433 return;
wolfSSL 7:481bce714567 17434 }
wolfSSL 7:481bce714567 17435
wolfSSL 7:481bce714567 17436 if (type) {
wolfSSL 7:481bce714567 17437 WOLFSSL_MSG("init has type");
wolfSSL 7:481bce714567 17438
wolfSSL 7:481bce714567 17439 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 7:481bce714567 17440 WOLFSSL_MSG("md5 hmac");
wolfSSL 7:481bce714567 17441 ctx->type = MD5;
wolfSSL 7:481bce714567 17442 }
wolfSSL 7:481bce714567 17443 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 7:481bce714567 17444 WOLFSSL_MSG("sha256 hmac");
wolfSSL 7:481bce714567 17445 ctx->type = SHA256;
wolfSSL 7:481bce714567 17446 }
wolfSSL 7:481bce714567 17447
wolfSSL 7:481bce714567 17448 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 7:481bce714567 17449 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 7:481bce714567 17450 WOLFSSL_MSG("sha hmac");
wolfSSL 7:481bce714567 17451 ctx->type = SHA;
wolfSSL 7:481bce714567 17452 }
wolfSSL 7:481bce714567 17453 else {
wolfSSL 7:481bce714567 17454 WOLFSSL_MSG("bad init type");
wolfSSL 7:481bce714567 17455 }
wolfSSL 7:481bce714567 17456 }
wolfSSL 7:481bce714567 17457
wolfSSL 7:481bce714567 17458 if (key && keylen) {
wolfSSL 7:481bce714567 17459 WOLFSSL_MSG("keying hmac");
wolfSSL 7:481bce714567 17460 wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
wolfSSL 7:481bce714567 17461 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 17462 }
wolfSSL 7:481bce714567 17463 }
wolfSSL 7:481bce714567 17464
wolfSSL 7:481bce714567 17465
wolfSSL 7:481bce714567 17466 void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 7:481bce714567 17467 int len)
wolfSSL 7:481bce714567 17468 {
wolfSSL 7:481bce714567 17469 WOLFSSL_MSG("wolfSSL_HMAC_Update");
wolfSSL 7:481bce714567 17470
wolfSSL 7:481bce714567 17471 if (ctx && data) {
wolfSSL 7:481bce714567 17472 WOLFSSL_MSG("updating hmac");
wolfSSL 7:481bce714567 17473 wc_HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 7:481bce714567 17474 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 17475 }
wolfSSL 7:481bce714567 17476 }
wolfSSL 7:481bce714567 17477
wolfSSL 7:481bce714567 17478
wolfSSL 7:481bce714567 17479 void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 7:481bce714567 17480 unsigned int* len)
wolfSSL 7:481bce714567 17481 {
wolfSSL 7:481bce714567 17482 WOLFSSL_MSG("wolfSSL_HMAC_Final");
wolfSSL 7:481bce714567 17483
wolfSSL 7:481bce714567 17484 if (ctx && hash) {
wolfSSL 7:481bce714567 17485 WOLFSSL_MSG("final hmac");
wolfSSL 7:481bce714567 17486 wc_HmacFinal(&ctx->hmac, hash);
wolfSSL 7:481bce714567 17487 /* OpenSSL compat, no error */
wolfSSL 7:481bce714567 17488
wolfSSL 7:481bce714567 17489 if (len) {
wolfSSL 7:481bce714567 17490 WOLFSSL_MSG("setting output len");
wolfSSL 7:481bce714567 17491 switch (ctx->type) {
wolfSSL 7:481bce714567 17492 case MD5:
wolfSSL 7:481bce714567 17493 *len = MD5_DIGEST_SIZE;
wolfSSL 7:481bce714567 17494 break;
wolfSSL 7:481bce714567 17495
wolfSSL 7:481bce714567 17496 case SHA:
wolfSSL 7:481bce714567 17497 *len = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 17498 break;
wolfSSL 7:481bce714567 17499
wolfSSL 7:481bce714567 17500 case SHA256:
wolfSSL 7:481bce714567 17501 *len = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 17502 break;
wolfSSL 7:481bce714567 17503
wolfSSL 7:481bce714567 17504 default:
wolfSSL 7:481bce714567 17505 WOLFSSL_MSG("bad hmac type");
wolfSSL 7:481bce714567 17506 }
wolfSSL 7:481bce714567 17507 }
wolfSSL 7:481bce714567 17508 }
wolfSSL 7:481bce714567 17509 }
wolfSSL 7:481bce714567 17510
wolfSSL 7:481bce714567 17511
wolfSSL 7:481bce714567 17512 void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 7:481bce714567 17513 {
wolfSSL 7:481bce714567 17514 (void)ctx;
wolfSSL 7:481bce714567 17515
wolfSSL 7:481bce714567 17516 WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
wolfSSL 7:481bce714567 17517 }
wolfSSL 7:481bce714567 17518
wolfSSL 7:481bce714567 17519
wolfSSL 7:481bce714567 17520 const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
wolfSSL 7:481bce714567 17521 {
wolfSSL 7:481bce714567 17522 WOLFSSL_MSG("wolfSSL_get_digestbynid");
wolfSSL 7:481bce714567 17523
wolfSSL 7:481bce714567 17524 switch(id) {
wolfSSL 7:481bce714567 17525 #ifndef NO_MD5
wolfSSL 7:481bce714567 17526 case NID_md5:
wolfSSL 7:481bce714567 17527 return wolfSSL_EVP_md5();
wolfSSL 7:481bce714567 17528 #endif
wolfSSL 7:481bce714567 17529 #ifndef NO_SHA
wolfSSL 7:481bce714567 17530 case NID_sha1:
wolfSSL 7:481bce714567 17531 return wolfSSL_EVP_sha1();
wolfSSL 7:481bce714567 17532 #endif
wolfSSL 7:481bce714567 17533 default:
wolfSSL 7:481bce714567 17534 WOLFSSL_MSG("Bad digest id value");
wolfSSL 7:481bce714567 17535 }
wolfSSL 7:481bce714567 17536
wolfSSL 7:481bce714567 17537 return NULL;
wolfSSL 7:481bce714567 17538 }
wolfSSL 7:481bce714567 17539
wolfSSL 7:481bce714567 17540
wolfSSL 7:481bce714567 17541 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 7:481bce714567 17542 {
wolfSSL 7:481bce714567 17543 (void)key;
wolfSSL 7:481bce714567 17544 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA not implemented");
wolfSSL 7:481bce714567 17545
wolfSSL 7:481bce714567 17546 return NULL;
wolfSSL 7:481bce714567 17547 }
wolfSSL 7:481bce714567 17548
wolfSSL 7:481bce714567 17549
wolfSSL 7:481bce714567 17550 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 7:481bce714567 17551 {
wolfSSL 7:481bce714567 17552 (void)key;
wolfSSL 7:481bce714567 17553 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented");
wolfSSL 7:481bce714567 17554
wolfSSL 7:481bce714567 17555 return NULL;
wolfSSL 7:481bce714567 17556 }
wolfSSL 7:481bce714567 17557
wolfSSL 7:481bce714567 17558
wolfSSL 7:481bce714567 17559 WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
wolfSSL 7:481bce714567 17560 {
wolfSSL 7:481bce714567 17561 (void)key;
wolfSSL 7:481bce714567 17562 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
wolfSSL 7:481bce714567 17563
wolfSSL 7:481bce714567 17564 return NULL;
wolfSSL 7:481bce714567 17565 }
wolfSSL 7:481bce714567 17566
wolfSSL 7:481bce714567 17567
wolfSSL 7:481bce714567 17568 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 17569 {
wolfSSL 7:481bce714567 17570 WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
wolfSSL 7:481bce714567 17571
wolfSSL 7:481bce714567 17572 if (ctx) {
wolfSSL 7:481bce714567 17573 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 17574 case ARC4_TYPE:
wolfSSL 7:481bce714567 17575 WOLFSSL_MSG("returning arc4 state");
wolfSSL 7:481bce714567 17576 return (void*)&ctx->cipher.arc4.x;
wolfSSL 7:481bce714567 17577
wolfSSL 7:481bce714567 17578 default:
wolfSSL 7:481bce714567 17579 WOLFSSL_MSG("bad x state type");
wolfSSL 7:481bce714567 17580 return 0;
wolfSSL 7:481bce714567 17581 }
wolfSSL 7:481bce714567 17582 }
wolfSSL 7:481bce714567 17583
wolfSSL 7:481bce714567 17584 return NULL;
wolfSSL 7:481bce714567 17585 }
wolfSSL 7:481bce714567 17586
wolfSSL 7:481bce714567 17587
wolfSSL 7:481bce714567 17588 int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 17589 {
wolfSSL 7:481bce714567 17590 WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
wolfSSL 7:481bce714567 17591
wolfSSL 7:481bce714567 17592 if (ctx) {
wolfSSL 7:481bce714567 17593 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 17594 case ARC4_TYPE:
wolfSSL 7:481bce714567 17595 WOLFSSL_MSG("returning arc4 state size");
wolfSSL 7:481bce714567 17596 return sizeof(Arc4);
wolfSSL 7:481bce714567 17597
wolfSSL 7:481bce714567 17598 default:
wolfSSL 7:481bce714567 17599 WOLFSSL_MSG("bad x state type");
wolfSSL 7:481bce714567 17600 return 0;
wolfSSL 7:481bce714567 17601 }
wolfSSL 7:481bce714567 17602 }
wolfSSL 7:481bce714567 17603
wolfSSL 7:481bce714567 17604 return 0;
wolfSSL 7:481bce714567 17605 }
wolfSSL 7:481bce714567 17606
wolfSSL 7:481bce714567 17607
wolfSSL 7:481bce714567 17608 #ifndef NO_DES3
wolfSSL 7:481bce714567 17609
wolfSSL 7:481bce714567 17610 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 7:481bce714567 17611 unsigned char* iv, int len)
wolfSSL 7:481bce714567 17612 {
wolfSSL 7:481bce714567 17613 (void)len;
wolfSSL 7:481bce714567 17614
wolfSSL 7:481bce714567 17615 WOLFSSL_MSG("wolfSSL_3des_iv");
wolfSSL 7:481bce714567 17616
wolfSSL 7:481bce714567 17617 if (ctx == NULL || iv == NULL) {
wolfSSL 7:481bce714567 17618 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 17619 return;
wolfSSL 7:481bce714567 17620 }
wolfSSL 7:481bce714567 17621
wolfSSL 7:481bce714567 17622 if (doset)
wolfSSL 7:481bce714567 17623 wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 7:481bce714567 17624 else
wolfSSL 7:481bce714567 17625 XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 7:481bce714567 17626 }
wolfSSL 7:481bce714567 17627
wolfSSL 7:481bce714567 17628 #endif /* NO_DES3 */
wolfSSL 7:481bce714567 17629
wolfSSL 7:481bce714567 17630
wolfSSL 7:481bce714567 17631 #ifndef NO_AES
wolfSSL 7:481bce714567 17632
wolfSSL 7:481bce714567 17633 void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 7:481bce714567 17634 unsigned char* iv, int len)
wolfSSL 7:481bce714567 17635 {
wolfSSL 7:481bce714567 17636 (void)len;
wolfSSL 7:481bce714567 17637
wolfSSL 7:481bce714567 17638 WOLFSSL_MSG("wolfSSL_aes_ctr_iv");
wolfSSL 7:481bce714567 17639
wolfSSL 7:481bce714567 17640 if (ctx == NULL || iv == NULL) {
wolfSSL 7:481bce714567 17641 WOLFSSL_MSG("Bad function argument");
wolfSSL 7:481bce714567 17642 return;
wolfSSL 7:481bce714567 17643 }
wolfSSL 7:481bce714567 17644
wolfSSL 7:481bce714567 17645 if (doset)
wolfSSL 7:481bce714567 17646 wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 7:481bce714567 17647 else
wolfSSL 7:481bce714567 17648 XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 7:481bce714567 17649 }
wolfSSL 7:481bce714567 17650
wolfSSL 7:481bce714567 17651 #endif /* NO_AES */
wolfSSL 7:481bce714567 17652
wolfSSL 7:481bce714567 17653
wolfSSL 7:481bce714567 17654 const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
wolfSSL 7:481bce714567 17655 {
wolfSSL 7:481bce714567 17656 WOLFSSL_MSG("wolfSSL_ripemd160");
wolfSSL 7:481bce714567 17657
wolfSSL 7:481bce714567 17658 return NULL;
wolfSSL 7:481bce714567 17659 }
wolfSSL 7:481bce714567 17660
wolfSSL 7:481bce714567 17661
wolfSSL 7:481bce714567 17662 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
wolfSSL 7:481bce714567 17663 {
wolfSSL 7:481bce714567 17664 WOLFSSL_MSG("wolfSSL_EVP_MD_size");
wolfSSL 7:481bce714567 17665
wolfSSL 7:481bce714567 17666 if (type == NULL) {
wolfSSL 7:481bce714567 17667 WOLFSSL_MSG("No md type arg");
wolfSSL 7:481bce714567 17668 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 17669 }
wolfSSL 7:481bce714567 17670
wolfSSL 7:481bce714567 17671 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 7:481bce714567 17672 return SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 17673 }
wolfSSL 7:481bce714567 17674 #ifndef NO_MD5
wolfSSL 7:481bce714567 17675 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 7:481bce714567 17676 return MD5_DIGEST_SIZE;
wolfSSL 7:481bce714567 17677 }
wolfSSL 7:481bce714567 17678 #endif
wolfSSL 7:481bce714567 17679 #ifdef WOLFSSL_SHA224
wolfSSL 7:481bce714567 17680 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
wolfSSL 7:481bce714567 17681 return SHA224_DIGEST_SIZE;
wolfSSL 7:481bce714567 17682 }
wolfSSL 7:481bce714567 17683 #endif
wolfSSL 7:481bce714567 17684 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 17685 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 7:481bce714567 17686 return SHA384_DIGEST_SIZE;
wolfSSL 7:481bce714567 17687 }
wolfSSL 7:481bce714567 17688 #endif
wolfSSL 7:481bce714567 17689 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 17690 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 7:481bce714567 17691 return SHA512_DIGEST_SIZE;
wolfSSL 7:481bce714567 17692 }
wolfSSL 7:481bce714567 17693 #endif
wolfSSL 7:481bce714567 17694 #ifndef NO_SHA
wolfSSL 7:481bce714567 17695 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 7:481bce714567 17696 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 7:481bce714567 17697 return SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 17698 }
wolfSSL 7:481bce714567 17699 #endif
wolfSSL 7:481bce714567 17700
wolfSSL 7:481bce714567 17701 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 17702 }
wolfSSL 7:481bce714567 17703
wolfSSL 7:481bce714567 17704
wolfSSL 7:481bce714567 17705 int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 7:481bce714567 17706 {
wolfSSL 7:481bce714567 17707 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL 7:481bce714567 17708
wolfSSL 7:481bce714567 17709 switch (ctx->cipherType) {
wolfSSL 7:481bce714567 17710
wolfSSL 7:481bce714567 17711 case AES_128_CBC_TYPE :
wolfSSL 7:481bce714567 17712 case AES_192_CBC_TYPE :
wolfSSL 7:481bce714567 17713 case AES_256_CBC_TYPE :
wolfSSL 7:481bce714567 17714 WOLFSSL_MSG("AES CBC");
wolfSSL 7:481bce714567 17715 return AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 17716
wolfSSL 7:481bce714567 17717 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 7:481bce714567 17718 case AES_128_CTR_TYPE :
wolfSSL 7:481bce714567 17719 case AES_192_CTR_TYPE :
wolfSSL 7:481bce714567 17720 case AES_256_CTR_TYPE :
wolfSSL 7:481bce714567 17721 WOLFSSL_MSG("AES CTR");
wolfSSL 7:481bce714567 17722 return AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 17723 #endif
wolfSSL 7:481bce714567 17724
wolfSSL 7:481bce714567 17725 case DES_CBC_TYPE :
wolfSSL 7:481bce714567 17726 WOLFSSL_MSG("DES CBC");
wolfSSL 7:481bce714567 17727 return DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 17728
wolfSSL 7:481bce714567 17729 case DES_EDE3_CBC_TYPE :
wolfSSL 7:481bce714567 17730 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 7:481bce714567 17731 return DES_BLOCK_SIZE;
wolfSSL 7:481bce714567 17732 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 17733 case IDEA_CBC_TYPE :
wolfSSL 7:481bce714567 17734 WOLFSSL_MSG("IDEA CBC");
wolfSSL 7:481bce714567 17735 return IDEA_BLOCK_SIZE;
wolfSSL 7:481bce714567 17736 #endif
wolfSSL 7:481bce714567 17737 case ARC4_TYPE :
wolfSSL 7:481bce714567 17738 WOLFSSL_MSG("ARC4");
wolfSSL 7:481bce714567 17739 return 0;
wolfSSL 7:481bce714567 17740
wolfSSL 7:481bce714567 17741 case NULL_CIPHER_TYPE :
wolfSSL 7:481bce714567 17742 WOLFSSL_MSG("NULL");
wolfSSL 7:481bce714567 17743 return 0;
wolfSSL 7:481bce714567 17744
wolfSSL 7:481bce714567 17745 default: {
wolfSSL 7:481bce714567 17746 WOLFSSL_MSG("bad type");
wolfSSL 7:481bce714567 17747 }
wolfSSL 7:481bce714567 17748 }
wolfSSL 7:481bce714567 17749 return 0;
wolfSSL 7:481bce714567 17750 }
wolfSSL 7:481bce714567 17751
wolfSSL 7:481bce714567 17752
wolfSSL 7:481bce714567 17753 void wolfSSL_OPENSSL_free(void* p)
wolfSSL 7:481bce714567 17754 {
wolfSSL 7:481bce714567 17755 WOLFSSL_MSG("wolfSSL_OPENSSL_free");
wolfSSL 7:481bce714567 17756
wolfSSL 7:481bce714567 17757 XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 17758 }
wolfSSL 7:481bce714567 17759
wolfSSL 7:481bce714567 17760 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 7:481bce714567 17761
wolfSSL 7:481bce714567 17762 static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 17763 unsigned char* passwd, int passwdSz, byte **cipherInfo)
wolfSSL 7:481bce714567 17764 {
wolfSSL 7:481bce714567 17765 int ret, paddingSz;
wolfSSL 7:481bce714567 17766 word32 idx, cipherInfoSz;
wolfSSL 7:481bce714567 17767 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17768 EncryptedInfo* info = NULL;
wolfSSL 7:481bce714567 17769 #else
wolfSSL 7:481bce714567 17770 EncryptedInfo info[1];
wolfSSL 7:481bce714567 17771 #endif
wolfSSL 7:481bce714567 17772
wolfSSL 7:481bce714567 17773 WOLFSSL_ENTER("EncryptDerKey");
wolfSSL 7:481bce714567 17774
wolfSSL 7:481bce714567 17775 if (der == NULL || derSz == NULL || cipher == NULL ||
wolfSSL 7:481bce714567 17776 passwd == NULL || cipherInfo == NULL)
wolfSSL 7:481bce714567 17777 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 17778
wolfSSL 7:481bce714567 17779 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17780 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 7:481bce714567 17781 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17782 if (info == NULL) {
wolfSSL 7:481bce714567 17783 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 17784 return SSL_FAILURE;
wolfSSL 7:481bce714567 17785 }
wolfSSL 7:481bce714567 17786 #endif
wolfSSL 7:481bce714567 17787 info->set = 0;
wolfSSL 7:481bce714567 17788 info->ctx = NULL;
wolfSSL 7:481bce714567 17789 info->consumed = 0;
wolfSSL 7:481bce714567 17790
wolfSSL 7:481bce714567 17791 /* set iv size */
wolfSSL 7:481bce714567 17792 if (XSTRNCMP(cipher, "DES", 3) == 0)
wolfSSL 7:481bce714567 17793 info->ivSz = DES_IV_SIZE;
wolfSSL 7:481bce714567 17794 else if (XSTRNCMP(cipher, "AES", 3) == 0)
wolfSSL 7:481bce714567 17795 info->ivSz = AES_IV_SIZE;
wolfSSL 7:481bce714567 17796 else {
wolfSSL 7:481bce714567 17797 WOLFSSL_MSG("unsupported cipher");
wolfSSL 7:481bce714567 17798 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17799 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17800 #endif
wolfSSL 7:481bce714567 17801 return SSL_FAILURE;
wolfSSL 7:481bce714567 17802 }
wolfSSL 7:481bce714567 17803
wolfSSL 7:481bce714567 17804 /* set the cipher name on info */
wolfSSL 7:481bce714567 17805 XSTRNCPY(info->name, cipher, NAME_SZ);
wolfSSL 7:481bce714567 17806
wolfSSL 7:481bce714567 17807 /* Generate a random salt */
wolfSSL 7:481bce714567 17808 if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17809 WOLFSSL_MSG("generate iv failed");
wolfSSL 7:481bce714567 17810 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17811 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17812 #endif
wolfSSL 7:481bce714567 17813 return SSL_FAILURE;
wolfSSL 7:481bce714567 17814 }
wolfSSL 7:481bce714567 17815
wolfSSL 7:481bce714567 17816 /* add the padding before encryption */
wolfSSL 7:481bce714567 17817 paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
wolfSSL 7:481bce714567 17818 if (paddingSz == 0)
wolfSSL 7:481bce714567 17819 paddingSz = info->ivSz;
wolfSSL 7:481bce714567 17820 XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
wolfSSL 7:481bce714567 17821 (*derSz) += paddingSz;
wolfSSL 7:481bce714567 17822
wolfSSL 7:481bce714567 17823 /* encrypt buffer */
wolfSSL 7:481bce714567 17824 if (wolfssl_encrypt_buffer_key(der, *derSz,
wolfSSL 7:481bce714567 17825 passwd, passwdSz, info) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17826 WOLFSSL_MSG("encrypt key failed");
wolfSSL 7:481bce714567 17827 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17828 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17829 #endif
wolfSSL 7:481bce714567 17830 return SSL_FAILURE;
wolfSSL 7:481bce714567 17831 }
wolfSSL 7:481bce714567 17832
wolfSSL 7:481bce714567 17833 /* create cipher info : 'cipher_name,Salt(hex)' */
wolfSSL 7:481bce714567 17834 cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
wolfSSL 7:481bce714567 17835 *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
wolfSSL 7:481bce714567 17836 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17837 if (*cipherInfo == NULL) {
wolfSSL 7:481bce714567 17838 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 17839 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17840 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17841 #endif
wolfSSL 7:481bce714567 17842 return SSL_FAILURE;
wolfSSL 7:481bce714567 17843 }
wolfSSL 7:481bce714567 17844 XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz);
wolfSSL 7:481bce714567 17845 XSTRNCAT((char*)*cipherInfo, ",", 1);
wolfSSL 7:481bce714567 17846
wolfSSL 7:481bce714567 17847 idx = (word32)XSTRLEN((char*)*cipherInfo);
wolfSSL 7:481bce714567 17848 cipherInfoSz -= idx;
wolfSSL 7:481bce714567 17849 ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
wolfSSL 7:481bce714567 17850
wolfSSL 7:481bce714567 17851 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 17852 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17853 #endif
wolfSSL 7:481bce714567 17854 if (ret != 0) {
wolfSSL 7:481bce714567 17855 WOLFSSL_MSG("Base16_Encode failed");
wolfSSL 7:481bce714567 17856 XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17857 return SSL_FAILURE;
wolfSSL 7:481bce714567 17858 }
wolfSSL 7:481bce714567 17859
wolfSSL 7:481bce714567 17860 return SSL_SUCCESS;
wolfSSL 7:481bce714567 17861 }
wolfSSL 7:481bce714567 17862 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 7:481bce714567 17863
wolfSSL 7:481bce714567 17864 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
wolfSSL 7:481bce714567 17865
wolfSSL 7:481bce714567 17866 int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
wolfSSL 7:481bce714567 17867 const WOLFSSL_EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 17868 unsigned char* passwd, int len,
wolfSSL 7:481bce714567 17869 pem_password_cb* cb, void* arg)
wolfSSL 7:481bce714567 17870 {
wolfSSL 7:481bce714567 17871 byte* keyDer;
wolfSSL 7:481bce714567 17872 int pemSz;
wolfSSL 7:481bce714567 17873 int type;
wolfSSL 7:481bce714567 17874 int ret;
wolfSSL 7:481bce714567 17875
wolfSSL 7:481bce714567 17876 (void)cipher;
wolfSSL 7:481bce714567 17877 (void)passwd;
wolfSSL 7:481bce714567 17878 (void)len;
wolfSSL 7:481bce714567 17879 (void)cb;
wolfSSL 7:481bce714567 17880 (void)arg;
wolfSSL 7:481bce714567 17881
wolfSSL 7:481bce714567 17882 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey");
wolfSSL 7:481bce714567 17883
wolfSSL 7:481bce714567 17884 if (bio == NULL || key == NULL) {
wolfSSL 7:481bce714567 17885 return SSL_FAILURE;
wolfSSL 7:481bce714567 17886 }
wolfSSL 7:481bce714567 17887
wolfSSL 7:481bce714567 17888 keyDer = (byte*)key->pkey.ptr;
wolfSSL 7:481bce714567 17889
wolfSSL 7:481bce714567 17890 switch (key->type) {
wolfSSL 7:481bce714567 17891 case EVP_PKEY_RSA:
wolfSSL 7:481bce714567 17892 type = PRIVATEKEY_TYPE;
wolfSSL 7:481bce714567 17893 break;
wolfSSL 7:481bce714567 17894
wolfSSL 7:481bce714567 17895 #ifndef NO_DSA
wolfSSL 7:481bce714567 17896 case EVP_PKEY_DSA:
wolfSSL 7:481bce714567 17897 type = DSA_PRIVATEKEY_TYPE;
wolfSSL 7:481bce714567 17898 break;
wolfSSL 7:481bce714567 17899 #endif
wolfSSL 7:481bce714567 17900
wolfSSL 7:481bce714567 17901 case EVP_PKEY_EC:
wolfSSL 7:481bce714567 17902 type = ECC_PRIVATEKEY_TYPE;
wolfSSL 7:481bce714567 17903 break;
wolfSSL 7:481bce714567 17904
wolfSSL 7:481bce714567 17905 default:
wolfSSL 7:481bce714567 17906 WOLFSSL_MSG("Unknown Key type!");
wolfSSL 7:481bce714567 17907 type = PRIVATEKEY_TYPE;
wolfSSL 7:481bce714567 17908 }
wolfSSL 7:481bce714567 17909
wolfSSL 7:481bce714567 17910 pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type);
wolfSSL 7:481bce714567 17911 if (pemSz < 0) {
wolfSSL 7:481bce714567 17912 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz);
wolfSSL 7:481bce714567 17913 return SSL_FAILURE;
wolfSSL 7:481bce714567 17914 }
wolfSSL 7:481bce714567 17915 if (bio->mem != NULL) {
wolfSSL 7:481bce714567 17916 XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 17917 }
wolfSSL 7:481bce714567 17918 bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 7:481bce714567 17919 bio->memLen = pemSz;
wolfSSL 7:481bce714567 17920
wolfSSL 7:481bce714567 17921 ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen,
wolfSSL 7:481bce714567 17922 NULL, type);
wolfSSL 7:481bce714567 17923 if (ret < 0) {
wolfSSL 7:481bce714567 17924 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret);
wolfSSL 7:481bce714567 17925 return SSL_FAILURE;
wolfSSL 7:481bce714567 17926 }
wolfSSL 7:481bce714567 17927
wolfSSL 7:481bce714567 17928 return SSL_SUCCESS;
wolfSSL 7:481bce714567 17929 }
wolfSSL 7:481bce714567 17930 #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */
wolfSSL 7:481bce714567 17931
wolfSSL 7:481bce714567 17932 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
wolfSSL 7:481bce714567 17933
wolfSSL 7:481bce714567 17934 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 17935 * 1 if success, 0 if error
wolfSSL 7:481bce714567 17936 */
wolfSSL 7:481bce714567 17937 int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 17938 unsigned char* passwd, int passwdSz,
wolfSSL 7:481bce714567 17939 unsigned char **pem, int *plen)
wolfSSL 7:481bce714567 17940 {
wolfSSL 7:481bce714567 17941 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 7:481bce714567 17942 int der_max_len = 0, derSz = 0;
wolfSSL 7:481bce714567 17943
wolfSSL 7:481bce714567 17944 WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
wolfSSL 7:481bce714567 17945
wolfSSL 7:481bce714567 17946 if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
wolfSSL 7:481bce714567 17947 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 17948 return SSL_FAILURE;
wolfSSL 7:481bce714567 17949 }
wolfSSL 7:481bce714567 17950
wolfSSL 7:481bce714567 17951 if (rsa->inSet == 0) {
wolfSSL 7:481bce714567 17952 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 7:481bce714567 17953
wolfSSL 7:481bce714567 17954 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17955 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 7:481bce714567 17956 return SSL_FAILURE;
wolfSSL 7:481bce714567 17957 }
wolfSSL 7:481bce714567 17958 }
wolfSSL 7:481bce714567 17959
wolfSSL 7:481bce714567 17960 /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional
wolfSSL 7:481bce714567 17961 * informations
wolfSSL 7:481bce714567 17962 */
wolfSSL 7:481bce714567 17963 der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 17964
wolfSSL 7:481bce714567 17965 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17966 if (derBuf == NULL) {
wolfSSL 7:481bce714567 17967 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 17968 return SSL_FAILURE;
wolfSSL 7:481bce714567 17969 }
wolfSSL 7:481bce714567 17970
wolfSSL 7:481bce714567 17971 /* Key to DER */
wolfSSL 7:481bce714567 17972 derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, der_max_len);
wolfSSL 7:481bce714567 17973 if (derSz < 0) {
wolfSSL 7:481bce714567 17974 WOLFSSL_MSG("wc_RsaKeyToDer failed");
wolfSSL 7:481bce714567 17975 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17976 return SSL_FAILURE;
wolfSSL 7:481bce714567 17977 }
wolfSSL 7:481bce714567 17978
wolfSSL 7:481bce714567 17979 /* encrypt DER buffer if required */
wolfSSL 7:481bce714567 17980 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 7:481bce714567 17981 int ret;
wolfSSL 7:481bce714567 17982
wolfSSL 7:481bce714567 17983 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 7:481bce714567 17984 passwd, passwdSz, &cipherInfo);
wolfSSL 7:481bce714567 17985 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 17986 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 7:481bce714567 17987 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17988 return ret;
wolfSSL 7:481bce714567 17989 }
wolfSSL 7:481bce714567 17990
wolfSSL 7:481bce714567 17991 /* tmp buffer with a max size */
wolfSSL 7:481bce714567 17992 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) +
wolfSSL 7:481bce714567 17993 sizeof(END_RSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 7:481bce714567 17994 }
wolfSSL 7:481bce714567 17995 else /* tmp buffer with a max size */
wolfSSL 7:481bce714567 17996 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
wolfSSL 7:481bce714567 17997
wolfSSL 7:481bce714567 17998 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17999 if (tmp == NULL) {
wolfSSL 7:481bce714567 18000 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 18001 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18002 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 18003 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18004 return SSL_FAILURE;
wolfSSL 7:481bce714567 18005 }
wolfSSL 7:481bce714567 18006
wolfSSL 7:481bce714567 18007 /* DER to PEM */
wolfSSL 7:481bce714567 18008 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
wolfSSL 7:481bce714567 18009 if (*plen <= 0) {
wolfSSL 7:481bce714567 18010 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 7:481bce714567 18011 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18012 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18013 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 18014 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18015 return SSL_FAILURE;
wolfSSL 7:481bce714567 18016 }
wolfSSL 7:481bce714567 18017 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18018 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 18019 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18020
wolfSSL 7:481bce714567 18021 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 18022 if (*pem == NULL) {
wolfSSL 7:481bce714567 18023 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 18024 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18025 return SSL_FAILURE;
wolfSSL 7:481bce714567 18026 }
wolfSSL 7:481bce714567 18027 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 7:481bce714567 18028
wolfSSL 7:481bce714567 18029 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 7:481bce714567 18030 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 7:481bce714567 18031 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 18032 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18033 return SSL_FAILURE;
wolfSSL 7:481bce714567 18034 }
wolfSSL 7:481bce714567 18035 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18036
wolfSSL 7:481bce714567 18037 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18038 }
wolfSSL 7:481bce714567 18039
wolfSSL 7:481bce714567 18040
wolfSSL 7:481bce714567 18041 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 18042 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18043 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18044 */
wolfSSL 7:481bce714567 18045 int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
wolfSSL 7:481bce714567 18046 const EVP_CIPHER *enc,
wolfSSL 7:481bce714567 18047 unsigned char *kstr, int klen,
wolfSSL 7:481bce714567 18048 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 18049 {
wolfSSL 7:481bce714567 18050 byte *pem;
wolfSSL 7:481bce714567 18051 int plen, ret;
wolfSSL 7:481bce714567 18052
wolfSSL 7:481bce714567 18053 (void)cb;
wolfSSL 7:481bce714567 18054 (void)u;
wolfSSL 7:481bce714567 18055
wolfSSL 7:481bce714567 18056 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
wolfSSL 7:481bce714567 18057
wolfSSL 7:481bce714567 18058 if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
wolfSSL 7:481bce714567 18059 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 18060 return SSL_FAILURE;
wolfSSL 7:481bce714567 18061 }
wolfSSL 7:481bce714567 18062
wolfSSL 7:481bce714567 18063 ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen);
wolfSSL 7:481bce714567 18064 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18065 WOLFSSL_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
wolfSSL 7:481bce714567 18066 return SSL_FAILURE;
wolfSSL 7:481bce714567 18067 }
wolfSSL 7:481bce714567 18068
wolfSSL 7:481bce714567 18069 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 7:481bce714567 18070 if (ret != 1) {
wolfSSL 7:481bce714567 18071 WOLFSSL_MSG("RSA private key file write failed");
wolfSSL 7:481bce714567 18072 return SSL_FAILURE;
wolfSSL 7:481bce714567 18073 }
wolfSSL 7:481bce714567 18074
wolfSSL 7:481bce714567 18075 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 18076 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18077 }
wolfSSL 7:481bce714567 18078 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 18079
wolfSSL 7:481bce714567 18080 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
wolfSSL 7:481bce714567 18081 const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 18082 unsigned char* passwd, int len,
wolfSSL 7:481bce714567 18083 pem_password_cb* cb, void* arg)
wolfSSL 7:481bce714567 18084 {
wolfSSL 7:481bce714567 18085 (void)bio;
wolfSSL 7:481bce714567 18086 (void)rsa;
wolfSSL 7:481bce714567 18087 (void)cipher;
wolfSSL 7:481bce714567 18088 (void)passwd;
wolfSSL 7:481bce714567 18089 (void)len;
wolfSSL 7:481bce714567 18090 (void)cb;
wolfSSL 7:481bce714567 18091 (void)arg;
wolfSSL 7:481bce714567 18092
wolfSSL 7:481bce714567 18093 WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
wolfSSL 7:481bce714567 18094
wolfSSL 7:481bce714567 18095 return SSL_FAILURE;
wolfSSL 7:481bce714567 18096 }
wolfSSL 7:481bce714567 18097 #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
wolfSSL 7:481bce714567 18098
wolfSSL 7:481bce714567 18099 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 18100
wolfSSL 7:481bce714567 18101 /* EC_POINT Openssl -> WolfSSL */
wolfSSL 7:481bce714567 18102 static int SetECPointInternal(WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 18103 {
wolfSSL 7:481bce714567 18104 ecc_point* point;
wolfSSL 7:481bce714567 18105 WOLFSSL_ENTER("SetECPointInternal");
wolfSSL 7:481bce714567 18106
wolfSSL 7:481bce714567 18107 if (p == NULL || p->internal == NULL) {
wolfSSL 7:481bce714567 18108 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 7:481bce714567 18109 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18110 }
wolfSSL 7:481bce714567 18111
wolfSSL 7:481bce714567 18112 point = (ecc_point*)p->internal;
wolfSSL 7:481bce714567 18113
wolfSSL 7:481bce714567 18114 if (p->X != NULL && SetIndividualInternal(p->X, point->x) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18115 WOLFSSL_MSG("ecc point X error");
wolfSSL 7:481bce714567 18116 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18117 }
wolfSSL 7:481bce714567 18118
wolfSSL 7:481bce714567 18119 if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18120 WOLFSSL_MSG("ecc point Y error");
wolfSSL 7:481bce714567 18121 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18122 }
wolfSSL 7:481bce714567 18123
wolfSSL 7:481bce714567 18124 if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18125 WOLFSSL_MSG("ecc point Z error");
wolfSSL 7:481bce714567 18126 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18127 }
wolfSSL 7:481bce714567 18128
wolfSSL 7:481bce714567 18129 p->inSet = 1;
wolfSSL 7:481bce714567 18130
wolfSSL 7:481bce714567 18131 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18132 }
wolfSSL 7:481bce714567 18133
wolfSSL 7:481bce714567 18134 /* EC_POINT WolfSSL -> OpenSSL */
wolfSSL 7:481bce714567 18135 static int SetECPointExternal(WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 18136 {
wolfSSL 7:481bce714567 18137 ecc_point* point;
wolfSSL 7:481bce714567 18138
wolfSSL 7:481bce714567 18139 WOLFSSL_ENTER("SetECPointExternal");
wolfSSL 7:481bce714567 18140
wolfSSL 7:481bce714567 18141 if (p == NULL || p->internal == NULL) {
wolfSSL 7:481bce714567 18142 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 7:481bce714567 18143 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18144 }
wolfSSL 7:481bce714567 18145
wolfSSL 7:481bce714567 18146 point = (ecc_point*)p->internal;
wolfSSL 7:481bce714567 18147
wolfSSL 7:481bce714567 18148 if (SetIndividualExternal(&p->X, point->x) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18149 WOLFSSL_MSG("ecc point X error");
wolfSSL 7:481bce714567 18150 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18151 }
wolfSSL 7:481bce714567 18152
wolfSSL 7:481bce714567 18153 if (SetIndividualExternal(&p->Y, point->y) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18154 WOLFSSL_MSG("ecc point Y error");
wolfSSL 7:481bce714567 18155 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18156 }
wolfSSL 7:481bce714567 18157
wolfSSL 7:481bce714567 18158 if (SetIndividualExternal(&p->Z, point->z) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18159 WOLFSSL_MSG("ecc point Z error");
wolfSSL 7:481bce714567 18160 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18161 }
wolfSSL 7:481bce714567 18162
wolfSSL 7:481bce714567 18163 p->exSet = 1;
wolfSSL 7:481bce714567 18164
wolfSSL 7:481bce714567 18165 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18166 }
wolfSSL 7:481bce714567 18167
wolfSSL 7:481bce714567 18168 /* EC_KEY wolfSSL -> OpenSSL */
wolfSSL 7:481bce714567 18169 static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 7:481bce714567 18170 {
wolfSSL 7:481bce714567 18171 ecc_key* key;
wolfSSL 7:481bce714567 18172
wolfSSL 7:481bce714567 18173 WOLFSSL_ENTER("SetECKeyExternal");
wolfSSL 7:481bce714567 18174
wolfSSL 7:481bce714567 18175 if (eckey == NULL || eckey->internal == NULL) {
wolfSSL 7:481bce714567 18176 WOLFSSL_MSG("ec key NULL error");
wolfSSL 7:481bce714567 18177 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18178 }
wolfSSL 7:481bce714567 18179
wolfSSL 7:481bce714567 18180 key = (ecc_key*)eckey->internal;
wolfSSL 7:481bce714567 18181
wolfSSL 7:481bce714567 18182 /* set group (nid and idx) */
wolfSSL 7:481bce714567 18183 eckey->group->curve_nid = ecc_sets[key->idx].id;
wolfSSL 7:481bce714567 18184 eckey->group->curve_idx = key->idx;
wolfSSL 7:481bce714567 18185
wolfSSL 7:481bce714567 18186 if (eckey->pub_key->internal != NULL) {
wolfSSL 7:481bce714567 18187 /* set the internal public key */
wolfSSL 7:481bce714567 18188 if (wc_ecc_copy_point(&key->pubkey,
wolfSSL 7:481bce714567 18189 (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 18190 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
wolfSSL 7:481bce714567 18191 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18192 }
wolfSSL 7:481bce714567 18193
wolfSSL 7:481bce714567 18194 /* set the external pubkey (point) */
wolfSSL 7:481bce714567 18195 if (SetECPointExternal(eckey->pub_key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18196 WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
wolfSSL 7:481bce714567 18197 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18198 }
wolfSSL 7:481bce714567 18199 }
wolfSSL 7:481bce714567 18200
wolfSSL 7:481bce714567 18201 /* set the external privkey */
wolfSSL 7:481bce714567 18202 if (key->type == ECC_PRIVATEKEY) {
wolfSSL 7:481bce714567 18203 if (SetIndividualExternal(&eckey->priv_key, &key->k) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18204 WOLFSSL_MSG("ec priv key error");
wolfSSL 7:481bce714567 18205 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18206 }
wolfSSL 7:481bce714567 18207 }
wolfSSL 7:481bce714567 18208
wolfSSL 7:481bce714567 18209 eckey->exSet = 1;
wolfSSL 7:481bce714567 18210
wolfSSL 7:481bce714567 18211 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18212 }
wolfSSL 7:481bce714567 18213
wolfSSL 7:481bce714567 18214 /* EC_KEY Openssl -> WolfSSL */
wolfSSL 7:481bce714567 18215 static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 7:481bce714567 18216 {
wolfSSL 7:481bce714567 18217 ecc_key* key;
wolfSSL 7:481bce714567 18218
wolfSSL 7:481bce714567 18219 WOLFSSL_ENTER("SetECKeyInternal");
wolfSSL 7:481bce714567 18220
wolfSSL 7:481bce714567 18221 if (eckey == NULL || eckey->internal == NULL) {
wolfSSL 7:481bce714567 18222 WOLFSSL_MSG("ec key NULL error");
wolfSSL 7:481bce714567 18223 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18224 }
wolfSSL 7:481bce714567 18225
wolfSSL 7:481bce714567 18226 key = (ecc_key*)eckey->internal;
wolfSSL 7:481bce714567 18227
wolfSSL 7:481bce714567 18228 /* validate group */
wolfSSL 7:481bce714567 18229 if ((eckey->group->curve_idx < 0) ||
wolfSSL 7:481bce714567 18230 (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
wolfSSL 7:481bce714567 18231 WOLFSSL_MSG("invalid curve idx");
wolfSSL 7:481bce714567 18232 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18233 }
wolfSSL 7:481bce714567 18234
wolfSSL 7:481bce714567 18235 /* set group (idx of curve and corresponding domain parameters) */
wolfSSL 7:481bce714567 18236 key->idx = eckey->group->curve_idx;
wolfSSL 7:481bce714567 18237 key->dp = &ecc_sets[key->idx];
wolfSSL 7:481bce714567 18238
wolfSSL 7:481bce714567 18239 /* set pubkey (point) */
wolfSSL 7:481bce714567 18240 if (eckey->pub_key != NULL) {
wolfSSL 7:481bce714567 18241 if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18242 WOLFSSL_MSG("ec key pub error");
wolfSSL 7:481bce714567 18243 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18244 }
wolfSSL 7:481bce714567 18245
wolfSSL 7:481bce714567 18246 /* public key */
wolfSSL 7:481bce714567 18247 key->type = ECC_PUBLICKEY;
wolfSSL 7:481bce714567 18248 }
wolfSSL 7:481bce714567 18249
wolfSSL 7:481bce714567 18250 /* set privkey */
wolfSSL 7:481bce714567 18251 if (eckey->priv_key != NULL) {
wolfSSL 7:481bce714567 18252 if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18253 WOLFSSL_MSG("ec key priv error");
wolfSSL 7:481bce714567 18254 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18255 }
wolfSSL 7:481bce714567 18256
wolfSSL 7:481bce714567 18257 /* private key */
wolfSSL 7:481bce714567 18258 key->type = ECC_PRIVATEKEY;
wolfSSL 7:481bce714567 18259 }
wolfSSL 7:481bce714567 18260
wolfSSL 7:481bce714567 18261 eckey->inSet = 1;
wolfSSL 7:481bce714567 18262
wolfSSL 7:481bce714567 18263 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18264 }
wolfSSL 7:481bce714567 18265
wolfSSL 7:481bce714567 18266 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 18267 {
wolfSSL 7:481bce714567 18268 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
wolfSSL 7:481bce714567 18269
wolfSSL 7:481bce714567 18270 if (key == NULL) {
wolfSSL 7:481bce714567 18271 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
wolfSSL 7:481bce714567 18272 return NULL;
wolfSSL 7:481bce714567 18273 }
wolfSSL 7:481bce714567 18274
wolfSSL 7:481bce714567 18275 return key->pub_key;
wolfSSL 7:481bce714567 18276 }
wolfSSL 7:481bce714567 18277
wolfSSL 7:481bce714567 18278 const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 18279 {
wolfSSL 7:481bce714567 18280 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
wolfSSL 7:481bce714567 18281
wolfSSL 7:481bce714567 18282 if (key == NULL) {
wolfSSL 7:481bce714567 18283 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
wolfSSL 7:481bce714567 18284 return NULL;
wolfSSL 7:481bce714567 18285 }
wolfSSL 7:481bce714567 18286
wolfSSL 7:481bce714567 18287 return key->group;
wolfSSL 7:481bce714567 18288 }
wolfSSL 7:481bce714567 18289
wolfSSL 7:481bce714567 18290
wolfSSL 7:481bce714567 18291 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18292 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18293 */
wolfSSL 7:481bce714567 18294 int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
wolfSSL 7:481bce714567 18295 const WOLFSSL_BIGNUM *priv_key)
wolfSSL 7:481bce714567 18296 {
wolfSSL 7:481bce714567 18297 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
wolfSSL 7:481bce714567 18298
wolfSSL 7:481bce714567 18299 if (key == NULL || priv_key == NULL) {
wolfSSL 7:481bce714567 18300 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 18301 return SSL_FAILURE;
wolfSSL 7:481bce714567 18302 }
wolfSSL 7:481bce714567 18303
wolfSSL 7:481bce714567 18304 /* free key if previously set */
wolfSSL 7:481bce714567 18305 if (key->priv_key != NULL)
wolfSSL 7:481bce714567 18306 wolfSSL_BN_free(key->priv_key);
wolfSSL 7:481bce714567 18307
wolfSSL 7:481bce714567 18308 key->priv_key = wolfSSL_BN_dup(priv_key);
wolfSSL 7:481bce714567 18309 if (key->priv_key == NULL) {
wolfSSL 7:481bce714567 18310 WOLFSSL_MSG("key ecc priv key NULL");
wolfSSL 7:481bce714567 18311 return SSL_FAILURE;
wolfSSL 7:481bce714567 18312 }
wolfSSL 7:481bce714567 18313
wolfSSL 7:481bce714567 18314 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18315 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 7:481bce714567 18316 wolfSSL_BN_free(key->priv_key);
wolfSSL 7:481bce714567 18317 return SSL_FAILURE;
wolfSSL 7:481bce714567 18318 }
wolfSSL 7:481bce714567 18319
wolfSSL 7:481bce714567 18320 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18321 }
wolfSSL 7:481bce714567 18322
wolfSSL 7:481bce714567 18323
wolfSSL 7:481bce714567 18324 WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 18325 {
wolfSSL 7:481bce714567 18326 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
wolfSSL 7:481bce714567 18327
wolfSSL 7:481bce714567 18328 if (key == NULL) {
wolfSSL 7:481bce714567 18329 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
wolfSSL 7:481bce714567 18330 return NULL;
wolfSSL 7:481bce714567 18331 }
wolfSSL 7:481bce714567 18332
wolfSSL 7:481bce714567 18333 return key->priv_key;
wolfSSL 7:481bce714567 18334 }
wolfSSL 7:481bce714567 18335
wolfSSL 7:481bce714567 18336 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
wolfSSL 7:481bce714567 18337 {
wolfSSL 7:481bce714567 18338 WOLFSSL_EC_KEY *key;
wolfSSL 7:481bce714567 18339 int x;
wolfSSL 7:481bce714567 18340
wolfSSL 7:481bce714567 18341 WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
wolfSSL 7:481bce714567 18342
wolfSSL 7:481bce714567 18343 key = wolfSSL_EC_KEY_new();
wolfSSL 7:481bce714567 18344 if (key == NULL) {
wolfSSL 7:481bce714567 18345 WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
wolfSSL 7:481bce714567 18346 return NULL;
wolfSSL 7:481bce714567 18347 }
wolfSSL 7:481bce714567 18348
wolfSSL 7:481bce714567 18349 /* set the nid of the curve */
wolfSSL 7:481bce714567 18350 key->group->curve_nid = nid;
wolfSSL 7:481bce714567 18351
wolfSSL 7:481bce714567 18352 /* search and set the corresponding internal curve idx */
wolfSSL 7:481bce714567 18353 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 7:481bce714567 18354 if (ecc_sets[x].id == key->group->curve_nid) {
wolfSSL 7:481bce714567 18355 key->group->curve_idx = x;
wolfSSL 7:481bce714567 18356 break;
wolfSSL 7:481bce714567 18357 }
wolfSSL 7:481bce714567 18358
wolfSSL 7:481bce714567 18359 return key;
wolfSSL 7:481bce714567 18360 }
wolfSSL 7:481bce714567 18361
wolfSSL 7:481bce714567 18362 static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
wolfSSL 7:481bce714567 18363 {
wolfSSL 7:481bce714567 18364 if (key) {
wolfSSL 7:481bce714567 18365 key->group = NULL;
wolfSSL 7:481bce714567 18366 key->pub_key = NULL;
wolfSSL 7:481bce714567 18367 key->priv_key = NULL;
wolfSSL 7:481bce714567 18368 key->internal = NULL;
wolfSSL 7:481bce714567 18369 key->inSet = 0;
wolfSSL 7:481bce714567 18370 key->exSet = 0;
wolfSSL 7:481bce714567 18371 }
wolfSSL 7:481bce714567 18372 }
wolfSSL 7:481bce714567 18373
wolfSSL 7:481bce714567 18374 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
wolfSSL 7:481bce714567 18375 {
wolfSSL 7:481bce714567 18376 WOLFSSL_EC_KEY *external;
wolfSSL 7:481bce714567 18377 ecc_key* key;
wolfSSL 7:481bce714567 18378
wolfSSL 7:481bce714567 18379 WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
wolfSSL 7:481bce714567 18380
wolfSSL 7:481bce714567 18381 external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL,
wolfSSL 7:481bce714567 18382 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18383 if (external == NULL) {
wolfSSL 7:481bce714567 18384 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
wolfSSL 7:481bce714567 18385 return NULL;
wolfSSL 7:481bce714567 18386 }
wolfSSL 7:481bce714567 18387 XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
wolfSSL 7:481bce714567 18388
wolfSSL 7:481bce714567 18389 InitwolfSSL_ECKey(external);
wolfSSL 7:481bce714567 18390
wolfSSL 7:481bce714567 18391 external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
wolfSSL 7:481bce714567 18392 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18393 if (external->internal == NULL) {
wolfSSL 7:481bce714567 18394 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
wolfSSL 7:481bce714567 18395 wolfSSL_EC_KEY_free(external);
wolfSSL 7:481bce714567 18396 return NULL;
wolfSSL 7:481bce714567 18397 }
wolfSSL 7:481bce714567 18398 XMEMSET(external->internal, 0, sizeof(ecc_key));
wolfSSL 7:481bce714567 18399
wolfSSL 7:481bce714567 18400 wc_ecc_init((ecc_key*)external->internal);
wolfSSL 7:481bce714567 18401
wolfSSL 7:481bce714567 18402 /* public key */
wolfSSL 7:481bce714567 18403 external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
wolfSSL 7:481bce714567 18404 NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18405 if (external->pub_key == NULL) {
wolfSSL 7:481bce714567 18406 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
wolfSSL 7:481bce714567 18407 wolfSSL_EC_KEY_free(external);
wolfSSL 7:481bce714567 18408 return NULL;
wolfSSL 7:481bce714567 18409 }
wolfSSL 7:481bce714567 18410 XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
wolfSSL 7:481bce714567 18411
wolfSSL 7:481bce714567 18412 key = (ecc_key*)external->internal;
wolfSSL 7:481bce714567 18413 external->pub_key->internal = (ecc_point*)&key->pubkey;
wolfSSL 7:481bce714567 18414
wolfSSL 7:481bce714567 18415 /* curve group */
wolfSSL 7:481bce714567 18416 external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
wolfSSL 7:481bce714567 18417 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18418 if (external->group == NULL) {
wolfSSL 7:481bce714567 18419 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
wolfSSL 7:481bce714567 18420 wolfSSL_EC_KEY_free(external);
wolfSSL 7:481bce714567 18421 return NULL;
wolfSSL 7:481bce714567 18422 }
wolfSSL 7:481bce714567 18423 XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
wolfSSL 7:481bce714567 18424
wolfSSL 7:481bce714567 18425 /* private key */
wolfSSL 7:481bce714567 18426 external->priv_key = wolfSSL_BN_new();
wolfSSL 7:481bce714567 18427 if (external->priv_key == NULL) {
wolfSSL 7:481bce714567 18428 WOLFSSL_MSG("wolfSSL_BN_new failure");
wolfSSL 7:481bce714567 18429 wolfSSL_EC_KEY_free(external);
wolfSSL 7:481bce714567 18430 return NULL;
wolfSSL 7:481bce714567 18431 }
wolfSSL 7:481bce714567 18432
wolfSSL 7:481bce714567 18433 return external;
wolfSSL 7:481bce714567 18434 }
wolfSSL 7:481bce714567 18435
wolfSSL 7:481bce714567 18436 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 18437 {
wolfSSL 7:481bce714567 18438 WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
wolfSSL 7:481bce714567 18439
wolfSSL 7:481bce714567 18440 if (key != NULL) {
wolfSSL 7:481bce714567 18441 if (key->internal != NULL) {
wolfSSL 7:481bce714567 18442 wc_ecc_free((ecc_key*)key->internal);
wolfSSL 7:481bce714567 18443 XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18444 }
wolfSSL 7:481bce714567 18445 wolfSSL_BN_free(key->priv_key);
wolfSSL 7:481bce714567 18446 wolfSSL_EC_POINT_free(key->pub_key);
wolfSSL 7:481bce714567 18447 wolfSSL_EC_GROUP_free(key->group);
wolfSSL 7:481bce714567 18448 InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
wolfSSL 7:481bce714567 18449
wolfSSL 7:481bce714567 18450 XFREE(key, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18451 key = NULL;
wolfSSL 7:481bce714567 18452 }
wolfSSL 7:481bce714567 18453 }
wolfSSL 7:481bce714567 18454
wolfSSL 7:481bce714567 18455 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
wolfSSL 7:481bce714567 18456 {
wolfSSL 7:481bce714567 18457 (void)key;
wolfSSL 7:481bce714567 18458 (void)group;
wolfSSL 7:481bce714567 18459
wolfSSL 7:481bce714567 18460 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
wolfSSL 7:481bce714567 18461 WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
wolfSSL 7:481bce714567 18462
wolfSSL 7:481bce714567 18463 return -1;
wolfSSL 7:481bce714567 18464 }
wolfSSL 7:481bce714567 18465
wolfSSL 7:481bce714567 18466 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 18467 {
wolfSSL 7:481bce714567 18468 int initTmpRng = 0;
wolfSSL 7:481bce714567 18469 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 18470 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 18471 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 18472 #else
wolfSSL 7:481bce714567 18473 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 18474 #endif
wolfSSL 7:481bce714567 18475
wolfSSL 7:481bce714567 18476 WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
wolfSSL 7:481bce714567 18477
wolfSSL 7:481bce714567 18478 if (key == NULL || key->internal == NULL ||
wolfSSL 7:481bce714567 18479 key->group == NULL || key->group->curve_idx < 0) {
wolfSSL 7:481bce714567 18480 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
wolfSSL 7:481bce714567 18481 return 0;
wolfSSL 7:481bce714567 18482 }
wolfSSL 7:481bce714567 18483
wolfSSL 7:481bce714567 18484 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 18485 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18486 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 18487 return 0;
wolfSSL 7:481bce714567 18488 #endif
wolfSSL 7:481bce714567 18489
wolfSSL 7:481bce714567 18490 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 18491 rng = tmpRNG;
wolfSSL 7:481bce714567 18492 initTmpRng = 1;
wolfSSL 7:481bce714567 18493 }
wolfSSL 7:481bce714567 18494 else {
wolfSSL 7:481bce714567 18495 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 18496 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 18497 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 18498 else
wolfSSL 7:481bce714567 18499 rng = &globalRNG;
wolfSSL 7:481bce714567 18500 }
wolfSSL 7:481bce714567 18501
wolfSSL 7:481bce714567 18502 if (rng == NULL) {
wolfSSL 7:481bce714567 18503 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
wolfSSL 7:481bce714567 18504 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 18505 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18506 #endif
wolfSSL 7:481bce714567 18507 return 0;
wolfSSL 7:481bce714567 18508 }
wolfSSL 7:481bce714567 18509
wolfSSL 7:481bce714567 18510 if (wc_ecc_make_key_ex(rng, 0, (ecc_key*)key->internal,
wolfSSL 7:481bce714567 18511 key->group->curve_nid) != MP_OKAY) {
wolfSSL 7:481bce714567 18512 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
wolfSSL 7:481bce714567 18513 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 18514 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18515 #endif
wolfSSL 7:481bce714567 18516 return 0;
wolfSSL 7:481bce714567 18517 }
wolfSSL 7:481bce714567 18518
wolfSSL 7:481bce714567 18519 if (initTmpRng)
wolfSSL 7:481bce714567 18520 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 18521 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 18522 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18523 #endif
wolfSSL 7:481bce714567 18524
wolfSSL 7:481bce714567 18525 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18526 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
wolfSSL 7:481bce714567 18527 return 0;
wolfSSL 7:481bce714567 18528 }
wolfSSL 7:481bce714567 18529
wolfSSL 7:481bce714567 18530 return 1;
wolfSSL 7:481bce714567 18531 }
wolfSSL 7:481bce714567 18532
wolfSSL 7:481bce714567 18533 void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
wolfSSL 7:481bce714567 18534 {
wolfSSL 7:481bce714567 18535 (void)key;
wolfSSL 7:481bce714567 18536 (void)asn1_flag;
wolfSSL 7:481bce714567 18537
wolfSSL 7:481bce714567 18538 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
wolfSSL 7:481bce714567 18539 WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
wolfSSL 7:481bce714567 18540 }
wolfSSL 7:481bce714567 18541
wolfSSL 7:481bce714567 18542 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18543 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18544 */
wolfSSL 7:481bce714567 18545 int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
wolfSSL 7:481bce714567 18546 const WOLFSSL_EC_POINT *pub)
wolfSSL 7:481bce714567 18547 {
wolfSSL 7:481bce714567 18548 ecc_point *pub_p, *key_p;
wolfSSL 7:481bce714567 18549
wolfSSL 7:481bce714567 18550 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
wolfSSL 7:481bce714567 18551
wolfSSL 7:481bce714567 18552 if (key == NULL || key->internal == NULL ||
wolfSSL 7:481bce714567 18553 pub == NULL || pub->internal == NULL) {
wolfSSL 7:481bce714567 18554 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
wolfSSL 7:481bce714567 18555 return SSL_FAILURE;
wolfSSL 7:481bce714567 18556 }
wolfSSL 7:481bce714567 18557
wolfSSL 7:481bce714567 18558 if (key->inSet == 0) {
wolfSSL 7:481bce714567 18559 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18560 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 7:481bce714567 18561 return SSL_FAILURE;
wolfSSL 7:481bce714567 18562 }
wolfSSL 7:481bce714567 18563 }
wolfSSL 7:481bce714567 18564
wolfSSL 7:481bce714567 18565 if (pub->inSet == 0) {
wolfSSL 7:481bce714567 18566 if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18567 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 7:481bce714567 18568 return SSL_FAILURE;
wolfSSL 7:481bce714567 18569 }
wolfSSL 7:481bce714567 18570 }
wolfSSL 7:481bce714567 18571
wolfSSL 7:481bce714567 18572 pub_p = (ecc_point*)pub->internal;
wolfSSL 7:481bce714567 18573 key_p = (ecc_point*)key->pub_key->internal;
wolfSSL 7:481bce714567 18574
wolfSSL 7:481bce714567 18575 /* create new point if required */
wolfSSL 7:481bce714567 18576 if (key_p == NULL)
wolfSSL 7:481bce714567 18577 key_p = wc_ecc_new_point();
wolfSSL 7:481bce714567 18578
wolfSSL 7:481bce714567 18579 if (key_p == NULL) {
wolfSSL 7:481bce714567 18580 WOLFSSL_MSG("key ecc point NULL");
wolfSSL 7:481bce714567 18581 return SSL_FAILURE;
wolfSSL 7:481bce714567 18582 }
wolfSSL 7:481bce714567 18583
wolfSSL 7:481bce714567 18584 if (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY) {
wolfSSL 7:481bce714567 18585 WOLFSSL_MSG("ecc_copy_point failure");
wolfSSL 7:481bce714567 18586 return SSL_FAILURE;
wolfSSL 7:481bce714567 18587 }
wolfSSL 7:481bce714567 18588
wolfSSL 7:481bce714567 18589 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18590 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 7:481bce714567 18591 return SSL_FAILURE;
wolfSSL 7:481bce714567 18592 }
wolfSSL 7:481bce714567 18593
wolfSSL 7:481bce714567 18594 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 18595 wolfssl_EC_POINT_dump("pub", pub);
wolfSSL 7:481bce714567 18596 wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
wolfSSL 7:481bce714567 18597 #endif
wolfSSL 7:481bce714567 18598 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18599 }
wolfSSL 7:481bce714567 18600 /* End EC_KEY */
wolfSSL 7:481bce714567 18601
wolfSSL 7:481bce714567 18602 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 18603 void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 18604 {
wolfSSL 7:481bce714567 18605 char *num;
wolfSSL 7:481bce714567 18606
wolfSSL 7:481bce714567 18607 WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
wolfSSL 7:481bce714567 18608
wolfSSL 7:481bce714567 18609 if (p == NULL) {
wolfSSL 7:481bce714567 18610 fprintf(stderr, "%s = NULL", msg);
wolfSSL 7:481bce714567 18611 return ;
wolfSSL 7:481bce714567 18612 }
wolfSSL 7:481bce714567 18613
wolfSSL 7:481bce714567 18614 fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
wolfSSL 7:481bce714567 18615 num = wolfSSL_BN_bn2hex(p->X);
wolfSSL 7:481bce714567 18616 fprintf(stderr, "\tX = %s\n", num);
wolfSSL 7:481bce714567 18617 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18618 num = wolfSSL_BN_bn2hex(p->Y);
wolfSSL 7:481bce714567 18619 fprintf(stderr, "\tY = %s\n", num);
wolfSSL 7:481bce714567 18620 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18621 }
wolfSSL 7:481bce714567 18622 #endif
wolfSSL 7:481bce714567 18623
wolfSSL 7:481bce714567 18624 /* Start EC_GROUP */
wolfSSL 7:481bce714567 18625
wolfSSL 7:481bce714567 18626 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18627 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 7:481bce714567 18628 */
wolfSSL 7:481bce714567 18629 int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
wolfSSL 7:481bce714567 18630 WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 18631 {
wolfSSL 7:481bce714567 18632 (void)ctx;
wolfSSL 7:481bce714567 18633
wolfSSL 7:481bce714567 18634 WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
wolfSSL 7:481bce714567 18635
wolfSSL 7:481bce714567 18636 if (a == NULL || b == NULL) {
wolfSSL 7:481bce714567 18637 WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
wolfSSL 7:481bce714567 18638 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 18639 }
wolfSSL 7:481bce714567 18640
wolfSSL 7:481bce714567 18641 /* ok */
wolfSSL 7:481bce714567 18642 if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
wolfSSL 7:481bce714567 18643 return 0;
wolfSSL 7:481bce714567 18644
wolfSSL 7:481bce714567 18645 /* ko */
wolfSSL 7:481bce714567 18646 return 1;
wolfSSL 7:481bce714567 18647 }
wolfSSL 7:481bce714567 18648
wolfSSL 7:481bce714567 18649 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
wolfSSL 7:481bce714567 18650 {
wolfSSL 7:481bce714567 18651 WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
wolfSSL 7:481bce714567 18652
wolfSSL 7:481bce714567 18653 XFREE(group, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18654 group = NULL;
wolfSSL 7:481bce714567 18655 }
wolfSSL 7:481bce714567 18656
wolfSSL 7:481bce714567 18657 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
wolfSSL 7:481bce714567 18658 {
wolfSSL 7:481bce714567 18659 (void)group;
wolfSSL 7:481bce714567 18660 (void)flag;
wolfSSL 7:481bce714567 18661
wolfSSL 7:481bce714567 18662 WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
wolfSSL 7:481bce714567 18663 WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
wolfSSL 7:481bce714567 18664 }
wolfSSL 7:481bce714567 18665
wolfSSL 7:481bce714567 18666 WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
wolfSSL 7:481bce714567 18667 {
wolfSSL 7:481bce714567 18668 WOLFSSL_EC_GROUP *g;
wolfSSL 7:481bce714567 18669 int x;
wolfSSL 7:481bce714567 18670
wolfSSL 7:481bce714567 18671 WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
wolfSSL 7:481bce714567 18672
wolfSSL 7:481bce714567 18673 /* curve group */
wolfSSL 7:481bce714567 18674 g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
wolfSSL 7:481bce714567 18675 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18676 if (g == NULL) {
wolfSSL 7:481bce714567 18677 WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
wolfSSL 7:481bce714567 18678 return NULL;
wolfSSL 7:481bce714567 18679 }
wolfSSL 7:481bce714567 18680 XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
wolfSSL 7:481bce714567 18681
wolfSSL 7:481bce714567 18682 /* set the nid of the curve */
wolfSSL 7:481bce714567 18683 g->curve_nid = nid;
wolfSSL 7:481bce714567 18684
wolfSSL 7:481bce714567 18685 /* search and set the corresponding internal curve idx */
wolfSSL 7:481bce714567 18686 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 7:481bce714567 18687 if (ecc_sets[x].id == g->curve_nid) {
wolfSSL 7:481bce714567 18688 g->curve_idx = x;
wolfSSL 7:481bce714567 18689 break;
wolfSSL 7:481bce714567 18690 }
wolfSSL 7:481bce714567 18691
wolfSSL 7:481bce714567 18692 return g;
wolfSSL 7:481bce714567 18693 }
wolfSSL 7:481bce714567 18694
wolfSSL 7:481bce714567 18695 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18696 * the curve nid if success, 0 if error
wolfSSL 7:481bce714567 18697 */
wolfSSL 7:481bce714567 18698 int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
wolfSSL 7:481bce714567 18699 {
wolfSSL 7:481bce714567 18700 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
wolfSSL 7:481bce714567 18701
wolfSSL 7:481bce714567 18702 if (group == NULL) {
wolfSSL 7:481bce714567 18703 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
wolfSSL 7:481bce714567 18704 return SSL_FAILURE;
wolfSSL 7:481bce714567 18705 }
wolfSSL 7:481bce714567 18706
wolfSSL 7:481bce714567 18707 return group->curve_nid;
wolfSSL 7:481bce714567 18708 }
wolfSSL 7:481bce714567 18709
wolfSSL 7:481bce714567 18710 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18711 * the degree of the curve if success, 0 if error
wolfSSL 7:481bce714567 18712 */
wolfSSL 7:481bce714567 18713 int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
wolfSSL 7:481bce714567 18714 {
wolfSSL 7:481bce714567 18715 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
wolfSSL 7:481bce714567 18716
wolfSSL 7:481bce714567 18717 if (group == NULL || group->curve_idx < 0) {
wolfSSL 7:481bce714567 18718 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
wolfSSL 7:481bce714567 18719 return SSL_FAILURE;
wolfSSL 7:481bce714567 18720 }
wolfSSL 7:481bce714567 18721
wolfSSL 7:481bce714567 18722 switch(group->curve_nid) {
wolfSSL 7:481bce714567 18723 case NID_secp112r1:
wolfSSL 7:481bce714567 18724 case NID_secp112r2:
wolfSSL 7:481bce714567 18725 return 112;
wolfSSL 7:481bce714567 18726 case NID_secp128r1:
wolfSSL 7:481bce714567 18727 case NID_secp128r2:
wolfSSL 7:481bce714567 18728 return 128;
wolfSSL 7:481bce714567 18729 case NID_secp160k1:
wolfSSL 7:481bce714567 18730 case NID_secp160r1:
wolfSSL 7:481bce714567 18731 case NID_secp160r2:
wolfSSL 7:481bce714567 18732 case NID_brainpoolP160r1:
wolfSSL 7:481bce714567 18733 return 160;
wolfSSL 7:481bce714567 18734 case NID_secp192k1:
wolfSSL 7:481bce714567 18735 case NID_brainpoolP192r1:
wolfSSL 7:481bce714567 18736 case NID_X9_62_prime192v1:
wolfSSL 7:481bce714567 18737 return 192;
wolfSSL 7:481bce714567 18738 case NID_secp224k1:
wolfSSL 7:481bce714567 18739 case NID_secp224r1:
wolfSSL 7:481bce714567 18740 case NID_brainpoolP224r1:
wolfSSL 7:481bce714567 18741 return 224;
wolfSSL 7:481bce714567 18742 case NID_secp256k1:
wolfSSL 7:481bce714567 18743 case NID_brainpoolP256r1:
wolfSSL 7:481bce714567 18744 case NID_X9_62_prime256v1:
wolfSSL 7:481bce714567 18745 return 256;
wolfSSL 7:481bce714567 18746 case NID_brainpoolP320r1:
wolfSSL 7:481bce714567 18747 return 320;
wolfSSL 7:481bce714567 18748 case NID_secp384r1:
wolfSSL 7:481bce714567 18749 case NID_brainpoolP384r1:
wolfSSL 7:481bce714567 18750 return 384;
wolfSSL 7:481bce714567 18751 case NID_secp521r1:
wolfSSL 7:481bce714567 18752 case NID_brainpoolP512r1:
wolfSSL 7:481bce714567 18753 return 521;
wolfSSL 7:481bce714567 18754 default:
wolfSSL 7:481bce714567 18755 return SSL_FAILURE;
wolfSSL 7:481bce714567 18756 }
wolfSSL 7:481bce714567 18757 }
wolfSSL 7:481bce714567 18758
wolfSSL 7:481bce714567 18759 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18760 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18761 */
wolfSSL 7:481bce714567 18762 int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
wolfSSL 7:481bce714567 18763 WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 18764 {
wolfSSL 7:481bce714567 18765 (void)ctx;
wolfSSL 7:481bce714567 18766
wolfSSL 7:481bce714567 18767 if (group == NULL || order == NULL || order->internal == NULL) {
wolfSSL 7:481bce714567 18768 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
wolfSSL 7:481bce714567 18769 return SSL_FAILURE;
wolfSSL 7:481bce714567 18770 }
wolfSSL 7:481bce714567 18771
wolfSSL 7:481bce714567 18772 if (mp_init((mp_int*)order->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 18773 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
wolfSSL 7:481bce714567 18774 return SSL_FAILURE;
wolfSSL 7:481bce714567 18775 }
wolfSSL 7:481bce714567 18776
wolfSSL 7:481bce714567 18777 if (mp_read_radix((mp_int*)order->internal,
wolfSSL 7:481bce714567 18778 ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
wolfSSL 7:481bce714567 18779 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
wolfSSL 7:481bce714567 18780 mp_clear((mp_int*)order->internal);
wolfSSL 7:481bce714567 18781 return SSL_FAILURE;
wolfSSL 7:481bce714567 18782 }
wolfSSL 7:481bce714567 18783
wolfSSL 7:481bce714567 18784 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18785 }
wolfSSL 7:481bce714567 18786 /* End EC_GROUP */
wolfSSL 7:481bce714567 18787
wolfSSL 7:481bce714567 18788 /* Start EC_POINT */
wolfSSL 7:481bce714567 18789
wolfSSL 7:481bce714567 18790 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18791 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18792 */
wolfSSL 7:481bce714567 18793 int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
wolfSSL 7:481bce714567 18794 const WOLFSSL_EC_POINT *p,
wolfSSL 7:481bce714567 18795 unsigned char *out, unsigned int *len)
wolfSSL 7:481bce714567 18796 {
wolfSSL 7:481bce714567 18797 int err;
wolfSSL 7:481bce714567 18798
wolfSSL 7:481bce714567 18799 WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
wolfSSL 7:481bce714567 18800
wolfSSL 7:481bce714567 18801 if (group == NULL || p == NULL || len == NULL) {
wolfSSL 7:481bce714567 18802 WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
wolfSSL 7:481bce714567 18803 return SSL_FAILURE;
wolfSSL 7:481bce714567 18804 }
wolfSSL 7:481bce714567 18805
wolfSSL 7:481bce714567 18806 if (p->inSet == 0) {
wolfSSL 7:481bce714567 18807 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 7:481bce714567 18808
wolfSSL 7:481bce714567 18809 if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18810 WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
wolfSSL 7:481bce714567 18811 return SSL_FAILURE;
wolfSSL 7:481bce714567 18812 }
wolfSSL 7:481bce714567 18813 }
wolfSSL 7:481bce714567 18814
wolfSSL 7:481bce714567 18815 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 18816 if (out != NULL) {
wolfSSL 7:481bce714567 18817 wolfssl_EC_POINT_dump("i2d p", p);
wolfSSL 7:481bce714567 18818 }
wolfSSL 7:481bce714567 18819 #endif
wolfSSL 7:481bce714567 18820 err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
wolfSSL 7:481bce714567 18821 out, len);
wolfSSL 7:481bce714567 18822 if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
wolfSSL 7:481bce714567 18823 WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
wolfSSL 7:481bce714567 18824 return SSL_FAILURE;
wolfSSL 7:481bce714567 18825 }
wolfSSL 7:481bce714567 18826
wolfSSL 7:481bce714567 18827 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18828 }
wolfSSL 7:481bce714567 18829
wolfSSL 7:481bce714567 18830 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18831 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18832 */
wolfSSL 7:481bce714567 18833 int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
wolfSSL 7:481bce714567 18834 const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 18835 {
wolfSSL 7:481bce714567 18836 WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
wolfSSL 7:481bce714567 18837
wolfSSL 7:481bce714567 18838 if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
wolfSSL 7:481bce714567 18839 WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
wolfSSL 7:481bce714567 18840 return SSL_FAILURE;
wolfSSL 7:481bce714567 18841 }
wolfSSL 7:481bce714567 18842
wolfSSL 7:481bce714567 18843 if (wc_ecc_import_point_der(in, len, group->curve_idx,
wolfSSL 7:481bce714567 18844 (ecc_point*)p->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 18845 WOLFSSL_MSG("wc_ecc_import_point_der failed");
wolfSSL 7:481bce714567 18846 return SSL_FAILURE;
wolfSSL 7:481bce714567 18847 }
wolfSSL 7:481bce714567 18848
wolfSSL 7:481bce714567 18849 if (p->exSet == 0) {
wolfSSL 7:481bce714567 18850 WOLFSSL_MSG("No ECPoint external set, do it");
wolfSSL 7:481bce714567 18851
wolfSSL 7:481bce714567 18852 if (SetECPointExternal(p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18853 WOLFSSL_MSG("SetECPointExternal failed");
wolfSSL 7:481bce714567 18854 return SSL_FAILURE;
wolfSSL 7:481bce714567 18855 }
wolfSSL 7:481bce714567 18856 }
wolfSSL 7:481bce714567 18857
wolfSSL 7:481bce714567 18858 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 18859 wolfssl_EC_POINT_dump("d2i p", p);
wolfSSL 7:481bce714567 18860 #endif
wolfSSL 7:481bce714567 18861 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18862 }
wolfSSL 7:481bce714567 18863
wolfSSL 7:481bce714567 18864 WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
wolfSSL 7:481bce714567 18865 {
wolfSSL 7:481bce714567 18866 WOLFSSL_EC_POINT *p;
wolfSSL 7:481bce714567 18867
wolfSSL 7:481bce714567 18868 WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
wolfSSL 7:481bce714567 18869
wolfSSL 7:481bce714567 18870 if (group == NULL) {
wolfSSL 7:481bce714567 18871 WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
wolfSSL 7:481bce714567 18872 return NULL;
wolfSSL 7:481bce714567 18873 }
wolfSSL 7:481bce714567 18874
wolfSSL 7:481bce714567 18875 p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
wolfSSL 7:481bce714567 18876 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18877 if (p == NULL) {
wolfSSL 7:481bce714567 18878 WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
wolfSSL 7:481bce714567 18879 return NULL;
wolfSSL 7:481bce714567 18880 }
wolfSSL 7:481bce714567 18881 XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
wolfSSL 7:481bce714567 18882
wolfSSL 7:481bce714567 18883 p->internal = wc_ecc_new_point();
wolfSSL 7:481bce714567 18884 if (p->internal == NULL) {
wolfSSL 7:481bce714567 18885 WOLFSSL_MSG("ecc_new_point failure");
wolfSSL 7:481bce714567 18886 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 18887 return NULL;
wolfSSL 7:481bce714567 18888 }
wolfSSL 7:481bce714567 18889
wolfSSL 7:481bce714567 18890 return p;
wolfSSL 7:481bce714567 18891 }
wolfSSL 7:481bce714567 18892
wolfSSL 7:481bce714567 18893 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18894 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18895 */
wolfSSL 7:481bce714567 18896 int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
wolfSSL 7:481bce714567 18897 const WOLFSSL_EC_POINT *point,
wolfSSL 7:481bce714567 18898 WOLFSSL_BIGNUM *x,
wolfSSL 7:481bce714567 18899 WOLFSSL_BIGNUM *y,
wolfSSL 7:481bce714567 18900 WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 18901 {
wolfSSL 7:481bce714567 18902 (void)ctx;
wolfSSL 7:481bce714567 18903
wolfSSL 7:481bce714567 18904 WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
wolfSSL 7:481bce714567 18905
wolfSSL 7:481bce714567 18906 if (group == NULL || point == NULL || point->internal == NULL ||
wolfSSL 7:481bce714567 18907 x == NULL || y == NULL) {
wolfSSL 7:481bce714567 18908 WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
wolfSSL 7:481bce714567 18909 return SSL_FAILURE;
wolfSSL 7:481bce714567 18910 }
wolfSSL 7:481bce714567 18911
wolfSSL 7:481bce714567 18912 if (point->inSet == 0) {
wolfSSL 7:481bce714567 18913 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 7:481bce714567 18914
wolfSSL 7:481bce714567 18915 if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18916 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 7:481bce714567 18917 return SSL_FAILURE;
wolfSSL 7:481bce714567 18918 }
wolfSSL 7:481bce714567 18919 }
wolfSSL 7:481bce714567 18920
wolfSSL 7:481bce714567 18921 BN_copy(x, point->X);
wolfSSL 7:481bce714567 18922 BN_copy(y, point->Y);
wolfSSL 7:481bce714567 18923
wolfSSL 7:481bce714567 18924 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18925 }
wolfSSL 7:481bce714567 18926
wolfSSL 7:481bce714567 18927 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18928 * 1 if success, 0 if error
wolfSSL 7:481bce714567 18929 */
wolfSSL 7:481bce714567 18930 int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
wolfSSL 7:481bce714567 18931 const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
wolfSSL 7:481bce714567 18932 const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 18933 {
wolfSSL 7:481bce714567 18934 mp_int a, prime;
wolfSSL 7:481bce714567 18935
wolfSSL 7:481bce714567 18936 (void)ctx;
wolfSSL 7:481bce714567 18937 (void)n;
wolfSSL 7:481bce714567 18938
wolfSSL 7:481bce714567 18939 WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
wolfSSL 7:481bce714567 18940
wolfSSL 7:481bce714567 18941 if (group == NULL || r == NULL || r->internal == NULL ||
wolfSSL 7:481bce714567 18942 q == NULL || q->internal == NULL || m == NULL) {
wolfSSL 7:481bce714567 18943 WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
wolfSSL 7:481bce714567 18944 return SSL_FAILURE;
wolfSSL 7:481bce714567 18945 }
wolfSSL 7:481bce714567 18946
wolfSSL 7:481bce714567 18947 if (q->inSet == 0) {
wolfSSL 7:481bce714567 18948 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 7:481bce714567 18949
wolfSSL 7:481bce714567 18950 if (SetECPointInternal((WOLFSSL_EC_POINT *)q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18951 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 7:481bce714567 18952 return SSL_FAILURE;
wolfSSL 7:481bce714567 18953 }
wolfSSL 7:481bce714567 18954 }
wolfSSL 7:481bce714567 18955
wolfSSL 7:481bce714567 18956 /* read the curve prime and a */
wolfSSL 7:481bce714567 18957 if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 7:481bce714567 18958 WOLFSSL_MSG("wolfSSL_EC_POINT_mul init 'prime/A' failed");
wolfSSL 7:481bce714567 18959 return SSL_FAILURE;
wolfSSL 7:481bce714567 18960 }
wolfSSL 7:481bce714567 18961 if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY){
wolfSSL 7:481bce714567 18962 WOLFSSL_MSG("wolfSSL_EC_POINT_mul read 'prime' curve value failed");
wolfSSL 7:481bce714567 18963 return SSL_FAILURE;
wolfSSL 7:481bce714567 18964 }
wolfSSL 7:481bce714567 18965 if (mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16) != MP_OKAY){
wolfSSL 7:481bce714567 18966 WOLFSSL_MSG("wolfSSL_EC_POINT_mul read 'A' curve value failed");
wolfSSL 7:481bce714567 18967 return SSL_FAILURE;
wolfSSL 7:481bce714567 18968 }
wolfSSL 7:481bce714567 18969
wolfSSL 7:481bce714567 18970 /* r = q * m % prime */
wolfSSL 7:481bce714567 18971 if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
wolfSSL 7:481bce714567 18972 (ecc_point*)r->internal, &a, &prime, 1) != MP_OKAY) {
wolfSSL 7:481bce714567 18973 WOLFSSL_MSG("ecc_mulmod failure");
wolfSSL 7:481bce714567 18974 mp_clear(&prime);
wolfSSL 7:481bce714567 18975 return SSL_FAILURE;
wolfSSL 7:481bce714567 18976 }
wolfSSL 7:481bce714567 18977
wolfSSL 7:481bce714567 18978 mp_clear(&a);
wolfSSL 7:481bce714567 18979 mp_clear(&prime);
wolfSSL 7:481bce714567 18980
wolfSSL 7:481bce714567 18981 /* set the external value for the computed point */
wolfSSL 7:481bce714567 18982 if (SetECPointInternal(r) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 18983 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 7:481bce714567 18984 return SSL_FAILURE;
wolfSSL 7:481bce714567 18985 }
wolfSSL 7:481bce714567 18986
wolfSSL 7:481bce714567 18987 return SSL_SUCCESS;
wolfSSL 7:481bce714567 18988 }
wolfSSL 7:481bce714567 18989
wolfSSL 7:481bce714567 18990 void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 18991 {
wolfSSL 7:481bce714567 18992 WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
wolfSSL 7:481bce714567 18993
wolfSSL 7:481bce714567 18994 wolfSSL_EC_POINT_free(p);
wolfSSL 7:481bce714567 18995 }
wolfSSL 7:481bce714567 18996
wolfSSL 7:481bce714567 18997 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 18998 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 7:481bce714567 18999 */
wolfSSL 7:481bce714567 19000 int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
wolfSSL 7:481bce714567 19001 const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
wolfSSL 7:481bce714567 19002 WOLFSSL_BN_CTX *ctx)
wolfSSL 7:481bce714567 19003 {
wolfSSL 7:481bce714567 19004 int ret;
wolfSSL 7:481bce714567 19005
wolfSSL 7:481bce714567 19006 (void)ctx;
wolfSSL 7:481bce714567 19007
wolfSSL 7:481bce714567 19008 WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
wolfSSL 7:481bce714567 19009
wolfSSL 7:481bce714567 19010 if (group == NULL || a == NULL || a->internal == NULL || b == NULL ||
wolfSSL 7:481bce714567 19011 b->internal == NULL) {
wolfSSL 7:481bce714567 19012 WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
wolfSSL 7:481bce714567 19013 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19014 }
wolfSSL 7:481bce714567 19015
wolfSSL 7:481bce714567 19016 ret = wc_ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
wolfSSL 7:481bce714567 19017 if (ret == MP_EQ)
wolfSSL 7:481bce714567 19018 return 0;
wolfSSL 7:481bce714567 19019 else if (ret == MP_LT || ret == MP_GT)
wolfSSL 7:481bce714567 19020 return 1;
wolfSSL 7:481bce714567 19021
wolfSSL 7:481bce714567 19022 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19023 }
wolfSSL 7:481bce714567 19024
wolfSSL 7:481bce714567 19025 void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
wolfSSL 7:481bce714567 19026 {
wolfSSL 7:481bce714567 19027 WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
wolfSSL 7:481bce714567 19028
wolfSSL 7:481bce714567 19029 if (p != NULL) {
wolfSSL 7:481bce714567 19030 if (p->internal == NULL) {
wolfSSL 7:481bce714567 19031 wc_ecc_del_point((ecc_point*)p->internal);
wolfSSL 7:481bce714567 19032 XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 19033 p->internal = NULL;
wolfSSL 7:481bce714567 19034 }
wolfSSL 7:481bce714567 19035
wolfSSL 7:481bce714567 19036 wolfSSL_BN_free(p->X);
wolfSSL 7:481bce714567 19037 wolfSSL_BN_free(p->Y);
wolfSSL 7:481bce714567 19038 wolfSSL_BN_free(p->Z);
wolfSSL 7:481bce714567 19039 p->X = NULL;
wolfSSL 7:481bce714567 19040 p->Y = NULL;
wolfSSL 7:481bce714567 19041 p->Z = NULL;
wolfSSL 7:481bce714567 19042 p->inSet = p->exSet = 0;
wolfSSL 7:481bce714567 19043
wolfSSL 7:481bce714567 19044 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 19045 p = NULL;
wolfSSL 7:481bce714567 19046 }
wolfSSL 7:481bce714567 19047 }
wolfSSL 7:481bce714567 19048
wolfSSL 7:481bce714567 19049 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19050 * 1 if point at infinity, 0 else
wolfSSL 7:481bce714567 19051 */
wolfSSL 7:481bce714567 19052 int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
wolfSSL 7:481bce714567 19053 const WOLFSSL_EC_POINT *point)
wolfSSL 7:481bce714567 19054 {
wolfSSL 7:481bce714567 19055 int ret;
wolfSSL 7:481bce714567 19056
wolfSSL 7:481bce714567 19057 WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
wolfSSL 7:481bce714567 19058
wolfSSL 7:481bce714567 19059 if (group == NULL || point == NULL || point->internal == NULL) {
wolfSSL 7:481bce714567 19060 WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
wolfSSL 7:481bce714567 19061 return SSL_FAILURE;
wolfSSL 7:481bce714567 19062 }
wolfSSL 7:481bce714567 19063 if (point->inSet == 0) {
wolfSSL 7:481bce714567 19064 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 7:481bce714567 19065
wolfSSL 7:481bce714567 19066 if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19067 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 7:481bce714567 19068 return SSL_FAILURE;
wolfSSL 7:481bce714567 19069 }
wolfSSL 7:481bce714567 19070 }
wolfSSL 7:481bce714567 19071
wolfSSL 7:481bce714567 19072 ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
wolfSSL 7:481bce714567 19073 if (ret <= 0) {
wolfSSL 7:481bce714567 19074 WOLFSSL_MSG("ecc_point_is_at_infinity failure");
wolfSSL 7:481bce714567 19075 return SSL_FAILURE;
wolfSSL 7:481bce714567 19076 }
wolfSSL 7:481bce714567 19077
wolfSSL 7:481bce714567 19078 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19079 }
wolfSSL 7:481bce714567 19080
wolfSSL 7:481bce714567 19081 /* End EC_POINT */
wolfSSL 7:481bce714567 19082
wolfSSL 7:481bce714567 19083 /* Start ECDSA_SIG */
wolfSSL 7:481bce714567 19084 void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
wolfSSL 7:481bce714567 19085 {
wolfSSL 7:481bce714567 19086 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
wolfSSL 7:481bce714567 19087
wolfSSL 7:481bce714567 19088 if (sig) {
wolfSSL 7:481bce714567 19089 wolfSSL_BN_free(sig->r);
wolfSSL 7:481bce714567 19090 wolfSSL_BN_free(sig->s);
wolfSSL 7:481bce714567 19091
wolfSSL 7:481bce714567 19092 XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 19093 }
wolfSSL 7:481bce714567 19094 }
wolfSSL 7:481bce714567 19095
wolfSSL 7:481bce714567 19096 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
wolfSSL 7:481bce714567 19097 {
wolfSSL 7:481bce714567 19098 WOLFSSL_ECDSA_SIG *sig;
wolfSSL 7:481bce714567 19099
wolfSSL 7:481bce714567 19100 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
wolfSSL 7:481bce714567 19101
wolfSSL 7:481bce714567 19102 sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
wolfSSL 7:481bce714567 19103 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 19104 if (sig == NULL) {
wolfSSL 7:481bce714567 19105 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
wolfSSL 7:481bce714567 19106 return NULL;
wolfSSL 7:481bce714567 19107 }
wolfSSL 7:481bce714567 19108
wolfSSL 7:481bce714567 19109 sig->s = NULL;
wolfSSL 7:481bce714567 19110 sig->r = wolfSSL_BN_new();
wolfSSL 7:481bce714567 19111 if (sig->r == NULL) {
wolfSSL 7:481bce714567 19112 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
wolfSSL 7:481bce714567 19113 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 7:481bce714567 19114 return NULL;
wolfSSL 7:481bce714567 19115 }
wolfSSL 7:481bce714567 19116
wolfSSL 7:481bce714567 19117 sig->s = wolfSSL_BN_new();
wolfSSL 7:481bce714567 19118 if (sig->s == NULL) {
wolfSSL 7:481bce714567 19119 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
wolfSSL 7:481bce714567 19120 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 7:481bce714567 19121 return NULL;
wolfSSL 7:481bce714567 19122 }
wolfSSL 7:481bce714567 19123
wolfSSL 7:481bce714567 19124 return sig;
wolfSSL 7:481bce714567 19125 }
wolfSSL 7:481bce714567 19126
wolfSSL 7:481bce714567 19127 /* return signature structure on success, NULL otherwise */
wolfSSL 7:481bce714567 19128 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
wolfSSL 7:481bce714567 19129 WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 19130 {
wolfSSL 7:481bce714567 19131 WOLFSSL_ECDSA_SIG *sig = NULL;
wolfSSL 7:481bce714567 19132 int initTmpRng = 0;
wolfSSL 7:481bce714567 19133 WC_RNG* rng = NULL;
wolfSSL 7:481bce714567 19134 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19135 WC_RNG* tmpRNG = NULL;
wolfSSL 7:481bce714567 19136 #else
wolfSSL 7:481bce714567 19137 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 19138 #endif
wolfSSL 7:481bce714567 19139
wolfSSL 7:481bce714567 19140 WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
wolfSSL 7:481bce714567 19141
wolfSSL 7:481bce714567 19142 if (d == NULL || key == NULL || key->internal == NULL) {
wolfSSL 7:481bce714567 19143 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
wolfSSL 7:481bce714567 19144 return NULL;
wolfSSL 7:481bce714567 19145 }
wolfSSL 7:481bce714567 19146
wolfSSL 7:481bce714567 19147 /* set internal key if not done */
wolfSSL 7:481bce714567 19148 if (key->inSet == 0)
wolfSSL 7:481bce714567 19149 {
wolfSSL 7:481bce714567 19150 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
wolfSSL 7:481bce714567 19151
wolfSSL 7:481bce714567 19152 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19153 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
wolfSSL 7:481bce714567 19154 return NULL;
wolfSSL 7:481bce714567 19155 }
wolfSSL 7:481bce714567 19156 }
wolfSSL 7:481bce714567 19157
wolfSSL 7:481bce714567 19158 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19159 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19160 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 19161 return NULL;
wolfSSL 7:481bce714567 19162 #endif
wolfSSL 7:481bce714567 19163
wolfSSL 7:481bce714567 19164 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 19165 rng = tmpRNG;
wolfSSL 7:481bce714567 19166 initTmpRng = 1;
wolfSSL 7:481bce714567 19167 }
wolfSSL 7:481bce714567 19168 else {
wolfSSL 7:481bce714567 19169 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
wolfSSL 7:481bce714567 19170 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 19171 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
wolfSSL 7:481bce714567 19172 else
wolfSSL 7:481bce714567 19173 rng = &globalRNG;
wolfSSL 7:481bce714567 19174 }
wolfSSL 7:481bce714567 19175
wolfSSL 7:481bce714567 19176 if (rng) {
wolfSSL 7:481bce714567 19177 mp_int sig_r, sig_s;
wolfSSL 7:481bce714567 19178
wolfSSL 7:481bce714567 19179 if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
wolfSSL 7:481bce714567 19180 if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal,
wolfSSL 7:481bce714567 19181 &sig_r, &sig_s) != MP_OKAY) {
wolfSSL 7:481bce714567 19182 WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
wolfSSL 7:481bce714567 19183 }
wolfSSL 7:481bce714567 19184 else {
wolfSSL 7:481bce714567 19185 /* put signature blob in ECDSA structure */
wolfSSL 7:481bce714567 19186 sig = wolfSSL_ECDSA_SIG_new();
wolfSSL 7:481bce714567 19187 if (sig == NULL)
wolfSSL 7:481bce714567 19188 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
wolfSSL 7:481bce714567 19189 else if (SetIndividualExternal(&(sig->r), &sig_r)!=SSL_SUCCESS){
wolfSSL 7:481bce714567 19190 WOLFSSL_MSG("ecdsa r key error");
wolfSSL 7:481bce714567 19191 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 7:481bce714567 19192 sig = NULL;
wolfSSL 7:481bce714567 19193 }
wolfSSL 7:481bce714567 19194 else if (SetIndividualExternal(&(sig->s), &sig_s)!=SSL_SUCCESS){
wolfSSL 7:481bce714567 19195 WOLFSSL_MSG("ecdsa s key error");
wolfSSL 7:481bce714567 19196 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 7:481bce714567 19197 sig = NULL;
wolfSSL 7:481bce714567 19198 }
wolfSSL 7:481bce714567 19199
wolfSSL 7:481bce714567 19200 }
wolfSSL 7:481bce714567 19201 mp_clear(&sig_r);
wolfSSL 7:481bce714567 19202 mp_clear(&sig_s);
wolfSSL 7:481bce714567 19203 }
wolfSSL 7:481bce714567 19204 }
wolfSSL 7:481bce714567 19205
wolfSSL 7:481bce714567 19206 if (initTmpRng)
wolfSSL 7:481bce714567 19207 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 19208 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19209 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19210 #endif
wolfSSL 7:481bce714567 19211
wolfSSL 7:481bce714567 19212 return sig;
wolfSSL 7:481bce714567 19213 }
wolfSSL 7:481bce714567 19214
wolfSSL 7:481bce714567 19215 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19216 * 1 for a valid signature, 0 for an invalid signature and -1 on error
wolfSSL 7:481bce714567 19217 */
wolfSSL 7:481bce714567 19218 int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
wolfSSL 7:481bce714567 19219 const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
wolfSSL 7:481bce714567 19220 {
wolfSSL 7:481bce714567 19221 int check_sign = 0;
wolfSSL 7:481bce714567 19222
wolfSSL 7:481bce714567 19223 WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
wolfSSL 7:481bce714567 19224
wolfSSL 7:481bce714567 19225 if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
wolfSSL 7:481bce714567 19226 WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
wolfSSL 7:481bce714567 19227 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19228 }
wolfSSL 7:481bce714567 19229
wolfSSL 7:481bce714567 19230 /* set internal key if not done */
wolfSSL 7:481bce714567 19231 if (key->inSet == 0)
wolfSSL 7:481bce714567 19232 {
wolfSSL 7:481bce714567 19233 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 7:481bce714567 19234
wolfSSL 7:481bce714567 19235 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19236 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 7:481bce714567 19237 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19238 }
wolfSSL 7:481bce714567 19239 }
wolfSSL 7:481bce714567 19240
wolfSSL 7:481bce714567 19241 if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
wolfSSL 7:481bce714567 19242 (mp_int*)sig->s->internal, d, dlen, &check_sign,
wolfSSL 7:481bce714567 19243 (ecc_key *)key->internal) != MP_OKAY) {
wolfSSL 7:481bce714567 19244 WOLFSSL_MSG("wc_ecc_verify_hash failed");
wolfSSL 7:481bce714567 19245 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19246 }
wolfSSL 7:481bce714567 19247 else if (check_sign == 0) {
wolfSSL 7:481bce714567 19248 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
wolfSSL 7:481bce714567 19249 return SSL_FAILURE;
wolfSSL 7:481bce714567 19250 }
wolfSSL 7:481bce714567 19251
wolfSSL 7:481bce714567 19252 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19253 }
wolfSSL 7:481bce714567 19254 /* End ECDSA_SIG */
wolfSSL 7:481bce714567 19255
wolfSSL 7:481bce714567 19256 /* Start ECDH */
wolfSSL 7:481bce714567 19257 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19258 * length of computed key if success, -1 if error
wolfSSL 7:481bce714567 19259 */
wolfSSL 7:481bce714567 19260 int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
wolfSSL 7:481bce714567 19261 const WOLFSSL_EC_POINT *pub_key,
wolfSSL 7:481bce714567 19262 WOLFSSL_EC_KEY *ecdh,
wolfSSL 7:481bce714567 19263 void *(*KDF) (const void *in, size_t inlen,
wolfSSL 7:481bce714567 19264 void *out, size_t *outlen))
wolfSSL 7:481bce714567 19265 {
wolfSSL 7:481bce714567 19266 word32 len;
wolfSSL 7:481bce714567 19267 (void)KDF;
wolfSSL 7:481bce714567 19268
wolfSSL 7:481bce714567 19269 (void)KDF;
wolfSSL 7:481bce714567 19270
wolfSSL 7:481bce714567 19271 WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
wolfSSL 7:481bce714567 19272
wolfSSL 7:481bce714567 19273 if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
wolfSSL 7:481bce714567 19274 ecdh == NULL || ecdh->internal == NULL) {
wolfSSL 7:481bce714567 19275 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19276 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19277 }
wolfSSL 7:481bce714567 19278
wolfSSL 7:481bce714567 19279 /* set internal key if not done */
wolfSSL 7:481bce714567 19280 if (ecdh->inSet == 0)
wolfSSL 7:481bce714567 19281 {
wolfSSL 7:481bce714567 19282 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 7:481bce714567 19283
wolfSSL 7:481bce714567 19284 if (SetECKeyInternal(ecdh) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19285 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 7:481bce714567 19286 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19287 }
wolfSSL 7:481bce714567 19288 }
wolfSSL 7:481bce714567 19289
wolfSSL 7:481bce714567 19290 len = (word32)outlen;
wolfSSL 7:481bce714567 19291
wolfSSL 7:481bce714567 19292 if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal,
wolfSSL 7:481bce714567 19293 (ecc_point*)pub_key->internal,
wolfSSL 7:481bce714567 19294 (byte *)out, &len) != MP_OKAY) {
wolfSSL 7:481bce714567 19295 WOLFSSL_MSG("wc_ecc_shared_secret failed");
wolfSSL 7:481bce714567 19296 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19297 }
wolfSSL 7:481bce714567 19298
wolfSSL 7:481bce714567 19299 return len;
wolfSSL 7:481bce714567 19300 }
wolfSSL 7:481bce714567 19301 /* End ECDH */
wolfSSL 7:481bce714567 19302
wolfSSL 7:481bce714567 19303 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 19304 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19305 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19306 */
wolfSSL 7:481bce714567 19307 int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
wolfSSL 7:481bce714567 19308 {
wolfSSL 7:481bce714567 19309 (void)fp;
wolfSSL 7:481bce714567 19310 (void)x;
wolfSSL 7:481bce714567 19311
wolfSSL 7:481bce714567 19312 WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
wolfSSL 7:481bce714567 19313
wolfSSL 7:481bce714567 19314 return SSL_FAILURE;
wolfSSL 7:481bce714567 19315 }
wolfSSL 7:481bce714567 19316 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19317
wolfSSL 7:481bce714567 19318 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 7:481bce714567 19319
wolfSSL 7:481bce714567 19320 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19321 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19322 */
wolfSSL 7:481bce714567 19323 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc,
wolfSSL 7:481bce714567 19324 const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 19325 unsigned char* passwd, int len,
wolfSSL 7:481bce714567 19326 pem_password_cb* cb, void* arg)
wolfSSL 7:481bce714567 19327 {
wolfSSL 7:481bce714567 19328 (void)bio;
wolfSSL 7:481bce714567 19329 (void)ecc;
wolfSSL 7:481bce714567 19330 (void)cipher;
wolfSSL 7:481bce714567 19331 (void)passwd;
wolfSSL 7:481bce714567 19332 (void)len;
wolfSSL 7:481bce714567 19333 (void)cb;
wolfSSL 7:481bce714567 19334 (void)arg;
wolfSSL 7:481bce714567 19335
wolfSSL 7:481bce714567 19336 WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
wolfSSL 7:481bce714567 19337
wolfSSL 7:481bce714567 19338 return SSL_FAILURE;
wolfSSL 7:481bce714567 19339 }
wolfSSL 7:481bce714567 19340
wolfSSL 7:481bce714567 19341 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19342 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19343 */
wolfSSL 7:481bce714567 19344 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
wolfSSL 7:481bce714567 19345 const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 19346 unsigned char* passwd, int passwdSz,
wolfSSL 7:481bce714567 19347 unsigned char **pem, int *plen)
wolfSSL 7:481bce714567 19348 {
wolfSSL 7:481bce714567 19349 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 7:481bce714567 19350 int der_max_len = 0, derSz = 0;
wolfSSL 7:481bce714567 19351
wolfSSL 7:481bce714567 19352 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
wolfSSL 7:481bce714567 19353
wolfSSL 7:481bce714567 19354 if (pem == NULL || plen == NULL || ecc == NULL || ecc->internal == NULL) {
wolfSSL 7:481bce714567 19355 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19356 return SSL_FAILURE;
wolfSSL 7:481bce714567 19357 }
wolfSSL 7:481bce714567 19358
wolfSSL 7:481bce714567 19359 if (ecc->inSet == 0) {
wolfSSL 7:481bce714567 19360 WOLFSSL_MSG("No ECC internal set, do it");
wolfSSL 7:481bce714567 19361
wolfSSL 7:481bce714567 19362 if (SetECKeyInternal(ecc) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19363 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 7:481bce714567 19364 return SSL_FAILURE;
wolfSSL 7:481bce714567 19365 }
wolfSSL 7:481bce714567 19366 }
wolfSSL 7:481bce714567 19367
wolfSSL 7:481bce714567 19368 /* 4 > size of pub, priv + ASN.1 additional informations
wolfSSL 7:481bce714567 19369 */
wolfSSL 7:481bce714567 19370 der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 19371
wolfSSL 7:481bce714567 19372 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19373 if (derBuf == NULL) {
wolfSSL 7:481bce714567 19374 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19375 return SSL_FAILURE;
wolfSSL 7:481bce714567 19376 }
wolfSSL 7:481bce714567 19377
wolfSSL 7:481bce714567 19378 /* Key to DER */
wolfSSL 7:481bce714567 19379 derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len);
wolfSSL 7:481bce714567 19380 if (derSz < 0) {
wolfSSL 7:481bce714567 19381 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 7:481bce714567 19382 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19383 return SSL_FAILURE;
wolfSSL 7:481bce714567 19384 }
wolfSSL 7:481bce714567 19385
wolfSSL 7:481bce714567 19386 /* encrypt DER buffer if required */
wolfSSL 7:481bce714567 19387 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 7:481bce714567 19388 int ret;
wolfSSL 7:481bce714567 19389
wolfSSL 7:481bce714567 19390 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 7:481bce714567 19391 passwd, passwdSz, &cipherInfo);
wolfSSL 7:481bce714567 19392 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19393 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 7:481bce714567 19394 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19395 return ret;
wolfSSL 7:481bce714567 19396 }
wolfSSL 7:481bce714567 19397
wolfSSL 7:481bce714567 19398 /* tmp buffer with a max size */
wolfSSL 7:481bce714567 19399 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) +
wolfSSL 7:481bce714567 19400 sizeof(END_EC_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 7:481bce714567 19401 }
wolfSSL 7:481bce714567 19402 else /* tmp buffer with a max size */
wolfSSL 7:481bce714567 19403 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV);
wolfSSL 7:481bce714567 19404
wolfSSL 7:481bce714567 19405 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19406 if (tmp == NULL) {
wolfSSL 7:481bce714567 19407 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19408 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19409 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19410 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19411 return SSL_FAILURE;
wolfSSL 7:481bce714567 19412 }
wolfSSL 7:481bce714567 19413
wolfSSL 7:481bce714567 19414 /* DER to PEM */
wolfSSL 7:481bce714567 19415 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
wolfSSL 7:481bce714567 19416 if (*plen <= 0) {
wolfSSL 7:481bce714567 19417 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 7:481bce714567 19418 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19419 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19420 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19421 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19422 return SSL_FAILURE;
wolfSSL 7:481bce714567 19423 }
wolfSSL 7:481bce714567 19424 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19425 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19426 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19427
wolfSSL 7:481bce714567 19428 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19429 if (*pem == NULL) {
wolfSSL 7:481bce714567 19430 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19431 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19432 return SSL_FAILURE;
wolfSSL 7:481bce714567 19433 }
wolfSSL 7:481bce714567 19434 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 7:481bce714567 19435
wolfSSL 7:481bce714567 19436 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 7:481bce714567 19437 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 7:481bce714567 19438 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19439 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19440 return SSL_FAILURE;
wolfSSL 7:481bce714567 19441 }
wolfSSL 7:481bce714567 19442 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19443
wolfSSL 7:481bce714567 19444 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19445 }
wolfSSL 7:481bce714567 19446
wolfSSL 7:481bce714567 19447 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 19448 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19449 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19450 */
wolfSSL 7:481bce714567 19451 int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *ecc,
wolfSSL 7:481bce714567 19452 const EVP_CIPHER *enc,
wolfSSL 7:481bce714567 19453 unsigned char *kstr, int klen,
wolfSSL 7:481bce714567 19454 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 19455 {
wolfSSL 7:481bce714567 19456 byte *pem;
wolfSSL 7:481bce714567 19457 int plen, ret;
wolfSSL 7:481bce714567 19458
wolfSSL 7:481bce714567 19459 (void)cb;
wolfSSL 7:481bce714567 19460 (void)u;
wolfSSL 7:481bce714567 19461
wolfSSL 7:481bce714567 19462 WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
wolfSSL 7:481bce714567 19463
wolfSSL 7:481bce714567 19464 if (fp == NULL || ecc == NULL || ecc->internal == NULL) {
wolfSSL 7:481bce714567 19465 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19466 return SSL_FAILURE;
wolfSSL 7:481bce714567 19467 }
wolfSSL 7:481bce714567 19468
wolfSSL 7:481bce714567 19469 ret = wolfSSL_PEM_write_mem_ECPrivateKey(ecc, enc, kstr, klen, &pem, &plen);
wolfSSL 7:481bce714567 19470 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19471 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
wolfSSL 7:481bce714567 19472 return SSL_FAILURE;
wolfSSL 7:481bce714567 19473 }
wolfSSL 7:481bce714567 19474
wolfSSL 7:481bce714567 19475 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 7:481bce714567 19476 if (ret != 1) {
wolfSSL 7:481bce714567 19477 WOLFSSL_MSG("ECC private key file write failed");
wolfSSL 7:481bce714567 19478 return SSL_FAILURE;
wolfSSL 7:481bce714567 19479 }
wolfSSL 7:481bce714567 19480
wolfSSL 7:481bce714567 19481 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19482 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19483 }
wolfSSL 7:481bce714567 19484
wolfSSL 7:481bce714567 19485 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19486 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 7:481bce714567 19487
wolfSSL 7:481bce714567 19488 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 19489
wolfSSL 7:481bce714567 19490
wolfSSL 7:481bce714567 19491 #ifndef NO_DSA
wolfSSL 7:481bce714567 19492
wolfSSL 7:481bce714567 19493 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 7:481bce714567 19494
wolfSSL 7:481bce714567 19495 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19496 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19497 */
wolfSSL 7:481bce714567 19498 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
wolfSSL 7:481bce714567 19499 const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 19500 unsigned char* passwd, int len,
wolfSSL 7:481bce714567 19501 pem_password_cb* cb, void* arg)
wolfSSL 7:481bce714567 19502 {
wolfSSL 7:481bce714567 19503 (void)bio;
wolfSSL 7:481bce714567 19504 (void)dsa;
wolfSSL 7:481bce714567 19505 (void)cipher;
wolfSSL 7:481bce714567 19506 (void)passwd;
wolfSSL 7:481bce714567 19507 (void)len;
wolfSSL 7:481bce714567 19508 (void)cb;
wolfSSL 7:481bce714567 19509 (void)arg;
wolfSSL 7:481bce714567 19510
wolfSSL 7:481bce714567 19511 WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented");
wolfSSL 7:481bce714567 19512
wolfSSL 7:481bce714567 19513 return SSL_FAILURE;
wolfSSL 7:481bce714567 19514 }
wolfSSL 7:481bce714567 19515
wolfSSL 7:481bce714567 19516 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19517 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19518 */
wolfSSL 7:481bce714567 19519 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
wolfSSL 7:481bce714567 19520 const EVP_CIPHER* cipher,
wolfSSL 7:481bce714567 19521 unsigned char* passwd, int passwdSz,
wolfSSL 7:481bce714567 19522 unsigned char **pem, int *plen)
wolfSSL 7:481bce714567 19523 {
wolfSSL 7:481bce714567 19524 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 7:481bce714567 19525 int der_max_len = 0, derSz = 0;
wolfSSL 7:481bce714567 19526
wolfSSL 7:481bce714567 19527 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
wolfSSL 7:481bce714567 19528
wolfSSL 7:481bce714567 19529 if (pem == NULL || plen == NULL || dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 19530 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19531 return SSL_FAILURE;
wolfSSL 7:481bce714567 19532 }
wolfSSL 7:481bce714567 19533
wolfSSL 7:481bce714567 19534 if (dsa->inSet == 0) {
wolfSSL 7:481bce714567 19535 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 7:481bce714567 19536
wolfSSL 7:481bce714567 19537 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19538 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 7:481bce714567 19539 return SSL_FAILURE;
wolfSSL 7:481bce714567 19540 }
wolfSSL 7:481bce714567 19541 }
wolfSSL 7:481bce714567 19542
wolfSSL 7:481bce714567 19543 /* 4 > size of pub, priv, p, q, g + ASN.1 additional informations
wolfSSL 7:481bce714567 19544 */
wolfSSL 7:481bce714567 19545 der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
wolfSSL 7:481bce714567 19546
wolfSSL 7:481bce714567 19547 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19548 if (derBuf == NULL) {
wolfSSL 7:481bce714567 19549 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19550 return SSL_FAILURE;
wolfSSL 7:481bce714567 19551 }
wolfSSL 7:481bce714567 19552
wolfSSL 7:481bce714567 19553 /* Key to DER */
wolfSSL 7:481bce714567 19554 derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len);
wolfSSL 7:481bce714567 19555 if (derSz < 0) {
wolfSSL 7:481bce714567 19556 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 7:481bce714567 19557 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19558 return SSL_FAILURE;
wolfSSL 7:481bce714567 19559 }
wolfSSL 7:481bce714567 19560
wolfSSL 7:481bce714567 19561 /* encrypt DER buffer if required */
wolfSSL 7:481bce714567 19562 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 7:481bce714567 19563 int ret;
wolfSSL 7:481bce714567 19564
wolfSSL 7:481bce714567 19565 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 7:481bce714567 19566 passwd, passwdSz, &cipherInfo);
wolfSSL 7:481bce714567 19567 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19568 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 7:481bce714567 19569 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19570 return ret;
wolfSSL 7:481bce714567 19571 }
wolfSSL 7:481bce714567 19572
wolfSSL 7:481bce714567 19573 /* tmp buffer with a max size */
wolfSSL 7:481bce714567 19574 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) +
wolfSSL 7:481bce714567 19575 sizeof(END_DSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 7:481bce714567 19576 }
wolfSSL 7:481bce714567 19577 else /* tmp buffer with a max size */
wolfSSL 7:481bce714567 19578 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV);
wolfSSL 7:481bce714567 19579
wolfSSL 7:481bce714567 19580 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19581 if (tmp == NULL) {
wolfSSL 7:481bce714567 19582 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19583 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19584 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19585 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19586 return SSL_FAILURE;
wolfSSL 7:481bce714567 19587 }
wolfSSL 7:481bce714567 19588
wolfSSL 7:481bce714567 19589 /* DER to PEM */
wolfSSL 7:481bce714567 19590 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
wolfSSL 7:481bce714567 19591 if (*plen <= 0) {
wolfSSL 7:481bce714567 19592 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 7:481bce714567 19593 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19594 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19595 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19596 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19597 return SSL_FAILURE;
wolfSSL 7:481bce714567 19598 }
wolfSSL 7:481bce714567 19599 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19600 if (cipherInfo != NULL)
wolfSSL 7:481bce714567 19601 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19602
wolfSSL 7:481bce714567 19603 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19604 if (*pem == NULL) {
wolfSSL 7:481bce714567 19605 WOLFSSL_MSG("malloc failed");
wolfSSL 7:481bce714567 19606 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19607 return SSL_FAILURE;
wolfSSL 7:481bce714567 19608 }
wolfSSL 7:481bce714567 19609 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 7:481bce714567 19610
wolfSSL 7:481bce714567 19611 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 7:481bce714567 19612 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 7:481bce714567 19613 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19614 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19615 return SSL_FAILURE;
wolfSSL 7:481bce714567 19616 }
wolfSSL 7:481bce714567 19617 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19618
wolfSSL 7:481bce714567 19619 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19620 }
wolfSSL 7:481bce714567 19621
wolfSSL 7:481bce714567 19622 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 19623 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19624 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19625 */
wolfSSL 7:481bce714567 19626 int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
wolfSSL 7:481bce714567 19627 const EVP_CIPHER *enc,
wolfSSL 7:481bce714567 19628 unsigned char *kstr, int klen,
wolfSSL 7:481bce714567 19629 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 19630 {
wolfSSL 7:481bce714567 19631 byte *pem;
wolfSSL 7:481bce714567 19632 int plen, ret;
wolfSSL 7:481bce714567 19633
wolfSSL 7:481bce714567 19634 (void)cb;
wolfSSL 7:481bce714567 19635 (void)u;
wolfSSL 7:481bce714567 19636
wolfSSL 7:481bce714567 19637 WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
wolfSSL 7:481bce714567 19638
wolfSSL 7:481bce714567 19639 if (fp == NULL || dsa == NULL || dsa->internal == NULL) {
wolfSSL 7:481bce714567 19640 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19641 return SSL_FAILURE;
wolfSSL 7:481bce714567 19642 }
wolfSSL 7:481bce714567 19643
wolfSSL 7:481bce714567 19644 ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem, &plen);
wolfSSL 7:481bce714567 19645 if (ret != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19646 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
wolfSSL 7:481bce714567 19647 return SSL_FAILURE;
wolfSSL 7:481bce714567 19648 }
wolfSSL 7:481bce714567 19649
wolfSSL 7:481bce714567 19650 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 7:481bce714567 19651 if (ret != 1) {
wolfSSL 7:481bce714567 19652 WOLFSSL_MSG("DSA private key file write failed");
wolfSSL 7:481bce714567 19653 return SSL_FAILURE;
wolfSSL 7:481bce714567 19654 }
wolfSSL 7:481bce714567 19655
wolfSSL 7:481bce714567 19656 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 7:481bce714567 19657 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19658 }
wolfSSL 7:481bce714567 19659
wolfSSL 7:481bce714567 19660 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19661 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 7:481bce714567 19662
wolfSSL 7:481bce714567 19663 #ifndef NO_FILESYSTEM
wolfSSL 7:481bce714567 19664 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19665 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19666 */
wolfSSL 7:481bce714567 19667 int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x)
wolfSSL 7:481bce714567 19668 {
wolfSSL 7:481bce714567 19669 (void)fp;
wolfSSL 7:481bce714567 19670 (void)x;
wolfSSL 7:481bce714567 19671
wolfSSL 7:481bce714567 19672 WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
wolfSSL 7:481bce714567 19673
wolfSSL 7:481bce714567 19674 return SSL_FAILURE;
wolfSSL 7:481bce714567 19675 }
wolfSSL 7:481bce714567 19676 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19677
wolfSSL 7:481bce714567 19678 #endif /* #ifndef NO_DSA */
wolfSSL 7:481bce714567 19679
wolfSSL 7:481bce714567 19680 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
wolfSSL 7:481bce714567 19681 WOLFSSL_EVP_PKEY** key, pem_password_cb* cb, void* arg)
wolfSSL 7:481bce714567 19682 {
wolfSSL 7:481bce714567 19683 (void)bio;
wolfSSL 7:481bce714567 19684 (void)key;
wolfSSL 7:481bce714567 19685 (void)cb;
wolfSSL 7:481bce714567 19686 (void)arg;
wolfSSL 7:481bce714567 19687
wolfSSL 7:481bce714567 19688 WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey not implemented");
wolfSSL 7:481bce714567 19689
wolfSSL 7:481bce714567 19690 return NULL;
wolfSSL 7:481bce714567 19691 }
wolfSSL 7:481bce714567 19692
wolfSSL 7:481bce714567 19693
wolfSSL 7:481bce714567 19694 int wolfSSL_EVP_PKEY_type(int type)
wolfSSL 7:481bce714567 19695 {
wolfSSL 7:481bce714567 19696 (void)type;
wolfSSL 7:481bce714567 19697
wolfSSL 7:481bce714567 19698 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
wolfSSL 7:481bce714567 19699
wolfSSL 7:481bce714567 19700 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19701 }
wolfSSL 7:481bce714567 19702
wolfSSL 7:481bce714567 19703
wolfSSL 7:481bce714567 19704 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 19705 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
wolfSSL 7:481bce714567 19706 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 19707 {
wolfSSL 7:481bce714567 19708 (void)fp;
wolfSSL 7:481bce714567 19709 (void)x;
wolfSSL 7:481bce714567 19710 (void)cb;
wolfSSL 7:481bce714567 19711 (void)u;
wolfSSL 7:481bce714567 19712
wolfSSL 7:481bce714567 19713 WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
wolfSSL 7:481bce714567 19714
wolfSSL 7:481bce714567 19715 return NULL;
wolfSSL 7:481bce714567 19716 }
wolfSSL 7:481bce714567 19717 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19718
wolfSSL 7:481bce714567 19719 #ifndef NO_RSA
wolfSSL 7:481bce714567 19720
wolfSSL 7:481bce714567 19721 #if !defined(NO_FILESYSTEM)
wolfSSL 7:481bce714567 19722 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
wolfSSL 7:481bce714567 19723 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 19724 {
wolfSSL 7:481bce714567 19725 (void)fp;
wolfSSL 7:481bce714567 19726 (void)x;
wolfSSL 7:481bce714567 19727 (void)cb;
wolfSSL 7:481bce714567 19728 (void)u;
wolfSSL 7:481bce714567 19729
wolfSSL 7:481bce714567 19730 WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
wolfSSL 7:481bce714567 19731
wolfSSL 7:481bce714567 19732 return NULL;
wolfSSL 7:481bce714567 19733 }
wolfSSL 7:481bce714567 19734
wolfSSL 7:481bce714567 19735 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19736 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19737 */
wolfSSL 7:481bce714567 19738 int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x)
wolfSSL 7:481bce714567 19739 {
wolfSSL 7:481bce714567 19740 (void)fp;
wolfSSL 7:481bce714567 19741 (void)x;
wolfSSL 7:481bce714567 19742
wolfSSL 7:481bce714567 19743 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
wolfSSL 7:481bce714567 19744
wolfSSL 7:481bce714567 19745 return SSL_FAILURE;
wolfSSL 7:481bce714567 19746 }
wolfSSL 7:481bce714567 19747
wolfSSL 7:481bce714567 19748 /* return code compliant with OpenSSL :
wolfSSL 7:481bce714567 19749 * 1 if success, 0 if error
wolfSSL 7:481bce714567 19750 */
wolfSSL 7:481bce714567 19751 int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
wolfSSL 7:481bce714567 19752 {
wolfSSL 7:481bce714567 19753 (void)fp;
wolfSSL 7:481bce714567 19754 (void)x;
wolfSSL 7:481bce714567 19755
wolfSSL 7:481bce714567 19756 WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
wolfSSL 7:481bce714567 19757
wolfSSL 7:481bce714567 19758 return SSL_FAILURE;
wolfSSL 7:481bce714567 19759 }
wolfSSL 7:481bce714567 19760 #endif /* NO_FILESYSTEM */
wolfSSL 7:481bce714567 19761
wolfSSL 7:481bce714567 19762 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 7:481bce714567 19763 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
wolfSSL 7:481bce714567 19764 {
wolfSSL 7:481bce714567 19765 word32 idx = 0;
wolfSSL 7:481bce714567 19766 int ret;
wolfSSL 7:481bce714567 19767
wolfSSL 7:481bce714567 19768 WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
wolfSSL 7:481bce714567 19769
wolfSSL 7:481bce714567 19770 if (rsa == NULL || rsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 7:481bce714567 19771 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19772 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19773 }
wolfSSL 7:481bce714567 19774
wolfSSL 7:481bce714567 19775 ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 7:481bce714567 19776 if (ret < 0) {
wolfSSL 7:481bce714567 19777 WOLFSSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 7:481bce714567 19778 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19779 }
wolfSSL 7:481bce714567 19780
wolfSSL 7:481bce714567 19781 if (SetRsaExternal(rsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19782 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 7:481bce714567 19783 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19784 }
wolfSSL 7:481bce714567 19785
wolfSSL 7:481bce714567 19786 rsa->inSet = 1;
wolfSSL 7:481bce714567 19787
wolfSSL 7:481bce714567 19788 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19789 }
wolfSSL 7:481bce714567 19790 #endif /* NO_RSA */
wolfSSL 7:481bce714567 19791
wolfSSL 7:481bce714567 19792
wolfSSL 7:481bce714567 19793 #ifndef NO_DSA
wolfSSL 7:481bce714567 19794 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 7:481bce714567 19795 int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz)
wolfSSL 7:481bce714567 19796 {
wolfSSL 7:481bce714567 19797 word32 idx = 0;
wolfSSL 7:481bce714567 19798 int ret;
wolfSSL 7:481bce714567 19799
wolfSSL 7:481bce714567 19800 WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
wolfSSL 7:481bce714567 19801
wolfSSL 7:481bce714567 19802 if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 7:481bce714567 19803 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19804 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19805 }
wolfSSL 7:481bce714567 19806
wolfSSL 7:481bce714567 19807 ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 7:481bce714567 19808 if (ret < 0) {
wolfSSL 7:481bce714567 19809 WOLFSSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 7:481bce714567 19810 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19811 }
wolfSSL 7:481bce714567 19812
wolfSSL 7:481bce714567 19813 if (SetDsaExternal(dsa) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19814 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 7:481bce714567 19815 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19816 }
wolfSSL 7:481bce714567 19817
wolfSSL 7:481bce714567 19818 dsa->inSet = 1;
wolfSSL 7:481bce714567 19819
wolfSSL 7:481bce714567 19820 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19821 }
wolfSSL 7:481bce714567 19822 #endif /* NO_DSA */
wolfSSL 7:481bce714567 19823
wolfSSL 7:481bce714567 19824 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 19825 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 7:481bce714567 19826 int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
wolfSSL 7:481bce714567 19827 const unsigned char* derBuf, int derSz)
wolfSSL 7:481bce714567 19828 {
wolfSSL 7:481bce714567 19829 word32 idx = 0;
wolfSSL 7:481bce714567 19830 int ret;
wolfSSL 7:481bce714567 19831
wolfSSL 7:481bce714567 19832 WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
wolfSSL 7:481bce714567 19833
wolfSSL 7:481bce714567 19834 if (key == NULL || key->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 7:481bce714567 19835 WOLFSSL_MSG("Bad function arguments");
wolfSSL 7:481bce714567 19836 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19837 }
wolfSSL 7:481bce714567 19838
wolfSSL 7:481bce714567 19839 ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, derSz);
wolfSSL 7:481bce714567 19840 if (ret < 0) {
wolfSSL 7:481bce714567 19841 WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
wolfSSL 7:481bce714567 19842 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19843 }
wolfSSL 7:481bce714567 19844
wolfSSL 7:481bce714567 19845 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 19846 WOLFSSL_MSG("SetECKeyExternal failed");
wolfSSL 7:481bce714567 19847 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19848 }
wolfSSL 7:481bce714567 19849
wolfSSL 7:481bce714567 19850 key->inSet = 1;
wolfSSL 7:481bce714567 19851
wolfSSL 7:481bce714567 19852 return SSL_SUCCESS;
wolfSSL 7:481bce714567 19853 }
wolfSSL 7:481bce714567 19854 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 19855
wolfSSL 7:481bce714567 19856 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 19857
wolfSSL 7:481bce714567 19858
wolfSSL 7:481bce714567 19859 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 19860
wolfSSL 7:481bce714567 19861
wolfSSL 7:481bce714567 19862 /* Get peer's certificate chain */
wolfSSL 7:481bce714567 19863 WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl)
wolfSSL 7:481bce714567 19864 {
wolfSSL 7:481bce714567 19865 WOLFSSL_ENTER("wolfSSL_get_peer_chain");
wolfSSL 7:481bce714567 19866 if (ssl)
wolfSSL 7:481bce714567 19867 return &ssl->session.chain;
wolfSSL 7:481bce714567 19868
wolfSSL 7:481bce714567 19869 return 0;
wolfSSL 7:481bce714567 19870 }
wolfSSL 7:481bce714567 19871
wolfSSL 7:481bce714567 19872
wolfSSL 7:481bce714567 19873 /* Get peer's certificate chain total count */
wolfSSL 7:481bce714567 19874 int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain)
wolfSSL 7:481bce714567 19875 {
wolfSSL 7:481bce714567 19876 WOLFSSL_ENTER("wolfSSL_get_chain_count");
wolfSSL 7:481bce714567 19877 if (chain)
wolfSSL 7:481bce714567 19878 return chain->count;
wolfSSL 7:481bce714567 19879
wolfSSL 7:481bce714567 19880 return 0;
wolfSSL 7:481bce714567 19881 }
wolfSSL 7:481bce714567 19882
wolfSSL 7:481bce714567 19883
wolfSSL 7:481bce714567 19884 /* Get peer's ASN.1 DER certificate at index (idx) length in bytes */
wolfSSL 7:481bce714567 19885 int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 7:481bce714567 19886 {
wolfSSL 7:481bce714567 19887 WOLFSSL_ENTER("wolfSSL_get_chain_length");
wolfSSL 7:481bce714567 19888 if (chain)
wolfSSL 7:481bce714567 19889 return chain->certs[idx].length;
wolfSSL 7:481bce714567 19890
wolfSSL 7:481bce714567 19891 return 0;
wolfSSL 7:481bce714567 19892 }
wolfSSL 7:481bce714567 19893
wolfSSL 7:481bce714567 19894
wolfSSL 7:481bce714567 19895 /* Get peer's ASN.1 DER certificate at index (idx) */
wolfSSL 7:481bce714567 19896 byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 7:481bce714567 19897 {
wolfSSL 7:481bce714567 19898 WOLFSSL_ENTER("wolfSSL_get_chain_cert");
wolfSSL 7:481bce714567 19899 if (chain)
wolfSSL 7:481bce714567 19900 return chain->certs[idx].buffer;
wolfSSL 7:481bce714567 19901
wolfSSL 7:481bce714567 19902 return 0;
wolfSSL 7:481bce714567 19903 }
wolfSSL 7:481bce714567 19904
wolfSSL 7:481bce714567 19905
wolfSSL 7:481bce714567 19906 /* Get peer's wolfSSL X509 certificate at index (idx) */
wolfSSL 7:481bce714567 19907 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 7:481bce714567 19908 {
wolfSSL 7:481bce714567 19909 int ret;
wolfSSL 7:481bce714567 19910 WOLFSSL_X509* x509 = NULL;
wolfSSL 7:481bce714567 19911 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19912 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 19913 #else
wolfSSL 7:481bce714567 19914 DecodedCert cert[1];
wolfSSL 7:481bce714567 19915 #endif
wolfSSL 7:481bce714567 19916
wolfSSL 7:481bce714567 19917 WOLFSSL_ENTER("wolfSSL_get_chain_X509");
wolfSSL 7:481bce714567 19918 if (chain != NULL) {
wolfSSL 7:481bce714567 19919 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19920 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 19921 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19922 if (cert != NULL)
wolfSSL 7:481bce714567 19923 #endif
wolfSSL 7:481bce714567 19924 {
wolfSSL 7:481bce714567 19925 InitDecodedCert(cert, chain->certs[idx].buffer,
wolfSSL 7:481bce714567 19926 chain->certs[idx].length, NULL);
wolfSSL 7:481bce714567 19927
wolfSSL 7:481bce714567 19928 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) {
wolfSSL 7:481bce714567 19929 WOLFSSL_MSG("Failed to parse cert");
wolfSSL 7:481bce714567 19930 }
wolfSSL 7:481bce714567 19931 else {
wolfSSL 7:481bce714567 19932 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 7:481bce714567 19933 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 19934 if (x509 == NULL) {
wolfSSL 7:481bce714567 19935 WOLFSSL_MSG("Failed alloc X509");
wolfSSL 7:481bce714567 19936 }
wolfSSL 7:481bce714567 19937 else {
wolfSSL 7:481bce714567 19938 InitX509(x509, 1, NULL);
wolfSSL 7:481bce714567 19939
wolfSSL 7:481bce714567 19940 if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
wolfSSL 7:481bce714567 19941 WOLFSSL_MSG("Failed to copy decoded");
wolfSSL 7:481bce714567 19942 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 19943 x509 = NULL;
wolfSSL 7:481bce714567 19944 }
wolfSSL 7:481bce714567 19945 }
wolfSSL 7:481bce714567 19946 }
wolfSSL 7:481bce714567 19947
wolfSSL 7:481bce714567 19948 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 19949 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19950 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19951 #endif
wolfSSL 7:481bce714567 19952 }
wolfSSL 7:481bce714567 19953 }
wolfSSL 7:481bce714567 19954
wolfSSL 7:481bce714567 19955 return x509;
wolfSSL 7:481bce714567 19956 }
wolfSSL 7:481bce714567 19957
wolfSSL 7:481bce714567 19958
wolfSSL 7:481bce714567 19959 /* Get peer's PEM certificate at index (idx), output to buffer if inLen big
wolfSSL 7:481bce714567 19960 enough else return error (-1). If buffer is NULL only calculate
wolfSSL 7:481bce714567 19961 outLen. Output length is in *outLen SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 19962 int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
wolfSSL 7:481bce714567 19963 unsigned char* buf, int inLen, int* outLen)
wolfSSL 7:481bce714567 19964 {
wolfSSL 7:481bce714567 19965 const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL 7:481bce714567 19966 const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL 7:481bce714567 19967
wolfSSL 7:481bce714567 19968 int headerLen = sizeof(header) - 1;
wolfSSL 7:481bce714567 19969 int footerLen = sizeof(footer) - 1;
wolfSSL 7:481bce714567 19970 int i;
wolfSSL 7:481bce714567 19971 int err;
wolfSSL 7:481bce714567 19972 word32 szNeeded = 0;
wolfSSL 7:481bce714567 19973
wolfSSL 7:481bce714567 19974 WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
wolfSSL 7:481bce714567 19975 if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
wolfSSL 7:481bce714567 19976 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 19977
wolfSSL 7:481bce714567 19978 /* Null output buffer return size needed in outLen */
wolfSSL 7:481bce714567 19979 if(!buf) {
wolfSSL 7:481bce714567 19980 if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL 7:481bce714567 19981 NULL, &szNeeded) != LENGTH_ONLY_E)
wolfSSL 7:481bce714567 19982 return SSL_FAILURE;
wolfSSL 7:481bce714567 19983 *outLen = szNeeded + headerLen + footerLen;
wolfSSL 7:481bce714567 19984 return LENGTH_ONLY_E;
wolfSSL 7:481bce714567 19985 }
wolfSSL 7:481bce714567 19986
wolfSSL 7:481bce714567 19987 /* don't even try if inLen too short */
wolfSSL 7:481bce714567 19988 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 7:481bce714567 19989 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 19990
wolfSSL 7:481bce714567 19991 /* header */
wolfSSL 7:481bce714567 19992 if (XMEMCPY(buf, header, headerLen) == NULL)
wolfSSL 7:481bce714567 19993 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 19994
wolfSSL 7:481bce714567 19995 i = headerLen;
wolfSSL 7:481bce714567 19996
wolfSSL 7:481bce714567 19997 /* body */
wolfSSL 7:481bce714567 19998 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 7:481bce714567 19999 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 7:481bce714567 20000 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 7:481bce714567 20001 return err;
wolfSSL 7:481bce714567 20002 i += *outLen;
wolfSSL 7:481bce714567 20003
wolfSSL 7:481bce714567 20004 /* footer */
wolfSSL 7:481bce714567 20005 if ( (i + footerLen) > inLen)
wolfSSL 7:481bce714567 20006 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 20007 if (XMEMCPY(buf + i, footer, footerLen) == NULL)
wolfSSL 7:481bce714567 20008 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 20009 *outLen += headerLen + footerLen;
wolfSSL 7:481bce714567 20010
wolfSSL 7:481bce714567 20011 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20012 }
wolfSSL 7:481bce714567 20013
wolfSSL 7:481bce714567 20014
wolfSSL 7:481bce714567 20015 /* get session ID */
wolfSSL 7:481bce714567 20016 const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 20017 {
wolfSSL 7:481bce714567 20018 WOLFSSL_ENTER("wolfSSL_get_sessionID");
wolfSSL 7:481bce714567 20019 if (session)
wolfSSL 7:481bce714567 20020 return session->sessionID;
wolfSSL 7:481bce714567 20021
wolfSSL 7:481bce714567 20022 return NULL;
wolfSSL 7:481bce714567 20023 }
wolfSSL 7:481bce714567 20024
wolfSSL 7:481bce714567 20025
wolfSSL 7:481bce714567 20026 #endif /* SESSION_CERTS */
wolfSSL 7:481bce714567 20027
wolfSSL 7:481bce714567 20028 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 20029 void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx)
wolfSSL 7:481bce714567 20030 {
wolfSSL 7:481bce714567 20031 if (ssl) {
wolfSSL 7:481bce714567 20032 ssl->fuzzerCb = cbf;
wolfSSL 7:481bce714567 20033 ssl->fuzzerCtx = fCtx;
wolfSSL 7:481bce714567 20034 }
wolfSSL 7:481bce714567 20035 }
wolfSSL 7:481bce714567 20036 #endif
wolfSSL 7:481bce714567 20037
wolfSSL 7:481bce714567 20038 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20039 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 20040
wolfSSL 7:481bce714567 20041 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20042
wolfSSL 7:481bce714567 20043 void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 7:481bce714567 20044 {
wolfSSL 7:481bce714567 20045 if (ctx)
wolfSSL 7:481bce714567 20046 ctx->EccSignCb = cb;
wolfSSL 7:481bce714567 20047 }
wolfSSL 7:481bce714567 20048
wolfSSL 7:481bce714567 20049
wolfSSL 7:481bce714567 20050 void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20051 {
wolfSSL 7:481bce714567 20052 if (ssl)
wolfSSL 7:481bce714567 20053 ssl->EccSignCtx = ctx;
wolfSSL 7:481bce714567 20054 }
wolfSSL 7:481bce714567 20055
wolfSSL 7:481bce714567 20056
wolfSSL 7:481bce714567 20057 void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20058 {
wolfSSL 7:481bce714567 20059 if (ssl)
wolfSSL 7:481bce714567 20060 return ssl->EccSignCtx;
wolfSSL 7:481bce714567 20061
wolfSSL 7:481bce714567 20062 return NULL;
wolfSSL 7:481bce714567 20063 }
wolfSSL 7:481bce714567 20064
wolfSSL 7:481bce714567 20065
wolfSSL 7:481bce714567 20066 void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 7:481bce714567 20067 {
wolfSSL 7:481bce714567 20068 if (ctx)
wolfSSL 7:481bce714567 20069 ctx->EccVerifyCb = cb;
wolfSSL 7:481bce714567 20070 }
wolfSSL 7:481bce714567 20071
wolfSSL 7:481bce714567 20072
wolfSSL 7:481bce714567 20073 void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20074 {
wolfSSL 7:481bce714567 20075 if (ssl)
wolfSSL 7:481bce714567 20076 ssl->EccVerifyCtx = ctx;
wolfSSL 7:481bce714567 20077 }
wolfSSL 7:481bce714567 20078
wolfSSL 7:481bce714567 20079
wolfSSL 7:481bce714567 20080 void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20081 {
wolfSSL 7:481bce714567 20082 if (ssl)
wolfSSL 7:481bce714567 20083 return ssl->EccVerifyCtx;
wolfSSL 7:481bce714567 20084
wolfSSL 7:481bce714567 20085 return NULL;
wolfSSL 7:481bce714567 20086 }
wolfSSL 7:481bce714567 20087
wolfSSL 7:481bce714567 20088 void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb)
wolfSSL 7:481bce714567 20089 {
wolfSSL 7:481bce714567 20090 if (ctx)
wolfSSL 7:481bce714567 20091 ctx->EccSharedSecretCb = cb;
wolfSSL 7:481bce714567 20092 }
wolfSSL 7:481bce714567 20093
wolfSSL 7:481bce714567 20094 void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20095 {
wolfSSL 7:481bce714567 20096 if (ssl)
wolfSSL 7:481bce714567 20097 ssl->EccSharedSecretCtx = ctx;
wolfSSL 7:481bce714567 20098 }
wolfSSL 7:481bce714567 20099
wolfSSL 7:481bce714567 20100
wolfSSL 7:481bce714567 20101 void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20102 {
wolfSSL 7:481bce714567 20103 if (ssl)
wolfSSL 7:481bce714567 20104 return ssl->EccSharedSecretCtx;
wolfSSL 7:481bce714567 20105
wolfSSL 7:481bce714567 20106 return NULL;
wolfSSL 7:481bce714567 20107 }
wolfSSL 7:481bce714567 20108 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20109
wolfSSL 7:481bce714567 20110 #ifndef NO_RSA
wolfSSL 7:481bce714567 20111
wolfSSL 7:481bce714567 20112 void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 7:481bce714567 20113 {
wolfSSL 7:481bce714567 20114 if (ctx)
wolfSSL 7:481bce714567 20115 ctx->RsaSignCb = cb;
wolfSSL 7:481bce714567 20116 }
wolfSSL 7:481bce714567 20117
wolfSSL 7:481bce714567 20118
wolfSSL 7:481bce714567 20119 void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20120 {
wolfSSL 7:481bce714567 20121 if (ssl)
wolfSSL 7:481bce714567 20122 ssl->RsaSignCtx = ctx;
wolfSSL 7:481bce714567 20123 }
wolfSSL 7:481bce714567 20124
wolfSSL 7:481bce714567 20125
wolfSSL 7:481bce714567 20126 void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20127 {
wolfSSL 7:481bce714567 20128 if (ssl)
wolfSSL 7:481bce714567 20129 return ssl->RsaSignCtx;
wolfSSL 7:481bce714567 20130
wolfSSL 7:481bce714567 20131 return NULL;
wolfSSL 7:481bce714567 20132 }
wolfSSL 7:481bce714567 20133
wolfSSL 7:481bce714567 20134
wolfSSL 7:481bce714567 20135 void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 7:481bce714567 20136 {
wolfSSL 7:481bce714567 20137 if (ctx)
wolfSSL 7:481bce714567 20138 ctx->RsaVerifyCb = cb;
wolfSSL 7:481bce714567 20139 }
wolfSSL 7:481bce714567 20140
wolfSSL 7:481bce714567 20141
wolfSSL 7:481bce714567 20142 void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20143 {
wolfSSL 7:481bce714567 20144 if (ssl)
wolfSSL 7:481bce714567 20145 ssl->RsaVerifyCtx = ctx;
wolfSSL 7:481bce714567 20146 }
wolfSSL 7:481bce714567 20147
wolfSSL 7:481bce714567 20148
wolfSSL 7:481bce714567 20149 void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20150 {
wolfSSL 7:481bce714567 20151 if (ssl)
wolfSSL 7:481bce714567 20152 return ssl->RsaVerifyCtx;
wolfSSL 7:481bce714567 20153
wolfSSL 7:481bce714567 20154 return NULL;
wolfSSL 7:481bce714567 20155 }
wolfSSL 7:481bce714567 20156
wolfSSL 7:481bce714567 20157 void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 7:481bce714567 20158 {
wolfSSL 7:481bce714567 20159 if (ctx)
wolfSSL 7:481bce714567 20160 ctx->RsaEncCb = cb;
wolfSSL 7:481bce714567 20161 }
wolfSSL 7:481bce714567 20162
wolfSSL 7:481bce714567 20163
wolfSSL 7:481bce714567 20164 void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20165 {
wolfSSL 7:481bce714567 20166 if (ssl)
wolfSSL 7:481bce714567 20167 ssl->RsaEncCtx = ctx;
wolfSSL 7:481bce714567 20168 }
wolfSSL 7:481bce714567 20169
wolfSSL 7:481bce714567 20170
wolfSSL 7:481bce714567 20171 void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20172 {
wolfSSL 7:481bce714567 20173 if (ssl)
wolfSSL 7:481bce714567 20174 return ssl->RsaEncCtx;
wolfSSL 7:481bce714567 20175
wolfSSL 7:481bce714567 20176 return NULL;
wolfSSL 7:481bce714567 20177 }
wolfSSL 7:481bce714567 20178
wolfSSL 7:481bce714567 20179 void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 7:481bce714567 20180 {
wolfSSL 7:481bce714567 20181 if (ctx)
wolfSSL 7:481bce714567 20182 ctx->RsaDecCb = cb;
wolfSSL 7:481bce714567 20183 }
wolfSSL 7:481bce714567 20184
wolfSSL 7:481bce714567 20185
wolfSSL 7:481bce714567 20186 void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 7:481bce714567 20187 {
wolfSSL 7:481bce714567 20188 if (ssl)
wolfSSL 7:481bce714567 20189 ssl->RsaDecCtx = ctx;
wolfSSL 7:481bce714567 20190 }
wolfSSL 7:481bce714567 20191
wolfSSL 7:481bce714567 20192
wolfSSL 7:481bce714567 20193 void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20194 {
wolfSSL 7:481bce714567 20195 if (ssl)
wolfSSL 7:481bce714567 20196 return ssl->RsaDecCtx;
wolfSSL 7:481bce714567 20197
wolfSSL 7:481bce714567 20198 return NULL;
wolfSSL 7:481bce714567 20199 }
wolfSSL 7:481bce714567 20200
wolfSSL 7:481bce714567 20201
wolfSSL 7:481bce714567 20202 #endif /* NO_RSA */
wolfSSL 7:481bce714567 20203
wolfSSL 7:481bce714567 20204 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 20205 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 20206
wolfSSL 7:481bce714567 20207
wolfSSL 7:481bce714567 20208 #ifdef WOLFSSL_HAVE_WOLFSCEP
wolfSSL 7:481bce714567 20209 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 7:481bce714567 20210 void wolfSSL_wolfSCEP(void) {}
wolfSSL 7:481bce714567 20211 #endif
wolfSSL 7:481bce714567 20212
wolfSSL 7:481bce714567 20213
wolfSSL 7:481bce714567 20214 #ifdef WOLFSSL_HAVE_CERT_SERVICE
wolfSSL 7:481bce714567 20215 /* Used by autoconf to see if cert service is available */
wolfSSL 7:481bce714567 20216 void wolfSSL_cert_service(void) {}
wolfSSL 7:481bce714567 20217 #endif
wolfSSL 7:481bce714567 20218
wolfSSL 7:481bce714567 20219
wolfSSL 7:481bce714567 20220 #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/
wolfSSL 7:481bce714567 20221
wolfSSL 7:481bce714567 20222 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20223 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
wolfSSL 7:481bce714567 20224 pem_password_cb *cb, void *u) {
wolfSSL 7:481bce714567 20225 WOLFSSL_X509* x509 = NULL;
wolfSSL 7:481bce714567 20226 const unsigned char* pem = NULL;
wolfSSL 7:481bce714567 20227 int pemSz;
wolfSSL 7:481bce714567 20228
wolfSSL 7:481bce714567 20229 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 7:481bce714567 20230
wolfSSL 7:481bce714567 20231 if (bp == NULL) {
wolfSSL 7:481bce714567 20232 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
wolfSSL 7:481bce714567 20233 return NULL;
wolfSSL 7:481bce714567 20234 }
wolfSSL 7:481bce714567 20235
wolfSSL 7:481bce714567 20236 pemSz = wolfSSL_BIO_get_mem_data(bp, &pem);
wolfSSL 7:481bce714567 20237 if (pemSz <= 0 || pem == NULL) {
wolfSSL 7:481bce714567 20238 WOLFSSL_MSG("Issue getting WOLFSSL_BIO mem");
wolfSSL 7:481bce714567 20239 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", pemSz);
wolfSSL 7:481bce714567 20240 return NULL;
wolfSSL 7:481bce714567 20241 }
wolfSSL 7:481bce714567 20242
wolfSSL 7:481bce714567 20243 x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
wolfSSL 7:481bce714567 20244 SSL_FILETYPE_PEM);
wolfSSL 7:481bce714567 20245
wolfSSL 7:481bce714567 20246 if (x != NULL) {
wolfSSL 7:481bce714567 20247 *x = x509;
wolfSSL 7:481bce714567 20248 }
wolfSSL 7:481bce714567 20249
wolfSSL 7:481bce714567 20250 (void)cb;
wolfSSL 7:481bce714567 20251 (void)u;
wolfSSL 7:481bce714567 20252
wolfSSL 7:481bce714567 20253 return x509;
wolfSSL 7:481bce714567 20254 }
wolfSSL 7:481bce714567 20255
wolfSSL 7:481bce714567 20256
wolfSSL 7:481bce714567 20257 /*
wolfSSL 7:481bce714567 20258 * bp : bio to read X509 from
wolfSSL 7:481bce714567 20259 * x : x509 to write to
wolfSSL 7:481bce714567 20260 * cb : password call back for reading PEM
wolfSSL 7:481bce714567 20261 * u : password
wolfSSL 7:481bce714567 20262 * _AUX is for working with a trusted X509 certificate
wolfSSL 7:481bce714567 20263 */
wolfSSL 7:481bce714567 20264 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
wolfSSL 7:481bce714567 20265 WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
wolfSSL 7:481bce714567 20266 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 7:481bce714567 20267
wolfSSL 7:481bce714567 20268 /* AUX info is; trusted/rejected uses, friendly name, private key id,
wolfSSL 7:481bce714567 20269 * and potentially a stack of "other" info. wolfSSL does not store
wolfSSL 7:481bce714567 20270 * friendly name or private key id yet in WOLFSSL_X509 for human
wolfSSL 7:481bce714567 20271 * readibility and does not support extra trusted/rejected uses for
wolfSSL 7:481bce714567 20272 * root CA. */
wolfSSL 7:481bce714567 20273 return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
wolfSSL 7:481bce714567 20274 }
wolfSSL 7:481bce714567 20275 #endif /* ifndef NO_CERTS */
wolfSSL 7:481bce714567 20276
wolfSSL 7:481bce714567 20277 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 20278
wolfSSL 7:481bce714567 20279 unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
wolfSSL 7:481bce714567 20280 {
wolfSSL 7:481bce714567 20281 (void) *d; (void) n; (void) *md;
wolfSSL 7:481bce714567 20282 WOLFSSL_ENTER("wolfSSL_SHA1");
wolfSSL 7:481bce714567 20283 WOLFSSL_STUB("wolfssl_SHA1");
wolfSSL 7:481bce714567 20284
wolfSSL 7:481bce714567 20285 return NULL;
wolfSSL 7:481bce714567 20286 }
wolfSSL 7:481bce714567 20287
wolfSSL 7:481bce714567 20288 char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
wolfSSL 7:481bce714567 20289 (void)ctx;
wolfSSL 7:481bce714567 20290 (void)x;
wolfSSL 7:481bce714567 20291 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
wolfSSL 7:481bce714567 20292 WOLFSSL_STUB("wolfSSL_CTX_use_certificate");
wolfSSL 7:481bce714567 20293
wolfSSL 7:481bce714567 20294 return 0;
wolfSSL 7:481bce714567 20295 }
wolfSSL 7:481bce714567 20296
wolfSSL 7:481bce714567 20297 int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
wolfSSL 7:481bce714567 20298 (void)b;
wolfSSL 7:481bce714567 20299 (void)name;
wolfSSL 7:481bce714567 20300 WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
wolfSSL 7:481bce714567 20301 WOLFSSL_STUB("wolfSSL_BIO_read_filename");
wolfSSL 7:481bce714567 20302
wolfSSL 7:481bce714567 20303 return 0;
wolfSSL 7:481bce714567 20304 }
wolfSSL 7:481bce714567 20305
wolfSSL 7:481bce714567 20306 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20307 const char * wolfSSL_OBJ_nid2sn(int n) {
wolfSSL 7:481bce714567 20308 int i;
wolfSSL 7:481bce714567 20309 WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
wolfSSL 7:481bce714567 20310
wolfSSL 7:481bce714567 20311 /* find based on NID and return name */
wolfSSL 7:481bce714567 20312 for (i = 0; i < ecc_sets[i].size; i++) {
wolfSSL 7:481bce714567 20313 if (n == ecc_sets[i].id) {
wolfSSL 7:481bce714567 20314 return ecc_sets[i].name;
wolfSSL 7:481bce714567 20315 }
wolfSSL 7:481bce714567 20316 }
wolfSSL 7:481bce714567 20317 return NULL;
wolfSSL 7:481bce714567 20318 }
wolfSSL 7:481bce714567 20319
wolfSSL 7:481bce714567 20320 int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
wolfSSL 7:481bce714567 20321 (void)o;
wolfSSL 7:481bce714567 20322 WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
wolfSSL 7:481bce714567 20323 WOLFSSL_STUB("wolfSSL_OBJ_obj2nid");
wolfSSL 7:481bce714567 20324
wolfSSL 7:481bce714567 20325 return 0;
wolfSSL 7:481bce714567 20326 }
wolfSSL 7:481bce714567 20327
wolfSSL 7:481bce714567 20328 int wolfSSL_OBJ_sn2nid(const char *sn) {
wolfSSL 7:481bce714567 20329 int i;
wolfSSL 7:481bce714567 20330 WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid");
wolfSSL 7:481bce714567 20331
wolfSSL 7:481bce714567 20332 /* find based on name and return NID */
wolfSSL 7:481bce714567 20333 for (i = 0; i < ecc_sets[i].size; i++) {
wolfSSL 7:481bce714567 20334 if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) {
wolfSSL 7:481bce714567 20335 return ecc_sets[i].id;
wolfSSL 7:481bce714567 20336 }
wolfSSL 7:481bce714567 20337 }
wolfSSL 7:481bce714567 20338 return -1;
wolfSSL 7:481bce714567 20339 }
wolfSSL 7:481bce714567 20340 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20341
wolfSSL 7:481bce714567 20342
wolfSSL 7:481bce714567 20343 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
wolfSSL 7:481bce714567 20344 (void)ctx;
wolfSSL 7:481bce714567 20345 (void)depth;
wolfSSL 7:481bce714567 20346 WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
wolfSSL 7:481bce714567 20347 WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth");
wolfSSL 7:481bce714567 20348
wolfSSL 7:481bce714567 20349 }
wolfSSL 7:481bce714567 20350
wolfSSL 7:481bce714567 20351 void* wolfSSL_get_app_data( const WOLFSSL *ssl)
wolfSSL 7:481bce714567 20352 {
wolfSSL 7:481bce714567 20353 /* checkout exdata stuff... */
wolfSSL 7:481bce714567 20354 (void)ssl;
wolfSSL 7:481bce714567 20355 WOLFSSL_ENTER("wolfSSL_get_app_data");
wolfSSL 7:481bce714567 20356 WOLFSSL_STUB("wolfSSL_get_app_data");
wolfSSL 7:481bce714567 20357
wolfSSL 7:481bce714567 20358 return 0;
wolfSSL 7:481bce714567 20359 }
wolfSSL 7:481bce714567 20360
wolfSSL 7:481bce714567 20361 void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
wolfSSL 7:481bce714567 20362 (void)ssl;
wolfSSL 7:481bce714567 20363 (void)arg;
wolfSSL 7:481bce714567 20364 WOLFSSL_ENTER("wolfSSL_set_app_data");
wolfSSL 7:481bce714567 20365 WOLFSSL_STUB("wolfSSL_set_app_data");
wolfSSL 7:481bce714567 20366 }
wolfSSL 7:481bce714567 20367
wolfSSL 7:481bce714567 20368 WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
wolfSSL 7:481bce714567 20369 (void)ne;
wolfSSL 7:481bce714567 20370 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
wolfSSL 7:481bce714567 20371 WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object");
wolfSSL 7:481bce714567 20372
wolfSSL 7:481bce714567 20373 return NULL;
wolfSSL 7:481bce714567 20374 }
wolfSSL 7:481bce714567 20375
wolfSSL 7:481bce714567 20376 WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
wolfSSL 7:481bce714567 20377 WOLFSSL_X509_NAME *name, int loc) {
wolfSSL 7:481bce714567 20378
wolfSSL 7:481bce714567 20379 int maxLoc = name->fullName.fullNameLen;
wolfSSL 7:481bce714567 20380
wolfSSL 7:481bce714567 20381 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
wolfSSL 7:481bce714567 20382
wolfSSL 7:481bce714567 20383 if (loc < 0 || loc > maxLoc) {
wolfSSL 7:481bce714567 20384 WOLFSSL_MSG("Bad argument");
wolfSSL 7:481bce714567 20385 return NULL;
wolfSSL 7:481bce714567 20386 }
wolfSSL 7:481bce714567 20387
wolfSSL 7:481bce714567 20388 /* common name index case */
wolfSSL 7:481bce714567 20389 if (loc == name->fullName.cnIdx) {
wolfSSL 7:481bce714567 20390 /* get CN shortcut from x509 since it has null terminator */
wolfSSL 7:481bce714567 20391 name->cnEntry.data.data = name->x509->subjectCN;
wolfSSL 7:481bce714567 20392 name->cnEntry.data.length = name->fullName.cnLen;
wolfSSL 7:481bce714567 20393 name->cnEntry.data.type = ASN_COMMON_NAME;
wolfSSL 7:481bce714567 20394 name->cnEntry.set = 1;
wolfSSL 7:481bce714567 20395 return &(name->cnEntry);
wolfSSL 7:481bce714567 20396 }
wolfSSL 7:481bce714567 20397
wolfSSL 7:481bce714567 20398 /* additionall cases to check for go here */
wolfSSL 7:481bce714567 20399
wolfSSL 7:481bce714567 20400 WOLFSSL_MSG("Entry not found or implemented");
wolfSSL 7:481bce714567 20401 (void)name;
wolfSSL 7:481bce714567 20402 (void)loc;
wolfSSL 7:481bce714567 20403
wolfSSL 7:481bce714567 20404 return NULL;
wolfSSL 7:481bce714567 20405 }
wolfSSL 7:481bce714567 20406
wolfSSL 7:481bce714567 20407 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20408 void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
wolfSSL 7:481bce714567 20409 FreeX509Name(name, NULL);
wolfSSL 7:481bce714567 20410 WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
wolfSSL 7:481bce714567 20411 WOLFSSL_STUB("wolfSSL_X509_NAME_free");
wolfSSL 7:481bce714567 20412 }
wolfSSL 7:481bce714567 20413 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 20414
wolfSSL 7:481bce714567 20415 void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
wolfSSL 7:481bce714567 20416 (void) sk;
wolfSSL 7:481bce714567 20417 (void) f;
wolfSSL 7:481bce714567 20418 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
wolfSSL 7:481bce714567 20419 WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free");
wolfSSL 7:481bce714567 20420 }
wolfSSL 7:481bce714567 20421
wolfSSL 7:481bce714567 20422 int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
wolfSSL 7:481bce714567 20423 (void) x509;
wolfSSL 7:481bce714567 20424 (void) key;
wolfSSL 7:481bce714567 20425 WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
wolfSSL 7:481bce714567 20426 WOLFSSL_STUB("wolfSSL_X509_check_private_key");
wolfSSL 7:481bce714567 20427
wolfSSL 7:481bce714567 20428 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20429 }
wolfSSL 7:481bce714567 20430
wolfSSL 7:481bce714567 20431 STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
wolfSSL 7:481bce714567 20432 (void) sk;
wolfSSL 7:481bce714567 20433 WOLFSSL_ENTER("wolfSSL_dup_CA_list");
wolfSSL 7:481bce714567 20434 WOLFSSL_STUB("wolfSSL_dup_CA_list");
wolfSSL 7:481bce714567 20435
wolfSSL 7:481bce714567 20436 return NULL;
wolfSSL 7:481bce714567 20437 }
wolfSSL 7:481bce714567 20438
wolfSSL 7:481bce714567 20439 #endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL */
wolfSSL 7:481bce714567 20440 #endif
wolfSSL 7:481bce714567 20441
wolfSSL 7:481bce714567 20442
wolfSSL 7:481bce714567 20443 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 20444
wolfSSL 7:481bce714567 20445 /* wolfSSL uses negative values for error states. This function returns an
wolfSSL 7:481bce714567 20446 * unsigned type so the value returned is the absolute value of the error.
wolfSSL 7:481bce714567 20447 */
wolfSSL 7:481bce714567 20448 unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
wolfSSL 7:481bce714567 20449 {
wolfSSL 7:481bce714567 20450 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 7:481bce714567 20451
wolfSSL 7:481bce714567 20452 (void)line;
wolfSSL 7:481bce714567 20453 (void)file;
wolfSSL 7:481bce714567 20454 #if defined(DEBUG_WOLFSSL)
wolfSSL 7:481bce714567 20455 {
wolfSSL 7:481bce714567 20456 int ret;
wolfSSL 7:481bce714567 20457
wolfSSL 7:481bce714567 20458 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
wolfSSL 7:481bce714567 20459 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 7:481bce714567 20460 return 0;
wolfSSL 7:481bce714567 20461 }
wolfSSL 7:481bce714567 20462 return (unsigned long)ret;
wolfSSL 7:481bce714567 20463 }
wolfSSL 7:481bce714567 20464 #else
wolfSSL 7:481bce714567 20465 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 7:481bce714567 20466 #endif
wolfSSL 7:481bce714567 20467 }
wolfSSL 7:481bce714567 20468
wolfSSL 7:481bce714567 20469
wolfSSL 7:481bce714567 20470 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20471 int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
wolfSSL 7:481bce714567 20472 {
wolfSSL 7:481bce714567 20473 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
wolfSSL 7:481bce714567 20474
wolfSSL 7:481bce714567 20475 if (ctx == NULL || pkey == NULL) {
wolfSSL 7:481bce714567 20476 return SSL_FAILURE;
wolfSSL 7:481bce714567 20477 }
wolfSSL 7:481bce714567 20478
wolfSSL 7:481bce714567 20479 return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
wolfSSL 7:481bce714567 20480 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 7:481bce714567 20481 pkey->pkey_sz, PRIVATEKEY_TYPE);
wolfSSL 7:481bce714567 20482 }
wolfSSL 7:481bce714567 20483 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 20484
wolfSSL 7:481bce714567 20485
wolfSSL 7:481bce714567 20486 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
wolfSSL 7:481bce714567 20487 {
wolfSSL 7:481bce714567 20488 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
wolfSSL 7:481bce714567 20489 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 20490 if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 7:481bce714567 20491 return ctx->ex_data[idx];
wolfSSL 7:481bce714567 20492 }
wolfSSL 7:481bce714567 20493 #else
wolfSSL 7:481bce714567 20494 (void)ctx;
wolfSSL 7:481bce714567 20495 (void)idx;
wolfSSL 7:481bce714567 20496 #endif
wolfSSL 7:481bce714567 20497 return NULL;
wolfSSL 7:481bce714567 20498 }
wolfSSL 7:481bce714567 20499
wolfSSL 7:481bce714567 20500
wolfSSL 7:481bce714567 20501 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 7:481bce714567 20502 void* c)
wolfSSL 7:481bce714567 20503 {
wolfSSL 7:481bce714567 20504 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
wolfSSL 7:481bce714567 20505 (void)idx;
wolfSSL 7:481bce714567 20506 (void)arg;
wolfSSL 7:481bce714567 20507 (void)a;
wolfSSL 7:481bce714567 20508 (void)b;
wolfSSL 7:481bce714567 20509 (void)c;
wolfSSL 7:481bce714567 20510 return 0;
wolfSSL 7:481bce714567 20511 }
wolfSSL 7:481bce714567 20512
wolfSSL 7:481bce714567 20513
wolfSSL 7:481bce714567 20514 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
wolfSSL 7:481bce714567 20515 {
wolfSSL 7:481bce714567 20516 WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
wolfSSL 7:481bce714567 20517 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 20518 if (ctx != NULL && idx < MAX_EX_DATA)
wolfSSL 7:481bce714567 20519 {
wolfSSL 7:481bce714567 20520 ctx->ex_data[idx] = data;
wolfSSL 7:481bce714567 20521 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20522 }
wolfSSL 7:481bce714567 20523 #else
wolfSSL 7:481bce714567 20524 (void)ctx;
wolfSSL 7:481bce714567 20525 (void)idx;
wolfSSL 7:481bce714567 20526 (void)data;
wolfSSL 7:481bce714567 20527 #endif
wolfSSL 7:481bce714567 20528 return SSL_FAILURE;
wolfSSL 7:481bce714567 20529 }
wolfSSL 7:481bce714567 20530
wolfSSL 7:481bce714567 20531
wolfSSL 7:481bce714567 20532 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
wolfSSL 7:481bce714567 20533 {
wolfSSL 7:481bce714567 20534 WOLFSSL_ENTER("wolfSSL_set_ex_data");
wolfSSL 7:481bce714567 20535 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 20536 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 7:481bce714567 20537 {
wolfSSL 7:481bce714567 20538 ssl->ex_data[idx] = data;
wolfSSL 7:481bce714567 20539 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20540 }
wolfSSL 7:481bce714567 20541 #else
wolfSSL 7:481bce714567 20542 (void)ssl;
wolfSSL 7:481bce714567 20543 (void)idx;
wolfSSL 7:481bce714567 20544 (void)data;
wolfSSL 7:481bce714567 20545 #endif
wolfSSL 7:481bce714567 20546 return SSL_FAILURE;
wolfSSL 7:481bce714567 20547 }
wolfSSL 7:481bce714567 20548
wolfSSL 7:481bce714567 20549
wolfSSL 7:481bce714567 20550 int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL 7:481bce714567 20551 void* cb3)
wolfSSL 7:481bce714567 20552 {
wolfSSL 7:481bce714567 20553 WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
wolfSSL 7:481bce714567 20554 (void)idx;
wolfSSL 7:481bce714567 20555 (void)data;
wolfSSL 7:481bce714567 20556 (void)cb1;
wolfSSL 7:481bce714567 20557 (void)cb2;
wolfSSL 7:481bce714567 20558 (void)cb3;
wolfSSL 7:481bce714567 20559 return 0;
wolfSSL 7:481bce714567 20560 }
wolfSSL 7:481bce714567 20561
wolfSSL 7:481bce714567 20562
wolfSSL 7:481bce714567 20563 void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
wolfSSL 7:481bce714567 20564 {
wolfSSL 7:481bce714567 20565 WOLFSSL_ENTER("wolfSSL_get_ex_data");
wolfSSL 7:481bce714567 20566 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 20567 if (ssl != NULL && idx < MAX_EX_DATA && idx >= 0)
wolfSSL 7:481bce714567 20568 return ssl->ex_data[idx];
wolfSSL 7:481bce714567 20569 #else
wolfSSL 7:481bce714567 20570 (void)ssl;
wolfSSL 7:481bce714567 20571 (void)idx;
wolfSSL 7:481bce714567 20572 #endif
wolfSSL 7:481bce714567 20573 return 0;
wolfSSL 7:481bce714567 20574 }
wolfSSL 7:481bce714567 20575
wolfSSL 7:481bce714567 20576 #ifndef NO_DSA
wolfSSL 7:481bce714567 20577 WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
wolfSSL 7:481bce714567 20578 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 20579 {
wolfSSL 7:481bce714567 20580 WOLFSSL_DSA* dsa;
wolfSSL 7:481bce714567 20581 DsaKey* key;
wolfSSL 7:481bce714567 20582 int length;
wolfSSL 7:481bce714567 20583 const unsigned char* buf;
wolfSSL 7:481bce714567 20584 word32 bufSz;
wolfSSL 7:481bce714567 20585 int ret;
wolfSSL 7:481bce714567 20586 word32 idx = 0;
wolfSSL 7:481bce714567 20587 DerBuffer* pDer;
wolfSSL 7:481bce714567 20588
wolfSSL 7:481bce714567 20589 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams");
wolfSSL 7:481bce714567 20590
wolfSSL 7:481bce714567 20591 ret = wolfSSL_BIO_get_mem_data(bp, &buf);
wolfSSL 7:481bce714567 20592 if (ret <= 0) {
wolfSSL 7:481bce714567 20593 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 7:481bce714567 20594 return NULL;
wolfSSL 7:481bce714567 20595 }
wolfSSL 7:481bce714567 20596
wolfSSL 7:481bce714567 20597 bufSz = (word32)ret;
wolfSSL 7:481bce714567 20598
wolfSSL 7:481bce714567 20599 if (cb != NULL || u != NULL) {
wolfSSL 7:481bce714567 20600 /*
wolfSSL 7:481bce714567 20601 * cb is for a call back when encountering encrypted PEM files
wolfSSL 7:481bce714567 20602 * if cb == NULL and u != NULL then u = null terminated password string
wolfSSL 7:481bce714567 20603 */
wolfSSL 7:481bce714567 20604 WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM");
wolfSSL 7:481bce714567 20605 }
wolfSSL 7:481bce714567 20606
wolfSSL 7:481bce714567 20607 if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL,
wolfSSL 7:481bce714567 20608 NULL)) < 0 ) {
wolfSSL 7:481bce714567 20609 WOLFSSL_MSG("Issue converting from PEM to DER");
wolfSSL 7:481bce714567 20610 return NULL;
wolfSSL 7:481bce714567 20611 }
wolfSSL 7:481bce714567 20612
wolfSSL 7:481bce714567 20613 if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) {
wolfSSL 7:481bce714567 20614 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 7:481bce714567 20615 FreeDer(&pDer);
wolfSSL 7:481bce714567 20616 return NULL;
wolfSSL 7:481bce714567 20617 }
wolfSSL 7:481bce714567 20618
wolfSSL 7:481bce714567 20619 dsa = wolfSSL_DSA_new();
wolfSSL 7:481bce714567 20620 if (dsa == NULL) {
wolfSSL 7:481bce714567 20621 FreeDer(&pDer);
wolfSSL 7:481bce714567 20622 WOLFSSL_MSG("Error creating DSA struct");
wolfSSL 7:481bce714567 20623 return NULL;
wolfSSL 7:481bce714567 20624 }
wolfSSL 7:481bce714567 20625
wolfSSL 7:481bce714567 20626 key = (DsaKey*)dsa->internal;
wolfSSL 7:481bce714567 20627 if (key == NULL) {
wolfSSL 7:481bce714567 20628 FreeDer(&pDer);
wolfSSL 7:481bce714567 20629 wolfSSL_DSA_free(dsa);
wolfSSL 7:481bce714567 20630 WOLFSSL_MSG("Error finding DSA key struct");
wolfSSL 7:481bce714567 20631 return NULL;
wolfSSL 7:481bce714567 20632 }
wolfSSL 7:481bce714567 20633
wolfSSL 7:481bce714567 20634 if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 7:481bce714567 20635 GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 7:481bce714567 20636 GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) {
wolfSSL 7:481bce714567 20637 WOLFSSL_MSG("dsa key error");
wolfSSL 7:481bce714567 20638 FreeDer(&pDer);
wolfSSL 7:481bce714567 20639 wolfSSL_DSA_free(dsa);
wolfSSL 7:481bce714567 20640 return NULL;
wolfSSL 7:481bce714567 20641 }
wolfSSL 7:481bce714567 20642
wolfSSL 7:481bce714567 20643 if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 20644 WOLFSSL_MSG("dsa p key error");
wolfSSL 7:481bce714567 20645 FreeDer(&pDer);
wolfSSL 7:481bce714567 20646 wolfSSL_DSA_free(dsa);
wolfSSL 7:481bce714567 20647 return NULL;
wolfSSL 7:481bce714567 20648 }
wolfSSL 7:481bce714567 20649
wolfSSL 7:481bce714567 20650 if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 20651 WOLFSSL_MSG("dsa q key error");
wolfSSL 7:481bce714567 20652 FreeDer(&pDer);
wolfSSL 7:481bce714567 20653 wolfSSL_DSA_free(dsa);
wolfSSL 7:481bce714567 20654 return NULL;
wolfSSL 7:481bce714567 20655 }
wolfSSL 7:481bce714567 20656
wolfSSL 7:481bce714567 20657 if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 20658 WOLFSSL_MSG("dsa g key error");
wolfSSL 7:481bce714567 20659 FreeDer(&pDer);
wolfSSL 7:481bce714567 20660 wolfSSL_DSA_free(dsa);
wolfSSL 7:481bce714567 20661 return NULL;
wolfSSL 7:481bce714567 20662 }
wolfSSL 7:481bce714567 20663
wolfSSL 7:481bce714567 20664 if (x != NULL) {
wolfSSL 7:481bce714567 20665 *x = dsa;
wolfSSL 7:481bce714567 20666 }
wolfSSL 7:481bce714567 20667
wolfSSL 7:481bce714567 20668 FreeDer(&pDer);
wolfSSL 7:481bce714567 20669 return dsa;
wolfSSL 7:481bce714567 20670 }
wolfSSL 7:481bce714567 20671 #endif /* NO_DSA */
wolfSSL 7:481bce714567 20672
wolfSSL 7:481bce714567 20673 #include "src/bio.c"
wolfSSL 7:481bce714567 20674
wolfSSL 7:481bce714567 20675 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 20676
wolfSSL 7:481bce714567 20677
wolfSSL 7:481bce714567 20678 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
wolfSSL 7:481bce714567 20679 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
wolfSSL 7:481bce714567 20680 char * wolfSSL_OBJ_nid2ln(int n) {
wolfSSL 7:481bce714567 20681 (void)n;
wolfSSL 7:481bce714567 20682 WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln");
wolfSSL 7:481bce714567 20683 WOLFSSL_STUB("wolfSSL_OBJ_nid2ln");
wolfSSL 7:481bce714567 20684
wolfSSL 7:481bce714567 20685 return NULL;
wolfSSL 7:481bce714567 20686 }
wolfSSL 7:481bce714567 20687
wolfSSL 7:481bce714567 20688 int wolfSSL_OBJ_txt2nid(const char* s) {
wolfSSL 7:481bce714567 20689 (void)s;
wolfSSL 7:481bce714567 20690 WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");
wolfSSL 7:481bce714567 20691 WOLFSSL_STUB("wolfSSL_OBJ_txt2nid");
wolfSSL 7:481bce714567 20692
wolfSSL 7:481bce714567 20693 return 0;
wolfSSL 7:481bce714567 20694 }
wolfSSL 7:481bce714567 20695
wolfSSL 7:481bce714567 20696
wolfSSL 7:481bce714567 20697 WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
wolfSSL 7:481bce714567 20698 (void)filename;
wolfSSL 7:481bce714567 20699 (void)mode;
wolfSSL 7:481bce714567 20700 WOLFSSL_ENTER("wolfSSL_BIO_new_file");
wolfSSL 7:481bce714567 20701 WOLFSSL_STUB("wolfSSL_BIO_new_file");
wolfSSL 7:481bce714567 20702
wolfSSL 7:481bce714567 20703 return NULL;
wolfSSL 7:481bce714567 20704 }
wolfSSL 7:481bce714567 20705
wolfSSL 7:481bce714567 20706
wolfSSL 7:481bce714567 20707 WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x,
wolfSSL 7:481bce714567 20708 pem_password_cb *cb, void *u)
wolfSSL 7:481bce714567 20709 {
wolfSSL 7:481bce714567 20710 (void) bp;
wolfSSL 7:481bce714567 20711 (void) x;
wolfSSL 7:481bce714567 20712 (void) cb;
wolfSSL 7:481bce714567 20713 (void) u;
wolfSSL 7:481bce714567 20714
wolfSSL 7:481bce714567 20715 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
wolfSSL 7:481bce714567 20716 WOLFSSL_STUB("wolfSSL_PEM_read_bio_DHparams");
wolfSSL 7:481bce714567 20717
wolfSSL 7:481bce714567 20718 return NULL;
wolfSSL 7:481bce714567 20719 }
wolfSSL 7:481bce714567 20720
wolfSSL 7:481bce714567 20721
wolfSSL 7:481bce714567 20722 int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
wolfSSL 7:481bce714567 20723 (void)bp;
wolfSSL 7:481bce714567 20724 (void)x;
wolfSSL 7:481bce714567 20725 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509");
wolfSSL 7:481bce714567 20726 WOLFSSL_STUB("wolfSSL_PEM_write_bio_X509");
wolfSSL 7:481bce714567 20727
wolfSSL 7:481bce714567 20728 return 0;
wolfSSL 7:481bce714567 20729 }
wolfSSL 7:481bce714567 20730
wolfSSL 7:481bce714567 20731
wolfSSL 7:481bce714567 20732 #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
wolfSSL 7:481bce714567 20733 /* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
wolfSSL 7:481bce714567 20734 long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
wolfSSL 7:481bce714567 20735 {
wolfSSL 7:481bce714567 20736 int pSz, gSz;
wolfSSL 7:481bce714567 20737 byte *p, *g;
wolfSSL 7:481bce714567 20738 int ret=0;
wolfSSL 7:481bce714567 20739
wolfSSL 7:481bce714567 20740 WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
wolfSSL 7:481bce714567 20741
wolfSSL 7:481bce714567 20742 if(!ctx || !dh)
wolfSSL 7:481bce714567 20743 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 20744
wolfSSL 7:481bce714567 20745 /* Get needed size for p and g */
wolfSSL 7:481bce714567 20746 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 7:481bce714567 20747 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 7:481bce714567 20748
wolfSSL 7:481bce714567 20749 if(pSz <= 0 || gSz <= 0)
wolfSSL 7:481bce714567 20750 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 20751
wolfSSL 7:481bce714567 20752 p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 20753 if(!p)
wolfSSL 7:481bce714567 20754 return MEMORY_E;
wolfSSL 7:481bce714567 20755
wolfSSL 7:481bce714567 20756 g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 20757 if(!g) {
wolfSSL 7:481bce714567 20758 XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 20759 return MEMORY_E;
wolfSSL 7:481bce714567 20760 }
wolfSSL 7:481bce714567 20761
wolfSSL 7:481bce714567 20762 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 7:481bce714567 20763 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 7:481bce714567 20764
wolfSSL 7:481bce714567 20765 if(pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 7:481bce714567 20766 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 7:481bce714567 20767
wolfSSL 7:481bce714567 20768 XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 20769 XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 20770
wolfSSL 7:481bce714567 20771 return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 20772 }
wolfSSL 7:481bce714567 20773 #endif /* OPENSSL_EXTRA && !NO_DH */
wolfSSL 7:481bce714567 20774 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
wolfSSL 7:481bce714567 20775
wolfSSL 7:481bce714567 20776
wolfSSL 7:481bce714567 20777 /* stunnel compatibility functions*/
wolfSSL 7:481bce714567 20778 #if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 20779 void WOLFSSL_ERR_remove_thread_state(void* pid)
wolfSSL 7:481bce714567 20780 {
wolfSSL 7:481bce714567 20781 (void) pid;
wolfSSL 7:481bce714567 20782 return;
wolfSSL 7:481bce714567 20783 }
wolfSSL 7:481bce714567 20784
wolfSSL 7:481bce714567 20785 /***TBD ***/
wolfSSL 7:481bce714567 20786 void wolfSSL_print_all_errors_fp(XFILE *fp)
wolfSSL 7:481bce714567 20787 {
wolfSSL 7:481bce714567 20788 (void)fp;
wolfSSL 7:481bce714567 20789 }
wolfSSL 7:481bce714567 20790
wolfSSL 7:481bce714567 20791 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
wolfSSL 7:481bce714567 20792 {
wolfSSL 7:481bce714567 20793 WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
wolfSSL 7:481bce714567 20794 if(session != NULL && idx < MAX_EX_DATA) {
wolfSSL 7:481bce714567 20795 session->ex_data[idx] = data;
wolfSSL 7:481bce714567 20796 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20797 }
wolfSSL 7:481bce714567 20798 return SSL_FAILURE;
wolfSSL 7:481bce714567 20799 }
wolfSSL 7:481bce714567 20800
wolfSSL 7:481bce714567 20801
wolfSSL 7:481bce714567 20802 int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
wolfSSL 7:481bce714567 20803 void* cb2, CRYPTO_free_func* cb3)
wolfSSL 7:481bce714567 20804 {
wolfSSL 7:481bce714567 20805 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
wolfSSL 7:481bce714567 20806 (void)idx;
wolfSSL 7:481bce714567 20807 (void)cb1;
wolfSSL 7:481bce714567 20808 (void)cb2;
wolfSSL 7:481bce714567 20809 (void)cb3;
wolfSSL 7:481bce714567 20810 if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) {
wolfSSL 7:481bce714567 20811 return 0;
wolfSSL 7:481bce714567 20812 }
wolfSSL 7:481bce714567 20813 else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) {
wolfSSL 7:481bce714567 20814 return 1;
wolfSSL 7:481bce714567 20815 }
wolfSSL 7:481bce714567 20816 return SSL_FAILURE;
wolfSSL 7:481bce714567 20817 }
wolfSSL 7:481bce714567 20818
wolfSSL 7:481bce714567 20819
wolfSSL 7:481bce714567 20820 void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
wolfSSL 7:481bce714567 20821 {
wolfSSL 7:481bce714567 20822 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
wolfSSL 7:481bce714567 20823 if (session != NULL && idx < MAX_EX_DATA && idx >= 0)
wolfSSL 7:481bce714567 20824 return session->ex_data[idx];
wolfSSL 7:481bce714567 20825 return NULL;
wolfSSL 7:481bce714567 20826 }
wolfSSL 7:481bce714567 20827
wolfSSL 7:481bce714567 20828
wolfSSL 7:481bce714567 20829 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
wolfSSL 7:481bce714567 20830 void *(*r) (void *, size_t, const char *,
wolfSSL 7:481bce714567 20831 int), void (*f) (void *))
wolfSSL 7:481bce714567 20832 {
wolfSSL 7:481bce714567 20833 (void) m;
wolfSSL 7:481bce714567 20834 (void) r;
wolfSSL 7:481bce714567 20835 (void) f;
wolfSSL 7:481bce714567 20836 WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
wolfSSL 7:481bce714567 20837 WOLFSSL_STUB("wolfSSL_CRYPTO_set_mem_ex_functions");
wolfSSL 7:481bce714567 20838
wolfSSL 7:481bce714567 20839 return SSL_FAILURE;
wolfSSL 7:481bce714567 20840 }
wolfSSL 7:481bce714567 20841
wolfSSL 7:481bce714567 20842
wolfSSL 7:481bce714567 20843 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
wolfSSL 7:481bce714567 20844 void (*callback) (int, int, void *), void *cb_arg)
wolfSSL 7:481bce714567 20845 {
wolfSSL 7:481bce714567 20846 (void)prime_len;
wolfSSL 7:481bce714567 20847 (void)generator;
wolfSSL 7:481bce714567 20848 (void)callback;
wolfSSL 7:481bce714567 20849 (void)cb_arg;
wolfSSL 7:481bce714567 20850 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
wolfSSL 7:481bce714567 20851 WOLFSSL_STUB("wolfSSL_DH_generate_parameters");
wolfSSL 7:481bce714567 20852
wolfSSL 7:481bce714567 20853 return NULL;
wolfSSL 7:481bce714567 20854 }
wolfSSL 7:481bce714567 20855
wolfSSL 7:481bce714567 20856 int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator,
wolfSSL 7:481bce714567 20857 void (*callback) (int, int, void *))
wolfSSL 7:481bce714567 20858 {
wolfSSL 7:481bce714567 20859 (void)prime_len;
wolfSSL 7:481bce714567 20860 (void)generator;
wolfSSL 7:481bce714567 20861 (void)callback;
wolfSSL 7:481bce714567 20862 (void)dh;
wolfSSL 7:481bce714567 20863 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
wolfSSL 7:481bce714567 20864 WOLFSSL_STUB("wolfSSL_DH_generate_parameters_ex");
wolfSSL 7:481bce714567 20865
wolfSSL 7:481bce714567 20866 return -1;
wolfSSL 7:481bce714567 20867 }
wolfSSL 7:481bce714567 20868
wolfSSL 7:481bce714567 20869
wolfSSL 7:481bce714567 20870 void wolfSSL_ERR_load_crypto_strings(void)
wolfSSL 7:481bce714567 20871 {
wolfSSL 7:481bce714567 20872 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
wolfSSL 7:481bce714567 20873 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
wolfSSL 7:481bce714567 20874 return;
wolfSSL 7:481bce714567 20875 }
wolfSSL 7:481bce714567 20876
wolfSSL 7:481bce714567 20877
wolfSSL 7:481bce714567 20878 unsigned long wolfSSL_ERR_peek_last_error(void)
wolfSSL 7:481bce714567 20879 {
wolfSSL 7:481bce714567 20880 unsigned long l = 0UL;
wolfSSL 7:481bce714567 20881 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 7:481bce714567 20882 WOLFSSL_STUB("wolfSSL_ERR_peek_last_error");
wolfSSL 7:481bce714567 20883
wolfSSL 7:481bce714567 20884 return l;
wolfSSL 7:481bce714567 20885 }
wolfSSL 7:481bce714567 20886
wolfSSL 7:481bce714567 20887
wolfSSL 7:481bce714567 20888 int wolfSSL_FIPS_mode(void)
wolfSSL 7:481bce714567 20889 {
wolfSSL 7:481bce714567 20890 WOLFSSL_ENTER("wolfSSL_FIPS_mode");
wolfSSL 7:481bce714567 20891 WOLFSSL_STUB("wolfSSL_FIPS_mode");
wolfSSL 7:481bce714567 20892
wolfSSL 7:481bce714567 20893 return SSL_FAILURE;
wolfSSL 7:481bce714567 20894 }
wolfSSL 7:481bce714567 20895
wolfSSL 7:481bce714567 20896 int wolfSSL_FIPS_mode_set(int r)
wolfSSL 7:481bce714567 20897 {
wolfSSL 7:481bce714567 20898 (void)r;
wolfSSL 7:481bce714567 20899 WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
wolfSSL 7:481bce714567 20900 WOLFSSL_STUB("wolfSSL_FIPS_mode_set");
wolfSSL 7:481bce714567 20901
wolfSSL 7:481bce714567 20902 return SSL_FAILURE;
wolfSSL 7:481bce714567 20903 }
wolfSSL 7:481bce714567 20904
wolfSSL 7:481bce714567 20905
wolfSSL 7:481bce714567 20906 int wolfSSL_RAND_set_rand_method(const void *meth)
wolfSSL 7:481bce714567 20907 {
wolfSSL 7:481bce714567 20908 (void) meth;
wolfSSL 7:481bce714567 20909 WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
wolfSSL 7:481bce714567 20910 WOLFSSL_STUB("wolfSSL_RAND_set_rand_method");
wolfSSL 7:481bce714567 20911
wolfSSL 7:481bce714567 20912 return SSL_FAILURE;
wolfSSL 7:481bce714567 20913 }
wolfSSL 7:481bce714567 20914
wolfSSL 7:481bce714567 20915
wolfSSL 7:481bce714567 20916 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
wolfSSL 7:481bce714567 20917 {
wolfSSL 7:481bce714567 20918 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 20919 WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
wolfSSL 7:481bce714567 20920 if(c != NULL && c->ssl != NULL) {
wolfSSL 7:481bce714567 20921 ret = 8 * c->ssl->specs.key_size;
wolfSSL 7:481bce714567 20922 if(alg_bits != NULL) {
wolfSSL 7:481bce714567 20923 *alg_bits = ret;
wolfSSL 7:481bce714567 20924 }
wolfSSL 7:481bce714567 20925 }
wolfSSL 7:481bce714567 20926 return ret;
wolfSSL 7:481bce714567 20927 }
wolfSSL 7:481bce714567 20928
wolfSSL 7:481bce714567 20929
wolfSSL 7:481bce714567 20930 int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
wolfSSL 7:481bce714567 20931 {
wolfSSL 7:481bce714567 20932 (void) s;
wolfSSL 7:481bce714567 20933 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
wolfSSL 7:481bce714567 20934 WOLFSSL_STUB("wolfSSL_sk_X509_NAME_num");
wolfSSL 7:481bce714567 20935
wolfSSL 7:481bce714567 20936 return SSL_FAILURE;
wolfSSL 7:481bce714567 20937 }
wolfSSL 7:481bce714567 20938
wolfSSL 7:481bce714567 20939
wolfSSL 7:481bce714567 20940 int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
wolfSSL 7:481bce714567 20941 {
wolfSSL 7:481bce714567 20942 (void) s;
wolfSSL 7:481bce714567 20943 WOLFSSL_ENTER("wolfSSL_sk_X509_num");
wolfSSL 7:481bce714567 20944 WOLFSSL_STUB("wolfSSL_sk_X509_num");
wolfSSL 7:481bce714567 20945
wolfSSL 7:481bce714567 20946 return SSL_FAILURE;
wolfSSL 7:481bce714567 20947 }
wolfSSL 7:481bce714567 20948
wolfSSL 7:481bce714567 20949
wolfSSL 7:481bce714567 20950 int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm,
wolfSSL 7:481bce714567 20951 int indent, unsigned long flags)
wolfSSL 7:481bce714567 20952 {
wolfSSL 7:481bce714567 20953 (void)bio;
wolfSSL 7:481bce714567 20954 (void)nm;
wolfSSL 7:481bce714567 20955 (void)indent;
wolfSSL 7:481bce714567 20956 (void)flags;
wolfSSL 7:481bce714567 20957 WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
wolfSSL 7:481bce714567 20958 WOLFSSL_STUB("wolfSSL_X509_NAME_print_ex");
wolfSSL 7:481bce714567 20959
wolfSSL 7:481bce714567 20960 return SSL_FAILURE;
wolfSSL 7:481bce714567 20961 }
wolfSSL 7:481bce714567 20962
wolfSSL 7:481bce714567 20963
wolfSSL 7:481bce714567 20964 WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
wolfSSL 7:481bce714567 20965 {
wolfSSL 7:481bce714567 20966 (void)x;
wolfSSL 7:481bce714567 20967 WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr");
wolfSSL 7:481bce714567 20968 WOLFSSL_STUB("wolfSSL_X509_get0_pubkey_bitstr");
wolfSSL 7:481bce714567 20969
wolfSSL 7:481bce714567 20970 return NULL;
wolfSSL 7:481bce714567 20971 }
wolfSSL 7:481bce714567 20972
wolfSSL 7:481bce714567 20973
wolfSSL 7:481bce714567 20974 int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
wolfSSL 7:481bce714567 20975 {
wolfSSL 7:481bce714567 20976 (void)ctx;
wolfSSL 7:481bce714567 20977 (void)session;
wolfSSL 7:481bce714567 20978 WOLFSSL_ENTER("wolfSSL_CTX_add_session");
wolfSSL 7:481bce714567 20979 WOLFSSL_STUB("wolfSSL_CTX_add_session");
wolfSSL 7:481bce714567 20980
wolfSSL 7:481bce714567 20981 return SSL_SUCCESS;
wolfSSL 7:481bce714567 20982 }
wolfSSL 7:481bce714567 20983
wolfSSL 7:481bce714567 20984
wolfSSL 7:481bce714567 20985 int wolfSSL_get_state(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 20986 {
wolfSSL 7:481bce714567 20987 (void)ssl;
wolfSSL 7:481bce714567 20988 WOLFSSL_ENTER("wolfSSL_get_state");
wolfSSL 7:481bce714567 20989 WOLFSSL_STUB("wolfSSL_get_state");
wolfSSL 7:481bce714567 20990
wolfSSL 7:481bce714567 20991 return SSL_FAILURE;
wolfSSL 7:481bce714567 20992 }
wolfSSL 7:481bce714567 20993
wolfSSL 7:481bce714567 20994
wolfSSL 7:481bce714567 20995 void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
wolfSSL 7:481bce714567 20996 {
wolfSSL 7:481bce714567 20997 (void)sk;
wolfSSL 7:481bce714567 20998 (void)i;
wolfSSL 7:481bce714567 20999 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
wolfSSL 7:481bce714567 21000 WOLFSSL_STUB("wolfSSL_sk_X509_NAME_value");
wolfSSL 7:481bce714567 21001
wolfSSL 7:481bce714567 21002 return NULL;
wolfSSL 7:481bce714567 21003 }
wolfSSL 7:481bce714567 21004
wolfSSL 7:481bce714567 21005
wolfSSL 7:481bce714567 21006 void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
wolfSSL 7:481bce714567 21007 {
wolfSSL 7:481bce714567 21008 (void)sk;
wolfSSL 7:481bce714567 21009 (void)i;
wolfSSL 7:481bce714567 21010 WOLFSSL_ENTER("wolfSSL_sk_X509_value");
wolfSSL 7:481bce714567 21011 WOLFSSL_STUB("wolfSSL_sk_X509_value");
wolfSSL 7:481bce714567 21012
wolfSSL 7:481bce714567 21013 return NULL;
wolfSSL 7:481bce714567 21014 }
wolfSSL 7:481bce714567 21015
wolfSSL 7:481bce714567 21016
wolfSSL 7:481bce714567 21017 int wolfSSL_version(WOLFSSL* ssl)
wolfSSL 7:481bce714567 21018 {
wolfSSL 7:481bce714567 21019 WOLFSSL_ENTER("wolfSSL_version");
wolfSSL 7:481bce714567 21020 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 7:481bce714567 21021 switch (ssl->version.minor) {
wolfSSL 7:481bce714567 21022 case SSLv3_MINOR :
wolfSSL 7:481bce714567 21023 return SSL3_VERSION;
wolfSSL 7:481bce714567 21024 case TLSv1_MINOR :
wolfSSL 7:481bce714567 21025 case TLSv1_1_MINOR :
wolfSSL 7:481bce714567 21026 case TLSv1_2_MINOR :
wolfSSL 7:481bce714567 21027 return TLS1_VERSION;
wolfSSL 7:481bce714567 21028 default:
wolfSSL 7:481bce714567 21029 return SSL_FAILURE;
wolfSSL 7:481bce714567 21030 }
wolfSSL 7:481bce714567 21031 }
wolfSSL 7:481bce714567 21032 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 21033 switch (ssl->version.minor) {
wolfSSL 7:481bce714567 21034 case DTLS_MINOR :
wolfSSL 7:481bce714567 21035 case DTLSv1_2_MINOR :
wolfSSL 7:481bce714567 21036 return DTLS1_VERSION;
wolfSSL 7:481bce714567 21037 default:
wolfSSL 7:481bce714567 21038 return SSL_FAILURE;
wolfSSL 7:481bce714567 21039 }
wolfSSL 7:481bce714567 21040 }
wolfSSL 7:481bce714567 21041 return SSL_FAILURE;
wolfSSL 7:481bce714567 21042 }
wolfSSL 7:481bce714567 21043
wolfSSL 7:481bce714567 21044
wolfSSL 7:481bce714567 21045 STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 21046 {
wolfSSL 7:481bce714567 21047 (void)ssl;
wolfSSL 7:481bce714567 21048 WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
wolfSSL 7:481bce714567 21049 WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");
wolfSSL 7:481bce714567 21050
wolfSSL 7:481bce714567 21051 return NULL;
wolfSSL 7:481bce714567 21052 }
wolfSSL 7:481bce714567 21053
wolfSSL 7:481bce714567 21054
wolfSSL 7:481bce714567 21055 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
wolfSSL 7:481bce714567 21056 {
wolfSSL 7:481bce714567 21057 WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
wolfSSL 7:481bce714567 21058 return ssl->ctx;
wolfSSL 7:481bce714567 21059 }
wolfSSL 7:481bce714567 21060
wolfSSL 7:481bce714567 21061 int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
wolfSSL 7:481bce714567 21062 {
wolfSSL 7:481bce714567 21063 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
wolfSSL 7:481bce714567 21064 if(!name)
wolfSSL 7:481bce714567 21065 return -1;
wolfSSL 7:481bce714567 21066 return name->sz;
wolfSSL 7:481bce714567 21067 }
wolfSSL 7:481bce714567 21068
wolfSSL 7:481bce714567 21069
wolfSSL 7:481bce714567 21070 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
wolfSSL 7:481bce714567 21071 {
wolfSSL 7:481bce714567 21072 WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
wolfSSL 7:481bce714567 21073 WOLFSSL_STUB("wolfSSL_SESSION_get_id");
wolfSSL 7:481bce714567 21074 if(!sess || !idLen) {
wolfSSL 7:481bce714567 21075 WOLFSSL_MSG("Bad func args. Please provide idLen");
wolfSSL 7:481bce714567 21076 return NULL;
wolfSSL 7:481bce714567 21077 }
wolfSSL 7:481bce714567 21078 *idLen = sess->sessionIDSz;
wolfSSL 7:481bce714567 21079 return sess->sessionID;
wolfSSL 7:481bce714567 21080 }
wolfSSL 7:481bce714567 21081
wolfSSL 7:481bce714567 21082 #ifdef HAVE_SNI
wolfSSL 7:481bce714567 21083 int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name)
wolfSSL 7:481bce714567 21084 {
wolfSSL 7:481bce714567 21085 int ret;
wolfSSL 7:481bce714567 21086 WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name");
wolfSSL 7:481bce714567 21087 ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
wolfSSL 7:481bce714567 21088 host_name, XSTRLEN(host_name));
wolfSSL 7:481bce714567 21089 WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret);
wolfSSL 7:481bce714567 21090 return ret;
wolfSSL 7:481bce714567 21091 }
wolfSSL 7:481bce714567 21092
wolfSSL 7:481bce714567 21093
wolfSSL 7:481bce714567 21094 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 21095 const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
wolfSSL 7:481bce714567 21096 {
wolfSSL 7:481bce714567 21097 void * serverName = NULL;
wolfSSL 7:481bce714567 21098 if (ssl == NULL)
wolfSSL 7:481bce714567 21099 return NULL;
wolfSSL 7:481bce714567 21100 TLSX_SNI_GetRequest(ssl->extensions, type, &serverName);
wolfSSL 7:481bce714567 21101 return (const char *)serverName;
wolfSSL 7:481bce714567 21102 }
wolfSSL 7:481bce714567 21103 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 21104 #endif /* HAVE_SNI */
wolfSSL 7:481bce714567 21105
wolfSSL 7:481bce714567 21106
wolfSSL 7:481bce714567 21107 WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 21108 {
wolfSSL 7:481bce714567 21109 if (ssl && ctx && SetSSL_CTX(ssl, ctx) == SSL_SUCCESS)
wolfSSL 7:481bce714567 21110 return ssl->ctx;
wolfSSL 7:481bce714567 21111 return NULL;
wolfSSL 7:481bce714567 21112 }
wolfSSL 7:481bce714567 21113
wolfSSL 7:481bce714567 21114
wolfSSL 7:481bce714567 21115 VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 21116 {
wolfSSL 7:481bce714567 21117 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_callback");
wolfSSL 7:481bce714567 21118 if(ctx)
wolfSSL 7:481bce714567 21119 return ctx->verifyCallback;
wolfSSL 7:481bce714567 21120 return NULL;
wolfSSL 7:481bce714567 21121 }
wolfSSL 7:481bce714567 21122
wolfSSL 7:481bce714567 21123
wolfSSL 7:481bce714567 21124 void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
wolfSSL 7:481bce714567 21125 {
wolfSSL 7:481bce714567 21126 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
wolfSSL 7:481bce714567 21127 if (ctx)
wolfSSL 7:481bce714567 21128 ctx->sniRecvCb = cb;
wolfSSL 7:481bce714567 21129 }
wolfSSL 7:481bce714567 21130
wolfSSL 7:481bce714567 21131
wolfSSL 7:481bce714567 21132 void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 7:481bce714567 21133 {
wolfSSL 7:481bce714567 21134 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg");
wolfSSL 7:481bce714567 21135 if (ctx)
wolfSSL 7:481bce714567 21136 ctx->sniRecvCbArg = arg;
wolfSSL 7:481bce714567 21137 }
wolfSSL 7:481bce714567 21138
wolfSSL 7:481bce714567 21139
wolfSSL 7:481bce714567 21140 long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 7:481bce714567 21141 {
wolfSSL 7:481bce714567 21142 WOLFSSL_ENTER("SSL_CTX_clear_options");
wolfSSL 7:481bce714567 21143 WOLFSSL_STUB("SSL_CTX_clear_options");
wolfSSL 7:481bce714567 21144 (void)ctx;
wolfSSL 7:481bce714567 21145 (void)opt;
wolfSSL 7:481bce714567 21146 return opt;
wolfSSL 7:481bce714567 21147 }
wolfSSL 7:481bce714567 21148
wolfSSL 7:481bce714567 21149 void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*))
wolfSSL 7:481bce714567 21150 {
wolfSSL 7:481bce714567 21151 WOLFSSL_ENTER("wolfSSL_THREADID_set_callback");
wolfSSL 7:481bce714567 21152 WOLFSSL_STUB("wolfSSL_THREADID_set_callback");
wolfSSL 7:481bce714567 21153 (void)threadid_func;
wolfSSL 7:481bce714567 21154 return;
wolfSSL 7:481bce714567 21155 }
wolfSSL 7:481bce714567 21156
wolfSSL 7:481bce714567 21157 void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
wolfSSL 7:481bce714567 21158 {
wolfSSL 7:481bce714567 21159 WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric");
wolfSSL 7:481bce714567 21160 WOLFSSL_STUB("wolfSSL_THREADID_set_numeric");
wolfSSL 7:481bce714567 21161 (void)id;
wolfSSL 7:481bce714567 21162 (void)val;
wolfSSL 7:481bce714567 21163 return;
wolfSSL 7:481bce714567 21164 }
wolfSSL 7:481bce714567 21165
wolfSSL 7:481bce714567 21166
wolfSSL 7:481bce714567 21167 STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 7:481bce714567 21168 WOLFSSL_X509_NAME* name)
wolfSSL 7:481bce714567 21169 {
wolfSSL 7:481bce714567 21170 WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
wolfSSL 7:481bce714567 21171 WOLFSSL_STUB("wolfSSL_X509_STORE_get1_certs");
wolfSSL 7:481bce714567 21172 (void)ctx;
wolfSSL 7:481bce714567 21173 (void)name;
wolfSSL 7:481bce714567 21174 return NULL;
wolfSSL 7:481bce714567 21175 }
wolfSSL 7:481bce714567 21176
wolfSSL 7:481bce714567 21177 void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){
wolfSSL 7:481bce714567 21178 (void) sk;
wolfSSL 7:481bce714567 21179 (void) f;
wolfSSL 7:481bce714567 21180 WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
wolfSSL 7:481bce714567 21181 WOLFSSL_STUB("wolfSSL_sk_X509_pop_free");
wolfSSL 7:481bce714567 21182 }
wolfSSL 7:481bce714567 21183
wolfSSL 7:481bce714567 21184 #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
wolfSSL 7:481bce714567 21185
wolfSSL 7:481bce714567 21186
wolfSSL 7:481bce714567 21187 #if (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \
wolfSSL 7:481bce714567 21188 || defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 7:481bce714567 21189 int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 21190 {
wolfSSL 7:481bce714567 21191 int mode = 0;
wolfSSL 7:481bce714567 21192 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_mode");
wolfSSL 7:481bce714567 21193
wolfSSL 7:481bce714567 21194 if(!ctx)
wolfSSL 7:481bce714567 21195 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 21196
wolfSSL 7:481bce714567 21197 if (ctx->verifyPeer)
wolfSSL 7:481bce714567 21198 mode |= SSL_VERIFY_PEER;
wolfSSL 7:481bce714567 21199 else if (ctx->verifyNone)
wolfSSL 7:481bce714567 21200 mode |= SSL_VERIFY_NONE;
wolfSSL 7:481bce714567 21201
wolfSSL 7:481bce714567 21202 if (ctx->failNoCert)
wolfSSL 7:481bce714567 21203 mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
wolfSSL 7:481bce714567 21204
wolfSSL 7:481bce714567 21205 if (ctx->failNoCertxPSK)
wolfSSL 7:481bce714567 21206 mode |= SSL_VERIFY_FAIL_EXCEPT_PSK;
wolfSSL 7:481bce714567 21207
wolfSSL 7:481bce714567 21208 WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
wolfSSL 7:481bce714567 21209 return mode;
wolfSSL 7:481bce714567 21210 }
wolfSSL 7:481bce714567 21211 #endif
wolfSSL 7:481bce714567 21212
wolfSSL 7:481bce714567 21213 #if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
wolfSSL 7:481bce714567 21214 /* return 1 if success, 0 if error
wolfSSL 7:481bce714567 21215 * output keys are little endian format
wolfSSL 7:481bce714567 21216 */
wolfSSL 7:481bce714567 21217 int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 7:481bce714567 21218 unsigned char *pub, unsigned int *pubSz)
wolfSSL 7:481bce714567 21219 {
wolfSSL 7:481bce714567 21220 #ifndef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 21221 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 21222 (void) priv;
wolfSSL 7:481bce714567 21223 (void) privSz;
wolfSSL 7:481bce714567 21224 (void) pub;
wolfSSL 7:481bce714567 21225 (void) pubSz;
wolfSSL 7:481bce714567 21226 return SSL_FAILURE;
wolfSSL 7:481bce714567 21227 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21228 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 21229 int initTmpRng = 0;
wolfSSL 7:481bce714567 21230 WC_RNG *rng = NULL;
wolfSSL 7:481bce714567 21231 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21232 WC_RNG *tmpRNG = NULL;
wolfSSL 7:481bce714567 21233 #else
wolfSSL 7:481bce714567 21234 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 21235 #endif
wolfSSL 7:481bce714567 21236
wolfSSL 7:481bce714567 21237 WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
wolfSSL 7:481bce714567 21238
wolfSSL 7:481bce714567 21239 if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
wolfSSL 7:481bce714567 21240 pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
wolfSSL 7:481bce714567 21241 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 21242 return SSL_FAILURE;
wolfSSL 7:481bce714567 21243 }
wolfSSL 7:481bce714567 21244
wolfSSL 7:481bce714567 21245 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21246 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 21247 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 21248 return SSL_FAILURE;
wolfSSL 7:481bce714567 21249 #endif
wolfSSL 7:481bce714567 21250 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 21251 rng = tmpRNG;
wolfSSL 7:481bce714567 21252 initTmpRng = 1;
wolfSSL 7:481bce714567 21253 }
wolfSSL 7:481bce714567 21254 else {
wolfSSL 7:481bce714567 21255 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 21256 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 21257 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 21258 else
wolfSSL 7:481bce714567 21259 rng = &globalRNG;
wolfSSL 7:481bce714567 21260 }
wolfSSL 7:481bce714567 21261
wolfSSL 7:481bce714567 21262 if (rng) {
wolfSSL 7:481bce714567 21263 curve25519_key key;
wolfSSL 7:481bce714567 21264
wolfSSL 7:481bce714567 21265 if (wc_curve25519_init(&key) != MP_OKAY)
wolfSSL 7:481bce714567 21266 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 7:481bce714567 21267 else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
wolfSSL 7:481bce714567 21268 WOLFSSL_MSG("wc_curve25519_make_key failed");
wolfSSL 7:481bce714567 21269 /* export key pair */
wolfSSL 7:481bce714567 21270 else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
wolfSSL 7:481bce714567 21271 pubSz, EC25519_LITTLE_ENDIAN)
wolfSSL 7:481bce714567 21272 != MP_OKAY)
wolfSSL 7:481bce714567 21273 WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
wolfSSL 7:481bce714567 21274 else
wolfSSL 7:481bce714567 21275 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 21276
wolfSSL 7:481bce714567 21277 wc_curve25519_free(&key);
wolfSSL 7:481bce714567 21278 }
wolfSSL 7:481bce714567 21279
wolfSSL 7:481bce714567 21280 if (initTmpRng)
wolfSSL 7:481bce714567 21281 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 21282
wolfSSL 7:481bce714567 21283 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21284 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 21285 #endif
wolfSSL 7:481bce714567 21286
wolfSSL 7:481bce714567 21287 return ret;
wolfSSL 7:481bce714567 21288 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21289 }
wolfSSL 7:481bce714567 21290
wolfSSL 7:481bce714567 21291 /* return 1 if success, 0 if error
wolfSSL 7:481bce714567 21292 * input and output keys are little endian format
wolfSSL 7:481bce714567 21293 */
wolfSSL 7:481bce714567 21294 int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
wolfSSL 7:481bce714567 21295 const unsigned char *priv, unsigned int privSz,
wolfSSL 7:481bce714567 21296 const unsigned char *pub, unsigned int pubSz)
wolfSSL 7:481bce714567 21297 {
wolfSSL 7:481bce714567 21298 #ifndef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 21299 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 21300 (void) shared;
wolfSSL 7:481bce714567 21301 (void) sharedSz;
wolfSSL 7:481bce714567 21302 (void) priv;
wolfSSL 7:481bce714567 21303 (void) privSz;
wolfSSL 7:481bce714567 21304 (void) pub;
wolfSSL 7:481bce714567 21305 (void) pubSz;
wolfSSL 7:481bce714567 21306 return SSL_FAILURE;
wolfSSL 7:481bce714567 21307 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21308 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 21309 curve25519_key privkey, pubkey;
wolfSSL 7:481bce714567 21310
wolfSSL 7:481bce714567 21311 WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
wolfSSL 7:481bce714567 21312
wolfSSL 7:481bce714567 21313 if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
wolfSSL 7:481bce714567 21314 priv == NULL || privSz < CURVE25519_KEYSIZE ||
wolfSSL 7:481bce714567 21315 pub == NULL || pubSz < CURVE25519_KEYSIZE) {
wolfSSL 7:481bce714567 21316 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 21317 return SSL_FAILURE;
wolfSSL 7:481bce714567 21318 }
wolfSSL 7:481bce714567 21319
wolfSSL 7:481bce714567 21320 /* import private key */
wolfSSL 7:481bce714567 21321 if (wc_curve25519_init(&privkey) != MP_OKAY) {
wolfSSL 7:481bce714567 21322 WOLFSSL_MSG("wc_curve25519_init privkey failed");
wolfSSL 7:481bce714567 21323 return ret;
wolfSSL 7:481bce714567 21324 }
wolfSSL 7:481bce714567 21325 if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
wolfSSL 7:481bce714567 21326 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 7:481bce714567 21327 WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
wolfSSL 7:481bce714567 21328 wc_curve25519_free(&privkey);
wolfSSL 7:481bce714567 21329 return ret;
wolfSSL 7:481bce714567 21330 }
wolfSSL 7:481bce714567 21331
wolfSSL 7:481bce714567 21332 /* import public key */
wolfSSL 7:481bce714567 21333 if (wc_curve25519_init(&pubkey) != MP_OKAY) {
wolfSSL 7:481bce714567 21334 WOLFSSL_MSG("wc_curve25519_init pubkey failed");
wolfSSL 7:481bce714567 21335 wc_curve25519_free(&privkey);
wolfSSL 7:481bce714567 21336 return ret;
wolfSSL 7:481bce714567 21337 }
wolfSSL 7:481bce714567 21338 if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
wolfSSL 7:481bce714567 21339 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 7:481bce714567 21340 WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
wolfSSL 7:481bce714567 21341 wc_curve25519_free(&privkey);
wolfSSL 7:481bce714567 21342 wc_curve25519_free(&pubkey);
wolfSSL 7:481bce714567 21343 return ret;
wolfSSL 7:481bce714567 21344 }
wolfSSL 7:481bce714567 21345
wolfSSL 7:481bce714567 21346 if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
wolfSSL 7:481bce714567 21347 shared, sharedSz,
wolfSSL 7:481bce714567 21348 EC25519_LITTLE_ENDIAN) != MP_OKAY)
wolfSSL 7:481bce714567 21349 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 7:481bce714567 21350 else
wolfSSL 7:481bce714567 21351 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 21352
wolfSSL 7:481bce714567 21353 wc_curve25519_free(&privkey);
wolfSSL 7:481bce714567 21354 wc_curve25519_free(&pubkey);
wolfSSL 7:481bce714567 21355
wolfSSL 7:481bce714567 21356 return ret;
wolfSSL 7:481bce714567 21357 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21358 }
wolfSSL 7:481bce714567 21359 #endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
wolfSSL 7:481bce714567 21360
wolfSSL 7:481bce714567 21361 #if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
wolfSSL 7:481bce714567 21362 /* return 1 if success, 0 if error
wolfSSL 7:481bce714567 21363 * output keys are little endian format
wolfSSL 7:481bce714567 21364 */
wolfSSL 7:481bce714567 21365 int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 7:481bce714567 21366 unsigned char *pub, unsigned int *pubSz)
wolfSSL 7:481bce714567 21367 {
wolfSSL 7:481bce714567 21368 #ifndef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 21369 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 21370 (void) priv;
wolfSSL 7:481bce714567 21371 (void) privSz;
wolfSSL 7:481bce714567 21372 (void) pub;
wolfSSL 7:481bce714567 21373 (void) pubSz;
wolfSSL 7:481bce714567 21374 return SSL_FAILURE;
wolfSSL 7:481bce714567 21375 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21376 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 21377 int initTmpRng = 0;
wolfSSL 7:481bce714567 21378 WC_RNG *rng = NULL;
wolfSSL 7:481bce714567 21379 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21380 WC_RNG *tmpRNG = NULL;
wolfSSL 7:481bce714567 21381 #else
wolfSSL 7:481bce714567 21382 WC_RNG tmpRNG[1];
wolfSSL 7:481bce714567 21383 #endif
wolfSSL 7:481bce714567 21384
wolfSSL 7:481bce714567 21385 WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
wolfSSL 7:481bce714567 21386
wolfSSL 7:481bce714567 21387 if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
wolfSSL 7:481bce714567 21388 pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
wolfSSL 7:481bce714567 21389 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 21390 return SSL_FAILURE;
wolfSSL 7:481bce714567 21391 }
wolfSSL 7:481bce714567 21392
wolfSSL 7:481bce714567 21393 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21394 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 21395 if (tmpRNG == NULL)
wolfSSL 7:481bce714567 21396 return SSL_FATAL_ERROR;
wolfSSL 7:481bce714567 21397 #endif
wolfSSL 7:481bce714567 21398 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 7:481bce714567 21399 rng = tmpRNG;
wolfSSL 7:481bce714567 21400 initTmpRng = 1;
wolfSSL 7:481bce714567 21401 }
wolfSSL 7:481bce714567 21402 else {
wolfSSL 7:481bce714567 21403 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 7:481bce714567 21404 if (initGlobalRNG == 0)
wolfSSL 7:481bce714567 21405 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 7:481bce714567 21406 else
wolfSSL 7:481bce714567 21407 rng = &globalRNG;
wolfSSL 7:481bce714567 21408 }
wolfSSL 7:481bce714567 21409
wolfSSL 7:481bce714567 21410 if (rng) {
wolfSSL 7:481bce714567 21411 ed25519_key key;
wolfSSL 7:481bce714567 21412
wolfSSL 7:481bce714567 21413 if (wc_ed25519_init(&key) != MP_OKAY)
wolfSSL 7:481bce714567 21414 WOLFSSL_MSG("wc_ed25519_init failed");
wolfSSL 7:481bce714567 21415 else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
wolfSSL 7:481bce714567 21416 WOLFSSL_MSG("wc_ed25519_make_key failed");
wolfSSL 7:481bce714567 21417 /* export private key */
wolfSSL 7:481bce714567 21418 else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
wolfSSL 7:481bce714567 21419 WOLFSSL_MSG("wc_ed25519_export_key failed");
wolfSSL 7:481bce714567 21420 else
wolfSSL 7:481bce714567 21421 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 21422
wolfSSL 7:481bce714567 21423 wc_ed25519_free(&key);
wolfSSL 7:481bce714567 21424 }
wolfSSL 7:481bce714567 21425
wolfSSL 7:481bce714567 21426 if (initTmpRng)
wolfSSL 7:481bce714567 21427 wc_FreeRng(tmpRNG);
wolfSSL 7:481bce714567 21428
wolfSSL 7:481bce714567 21429 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 21430 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 21431 #endif
wolfSSL 7:481bce714567 21432
wolfSSL 7:481bce714567 21433 return ret;
wolfSSL 7:481bce714567 21434 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21435 }
wolfSSL 7:481bce714567 21436
wolfSSL 7:481bce714567 21437 /* return 1 if success, 0 if error
wolfSSL 7:481bce714567 21438 * input and output keys are little endian format
wolfSSL 7:481bce714567 21439 * priv is a buffer containing private and public part of key
wolfSSL 7:481bce714567 21440 */
wolfSSL 7:481bce714567 21441 int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
wolfSSL 7:481bce714567 21442 const unsigned char *priv, unsigned int privSz,
wolfSSL 7:481bce714567 21443 unsigned char *sig, unsigned int *sigSz)
wolfSSL 7:481bce714567 21444 {
wolfSSL 7:481bce714567 21445 #ifndef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 21446 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 21447 (void) msg;
wolfSSL 7:481bce714567 21448 (void) msgSz;
wolfSSL 7:481bce714567 21449 (void) priv;
wolfSSL 7:481bce714567 21450 (void) privSz;
wolfSSL 7:481bce714567 21451 (void) sig;
wolfSSL 7:481bce714567 21452 (void) sigSz;
wolfSSL 7:481bce714567 21453 return SSL_FAILURE;
wolfSSL 7:481bce714567 21454 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21455 ed25519_key key;
wolfSSL 7:481bce714567 21456 int ret = SSL_FAILURE;
wolfSSL 7:481bce714567 21457
wolfSSL 7:481bce714567 21458 WOLFSSL_ENTER("wolfSSL_ED25519_sign");
wolfSSL 7:481bce714567 21459
wolfSSL 7:481bce714567 21460 if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
wolfSSL 7:481bce714567 21461 msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
wolfSSL 7:481bce714567 21462 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 21463 return SSL_FAILURE;
wolfSSL 7:481bce714567 21464 }
wolfSSL 7:481bce714567 21465
wolfSSL 7:481bce714567 21466 /* import key */
wolfSSL 7:481bce714567 21467 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 7:481bce714567 21468 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 7:481bce714567 21469 return ret;
wolfSSL 7:481bce714567 21470 }
wolfSSL 7:481bce714567 21471 if (wc_ed25519_import_private_key(priv, privSz/2,
wolfSSL 7:481bce714567 21472 priv+(privSz/2), ED25519_PUB_KEY_SIZE,
wolfSSL 7:481bce714567 21473 &key) != MP_OKAY){
wolfSSL 7:481bce714567 21474 WOLFSSL_MSG("wc_ed25519_import_private failed");
wolfSSL 7:481bce714567 21475 wc_ed25519_free(&key);
wolfSSL 7:481bce714567 21476 return ret;
wolfSSL 7:481bce714567 21477 }
wolfSSL 7:481bce714567 21478
wolfSSL 7:481bce714567 21479 if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
wolfSSL 7:481bce714567 21480 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 7:481bce714567 21481 else
wolfSSL 7:481bce714567 21482 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 21483
wolfSSL 7:481bce714567 21484 wc_ed25519_free(&key);
wolfSSL 7:481bce714567 21485
wolfSSL 7:481bce714567 21486 return ret;
wolfSSL 7:481bce714567 21487 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21488 }
wolfSSL 7:481bce714567 21489
wolfSSL 7:481bce714567 21490 /* return 1 if success, 0 if error
wolfSSL 7:481bce714567 21491 * input and output keys are little endian format
wolfSSL 7:481bce714567 21492 * pub is a buffer containing public part of key
wolfSSL 7:481bce714567 21493 */
wolfSSL 7:481bce714567 21494 int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
wolfSSL 7:481bce714567 21495 const unsigned char *pub, unsigned int pubSz,
wolfSSL 7:481bce714567 21496 const unsigned char *sig, unsigned int sigSz)
wolfSSL 7:481bce714567 21497 {
wolfSSL 7:481bce714567 21498 #ifndef WOLFSSL_KEY_GEN
wolfSSL 7:481bce714567 21499 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 7:481bce714567 21500 (void) msg;
wolfSSL 7:481bce714567 21501 (void) msgSz;
wolfSSL 7:481bce714567 21502 (void) pub;
wolfSSL 7:481bce714567 21503 (void) pubSz;
wolfSSL 7:481bce714567 21504 (void) sig;
wolfSSL 7:481bce714567 21505 (void) sigSz;
wolfSSL 7:481bce714567 21506 return SSL_FAILURE;
wolfSSL 7:481bce714567 21507 #else /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21508 ed25519_key key;
wolfSSL 7:481bce714567 21509 int ret = SSL_FAILURE, check = 0;
wolfSSL 7:481bce714567 21510
wolfSSL 7:481bce714567 21511 WOLFSSL_ENTER("wolfSSL_ED25519_verify");
wolfSSL 7:481bce714567 21512
wolfSSL 7:481bce714567 21513 if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
wolfSSL 7:481bce714567 21514 msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
wolfSSL 7:481bce714567 21515 WOLFSSL_MSG("Bad arguments");
wolfSSL 7:481bce714567 21516 return SSL_FAILURE;
wolfSSL 7:481bce714567 21517 }
wolfSSL 7:481bce714567 21518
wolfSSL 7:481bce714567 21519 /* import key */
wolfSSL 7:481bce714567 21520 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 7:481bce714567 21521 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 7:481bce714567 21522 return ret;
wolfSSL 7:481bce714567 21523 }
wolfSSL 7:481bce714567 21524 if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
wolfSSL 7:481bce714567 21525 WOLFSSL_MSG("wc_ed25519_import_public failed");
wolfSSL 7:481bce714567 21526 wc_ed25519_free(&key);
wolfSSL 7:481bce714567 21527 return ret;
wolfSSL 7:481bce714567 21528 }
wolfSSL 7:481bce714567 21529
wolfSSL 7:481bce714567 21530 if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
wolfSSL 7:481bce714567 21531 &check, &key)) != MP_OKAY) {
wolfSSL 7:481bce714567 21532 WOLFSSL_MSG("wc_ed25519_verify_msg failed");
wolfSSL 7:481bce714567 21533 }
wolfSSL 7:481bce714567 21534 else if (!check)
wolfSSL 7:481bce714567 21535 WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
wolfSSL 7:481bce714567 21536 else
wolfSSL 7:481bce714567 21537 ret = SSL_SUCCESS;
wolfSSL 7:481bce714567 21538
wolfSSL 7:481bce714567 21539 wc_ed25519_free(&key);
wolfSSL 7:481bce714567 21540
wolfSSL 7:481bce714567 21541 return ret;
wolfSSL 7:481bce714567 21542 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 7:481bce714567 21543 }
wolfSSL 7:481bce714567 21544
wolfSSL 7:481bce714567 21545 #endif /* OPENSSL_EXTRA && HAVE_ED25519 */
wolfSSL 7:481bce714567 21546
wolfSSL 7:481bce714567 21547 #ifdef WOLFSSL_JNI
wolfSSL 7:481bce714567 21548
wolfSSL 7:481bce714567 21549 int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr)
wolfSSL 7:481bce714567 21550 {
wolfSSL 7:481bce714567 21551 WOLFSSL_ENTER("wolfSSL_set_jobject");
wolfSSL 7:481bce714567 21552 if (ssl != NULL)
wolfSSL 7:481bce714567 21553 {
wolfSSL 7:481bce714567 21554 ssl->jObjectRef = objPtr;
wolfSSL 7:481bce714567 21555 return SSL_SUCCESS;
wolfSSL 7:481bce714567 21556 }
wolfSSL 7:481bce714567 21557 return SSL_FAILURE;
wolfSSL 7:481bce714567 21558 }
wolfSSL 7:481bce714567 21559
wolfSSL 7:481bce714567 21560 void* wolfSSL_get_jobject(WOLFSSL* ssl)
wolfSSL 7:481bce714567 21561 {
wolfSSL 7:481bce714567 21562 WOLFSSL_ENTER("wolfSSL_get_jobject");
wolfSSL 7:481bce714567 21563 if (ssl != NULL)
wolfSSL 7:481bce714567 21564 return ssl->jObjectRef;
wolfSSL 7:481bce714567 21565 return NULL;
wolfSSL 7:481bce714567 21566 }
wolfSSL 7:481bce714567 21567
wolfSSL 7:481bce714567 21568 #endif /* WOLFSSL_JNI */
wolfSSL 7:481bce714567 21569
wolfSSL 7:481bce714567 21570
wolfSSL 7:481bce714567 21571 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 21572 int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
wolfSSL 7:481bce714567 21573 WOLF_EVENT_FLAG flags, int* eventCount)
wolfSSL 7:481bce714567 21574 {
wolfSSL 7:481bce714567 21575 if (ctx == NULL) {
wolfSSL 7:481bce714567 21576 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 21577 }
wolfSSL 7:481bce714567 21578
wolfSSL 7:481bce714567 21579 return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
wolfSSL 7:481bce714567 21580 events, maxEvents, flags, eventCount);
wolfSSL 7:481bce714567 21581 }
wolfSSL 7:481bce714567 21582
wolfSSL 7:481bce714567 21583 int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
wolfSSL 7:481bce714567 21584 {
wolfSSL 7:481bce714567 21585 int ret, eventCount = 0;
wolfSSL 7:481bce714567 21586 WOLF_EVENT* events[1];
wolfSSL 7:481bce714567 21587
wolfSSL 7:481bce714567 21588 if (ssl == NULL) {
wolfSSL 7:481bce714567 21589 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 21590 }
wolfSSL 7:481bce714567 21591
wolfSSL 7:481bce714567 21592 /* not filtering on "ssl", since its the asyncDev */
wolfSSL 7:481bce714567 21593 ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, NULL,
wolfSSL 7:481bce714567 21594 events, sizeof(events)/sizeof(events), flags, &eventCount);
wolfSSL 7:481bce714567 21595 if (ret == 0 && eventCount > 0) {
wolfSSL 7:481bce714567 21596 ret = 1; /* Success */
wolfSSL 7:481bce714567 21597 }
wolfSSL 7:481bce714567 21598
wolfSSL 7:481bce714567 21599 return ret;
wolfSSL 7:481bce714567 21600 }
wolfSSL 7:481bce714567 21601 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 21602
wolfSSL 7:481bce714567 21603
wolfSSL 7:481bce714567 21604 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 21605 int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
wolfSSL 7:481bce714567 21606 {
wolfSSL 7:481bce714567 21607 WOLFSSL_STUB("SSL_CTX_set_msg_callback");
wolfSSL 7:481bce714567 21608 (void)ctx;
wolfSSL 7:481bce714567 21609 (void)cb;
wolfSSL 7:481bce714567 21610 return SSL_FAILURE;
wolfSSL 7:481bce714567 21611 }
wolfSSL 7:481bce714567 21612 int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
wolfSSL 7:481bce714567 21613 {
wolfSSL 7:481bce714567 21614 WOLFSSL_STUB("SSL_set_msg_callback");
wolfSSL 7:481bce714567 21615 (void)ssl;
wolfSSL 7:481bce714567 21616 (void)cb;
wolfSSL 7:481bce714567 21617 return SSL_FAILURE;
wolfSSL 7:481bce714567 21618 }
wolfSSL 7:481bce714567 21619 int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
wolfSSL 7:481bce714567 21620 {
wolfSSL 7:481bce714567 21621 WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg");
wolfSSL 7:481bce714567 21622 (void)ctx;
wolfSSL 7:481bce714567 21623 (void)arg;
wolfSSL 7:481bce714567 21624 return SSL_FAILURE;
wolfSSL 7:481bce714567 21625 }
wolfSSL 7:481bce714567 21626 int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
wolfSSL 7:481bce714567 21627 {
wolfSSL 7:481bce714567 21628 WOLFSSL_STUB("SSL_set_msg_callback_arg");
wolfSSL 7:481bce714567 21629 (void)ssl;
wolfSSL 7:481bce714567 21630 (void)arg;
wolfSSL 7:481bce714567 21631 return SSL_FAILURE;
wolfSSL 7:481bce714567 21632 }
wolfSSL 7:481bce714567 21633 #endif
wolfSSL 7:481bce714567 21634
wolfSSL 7:481bce714567 21635 #endif /* WOLFCRYPT_ONLY */
wolfSSL 7:481bce714567 21636