Xuyi Wang / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   OS

src/ssl.c@0:d92f9d21154c, 2015-06-26 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 26 00:39:20 2015 +0000
Revision:
0:d92f9d21154c
wolfSSL 3.6.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:d92f9d21154c 1 /* ssl.c
wolfSSL 0:d92f9d21154c 2 *
wolfSSL 0:d92f9d21154c 3 * Copyright (C) 2006-2015 wolfSSL Inc.
wolfSSL 0:d92f9d21154c 4 *
wolfSSL 0:d92f9d21154c 5 * This file is part of wolfSSL. (formerly known as CyaSSL)
wolfSSL 0:d92f9d21154c 6 *
wolfSSL 0:d92f9d21154c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 0:d92f9d21154c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:d92f9d21154c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:d92f9d21154c 10 * (at your option) any later version.
wolfSSL 0:d92f9d21154c 11 *
wolfSSL 0:d92f9d21154c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 0:d92f9d21154c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:d92f9d21154c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:d92f9d21154c 15 * GNU General Public License for more details.
wolfSSL 0:d92f9d21154c 16 *
wolfSSL 0:d92f9d21154c 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:d92f9d21154c 18 * along with this program; if not, write to the Free Software
wolfSSL 0:d92f9d21154c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:d92f9d21154c 20 */
wolfSSL 0:d92f9d21154c 21
wolfSSL 0:d92f9d21154c 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:d92f9d21154c 23 #include <config.h>
wolfSSL 0:d92f9d21154c 24 #endif
wolfSSL 0:d92f9d21154c 25
wolfSSL 0:d92f9d21154c 26 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 0:d92f9d21154c 27
wolfSSL 0:d92f9d21154c 28 #ifdef HAVE_ERRNO_H
wolfSSL 0:d92f9d21154c 29 #include <errno.h>
wolfSSL 0:d92f9d21154c 30 #endif
wolfSSL 0:d92f9d21154c 31
wolfSSL 0:d92f9d21154c 32 #include <wolfssl/internal.h>
wolfSSL 0:d92f9d21154c 33 #include <wolfssl/error-ssl.h>
wolfSSL 0:d92f9d21154c 34 #include <wolfssl/wolfcrypt/coding.h>
wolfSSL 0:d92f9d21154c 35
wolfSSL 0:d92f9d21154c 36 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 37 #include <wolfssl/openssl/evp.h>
wolfSSL 0:d92f9d21154c 38 #endif
wolfSSL 0:d92f9d21154c 39
wolfSSL 0:d92f9d21154c 40 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 41 /* openssl headers begin */
wolfSSL 0:d92f9d21154c 42 #include <wolfssl/openssl/hmac.h>
wolfSSL 0:d92f9d21154c 43 #include <wolfssl/openssl/crypto.h>
wolfSSL 0:d92f9d21154c 44 #include <wolfssl/openssl/des.h>
wolfSSL 0:d92f9d21154c 45 #include <wolfssl/openssl/bn.h>
wolfSSL 0:d92f9d21154c 46 #include <wolfssl/openssl/dh.h>
wolfSSL 0:d92f9d21154c 47 #include <wolfssl/openssl/rsa.h>
wolfSSL 0:d92f9d21154c 48 #include <wolfssl/openssl/pem.h>
wolfSSL 0:d92f9d21154c 49 /* openssl headers end, wolfssl internal headers next */
wolfSSL 0:d92f9d21154c 50 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 0:d92f9d21154c 51 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 0:d92f9d21154c 52 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 0:d92f9d21154c 53 #include <wolfssl/wolfcrypt/md4.h>
wolfSSL 0:d92f9d21154c 54 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 0:d92f9d21154c 55 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 0:d92f9d21154c 56 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 57 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 0:d92f9d21154c 58 #endif
wolfSSL 0:d92f9d21154c 59 #endif
wolfSSL 0:d92f9d21154c 60
wolfSSL 0:d92f9d21154c 61 #ifndef NO_FILESYSTEM
wolfSSL 0:d92f9d21154c 62 #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) \
wolfSSL 0:d92f9d21154c 63 && !defined(EBSNET)
wolfSSL 0:d92f9d21154c 64 #include <dirent.h>
wolfSSL 0:d92f9d21154c 65 #include <sys/stat.h>
wolfSSL 0:d92f9d21154c 66 #endif
wolfSSL 0:d92f9d21154c 67 #ifdef EBSNET
wolfSSL 0:d92f9d21154c 68 #include "vfapi.h"
wolfSSL 0:d92f9d21154c 69 #include "vfile.h"
wolfSSL 0:d92f9d21154c 70 #endif
wolfSSL 0:d92f9d21154c 71 #endif /* NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 72
wolfSSL 0:d92f9d21154c 73 #ifndef TRUE
wolfSSL 0:d92f9d21154c 74 #define TRUE 1
wolfSSL 0:d92f9d21154c 75 #endif
wolfSSL 0:d92f9d21154c 76 #ifndef FALSE
wolfSSL 0:d92f9d21154c 77 #define FALSE 0
wolfSSL 0:d92f9d21154c 78 #endif
wolfSSL 0:d92f9d21154c 79
wolfSSL 0:d92f9d21154c 80 #ifndef WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 81 #define WOLFSSL_HAVE_MIN
wolfSSL 0:d92f9d21154c 82
wolfSSL 0:d92f9d21154c 83 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:d92f9d21154c 84 {
wolfSSL 0:d92f9d21154c 85 return a > b ? b : a;
wolfSSL 0:d92f9d21154c 86 }
wolfSSL 0:d92f9d21154c 87
wolfSSL 0:d92f9d21154c 88 #endif /* WOLFSSSL_HAVE_MIN */
wolfSSL 0:d92f9d21154c 89
wolfSSL 0:d92f9d21154c 90 #ifndef WOLFSSL_HAVE_MAX
wolfSSL 0:d92f9d21154c 91 #define WOLFSSL_HAVE_MAX
wolfSSL 0:d92f9d21154c 92
wolfSSL 0:d92f9d21154c 93 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 94 static INLINE word32 max(word32 a, word32 b)
wolfSSL 0:d92f9d21154c 95 {
wolfSSL 0:d92f9d21154c 96 return a > b ? a : b;
wolfSSL 0:d92f9d21154c 97 }
wolfSSL 0:d92f9d21154c 98 #endif /* WOLFSSL_DTLS */
wolfSSL 0:d92f9d21154c 99
wolfSSL 0:d92f9d21154c 100 #endif /* WOLFSSL_HAVE_MAX */
wolfSSL 0:d92f9d21154c 101
wolfSSL 0:d92f9d21154c 102
wolfSSL 0:d92f9d21154c 103 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 104 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL 0:d92f9d21154c 105 {
wolfSSL 0:d92f9d21154c 106 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL 0:d92f9d21154c 107
wolfSSL 0:d92f9d21154c 108 if (s2_len == 0)
wolfSSL 0:d92f9d21154c 109 return (char*)s1;
wolfSSL 0:d92f9d21154c 110
wolfSSL 0:d92f9d21154c 111 while (n >= s2_len && s1[0]) {
wolfSSL 0:d92f9d21154c 112 if (s1[0] == s2[0])
wolfSSL 0:d92f9d21154c 113 if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL 0:d92f9d21154c 114 return (char*)s1;
wolfSSL 0:d92f9d21154c 115 s1++;
wolfSSL 0:d92f9d21154c 116 n--;
wolfSSL 0:d92f9d21154c 117 }
wolfSSL 0:d92f9d21154c 118
wolfSSL 0:d92f9d21154c 119 return NULL;
wolfSSL 0:d92f9d21154c 120 }
wolfSSL 0:d92f9d21154c 121 #endif
wolfSSL 0:d92f9d21154c 122
wolfSSL 0:d92f9d21154c 123
wolfSSL 0:d92f9d21154c 124 /* prevent multiple mutex initializations */
wolfSSL 0:d92f9d21154c 125 static volatile int initRefCount = 0;
wolfSSL 0:d92f9d21154c 126 static wolfSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 0:d92f9d21154c 127
wolfSSL 0:d92f9d21154c 128
wolfSSL 0:d92f9d21154c 129 WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
wolfSSL 0:d92f9d21154c 130 {
wolfSSL 0:d92f9d21154c 131 WOLFSSL_CTX* ctx = NULL;
wolfSSL 0:d92f9d21154c 132
wolfSSL 0:d92f9d21154c 133 WOLFSSL_ENTER("WOLFSSL_CTX_new");
wolfSSL 0:d92f9d21154c 134
wolfSSL 0:d92f9d21154c 135 if (initRefCount == 0)
wolfSSL 0:d92f9d21154c 136 wolfSSL_Init(); /* user no longer forced to call Init themselves */
wolfSSL 0:d92f9d21154c 137
wolfSSL 0:d92f9d21154c 138 if (method == NULL)
wolfSSL 0:d92f9d21154c 139 return ctx;
wolfSSL 0:d92f9d21154c 140
wolfSSL 0:d92f9d21154c 141 ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), 0, DYNAMIC_TYPE_CTX);
wolfSSL 0:d92f9d21154c 142 if (ctx) {
wolfSSL 0:d92f9d21154c 143 if (InitSSL_Ctx(ctx, method) < 0) {
wolfSSL 0:d92f9d21154c 144 WOLFSSL_MSG("Init CTX failed");
wolfSSL 0:d92f9d21154c 145 wolfSSL_CTX_free(ctx);
wolfSSL 0:d92f9d21154c 146 ctx = NULL;
wolfSSL 0:d92f9d21154c 147 }
wolfSSL 0:d92f9d21154c 148 }
wolfSSL 0:d92f9d21154c 149 else {
wolfSSL 0:d92f9d21154c 150 WOLFSSL_MSG("Alloc CTX failed, method freed");
wolfSSL 0:d92f9d21154c 151 XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 152 }
wolfSSL 0:d92f9d21154c 153
wolfSSL 0:d92f9d21154c 154 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 0:d92f9d21154c 155 return ctx;
wolfSSL 0:d92f9d21154c 156 }
wolfSSL 0:d92f9d21154c 157
wolfSSL 0:d92f9d21154c 158
wolfSSL 0:d92f9d21154c 159 void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 160 {
wolfSSL 0:d92f9d21154c 161 WOLFSSL_ENTER("SSL_CTX_free");
wolfSSL 0:d92f9d21154c 162 if (ctx)
wolfSSL 0:d92f9d21154c 163 FreeSSL_Ctx(ctx);
wolfSSL 0:d92f9d21154c 164 WOLFSSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 0:d92f9d21154c 165 }
wolfSSL 0:d92f9d21154c 166
wolfSSL 0:d92f9d21154c 167
wolfSSL 0:d92f9d21154c 168 WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 169 {
wolfSSL 0:d92f9d21154c 170 WOLFSSL* ssl = NULL;
wolfSSL 0:d92f9d21154c 171 int ret = 0;
wolfSSL 0:d92f9d21154c 172
wolfSSL 0:d92f9d21154c 173 (void)ret;
wolfSSL 0:d92f9d21154c 174 WOLFSSL_ENTER("SSL_new");
wolfSSL 0:d92f9d21154c 175
wolfSSL 0:d92f9d21154c 176 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 177 return ssl;
wolfSSL 0:d92f9d21154c 178
wolfSSL 0:d92f9d21154c 179 ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap,DYNAMIC_TYPE_SSL);
wolfSSL 0:d92f9d21154c 180 if (ssl)
wolfSSL 0:d92f9d21154c 181 if ( (ret = InitSSL(ssl, ctx)) < 0) {
wolfSSL 0:d92f9d21154c 182 FreeSSL(ssl);
wolfSSL 0:d92f9d21154c 183 ssl = 0;
wolfSSL 0:d92f9d21154c 184 }
wolfSSL 0:d92f9d21154c 185
wolfSSL 0:d92f9d21154c 186 WOLFSSL_LEAVE("SSL_new", ret);
wolfSSL 0:d92f9d21154c 187 return ssl;
wolfSSL 0:d92f9d21154c 188 }
wolfSSL 0:d92f9d21154c 189
wolfSSL 0:d92f9d21154c 190
wolfSSL 0:d92f9d21154c 191 void wolfSSL_free(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 192 {
wolfSSL 0:d92f9d21154c 193 WOLFSSL_ENTER("SSL_free");
wolfSSL 0:d92f9d21154c 194 if (ssl)
wolfSSL 0:d92f9d21154c 195 FreeSSL(ssl);
wolfSSL 0:d92f9d21154c 196 WOLFSSL_LEAVE("SSL_free", 0);
wolfSSL 0:d92f9d21154c 197 }
wolfSSL 0:d92f9d21154c 198
wolfSSL 0:d92f9d21154c 199 #ifdef HAVE_POLY1305
wolfSSL 0:d92f9d21154c 200 /* set if to use old poly 1 for yes 0 to use new poly */
wolfSSL 0:d92f9d21154c 201 int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)
wolfSSL 0:d92f9d21154c 202 {
wolfSSL 0:d92f9d21154c 203 WOLFSSL_ENTER("SSL_use_old_poly");
wolfSSL 0:d92f9d21154c 204 ssl->options.oldPoly = value;
wolfSSL 0:d92f9d21154c 205 WOLFSSL_LEAVE("SSL_use_old_poly", 0);
wolfSSL 0:d92f9d21154c 206 return 0;
wolfSSL 0:d92f9d21154c 207 }
wolfSSL 0:d92f9d21154c 208 #endif
wolfSSL 0:d92f9d21154c 209
wolfSSL 0:d92f9d21154c 210 int wolfSSL_set_fd(WOLFSSL* ssl, int fd)
wolfSSL 0:d92f9d21154c 211 {
wolfSSL 0:d92f9d21154c 212 WOLFSSL_ENTER("SSL_set_fd");
wolfSSL 0:d92f9d21154c 213 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 0:d92f9d21154c 214 ssl->wfd = fd;
wolfSSL 0:d92f9d21154c 215
wolfSSL 0:d92f9d21154c 216 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:d92f9d21154c 217 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:d92f9d21154c 218
wolfSSL 0:d92f9d21154c 219 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 220 if (ssl->options.dtls) {
wolfSSL 0:d92f9d21154c 221 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:d92f9d21154c 222 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:d92f9d21154c 223 ssl->buffers.dtlsCtx.fd = fd;
wolfSSL 0:d92f9d21154c 224 }
wolfSSL 0:d92f9d21154c 225 #endif
wolfSSL 0:d92f9d21154c 226
wolfSSL 0:d92f9d21154c 227 WOLFSSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
wolfSSL 0:d92f9d21154c 228 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 229 }
wolfSSL 0:d92f9d21154c 230
wolfSSL 0:d92f9d21154c 231
wolfSSL 0:d92f9d21154c 232 /**
wolfSSL 0:d92f9d21154c 233 * Get the name of cipher at priotity level passed in.
wolfSSL 0:d92f9d21154c 234 */
wolfSSL 0:d92f9d21154c 235 char* wolfSSL_get_cipher_list(int priority)
wolfSSL 0:d92f9d21154c 236 {
wolfSSL 0:d92f9d21154c 237 const char* const* ciphers = GetCipherNames();
wolfSSL 0:d92f9d21154c 238
wolfSSL 0:d92f9d21154c 239 if (priority >= GetCipherNamesSize() || priority < 0) {
wolfSSL 0:d92f9d21154c 240 return 0;
wolfSSL 0:d92f9d21154c 241 }
wolfSSL 0:d92f9d21154c 242
wolfSSL 0:d92f9d21154c 243 return (char*)ciphers[priority];
wolfSSL 0:d92f9d21154c 244 }
wolfSSL 0:d92f9d21154c 245
wolfSSL 0:d92f9d21154c 246
wolfSSL 0:d92f9d21154c 247 int wolfSSL_get_ciphers(char* buf, int len)
wolfSSL 0:d92f9d21154c 248 {
wolfSSL 0:d92f9d21154c 249 const char* const* ciphers = GetCipherNames();
wolfSSL 0:d92f9d21154c 250 int totalInc = 0;
wolfSSL 0:d92f9d21154c 251 int step = 0;
wolfSSL 0:d92f9d21154c 252 char delim = ':';
wolfSSL 0:d92f9d21154c 253 int size = GetCipherNamesSize();
wolfSSL 0:d92f9d21154c 254 int i;
wolfSSL 0:d92f9d21154c 255
wolfSSL 0:d92f9d21154c 256 if (buf == NULL || len <= 0)
wolfSSL 0:d92f9d21154c 257 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 258
wolfSSL 0:d92f9d21154c 259 /* Add each member to the buffer delimitted by a : */
wolfSSL 0:d92f9d21154c 260 for (i = 0; i < size; i++) {
wolfSSL 0:d92f9d21154c 261 step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */
wolfSSL 0:d92f9d21154c 262 totalInc += step;
wolfSSL 0:d92f9d21154c 263
wolfSSL 0:d92f9d21154c 264 /* Check to make sure buf is large enough and will not overflow */
wolfSSL 0:d92f9d21154c 265 if (totalInc < len) {
wolfSSL 0:d92f9d21154c 266 XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i]));
wolfSSL 0:d92f9d21154c 267 buf += XSTRLEN(ciphers[i]);
wolfSSL 0:d92f9d21154c 268
wolfSSL 0:d92f9d21154c 269 if (i < size - 1)
wolfSSL 0:d92f9d21154c 270 *buf++ = delim;
wolfSSL 0:d92f9d21154c 271 }
wolfSSL 0:d92f9d21154c 272 else
wolfSSL 0:d92f9d21154c 273 return BUFFER_E;
wolfSSL 0:d92f9d21154c 274 }
wolfSSL 0:d92f9d21154c 275 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 276 }
wolfSSL 0:d92f9d21154c 277
wolfSSL 0:d92f9d21154c 278
wolfSSL 0:d92f9d21154c 279 int wolfSSL_get_fd(const WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 280 {
wolfSSL 0:d92f9d21154c 281 WOLFSSL_ENTER("SSL_get_fd");
wolfSSL 0:d92f9d21154c 282 WOLFSSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL 0:d92f9d21154c 283 return ssl->rfd;
wolfSSL 0:d92f9d21154c 284 }
wolfSSL 0:d92f9d21154c 285
wolfSSL 0:d92f9d21154c 286
wolfSSL 0:d92f9d21154c 287 int wolfSSL_get_using_nonblock(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 288 {
wolfSSL 0:d92f9d21154c 289 WOLFSSL_ENTER("wolfSSL_get_using_nonblock");
wolfSSL 0:d92f9d21154c 290 WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL 0:d92f9d21154c 291 return ssl->options.usingNonblock;
wolfSSL 0:d92f9d21154c 292 }
wolfSSL 0:d92f9d21154c 293
wolfSSL 0:d92f9d21154c 294
wolfSSL 0:d92f9d21154c 295 int wolfSSL_dtls(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 296 {
wolfSSL 0:d92f9d21154c 297 return ssl->options.dtls;
wolfSSL 0:d92f9d21154c 298 }
wolfSSL 0:d92f9d21154c 299
wolfSSL 0:d92f9d21154c 300
wolfSSL 0:d92f9d21154c 301 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 302 void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock)
wolfSSL 0:d92f9d21154c 303 {
wolfSSL 0:d92f9d21154c 304 WOLFSSL_ENTER("wolfSSL_set_using_nonblock");
wolfSSL 0:d92f9d21154c 305 ssl->options.usingNonblock = (nonblock != 0);
wolfSSL 0:d92f9d21154c 306 }
wolfSSL 0:d92f9d21154c 307
wolfSSL 0:d92f9d21154c 308
wolfSSL 0:d92f9d21154c 309 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 0:d92f9d21154c 310 {
wolfSSL 0:d92f9d21154c 311 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 312 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 0:d92f9d21154c 313 if (sa != NULL) {
wolfSSL 0:d92f9d21154c 314 if (ssl->buffers.dtlsCtx.peer.sa != NULL)
wolfSSL 0:d92f9d21154c 315 XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
wolfSSL 0:d92f9d21154c 316 XMEMCPY(sa, peer, peerSz);
wolfSSL 0:d92f9d21154c 317 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 0:d92f9d21154c 318 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 0:d92f9d21154c 319 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 320 }
wolfSSL 0:d92f9d21154c 321 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 322 #else
wolfSSL 0:d92f9d21154c 323 (void)ssl;
wolfSSL 0:d92f9d21154c 324 (void)peer;
wolfSSL 0:d92f9d21154c 325 (void)peerSz;
wolfSSL 0:d92f9d21154c 326 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:d92f9d21154c 327 #endif
wolfSSL 0:d92f9d21154c 328 }
wolfSSL 0:d92f9d21154c 329
wolfSSL 0:d92f9d21154c 330 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 0:d92f9d21154c 331 {
wolfSSL 0:d92f9d21154c 332 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 333 if (peer != NULL && peerSz != NULL
wolfSSL 0:d92f9d21154c 334 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
wolfSSL 0:d92f9d21154c 335 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 0:d92f9d21154c 336 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 0:d92f9d21154c 337 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 338 }
wolfSSL 0:d92f9d21154c 339 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 340 #else
wolfSSL 0:d92f9d21154c 341 (void)ssl;
wolfSSL 0:d92f9d21154c 342 (void)peer;
wolfSSL 0:d92f9d21154c 343 (void)peerSz;
wolfSSL 0:d92f9d21154c 344 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:d92f9d21154c 345 #endif
wolfSSL 0:d92f9d21154c 346 }
wolfSSL 0:d92f9d21154c 347 #endif /* WOLFSSL_LEANPSK */
wolfSSL 0:d92f9d21154c 348
wolfSSL 0:d92f9d21154c 349
wolfSSL 0:d92f9d21154c 350 /* return underlyig connect or accept, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 351 int wolfSSL_negotiate(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 352 {
wolfSSL 0:d92f9d21154c 353 int err = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 354
wolfSSL 0:d92f9d21154c 355 WOLFSSL_ENTER("wolfSSL_negotiate");
wolfSSL 0:d92f9d21154c 356 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 357 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 0:d92f9d21154c 358 err = wolfSSL_accept(ssl);
wolfSSL 0:d92f9d21154c 359 #endif
wolfSSL 0:d92f9d21154c 360
wolfSSL 0:d92f9d21154c 361 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 362 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 0:d92f9d21154c 363 err = wolfSSL_connect(ssl);
wolfSSL 0:d92f9d21154c 364 #endif
wolfSSL 0:d92f9d21154c 365
wolfSSL 0:d92f9d21154c 366 WOLFSSL_LEAVE("wolfSSL_negotiate", err);
wolfSSL 0:d92f9d21154c 367
wolfSSL 0:d92f9d21154c 368 return err;
wolfSSL 0:d92f9d21154c 369 }
wolfSSL 0:d92f9d21154c 370
wolfSSL 0:d92f9d21154c 371
wolfSSL 0:d92f9d21154c 372 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 373 /* object size based on build */
wolfSSL 0:d92f9d21154c 374 int wolfSSL_GetObjectSize(void)
wolfSSL 0:d92f9d21154c 375 {
wolfSSL 0:d92f9d21154c 376 #ifdef SHOW_SIZES
wolfSSL 0:d92f9d21154c 377 printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL 0:d92f9d21154c 378 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL 0:d92f9d21154c 379 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 380 printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL 0:d92f9d21154c 381 #endif
wolfSSL 0:d92f9d21154c 382 printf(" sizeof aes = %lu\n", sizeof(Aes));
wolfSSL 0:d92f9d21154c 383 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 384 printf(" sizeof des3 = %lu\n", sizeof(Des3));
wolfSSL 0:d92f9d21154c 385 #endif
wolfSSL 0:d92f9d21154c 386 #ifndef NO_RABBIT
wolfSSL 0:d92f9d21154c 387 printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL 0:d92f9d21154c 388 #endif
wolfSSL 0:d92f9d21154c 389 #ifdef HAVE_CHACHA
wolfSSL 0:d92f9d21154c 390 printf(" sizeof chacha = %lu\n", sizeof(Chacha));
wolfSSL 0:d92f9d21154c 391 #endif
wolfSSL 0:d92f9d21154c 392 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL 0:d92f9d21154c 393 printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL 0:d92f9d21154c 394 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL 0:d92f9d21154c 395 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 396 printf(" sizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL 0:d92f9d21154c 397 #endif
wolfSSL 0:d92f9d21154c 398 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 399 printf(" sizeof SHA = %lu\n", sizeof(Sha));
wolfSSL 0:d92f9d21154c 400 #endif
wolfSSL 0:d92f9d21154c 401 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 402 printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL 0:d92f9d21154c 403 #endif
wolfSSL 0:d92f9d21154c 404 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 405 printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL 0:d92f9d21154c 406 #endif
wolfSSL 0:d92f9d21154c 407 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 408 printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL 0:d92f9d21154c 409 #endif
wolfSSL 0:d92f9d21154c 410 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL 0:d92f9d21154c 411 printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL 0:d92f9d21154c 412 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL 0:d92f9d21154c 413 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 414 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL 0:d92f9d21154c 415 #endif
wolfSSL 0:d92f9d21154c 416 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 417 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL 0:d92f9d21154c 418 #endif
wolfSSL 0:d92f9d21154c 419 printf("sizeof WOLFSSL_CIPHER = %lu\n", sizeof(WOLFSSL_CIPHER));
wolfSSL 0:d92f9d21154c 420 printf("sizeof WOLFSSL_SESSION = %lu\n", sizeof(WOLFSSL_SESSION));
wolfSSL 0:d92f9d21154c 421 printf("sizeof WOLFSSL = %lu\n", sizeof(WOLFSSL));
wolfSSL 0:d92f9d21154c 422 printf("sizeof WOLFSSL_CTX = %lu\n", sizeof(WOLFSSL_CTX));
wolfSSL 0:d92f9d21154c 423 #endif
wolfSSL 0:d92f9d21154c 424
wolfSSL 0:d92f9d21154c 425 return sizeof(WOLFSSL);
wolfSSL 0:d92f9d21154c 426 }
wolfSSL 0:d92f9d21154c 427 #endif
wolfSSL 0:d92f9d21154c 428
wolfSSL 0:d92f9d21154c 429
wolfSSL 0:d92f9d21154c 430 #ifndef NO_DH
wolfSSL 0:d92f9d21154c 431 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 432 int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
wolfSSL 0:d92f9d21154c 433 const unsigned char* g, int gSz)
wolfSSL 0:d92f9d21154c 434 {
wolfSSL 0:d92f9d21154c 435 byte havePSK = 0;
wolfSSL 0:d92f9d21154c 436 byte haveRSA = 1;
wolfSSL 0:d92f9d21154c 437
wolfSSL 0:d92f9d21154c 438 WOLFSSL_ENTER("wolfSSL_SetTmpDH");
wolfSSL 0:d92f9d21154c 439 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 440
wolfSSL 0:d92f9d21154c 441 if (pSz < ssl->options.minDhKeySz)
wolfSSL 0:d92f9d21154c 442 return DH_KEY_SIZE_E;
wolfSSL 0:d92f9d21154c 443
wolfSSL 0:d92f9d21154c 444 if (ssl->options.side != WOLFSSL_SERVER_END)
wolfSSL 0:d92f9d21154c 445 return SIDE_ERROR;
wolfSSL 0:d92f9d21154c 446
wolfSSL 0:d92f9d21154c 447 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:d92f9d21154c 448 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 449 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:d92f9d21154c 450 XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 451
wolfSSL 0:d92f9d21154c 452 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 0:d92f9d21154c 453 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
wolfSSL 0:d92f9d21154c 454 DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 455 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 0:d92f9d21154c 456 return MEMORY_E;
wolfSSL 0:d92f9d21154c 457
wolfSSL 0:d92f9d21154c 458 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
wolfSSL 0:d92f9d21154c 459 DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 460 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 0:d92f9d21154c 461 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 462 return MEMORY_E;
wolfSSL 0:d92f9d21154c 463 }
wolfSSL 0:d92f9d21154c 464
wolfSSL 0:d92f9d21154c 465 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 0:d92f9d21154c 466 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 0:d92f9d21154c 467
wolfSSL 0:d92f9d21154c 468 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 0:d92f9d21154c 469 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 0:d92f9d21154c 470
wolfSSL 0:d92f9d21154c 471 ssl->options.haveDH = 1;
wolfSSL 0:d92f9d21154c 472 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 473 havePSK = ssl->options.havePSK;
wolfSSL 0:d92f9d21154c 474 #endif
wolfSSL 0:d92f9d21154c 475 #ifdef NO_RSA
wolfSSL 0:d92f9d21154c 476 haveRSA = 0;
wolfSSL 0:d92f9d21154c 477 #endif
wolfSSL 0:d92f9d21154c 478 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:d92f9d21154c 479 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:d92f9d21154c 480 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:d92f9d21154c 481
wolfSSL 0:d92f9d21154c 482 WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
wolfSSL 0:d92f9d21154c 483 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 484 }
wolfSSL 0:d92f9d21154c 485
wolfSSL 0:d92f9d21154c 486 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 487 int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 0:d92f9d21154c 488 const unsigned char* g, int gSz)
wolfSSL 0:d92f9d21154c 489 {
wolfSSL 0:d92f9d21154c 490 WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
wolfSSL 0:d92f9d21154c 491 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 492
wolfSSL 0:d92f9d21154c 493 if (pSz < ctx->minDhKeySz)
wolfSSL 0:d92f9d21154c 494 return DH_KEY_SIZE_E;
wolfSSL 0:d92f9d21154c 495
wolfSSL 0:d92f9d21154c 496 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 497 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 498
wolfSSL 0:d92f9d21154c 499 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 500 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 0:d92f9d21154c 501 return MEMORY_E;
wolfSSL 0:d92f9d21154c 502
wolfSSL 0:d92f9d21154c 503 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 504 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 0:d92f9d21154c 505 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 506 return MEMORY_E;
wolfSSL 0:d92f9d21154c 507 }
wolfSSL 0:d92f9d21154c 508
wolfSSL 0:d92f9d21154c 509 ctx->serverDH_P.length = pSz;
wolfSSL 0:d92f9d21154c 510 ctx->serverDH_G.length = gSz;
wolfSSL 0:d92f9d21154c 511
wolfSSL 0:d92f9d21154c 512 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 0:d92f9d21154c 513 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 0:d92f9d21154c 514
wolfSSL 0:d92f9d21154c 515 ctx->haveDH = 1;
wolfSSL 0:d92f9d21154c 516
wolfSSL 0:d92f9d21154c 517 WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
wolfSSL 0:d92f9d21154c 518 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 519 }
wolfSSL 0:d92f9d21154c 520
wolfSSL 0:d92f9d21154c 521 #endif /* !NO_DH */
wolfSSL 0:d92f9d21154c 522
wolfSSL 0:d92f9d21154c 523
wolfSSL 0:d92f9d21154c 524 int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 0:d92f9d21154c 525 {
wolfSSL 0:d92f9d21154c 526 int ret;
wolfSSL 0:d92f9d21154c 527
wolfSSL 0:d92f9d21154c 528 WOLFSSL_ENTER("SSL_write()");
wolfSSL 0:d92f9d21154c 529
wolfSSL 0:d92f9d21154c 530 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:d92f9d21154c 531 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 532
wolfSSL 0:d92f9d21154c 533 #ifdef HAVE_ERRNO_H
wolfSSL 0:d92f9d21154c 534 errno = 0;
wolfSSL 0:d92f9d21154c 535 #endif
wolfSSL 0:d92f9d21154c 536
wolfSSL 0:d92f9d21154c 537 ret = SendData(ssl, data, sz);
wolfSSL 0:d92f9d21154c 538
wolfSSL 0:d92f9d21154c 539 WOLFSSL_LEAVE("SSL_write()", ret);
wolfSSL 0:d92f9d21154c 540
wolfSSL 0:d92f9d21154c 541 if (ret < 0)
wolfSSL 0:d92f9d21154c 542 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 543 else
wolfSSL 0:d92f9d21154c 544 return ret;
wolfSSL 0:d92f9d21154c 545 }
wolfSSL 0:d92f9d21154c 546
wolfSSL 0:d92f9d21154c 547
wolfSSL 0:d92f9d21154c 548 static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
wolfSSL 0:d92f9d21154c 549 {
wolfSSL 0:d92f9d21154c 550 int ret;
wolfSSL 0:d92f9d21154c 551
wolfSSL 0:d92f9d21154c 552 WOLFSSL_ENTER("wolfSSL_read_internal()");
wolfSSL 0:d92f9d21154c 553
wolfSSL 0:d92f9d21154c 554 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:d92f9d21154c 555 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 556
wolfSSL 0:d92f9d21154c 557 #ifdef HAVE_ERRNO_H
wolfSSL 0:d92f9d21154c 558 errno = 0;
wolfSSL 0:d92f9d21154c 559 #endif
wolfSSL 0:d92f9d21154c 560 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 561 if (ssl->options.dtls)
wolfSSL 0:d92f9d21154c 562 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 0:d92f9d21154c 563 #endif
wolfSSL 0:d92f9d21154c 564
wolfSSL 0:d92f9d21154c 565 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:d92f9d21154c 566 ret = ReceiveData(ssl, (byte*)data,
wolfSSL 0:d92f9d21154c 567 min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
wolfSSL 0:d92f9d21154c 568 #else
wolfSSL 0:d92f9d21154c 569 ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
wolfSSL 0:d92f9d21154c 570 #endif
wolfSSL 0:d92f9d21154c 571
wolfSSL 0:d92f9d21154c 572 WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
wolfSSL 0:d92f9d21154c 573
wolfSSL 0:d92f9d21154c 574 if (ret < 0)
wolfSSL 0:d92f9d21154c 575 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 576 else
wolfSSL 0:d92f9d21154c 577 return ret;
wolfSSL 0:d92f9d21154c 578 }
wolfSSL 0:d92f9d21154c 579
wolfSSL 0:d92f9d21154c 580
wolfSSL 0:d92f9d21154c 581 int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
wolfSSL 0:d92f9d21154c 582 {
wolfSSL 0:d92f9d21154c 583 WOLFSSL_ENTER("wolfSSL_peek()");
wolfSSL 0:d92f9d21154c 584
wolfSSL 0:d92f9d21154c 585 return wolfSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 0:d92f9d21154c 586 }
wolfSSL 0:d92f9d21154c 587
wolfSSL 0:d92f9d21154c 588
wolfSSL 0:d92f9d21154c 589 int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
wolfSSL 0:d92f9d21154c 590 {
wolfSSL 0:d92f9d21154c 591 WOLFSSL_ENTER("wolfSSL_read()");
wolfSSL 0:d92f9d21154c 592
wolfSSL 0:d92f9d21154c 593 return wolfSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 0:d92f9d21154c 594 }
wolfSSL 0:d92f9d21154c 595
wolfSSL 0:d92f9d21154c 596
wolfSSL 0:d92f9d21154c 597 #ifdef HAVE_CAVIUM
wolfSSL 0:d92f9d21154c 598
wolfSSL 0:d92f9d21154c 599 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 600 int wolfSSL_UseCavium(WOLFSSL* ssl, int devId)
wolfSSL 0:d92f9d21154c 601 {
wolfSSL 0:d92f9d21154c 602 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 603 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 604
wolfSSL 0:d92f9d21154c 605 ssl->devId = devId;
wolfSSL 0:d92f9d21154c 606
wolfSSL 0:d92f9d21154c 607 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 608 }
wolfSSL 0:d92f9d21154c 609
wolfSSL 0:d92f9d21154c 610
wolfSSL 0:d92f9d21154c 611 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 612 int wolfSSL_CTX_UseCavium(WOLFSSL_CTX* ctx, int devId)
wolfSSL 0:d92f9d21154c 613 {
wolfSSL 0:d92f9d21154c 614 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 615 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 616
wolfSSL 0:d92f9d21154c 617 ctx->devId = devId;
wolfSSL 0:d92f9d21154c 618
wolfSSL 0:d92f9d21154c 619 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 620 }
wolfSSL 0:d92f9d21154c 621
wolfSSL 0:d92f9d21154c 622
wolfSSL 0:d92f9d21154c 623 #endif /* HAVE_CAVIUM */
wolfSSL 0:d92f9d21154c 624
wolfSSL 0:d92f9d21154c 625 #ifdef HAVE_SNI
wolfSSL 0:d92f9d21154c 626
wolfSSL 0:d92f9d21154c 627 int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
wolfSSL 0:d92f9d21154c 628 {
wolfSSL 0:d92f9d21154c 629 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 630 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 631
wolfSSL 0:d92f9d21154c 632 return TLSX_UseSNI(&ssl->extensions, type, data, size);
wolfSSL 0:d92f9d21154c 633 }
wolfSSL 0:d92f9d21154c 634
wolfSSL 0:d92f9d21154c 635 int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size)
wolfSSL 0:d92f9d21154c 636 {
wolfSSL 0:d92f9d21154c 637 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 638 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 639
wolfSSL 0:d92f9d21154c 640 return TLSX_UseSNI(&ctx->extensions, type, data, size);
wolfSSL 0:d92f9d21154c 641 }
wolfSSL 0:d92f9d21154c 642
wolfSSL 0:d92f9d21154c 643 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 644
wolfSSL 0:d92f9d21154c 645 void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
wolfSSL 0:d92f9d21154c 646 {
wolfSSL 0:d92f9d21154c 647 if (ssl && ssl->extensions)
wolfSSL 0:d92f9d21154c 648 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 0:d92f9d21154c 649 }
wolfSSL 0:d92f9d21154c 650
wolfSSL 0:d92f9d21154c 651 void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
wolfSSL 0:d92f9d21154c 652 {
wolfSSL 0:d92f9d21154c 653 if (ctx && ctx->extensions)
wolfSSL 0:d92f9d21154c 654 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 0:d92f9d21154c 655 }
wolfSSL 0:d92f9d21154c 656
wolfSSL 0:d92f9d21154c 657 byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
wolfSSL 0:d92f9d21154c 658 {
wolfSSL 0:d92f9d21154c 659 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 0:d92f9d21154c 660 }
wolfSSL 0:d92f9d21154c 661
wolfSSL 0:d92f9d21154c 662 word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
wolfSSL 0:d92f9d21154c 663 {
wolfSSL 0:d92f9d21154c 664 if (data)
wolfSSL 0:d92f9d21154c 665 *data = NULL;
wolfSSL 0:d92f9d21154c 666
wolfSSL 0:d92f9d21154c 667 if (ssl && ssl->extensions)
wolfSSL 0:d92f9d21154c 668 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 0:d92f9d21154c 669
wolfSSL 0:d92f9d21154c 670 return 0;
wolfSSL 0:d92f9d21154c 671 }
wolfSSL 0:d92f9d21154c 672
wolfSSL 0:d92f9d21154c 673 int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
wolfSSL 0:d92f9d21154c 674 byte* sni, word32* inOutSz)
wolfSSL 0:d92f9d21154c 675 {
wolfSSL 0:d92f9d21154c 676 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 0:d92f9d21154c 677 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 0:d92f9d21154c 678
wolfSSL 0:d92f9d21154c 679 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 680 }
wolfSSL 0:d92f9d21154c 681
wolfSSL 0:d92f9d21154c 682 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 683
wolfSSL 0:d92f9d21154c 684 #endif /* HAVE_SNI */
wolfSSL 0:d92f9d21154c 685
wolfSSL 0:d92f9d21154c 686
wolfSSL 0:d92f9d21154c 687 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:d92f9d21154c 688 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 689 int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
wolfSSL 0:d92f9d21154c 690 {
wolfSSL 0:d92f9d21154c 691 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 692 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 693
wolfSSL 0:d92f9d21154c 694 return TLSX_UseMaxFragment(&ssl->extensions, mfl);
wolfSSL 0:d92f9d21154c 695 }
wolfSSL 0:d92f9d21154c 696
wolfSSL 0:d92f9d21154c 697 int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
wolfSSL 0:d92f9d21154c 698 {
wolfSSL 0:d92f9d21154c 699 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 700 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 701
wolfSSL 0:d92f9d21154c 702 return TLSX_UseMaxFragment(&ctx->extensions, mfl);
wolfSSL 0:d92f9d21154c 703 }
wolfSSL 0:d92f9d21154c 704 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 705 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 0:d92f9d21154c 706
wolfSSL 0:d92f9d21154c 707 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 0:d92f9d21154c 708 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 709 int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 710 {
wolfSSL 0:d92f9d21154c 711 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 712 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 713
wolfSSL 0:d92f9d21154c 714 return TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL 0:d92f9d21154c 715 }
wolfSSL 0:d92f9d21154c 716
wolfSSL 0:d92f9d21154c 717 int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 718 {
wolfSSL 0:d92f9d21154c 719 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 720 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 721
wolfSSL 0:d92f9d21154c 722 return TLSX_UseTruncatedHMAC(&ctx->extensions);
wolfSSL 0:d92f9d21154c 723 }
wolfSSL 0:d92f9d21154c 724 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 725 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 0:d92f9d21154c 726
wolfSSL 0:d92f9d21154c 727 /* Elliptic Curves */
wolfSSL 0:d92f9d21154c 728 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 0:d92f9d21154c 729 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 730
wolfSSL 0:d92f9d21154c 731 int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
wolfSSL 0:d92f9d21154c 732 {
wolfSSL 0:d92f9d21154c 733 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 734 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 735
wolfSSL 0:d92f9d21154c 736 switch (name) {
wolfSSL 0:d92f9d21154c 737 case WOLFSSL_ECC_SECP160R1:
wolfSSL 0:d92f9d21154c 738 case WOLFSSL_ECC_SECP192R1:
wolfSSL 0:d92f9d21154c 739 case WOLFSSL_ECC_SECP224R1:
wolfSSL 0:d92f9d21154c 740 case WOLFSSL_ECC_SECP256R1:
wolfSSL 0:d92f9d21154c 741 case WOLFSSL_ECC_SECP384R1:
wolfSSL 0:d92f9d21154c 742 case WOLFSSL_ECC_SECP521R1:
wolfSSL 0:d92f9d21154c 743 break;
wolfSSL 0:d92f9d21154c 744
wolfSSL 0:d92f9d21154c 745 default:
wolfSSL 0:d92f9d21154c 746 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 747 }
wolfSSL 0:d92f9d21154c 748
wolfSSL 0:d92f9d21154c 749 return TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL 0:d92f9d21154c 750 }
wolfSSL 0:d92f9d21154c 751
wolfSSL 0:d92f9d21154c 752 int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
wolfSSL 0:d92f9d21154c 753 {
wolfSSL 0:d92f9d21154c 754 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 755 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 756
wolfSSL 0:d92f9d21154c 757 switch (name) {
wolfSSL 0:d92f9d21154c 758 case WOLFSSL_ECC_SECP160R1:
wolfSSL 0:d92f9d21154c 759 case WOLFSSL_ECC_SECP192R1:
wolfSSL 0:d92f9d21154c 760 case WOLFSSL_ECC_SECP224R1:
wolfSSL 0:d92f9d21154c 761 case WOLFSSL_ECC_SECP256R1:
wolfSSL 0:d92f9d21154c 762 case WOLFSSL_ECC_SECP384R1:
wolfSSL 0:d92f9d21154c 763 case WOLFSSL_ECC_SECP521R1:
wolfSSL 0:d92f9d21154c 764 break;
wolfSSL 0:d92f9d21154c 765
wolfSSL 0:d92f9d21154c 766 default:
wolfSSL 0:d92f9d21154c 767 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 768 }
wolfSSL 0:d92f9d21154c 769
wolfSSL 0:d92f9d21154c 770 return TLSX_UseSupportedCurve(&ctx->extensions, name);
wolfSSL 0:d92f9d21154c 771 }
wolfSSL 0:d92f9d21154c 772
wolfSSL 0:d92f9d21154c 773 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 774 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 0:d92f9d21154c 775
wolfSSL 0:d92f9d21154c 776 /* Secure Renegotiation */
wolfSSL 0:d92f9d21154c 777 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 0:d92f9d21154c 778
wolfSSL 0:d92f9d21154c 779 /* user is forcing ability to use secure renegotiation, we discourage it */
wolfSSL 0:d92f9d21154c 780 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 781 {
wolfSSL 0:d92f9d21154c 782 int ret = BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 783
wolfSSL 0:d92f9d21154c 784 if (ssl)
wolfSSL 0:d92f9d21154c 785 ret = TLSX_UseSecureRenegotiation(&ssl->extensions);
wolfSSL 0:d92f9d21154c 786
wolfSSL 0:d92f9d21154c 787 if (ret == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 788 TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION);
wolfSSL 0:d92f9d21154c 789
wolfSSL 0:d92f9d21154c 790 if (extension)
wolfSSL 0:d92f9d21154c 791 ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
wolfSSL 0:d92f9d21154c 792 }
wolfSSL 0:d92f9d21154c 793
wolfSSL 0:d92f9d21154c 794 return ret;
wolfSSL 0:d92f9d21154c 795 }
wolfSSL 0:d92f9d21154c 796
wolfSSL 0:d92f9d21154c 797
wolfSSL 0:d92f9d21154c 798 /* do a secure renegotiation handshake, user forced, we discourage */
wolfSSL 0:d92f9d21154c 799 int wolfSSL_Rehandshake(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 800 {
wolfSSL 0:d92f9d21154c 801 int ret;
wolfSSL 0:d92f9d21154c 802
wolfSSL 0:d92f9d21154c 803 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 804 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 805
wolfSSL 0:d92f9d21154c 806 if (ssl->secure_renegotiation == NULL) {
wolfSSL 0:d92f9d21154c 807 WOLFSSL_MSG("Secure Renegotiation not forced on by user");
wolfSSL 0:d92f9d21154c 808 return SECURE_RENEGOTIATION_E;
wolfSSL 0:d92f9d21154c 809 }
wolfSSL 0:d92f9d21154c 810
wolfSSL 0:d92f9d21154c 811 if (ssl->secure_renegotiation->enabled == 0) {
wolfSSL 0:d92f9d21154c 812 WOLFSSL_MSG("Secure Renegotiation not enabled at extension level");
wolfSSL 0:d92f9d21154c 813 return SECURE_RENEGOTIATION_E;
wolfSSL 0:d92f9d21154c 814 }
wolfSSL 0:d92f9d21154c 815
wolfSSL 0:d92f9d21154c 816 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 0:d92f9d21154c 817 WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
wolfSSL 0:d92f9d21154c 818 return SECURE_RENEGOTIATION_E;
wolfSSL 0:d92f9d21154c 819 }
wolfSSL 0:d92f9d21154c 820
wolfSSL 0:d92f9d21154c 821 #ifndef NO_FORCE_SCR_SAME_SUITE
wolfSSL 0:d92f9d21154c 822 /* force same suite */
wolfSSL 0:d92f9d21154c 823 if (ssl->suites) {
wolfSSL 0:d92f9d21154c 824 ssl->suites->suiteSz = SUITE_LEN;
wolfSSL 0:d92f9d21154c 825 ssl->suites->suites[0] = ssl->options.cipherSuite0;
wolfSSL 0:d92f9d21154c 826 ssl->suites->suites[1] = ssl->options.cipherSuite;
wolfSSL 0:d92f9d21154c 827 }
wolfSSL 0:d92f9d21154c 828 #endif
wolfSSL 0:d92f9d21154c 829
wolfSSL 0:d92f9d21154c 830 /* reset handshake states */
wolfSSL 0:d92f9d21154c 831 ssl->options.serverState = NULL_STATE;
wolfSSL 0:d92f9d21154c 832 ssl->options.clientState = NULL_STATE;
wolfSSL 0:d92f9d21154c 833 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 0:d92f9d21154c 834 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 0:d92f9d21154c 835 ssl->options.handShakeState = NULL_STATE;
wolfSSL 0:d92f9d21154c 836 ssl->options.processReply = 0; /* TODO, move states in internal.h */
wolfSSL 0:d92f9d21154c 837
wolfSSL 0:d92f9d21154c 838 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 0:d92f9d21154c 839
wolfSSL 0:d92f9d21154c 840 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
wolfSSL 0:d92f9d21154c 841
wolfSSL 0:d92f9d21154c 842 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 843 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 844 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 0:d92f9d21154c 845 #endif
wolfSSL 0:d92f9d21154c 846 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 847 ret = wc_InitSha(&ssl->hsHashes->hashSha);
wolfSSL 0:d92f9d21154c 848 if (ret !=0)
wolfSSL 0:d92f9d21154c 849 return ret;
wolfSSL 0:d92f9d21154c 850 #endif
wolfSSL 0:d92f9d21154c 851 #endif /* NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 852 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 853 ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
wolfSSL 0:d92f9d21154c 854 if (ret !=0)
wolfSSL 0:d92f9d21154c 855 return ret;
wolfSSL 0:d92f9d21154c 856 #endif
wolfSSL 0:d92f9d21154c 857 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 858 ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
wolfSSL 0:d92f9d21154c 859 if (ret !=0)
wolfSSL 0:d92f9d21154c 860 return ret;
wolfSSL 0:d92f9d21154c 861 #endif
wolfSSL 0:d92f9d21154c 862 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 863 ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
wolfSSL 0:d92f9d21154c 864 if (ret !=0)
wolfSSL 0:d92f9d21154c 865 return ret;
wolfSSL 0:d92f9d21154c 866 #endif
wolfSSL 0:d92f9d21154c 867
wolfSSL 0:d92f9d21154c 868 ret = wolfSSL_negotiate(ssl);
wolfSSL 0:d92f9d21154c 869 return ret;
wolfSSL 0:d92f9d21154c 870 }
wolfSSL 0:d92f9d21154c 871
wolfSSL 0:d92f9d21154c 872 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 0:d92f9d21154c 873
wolfSSL 0:d92f9d21154c 874 /* Session Ticket */
wolfSSL 0:d92f9d21154c 875 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
wolfSSL 0:d92f9d21154c 876 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 877 int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
wolfSSL 0:d92f9d21154c 878 {
wolfSSL 0:d92f9d21154c 879 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 880 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 881
wolfSSL 0:d92f9d21154c 882 ctx->ticketEncCb = cb;
wolfSSL 0:d92f9d21154c 883
wolfSSL 0:d92f9d21154c 884 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 885 }
wolfSSL 0:d92f9d21154c 886
wolfSSL 0:d92f9d21154c 887 /* set hint interval, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 888 int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
wolfSSL 0:d92f9d21154c 889 {
wolfSSL 0:d92f9d21154c 890 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 891 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 892
wolfSSL 0:d92f9d21154c 893 ctx->ticketHint = hint;
wolfSSL 0:d92f9d21154c 894
wolfSSL 0:d92f9d21154c 895 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 896 }
wolfSSL 0:d92f9d21154c 897
wolfSSL 0:d92f9d21154c 898 /* set user context, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 899 int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
wolfSSL 0:d92f9d21154c 900 {
wolfSSL 0:d92f9d21154c 901 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 902 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 903
wolfSSL 0:d92f9d21154c 904 ctx->ticketEncCtx = userCtx;
wolfSSL 0:d92f9d21154c 905
wolfSSL 0:d92f9d21154c 906 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 907 }
wolfSSL 0:d92f9d21154c 908
wolfSSL 0:d92f9d21154c 909 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
wolfSSL 0:d92f9d21154c 910
wolfSSL 0:d92f9d21154c 911 /* Session Ticket */
wolfSSL 0:d92f9d21154c 912 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL 0:d92f9d21154c 913 int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 914 {
wolfSSL 0:d92f9d21154c 915 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 916 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 917
wolfSSL 0:d92f9d21154c 918 return TLSX_UseSessionTicket(&ssl->extensions, NULL);
wolfSSL 0:d92f9d21154c 919 }
wolfSSL 0:d92f9d21154c 920
wolfSSL 0:d92f9d21154c 921 int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 922 {
wolfSSL 0:d92f9d21154c 923 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 924 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 925
wolfSSL 0:d92f9d21154c 926 return TLSX_UseSessionTicket(&ctx->extensions, NULL);
wolfSSL 0:d92f9d21154c 927 }
wolfSSL 0:d92f9d21154c 928
wolfSSL 0:d92f9d21154c 929 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
wolfSSL 0:d92f9d21154c 930 {
wolfSSL 0:d92f9d21154c 931 if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
wolfSSL 0:d92f9d21154c 932 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 933
wolfSSL 0:d92f9d21154c 934 if (ssl->session.ticketLen <= *bufSz) {
wolfSSL 0:d92f9d21154c 935 XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 0:d92f9d21154c 936 *bufSz = ssl->session.ticketLen;
wolfSSL 0:d92f9d21154c 937 }
wolfSSL 0:d92f9d21154c 938 else
wolfSSL 0:d92f9d21154c 939 *bufSz = 0;
wolfSSL 0:d92f9d21154c 940
wolfSSL 0:d92f9d21154c 941 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 942 }
wolfSSL 0:d92f9d21154c 943
wolfSSL 0:d92f9d21154c 944 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
wolfSSL 0:d92f9d21154c 945 {
wolfSSL 0:d92f9d21154c 946 if (ssl == NULL || (buf == NULL && bufSz > 0))
wolfSSL 0:d92f9d21154c 947 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 948
wolfSSL 0:d92f9d21154c 949 if (bufSz > 0)
wolfSSL 0:d92f9d21154c 950 XMEMCPY(ssl->session.ticket, buf, bufSz);
wolfSSL 0:d92f9d21154c 951 ssl->session.ticketLen = (word16)bufSz;
wolfSSL 0:d92f9d21154c 952
wolfSSL 0:d92f9d21154c 953 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 954 }
wolfSSL 0:d92f9d21154c 955
wolfSSL 0:d92f9d21154c 956
wolfSSL 0:d92f9d21154c 957 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 958 CallbackSessionTicket cb, void* ctx)
wolfSSL 0:d92f9d21154c 959 {
wolfSSL 0:d92f9d21154c 960 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 961 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 962
wolfSSL 0:d92f9d21154c 963 ssl->session_ticket_cb = cb;
wolfSSL 0:d92f9d21154c 964 ssl->session_ticket_ctx = ctx;
wolfSSL 0:d92f9d21154c 965
wolfSSL 0:d92f9d21154c 966 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 967 }
wolfSSL 0:d92f9d21154c 968 #endif
wolfSSL 0:d92f9d21154c 969
wolfSSL 0:d92f9d21154c 970 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 971
wolfSSL 0:d92f9d21154c 972 int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
wolfSSL 0:d92f9d21154c 973 {
wolfSSL 0:d92f9d21154c 974 int ret;
wolfSSL 0:d92f9d21154c 975 int oldFlags;
wolfSSL 0:d92f9d21154c 976
wolfSSL 0:d92f9d21154c 977 WOLFSSL_ENTER("wolfSSL_send()");
wolfSSL 0:d92f9d21154c 978
wolfSSL 0:d92f9d21154c 979 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:d92f9d21154c 980 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 981
wolfSSL 0:d92f9d21154c 982 oldFlags = ssl->wflags;
wolfSSL 0:d92f9d21154c 983
wolfSSL 0:d92f9d21154c 984 ssl->wflags = flags;
wolfSSL 0:d92f9d21154c 985 ret = wolfSSL_write(ssl, data, sz);
wolfSSL 0:d92f9d21154c 986 ssl->wflags = oldFlags;
wolfSSL 0:d92f9d21154c 987
wolfSSL 0:d92f9d21154c 988 WOLFSSL_LEAVE("wolfSSL_send()", ret);
wolfSSL 0:d92f9d21154c 989
wolfSSL 0:d92f9d21154c 990 return ret;
wolfSSL 0:d92f9d21154c 991 }
wolfSSL 0:d92f9d21154c 992
wolfSSL 0:d92f9d21154c 993
wolfSSL 0:d92f9d21154c 994 int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
wolfSSL 0:d92f9d21154c 995 {
wolfSSL 0:d92f9d21154c 996 int ret;
wolfSSL 0:d92f9d21154c 997 int oldFlags;
wolfSSL 0:d92f9d21154c 998
wolfSSL 0:d92f9d21154c 999 WOLFSSL_ENTER("wolfSSL_recv()");
wolfSSL 0:d92f9d21154c 1000
wolfSSL 0:d92f9d21154c 1001 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:d92f9d21154c 1002 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1003
wolfSSL 0:d92f9d21154c 1004 oldFlags = ssl->rflags;
wolfSSL 0:d92f9d21154c 1005
wolfSSL 0:d92f9d21154c 1006 ssl->rflags = flags;
wolfSSL 0:d92f9d21154c 1007 ret = wolfSSL_read(ssl, data, sz);
wolfSSL 0:d92f9d21154c 1008 ssl->rflags = oldFlags;
wolfSSL 0:d92f9d21154c 1009
wolfSSL 0:d92f9d21154c 1010 WOLFSSL_LEAVE("wolfSSL_recv()", ret);
wolfSSL 0:d92f9d21154c 1011
wolfSSL 0:d92f9d21154c 1012 return ret;
wolfSSL 0:d92f9d21154c 1013 }
wolfSSL 0:d92f9d21154c 1014 #endif
wolfSSL 0:d92f9d21154c 1015
wolfSSL 0:d92f9d21154c 1016
wolfSSL 0:d92f9d21154c 1017 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 1018 int wolfSSL_shutdown(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1019 {
wolfSSL 0:d92f9d21154c 1020 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 1021 byte tmp;
wolfSSL 0:d92f9d21154c 1022 WOLFSSL_ENTER("SSL_shutdown()");
wolfSSL 0:d92f9d21154c 1023
wolfSSL 0:d92f9d21154c 1024 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1025 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 1026
wolfSSL 0:d92f9d21154c 1027 if (ssl->options.quietShutdown) {
wolfSSL 0:d92f9d21154c 1028 WOLFSSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 0:d92f9d21154c 1029 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1030 }
wolfSSL 0:d92f9d21154c 1031
wolfSSL 0:d92f9d21154c 1032 /* try to send close notify, not an error if can't */
wolfSSL 0:d92f9d21154c 1033 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 0:d92f9d21154c 1034 !ssl->options.sentNotify) {
wolfSSL 0:d92f9d21154c 1035 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 0:d92f9d21154c 1036 if (ssl->error < 0) {
wolfSSL 0:d92f9d21154c 1037 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 1038 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 1039 }
wolfSSL 0:d92f9d21154c 1040 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 0:d92f9d21154c 1041 if (ssl->options.closeNotify)
wolfSSL 0:d92f9d21154c 1042 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1043 else
wolfSSL 0:d92f9d21154c 1044 ret = SSL_SHUTDOWN_NOT_DONE;
wolfSSL 0:d92f9d21154c 1045
wolfSSL 0:d92f9d21154c 1046 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 0:d92f9d21154c 1047 return ret;
wolfSSL 0:d92f9d21154c 1048 }
wolfSSL 0:d92f9d21154c 1049
wolfSSL 0:d92f9d21154c 1050 /* call wolfSSL_shutdown again for bidirectional shudown */
wolfSSL 0:d92f9d21154c 1051 if (ssl->options.sentNotify && !ssl->options.closeNotify) {
wolfSSL 0:d92f9d21154c 1052 ret = wolfSSL_read(ssl, &tmp, 0);
wolfSSL 0:d92f9d21154c 1053 if (ret < 0) {
wolfSSL 0:d92f9d21154c 1054 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 1055 ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 1056 } else if (ssl->options.closeNotify) {
wolfSSL 0:d92f9d21154c 1057 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL 0:d92f9d21154c 1058 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1059 }
wolfSSL 0:d92f9d21154c 1060 }
wolfSSL 0:d92f9d21154c 1061
wolfSSL 0:d92f9d21154c 1062 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 0:d92f9d21154c 1063
wolfSSL 0:d92f9d21154c 1064 return ret;
wolfSSL 0:d92f9d21154c 1065 }
wolfSSL 0:d92f9d21154c 1066
wolfSSL 0:d92f9d21154c 1067
wolfSSL 0:d92f9d21154c 1068 int wolfSSL_get_error(WOLFSSL* ssl, int ret)
wolfSSL 0:d92f9d21154c 1069 {
wolfSSL 0:d92f9d21154c 1070 WOLFSSL_ENTER("SSL_get_error");
wolfSSL 0:d92f9d21154c 1071
wolfSSL 0:d92f9d21154c 1072 if (ret > 0)
wolfSSL 0:d92f9d21154c 1073 return SSL_ERROR_NONE;
wolfSSL 0:d92f9d21154c 1074 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1075 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1076
wolfSSL 0:d92f9d21154c 1077 WOLFSSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 0:d92f9d21154c 1078
wolfSSL 0:d92f9d21154c 1079 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 0:d92f9d21154c 1080 if (ssl->error == WANT_READ)
wolfSSL 0:d92f9d21154c 1081 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 0:d92f9d21154c 1082 else if (ssl->error == WANT_WRITE)
wolfSSL 0:d92f9d21154c 1083 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 0:d92f9d21154c 1084 else if (ssl->error == ZERO_RETURN)
wolfSSL 0:d92f9d21154c 1085 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 0:d92f9d21154c 1086 return ssl->error;
wolfSSL 0:d92f9d21154c 1087 }
wolfSSL 0:d92f9d21154c 1088
wolfSSL 0:d92f9d21154c 1089
wolfSSL 0:d92f9d21154c 1090 /* retrive alert history, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 1091 int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
wolfSSL 0:d92f9d21154c 1092 {
wolfSSL 0:d92f9d21154c 1093 if (ssl && h) {
wolfSSL 0:d92f9d21154c 1094 *h = ssl->alert_history;
wolfSSL 0:d92f9d21154c 1095 }
wolfSSL 0:d92f9d21154c 1096 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1097 }
wolfSSL 0:d92f9d21154c 1098
wolfSSL 0:d92f9d21154c 1099
wolfSSL 0:d92f9d21154c 1100 /* return TRUE if current error is want read */
wolfSSL 0:d92f9d21154c 1101 int wolfSSL_want_read(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1102 {
wolfSSL 0:d92f9d21154c 1103 WOLFSSL_ENTER("SSL_want_read");
wolfSSL 0:d92f9d21154c 1104 if (ssl->error == WANT_READ)
wolfSSL 0:d92f9d21154c 1105 return 1;
wolfSSL 0:d92f9d21154c 1106
wolfSSL 0:d92f9d21154c 1107 return 0;
wolfSSL 0:d92f9d21154c 1108 }
wolfSSL 0:d92f9d21154c 1109
wolfSSL 0:d92f9d21154c 1110
wolfSSL 0:d92f9d21154c 1111 /* return TRUE if current error is want write */
wolfSSL 0:d92f9d21154c 1112 int wolfSSL_want_write(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1113 {
wolfSSL 0:d92f9d21154c 1114 WOLFSSL_ENTER("SSL_want_write");
wolfSSL 0:d92f9d21154c 1115 if (ssl->error == WANT_WRITE)
wolfSSL 0:d92f9d21154c 1116 return 1;
wolfSSL 0:d92f9d21154c 1117
wolfSSL 0:d92f9d21154c 1118 return 0;
wolfSSL 0:d92f9d21154c 1119 }
wolfSSL 0:d92f9d21154c 1120
wolfSSL 0:d92f9d21154c 1121
wolfSSL 0:d92f9d21154c 1122 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 0:d92f9d21154c 1123 {
wolfSSL 0:d92f9d21154c 1124 static const char* msg = "Please supply a buffer for error string";
wolfSSL 0:d92f9d21154c 1125
wolfSSL 0:d92f9d21154c 1126 WOLFSSL_ENTER("ERR_error_string");
wolfSSL 0:d92f9d21154c 1127 if (data) {
wolfSSL 0:d92f9d21154c 1128 SetErrorString((int)errNumber, data);
wolfSSL 0:d92f9d21154c 1129 return data;
wolfSSL 0:d92f9d21154c 1130 }
wolfSSL 0:d92f9d21154c 1131
wolfSSL 0:d92f9d21154c 1132 return (char*)msg;
wolfSSL 0:d92f9d21154c 1133 }
wolfSSL 0:d92f9d21154c 1134
wolfSSL 0:d92f9d21154c 1135
wolfSSL 0:d92f9d21154c 1136 void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 0:d92f9d21154c 1137 {
wolfSSL 0:d92f9d21154c 1138 WOLFSSL_ENTER("wolfSSL_ERR_error_string_n");
wolfSSL 0:d92f9d21154c 1139 if (len >= WOLFSSL_MAX_ERROR_SZ)
wolfSSL 0:d92f9d21154c 1140 wolfSSL_ERR_error_string(e, buf);
wolfSSL 0:d92f9d21154c 1141 else {
wolfSSL 0:d92f9d21154c 1142 char tmp[WOLFSSL_MAX_ERROR_SZ];
wolfSSL 0:d92f9d21154c 1143
wolfSSL 0:d92f9d21154c 1144 WOLFSSL_MSG("Error buffer too short, truncating");
wolfSSL 0:d92f9d21154c 1145 if (len) {
wolfSSL 0:d92f9d21154c 1146 wolfSSL_ERR_error_string(e, tmp);
wolfSSL 0:d92f9d21154c 1147 XMEMCPY(buf, tmp, len-1);
wolfSSL 0:d92f9d21154c 1148 buf[len-1] = '\0';
wolfSSL 0:d92f9d21154c 1149 }
wolfSSL 0:d92f9d21154c 1150 }
wolfSSL 0:d92f9d21154c 1151 }
wolfSSL 0:d92f9d21154c 1152
wolfSSL 0:d92f9d21154c 1153
wolfSSL 0:d92f9d21154c 1154 /* don't free temporary arrays at end of handshake */
wolfSSL 0:d92f9d21154c 1155 void wolfSSL_KeepArrays(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1156 {
wolfSSL 0:d92f9d21154c 1157 if (ssl)
wolfSSL 0:d92f9d21154c 1158 ssl->options.saveArrays = 1;
wolfSSL 0:d92f9d21154c 1159 }
wolfSSL 0:d92f9d21154c 1160
wolfSSL 0:d92f9d21154c 1161
wolfSSL 0:d92f9d21154c 1162 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 0:d92f9d21154c 1163 void wolfSSL_FreeArrays(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1164 {
wolfSSL 0:d92f9d21154c 1165 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 0:d92f9d21154c 1166 ssl->options.saveArrays = 0;
wolfSSL 0:d92f9d21154c 1167 FreeArrays(ssl, 1);
wolfSSL 0:d92f9d21154c 1168 }
wolfSSL 0:d92f9d21154c 1169 }
wolfSSL 0:d92f9d21154c 1170
wolfSSL 0:d92f9d21154c 1171
wolfSSL 0:d92f9d21154c 1172 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
wolfSSL 0:d92f9d21154c 1173 {
wolfSSL 0:d92f9d21154c 1174 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1175 return NULL;
wolfSSL 0:d92f9d21154c 1176
wolfSSL 0:d92f9d21154c 1177 if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
wolfSSL 0:d92f9d21154c 1178 (ssl->options.side == WOLFSSL_SERVER_END && verify) )
wolfSSL 0:d92f9d21154c 1179 return ssl->keys.client_write_MAC_secret;
wolfSSL 0:d92f9d21154c 1180 else
wolfSSL 0:d92f9d21154c 1181 return ssl->keys.server_write_MAC_secret;
wolfSSL 0:d92f9d21154c 1182 }
wolfSSL 0:d92f9d21154c 1183
wolfSSL 0:d92f9d21154c 1184
wolfSSL 0:d92f9d21154c 1185 #ifdef ATOMIC_USER
wolfSSL 0:d92f9d21154c 1186
wolfSSL 0:d92f9d21154c 1187 void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 0:d92f9d21154c 1188 {
wolfSSL 0:d92f9d21154c 1189 if (ctx)
wolfSSL 0:d92f9d21154c 1190 ctx->MacEncryptCb = cb;
wolfSSL 0:d92f9d21154c 1191 }
wolfSSL 0:d92f9d21154c 1192
wolfSSL 0:d92f9d21154c 1193
wolfSSL 0:d92f9d21154c 1194 void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 1195 {
wolfSSL 0:d92f9d21154c 1196 if (ssl)
wolfSSL 0:d92f9d21154c 1197 ssl->MacEncryptCtx = ctx;
wolfSSL 0:d92f9d21154c 1198 }
wolfSSL 0:d92f9d21154c 1199
wolfSSL 0:d92f9d21154c 1200
wolfSSL 0:d92f9d21154c 1201 void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1202 {
wolfSSL 0:d92f9d21154c 1203 if (ssl)
wolfSSL 0:d92f9d21154c 1204 return ssl->MacEncryptCtx;
wolfSSL 0:d92f9d21154c 1205
wolfSSL 0:d92f9d21154c 1206 return NULL;
wolfSSL 0:d92f9d21154c 1207 }
wolfSSL 0:d92f9d21154c 1208
wolfSSL 0:d92f9d21154c 1209
wolfSSL 0:d92f9d21154c 1210 void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 0:d92f9d21154c 1211 {
wolfSSL 0:d92f9d21154c 1212 if (ctx)
wolfSSL 0:d92f9d21154c 1213 ctx->DecryptVerifyCb = cb;
wolfSSL 0:d92f9d21154c 1214 }
wolfSSL 0:d92f9d21154c 1215
wolfSSL 0:d92f9d21154c 1216
wolfSSL 0:d92f9d21154c 1217 void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 1218 {
wolfSSL 0:d92f9d21154c 1219 if (ssl)
wolfSSL 0:d92f9d21154c 1220 ssl->DecryptVerifyCtx = ctx;
wolfSSL 0:d92f9d21154c 1221 }
wolfSSL 0:d92f9d21154c 1222
wolfSSL 0:d92f9d21154c 1223
wolfSSL 0:d92f9d21154c 1224 void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1225 {
wolfSSL 0:d92f9d21154c 1226 if (ssl)
wolfSSL 0:d92f9d21154c 1227 return ssl->DecryptVerifyCtx;
wolfSSL 0:d92f9d21154c 1228
wolfSSL 0:d92f9d21154c 1229 return NULL;
wolfSSL 0:d92f9d21154c 1230 }
wolfSSL 0:d92f9d21154c 1231
wolfSSL 0:d92f9d21154c 1232
wolfSSL 0:d92f9d21154c 1233 const byte* wolfSSL_GetClientWriteKey(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1234 {
wolfSSL 0:d92f9d21154c 1235 if (ssl)
wolfSSL 0:d92f9d21154c 1236 return ssl->keys.client_write_key;
wolfSSL 0:d92f9d21154c 1237
wolfSSL 0:d92f9d21154c 1238 return NULL;
wolfSSL 0:d92f9d21154c 1239 }
wolfSSL 0:d92f9d21154c 1240
wolfSSL 0:d92f9d21154c 1241
wolfSSL 0:d92f9d21154c 1242 const byte* wolfSSL_GetClientWriteIV(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1243 {
wolfSSL 0:d92f9d21154c 1244 if (ssl)
wolfSSL 0:d92f9d21154c 1245 return ssl->keys.client_write_IV;
wolfSSL 0:d92f9d21154c 1246
wolfSSL 0:d92f9d21154c 1247 return NULL;
wolfSSL 0:d92f9d21154c 1248 }
wolfSSL 0:d92f9d21154c 1249
wolfSSL 0:d92f9d21154c 1250
wolfSSL 0:d92f9d21154c 1251 const byte* wolfSSL_GetServerWriteKey(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1252 {
wolfSSL 0:d92f9d21154c 1253 if (ssl)
wolfSSL 0:d92f9d21154c 1254 return ssl->keys.server_write_key;
wolfSSL 0:d92f9d21154c 1255
wolfSSL 0:d92f9d21154c 1256 return NULL;
wolfSSL 0:d92f9d21154c 1257 }
wolfSSL 0:d92f9d21154c 1258
wolfSSL 0:d92f9d21154c 1259
wolfSSL 0:d92f9d21154c 1260 const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1261 {
wolfSSL 0:d92f9d21154c 1262 if (ssl)
wolfSSL 0:d92f9d21154c 1263 return ssl->keys.server_write_IV;
wolfSSL 0:d92f9d21154c 1264
wolfSSL 0:d92f9d21154c 1265 return NULL;
wolfSSL 0:d92f9d21154c 1266 }
wolfSSL 0:d92f9d21154c 1267
wolfSSL 0:d92f9d21154c 1268
wolfSSL 0:d92f9d21154c 1269 int wolfSSL_GetKeySize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1270 {
wolfSSL 0:d92f9d21154c 1271 if (ssl)
wolfSSL 0:d92f9d21154c 1272 return ssl->specs.key_size;
wolfSSL 0:d92f9d21154c 1273
wolfSSL 0:d92f9d21154c 1274 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1275 }
wolfSSL 0:d92f9d21154c 1276
wolfSSL 0:d92f9d21154c 1277
wolfSSL 0:d92f9d21154c 1278 int wolfSSL_GetIVSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1279 {
wolfSSL 0:d92f9d21154c 1280 if (ssl)
wolfSSL 0:d92f9d21154c 1281 return ssl->specs.iv_size;
wolfSSL 0:d92f9d21154c 1282
wolfSSL 0:d92f9d21154c 1283 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1284 }
wolfSSL 0:d92f9d21154c 1285
wolfSSL 0:d92f9d21154c 1286
wolfSSL 0:d92f9d21154c 1287 int wolfSSL_GetBulkCipher(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1288 {
wolfSSL 0:d92f9d21154c 1289 if (ssl)
wolfSSL 0:d92f9d21154c 1290 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 0:d92f9d21154c 1291
wolfSSL 0:d92f9d21154c 1292 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1293 }
wolfSSL 0:d92f9d21154c 1294
wolfSSL 0:d92f9d21154c 1295
wolfSSL 0:d92f9d21154c 1296 int wolfSSL_GetCipherType(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1297 {
wolfSSL 0:d92f9d21154c 1298 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1299 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1300
wolfSSL 0:d92f9d21154c 1301 if (ssl->specs.cipher_type == block)
wolfSSL 0:d92f9d21154c 1302 return WOLFSSL_BLOCK_TYPE;
wolfSSL 0:d92f9d21154c 1303 if (ssl->specs.cipher_type == stream)
wolfSSL 0:d92f9d21154c 1304 return WOLFSSL_STREAM_TYPE;
wolfSSL 0:d92f9d21154c 1305 if (ssl->specs.cipher_type == aead)
wolfSSL 0:d92f9d21154c 1306 return WOLFSSL_AEAD_TYPE;
wolfSSL 0:d92f9d21154c 1307
wolfSSL 0:d92f9d21154c 1308 return -1;
wolfSSL 0:d92f9d21154c 1309 }
wolfSSL 0:d92f9d21154c 1310
wolfSSL 0:d92f9d21154c 1311
wolfSSL 0:d92f9d21154c 1312 int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1313 {
wolfSSL 0:d92f9d21154c 1314 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1315 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1316
wolfSSL 0:d92f9d21154c 1317 return ssl->specs.block_size;
wolfSSL 0:d92f9d21154c 1318 }
wolfSSL 0:d92f9d21154c 1319
wolfSSL 0:d92f9d21154c 1320
wolfSSL 0:d92f9d21154c 1321 int wolfSSL_GetAeadMacSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1322 {
wolfSSL 0:d92f9d21154c 1323 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1324 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1325
wolfSSL 0:d92f9d21154c 1326 return ssl->specs.aead_mac_size;
wolfSSL 0:d92f9d21154c 1327 }
wolfSSL 0:d92f9d21154c 1328
wolfSSL 0:d92f9d21154c 1329
wolfSSL 0:d92f9d21154c 1330 int wolfSSL_IsTLSv1_1(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1331 {
wolfSSL 0:d92f9d21154c 1332 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1333 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1334
wolfSSL 0:d92f9d21154c 1335 if (ssl->options.tls1_1)
wolfSSL 0:d92f9d21154c 1336 return 1;
wolfSSL 0:d92f9d21154c 1337
wolfSSL 0:d92f9d21154c 1338 return 0;
wolfSSL 0:d92f9d21154c 1339 }
wolfSSL 0:d92f9d21154c 1340
wolfSSL 0:d92f9d21154c 1341
wolfSSL 0:d92f9d21154c 1342 int wolfSSL_GetSide(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1343 {
wolfSSL 0:d92f9d21154c 1344 if (ssl)
wolfSSL 0:d92f9d21154c 1345 return ssl->options.side;
wolfSSL 0:d92f9d21154c 1346
wolfSSL 0:d92f9d21154c 1347 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1348 }
wolfSSL 0:d92f9d21154c 1349
wolfSSL 0:d92f9d21154c 1350
wolfSSL 0:d92f9d21154c 1351 int wolfSSL_GetHmacSize(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1352 {
wolfSSL 0:d92f9d21154c 1353 /* AEAD ciphers don't have HMAC keys */
wolfSSL 0:d92f9d21154c 1354 if (ssl)
wolfSSL 0:d92f9d21154c 1355 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 0:d92f9d21154c 1356
wolfSSL 0:d92f9d21154c 1357 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1358 }
wolfSSL 0:d92f9d21154c 1359
wolfSSL 0:d92f9d21154c 1360 #endif /* ATOMIC_USER */
wolfSSL 0:d92f9d21154c 1361
wolfSSL 0:d92f9d21154c 1362 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 1363
wolfSSL 0:d92f9d21154c 1364 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
wolfSSL 0:d92f9d21154c 1365 {
wolfSSL 0:d92f9d21154c 1366 WOLFSSL_CERT_MANAGER* cm = NULL;
wolfSSL 0:d92f9d21154c 1367
wolfSSL 0:d92f9d21154c 1368 WOLFSSL_ENTER("wolfSSL_CertManagerNew");
wolfSSL 0:d92f9d21154c 1369
wolfSSL 0:d92f9d21154c 1370 cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0,
wolfSSL 0:d92f9d21154c 1371 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:d92f9d21154c 1372 if (cm) {
wolfSSL 0:d92f9d21154c 1373 XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
wolfSSL 0:d92f9d21154c 1374
wolfSSL 0:d92f9d21154c 1375 if (InitMutex(&cm->caLock) != 0) {
wolfSSL 0:d92f9d21154c 1376 WOLFSSL_MSG("Bad mutex init");
wolfSSL 0:d92f9d21154c 1377 wolfSSL_CertManagerFree(cm);
wolfSSL 0:d92f9d21154c 1378 return NULL;
wolfSSL 0:d92f9d21154c 1379 }
wolfSSL 0:d92f9d21154c 1380 }
wolfSSL 0:d92f9d21154c 1381
wolfSSL 0:d92f9d21154c 1382 return cm;
wolfSSL 0:d92f9d21154c 1383 }
wolfSSL 0:d92f9d21154c 1384
wolfSSL 0:d92f9d21154c 1385
wolfSSL 0:d92f9d21154c 1386 void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 1387 {
wolfSSL 0:d92f9d21154c 1388 WOLFSSL_ENTER("wolfSSL_CertManagerFree");
wolfSSL 0:d92f9d21154c 1389
wolfSSL 0:d92f9d21154c 1390 if (cm) {
wolfSSL 0:d92f9d21154c 1391 #ifdef HAVE_CRL
wolfSSL 0:d92f9d21154c 1392 if (cm->crl)
wolfSSL 0:d92f9d21154c 1393 FreeCRL(cm->crl, 1);
wolfSSL 0:d92f9d21154c 1394 #endif
wolfSSL 0:d92f9d21154c 1395 #ifdef HAVE_OCSP
wolfSSL 0:d92f9d21154c 1396 if (cm->ocsp)
wolfSSL 0:d92f9d21154c 1397 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:d92f9d21154c 1398 #endif
wolfSSL 0:d92f9d21154c 1399 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:d92f9d21154c 1400 FreeMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1401 XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:d92f9d21154c 1402 }
wolfSSL 0:d92f9d21154c 1403
wolfSSL 0:d92f9d21154c 1404 }
wolfSSL 0:d92f9d21154c 1405
wolfSSL 0:d92f9d21154c 1406
wolfSSL 0:d92f9d21154c 1407 /* Unload the CA signer list */
wolfSSL 0:d92f9d21154c 1408 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 1409 {
wolfSSL 0:d92f9d21154c 1410 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
wolfSSL 0:d92f9d21154c 1411
wolfSSL 0:d92f9d21154c 1412 if (cm == NULL)
wolfSSL 0:d92f9d21154c 1413 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1414
wolfSSL 0:d92f9d21154c 1415 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:d92f9d21154c 1416 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 1417
wolfSSL 0:d92f9d21154c 1418 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:d92f9d21154c 1419
wolfSSL 0:d92f9d21154c 1420 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1421
wolfSSL 0:d92f9d21154c 1422
wolfSSL 0:d92f9d21154c 1423 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1424 }
wolfSSL 0:d92f9d21154c 1425
wolfSSL 0:d92f9d21154c 1426
wolfSSL 0:d92f9d21154c 1427 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:d92f9d21154c 1428 int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 0:d92f9d21154c 1429 unsigned char* buff, int buffSz,
wolfSSL 0:d92f9d21154c 1430 int type)
wolfSSL 0:d92f9d21154c 1431 {
wolfSSL 0:d92f9d21154c 1432 int eccKey = 0;
wolfSSL 0:d92f9d21154c 1433 int ret;
wolfSSL 0:d92f9d21154c 1434 buffer der;
wolfSSL 0:d92f9d21154c 1435 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1436 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 1437 #else
wolfSSL 0:d92f9d21154c 1438 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 1439 #endif
wolfSSL 0:d92f9d21154c 1440
wolfSSL 0:d92f9d21154c 1441 WOLFSSL_ENTER("wolfSSL_CertPemToDer");
wolfSSL 0:d92f9d21154c 1442
wolfSSL 0:d92f9d21154c 1443 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:d92f9d21154c 1444 WOLFSSL_MSG("Bad pem der args");
wolfSSL 0:d92f9d21154c 1445 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1446 }
wolfSSL 0:d92f9d21154c 1447
wolfSSL 0:d92f9d21154c 1448 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL 0:d92f9d21154c 1449 WOLFSSL_MSG("Bad cert type");
wolfSSL 0:d92f9d21154c 1450 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1451 }
wolfSSL 0:d92f9d21154c 1452
wolfSSL 0:d92f9d21154c 1453 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1454 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 1455 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1456 if (info == NULL)
wolfSSL 0:d92f9d21154c 1457 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1458 #endif
wolfSSL 0:d92f9d21154c 1459
wolfSSL 0:d92f9d21154c 1460 info->set = 0;
wolfSSL 0:d92f9d21154c 1461 info->ctx = NULL;
wolfSSL 0:d92f9d21154c 1462 info->consumed = 0;
wolfSSL 0:d92f9d21154c 1463 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 1464
wolfSSL 0:d92f9d21154c 1465 ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);
wolfSSL 0:d92f9d21154c 1466
wolfSSL 0:d92f9d21154c 1467 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1468 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1469 #endif
wolfSSL 0:d92f9d21154c 1470
wolfSSL 0:d92f9d21154c 1471 if (ret < 0) {
wolfSSL 0:d92f9d21154c 1472 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 0:d92f9d21154c 1473 }
wolfSSL 0:d92f9d21154c 1474 else {
wolfSSL 0:d92f9d21154c 1475 if (der.length <= (word32)buffSz) {
wolfSSL 0:d92f9d21154c 1476 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:d92f9d21154c 1477 ret = der.length;
wolfSSL 0:d92f9d21154c 1478 }
wolfSSL 0:d92f9d21154c 1479 else {
wolfSSL 0:d92f9d21154c 1480 WOLFSSL_MSG("Bad der length");
wolfSSL 0:d92f9d21154c 1481 ret = BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1482 }
wolfSSL 0:d92f9d21154c 1483 }
wolfSSL 0:d92f9d21154c 1484
wolfSSL 0:d92f9d21154c 1485 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:d92f9d21154c 1486
wolfSSL 0:d92f9d21154c 1487 return ret;
wolfSSL 0:d92f9d21154c 1488 }
wolfSSL 0:d92f9d21154c 1489
wolfSSL 0:d92f9d21154c 1490
wolfSSL 0:d92f9d21154c 1491 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 1492
wolfSSL 0:d92f9d21154c 1493 /* our KeyPemToDer password callback, password in userData */
wolfSSL 0:d92f9d21154c 1494 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL 0:d92f9d21154c 1495 {
wolfSSL 0:d92f9d21154c 1496 (void)rw;
wolfSSL 0:d92f9d21154c 1497
wolfSSL 0:d92f9d21154c 1498 if (userdata == NULL)
wolfSSL 0:d92f9d21154c 1499 return 0;
wolfSSL 0:d92f9d21154c 1500
wolfSSL 0:d92f9d21154c 1501 XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL 0:d92f9d21154c 1502 return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL 0:d92f9d21154c 1503 }
wolfSSL 0:d92f9d21154c 1504
wolfSSL 0:d92f9d21154c 1505 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:d92f9d21154c 1506
wolfSSL 0:d92f9d21154c 1507
wolfSSL 0:d92f9d21154c 1508 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:d92f9d21154c 1509 int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
wolfSSL 0:d92f9d21154c 1510 int buffSz, const char* pass)
wolfSSL 0:d92f9d21154c 1511 {
wolfSSL 0:d92f9d21154c 1512 int eccKey = 0;
wolfSSL 0:d92f9d21154c 1513 int ret;
wolfSSL 0:d92f9d21154c 1514 buffer der;
wolfSSL 0:d92f9d21154c 1515 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1516 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 1517 #else
wolfSSL 0:d92f9d21154c 1518 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 1519 #endif
wolfSSL 0:d92f9d21154c 1520
wolfSSL 0:d92f9d21154c 1521 (void)pass;
wolfSSL 0:d92f9d21154c 1522
wolfSSL 0:d92f9d21154c 1523 WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
wolfSSL 0:d92f9d21154c 1524
wolfSSL 0:d92f9d21154c 1525 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:d92f9d21154c 1526 WOLFSSL_MSG("Bad pem der args");
wolfSSL 0:d92f9d21154c 1527 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1528 }
wolfSSL 0:d92f9d21154c 1529
wolfSSL 0:d92f9d21154c 1530 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1531 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 1532 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1533 if (info == NULL)
wolfSSL 0:d92f9d21154c 1534 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1535 #endif
wolfSSL 0:d92f9d21154c 1536
wolfSSL 0:d92f9d21154c 1537 info->set = 0;
wolfSSL 0:d92f9d21154c 1538 info->ctx = NULL;
wolfSSL 0:d92f9d21154c 1539 info->consumed = 0;
wolfSSL 0:d92f9d21154c 1540 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 1541
wolfSSL 0:d92f9d21154c 1542 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 1543 if (pass) {
wolfSSL 0:d92f9d21154c 1544 info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
wolfSSL 0:d92f9d21154c 1545 if (info->ctx == NULL) {
wolfSSL 0:d92f9d21154c 1546 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1547 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1548 #endif
wolfSSL 0:d92f9d21154c 1549 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1550 }
wolfSSL 0:d92f9d21154c 1551
wolfSSL 0:d92f9d21154c 1552 wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
wolfSSL 0:d92f9d21154c 1553 wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
wolfSSL 0:d92f9d21154c 1554 }
wolfSSL 0:d92f9d21154c 1555 #endif
wolfSSL 0:d92f9d21154c 1556
wolfSSL 0:d92f9d21154c 1557 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
wolfSSL 0:d92f9d21154c 1558
wolfSSL 0:d92f9d21154c 1559 if (info->ctx)
wolfSSL 0:d92f9d21154c 1560 wolfSSL_CTX_free(info->ctx);
wolfSSL 0:d92f9d21154c 1561
wolfSSL 0:d92f9d21154c 1562 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1563 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1564 #endif
wolfSSL 0:d92f9d21154c 1565
wolfSSL 0:d92f9d21154c 1566 if (ret < 0) {
wolfSSL 0:d92f9d21154c 1567 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 0:d92f9d21154c 1568 }
wolfSSL 0:d92f9d21154c 1569 else {
wolfSSL 0:d92f9d21154c 1570 if (der.length <= (word32)buffSz) {
wolfSSL 0:d92f9d21154c 1571 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:d92f9d21154c 1572 ret = der.length;
wolfSSL 0:d92f9d21154c 1573 }
wolfSSL 0:d92f9d21154c 1574 else {
wolfSSL 0:d92f9d21154c 1575 WOLFSSL_MSG("Bad der length");
wolfSSL 0:d92f9d21154c 1576 ret = BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1577 }
wolfSSL 0:d92f9d21154c 1578 }
wolfSSL 0:d92f9d21154c 1579
wolfSSL 0:d92f9d21154c 1580 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:d92f9d21154c 1581
wolfSSL 0:d92f9d21154c 1582 return ret;
wolfSSL 0:d92f9d21154c 1583 }
wolfSSL 0:d92f9d21154c 1584
wolfSSL 0:d92f9d21154c 1585
wolfSSL 0:d92f9d21154c 1586 #endif /* !NO_CERTS */
wolfSSL 0:d92f9d21154c 1587
wolfSSL 0:d92f9d21154c 1588
wolfSSL 0:d92f9d21154c 1589
wolfSSL 0:d92f9d21154c 1590 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 0:d92f9d21154c 1591
wolfSSL 0:d92f9d21154c 1592 void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL 0:d92f9d21154c 1593 {
wolfSSL 0:d92f9d21154c 1594 char data[WOLFSSL_MAX_ERROR_SZ + 1];
wolfSSL 0:d92f9d21154c 1595
wolfSSL 0:d92f9d21154c 1596 WOLFSSL_ENTER("wolfSSL_ERR_print_errors_fp");
wolfSSL 0:d92f9d21154c 1597 SetErrorString(err, data);
wolfSSL 0:d92f9d21154c 1598 fprintf(fp, "%s", data);
wolfSSL 0:d92f9d21154c 1599 }
wolfSSL 0:d92f9d21154c 1600
wolfSSL 0:d92f9d21154c 1601 #endif
wolfSSL 0:d92f9d21154c 1602
wolfSSL 0:d92f9d21154c 1603
wolfSSL 0:d92f9d21154c 1604 int wolfSSL_pending(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1605 {
wolfSSL 0:d92f9d21154c 1606 WOLFSSL_ENTER("SSL_pending");
wolfSSL 0:d92f9d21154c 1607 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 0:d92f9d21154c 1608 }
wolfSSL 0:d92f9d21154c 1609
wolfSSL 0:d92f9d21154c 1610
wolfSSL 0:d92f9d21154c 1611 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 1612 /* trun on handshake group messages for context */
wolfSSL 0:d92f9d21154c 1613 int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 1614 {
wolfSSL 0:d92f9d21154c 1615 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 1616 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1617
wolfSSL 0:d92f9d21154c 1618 ctx->groupMessages = 1;
wolfSSL 0:d92f9d21154c 1619
wolfSSL 0:d92f9d21154c 1620 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1621 }
wolfSSL 0:d92f9d21154c 1622 #endif
wolfSSL 0:d92f9d21154c 1623
wolfSSL 0:d92f9d21154c 1624
wolfSSL 0:d92f9d21154c 1625 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 1626 /* connect enough to get peer cert chain */
wolfSSL 0:d92f9d21154c 1627 int wolfSSL_connect_cert(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1628 {
wolfSSL 0:d92f9d21154c 1629 int ret;
wolfSSL 0:d92f9d21154c 1630
wolfSSL 0:d92f9d21154c 1631 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1632 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 1633
wolfSSL 0:d92f9d21154c 1634 ssl->options.certOnly = 1;
wolfSSL 0:d92f9d21154c 1635 ret = wolfSSL_connect(ssl);
wolfSSL 0:d92f9d21154c 1636 ssl->options.certOnly = 0;
wolfSSL 0:d92f9d21154c 1637
wolfSSL 0:d92f9d21154c 1638 return ret;
wolfSSL 0:d92f9d21154c 1639 }
wolfSSL 0:d92f9d21154c 1640 #endif
wolfSSL 0:d92f9d21154c 1641
wolfSSL 0:d92f9d21154c 1642
wolfSSL 0:d92f9d21154c 1643 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 1644 /* trun on handshake group messages for ssl object */
wolfSSL 0:d92f9d21154c 1645 int wolfSSL_set_group_messages(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 1646 {
wolfSSL 0:d92f9d21154c 1647 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 1648 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1649
wolfSSL 0:d92f9d21154c 1650 ssl->options.groupMessages = 1;
wolfSSL 0:d92f9d21154c 1651
wolfSSL 0:d92f9d21154c 1652 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1653 }
wolfSSL 0:d92f9d21154c 1654
wolfSSL 0:d92f9d21154c 1655
wolfSSL 0:d92f9d21154c 1656 /* make minVersion the internal equivilant SSL version */
wolfSSL 0:d92f9d21154c 1657 static int SetMinVersionHelper(byte* minVersion, int version)
wolfSSL 0:d92f9d21154c 1658 {
wolfSSL 0:d92f9d21154c 1659 switch (version) {
wolfSSL 0:d92f9d21154c 1660 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 1661 case WOLFSSL_SSLV3:
wolfSSL 0:d92f9d21154c 1662 *minVersion = SSLv3_MINOR;
wolfSSL 0:d92f9d21154c 1663 break;
wolfSSL 0:d92f9d21154c 1664 #endif
wolfSSL 0:d92f9d21154c 1665
wolfSSL 0:d92f9d21154c 1666 #ifndef NO_TLS
wolfSSL 0:d92f9d21154c 1667 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 1668 case WOLFSSL_TLSV1:
wolfSSL 0:d92f9d21154c 1669 *minVersion = TLSv1_MINOR;
wolfSSL 0:d92f9d21154c 1670 break;
wolfSSL 0:d92f9d21154c 1671
wolfSSL 0:d92f9d21154c 1672 case WOLFSSL_TLSV1_1:
wolfSSL 0:d92f9d21154c 1673 *minVersion = TLSv1_1_MINOR;
wolfSSL 0:d92f9d21154c 1674 break;
wolfSSL 0:d92f9d21154c 1675 #endif
wolfSSL 0:d92f9d21154c 1676 case WOLFSSL_TLSV1_2:
wolfSSL 0:d92f9d21154c 1677 *minVersion = TLSv1_2_MINOR;
wolfSSL 0:d92f9d21154c 1678 break;
wolfSSL 0:d92f9d21154c 1679 #endif
wolfSSL 0:d92f9d21154c 1680
wolfSSL 0:d92f9d21154c 1681 default:
wolfSSL 0:d92f9d21154c 1682 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 1683 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1684 }
wolfSSL 0:d92f9d21154c 1685
wolfSSL 0:d92f9d21154c 1686 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1687 }
wolfSSL 0:d92f9d21154c 1688
wolfSSL 0:d92f9d21154c 1689
wolfSSL 0:d92f9d21154c 1690 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 1691 int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
wolfSSL 0:d92f9d21154c 1692 {
wolfSSL 0:d92f9d21154c 1693 WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
wolfSSL 0:d92f9d21154c 1694
wolfSSL 0:d92f9d21154c 1695 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 1696 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 1697 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1698 }
wolfSSL 0:d92f9d21154c 1699
wolfSSL 0:d92f9d21154c 1700 return SetMinVersionHelper(&ctx->minDowngrade, version);
wolfSSL 0:d92f9d21154c 1701 }
wolfSSL 0:d92f9d21154c 1702
wolfSSL 0:d92f9d21154c 1703
wolfSSL 0:d92f9d21154c 1704 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 1705 int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
wolfSSL 0:d92f9d21154c 1706 {
wolfSSL 0:d92f9d21154c 1707 WOLFSSL_ENTER("wolfSSL_SetMinVersion");
wolfSSL 0:d92f9d21154c 1708
wolfSSL 0:d92f9d21154c 1709 if (ssl == NULL) {
wolfSSL 0:d92f9d21154c 1710 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 1711 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1712 }
wolfSSL 0:d92f9d21154c 1713
wolfSSL 0:d92f9d21154c 1714 return SetMinVersionHelper(&ssl->options.minDowngrade, version);
wolfSSL 0:d92f9d21154c 1715 }
wolfSSL 0:d92f9d21154c 1716
wolfSSL 0:d92f9d21154c 1717
wolfSSL 0:d92f9d21154c 1718 int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
wolfSSL 0:d92f9d21154c 1719 {
wolfSSL 0:d92f9d21154c 1720 byte haveRSA = 1;
wolfSSL 0:d92f9d21154c 1721 byte havePSK = 0;
wolfSSL 0:d92f9d21154c 1722
wolfSSL 0:d92f9d21154c 1723 WOLFSSL_ENTER("wolfSSL_SetVersion");
wolfSSL 0:d92f9d21154c 1724
wolfSSL 0:d92f9d21154c 1725 if (ssl == NULL) {
wolfSSL 0:d92f9d21154c 1726 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 1727 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1728 }
wolfSSL 0:d92f9d21154c 1729
wolfSSL 0:d92f9d21154c 1730 switch (version) {
wolfSSL 0:d92f9d21154c 1731 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 1732 case WOLFSSL_SSLV3:
wolfSSL 0:d92f9d21154c 1733 ssl->version = MakeSSLv3();
wolfSSL 0:d92f9d21154c 1734 break;
wolfSSL 0:d92f9d21154c 1735 #endif
wolfSSL 0:d92f9d21154c 1736
wolfSSL 0:d92f9d21154c 1737 #ifndef NO_TLS
wolfSSL 0:d92f9d21154c 1738 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 1739 case WOLFSSL_TLSV1:
wolfSSL 0:d92f9d21154c 1740 ssl->version = MakeTLSv1();
wolfSSL 0:d92f9d21154c 1741 break;
wolfSSL 0:d92f9d21154c 1742
wolfSSL 0:d92f9d21154c 1743 case WOLFSSL_TLSV1_1:
wolfSSL 0:d92f9d21154c 1744 ssl->version = MakeTLSv1_1();
wolfSSL 0:d92f9d21154c 1745 break;
wolfSSL 0:d92f9d21154c 1746 #endif
wolfSSL 0:d92f9d21154c 1747 case WOLFSSL_TLSV1_2:
wolfSSL 0:d92f9d21154c 1748 ssl->version = MakeTLSv1_2();
wolfSSL 0:d92f9d21154c 1749 break;
wolfSSL 0:d92f9d21154c 1750 #endif
wolfSSL 0:d92f9d21154c 1751
wolfSSL 0:d92f9d21154c 1752 default:
wolfSSL 0:d92f9d21154c 1753 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 1754 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 1755 }
wolfSSL 0:d92f9d21154c 1756
wolfSSL 0:d92f9d21154c 1757 #ifdef NO_RSA
wolfSSL 0:d92f9d21154c 1758 haveRSA = 0;
wolfSSL 0:d92f9d21154c 1759 #endif
wolfSSL 0:d92f9d21154c 1760 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 1761 havePSK = ssl->options.havePSK;
wolfSSL 0:d92f9d21154c 1762 #endif
wolfSSL 0:d92f9d21154c 1763
wolfSSL 0:d92f9d21154c 1764 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:d92f9d21154c 1765 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:d92f9d21154c 1766 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:d92f9d21154c 1767
wolfSSL 0:d92f9d21154c 1768 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 1769 }
wolfSSL 0:d92f9d21154c 1770 #endif /* !leanpsk */
wolfSSL 0:d92f9d21154c 1771
wolfSSL 0:d92f9d21154c 1772
wolfSSL 0:d92f9d21154c 1773 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 0:d92f9d21154c 1774
wolfSSL 0:d92f9d21154c 1775 /* Make a work from the front of random hash */
wolfSSL 0:d92f9d21154c 1776 static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 0:d92f9d21154c 1777 {
wolfSSL 0:d92f9d21154c 1778 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
wolfSSL 0:d92f9d21154c 1779 hashID[3];
wolfSSL 0:d92f9d21154c 1780 }
wolfSSL 0:d92f9d21154c 1781
wolfSSL 0:d92f9d21154c 1782 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 1783
wolfSSL 0:d92f9d21154c 1784
wolfSSL 0:d92f9d21154c 1785 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 1786
wolfSSL 0:d92f9d21154c 1787 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 0:d92f9d21154c 1788 static INLINE word32 HashSigner(const byte* hash)
wolfSSL 0:d92f9d21154c 1789 {
wolfSSL 0:d92f9d21154c 1790 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 0:d92f9d21154c 1791 }
wolfSSL 0:d92f9d21154c 1792
wolfSSL 0:d92f9d21154c 1793
wolfSSL 0:d92f9d21154c 1794 /* does CA already exist on signer list */
wolfSSL 0:d92f9d21154c 1795 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 0:d92f9d21154c 1796 {
wolfSSL 0:d92f9d21154c 1797 Signer* signers;
wolfSSL 0:d92f9d21154c 1798 int ret = 0;
wolfSSL 0:d92f9d21154c 1799 word32 row = HashSigner(hash);
wolfSSL 0:d92f9d21154c 1800
wolfSSL 0:d92f9d21154c 1801 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:d92f9d21154c 1802 return ret;
wolfSSL 0:d92f9d21154c 1803 signers = cm->caTable[row];
wolfSSL 0:d92f9d21154c 1804 while (signers) {
wolfSSL 0:d92f9d21154c 1805 byte* subjectHash;
wolfSSL 0:d92f9d21154c 1806 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1807 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:d92f9d21154c 1808 #else
wolfSSL 0:d92f9d21154c 1809 subjectHash = signers->subjectNameHash;
wolfSSL 0:d92f9d21154c 1810 #endif
wolfSSL 0:d92f9d21154c 1811 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 0:d92f9d21154c 1812 ret = 1;
wolfSSL 0:d92f9d21154c 1813 break;
wolfSSL 0:d92f9d21154c 1814 }
wolfSSL 0:d92f9d21154c 1815 signers = signers->next;
wolfSSL 0:d92f9d21154c 1816 }
wolfSSL 0:d92f9d21154c 1817 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1818
wolfSSL 0:d92f9d21154c 1819 return ret;
wolfSSL 0:d92f9d21154c 1820 }
wolfSSL 0:d92f9d21154c 1821
wolfSSL 0:d92f9d21154c 1822
wolfSSL 0:d92f9d21154c 1823 /* return CA if found, otherwise NULL */
wolfSSL 0:d92f9d21154c 1824 Signer* GetCA(void* vp, byte* hash)
wolfSSL 0:d92f9d21154c 1825 {
wolfSSL 0:d92f9d21154c 1826 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 0:d92f9d21154c 1827 Signer* ret = NULL;
wolfSSL 0:d92f9d21154c 1828 Signer* signers;
wolfSSL 0:d92f9d21154c 1829 word32 row = HashSigner(hash);
wolfSSL 0:d92f9d21154c 1830
wolfSSL 0:d92f9d21154c 1831 if (cm == NULL)
wolfSSL 0:d92f9d21154c 1832 return NULL;
wolfSSL 0:d92f9d21154c 1833
wolfSSL 0:d92f9d21154c 1834 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:d92f9d21154c 1835 return ret;
wolfSSL 0:d92f9d21154c 1836
wolfSSL 0:d92f9d21154c 1837 signers = cm->caTable[row];
wolfSSL 0:d92f9d21154c 1838 while (signers) {
wolfSSL 0:d92f9d21154c 1839 byte* subjectHash;
wolfSSL 0:d92f9d21154c 1840 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1841 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:d92f9d21154c 1842 #else
wolfSSL 0:d92f9d21154c 1843 subjectHash = signers->subjectNameHash;
wolfSSL 0:d92f9d21154c 1844 #endif
wolfSSL 0:d92f9d21154c 1845 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 0:d92f9d21154c 1846 ret = signers;
wolfSSL 0:d92f9d21154c 1847 break;
wolfSSL 0:d92f9d21154c 1848 }
wolfSSL 0:d92f9d21154c 1849 signers = signers->next;
wolfSSL 0:d92f9d21154c 1850 }
wolfSSL 0:d92f9d21154c 1851 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1852
wolfSSL 0:d92f9d21154c 1853 return ret;
wolfSSL 0:d92f9d21154c 1854 }
wolfSSL 0:d92f9d21154c 1855
wolfSSL 0:d92f9d21154c 1856
wolfSSL 0:d92f9d21154c 1857 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1858 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 0:d92f9d21154c 1859 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 0:d92f9d21154c 1860 {
wolfSSL 0:d92f9d21154c 1861 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 0:d92f9d21154c 1862 Signer* ret = NULL;
wolfSSL 0:d92f9d21154c 1863 Signer* signers;
wolfSSL 0:d92f9d21154c 1864 word32 row;
wolfSSL 0:d92f9d21154c 1865
wolfSSL 0:d92f9d21154c 1866 if (cm == NULL)
wolfSSL 0:d92f9d21154c 1867 return NULL;
wolfSSL 0:d92f9d21154c 1868
wolfSSL 0:d92f9d21154c 1869 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:d92f9d21154c 1870 return ret;
wolfSSL 0:d92f9d21154c 1871
wolfSSL 0:d92f9d21154c 1872 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 0:d92f9d21154c 1873 signers = cm->caTable[row];
wolfSSL 0:d92f9d21154c 1874 while (signers && ret == NULL) {
wolfSSL 0:d92f9d21154c 1875 if (XMEMCMP(hash,
wolfSSL 0:d92f9d21154c 1876 signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 0:d92f9d21154c 1877 ret = signers;
wolfSSL 0:d92f9d21154c 1878 }
wolfSSL 0:d92f9d21154c 1879 signers = signers->next;
wolfSSL 0:d92f9d21154c 1880 }
wolfSSL 0:d92f9d21154c 1881 }
wolfSSL 0:d92f9d21154c 1882 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1883
wolfSSL 0:d92f9d21154c 1884 return ret;
wolfSSL 0:d92f9d21154c 1885 }
wolfSSL 0:d92f9d21154c 1886 #endif
wolfSSL 0:d92f9d21154c 1887
wolfSSL 0:d92f9d21154c 1888
wolfSSL 0:d92f9d21154c 1889 /* owns der, internal now uses too */
wolfSSL 0:d92f9d21154c 1890 /* type flag ids from user or from chain received during verify
wolfSSL 0:d92f9d21154c 1891 don't allow chain ones to be added w/o isCA extension */
wolfSSL 0:d92f9d21154c 1892 int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
wolfSSL 0:d92f9d21154c 1893 {
wolfSSL 0:d92f9d21154c 1894 int ret;
wolfSSL 0:d92f9d21154c 1895 Signer* signer = 0;
wolfSSL 0:d92f9d21154c 1896 word32 row;
wolfSSL 0:d92f9d21154c 1897 byte* subjectHash;
wolfSSL 0:d92f9d21154c 1898 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1899 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 1900 #else
wolfSSL 0:d92f9d21154c 1901 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 1902 #endif
wolfSSL 0:d92f9d21154c 1903
wolfSSL 0:d92f9d21154c 1904 WOLFSSL_MSG("Adding a CA");
wolfSSL 0:d92f9d21154c 1905
wolfSSL 0:d92f9d21154c 1906 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1907 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 1908 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1909 if (cert == NULL)
wolfSSL 0:d92f9d21154c 1910 return MEMORY_E;
wolfSSL 0:d92f9d21154c 1911 #endif
wolfSSL 0:d92f9d21154c 1912
wolfSSL 0:d92f9d21154c 1913 InitDecodedCert(cert, der.buffer, der.length, cm->heap);
wolfSSL 0:d92f9d21154c 1914 ret = ParseCert(cert, CA_TYPE, verify, cm);
wolfSSL 0:d92f9d21154c 1915 WOLFSSL_MSG(" Parsed new CA");
wolfSSL 0:d92f9d21154c 1916
wolfSSL 0:d92f9d21154c 1917 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1918 subjectHash = cert->extSubjKeyId;
wolfSSL 0:d92f9d21154c 1919 #else
wolfSSL 0:d92f9d21154c 1920 subjectHash = cert->subjectHash;
wolfSSL 0:d92f9d21154c 1921 #endif
wolfSSL 0:d92f9d21154c 1922
wolfSSL 0:d92f9d21154c 1923 if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
wolfSSL 0:d92f9d21154c 1924 WOLFSSL_MSG(" Can't add as CA if not actually one");
wolfSSL 0:d92f9d21154c 1925 ret = NOT_CA_ERROR;
wolfSSL 0:d92f9d21154c 1926 }
wolfSSL 0:d92f9d21154c 1927 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 0:d92f9d21154c 1928 else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
wolfSSL 0:d92f9d21154c 1929 (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 0:d92f9d21154c 1930 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 0:d92f9d21154c 1931 * extension set. User loaded root certs are not. */
wolfSSL 0:d92f9d21154c 1932 WOLFSSL_MSG(" Doesn't have key usage certificate signing");
wolfSSL 0:d92f9d21154c 1933 ret = NOT_CA_ERROR;
wolfSSL 0:d92f9d21154c 1934 }
wolfSSL 0:d92f9d21154c 1935 #endif
wolfSSL 0:d92f9d21154c 1936 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 0:d92f9d21154c 1937 WOLFSSL_MSG(" Already have this CA, not adding again");
wolfSSL 0:d92f9d21154c 1938 (void)ret;
wolfSSL 0:d92f9d21154c 1939 }
wolfSSL 0:d92f9d21154c 1940 else if (ret == 0) {
wolfSSL 0:d92f9d21154c 1941 /* take over signer parts */
wolfSSL 0:d92f9d21154c 1942 signer = MakeSigner(cm->heap);
wolfSSL 0:d92f9d21154c 1943 if (!signer)
wolfSSL 0:d92f9d21154c 1944 ret = MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 1945 else {
wolfSSL 0:d92f9d21154c 1946 signer->keyOID = cert->keyOID;
wolfSSL 0:d92f9d21154c 1947 signer->publicKey = cert->publicKey;
wolfSSL 0:d92f9d21154c 1948 signer->pubKeySize = cert->pubKeySize;
wolfSSL 0:d92f9d21154c 1949 signer->nameLen = cert->subjectCNLen;
wolfSSL 0:d92f9d21154c 1950 signer->name = cert->subjectCN;
wolfSSL 0:d92f9d21154c 1951 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:d92f9d21154c 1952 signer->permittedNames = cert->permittedNames;
wolfSSL 0:d92f9d21154c 1953 signer->excludedNames = cert->excludedNames;
wolfSSL 0:d92f9d21154c 1954 #endif
wolfSSL 0:d92f9d21154c 1955 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1956 XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 0:d92f9d21154c 1957 SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 1958 #endif
wolfSSL 0:d92f9d21154c 1959 XMEMCPY(signer->subjectNameHash, cert->subjectHash,
wolfSSL 0:d92f9d21154c 1960 SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 1961 signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
wolfSSL 0:d92f9d21154c 1962 : 0xFFFF;
wolfSSL 0:d92f9d21154c 1963 signer->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 0:d92f9d21154c 1964 cert->publicKey = 0; /* in case lock fails don't free here. */
wolfSSL 0:d92f9d21154c 1965 cert->subjectCN = 0;
wolfSSL 0:d92f9d21154c 1966 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:d92f9d21154c 1967 cert->permittedNames = NULL;
wolfSSL 0:d92f9d21154c 1968 cert->excludedNames = NULL;
wolfSSL 0:d92f9d21154c 1969 #endif
wolfSSL 0:d92f9d21154c 1970
wolfSSL 0:d92f9d21154c 1971 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 1972 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 0:d92f9d21154c 1973 #else
wolfSSL 0:d92f9d21154c 1974 row = HashSigner(signer->subjectNameHash);
wolfSSL 0:d92f9d21154c 1975 #endif
wolfSSL 0:d92f9d21154c 1976
wolfSSL 0:d92f9d21154c 1977 if (LockMutex(&cm->caLock) == 0) {
wolfSSL 0:d92f9d21154c 1978 signer->next = cm->caTable[row];
wolfSSL 0:d92f9d21154c 1979 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 0:d92f9d21154c 1980 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 1981 if (cm->caCacheCallback)
wolfSSL 0:d92f9d21154c 1982 cm->caCacheCallback(der.buffer, (int)der.length, type);
wolfSSL 0:d92f9d21154c 1983 }
wolfSSL 0:d92f9d21154c 1984 else {
wolfSSL 0:d92f9d21154c 1985 WOLFSSL_MSG(" CA Mutex Lock failed");
wolfSSL 0:d92f9d21154c 1986 ret = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 1987 FreeSigner(signer, cm->heap);
wolfSSL 0:d92f9d21154c 1988 }
wolfSSL 0:d92f9d21154c 1989 }
wolfSSL 0:d92f9d21154c 1990 }
wolfSSL 0:d92f9d21154c 1991
wolfSSL 0:d92f9d21154c 1992 WOLFSSL_MSG(" Freeing Parsed CA");
wolfSSL 0:d92f9d21154c 1993 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 1994 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 1995 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 1996 #endif
wolfSSL 0:d92f9d21154c 1997 WOLFSSL_MSG(" Freeing der CA");
wolfSSL 0:d92f9d21154c 1998 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
wolfSSL 0:d92f9d21154c 1999 WOLFSSL_MSG(" OK Freeing der CA");
wolfSSL 0:d92f9d21154c 2000
wolfSSL 0:d92f9d21154c 2001 WOLFSSL_LEAVE("AddCA", ret);
wolfSSL 0:d92f9d21154c 2002
wolfSSL 0:d92f9d21154c 2003 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 0:d92f9d21154c 2004 }
wolfSSL 0:d92f9d21154c 2005
wolfSSL 0:d92f9d21154c 2006 #endif /* !NO_CERTS */
wolfSSL 0:d92f9d21154c 2007
wolfSSL 0:d92f9d21154c 2008
wolfSSL 0:d92f9d21154c 2009 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 2010
wolfSSL 0:d92f9d21154c 2011 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 0:d92f9d21154c 2012 embedded servers
wolfSSL 0:d92f9d21154c 2013
wolfSSL 0:d92f9d21154c 2014 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 0:d92f9d21154c 2015 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 0:d92f9d21154c 2016
wolfSSL 0:d92f9d21154c 2017 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 0:d92f9d21154c 2018
wolfSSL 0:d92f9d21154c 2019 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 0:d92f9d21154c 2020 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 0:d92f9d21154c 2021 second
wolfSSL 0:d92f9d21154c 2022
wolfSSL 0:d92f9d21154c 2023 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 0:d92f9d21154c 2024 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 0:d92f9d21154c 2025 uses less than 500 bytes RAM
wolfSSL 0:d92f9d21154c 2026
wolfSSL 0:d92f9d21154c 2027 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 0:d92f9d21154c 2028 */
wolfSSL 0:d92f9d21154c 2029 #ifdef HUGE_SESSION_CACHE
wolfSSL 0:d92f9d21154c 2030 #define SESSIONS_PER_ROW 11
wolfSSL 0:d92f9d21154c 2031 #define SESSION_ROWS 5981
wolfSSL 0:d92f9d21154c 2032 #elif defined(BIG_SESSION_CACHE)
wolfSSL 0:d92f9d21154c 2033 #define SESSIONS_PER_ROW 7
wolfSSL 0:d92f9d21154c 2034 #define SESSION_ROWS 2861
wolfSSL 0:d92f9d21154c 2035 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 0:d92f9d21154c 2036 #define SESSIONS_PER_ROW 5
wolfSSL 0:d92f9d21154c 2037 #define SESSION_ROWS 211
wolfSSL 0:d92f9d21154c 2038 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 0:d92f9d21154c 2039 #define SESSIONS_PER_ROW 2
wolfSSL 0:d92f9d21154c 2040 #define SESSION_ROWS 3
wolfSSL 0:d92f9d21154c 2041 #else
wolfSSL 0:d92f9d21154c 2042 #define SESSIONS_PER_ROW 3
wolfSSL 0:d92f9d21154c 2043 #define SESSION_ROWS 11
wolfSSL 0:d92f9d21154c 2044 #endif
wolfSSL 0:d92f9d21154c 2045
wolfSSL 0:d92f9d21154c 2046 typedef struct SessionRow {
wolfSSL 0:d92f9d21154c 2047 int nextIdx; /* where to place next one */
wolfSSL 0:d92f9d21154c 2048 int totalCount; /* sessions ever on this row */
wolfSSL 0:d92f9d21154c 2049 WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 0:d92f9d21154c 2050 } SessionRow;
wolfSSL 0:d92f9d21154c 2051
wolfSSL 0:d92f9d21154c 2052 static SessionRow SessionCache[SESSION_ROWS];
wolfSSL 0:d92f9d21154c 2053
wolfSSL 0:d92f9d21154c 2054 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 0:d92f9d21154c 2055 static word32 PeakSessions;
wolfSSL 0:d92f9d21154c 2056 #endif
wolfSSL 0:d92f9d21154c 2057
wolfSSL 0:d92f9d21154c 2058 static wolfSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 0:d92f9d21154c 2059
wolfSSL 0:d92f9d21154c 2060 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 2061
wolfSSL 0:d92f9d21154c 2062 typedef struct ClientSession {
wolfSSL 0:d92f9d21154c 2063 word16 serverRow; /* SessionCache Row id */
wolfSSL 0:d92f9d21154c 2064 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 0:d92f9d21154c 2065 } ClientSession;
wolfSSL 0:d92f9d21154c 2066
wolfSSL 0:d92f9d21154c 2067 typedef struct ClientRow {
wolfSSL 0:d92f9d21154c 2068 int nextIdx; /* where to place next one */
wolfSSL 0:d92f9d21154c 2069 int totalCount; /* sessions ever on this row */
wolfSSL 0:d92f9d21154c 2070 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 0:d92f9d21154c 2071 } ClientRow;
wolfSSL 0:d92f9d21154c 2072
wolfSSL 0:d92f9d21154c 2073 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL 0:d92f9d21154c 2074 /* uses session mutex */
wolfSSL 0:d92f9d21154c 2075 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 2076
wolfSSL 0:d92f9d21154c 2077 #endif /* NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 2078
wolfSSL 0:d92f9d21154c 2079
wolfSSL 0:d92f9d21154c 2080 int wolfSSL_Init(void)
wolfSSL 0:d92f9d21154c 2081 {
wolfSSL 0:d92f9d21154c 2082 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2083
wolfSSL 0:d92f9d21154c 2084 WOLFSSL_ENTER("wolfSSL_Init");
wolfSSL 0:d92f9d21154c 2085
wolfSSL 0:d92f9d21154c 2086 if (initRefCount == 0) {
wolfSSL 0:d92f9d21154c 2087 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 2088 if (InitMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 2089 ret = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 2090 #endif
wolfSSL 0:d92f9d21154c 2091 if (InitMutex(&count_mutex) != 0)
wolfSSL 0:d92f9d21154c 2092 ret = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 2093 }
wolfSSL 0:d92f9d21154c 2094 if (ret == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 2095 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:d92f9d21154c 2096 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 0:d92f9d21154c 2097 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 2098 }
wolfSSL 0:d92f9d21154c 2099 initRefCount++;
wolfSSL 0:d92f9d21154c 2100 UnLockMutex(&count_mutex);
wolfSSL 0:d92f9d21154c 2101 }
wolfSSL 0:d92f9d21154c 2102
wolfSSL 0:d92f9d21154c 2103 return ret;
wolfSSL 0:d92f9d21154c 2104 }
wolfSSL 0:d92f9d21154c 2105
wolfSSL 0:d92f9d21154c 2106
wolfSSL 0:d92f9d21154c 2107 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 2108
wolfSSL 0:d92f9d21154c 2109 static const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
wolfSSL 0:d92f9d21154c 2110 static const char* END_CERT = "-----END CERTIFICATE-----";
wolfSSL 0:d92f9d21154c 2111 static const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
wolfSSL 0:d92f9d21154c 2112 static const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
wolfSSL 0:d92f9d21154c 2113 static const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
wolfSSL 0:d92f9d21154c 2114 static const char* END_DH_PARAM = "-----END DH PARAMETERS-----";
wolfSSL 0:d92f9d21154c 2115 static const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
wolfSSL 0:d92f9d21154c 2116 static const char* END_X509_CRL = "-----END X509 CRL-----";
wolfSSL 0:d92f9d21154c 2117 static const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2118 static const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2119 static const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2120 static const char* END_PRIV_KEY = "-----END PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2121 static const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2122 static const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2123 static const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2124 static const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2125 static const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2126 static const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
wolfSSL 0:d92f9d21154c 2127
wolfSSL 0:d92f9d21154c 2128 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL 0:d92f9d21154c 2129 info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL 0:d92f9d21154c 2130 int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL 0:d92f9d21154c 2131 buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL 0:d92f9d21154c 2132 {
wolfSSL 0:d92f9d21154c 2133 const char* header = NULL;
wolfSSL 0:d92f9d21154c 2134 const char* footer = NULL;
wolfSSL 0:d92f9d21154c 2135 char* headerEnd;
wolfSSL 0:d92f9d21154c 2136 char* footerEnd;
wolfSSL 0:d92f9d21154c 2137 char* consumedEnd;
wolfSSL 0:d92f9d21154c 2138 char* bufferEnd = (char*)(buff + longSz);
wolfSSL 0:d92f9d21154c 2139 long neededSz;
wolfSSL 0:d92f9d21154c 2140 int ret = 0;
wolfSSL 0:d92f9d21154c 2141 int dynamicType = 0;
wolfSSL 0:d92f9d21154c 2142 int sz = (int)longSz;
wolfSSL 0:d92f9d21154c 2143
wolfSSL 0:d92f9d21154c 2144 switch (type) {
wolfSSL 0:d92f9d21154c 2145 case CA_TYPE: /* same as below */
wolfSSL 0:d92f9d21154c 2146 case CERT_TYPE: header= BEGIN_CERT; footer= END_CERT; break;
wolfSSL 0:d92f9d21154c 2147 case CRL_TYPE: header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
wolfSSL 0:d92f9d21154c 2148 case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
wolfSSL 0:d92f9d21154c 2149 case CERTREQ_TYPE: header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
wolfSSL 0:d92f9d21154c 2150 default: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
wolfSSL 0:d92f9d21154c 2151 }
wolfSSL 0:d92f9d21154c 2152
wolfSSL 0:d92f9d21154c 2153 switch (type) {
wolfSSL 0:d92f9d21154c 2154 case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break;
wolfSSL 0:d92f9d21154c 2155 case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
wolfSSL 0:d92f9d21154c 2156 case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break;
wolfSSL 0:d92f9d21154c 2157 default: dynamicType = DYNAMIC_TYPE_KEY; break;
wolfSSL 0:d92f9d21154c 2158 }
wolfSSL 0:d92f9d21154c 2159
wolfSSL 0:d92f9d21154c 2160 /* find header */
wolfSSL 0:d92f9d21154c 2161 for (;;) {
wolfSSL 0:d92f9d21154c 2162 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:d92f9d21154c 2163
wolfSSL 0:d92f9d21154c 2164 if (headerEnd || type != PRIVATEKEY_TYPE) {
wolfSSL 0:d92f9d21154c 2165 break;
wolfSSL 0:d92f9d21154c 2166 } else if (header == BEGIN_RSA_PRIV) {
wolfSSL 0:d92f9d21154c 2167 header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
wolfSSL 0:d92f9d21154c 2168 } else if (header == BEGIN_PRIV_KEY) {
wolfSSL 0:d92f9d21154c 2169 header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
wolfSSL 0:d92f9d21154c 2170 } else if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 0:d92f9d21154c 2171 header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
wolfSSL 0:d92f9d21154c 2172 } else if (header == BEGIN_EC_PRIV) {
wolfSSL 0:d92f9d21154c 2173 header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
wolfSSL 0:d92f9d21154c 2174 } else
wolfSSL 0:d92f9d21154c 2175 break;
wolfSSL 0:d92f9d21154c 2176 }
wolfSSL 0:d92f9d21154c 2177
wolfSSL 0:d92f9d21154c 2178 if (!headerEnd) {
wolfSSL 0:d92f9d21154c 2179 WOLFSSL_MSG("Couldn't find PEM header");
wolfSSL 0:d92f9d21154c 2180 return SSL_NO_PEM_HEADER;
wolfSSL 0:d92f9d21154c 2181 }
wolfSSL 0:d92f9d21154c 2182
wolfSSL 0:d92f9d21154c 2183 headerEnd += XSTRLEN(header);
wolfSSL 0:d92f9d21154c 2184
wolfSSL 0:d92f9d21154c 2185 /* eat end of line */
wolfSSL 0:d92f9d21154c 2186 if (headerEnd[0] == '\n')
wolfSSL 0:d92f9d21154c 2187 headerEnd++;
wolfSSL 0:d92f9d21154c 2188 else if (headerEnd[1] == '\n')
wolfSSL 0:d92f9d21154c 2189 headerEnd += 2;
wolfSSL 0:d92f9d21154c 2190 else
wolfSSL 0:d92f9d21154c 2191 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2192
wolfSSL 0:d92f9d21154c 2193 if (type == PRIVATEKEY_TYPE) {
wolfSSL 0:d92f9d21154c 2194 if (eccKey)
wolfSSL 0:d92f9d21154c 2195 *eccKey = header == BEGIN_EC_PRIV;
wolfSSL 0:d92f9d21154c 2196 }
wolfSSL 0:d92f9d21154c 2197
wolfSSL 0:d92f9d21154c 2198 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 2199 {
wolfSSL 0:d92f9d21154c 2200 /* remove encrypted header if there */
wolfSSL 0:d92f9d21154c 2201 char encHeader[] = "Proc-Type";
wolfSSL 0:d92f9d21154c 2202 char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2203 if (line) {
wolfSSL 0:d92f9d21154c 2204 char* newline;
wolfSSL 0:d92f9d21154c 2205 char* finish;
wolfSSL 0:d92f9d21154c 2206 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2207
wolfSSL 0:d92f9d21154c 2208 if (!start)
wolfSSL 0:d92f9d21154c 2209 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2210
wolfSSL 0:d92f9d21154c 2211 if (!start) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2212 if (!info) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2213
wolfSSL 0:d92f9d21154c 2214 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2215
wolfSSL 0:d92f9d21154c 2216 if (start && finish && (start < finish)) {
wolfSSL 0:d92f9d21154c 2217 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2218
wolfSSL 0:d92f9d21154c 2219 XMEMCPY(info->name, start, finish - start);
wolfSSL 0:d92f9d21154c 2220 info->name[finish - start] = 0;
wolfSSL 0:d92f9d21154c 2221 XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
wolfSSL 0:d92f9d21154c 2222
wolfSSL 0:d92f9d21154c 2223 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL 0:d92f9d21154c 2224 if (newline && (newline > finish)) {
wolfSSL 0:d92f9d21154c 2225 info->ivSz = (word32)(newline - (finish + 1));
wolfSSL 0:d92f9d21154c 2226 info->set = 1;
wolfSSL 0:d92f9d21154c 2227 }
wolfSSL 0:d92f9d21154c 2228 else
wolfSSL 0:d92f9d21154c 2229 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2230 }
wolfSSL 0:d92f9d21154c 2231 else
wolfSSL 0:d92f9d21154c 2232 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2233
wolfSSL 0:d92f9d21154c 2234 /* eat blank line */
wolfSSL 0:d92f9d21154c 2235 while (*newline == '\r' || *newline == '\n')
wolfSSL 0:d92f9d21154c 2236 newline++;
wolfSSL 0:d92f9d21154c 2237 headerEnd = newline;
wolfSSL 0:d92f9d21154c 2238 }
wolfSSL 0:d92f9d21154c 2239 }
wolfSSL 0:d92f9d21154c 2240 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:d92f9d21154c 2241
wolfSSL 0:d92f9d21154c 2242 /* find footer */
wolfSSL 0:d92f9d21154c 2243 footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL 0:d92f9d21154c 2244 if (!footerEnd)
wolfSSL 0:d92f9d21154c 2245 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2246
wolfSSL 0:d92f9d21154c 2247 consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL 0:d92f9d21154c 2248
wolfSSL 0:d92f9d21154c 2249 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL 0:d92f9d21154c 2250 /* eat end of line */
wolfSSL 0:d92f9d21154c 2251 if (consumedEnd[0] == '\n')
wolfSSL 0:d92f9d21154c 2252 consumedEnd++;
wolfSSL 0:d92f9d21154c 2253 else if (consumedEnd[1] == '\n')
wolfSSL 0:d92f9d21154c 2254 consumedEnd += 2;
wolfSSL 0:d92f9d21154c 2255 else
wolfSSL 0:d92f9d21154c 2256 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2257 }
wolfSSL 0:d92f9d21154c 2258
wolfSSL 0:d92f9d21154c 2259 if (info)
wolfSSL 0:d92f9d21154c 2260 info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL 0:d92f9d21154c 2261
wolfSSL 0:d92f9d21154c 2262 /* set up der buffer */
wolfSSL 0:d92f9d21154c 2263 neededSz = (long)(footerEnd - headerEnd);
wolfSSL 0:d92f9d21154c 2264 if (neededSz > sz || neededSz < 0)
wolfSSL 0:d92f9d21154c 2265 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2266
wolfSSL 0:d92f9d21154c 2267 der->buffer = (byte*)XMALLOC(neededSz, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2268 if (!der->buffer)
wolfSSL 0:d92f9d21154c 2269 return MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 2270
wolfSSL 0:d92f9d21154c 2271 der->length = (word32)neededSz;
wolfSSL 0:d92f9d21154c 2272
wolfSSL 0:d92f9d21154c 2273 if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
wolfSSL 0:d92f9d21154c 2274 &der->length) < 0)
wolfSSL 0:d92f9d21154c 2275 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2276
wolfSSL 0:d92f9d21154c 2277 if (header == BEGIN_PRIV_KEY) {
wolfSSL 0:d92f9d21154c 2278 /* pkcs8 key, convert and adjust length */
wolfSSL 0:d92f9d21154c 2279 if ((ret = ToTraditional(der->buffer, der->length)) < 0)
wolfSSL 0:d92f9d21154c 2280 return ret;
wolfSSL 0:d92f9d21154c 2281
wolfSSL 0:d92f9d21154c 2282 der->length = ret;
wolfSSL 0:d92f9d21154c 2283 return 0;
wolfSSL 0:d92f9d21154c 2284 }
wolfSSL 0:d92f9d21154c 2285
wolfSSL 0:d92f9d21154c 2286 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL 0:d92f9d21154c 2287 if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 0:d92f9d21154c 2288 int passwordSz;
wolfSSL 0:d92f9d21154c 2289 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2290 char* password = NULL;
wolfSSL 0:d92f9d21154c 2291 #else
wolfSSL 0:d92f9d21154c 2292 char password[80];
wolfSSL 0:d92f9d21154c 2293 #endif
wolfSSL 0:d92f9d21154c 2294
wolfSSL 0:d92f9d21154c 2295 if (!info || !info->ctx || !info->ctx->passwd_cb)
wolfSSL 0:d92f9d21154c 2296 return SSL_BAD_FILE; /* no callback error */
wolfSSL 0:d92f9d21154c 2297
wolfSSL 0:d92f9d21154c 2298 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2299 password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2300 if (password == NULL)
wolfSSL 0:d92f9d21154c 2301 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2302 #endif
wolfSSL 0:d92f9d21154c 2303 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:d92f9d21154c 2304 info->ctx->userdata);
wolfSSL 0:d92f9d21154c 2305 /* convert and adjust length */
wolfSSL 0:d92f9d21154c 2306 ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
wolfSSL 0:d92f9d21154c 2307
wolfSSL 0:d92f9d21154c 2308 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2309 XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2310 #endif
wolfSSL 0:d92f9d21154c 2311
wolfSSL 0:d92f9d21154c 2312 if (ret < 0)
wolfSSL 0:d92f9d21154c 2313 return ret;
wolfSSL 0:d92f9d21154c 2314
wolfSSL 0:d92f9d21154c 2315 der->length = ret;
wolfSSL 0:d92f9d21154c 2316 return 0;
wolfSSL 0:d92f9d21154c 2317 }
wolfSSL 0:d92f9d21154c 2318 #endif
wolfSSL 0:d92f9d21154c 2319
wolfSSL 0:d92f9d21154c 2320 return 0;
wolfSSL 0:d92f9d21154c 2321 }
wolfSSL 0:d92f9d21154c 2322
wolfSSL 0:d92f9d21154c 2323
wolfSSL 0:d92f9d21154c 2324 /* process the buffer buff, legnth sz, into ctx of format and type
wolfSSL 0:d92f9d21154c 2325 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 0:d92f9d21154c 2326 to pass during the handshake */
wolfSSL 0:d92f9d21154c 2327 static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:d92f9d21154c 2328 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 2329 long* used, int userChain)
wolfSSL 0:d92f9d21154c 2330 {
wolfSSL 0:d92f9d21154c 2331 buffer der; /* holds DER or RAW (for NTRU) */
wolfSSL 0:d92f9d21154c 2332 int ret;
wolfSSL 0:d92f9d21154c 2333 int dynamicType = 0;
wolfSSL 0:d92f9d21154c 2334 int eccKey = 0;
wolfSSL 0:d92f9d21154c 2335 int rsaKey = 0;
wolfSSL 0:d92f9d21154c 2336 void* heap = ctx ? ctx->heap : NULL;
wolfSSL 0:d92f9d21154c 2337 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2338 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 2339 #else
wolfSSL 0:d92f9d21154c 2340 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 2341 #endif
wolfSSL 0:d92f9d21154c 2342
wolfSSL 0:d92f9d21154c 2343 (void)dynamicType;
wolfSSL 0:d92f9d21154c 2344 (void)rsaKey;
wolfSSL 0:d92f9d21154c 2345
wolfSSL 0:d92f9d21154c 2346 if (used)
wolfSSL 0:d92f9d21154c 2347 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 0:d92f9d21154c 2348
wolfSSL 0:d92f9d21154c 2349 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL 0:d92f9d21154c 2350 && format != SSL_FILETYPE_RAW)
wolfSSL 0:d92f9d21154c 2351 return SSL_BAD_FILETYPE;
wolfSSL 0:d92f9d21154c 2352
wolfSSL 0:d92f9d21154c 2353 if (ctx == NULL && ssl == NULL)
wolfSSL 0:d92f9d21154c 2354 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2355
wolfSSL 0:d92f9d21154c 2356 if (type == CA_TYPE)
wolfSSL 0:d92f9d21154c 2357 dynamicType = DYNAMIC_TYPE_CA;
wolfSSL 0:d92f9d21154c 2358 else if (type == CERT_TYPE)
wolfSSL 0:d92f9d21154c 2359 dynamicType = DYNAMIC_TYPE_CERT;
wolfSSL 0:d92f9d21154c 2360 else
wolfSSL 0:d92f9d21154c 2361 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:d92f9d21154c 2362
wolfSSL 0:d92f9d21154c 2363 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2364 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 2365 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2366 if (info == NULL)
wolfSSL 0:d92f9d21154c 2367 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2368 #endif
wolfSSL 0:d92f9d21154c 2369
wolfSSL 0:d92f9d21154c 2370 info->set = 0;
wolfSSL 0:d92f9d21154c 2371 info->ctx = ctx;
wolfSSL 0:d92f9d21154c 2372 info->consumed = 0;
wolfSSL 0:d92f9d21154c 2373 der.buffer = 0;
wolfSSL 0:d92f9d21154c 2374
wolfSSL 0:d92f9d21154c 2375 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:d92f9d21154c 2376 ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
wolfSSL 0:d92f9d21154c 2377 if (ret < 0) {
wolfSSL 0:d92f9d21154c 2378 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2379 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2380 #endif
wolfSSL 0:d92f9d21154c 2381 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2382 return ret;
wolfSSL 0:d92f9d21154c 2383 }
wolfSSL 0:d92f9d21154c 2384
wolfSSL 0:d92f9d21154c 2385 if (used)
wolfSSL 0:d92f9d21154c 2386 *used = info->consumed;
wolfSSL 0:d92f9d21154c 2387
wolfSSL 0:d92f9d21154c 2388 /* we may have a user cert chain, try to consume */
wolfSSL 0:d92f9d21154c 2389 if (userChain && type == CERT_TYPE && info->consumed < sz) {
wolfSSL 0:d92f9d21154c 2390 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2391 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 2392 #else
wolfSSL 0:d92f9d21154c 2393 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 0:d92f9d21154c 2394 #endif
wolfSSL 0:d92f9d21154c 2395 byte* chainBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 2396 byte* shrinked = NULL; /* shrinked to size chainBuffer
wolfSSL 0:d92f9d21154c 2397 * or staticBuffer */
wolfSSL 0:d92f9d21154c 2398 int dynamicBuffer = 0;
wolfSSL 0:d92f9d21154c 2399 word32 bufferSz = sizeof(staticBuffer);
wolfSSL 0:d92f9d21154c 2400 long consumed = info->consumed;
wolfSSL 0:d92f9d21154c 2401 word32 idx = 0;
wolfSSL 0:d92f9d21154c 2402 int gotOne = 0;
wolfSSL 0:d92f9d21154c 2403
wolfSSL 0:d92f9d21154c 2404 if ( (sz - consumed) > (int)bufferSz) {
wolfSSL 0:d92f9d21154c 2405 WOLFSSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 0:d92f9d21154c 2406 bufferSz = (word32)(sz - consumed);
wolfSSL 0:d92f9d21154c 2407 /* will shrink to actual size */
wolfSSL 0:d92f9d21154c 2408 chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 2409 if (chainBuffer == NULL) {
wolfSSL 0:d92f9d21154c 2410 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2411 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2412 #endif
wolfSSL 0:d92f9d21154c 2413 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2414 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2415 }
wolfSSL 0:d92f9d21154c 2416 dynamicBuffer = 1;
wolfSSL 0:d92f9d21154c 2417 }
wolfSSL 0:d92f9d21154c 2418
wolfSSL 0:d92f9d21154c 2419 WOLFSSL_MSG("Processing Cert Chain");
wolfSSL 0:d92f9d21154c 2420 while (consumed < sz) {
wolfSSL 0:d92f9d21154c 2421 buffer part;
wolfSSL 0:d92f9d21154c 2422 info->consumed = 0;
wolfSSL 0:d92f9d21154c 2423 part.buffer = 0;
wolfSSL 0:d92f9d21154c 2424
wolfSSL 0:d92f9d21154c 2425 ret = PemToDer(buff + consumed, sz - consumed, type, &part,
wolfSSL 0:d92f9d21154c 2426 heap, info, &eccKey);
wolfSSL 0:d92f9d21154c 2427 if (ret == 0) {
wolfSSL 0:d92f9d21154c 2428 gotOne = 1;
wolfSSL 0:d92f9d21154c 2429 if ( (idx + part.length) > bufferSz) {
wolfSSL 0:d92f9d21154c 2430 WOLFSSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 0:d92f9d21154c 2431 ret = BUFFER_E;
wolfSSL 0:d92f9d21154c 2432 }
wolfSSL 0:d92f9d21154c 2433 else {
wolfSSL 0:d92f9d21154c 2434 c32to24(part.length, &chainBuffer[idx]);
wolfSSL 0:d92f9d21154c 2435 idx += CERT_HEADER_SZ;
wolfSSL 0:d92f9d21154c 2436 XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
wolfSSL 0:d92f9d21154c 2437 idx += part.length;
wolfSSL 0:d92f9d21154c 2438 consumed += info->consumed;
wolfSSL 0:d92f9d21154c 2439 if (used)
wolfSSL 0:d92f9d21154c 2440 *used += info->consumed;
wolfSSL 0:d92f9d21154c 2441 }
wolfSSL 0:d92f9d21154c 2442 }
wolfSSL 0:d92f9d21154c 2443
wolfSSL 0:d92f9d21154c 2444 XFREE(part.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2445
wolfSSL 0:d92f9d21154c 2446 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:d92f9d21154c 2447 WOLFSSL_MSG("We got one good PEM so stuff at end ok");
wolfSSL 0:d92f9d21154c 2448 break;
wolfSSL 0:d92f9d21154c 2449 }
wolfSSL 0:d92f9d21154c 2450
wolfSSL 0:d92f9d21154c 2451 if (ret < 0) {
wolfSSL 0:d92f9d21154c 2452 WOLFSSL_MSG(" Error in Cert in Chain");
wolfSSL 0:d92f9d21154c 2453 if (dynamicBuffer)
wolfSSL 0:d92f9d21154c 2454 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 2455 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2456 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2457 #endif
wolfSSL 0:d92f9d21154c 2458 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2459 return ret;
wolfSSL 0:d92f9d21154c 2460 }
wolfSSL 0:d92f9d21154c 2461 WOLFSSL_MSG(" Consumed another Cert in Chain");
wolfSSL 0:d92f9d21154c 2462 }
wolfSSL 0:d92f9d21154c 2463 WOLFSSL_MSG("Finished Processing Cert Chain");
wolfSSL 0:d92f9d21154c 2464
wolfSSL 0:d92f9d21154c 2465 /* only retain actual size used */
wolfSSL 0:d92f9d21154c 2466 shrinked = (byte*)XMALLOC(idx, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2467 if (shrinked) {
wolfSSL 0:d92f9d21154c 2468 if (ssl) {
wolfSSL 0:d92f9d21154c 2469 if (ssl->buffers.certChain.buffer &&
wolfSSL 0:d92f9d21154c 2470 ssl->buffers.weOwnCertChain) {
wolfSSL 0:d92f9d21154c 2471 XFREE(ssl->buffers.certChain.buffer, heap,
wolfSSL 0:d92f9d21154c 2472 dynamicType);
wolfSSL 0:d92f9d21154c 2473 }
wolfSSL 0:d92f9d21154c 2474 ssl->buffers.certChain.buffer = shrinked;
wolfSSL 0:d92f9d21154c 2475 ssl->buffers.certChain.length = idx;
wolfSSL 0:d92f9d21154c 2476 XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx);
wolfSSL 0:d92f9d21154c 2477 ssl->buffers.weOwnCertChain = 1;
wolfSSL 0:d92f9d21154c 2478 } else if (ctx) {
wolfSSL 0:d92f9d21154c 2479 if (ctx->certChain.buffer)
wolfSSL 0:d92f9d21154c 2480 XFREE(ctx->certChain.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2481 ctx->certChain.buffer = shrinked;
wolfSSL 0:d92f9d21154c 2482 ctx->certChain.length = idx;
wolfSSL 0:d92f9d21154c 2483 XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
wolfSSL 0:d92f9d21154c 2484 }
wolfSSL 0:d92f9d21154c 2485 }
wolfSSL 0:d92f9d21154c 2486
wolfSSL 0:d92f9d21154c 2487 if (dynamicBuffer)
wolfSSL 0:d92f9d21154c 2488 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 2489
wolfSSL 0:d92f9d21154c 2490 if (shrinked == NULL) {
wolfSSL 0:d92f9d21154c 2491 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2492 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2493 #endif
wolfSSL 0:d92f9d21154c 2494 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2495 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2496 }
wolfSSL 0:d92f9d21154c 2497 }
wolfSSL 0:d92f9d21154c 2498 }
wolfSSL 0:d92f9d21154c 2499 else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 0:d92f9d21154c 2500 der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2501 if (!der.buffer) {
wolfSSL 0:d92f9d21154c 2502 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2503 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2504 #endif
wolfSSL 0:d92f9d21154c 2505 return MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 2506 }
wolfSSL 0:d92f9d21154c 2507
wolfSSL 0:d92f9d21154c 2508 XMEMCPY(der.buffer, buff, sz);
wolfSSL 0:d92f9d21154c 2509 der.length = (word32)sz;
wolfSSL 0:d92f9d21154c 2510 }
wolfSSL 0:d92f9d21154c 2511
wolfSSL 0:d92f9d21154c 2512 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 2513 if (info->set) {
wolfSSL 0:d92f9d21154c 2514 /* decrypt */
wolfSSL 0:d92f9d21154c 2515 int passwordSz;
wolfSSL 0:d92f9d21154c 2516 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2517 char* password = NULL;
wolfSSL 0:d92f9d21154c 2518 byte* key = NULL;
wolfSSL 0:d92f9d21154c 2519 byte* iv = NULL;
wolfSSL 0:d92f9d21154c 2520 #else
wolfSSL 0:d92f9d21154c 2521 char password[80];
wolfSSL 0:d92f9d21154c 2522 byte key[AES_256_KEY_SIZE];
wolfSSL 0:d92f9d21154c 2523 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 2524 byte iv[AES_IV_SIZE];
wolfSSL 0:d92f9d21154c 2525 #endif
wolfSSL 0:d92f9d21154c 2526 #endif
wolfSSL 0:d92f9d21154c 2527
wolfSSL 0:d92f9d21154c 2528 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2529 password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2530 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL,
wolfSSL 0:d92f9d21154c 2531 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2532 iv = (byte*)XMALLOC(AES_IV_SIZE, NULL,
wolfSSL 0:d92f9d21154c 2533 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2534
wolfSSL 0:d92f9d21154c 2535 if (password == NULL || key == NULL || iv == NULL) {
wolfSSL 0:d92f9d21154c 2536 XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2537 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2538 XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2539 ret = MEMORY_E;
wolfSSL 0:d92f9d21154c 2540 }
wolfSSL 0:d92f9d21154c 2541 else
wolfSSL 0:d92f9d21154c 2542 #endif
wolfSSL 0:d92f9d21154c 2543 if (!ctx || !ctx->passwd_cb) {
wolfSSL 0:d92f9d21154c 2544 ret = NO_PASSWORD;
wolfSSL 0:d92f9d21154c 2545 }
wolfSSL 0:d92f9d21154c 2546 else {
wolfSSL 0:d92f9d21154c 2547 passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:d92f9d21154c 2548 ctx->userdata);
wolfSSL 0:d92f9d21154c 2549
wolfSSL 0:d92f9d21154c 2550 /* use file's salt for key derivation, hex decode first */
wolfSSL 0:d92f9d21154c 2551 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
wolfSSL 0:d92f9d21154c 2552 != 0) {
wolfSSL 0:d92f9d21154c 2553 ret = ASN_INPUT_E;
wolfSSL 0:d92f9d21154c 2554 }
wolfSSL 0:d92f9d21154c 2555 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 2556 else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
wolfSSL 0:d92f9d21154c 2557 (byte*)password, passwordSz, 1, key, iv)) <= 0) {
wolfSSL 0:d92f9d21154c 2558 /* empty */
wolfSSL 0:d92f9d21154c 2559 }
wolfSSL 0:d92f9d21154c 2560 #endif
wolfSSL 0:d92f9d21154c 2561 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 2562 else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
wolfSSL 0:d92f9d21154c 2563 ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
wolfSSL 0:d92f9d21154c 2564 key, info->iv);
wolfSSL 0:d92f9d21154c 2565 }
wolfSSL 0:d92f9d21154c 2566 else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
wolfSSL 0:d92f9d21154c 2567 ret = wc_Des3_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
wolfSSL 0:d92f9d21154c 2568 key, info->iv);
wolfSSL 0:d92f9d21154c 2569 }
wolfSSL 0:d92f9d21154c 2570 #endif
wolfSSL 0:d92f9d21154c 2571 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 2572 else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
wolfSSL 0:d92f9d21154c 2573 ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
wolfSSL 0:d92f9d21154c 2574 key, AES_128_KEY_SIZE, info->iv);
wolfSSL 0:d92f9d21154c 2575 }
wolfSSL 0:d92f9d21154c 2576 else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
wolfSSL 0:d92f9d21154c 2577 ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
wolfSSL 0:d92f9d21154c 2578 key, AES_192_KEY_SIZE, info->iv);
wolfSSL 0:d92f9d21154c 2579 }
wolfSSL 0:d92f9d21154c 2580 else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
wolfSSL 0:d92f9d21154c 2581 ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
wolfSSL 0:d92f9d21154c 2582 key, AES_256_KEY_SIZE, info->iv);
wolfSSL 0:d92f9d21154c 2583 }
wolfSSL 0:d92f9d21154c 2584 #endif
wolfSSL 0:d92f9d21154c 2585 else {
wolfSSL 0:d92f9d21154c 2586 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2587 }
wolfSSL 0:d92f9d21154c 2588 }
wolfSSL 0:d92f9d21154c 2589
wolfSSL 0:d92f9d21154c 2590 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2591 XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2592 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2593 XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2594 #endif
wolfSSL 0:d92f9d21154c 2595
wolfSSL 0:d92f9d21154c 2596 if (ret != 0) {
wolfSSL 0:d92f9d21154c 2597 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2598 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2599 #endif
wolfSSL 0:d92f9d21154c 2600 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2601 return ret;
wolfSSL 0:d92f9d21154c 2602 }
wolfSSL 0:d92f9d21154c 2603 }
wolfSSL 0:d92f9d21154c 2604 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:d92f9d21154c 2605
wolfSSL 0:d92f9d21154c 2606 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2607 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2608 #endif
wolfSSL 0:d92f9d21154c 2609
wolfSSL 0:d92f9d21154c 2610 if (type == CA_TYPE) {
wolfSSL 0:d92f9d21154c 2611 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 2612 WOLFSSL_MSG("Need context for CA load");
wolfSSL 0:d92f9d21154c 2613 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2614 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2615 }
wolfSSL 0:d92f9d21154c 2616 return AddCA(ctx->cm, der, WOLFSSL_USER_CA, ctx->verifyPeer);
wolfSSL 0:d92f9d21154c 2617 /* takes der over */
wolfSSL 0:d92f9d21154c 2618 }
wolfSSL 0:d92f9d21154c 2619 else if (type == CERT_TYPE) {
wolfSSL 0:d92f9d21154c 2620 if (ssl) {
wolfSSL 0:d92f9d21154c 2621 if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
wolfSSL 0:d92f9d21154c 2622 XFREE(ssl->buffers.certificate.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2623 ssl->buffers.certificate = der;
wolfSSL 0:d92f9d21154c 2624 ssl->buffers.weOwnCert = 1;
wolfSSL 0:d92f9d21154c 2625 }
wolfSSL 0:d92f9d21154c 2626 else if (ctx) {
wolfSSL 0:d92f9d21154c 2627 if (ctx->certificate.buffer)
wolfSSL 0:d92f9d21154c 2628 XFREE(ctx->certificate.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2629 ctx->certificate = der; /* takes der over */
wolfSSL 0:d92f9d21154c 2630 }
wolfSSL 0:d92f9d21154c 2631 }
wolfSSL 0:d92f9d21154c 2632 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 0:d92f9d21154c 2633 if (ssl) {
wolfSSL 0:d92f9d21154c 2634 if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
wolfSSL 0:d92f9d21154c 2635 XFREE(ssl->buffers.key.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2636 ssl->buffers.key = der;
wolfSSL 0:d92f9d21154c 2637 ssl->buffers.weOwnKey = 1;
wolfSSL 0:d92f9d21154c 2638 }
wolfSSL 0:d92f9d21154c 2639 else if (ctx) {
wolfSSL 0:d92f9d21154c 2640 if (ctx->privateKey.buffer)
wolfSSL 0:d92f9d21154c 2641 XFREE(ctx->privateKey.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2642 ctx->privateKey = der; /* takes der over */
wolfSSL 0:d92f9d21154c 2643 }
wolfSSL 0:d92f9d21154c 2644 }
wolfSSL 0:d92f9d21154c 2645 else {
wolfSSL 0:d92f9d21154c 2646 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:d92f9d21154c 2647 return SSL_BAD_CERTTYPE;
wolfSSL 0:d92f9d21154c 2648 }
wolfSSL 0:d92f9d21154c 2649
wolfSSL 0:d92f9d21154c 2650 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL 0:d92f9d21154c 2651 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 2652 if (!eccKey) {
wolfSSL 0:d92f9d21154c 2653 /* make sure RSA key can be used */
wolfSSL 0:d92f9d21154c 2654 word32 idx = 0;
wolfSSL 0:d92f9d21154c 2655 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2656 RsaKey* key = NULL;
wolfSSL 0:d92f9d21154c 2657 #else
wolfSSL 0:d92f9d21154c 2658 RsaKey key[1];
wolfSSL 0:d92f9d21154c 2659 #endif
wolfSSL 0:d92f9d21154c 2660
wolfSSL 0:d92f9d21154c 2661 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2662 key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
wolfSSL 0:d92f9d21154c 2663 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2664 if (key == NULL)
wolfSSL 0:d92f9d21154c 2665 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2666 #endif
wolfSSL 0:d92f9d21154c 2667
wolfSSL 0:d92f9d21154c 2668 ret = wc_InitRsaKey(key, 0);
wolfSSL 0:d92f9d21154c 2669 if (ret == 0) {
wolfSSL 0:d92f9d21154c 2670 if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) !=
wolfSSL 0:d92f9d21154c 2671 0) {
wolfSSL 0:d92f9d21154c 2672 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 2673 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL 0:d92f9d21154c 2674 eccKey = 1; /* so try it out */
wolfSSL 0:d92f9d21154c 2675 #endif
wolfSSL 0:d92f9d21154c 2676 if (!eccKey)
wolfSSL 0:d92f9d21154c 2677 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2678 } else {
wolfSSL 0:d92f9d21154c 2679 rsaKey = 1;
wolfSSL 0:d92f9d21154c 2680 (void)rsaKey; /* for no ecc builds */
wolfSSL 0:d92f9d21154c 2681 }
wolfSSL 0:d92f9d21154c 2682 }
wolfSSL 0:d92f9d21154c 2683
wolfSSL 0:d92f9d21154c 2684 wc_FreeRsaKey(key);
wolfSSL 0:d92f9d21154c 2685
wolfSSL 0:d92f9d21154c 2686 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2687 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2688 #endif
wolfSSL 0:d92f9d21154c 2689
wolfSSL 0:d92f9d21154c 2690 if (ret != 0)
wolfSSL 0:d92f9d21154c 2691 return ret;
wolfSSL 0:d92f9d21154c 2692 }
wolfSSL 0:d92f9d21154c 2693 #endif
wolfSSL 0:d92f9d21154c 2694 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 2695 if (!rsaKey) {
wolfSSL 0:d92f9d21154c 2696 /* make sure ECC key can be used */
wolfSSL 0:d92f9d21154c 2697 word32 idx = 0;
wolfSSL 0:d92f9d21154c 2698 ecc_key key;
wolfSSL 0:d92f9d21154c 2699
wolfSSL 0:d92f9d21154c 2700 wc_ecc_init(&key);
wolfSSL 0:d92f9d21154c 2701 if (wc_EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL 0:d92f9d21154c 2702 wc_ecc_free(&key);
wolfSSL 0:d92f9d21154c 2703 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2704 }
wolfSSL 0:d92f9d21154c 2705 wc_ecc_free(&key);
wolfSSL 0:d92f9d21154c 2706 eccKey = 1;
wolfSSL 0:d92f9d21154c 2707 if (ctx)
wolfSSL 0:d92f9d21154c 2708 ctx->haveStaticECC = 1;
wolfSSL 0:d92f9d21154c 2709 if (ssl)
wolfSSL 0:d92f9d21154c 2710 ssl->options.haveStaticECC = 1;
wolfSSL 0:d92f9d21154c 2711 }
wolfSSL 0:d92f9d21154c 2712 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 2713 }
wolfSSL 0:d92f9d21154c 2714 else if (type == CERT_TYPE) {
wolfSSL 0:d92f9d21154c 2715 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2716 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 2717 #else
wolfSSL 0:d92f9d21154c 2718 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 2719 #endif
wolfSSL 0:d92f9d21154c 2720
wolfSSL 0:d92f9d21154c 2721 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2722 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 2723 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2724 if (cert == NULL)
wolfSSL 0:d92f9d21154c 2725 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2726 #endif
wolfSSL 0:d92f9d21154c 2727
wolfSSL 0:d92f9d21154c 2728 WOLFSSL_MSG("Checking cert signature type");
wolfSSL 0:d92f9d21154c 2729 InitDecodedCert(cert, der.buffer, der.length, heap);
wolfSSL 0:d92f9d21154c 2730
wolfSSL 0:d92f9d21154c 2731 if (DecodeToKey(cert, 0) < 0) {
wolfSSL 0:d92f9d21154c 2732 WOLFSSL_MSG("Decode to key failed");
wolfSSL 0:d92f9d21154c 2733 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2734 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2735 #endif
wolfSSL 0:d92f9d21154c 2736 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 2737 }
wolfSSL 0:d92f9d21154c 2738 switch (cert->signatureOID) {
wolfSSL 0:d92f9d21154c 2739 case CTC_SHAwECDSA:
wolfSSL 0:d92f9d21154c 2740 case CTC_SHA256wECDSA:
wolfSSL 0:d92f9d21154c 2741 case CTC_SHA384wECDSA:
wolfSSL 0:d92f9d21154c 2742 case CTC_SHA512wECDSA:
wolfSSL 0:d92f9d21154c 2743 WOLFSSL_MSG("ECDSA cert signature");
wolfSSL 0:d92f9d21154c 2744 if (ctx)
wolfSSL 0:d92f9d21154c 2745 ctx->haveECDSAsig = 1;
wolfSSL 0:d92f9d21154c 2746 if (ssl)
wolfSSL 0:d92f9d21154c 2747 ssl->options.haveECDSAsig = 1;
wolfSSL 0:d92f9d21154c 2748 break;
wolfSSL 0:d92f9d21154c 2749 default:
wolfSSL 0:d92f9d21154c 2750 WOLFSSL_MSG("Not ECDSA cert signature");
wolfSSL 0:d92f9d21154c 2751 break;
wolfSSL 0:d92f9d21154c 2752 }
wolfSSL 0:d92f9d21154c 2753
wolfSSL 0:d92f9d21154c 2754 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 2755 if (ctx)
wolfSSL 0:d92f9d21154c 2756 ctx->pkCurveOID = cert->pkCurveOID;
wolfSSL 0:d92f9d21154c 2757 if (ssl)
wolfSSL 0:d92f9d21154c 2758 ssl->pkCurveOID = cert->pkCurveOID;
wolfSSL 0:d92f9d21154c 2759 #endif
wolfSSL 0:d92f9d21154c 2760
wolfSSL 0:d92f9d21154c 2761 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 2762 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2763 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2764 #endif
wolfSSL 0:d92f9d21154c 2765 }
wolfSSL 0:d92f9d21154c 2766
wolfSSL 0:d92f9d21154c 2767 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2768 }
wolfSSL 0:d92f9d21154c 2769
wolfSSL 0:d92f9d21154c 2770
wolfSSL 0:d92f9d21154c 2771 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 0:d92f9d21154c 2772 static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:d92f9d21154c 2773 long sz, int format, int type, WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 2774 {
wolfSSL 0:d92f9d21154c 2775 long used = 0;
wolfSSL 0:d92f9d21154c 2776 int ret = 0;
wolfSSL 0:d92f9d21154c 2777 int gotOne = 0;
wolfSSL 0:d92f9d21154c 2778
wolfSSL 0:d92f9d21154c 2779 WOLFSSL_MSG("Processing CA PEM file");
wolfSSL 0:d92f9d21154c 2780 while (used < sz) {
wolfSSL 0:d92f9d21154c 2781 long consumed = 0;
wolfSSL 0:d92f9d21154c 2782
wolfSSL 0:d92f9d21154c 2783 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 0:d92f9d21154c 2784 &consumed, 0);
wolfSSL 0:d92f9d21154c 2785
wolfSSL 0:d92f9d21154c 2786 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:d92f9d21154c 2787 WOLFSSL_MSG("We got one good PEM file so stuff at end ok");
wolfSSL 0:d92f9d21154c 2788 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2789 break;
wolfSSL 0:d92f9d21154c 2790 }
wolfSSL 0:d92f9d21154c 2791
wolfSSL 0:d92f9d21154c 2792 if (ret < 0)
wolfSSL 0:d92f9d21154c 2793 break;
wolfSSL 0:d92f9d21154c 2794
wolfSSL 0:d92f9d21154c 2795 WOLFSSL_MSG(" Processed a CA");
wolfSSL 0:d92f9d21154c 2796 gotOne = 1;
wolfSSL 0:d92f9d21154c 2797 used += consumed;
wolfSSL 0:d92f9d21154c 2798 }
wolfSSL 0:d92f9d21154c 2799
wolfSSL 0:d92f9d21154c 2800 return ret;
wolfSSL 0:d92f9d21154c 2801 }
wolfSSL 0:d92f9d21154c 2802
wolfSSL 0:d92f9d21154c 2803
wolfSSL 0:d92f9d21154c 2804 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:d92f9d21154c 2805 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 0:d92f9d21154c 2806 long sz, int format)
wolfSSL 0:d92f9d21154c 2807 {
wolfSSL 0:d92f9d21154c 2808 int ret = 0;
wolfSSL 0:d92f9d21154c 2809 buffer der;
wolfSSL 0:d92f9d21154c 2810 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2811 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 2812 #else
wolfSSL 0:d92f9d21154c 2813 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 2814 #endif
wolfSSL 0:d92f9d21154c 2815
wolfSSL 0:d92f9d21154c 2816 WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
wolfSSL 0:d92f9d21154c 2817
wolfSSL 0:d92f9d21154c 2818 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2819 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 2820 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2821 if (cert == NULL)
wolfSSL 0:d92f9d21154c 2822 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2823 #endif
wolfSSL 0:d92f9d21154c 2824
wolfSSL 0:d92f9d21154c 2825 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 2826 der.length = 0;
wolfSSL 0:d92f9d21154c 2827
wolfSSL 0:d92f9d21154c 2828 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:d92f9d21154c 2829 int eccKey = 0; /* not used */
wolfSSL 0:d92f9d21154c 2830 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2831 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 2832 #else
wolfSSL 0:d92f9d21154c 2833 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 2834 #endif
wolfSSL 0:d92f9d21154c 2835
wolfSSL 0:d92f9d21154c 2836 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2837 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 2838 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2839 if (info == NULL) {
wolfSSL 0:d92f9d21154c 2840 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2841 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2842 }
wolfSSL 0:d92f9d21154c 2843 #endif
wolfSSL 0:d92f9d21154c 2844
wolfSSL 0:d92f9d21154c 2845 info->set = 0;
wolfSSL 0:d92f9d21154c 2846 info->ctx = NULL;
wolfSSL 0:d92f9d21154c 2847 info->consumed = 0;
wolfSSL 0:d92f9d21154c 2848
wolfSSL 0:d92f9d21154c 2849 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
wolfSSL 0:d92f9d21154c 2850
wolfSSL 0:d92f9d21154c 2851 if (ret == 0)
wolfSSL 0:d92f9d21154c 2852 InitDecodedCert(cert, der.buffer, der.length, cm->heap);
wolfSSL 0:d92f9d21154c 2853
wolfSSL 0:d92f9d21154c 2854 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2855 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2856 #endif
wolfSSL 0:d92f9d21154c 2857 }
wolfSSL 0:d92f9d21154c 2858 else
wolfSSL 0:d92f9d21154c 2859 InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 0:d92f9d21154c 2860
wolfSSL 0:d92f9d21154c 2861 if (ret == 0)
wolfSSL 0:d92f9d21154c 2862 ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
wolfSSL 0:d92f9d21154c 2863
wolfSSL 0:d92f9d21154c 2864 #ifdef HAVE_CRL
wolfSSL 0:d92f9d21154c 2865 if (ret == 0 && cm->crlEnabled)
wolfSSL 0:d92f9d21154c 2866 ret = CheckCertCRL(cm->crl, cert);
wolfSSL 0:d92f9d21154c 2867 #endif
wolfSSL 0:d92f9d21154c 2868
wolfSSL 0:d92f9d21154c 2869 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 2870
wolfSSL 0:d92f9d21154c 2871 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 2872 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2873 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2874 #endif
wolfSSL 0:d92f9d21154c 2875
wolfSSL 0:d92f9d21154c 2876 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 0:d92f9d21154c 2877 }
wolfSSL 0:d92f9d21154c 2878
wolfSSL 0:d92f9d21154c 2879
wolfSSL 0:d92f9d21154c 2880 /* turn on OCSP if off and compiled in, set options */
wolfSSL 0:d92f9d21154c 2881 int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 0:d92f9d21154c 2882 {
wolfSSL 0:d92f9d21154c 2883 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2884
wolfSSL 0:d92f9d21154c 2885 (void)options;
wolfSSL 0:d92f9d21154c 2886
wolfSSL 0:d92f9d21154c 2887 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
wolfSSL 0:d92f9d21154c 2888 if (cm == NULL)
wolfSSL 0:d92f9d21154c 2889 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2890
wolfSSL 0:d92f9d21154c 2891 #ifdef HAVE_OCSP
wolfSSL 0:d92f9d21154c 2892 if (cm->ocsp == NULL) {
wolfSSL 0:d92f9d21154c 2893 cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
wolfSSL 0:d92f9d21154c 2894 DYNAMIC_TYPE_OCSP);
wolfSSL 0:d92f9d21154c 2895 if (cm->ocsp == NULL)
wolfSSL 0:d92f9d21154c 2896 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2897
wolfSSL 0:d92f9d21154c 2898 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 0:d92f9d21154c 2899 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 0:d92f9d21154c 2900 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:d92f9d21154c 2901 cm->ocsp = NULL;
wolfSSL 0:d92f9d21154c 2902 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 2903 }
wolfSSL 0:d92f9d21154c 2904 }
wolfSSL 0:d92f9d21154c 2905 cm->ocspEnabled = 1;
wolfSSL 0:d92f9d21154c 2906 if (options & WOLFSSL_OCSP_URL_OVERRIDE)
wolfSSL 0:d92f9d21154c 2907 cm->ocspUseOverrideURL = 1;
wolfSSL 0:d92f9d21154c 2908 if (options & WOLFSSL_OCSP_NO_NONCE)
wolfSSL 0:d92f9d21154c 2909 cm->ocspSendNonce = 0;
wolfSSL 0:d92f9d21154c 2910 else
wolfSSL 0:d92f9d21154c 2911 cm->ocspSendNonce = 1;
wolfSSL 0:d92f9d21154c 2912 if (options & WOLFSSL_OCSP_CHECKALL)
wolfSSL 0:d92f9d21154c 2913 cm->ocspCheckAll = 1;
wolfSSL 0:d92f9d21154c 2914 #ifndef WOLFSSL_USER_IO
wolfSSL 0:d92f9d21154c 2915 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 0:d92f9d21154c 2916 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 0:d92f9d21154c 2917 #endif /* WOLFSSL_USER_IO */
wolfSSL 0:d92f9d21154c 2918 #else
wolfSSL 0:d92f9d21154c 2919 ret = NOT_COMPILED_IN;
wolfSSL 0:d92f9d21154c 2920 #endif
wolfSSL 0:d92f9d21154c 2921
wolfSSL 0:d92f9d21154c 2922 return ret;
wolfSSL 0:d92f9d21154c 2923 }
wolfSSL 0:d92f9d21154c 2924
wolfSSL 0:d92f9d21154c 2925
wolfSSL 0:d92f9d21154c 2926 int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 2927 {
wolfSSL 0:d92f9d21154c 2928 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
wolfSSL 0:d92f9d21154c 2929 if (cm == NULL)
wolfSSL 0:d92f9d21154c 2930 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2931
wolfSSL 0:d92f9d21154c 2932 cm->ocspEnabled = 0;
wolfSSL 0:d92f9d21154c 2933
wolfSSL 0:d92f9d21154c 2934 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2935 }
wolfSSL 0:d92f9d21154c 2936
wolfSSL 0:d92f9d21154c 2937
wolfSSL 0:d92f9d21154c 2938 #ifdef HAVE_OCSP
wolfSSL 0:d92f9d21154c 2939
wolfSSL 0:d92f9d21154c 2940
wolfSSL 0:d92f9d21154c 2941 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:d92f9d21154c 2942 int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:d92f9d21154c 2943 {
wolfSSL 0:d92f9d21154c 2944 int ret;
wolfSSL 0:d92f9d21154c 2945 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2946 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 2947 #else
wolfSSL 0:d92f9d21154c 2948 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 2949 #endif
wolfSSL 0:d92f9d21154c 2950
wolfSSL 0:d92f9d21154c 2951 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
wolfSSL 0:d92f9d21154c 2952
wolfSSL 0:d92f9d21154c 2953 if (cm == NULL)
wolfSSL 0:d92f9d21154c 2954 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2955
wolfSSL 0:d92f9d21154c 2956 if (cm->ocspEnabled == 0)
wolfSSL 0:d92f9d21154c 2957 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 2958
wolfSSL 0:d92f9d21154c 2959 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2960 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 2961 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2962 if (cert == NULL)
wolfSSL 0:d92f9d21154c 2963 return MEMORY_E;
wolfSSL 0:d92f9d21154c 2964 #endif
wolfSSL 0:d92f9d21154c 2965
wolfSSL 0:d92f9d21154c 2966 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 0:d92f9d21154c 2967
wolfSSL 0:d92f9d21154c 2968 if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
wolfSSL 0:d92f9d21154c 2969 WOLFSSL_MSG("ParseCert failed");
wolfSSL 0:d92f9d21154c 2970 }
wolfSSL 0:d92f9d21154c 2971 else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) {
wolfSSL 0:d92f9d21154c 2972 WOLFSSL_MSG("CheckCertOCSP failed");
wolfSSL 0:d92f9d21154c 2973 }
wolfSSL 0:d92f9d21154c 2974
wolfSSL 0:d92f9d21154c 2975 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 2976 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 2977 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 2978 #endif
wolfSSL 0:d92f9d21154c 2979
wolfSSL 0:d92f9d21154c 2980 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 0:d92f9d21154c 2981 }
wolfSSL 0:d92f9d21154c 2982
wolfSSL 0:d92f9d21154c 2983
wolfSSL 0:d92f9d21154c 2984 int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 0:d92f9d21154c 2985 const char* url)
wolfSSL 0:d92f9d21154c 2986 {
wolfSSL 0:d92f9d21154c 2987 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 0:d92f9d21154c 2988 if (cm == NULL)
wolfSSL 0:d92f9d21154c 2989 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 2990
wolfSSL 0:d92f9d21154c 2991 XFREE(cm->ocspOverrideURL, cm->heap, 0);
wolfSSL 0:d92f9d21154c 2992 if (url != NULL) {
wolfSSL 0:d92f9d21154c 2993 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 0:d92f9d21154c 2994 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
wolfSSL 0:d92f9d21154c 2995 if (cm->ocspOverrideURL != NULL) {
wolfSSL 0:d92f9d21154c 2996 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 0:d92f9d21154c 2997 }
wolfSSL 0:d92f9d21154c 2998 else
wolfSSL 0:d92f9d21154c 2999 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3000 }
wolfSSL 0:d92f9d21154c 3001 else
wolfSSL 0:d92f9d21154c 3002 cm->ocspOverrideURL = NULL;
wolfSSL 0:d92f9d21154c 3003
wolfSSL 0:d92f9d21154c 3004 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3005 }
wolfSSL 0:d92f9d21154c 3006
wolfSSL 0:d92f9d21154c 3007
wolfSSL 0:d92f9d21154c 3008 int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 0:d92f9d21154c 3009 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:d92f9d21154c 3010 {
wolfSSL 0:d92f9d21154c 3011 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
wolfSSL 0:d92f9d21154c 3012 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3013 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3014
wolfSSL 0:d92f9d21154c 3015 cm->ocspIOCb = ioCb;
wolfSSL 0:d92f9d21154c 3016 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 0:d92f9d21154c 3017 cm->ocspIOCtx = ioCbCtx;
wolfSSL 0:d92f9d21154c 3018
wolfSSL 0:d92f9d21154c 3019 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3020 }
wolfSSL 0:d92f9d21154c 3021
wolfSSL 0:d92f9d21154c 3022
wolfSSL 0:d92f9d21154c 3023 int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
wolfSSL 0:d92f9d21154c 3024 {
wolfSSL 0:d92f9d21154c 3025 WOLFSSL_ENTER("wolfSSL_EnableOCSP");
wolfSSL 0:d92f9d21154c 3026 if (ssl)
wolfSSL 0:d92f9d21154c 3027 return wolfSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 0:d92f9d21154c 3028 else
wolfSSL 0:d92f9d21154c 3029 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3030 }
wolfSSL 0:d92f9d21154c 3031
wolfSSL 0:d92f9d21154c 3032
wolfSSL 0:d92f9d21154c 3033 int wolfSSL_DisableOCSP(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 3034 {
wolfSSL 0:d92f9d21154c 3035 WOLFSSL_ENTER("wolfSSL_DisableOCSP");
wolfSSL 0:d92f9d21154c 3036 if (ssl)
wolfSSL 0:d92f9d21154c 3037 return wolfSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 0:d92f9d21154c 3038 else
wolfSSL 0:d92f9d21154c 3039 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3040 }
wolfSSL 0:d92f9d21154c 3041
wolfSSL 0:d92f9d21154c 3042
wolfSSL 0:d92f9d21154c 3043 int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
wolfSSL 0:d92f9d21154c 3044 {
wolfSSL 0:d92f9d21154c 3045 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 0:d92f9d21154c 3046 if (ssl)
wolfSSL 0:d92f9d21154c 3047 return wolfSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 0:d92f9d21154c 3048 else
wolfSSL 0:d92f9d21154c 3049 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3050 }
wolfSSL 0:d92f9d21154c 3051
wolfSSL 0:d92f9d21154c 3052
wolfSSL 0:d92f9d21154c 3053 int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 3054 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:d92f9d21154c 3055 {
wolfSSL 0:d92f9d21154c 3056 WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
wolfSSL 0:d92f9d21154c 3057 if (ssl)
wolfSSL 0:d92f9d21154c 3058 return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 0:d92f9d21154c 3059 ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:d92f9d21154c 3060 else
wolfSSL 0:d92f9d21154c 3061 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3062 }
wolfSSL 0:d92f9d21154c 3063
wolfSSL 0:d92f9d21154c 3064
wolfSSL 0:d92f9d21154c 3065 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
wolfSSL 0:d92f9d21154c 3066 {
wolfSSL 0:d92f9d21154c 3067 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
wolfSSL 0:d92f9d21154c 3068 if (ctx)
wolfSSL 0:d92f9d21154c 3069 return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 0:d92f9d21154c 3070 else
wolfSSL 0:d92f9d21154c 3071 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3072 }
wolfSSL 0:d92f9d21154c 3073
wolfSSL 0:d92f9d21154c 3074
wolfSSL 0:d92f9d21154c 3075 int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 3076 {
wolfSSL 0:d92f9d21154c 3077 WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
wolfSSL 0:d92f9d21154c 3078 if (ctx)
wolfSSL 0:d92f9d21154c 3079 return wolfSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 0:d92f9d21154c 3080 else
wolfSSL 0:d92f9d21154c 3081 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3082 }
wolfSSL 0:d92f9d21154c 3083
wolfSSL 0:d92f9d21154c 3084
wolfSSL 0:d92f9d21154c 3085 int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
wolfSSL 0:d92f9d21154c 3086 {
wolfSSL 0:d92f9d21154c 3087 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 0:d92f9d21154c 3088 if (ctx)
wolfSSL 0:d92f9d21154c 3089 return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 0:d92f9d21154c 3090 else
wolfSSL 0:d92f9d21154c 3091 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3092 }
wolfSSL 0:d92f9d21154c 3093
wolfSSL 0:d92f9d21154c 3094
wolfSSL 0:d92f9d21154c 3095 int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 3096 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:d92f9d21154c 3097 {
wolfSSL 0:d92f9d21154c 3098 WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
wolfSSL 0:d92f9d21154c 3099 if (ctx)
wolfSSL 0:d92f9d21154c 3100 return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:d92f9d21154c 3101 else
wolfSSL 0:d92f9d21154c 3102 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3103 }
wolfSSL 0:d92f9d21154c 3104
wolfSSL 0:d92f9d21154c 3105
wolfSSL 0:d92f9d21154c 3106 #endif /* HAVE_OCSP */
wolfSSL 0:d92f9d21154c 3107
wolfSSL 0:d92f9d21154c 3108
wolfSSL 0:d92f9d21154c 3109 #ifndef NO_FILESYSTEM
wolfSSL 0:d92f9d21154c 3110
wolfSSL 0:d92f9d21154c 3111 #if defined(WOLFSSL_MDK_ARM)
wolfSSL 0:d92f9d21154c 3112 extern FILE * wolfSSL_fopen(const char *name, const char *mode) ;
wolfSSL 0:d92f9d21154c 3113 #define XFOPEN wolfSSL_fopen
wolfSSL 0:d92f9d21154c 3114 #else
wolfSSL 0:d92f9d21154c 3115 #define XFOPEN fopen
wolfSSL 0:d92f9d21154c 3116 #endif
wolfSSL 0:d92f9d21154c 3117
wolfSSL 0:d92f9d21154c 3118 /* process a file with name fname into ctx of format and type
wolfSSL 0:d92f9d21154c 3119 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 0:d92f9d21154c 3120 int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 0:d92f9d21154c 3121 WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl)
wolfSSL 0:d92f9d21154c 3122 {
wolfSSL 0:d92f9d21154c 3123 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3124 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 3125 #else
wolfSSL 0:d92f9d21154c 3126 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 3127 #endif
wolfSSL 0:d92f9d21154c 3128 byte* myBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 3129 int dynamic = 0;
wolfSSL 0:d92f9d21154c 3130 int ret;
wolfSSL 0:d92f9d21154c 3131 long sz = 0;
wolfSSL 0:d92f9d21154c 3132 XFILE file;
wolfSSL 0:d92f9d21154c 3133 void* heapHint = ctx ? ctx->heap : NULL;
wolfSSL 0:d92f9d21154c 3134
wolfSSL 0:d92f9d21154c 3135 (void)crl;
wolfSSL 0:d92f9d21154c 3136 (void)heapHint;
wolfSSL 0:d92f9d21154c 3137
wolfSSL 0:d92f9d21154c 3138 if (fname == NULL) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3139
wolfSSL 0:d92f9d21154c 3140 file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 3141 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3142 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 3143 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 3144 XREWIND(file);
wolfSSL 0:d92f9d21154c 3145
wolfSSL 0:d92f9d21154c 3146 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 3147 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 0:d92f9d21154c 3148 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3149 if (myBuffer == NULL) {
wolfSSL 0:d92f9d21154c 3150 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3151 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3152 }
wolfSSL 0:d92f9d21154c 3153 dynamic = 1;
wolfSSL 0:d92f9d21154c 3154 }
wolfSSL 0:d92f9d21154c 3155 else if (sz < 0) {
wolfSSL 0:d92f9d21154c 3156 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3157 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3158 }
wolfSSL 0:d92f9d21154c 3159
wolfSSL 0:d92f9d21154c 3160 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:d92f9d21154c 3161 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3162 else {
wolfSSL 0:d92f9d21154c 3163 if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
wolfSSL 0:d92f9d21154c 3164 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL 0:d92f9d21154c 3165 #ifdef HAVE_CRL
wolfSSL 0:d92f9d21154c 3166 else if (type == CRL_TYPE)
wolfSSL 0:d92f9d21154c 3167 ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL 0:d92f9d21154c 3168 #endif
wolfSSL 0:d92f9d21154c 3169 else
wolfSSL 0:d92f9d21154c 3170 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 0:d92f9d21154c 3171 userChain);
wolfSSL 0:d92f9d21154c 3172 }
wolfSSL 0:d92f9d21154c 3173
wolfSSL 0:d92f9d21154c 3174 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3175 if (dynamic)
wolfSSL 0:d92f9d21154c 3176 XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3177
wolfSSL 0:d92f9d21154c 3178 return ret;
wolfSSL 0:d92f9d21154c 3179 }
wolfSSL 0:d92f9d21154c 3180
wolfSSL 0:d92f9d21154c 3181
wolfSSL 0:d92f9d21154c 3182 /* loads file then loads each file in path, no c_rehash */
wolfSSL 0:d92f9d21154c 3183 int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 0:d92f9d21154c 3184 const char* path)
wolfSSL 0:d92f9d21154c 3185 {
wolfSSL 0:d92f9d21154c 3186 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3187
wolfSSL 0:d92f9d21154c 3188 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
wolfSSL 0:d92f9d21154c 3189 (void)path;
wolfSSL 0:d92f9d21154c 3190
wolfSSL 0:d92f9d21154c 3191 if (ctx == NULL || (file == NULL && path == NULL) )
wolfSSL 0:d92f9d21154c 3192 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3193
wolfSSL 0:d92f9d21154c 3194 if (file)
wolfSSL 0:d92f9d21154c 3195 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL 0:d92f9d21154c 3196
wolfSSL 0:d92f9d21154c 3197 if (ret == SSL_SUCCESS && path) {
wolfSSL 0:d92f9d21154c 3198 /* try to load each regular file in path */
wolfSSL 0:d92f9d21154c 3199 #ifdef USE_WINDOWS_API
wolfSSL 0:d92f9d21154c 3200 WIN32_FIND_DATAA FindFileData;
wolfSSL 0:d92f9d21154c 3201 HANDLE hFind;
wolfSSL 0:d92f9d21154c 3202 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3203 char* name = NULL;
wolfSSL 0:d92f9d21154c 3204 #else
wolfSSL 0:d92f9d21154c 3205 char name[MAX_FILENAME_SZ];
wolfSSL 0:d92f9d21154c 3206 #endif
wolfSSL 0:d92f9d21154c 3207
wolfSSL 0:d92f9d21154c 3208 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3209 name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3210 if (name == NULL)
wolfSSL 0:d92f9d21154c 3211 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3212 #endif
wolfSSL 0:d92f9d21154c 3213
wolfSSL 0:d92f9d21154c 3214 XMEMSET(name, 0, MAX_FILENAME_SZ);
wolfSSL 0:d92f9d21154c 3215 XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
wolfSSL 0:d92f9d21154c 3216 XSTRNCAT(name, "\\*", 3);
wolfSSL 0:d92f9d21154c 3217
wolfSSL 0:d92f9d21154c 3218 hFind = FindFirstFileA(name, &FindFileData);
wolfSSL 0:d92f9d21154c 3219 if (hFind == INVALID_HANDLE_VALUE) {
wolfSSL 0:d92f9d21154c 3220 WOLFSSL_MSG("FindFirstFile for path verify locations failed");
wolfSSL 0:d92f9d21154c 3221 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3222 XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3223 #endif
wolfSSL 0:d92f9d21154c 3224 return BAD_PATH_ERROR;
wolfSSL 0:d92f9d21154c 3225 }
wolfSSL 0:d92f9d21154c 3226
wolfSSL 0:d92f9d21154c 3227 do {
wolfSSL 0:d92f9d21154c 3228 if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
wolfSSL 0:d92f9d21154c 3229 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
wolfSSL 0:d92f9d21154c 3230 XSTRNCAT(name, "\\", 2);
wolfSSL 0:d92f9d21154c 3231 XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
wolfSSL 0:d92f9d21154c 3232
wolfSSL 0:d92f9d21154c 3233 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:d92f9d21154c 3234 NULL);
wolfSSL 0:d92f9d21154c 3235 }
wolfSSL 0:d92f9d21154c 3236 } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
wolfSSL 0:d92f9d21154c 3237
wolfSSL 0:d92f9d21154c 3238 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3239 XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3240 #endif
wolfSSL 0:d92f9d21154c 3241
wolfSSL 0:d92f9d21154c 3242 FindClose(hFind);
wolfSSL 0:d92f9d21154c 3243 #elif !defined(NO_WOLFSSL_DIR)
wolfSSL 0:d92f9d21154c 3244 struct dirent* entry;
wolfSSL 0:d92f9d21154c 3245 DIR* dir = opendir(path);
wolfSSL 0:d92f9d21154c 3246 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3247 char* name = NULL;
wolfSSL 0:d92f9d21154c 3248 #else
wolfSSL 0:d92f9d21154c 3249 char name[MAX_FILENAME_SZ];
wolfSSL 0:d92f9d21154c 3250 #endif
wolfSSL 0:d92f9d21154c 3251
wolfSSL 0:d92f9d21154c 3252 if (dir == NULL) {
wolfSSL 0:d92f9d21154c 3253 WOLFSSL_MSG("opendir path verify locations failed");
wolfSSL 0:d92f9d21154c 3254 return BAD_PATH_ERROR;
wolfSSL 0:d92f9d21154c 3255 }
wolfSSL 0:d92f9d21154c 3256
wolfSSL 0:d92f9d21154c 3257 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3258 name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3259 if (name == NULL)
wolfSSL 0:d92f9d21154c 3260 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3261 #endif
wolfSSL 0:d92f9d21154c 3262
wolfSSL 0:d92f9d21154c 3263 while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
wolfSSL 0:d92f9d21154c 3264 struct stat s;
wolfSSL 0:d92f9d21154c 3265
wolfSSL 0:d92f9d21154c 3266 XMEMSET(name, 0, MAX_FILENAME_SZ);
wolfSSL 0:d92f9d21154c 3267 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
wolfSSL 0:d92f9d21154c 3268 XSTRNCAT(name, "/", 1);
wolfSSL 0:d92f9d21154c 3269 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
wolfSSL 0:d92f9d21154c 3270
wolfSSL 0:d92f9d21154c 3271 if (stat(name, &s) != 0) {
wolfSSL 0:d92f9d21154c 3272 WOLFSSL_MSG("stat on name failed");
wolfSSL 0:d92f9d21154c 3273 ret = BAD_PATH_ERROR;
wolfSSL 0:d92f9d21154c 3274 } else if (s.st_mode & S_IFREG)
wolfSSL 0:d92f9d21154c 3275 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:d92f9d21154c 3276 NULL);
wolfSSL 0:d92f9d21154c 3277 }
wolfSSL 0:d92f9d21154c 3278
wolfSSL 0:d92f9d21154c 3279 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3280 XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3281 #endif
wolfSSL 0:d92f9d21154c 3282
wolfSSL 0:d92f9d21154c 3283 closedir(dir);
wolfSSL 0:d92f9d21154c 3284 #endif
wolfSSL 0:d92f9d21154c 3285 }
wolfSSL 0:d92f9d21154c 3286
wolfSSL 0:d92f9d21154c 3287 return ret;
wolfSSL 0:d92f9d21154c 3288 }
wolfSSL 0:d92f9d21154c 3289
wolfSSL 0:d92f9d21154c 3290
wolfSSL 0:d92f9d21154c 3291 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:d92f9d21154c 3292 int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 0:d92f9d21154c 3293 int format)
wolfSSL 0:d92f9d21154c 3294 {
wolfSSL 0:d92f9d21154c 3295 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 3296 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3297 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 3298 #else
wolfSSL 0:d92f9d21154c 3299 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 3300 #endif
wolfSSL 0:d92f9d21154c 3301 byte* myBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 3302 int dynamic = 0;
wolfSSL 0:d92f9d21154c 3303 long sz = 0;
wolfSSL 0:d92f9d21154c 3304 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 3305
wolfSSL 0:d92f9d21154c 3306 WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
wolfSSL 0:d92f9d21154c 3307
wolfSSL 0:d92f9d21154c 3308 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3309 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 3310 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 3311 XREWIND(file);
wolfSSL 0:d92f9d21154c 3312
wolfSSL 0:d92f9d21154c 3313 if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
wolfSSL 0:d92f9d21154c 3314 WOLFSSL_MSG("CertManagerVerify file bad size");
wolfSSL 0:d92f9d21154c 3315 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3316 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3317 }
wolfSSL 0:d92f9d21154c 3318
wolfSSL 0:d92f9d21154c 3319 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 3320 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 0:d92f9d21154c 3321 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3322 if (myBuffer == NULL) {
wolfSSL 0:d92f9d21154c 3323 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3324 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3325 }
wolfSSL 0:d92f9d21154c 3326 dynamic = 1;
wolfSSL 0:d92f9d21154c 3327 }
wolfSSL 0:d92f9d21154c 3328
wolfSSL 0:d92f9d21154c 3329 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:d92f9d21154c 3330 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3331 else
wolfSSL 0:d92f9d21154c 3332 ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 0:d92f9d21154c 3333
wolfSSL 0:d92f9d21154c 3334 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3335 if (dynamic)
wolfSSL 0:d92f9d21154c 3336 XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3337
wolfSSL 0:d92f9d21154c 3338 return ret;
wolfSSL 0:d92f9d21154c 3339 }
wolfSSL 0:d92f9d21154c 3340
wolfSSL 0:d92f9d21154c 3341
wolfSSL 0:d92f9d21154c 3342 static INLINE WOLFSSL_METHOD* cm_pick_method(void)
wolfSSL 0:d92f9d21154c 3343 {
wolfSSL 0:d92f9d21154c 3344 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 3345 #ifdef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 3346 return wolfTLSv1_2_client_method();
wolfSSL 0:d92f9d21154c 3347 #else
wolfSSL 0:d92f9d21154c 3348 return wolfSSLv3_client_method();
wolfSSL 0:d92f9d21154c 3349 #endif
wolfSSL 0:d92f9d21154c 3350 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 0:d92f9d21154c 3351 #ifdef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 3352 return wolfTLSv1_2_server_method();
wolfSSL 0:d92f9d21154c 3353 #else
wolfSSL 0:d92f9d21154c 3354 return wolfSSLv3_server_method();
wolfSSL 0:d92f9d21154c 3355 #endif
wolfSSL 0:d92f9d21154c 3356 #else
wolfSSL 0:d92f9d21154c 3357 return NULL;
wolfSSL 0:d92f9d21154c 3358 #endif
wolfSSL 0:d92f9d21154c 3359 }
wolfSSL 0:d92f9d21154c 3360
wolfSSL 0:d92f9d21154c 3361
wolfSSL 0:d92f9d21154c 3362 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 0:d92f9d21154c 3363 int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
wolfSSL 0:d92f9d21154c 3364 const char* path)
wolfSSL 0:d92f9d21154c 3365 {
wolfSSL 0:d92f9d21154c 3366 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 3367 WOLFSSL_CTX* tmp;
wolfSSL 0:d92f9d21154c 3368
wolfSSL 0:d92f9d21154c 3369 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
wolfSSL 0:d92f9d21154c 3370
wolfSSL 0:d92f9d21154c 3371 if (cm == NULL) {
wolfSSL 0:d92f9d21154c 3372 WOLFSSL_MSG("No CertManager error");
wolfSSL 0:d92f9d21154c 3373 return ret;
wolfSSL 0:d92f9d21154c 3374 }
wolfSSL 0:d92f9d21154c 3375 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 0:d92f9d21154c 3376
wolfSSL 0:d92f9d21154c 3377 if (tmp == NULL) {
wolfSSL 0:d92f9d21154c 3378 WOLFSSL_MSG("CTX new failed");
wolfSSL 0:d92f9d21154c 3379 return ret;
wolfSSL 0:d92f9d21154c 3380 }
wolfSSL 0:d92f9d21154c 3381
wolfSSL 0:d92f9d21154c 3382 /* for tmp use */
wolfSSL 0:d92f9d21154c 3383 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 0:d92f9d21154c 3384 tmp->cm = cm;
wolfSSL 0:d92f9d21154c 3385
wolfSSL 0:d92f9d21154c 3386 ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 0:d92f9d21154c 3387
wolfSSL 0:d92f9d21154c 3388 /* don't loose our good one */
wolfSSL 0:d92f9d21154c 3389 tmp->cm = NULL;
wolfSSL 0:d92f9d21154c 3390 wolfSSL_CTX_free(tmp);
wolfSSL 0:d92f9d21154c 3391
wolfSSL 0:d92f9d21154c 3392 return ret;
wolfSSL 0:d92f9d21154c 3393 }
wolfSSL 0:d92f9d21154c 3394
wolfSSL 0:d92f9d21154c 3395
wolfSSL 0:d92f9d21154c 3396
wolfSSL 0:d92f9d21154c 3397 /* turn on CRL if off and compiled in, set options */
wolfSSL 0:d92f9d21154c 3398 int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 0:d92f9d21154c 3399 {
wolfSSL 0:d92f9d21154c 3400 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3401
wolfSSL 0:d92f9d21154c 3402 (void)options;
wolfSSL 0:d92f9d21154c 3403
wolfSSL 0:d92f9d21154c 3404 WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
wolfSSL 0:d92f9d21154c 3405 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3406 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3407
wolfSSL 0:d92f9d21154c 3408 #ifdef HAVE_CRL
wolfSSL 0:d92f9d21154c 3409 if (cm->crl == NULL) {
wolfSSL 0:d92f9d21154c 3410 cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
wolfSSL 0:d92f9d21154c 3411 DYNAMIC_TYPE_CRL);
wolfSSL 0:d92f9d21154c 3412 if (cm->crl == NULL)
wolfSSL 0:d92f9d21154c 3413 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3414
wolfSSL 0:d92f9d21154c 3415 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 0:d92f9d21154c 3416 WOLFSSL_MSG("Init CRL failed");
wolfSSL 0:d92f9d21154c 3417 FreeCRL(cm->crl, 1);
wolfSSL 0:d92f9d21154c 3418 cm->crl = NULL;
wolfSSL 0:d92f9d21154c 3419 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3420 }
wolfSSL 0:d92f9d21154c 3421 }
wolfSSL 0:d92f9d21154c 3422 cm->crlEnabled = 1;
wolfSSL 0:d92f9d21154c 3423 if (options & WOLFSSL_CRL_CHECKALL)
wolfSSL 0:d92f9d21154c 3424 cm->crlCheckAll = 1;
wolfSSL 0:d92f9d21154c 3425 #else
wolfSSL 0:d92f9d21154c 3426 ret = NOT_COMPILED_IN;
wolfSSL 0:d92f9d21154c 3427 #endif
wolfSSL 0:d92f9d21154c 3428
wolfSSL 0:d92f9d21154c 3429 return ret;
wolfSSL 0:d92f9d21154c 3430 }
wolfSSL 0:d92f9d21154c 3431
wolfSSL 0:d92f9d21154c 3432
wolfSSL 0:d92f9d21154c 3433 int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 3434 {
wolfSSL 0:d92f9d21154c 3435 WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
wolfSSL 0:d92f9d21154c 3436 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3437 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3438
wolfSSL 0:d92f9d21154c 3439 cm->crlEnabled = 0;
wolfSSL 0:d92f9d21154c 3440
wolfSSL 0:d92f9d21154c 3441 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3442 }
wolfSSL 0:d92f9d21154c 3443
wolfSSL 0:d92f9d21154c 3444
wolfSSL 0:d92f9d21154c 3445 int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 3446 {
wolfSSL 0:d92f9d21154c 3447 /* TODO: check private against public for RSA match */
wolfSSL 0:d92f9d21154c 3448 (void)ctx;
wolfSSL 0:d92f9d21154c 3449 WOLFSSL_ENTER("SSL_CTX_check_private_key");
wolfSSL 0:d92f9d21154c 3450 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3451 }
wolfSSL 0:d92f9d21154c 3452
wolfSSL 0:d92f9d21154c 3453
wolfSSL 0:d92f9d21154c 3454 #ifdef HAVE_CRL
wolfSSL 0:d92f9d21154c 3455
wolfSSL 0:d92f9d21154c 3456
wolfSSL 0:d92f9d21154c 3457 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:d92f9d21154c 3458 int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:d92f9d21154c 3459 {
wolfSSL 0:d92f9d21154c 3460 int ret = 0;
wolfSSL 0:d92f9d21154c 3461 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3462 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 3463 #else
wolfSSL 0:d92f9d21154c 3464 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 3465 #endif
wolfSSL 0:d92f9d21154c 3466
wolfSSL 0:d92f9d21154c 3467 WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
wolfSSL 0:d92f9d21154c 3468
wolfSSL 0:d92f9d21154c 3469 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3470 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3471
wolfSSL 0:d92f9d21154c 3472 if (cm->crlEnabled == 0)
wolfSSL 0:d92f9d21154c 3473 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3474
wolfSSL 0:d92f9d21154c 3475 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3476 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 3477 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3478 if (cert == NULL)
wolfSSL 0:d92f9d21154c 3479 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3480 #endif
wolfSSL 0:d92f9d21154c 3481
wolfSSL 0:d92f9d21154c 3482 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 0:d92f9d21154c 3483
wolfSSL 0:d92f9d21154c 3484 if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
wolfSSL 0:d92f9d21154c 3485 WOLFSSL_MSG("ParseCert failed");
wolfSSL 0:d92f9d21154c 3486 }
wolfSSL 0:d92f9d21154c 3487 else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
wolfSSL 0:d92f9d21154c 3488 WOLFSSL_MSG("CheckCertCRL failed");
wolfSSL 0:d92f9d21154c 3489 }
wolfSSL 0:d92f9d21154c 3490
wolfSSL 0:d92f9d21154c 3491 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 3492 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3493 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3494 #endif
wolfSSL 0:d92f9d21154c 3495
wolfSSL 0:d92f9d21154c 3496 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 0:d92f9d21154c 3497 }
wolfSSL 0:d92f9d21154c 3498
wolfSSL 0:d92f9d21154c 3499
wolfSSL 0:d92f9d21154c 3500 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 0:d92f9d21154c 3501 {
wolfSSL 0:d92f9d21154c 3502 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
wolfSSL 0:d92f9d21154c 3503 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3504 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3505
wolfSSL 0:d92f9d21154c 3506 cm->cbMissingCRL = cb;
wolfSSL 0:d92f9d21154c 3507
wolfSSL 0:d92f9d21154c 3508 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3509 }
wolfSSL 0:d92f9d21154c 3510
wolfSSL 0:d92f9d21154c 3511
wolfSSL 0:d92f9d21154c 3512 int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
wolfSSL 0:d92f9d21154c 3513 int type, int monitor)
wolfSSL 0:d92f9d21154c 3514 {
wolfSSL 0:d92f9d21154c 3515 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
wolfSSL 0:d92f9d21154c 3516 if (cm == NULL)
wolfSSL 0:d92f9d21154c 3517 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3518
wolfSSL 0:d92f9d21154c 3519 if (cm->crl == NULL) {
wolfSSL 0:d92f9d21154c 3520 if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 3521 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 0:d92f9d21154c 3522 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 3523 }
wolfSSL 0:d92f9d21154c 3524 }
wolfSSL 0:d92f9d21154c 3525
wolfSSL 0:d92f9d21154c 3526 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 0:d92f9d21154c 3527 }
wolfSSL 0:d92f9d21154c 3528
wolfSSL 0:d92f9d21154c 3529
wolfSSL 0:d92f9d21154c 3530 int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
wolfSSL 0:d92f9d21154c 3531 {
wolfSSL 0:d92f9d21154c 3532 WOLFSSL_ENTER("wolfSSL_EnableCRL");
wolfSSL 0:d92f9d21154c 3533 if (ssl)
wolfSSL 0:d92f9d21154c 3534 return wolfSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 0:d92f9d21154c 3535 else
wolfSSL 0:d92f9d21154c 3536 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3537 }
wolfSSL 0:d92f9d21154c 3538
wolfSSL 0:d92f9d21154c 3539
wolfSSL 0:d92f9d21154c 3540 int wolfSSL_DisableCRL(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 3541 {
wolfSSL 0:d92f9d21154c 3542 WOLFSSL_ENTER("wolfSSL_DisableCRL");
wolfSSL 0:d92f9d21154c 3543 if (ssl)
wolfSSL 0:d92f9d21154c 3544 return wolfSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 0:d92f9d21154c 3545 else
wolfSSL 0:d92f9d21154c 3546 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3547 }
wolfSSL 0:d92f9d21154c 3548
wolfSSL 0:d92f9d21154c 3549
wolfSSL 0:d92f9d21154c 3550 int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
wolfSSL 0:d92f9d21154c 3551 {
wolfSSL 0:d92f9d21154c 3552 WOLFSSL_ENTER("wolfSSL_LoadCRL");
wolfSSL 0:d92f9d21154c 3553 if (ssl)
wolfSSL 0:d92f9d21154c 3554 return wolfSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 0:d92f9d21154c 3555 else
wolfSSL 0:d92f9d21154c 3556 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3557 }
wolfSSL 0:d92f9d21154c 3558
wolfSSL 0:d92f9d21154c 3559
wolfSSL 0:d92f9d21154c 3560 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
wolfSSL 0:d92f9d21154c 3561 {
wolfSSL 0:d92f9d21154c 3562 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 0:d92f9d21154c 3563 if (ssl)
wolfSSL 0:d92f9d21154c 3564 return wolfSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 0:d92f9d21154c 3565 else
wolfSSL 0:d92f9d21154c 3566 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3567 }
wolfSSL 0:d92f9d21154c 3568
wolfSSL 0:d92f9d21154c 3569
wolfSSL 0:d92f9d21154c 3570 int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
wolfSSL 0:d92f9d21154c 3571 {
wolfSSL 0:d92f9d21154c 3572 WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
wolfSSL 0:d92f9d21154c 3573 if (ctx)
wolfSSL 0:d92f9d21154c 3574 return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 0:d92f9d21154c 3575 else
wolfSSL 0:d92f9d21154c 3576 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3577 }
wolfSSL 0:d92f9d21154c 3578
wolfSSL 0:d92f9d21154c 3579
wolfSSL 0:d92f9d21154c 3580 int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 3581 {
wolfSSL 0:d92f9d21154c 3582 WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
wolfSSL 0:d92f9d21154c 3583 if (ctx)
wolfSSL 0:d92f9d21154c 3584 return wolfSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 0:d92f9d21154c 3585 else
wolfSSL 0:d92f9d21154c 3586 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3587 }
wolfSSL 0:d92f9d21154c 3588
wolfSSL 0:d92f9d21154c 3589
wolfSSL 0:d92f9d21154c 3590 int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor)
wolfSSL 0:d92f9d21154c 3591 {
wolfSSL 0:d92f9d21154c 3592 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
wolfSSL 0:d92f9d21154c 3593 if (ctx)
wolfSSL 0:d92f9d21154c 3594 return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 0:d92f9d21154c 3595 else
wolfSSL 0:d92f9d21154c 3596 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3597 }
wolfSSL 0:d92f9d21154c 3598
wolfSSL 0:d92f9d21154c 3599
wolfSSL 0:d92f9d21154c 3600 int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 0:d92f9d21154c 3601 {
wolfSSL 0:d92f9d21154c 3602 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
wolfSSL 0:d92f9d21154c 3603 if (ctx)
wolfSSL 0:d92f9d21154c 3604 return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 0:d92f9d21154c 3605 else
wolfSSL 0:d92f9d21154c 3606 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3607 }
wolfSSL 0:d92f9d21154c 3608
wolfSSL 0:d92f9d21154c 3609
wolfSSL 0:d92f9d21154c 3610 #endif /* HAVE_CRL */
wolfSSL 0:d92f9d21154c 3611
wolfSSL 0:d92f9d21154c 3612
wolfSSL 0:d92f9d21154c 3613 #ifdef WOLFSSL_DER_LOAD
wolfSSL 0:d92f9d21154c 3614
wolfSSL 0:d92f9d21154c 3615 /* Add format parameter to allow DER load of CA files */
wolfSSL 0:d92f9d21154c 3616 int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 0:d92f9d21154c 3617 int format)
wolfSSL 0:d92f9d21154c 3618 {
wolfSSL 0:d92f9d21154c 3619 WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
wolfSSL 0:d92f9d21154c 3620 if (ctx == NULL || file == NULL)
wolfSSL 0:d92f9d21154c 3621 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3622
wolfSSL 0:d92f9d21154c 3623 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3624 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3625
wolfSSL 0:d92f9d21154c 3626 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3627 }
wolfSSL 0:d92f9d21154c 3628
wolfSSL 0:d92f9d21154c 3629 #endif /* WOLFSSL_DER_LOAD */
wolfSSL 0:d92f9d21154c 3630
wolfSSL 0:d92f9d21154c 3631
wolfSSL 0:d92f9d21154c 3632 #ifdef WOLFSSL_CERT_GEN
wolfSSL 0:d92f9d21154c 3633
wolfSSL 0:d92f9d21154c 3634 /* load pem cert from file into der buffer, return der size or error */
wolfSSL 0:d92f9d21154c 3635 int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL 0:d92f9d21154c 3636 {
wolfSSL 0:d92f9d21154c 3637 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3638 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 3639 byte staticBuffer[1]; /* force XMALLOC */
wolfSSL 0:d92f9d21154c 3640 #else
wolfSSL 0:d92f9d21154c 3641 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 3642 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 3643 #endif
wolfSSL 0:d92f9d21154c 3644 byte* fileBuf = staticBuffer;
wolfSSL 0:d92f9d21154c 3645 int dynamic = 0;
wolfSSL 0:d92f9d21154c 3646 int ret = 0;
wolfSSL 0:d92f9d21154c 3647 int ecc = 0;
wolfSSL 0:d92f9d21154c 3648 long sz = 0;
wolfSSL 0:d92f9d21154c 3649 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 0:d92f9d21154c 3650 buffer converted;
wolfSSL 0:d92f9d21154c 3651
wolfSSL 0:d92f9d21154c 3652 WOLFSSL_ENTER("wolfSSL_PemCertToDer");
wolfSSL 0:d92f9d21154c 3653
wolfSSL 0:d92f9d21154c 3654 if (file == XBADFILE)
wolfSSL 0:d92f9d21154c 3655 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3656 else {
wolfSSL 0:d92f9d21154c 3657 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 3658 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 3659 XREWIND(file);
wolfSSL 0:d92f9d21154c 3660
wolfSSL 0:d92f9d21154c 3661 if (sz < 0) {
wolfSSL 0:d92f9d21154c 3662 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3663 }
wolfSSL 0:d92f9d21154c 3664 else if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 3665 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3666 if (fileBuf == NULL)
wolfSSL 0:d92f9d21154c 3667 ret = MEMORY_E;
wolfSSL 0:d92f9d21154c 3668 else
wolfSSL 0:d92f9d21154c 3669 dynamic = 1;
wolfSSL 0:d92f9d21154c 3670 }
wolfSSL 0:d92f9d21154c 3671
wolfSSL 0:d92f9d21154c 3672 converted.buffer = 0;
wolfSSL 0:d92f9d21154c 3673
wolfSSL 0:d92f9d21154c 3674 if (ret == 0) {
wolfSSL 0:d92f9d21154c 3675 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
wolfSSL 0:d92f9d21154c 3676 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3677 else {
wolfSSL 0:d92f9d21154c 3678 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3679 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 3680 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3681 if (info == NULL)
wolfSSL 0:d92f9d21154c 3682 ret = MEMORY_E;
wolfSSL 0:d92f9d21154c 3683 else
wolfSSL 0:d92f9d21154c 3684 #endif
wolfSSL 0:d92f9d21154c 3685 {
wolfSSL 0:d92f9d21154c 3686 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info,
wolfSSL 0:d92f9d21154c 3687 &ecc);
wolfSSL 0:d92f9d21154c 3688 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3689 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3690 #endif
wolfSSL 0:d92f9d21154c 3691 }
wolfSSL 0:d92f9d21154c 3692 }
wolfSSL 0:d92f9d21154c 3693
wolfSSL 0:d92f9d21154c 3694 if (ret == 0) {
wolfSSL 0:d92f9d21154c 3695 if (converted.length < (word32)derSz) {
wolfSSL 0:d92f9d21154c 3696 XMEMCPY(derBuf, converted.buffer, converted.length);
wolfSSL 0:d92f9d21154c 3697 ret = converted.length;
wolfSSL 0:d92f9d21154c 3698 }
wolfSSL 0:d92f9d21154c 3699 else
wolfSSL 0:d92f9d21154c 3700 ret = BUFFER_E;
wolfSSL 0:d92f9d21154c 3701 }
wolfSSL 0:d92f9d21154c 3702
wolfSSL 0:d92f9d21154c 3703 XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
wolfSSL 0:d92f9d21154c 3704 }
wolfSSL 0:d92f9d21154c 3705
wolfSSL 0:d92f9d21154c 3706 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3707 if (dynamic)
wolfSSL 0:d92f9d21154c 3708 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3709 }
wolfSSL 0:d92f9d21154c 3710
wolfSSL 0:d92f9d21154c 3711 return ret;
wolfSSL 0:d92f9d21154c 3712 }
wolfSSL 0:d92f9d21154c 3713
wolfSSL 0:d92f9d21154c 3714 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 0:d92f9d21154c 3715
wolfSSL 0:d92f9d21154c 3716
wolfSSL 0:d92f9d21154c 3717 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 0:d92f9d21154c 3718 int format)
wolfSSL 0:d92f9d21154c 3719 {
wolfSSL 0:d92f9d21154c 3720 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
wolfSSL 0:d92f9d21154c 3721 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3722 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3723
wolfSSL 0:d92f9d21154c 3724 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3725 }
wolfSSL 0:d92f9d21154c 3726
wolfSSL 0:d92f9d21154c 3727
wolfSSL 0:d92f9d21154c 3728 int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,int format)
wolfSSL 0:d92f9d21154c 3729 {
wolfSSL 0:d92f9d21154c 3730 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
wolfSSL 0:d92f9d21154c 3731 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:d92f9d21154c 3732 == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3733 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3734
wolfSSL 0:d92f9d21154c 3735 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3736 }
wolfSSL 0:d92f9d21154c 3737
wolfSSL 0:d92f9d21154c 3738
wolfSSL 0:d92f9d21154c 3739 /* get cert chaining depth using ssl struct */
wolfSSL 0:d92f9d21154c 3740 long wolfSSL_get_verify_depth(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 3741 {
wolfSSL 0:d92f9d21154c 3742 if(ssl == NULL) {
wolfSSL 0:d92f9d21154c 3743 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3744 }
wolfSSL 0:d92f9d21154c 3745 return MAX_CHAIN_DEPTH;
wolfSSL 0:d92f9d21154c 3746 }
wolfSSL 0:d92f9d21154c 3747
wolfSSL 0:d92f9d21154c 3748
wolfSSL 0:d92f9d21154c 3749 /* get cert chaining depth using ctx struct */
wolfSSL 0:d92f9d21154c 3750 long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 3751 {
wolfSSL 0:d92f9d21154c 3752 if(ctx == NULL) {
wolfSSL 0:d92f9d21154c 3753 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3754 }
wolfSSL 0:d92f9d21154c 3755 return MAX_CHAIN_DEPTH;
wolfSSL 0:d92f9d21154c 3756 }
wolfSSL 0:d92f9d21154c 3757
wolfSSL 0:d92f9d21154c 3758
wolfSSL 0:d92f9d21154c 3759 int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 0:d92f9d21154c 3760 {
wolfSSL 0:d92f9d21154c 3761 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:d92f9d21154c 3762 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
wolfSSL 0:d92f9d21154c 3763 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL 0:d92f9d21154c 3764 == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3765 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3766
wolfSSL 0:d92f9d21154c 3767 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3768 }
wolfSSL 0:d92f9d21154c 3769
wolfSSL 0:d92f9d21154c 3770
wolfSSL 0:d92f9d21154c 3771 #ifndef NO_DH
wolfSSL 0:d92f9d21154c 3772
wolfSSL 0:d92f9d21154c 3773 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 0:d92f9d21154c 3774 static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 3775 const unsigned char* buf, long sz, int format)
wolfSSL 0:d92f9d21154c 3776 {
wolfSSL 0:d92f9d21154c 3777 buffer der;
wolfSSL 0:d92f9d21154c 3778 int ret = 0;
wolfSSL 0:d92f9d21154c 3779 int weOwnDer = 0;
wolfSSL 0:d92f9d21154c 3780 word32 pSz = MAX_DH_SIZE;
wolfSSL 0:d92f9d21154c 3781 word32 gSz = MAX_DH_SIZE;
wolfSSL 0:d92f9d21154c 3782 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3783 byte* p = NULL;
wolfSSL 0:d92f9d21154c 3784 byte* g = NULL;
wolfSSL 0:d92f9d21154c 3785 #else
wolfSSL 0:d92f9d21154c 3786 byte p[MAX_DH_SIZE];
wolfSSL 0:d92f9d21154c 3787 byte g[MAX_DH_SIZE];
wolfSSL 0:d92f9d21154c 3788 #endif
wolfSSL 0:d92f9d21154c 3789
wolfSSL 0:d92f9d21154c 3790 der.buffer = (byte*)buf;
wolfSSL 0:d92f9d21154c 3791 der.length = (word32)sz;
wolfSSL 0:d92f9d21154c 3792
wolfSSL 0:d92f9d21154c 3793 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3794 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3795 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3796
wolfSSL 0:d92f9d21154c 3797 if (p == NULL || g == NULL) {
wolfSSL 0:d92f9d21154c 3798 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3799 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3800 return MEMORY_E;
wolfSSL 0:d92f9d21154c 3801 }
wolfSSL 0:d92f9d21154c 3802 #endif
wolfSSL 0:d92f9d21154c 3803
wolfSSL 0:d92f9d21154c 3804 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL 0:d92f9d21154c 3805 ret = SSL_BAD_FILETYPE;
wolfSSL 0:d92f9d21154c 3806 else {
wolfSSL 0:d92f9d21154c 3807 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:d92f9d21154c 3808 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 3809 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
wolfSSL 0:d92f9d21154c 3810 weOwnDer = 1;
wolfSSL 0:d92f9d21154c 3811 }
wolfSSL 0:d92f9d21154c 3812
wolfSSL 0:d92f9d21154c 3813 if (ret == 0) {
wolfSSL 0:d92f9d21154c 3814 if (wc_DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
wolfSSL 0:d92f9d21154c 3815 ret = SSL_BAD_FILETYPE;
wolfSSL 0:d92f9d21154c 3816 else if (ssl)
wolfSSL 0:d92f9d21154c 3817 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 0:d92f9d21154c 3818 else
wolfSSL 0:d92f9d21154c 3819 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 0:d92f9d21154c 3820 }
wolfSSL 0:d92f9d21154c 3821 }
wolfSSL 0:d92f9d21154c 3822
wolfSSL 0:d92f9d21154c 3823 if (weOwnDer)
wolfSSL 0:d92f9d21154c 3824 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:d92f9d21154c 3825
wolfSSL 0:d92f9d21154c 3826 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3827 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3828 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 3829 #endif
wolfSSL 0:d92f9d21154c 3830
wolfSSL 0:d92f9d21154c 3831 return ret;
wolfSSL 0:d92f9d21154c 3832 }
wolfSSL 0:d92f9d21154c 3833
wolfSSL 0:d92f9d21154c 3834
wolfSSL 0:d92f9d21154c 3835 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 3836 int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
wolfSSL 0:d92f9d21154c 3837 int format)
wolfSSL 0:d92f9d21154c 3838 {
wolfSSL 0:d92f9d21154c 3839 return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 0:d92f9d21154c 3840 }
wolfSSL 0:d92f9d21154c 3841
wolfSSL 0:d92f9d21154c 3842
wolfSSL 0:d92f9d21154c 3843 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 3844 int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
wolfSSL 0:d92f9d21154c 3845 long sz, int format)
wolfSSL 0:d92f9d21154c 3846 {
wolfSSL 0:d92f9d21154c 3847 return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 0:d92f9d21154c 3848 }
wolfSSL 0:d92f9d21154c 3849
wolfSSL 0:d92f9d21154c 3850
wolfSSL 0:d92f9d21154c 3851 /* server Diffie-Hellman parameters */
wolfSSL 0:d92f9d21154c 3852 static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 3853 const char* fname, int format)
wolfSSL 0:d92f9d21154c 3854 {
wolfSSL 0:d92f9d21154c 3855 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 3856 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 3857 #else
wolfSSL 0:d92f9d21154c 3858 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 3859 #endif
wolfSSL 0:d92f9d21154c 3860 byte* myBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 3861 int dynamic = 0;
wolfSSL 0:d92f9d21154c 3862 int ret;
wolfSSL 0:d92f9d21154c 3863 long sz = 0;
wolfSSL 0:d92f9d21154c 3864 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 3865
wolfSSL 0:d92f9d21154c 3866 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3867 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 3868 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 3869 XREWIND(file);
wolfSSL 0:d92f9d21154c 3870
wolfSSL 0:d92f9d21154c 3871 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 3872 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 0:d92f9d21154c 3873 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3874 if (myBuffer == NULL) {
wolfSSL 0:d92f9d21154c 3875 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3876 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3877 }
wolfSSL 0:d92f9d21154c 3878 dynamic = 1;
wolfSSL 0:d92f9d21154c 3879 }
wolfSSL 0:d92f9d21154c 3880 else if (sz < 0) {
wolfSSL 0:d92f9d21154c 3881 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3882 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3883 }
wolfSSL 0:d92f9d21154c 3884
wolfSSL 0:d92f9d21154c 3885 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:d92f9d21154c 3886 ret = SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 3887 else {
wolfSSL 0:d92f9d21154c 3888 if (ssl)
wolfSSL 0:d92f9d21154c 3889 ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 0:d92f9d21154c 3890 else
wolfSSL 0:d92f9d21154c 3891 ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 0:d92f9d21154c 3892 }
wolfSSL 0:d92f9d21154c 3893
wolfSSL 0:d92f9d21154c 3894 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 3895 if (dynamic)
wolfSSL 0:d92f9d21154c 3896 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 3897
wolfSSL 0:d92f9d21154c 3898 return ret;
wolfSSL 0:d92f9d21154c 3899 }
wolfSSL 0:d92f9d21154c 3900
wolfSSL 0:d92f9d21154c 3901 /* server Diffie-Hellman parameters */
wolfSSL 0:d92f9d21154c 3902 int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
wolfSSL 0:d92f9d21154c 3903 {
wolfSSL 0:d92f9d21154c 3904 return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 0:d92f9d21154c 3905 }
wolfSSL 0:d92f9d21154c 3906
wolfSSL 0:d92f9d21154c 3907
wolfSSL 0:d92f9d21154c 3908 /* server Diffie-Hellman parameters */
wolfSSL 0:d92f9d21154c 3909 int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
wolfSSL 0:d92f9d21154c 3910 {
wolfSSL 0:d92f9d21154c 3911 return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 0:d92f9d21154c 3912 }
wolfSSL 0:d92f9d21154c 3913
wolfSSL 0:d92f9d21154c 3914
wolfSSL 0:d92f9d21154c 3915 int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
wolfSSL 0:d92f9d21154c 3916 {
wolfSSL 0:d92f9d21154c 3917 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 0:d92f9d21154c 3918 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3919
wolfSSL 0:d92f9d21154c 3920 ctx->minDhKeySz = keySz / 8;
wolfSSL 0:d92f9d21154c 3921 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3922 }
wolfSSL 0:d92f9d21154c 3923
wolfSSL 0:d92f9d21154c 3924
wolfSSL 0:d92f9d21154c 3925 int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
wolfSSL 0:d92f9d21154c 3926 {
wolfSSL 0:d92f9d21154c 3927 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 0:d92f9d21154c 3928 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3929
wolfSSL 0:d92f9d21154c 3930 ssl->options.minDhKeySz = keySz / 8;
wolfSSL 0:d92f9d21154c 3931 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3932 }
wolfSSL 0:d92f9d21154c 3933
wolfSSL 0:d92f9d21154c 3934
wolfSSL 0:d92f9d21154c 3935 int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 3936 {
wolfSSL 0:d92f9d21154c 3937 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 3938 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3939
wolfSSL 0:d92f9d21154c 3940 return (ssl->options.dhKeySz * 8);
wolfSSL 0:d92f9d21154c 3941 }
wolfSSL 0:d92f9d21154c 3942
wolfSSL 0:d92f9d21154c 3943
wolfSSL 0:d92f9d21154c 3944 #endif /* NO_DH */
wolfSSL 0:d92f9d21154c 3945
wolfSSL 0:d92f9d21154c 3946
wolfSSL 0:d92f9d21154c 3947 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 3948 /* put SSL type in extra for now, not very common */
wolfSSL 0:d92f9d21154c 3949
wolfSSL 0:d92f9d21154c 3950 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 0:d92f9d21154c 3951 {
wolfSSL 0:d92f9d21154c 3952 WOLFSSL_ENTER("wolfSSL_use_certificate_file");
wolfSSL 0:d92f9d21154c 3953 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
wolfSSL 0:d92f9d21154c 3954 == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3955 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3956
wolfSSL 0:d92f9d21154c 3957 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3958 }
wolfSSL 0:d92f9d21154c 3959
wolfSSL 0:d92f9d21154c 3960
wolfSSL 0:d92f9d21154c 3961 int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 0:d92f9d21154c 3962 {
wolfSSL 0:d92f9d21154c 3963 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
wolfSSL 0:d92f9d21154c 3964 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
wolfSSL 0:d92f9d21154c 3965 == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3966 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3967
wolfSSL 0:d92f9d21154c 3968 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3969 }
wolfSSL 0:d92f9d21154c 3970
wolfSSL 0:d92f9d21154c 3971
wolfSSL 0:d92f9d21154c 3972 int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
wolfSSL 0:d92f9d21154c 3973 {
wolfSSL 0:d92f9d21154c 3974 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:d92f9d21154c 3975 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
wolfSSL 0:d92f9d21154c 3976 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
wolfSSL 0:d92f9d21154c 3977 == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 3978 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3979
wolfSSL 0:d92f9d21154c 3980 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 3981 }
wolfSSL 0:d92f9d21154c 3982
wolfSSL 0:d92f9d21154c 3983
wolfSSL 0:d92f9d21154c 3984
wolfSSL 0:d92f9d21154c 3985 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 3986
wolfSSL 0:d92f9d21154c 3987 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:d92f9d21154c 3988 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
wolfSSL 0:d92f9d21154c 3989 {
wolfSSL 0:d92f9d21154c 3990 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:d92f9d21154c 3991 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 3992
wolfSSL 0:d92f9d21154c 3993 ctx->eccTempKeySz = sz;
wolfSSL 0:d92f9d21154c 3994
wolfSSL 0:d92f9d21154c 3995 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 3996 }
wolfSSL 0:d92f9d21154c 3997
wolfSSL 0:d92f9d21154c 3998
wolfSSL 0:d92f9d21154c 3999 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:d92f9d21154c 4000 int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
wolfSSL 0:d92f9d21154c 4001 {
wolfSSL 0:d92f9d21154c 4002 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:d92f9d21154c 4003 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4004
wolfSSL 0:d92f9d21154c 4005 ssl->eccTempKeySz = sz;
wolfSSL 0:d92f9d21154c 4006
wolfSSL 0:d92f9d21154c 4007 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4008 }
wolfSSL 0:d92f9d21154c 4009
wolfSSL 0:d92f9d21154c 4010 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 4011
wolfSSL 0:d92f9d21154c 4012
wolfSSL 0:d92f9d21154c 4013
wolfSSL 0:d92f9d21154c 4014
wolfSSL 0:d92f9d21154c 4015 int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
wolfSSL 0:d92f9d21154c 4016 int format)
wolfSSL 0:d92f9d21154c 4017 {
wolfSSL 0:d92f9d21154c 4018 WOLFSSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 0:d92f9d21154c 4019
wolfSSL 0:d92f9d21154c 4020 return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 0:d92f9d21154c 4021 }
wolfSSL 0:d92f9d21154c 4022
wolfSSL 0:d92f9d21154c 4023
wolfSSL 0:d92f9d21154c 4024 int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 0:d92f9d21154c 4025 {
wolfSSL 0:d92f9d21154c 4026 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
wolfSSL 0:d92f9d21154c 4027
wolfSSL 0:d92f9d21154c 4028 return wolfSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 0:d92f9d21154c 4029 }
wolfSSL 0:d92f9d21154c 4030
wolfSSL 0:d92f9d21154c 4031 #endif /* OPENSSL_EXTRA */
wolfSSL 0:d92f9d21154c 4032
wolfSSL 0:d92f9d21154c 4033 #ifdef HAVE_NTRU
wolfSSL 0:d92f9d21154c 4034
wolfSSL 0:d92f9d21154c 4035 int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 0:d92f9d21154c 4036 {
wolfSSL 0:d92f9d21154c 4037 WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 0:d92f9d21154c 4038 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 4039 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 4040
wolfSSL 0:d92f9d21154c 4041 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:d92f9d21154c 4042 == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 4043 ctx->haveNTRU = 1;
wolfSSL 0:d92f9d21154c 4044 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4045 }
wolfSSL 0:d92f9d21154c 4046
wolfSSL 0:d92f9d21154c 4047 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 4048 }
wolfSSL 0:d92f9d21154c 4049
wolfSSL 0:d92f9d21154c 4050 #endif /* HAVE_NTRU */
wolfSSL 0:d92f9d21154c 4051
wolfSSL 0:d92f9d21154c 4052
wolfSSL 0:d92f9d21154c 4053 #endif /* NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 4054
wolfSSL 0:d92f9d21154c 4055
wolfSSL 0:d92f9d21154c 4056 void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 0:d92f9d21154c 4057 {
wolfSSL 0:d92f9d21154c 4058 WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
wolfSSL 0:d92f9d21154c 4059 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:d92f9d21154c 4060 ctx->verifyPeer = 1;
wolfSSL 0:d92f9d21154c 4061 ctx->verifyNone = 0; /* in case perviously set */
wolfSSL 0:d92f9d21154c 4062 }
wolfSSL 0:d92f9d21154c 4063
wolfSSL 0:d92f9d21154c 4064 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:d92f9d21154c 4065 ctx->verifyNone = 1;
wolfSSL 0:d92f9d21154c 4066 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 0:d92f9d21154c 4067 }
wolfSSL 0:d92f9d21154c 4068
wolfSSL 0:d92f9d21154c 4069 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:d92f9d21154c 4070 ctx->failNoCert = 1;
wolfSSL 0:d92f9d21154c 4071
wolfSSL 0:d92f9d21154c 4072 ctx->verifyCallback = vc;
wolfSSL 0:d92f9d21154c 4073 }
wolfSSL 0:d92f9d21154c 4074
wolfSSL 0:d92f9d21154c 4075
wolfSSL 0:d92f9d21154c 4076 void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
wolfSSL 0:d92f9d21154c 4077 {
wolfSSL 0:d92f9d21154c 4078 WOLFSSL_ENTER("wolfSSL_set_verify");
wolfSSL 0:d92f9d21154c 4079 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:d92f9d21154c 4080 ssl->options.verifyPeer = 1;
wolfSSL 0:d92f9d21154c 4081 ssl->options.verifyNone = 0; /* in case perviously set */
wolfSSL 0:d92f9d21154c 4082 }
wolfSSL 0:d92f9d21154c 4083
wolfSSL 0:d92f9d21154c 4084 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:d92f9d21154c 4085 ssl->options.verifyNone = 1;
wolfSSL 0:d92f9d21154c 4086 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 0:d92f9d21154c 4087 }
wolfSSL 0:d92f9d21154c 4088
wolfSSL 0:d92f9d21154c 4089 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:d92f9d21154c 4090 ssl->options.failNoCert = 1;
wolfSSL 0:d92f9d21154c 4091
wolfSSL 0:d92f9d21154c 4092 ssl->verifyCallback = vc;
wolfSSL 0:d92f9d21154c 4093 }
wolfSSL 0:d92f9d21154c 4094
wolfSSL 0:d92f9d21154c 4095
wolfSSL 0:d92f9d21154c 4096 /* store user ctx for verify callback */
wolfSSL 0:d92f9d21154c 4097 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
wolfSSL 0:d92f9d21154c 4098 {
wolfSSL 0:d92f9d21154c 4099 WOLFSSL_ENTER("wolfSSL_SetCertCbCtx");
wolfSSL 0:d92f9d21154c 4100 if (ssl)
wolfSSL 0:d92f9d21154c 4101 ssl->verifyCbCtx = ctx;
wolfSSL 0:d92f9d21154c 4102 }
wolfSSL 0:d92f9d21154c 4103
wolfSSL 0:d92f9d21154c 4104
wolfSSL 0:d92f9d21154c 4105 /* store context CA Cache addition callback */
wolfSSL 0:d92f9d21154c 4106 void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
wolfSSL 0:d92f9d21154c 4107 {
wolfSSL 0:d92f9d21154c 4108 if (ctx && ctx->cm)
wolfSSL 0:d92f9d21154c 4109 ctx->cm->caCacheCallback = cb;
wolfSSL 0:d92f9d21154c 4110 }
wolfSSL 0:d92f9d21154c 4111
wolfSSL 0:d92f9d21154c 4112
wolfSSL 0:d92f9d21154c 4113 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:d92f9d21154c 4114
wolfSSL 0:d92f9d21154c 4115 #if !defined(NO_FILESYSTEM)
wolfSSL 0:d92f9d21154c 4116
wolfSSL 0:d92f9d21154c 4117 /* Persist cert cache to file */
wolfSSL 0:d92f9d21154c 4118 int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 0:d92f9d21154c 4119 {
wolfSSL 0:d92f9d21154c 4120 WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache");
wolfSSL 0:d92f9d21154c 4121
wolfSSL 0:d92f9d21154c 4122 if (ctx == NULL || fname == NULL)
wolfSSL 0:d92f9d21154c 4123 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4124
wolfSSL 0:d92f9d21154c 4125 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 0:d92f9d21154c 4126 }
wolfSSL 0:d92f9d21154c 4127
wolfSSL 0:d92f9d21154c 4128
wolfSSL 0:d92f9d21154c 4129 /* Persist cert cache from file */
wolfSSL 0:d92f9d21154c 4130 int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 0:d92f9d21154c 4131 {
wolfSSL 0:d92f9d21154c 4132 WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache");
wolfSSL 0:d92f9d21154c 4133
wolfSSL 0:d92f9d21154c 4134 if (ctx == NULL || fname == NULL)
wolfSSL 0:d92f9d21154c 4135 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4136
wolfSSL 0:d92f9d21154c 4137 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 0:d92f9d21154c 4138 }
wolfSSL 0:d92f9d21154c 4139
wolfSSL 0:d92f9d21154c 4140 #endif /* NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 4141
wolfSSL 0:d92f9d21154c 4142 /* Persist cert cache to memory */
wolfSSL 0:d92f9d21154c 4143 int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used)
wolfSSL 0:d92f9d21154c 4144 {
wolfSSL 0:d92f9d21154c 4145 WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
wolfSSL 0:d92f9d21154c 4146
wolfSSL 0:d92f9d21154c 4147 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 0:d92f9d21154c 4148 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4149
wolfSSL 0:d92f9d21154c 4150 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 0:d92f9d21154c 4151 }
wolfSSL 0:d92f9d21154c 4152
wolfSSL 0:d92f9d21154c 4153
wolfSSL 0:d92f9d21154c 4154 /* Restore cert cache from memory */
wolfSSL 0:d92f9d21154c 4155 int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz)
wolfSSL 0:d92f9d21154c 4156 {
wolfSSL 0:d92f9d21154c 4157 WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache");
wolfSSL 0:d92f9d21154c 4158
wolfSSL 0:d92f9d21154c 4159 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 0:d92f9d21154c 4160 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4161
wolfSSL 0:d92f9d21154c 4162 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 0:d92f9d21154c 4163 }
wolfSSL 0:d92f9d21154c 4164
wolfSSL 0:d92f9d21154c 4165
wolfSSL 0:d92f9d21154c 4166 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:d92f9d21154c 4167 int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 4168 {
wolfSSL 0:d92f9d21154c 4169 WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize");
wolfSSL 0:d92f9d21154c 4170
wolfSSL 0:d92f9d21154c 4171 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 4172 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4173
wolfSSL 0:d92f9d21154c 4174 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 0:d92f9d21154c 4175 }
wolfSSL 0:d92f9d21154c 4176
wolfSSL 0:d92f9d21154c 4177 #endif /* PERSISTE_CERT_CACHE */
wolfSSL 0:d92f9d21154c 4178 #endif /* !NO_CERTS */
wolfSSL 0:d92f9d21154c 4179
wolfSSL 0:d92f9d21154c 4180
wolfSSL 0:d92f9d21154c 4181 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 4182
wolfSSL 0:d92f9d21154c 4183 WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 4184 {
wolfSSL 0:d92f9d21154c 4185 WOLFSSL_ENTER("SSL_get_session");
wolfSSL 0:d92f9d21154c 4186 if (ssl)
wolfSSL 0:d92f9d21154c 4187 return GetSession(ssl, 0);
wolfSSL 0:d92f9d21154c 4188
wolfSSL 0:d92f9d21154c 4189 return NULL;
wolfSSL 0:d92f9d21154c 4190 }
wolfSSL 0:d92f9d21154c 4191
wolfSSL 0:d92f9d21154c 4192
wolfSSL 0:d92f9d21154c 4193 int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 4194 {
wolfSSL 0:d92f9d21154c 4195 WOLFSSL_ENTER("SSL_set_session");
wolfSSL 0:d92f9d21154c 4196 if (session)
wolfSSL 0:d92f9d21154c 4197 return SetSession(ssl, session);
wolfSSL 0:d92f9d21154c 4198
wolfSSL 0:d92f9d21154c 4199 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 4200 }
wolfSSL 0:d92f9d21154c 4201
wolfSSL 0:d92f9d21154c 4202
wolfSSL 0:d92f9d21154c 4203 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4204
wolfSSL 0:d92f9d21154c 4205 /* Associate client session with serverID, find existing or store for saving
wolfSSL 0:d92f9d21154c 4206 if newSession flag on, don't reuse existing session
wolfSSL 0:d92f9d21154c 4207 SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 4208 int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
wolfSSL 0:d92f9d21154c 4209 {
wolfSSL 0:d92f9d21154c 4210 WOLFSSL_SESSION* session = NULL;
wolfSSL 0:d92f9d21154c 4211
wolfSSL 0:d92f9d21154c 4212 WOLFSSL_ENTER("wolfSSL_SetServerID");
wolfSSL 0:d92f9d21154c 4213
wolfSSL 0:d92f9d21154c 4214 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 0:d92f9d21154c 4215 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 4216
wolfSSL 0:d92f9d21154c 4217 if (newSession == 0) {
wolfSSL 0:d92f9d21154c 4218 session = GetSessionClient(ssl, id, len);
wolfSSL 0:d92f9d21154c 4219 if (session) {
wolfSSL 0:d92f9d21154c 4220 if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 4221 WOLFSSL_MSG("SetSession failed");
wolfSSL 0:d92f9d21154c 4222 session = NULL;
wolfSSL 0:d92f9d21154c 4223 }
wolfSSL 0:d92f9d21154c 4224 }
wolfSSL 0:d92f9d21154c 4225 }
wolfSSL 0:d92f9d21154c 4226
wolfSSL 0:d92f9d21154c 4227 if (session == NULL) {
wolfSSL 0:d92f9d21154c 4228 WOLFSSL_MSG("Valid ServerID not cached already");
wolfSSL 0:d92f9d21154c 4229
wolfSSL 0:d92f9d21154c 4230 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:d92f9d21154c 4231 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 0:d92f9d21154c 4232 }
wolfSSL 0:d92f9d21154c 4233
wolfSSL 0:d92f9d21154c 4234 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4235 }
wolfSSL 0:d92f9d21154c 4236
wolfSSL 0:d92f9d21154c 4237 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 4238
wolfSSL 0:d92f9d21154c 4239 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 0:d92f9d21154c 4240
wolfSSL 0:d92f9d21154c 4241 /* for persistance, if changes to layout need to increment and modify
wolfSSL 0:d92f9d21154c 4242 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 0:d92f9d21154c 4243 #define WOLFSSL_CACHE_VERSION 2
wolfSSL 0:d92f9d21154c 4244
wolfSSL 0:d92f9d21154c 4245 /* Session Cache Header information */
wolfSSL 0:d92f9d21154c 4246 typedef struct {
wolfSSL 0:d92f9d21154c 4247 int version; /* cache layout version id */
wolfSSL 0:d92f9d21154c 4248 int rows; /* session rows */
wolfSSL 0:d92f9d21154c 4249 int columns; /* session columns */
wolfSSL 0:d92f9d21154c 4250 int sessionSz; /* sizeof WOLFSSL_SESSION */
wolfSSL 0:d92f9d21154c 4251 } cache_header_t;
wolfSSL 0:d92f9d21154c 4252
wolfSSL 0:d92f9d21154c 4253 /* current persistence layout is:
wolfSSL 0:d92f9d21154c 4254
wolfSSL 0:d92f9d21154c 4255 1) cache_header_t
wolfSSL 0:d92f9d21154c 4256 2) SessionCache
wolfSSL 0:d92f9d21154c 4257 3) ClientCache
wolfSSL 0:d92f9d21154c 4258
wolfSSL 0:d92f9d21154c 4259 update WOLFSSL_CACHE_VERSION if change layout for the following
wolfSSL 0:d92f9d21154c 4260 PERSISTENT_SESSION_CACHE functions
wolfSSL 0:d92f9d21154c 4261 */
wolfSSL 0:d92f9d21154c 4262
wolfSSL 0:d92f9d21154c 4263
wolfSSL 0:d92f9d21154c 4264 /* get how big the the session cache save buffer needs to be */
wolfSSL 0:d92f9d21154c 4265 int wolfSSL_get_session_cache_memsize(void)
wolfSSL 0:d92f9d21154c 4266 {
wolfSSL 0:d92f9d21154c 4267 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 0:d92f9d21154c 4268
wolfSSL 0:d92f9d21154c 4269 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4270 sz += (int)(sizeof(ClientCache));
wolfSSL 0:d92f9d21154c 4271 #endif
wolfSSL 0:d92f9d21154c 4272
wolfSSL 0:d92f9d21154c 4273 return sz;
wolfSSL 0:d92f9d21154c 4274 }
wolfSSL 0:d92f9d21154c 4275
wolfSSL 0:d92f9d21154c 4276
wolfSSL 0:d92f9d21154c 4277 /* Persist session cache to memory */
wolfSSL 0:d92f9d21154c 4278 int wolfSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 0:d92f9d21154c 4279 {
wolfSSL 0:d92f9d21154c 4280 int i;
wolfSSL 0:d92f9d21154c 4281 cache_header_t cache_header;
wolfSSL 0:d92f9d21154c 4282 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:d92f9d21154c 4283 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4284 ClientRow* clRow;
wolfSSL 0:d92f9d21154c 4285 #endif
wolfSSL 0:d92f9d21154c 4286
wolfSSL 0:d92f9d21154c 4287 WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
wolfSSL 0:d92f9d21154c 4288
wolfSSL 0:d92f9d21154c 4289 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 0:d92f9d21154c 4290 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 0:d92f9d21154c 4291 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4292 }
wolfSSL 0:d92f9d21154c 4293
wolfSSL 0:d92f9d21154c 4294 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 0:d92f9d21154c 4295 cache_header.rows = SESSION_ROWS;
wolfSSL 0:d92f9d21154c 4296 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:d92f9d21154c 4297 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 0:d92f9d21154c 4298 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 0:d92f9d21154c 4299
wolfSSL 0:d92f9d21154c 4300 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 4301 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 0:d92f9d21154c 4302 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4303 }
wolfSSL 0:d92f9d21154c 4304
wolfSSL 0:d92f9d21154c 4305 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:d92f9d21154c 4306 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 0:d92f9d21154c 4307
wolfSSL 0:d92f9d21154c 4308 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4309 clRow = (ClientRow*)row;
wolfSSL 0:d92f9d21154c 4310 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:d92f9d21154c 4311 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 0:d92f9d21154c 4312 #endif
wolfSSL 0:d92f9d21154c 4313
wolfSSL 0:d92f9d21154c 4314 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 4315
wolfSSL 0:d92f9d21154c 4316 WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL 0:d92f9d21154c 4317
wolfSSL 0:d92f9d21154c 4318 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4319 }
wolfSSL 0:d92f9d21154c 4320
wolfSSL 0:d92f9d21154c 4321
wolfSSL 0:d92f9d21154c 4322 /* Restore the persistant session cache from memory */
wolfSSL 0:d92f9d21154c 4323 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 0:d92f9d21154c 4324 {
wolfSSL 0:d92f9d21154c 4325 int i;
wolfSSL 0:d92f9d21154c 4326 cache_header_t cache_header;
wolfSSL 0:d92f9d21154c 4327 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:d92f9d21154c 4328 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4329 ClientRow* clRow;
wolfSSL 0:d92f9d21154c 4330 #endif
wolfSSL 0:d92f9d21154c 4331
wolfSSL 0:d92f9d21154c 4332 WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
wolfSSL 0:d92f9d21154c 4333
wolfSSL 0:d92f9d21154c 4334 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 0:d92f9d21154c 4335 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 0:d92f9d21154c 4336 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4337 }
wolfSSL 0:d92f9d21154c 4338
wolfSSL 0:d92f9d21154c 4339 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 0:d92f9d21154c 4340 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 0:d92f9d21154c 4341 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:d92f9d21154c 4342 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:d92f9d21154c 4343 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 0:d92f9d21154c 4344
wolfSSL 0:d92f9d21154c 4345 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 0:d92f9d21154c 4346 return CACHE_MATCH_ERROR;
wolfSSL 0:d92f9d21154c 4347 }
wolfSSL 0:d92f9d21154c 4348
wolfSSL 0:d92f9d21154c 4349 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 4350 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 0:d92f9d21154c 4351 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4352 }
wolfSSL 0:d92f9d21154c 4353
wolfSSL 0:d92f9d21154c 4354 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:d92f9d21154c 4355 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 0:d92f9d21154c 4356
wolfSSL 0:d92f9d21154c 4357 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4358 clRow = (ClientRow*)row;
wolfSSL 0:d92f9d21154c 4359 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:d92f9d21154c 4360 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 0:d92f9d21154c 4361 #endif
wolfSSL 0:d92f9d21154c 4362
wolfSSL 0:d92f9d21154c 4363 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 4364
wolfSSL 0:d92f9d21154c 4365 WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL 0:d92f9d21154c 4366
wolfSSL 0:d92f9d21154c 4367 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4368 }
wolfSSL 0:d92f9d21154c 4369
wolfSSL 0:d92f9d21154c 4370 #if !defined(NO_FILESYSTEM)
wolfSSL 0:d92f9d21154c 4371
wolfSSL 0:d92f9d21154c 4372 /* Persist session cache to file */
wolfSSL 0:d92f9d21154c 4373 /* doesn't use memsave because of additional memory use */
wolfSSL 0:d92f9d21154c 4374 int wolfSSL_save_session_cache(const char *fname)
wolfSSL 0:d92f9d21154c 4375 {
wolfSSL 0:d92f9d21154c 4376 XFILE file;
wolfSSL 0:d92f9d21154c 4377 int ret;
wolfSSL 0:d92f9d21154c 4378 int rc = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4379 int i;
wolfSSL 0:d92f9d21154c 4380 cache_header_t cache_header;
wolfSSL 0:d92f9d21154c 4381
wolfSSL 0:d92f9d21154c 4382 WOLFSSL_ENTER("wolfSSL_save_session_cache");
wolfSSL 0:d92f9d21154c 4383
wolfSSL 0:d92f9d21154c 4384 file = XFOPEN(fname, "w+b");
wolfSSL 0:d92f9d21154c 4385 if (file == XBADFILE) {
wolfSSL 0:d92f9d21154c 4386 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 0:d92f9d21154c 4387 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 4388 }
wolfSSL 0:d92f9d21154c 4389 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 0:d92f9d21154c 4390 cache_header.rows = SESSION_ROWS;
wolfSSL 0:d92f9d21154c 4391 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:d92f9d21154c 4392 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 0:d92f9d21154c 4393
wolfSSL 0:d92f9d21154c 4394 /* cache header */
wolfSSL 0:d92f9d21154c 4395 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:d92f9d21154c 4396 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4397 WOLFSSL_MSG("Session cache header file write failed");
wolfSSL 0:d92f9d21154c 4398 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4399 return FWRITE_ERROR;
wolfSSL 0:d92f9d21154c 4400 }
wolfSSL 0:d92f9d21154c 4401
wolfSSL 0:d92f9d21154c 4402 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 4403 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 0:d92f9d21154c 4404 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4405 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4406 }
wolfSSL 0:d92f9d21154c 4407
wolfSSL 0:d92f9d21154c 4408 /* session cache */
wolfSSL 0:d92f9d21154c 4409 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:d92f9d21154c 4410 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:d92f9d21154c 4411 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4412 WOLFSSL_MSG("Session cache member file write failed");
wolfSSL 0:d92f9d21154c 4413 rc = FWRITE_ERROR;
wolfSSL 0:d92f9d21154c 4414 break;
wolfSSL 0:d92f9d21154c 4415 }
wolfSSL 0:d92f9d21154c 4416 }
wolfSSL 0:d92f9d21154c 4417
wolfSSL 0:d92f9d21154c 4418 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4419 /* client cache */
wolfSSL 0:d92f9d21154c 4420 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:d92f9d21154c 4421 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:d92f9d21154c 4422 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4423 WOLFSSL_MSG("Client cache member file write failed");
wolfSSL 0:d92f9d21154c 4424 rc = FWRITE_ERROR;
wolfSSL 0:d92f9d21154c 4425 break;
wolfSSL 0:d92f9d21154c 4426 }
wolfSSL 0:d92f9d21154c 4427 }
wolfSSL 0:d92f9d21154c 4428 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 4429
wolfSSL 0:d92f9d21154c 4430 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 4431
wolfSSL 0:d92f9d21154c 4432 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4433 WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
wolfSSL 0:d92f9d21154c 4434
wolfSSL 0:d92f9d21154c 4435 return rc;
wolfSSL 0:d92f9d21154c 4436 }
wolfSSL 0:d92f9d21154c 4437
wolfSSL 0:d92f9d21154c 4438
wolfSSL 0:d92f9d21154c 4439 /* Restore the persistant session cache from file */
wolfSSL 0:d92f9d21154c 4440 /* doesn't use memstore because of additional memory use */
wolfSSL 0:d92f9d21154c 4441 int wolfSSL_restore_session_cache(const char *fname)
wolfSSL 0:d92f9d21154c 4442 {
wolfSSL 0:d92f9d21154c 4443 XFILE file;
wolfSSL 0:d92f9d21154c 4444 int rc = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4445 int ret;
wolfSSL 0:d92f9d21154c 4446 int i;
wolfSSL 0:d92f9d21154c 4447 cache_header_t cache_header;
wolfSSL 0:d92f9d21154c 4448
wolfSSL 0:d92f9d21154c 4449 WOLFSSL_ENTER("wolfSSL_restore_session_cache");
wolfSSL 0:d92f9d21154c 4450
wolfSSL 0:d92f9d21154c 4451 file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 4452 if (file == XBADFILE) {
wolfSSL 0:d92f9d21154c 4453 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 0:d92f9d21154c 4454 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 4455 }
wolfSSL 0:d92f9d21154c 4456 /* cache header */
wolfSSL 0:d92f9d21154c 4457 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:d92f9d21154c 4458 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4459 WOLFSSL_MSG("Session cache header file read failed");
wolfSSL 0:d92f9d21154c 4460 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4461 return FREAD_ERROR;
wolfSSL 0:d92f9d21154c 4462 }
wolfSSL 0:d92f9d21154c 4463 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 0:d92f9d21154c 4464 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:d92f9d21154c 4465 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:d92f9d21154c 4466 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 0:d92f9d21154c 4467
wolfSSL 0:d92f9d21154c 4468 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 0:d92f9d21154c 4469 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4470 return CACHE_MATCH_ERROR;
wolfSSL 0:d92f9d21154c 4471 }
wolfSSL 0:d92f9d21154c 4472
wolfSSL 0:d92f9d21154c 4473 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 4474 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 0:d92f9d21154c 4475 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4476 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4477 }
wolfSSL 0:d92f9d21154c 4478
wolfSSL 0:d92f9d21154c 4479 /* session cache */
wolfSSL 0:d92f9d21154c 4480 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:d92f9d21154c 4481 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:d92f9d21154c 4482 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4483 WOLFSSL_MSG("Session cache member file read failed");
wolfSSL 0:d92f9d21154c 4484 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 0:d92f9d21154c 4485 rc = FREAD_ERROR;
wolfSSL 0:d92f9d21154c 4486 break;
wolfSSL 0:d92f9d21154c 4487 }
wolfSSL 0:d92f9d21154c 4488 }
wolfSSL 0:d92f9d21154c 4489
wolfSSL 0:d92f9d21154c 4490 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 4491 /* client cache */
wolfSSL 0:d92f9d21154c 4492 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:d92f9d21154c 4493 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:d92f9d21154c 4494 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4495 WOLFSSL_MSG("Client cache member file read failed");
wolfSSL 0:d92f9d21154c 4496 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 0:d92f9d21154c 4497 rc = FREAD_ERROR;
wolfSSL 0:d92f9d21154c 4498 break;
wolfSSL 0:d92f9d21154c 4499 }
wolfSSL 0:d92f9d21154c 4500 }
wolfSSL 0:d92f9d21154c 4501
wolfSSL 0:d92f9d21154c 4502 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 4503
wolfSSL 0:d92f9d21154c 4504 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 4505
wolfSSL 0:d92f9d21154c 4506 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4507 WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
wolfSSL 0:d92f9d21154c 4508
wolfSSL 0:d92f9d21154c 4509 return rc;
wolfSSL 0:d92f9d21154c 4510 }
wolfSSL 0:d92f9d21154c 4511
wolfSSL 0:d92f9d21154c 4512 #endif /* !NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 4513 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 4514 #endif /* NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 4515
wolfSSL 0:d92f9d21154c 4516
wolfSSL 0:d92f9d21154c 4517 void wolfSSL_load_error_strings(void) /* compatibility only */
wolfSSL 0:d92f9d21154c 4518 {}
wolfSSL 0:d92f9d21154c 4519
wolfSSL 0:d92f9d21154c 4520
wolfSSL 0:d92f9d21154c 4521 int wolfSSL_library_init(void)
wolfSSL 0:d92f9d21154c 4522 {
wolfSSL 0:d92f9d21154c 4523 WOLFSSL_ENTER("SSL_library_init");
wolfSSL 0:d92f9d21154c 4524 if (wolfSSL_Init() == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 4525 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4526 else
wolfSSL 0:d92f9d21154c 4527 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 4528 }
wolfSSL 0:d92f9d21154c 4529
wolfSSL 0:d92f9d21154c 4530
wolfSSL 0:d92f9d21154c 4531 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 0:d92f9d21154c 4532
wolfSSL 0:d92f9d21154c 4533 int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
wolfSSL 0:d92f9d21154c 4534 {
wolfSSL 0:d92f9d21154c 4535 WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
wolfSSL 0:d92f9d21154c 4536 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 4537 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 4538
wolfSSL 0:d92f9d21154c 4539 ssl->sessionSecretCb = cb;
wolfSSL 0:d92f9d21154c 4540 ssl->sessionSecretCtx = ctx;
wolfSSL 0:d92f9d21154c 4541 /* If using a pre-set key, assume session resumption. */
wolfSSL 0:d92f9d21154c 4542 ssl->session.sessionIDSz = 0;
wolfSSL 0:d92f9d21154c 4543 ssl->options.resuming = 1;
wolfSSL 0:d92f9d21154c 4544
wolfSSL 0:d92f9d21154c 4545 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4546 }
wolfSSL 0:d92f9d21154c 4547
wolfSSL 0:d92f9d21154c 4548 #endif
wolfSSL 0:d92f9d21154c 4549
wolfSSL 0:d92f9d21154c 4550
wolfSSL 0:d92f9d21154c 4551 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 4552
wolfSSL 0:d92f9d21154c 4553 /* on by default if built in but allow user to turn off */
wolfSSL 0:d92f9d21154c 4554 long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 0:d92f9d21154c 4555 {
wolfSSL 0:d92f9d21154c 4556 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 0:d92f9d21154c 4557 if (mode == SSL_SESS_CACHE_OFF)
wolfSSL 0:d92f9d21154c 4558 ctx->sessionCacheOff = 1;
wolfSSL 0:d92f9d21154c 4559
wolfSSL 0:d92f9d21154c 4560 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
wolfSSL 0:d92f9d21154c 4561 ctx->sessionCacheFlushOff = 1;
wolfSSL 0:d92f9d21154c 4562
wolfSSL 0:d92f9d21154c 4563 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4564 }
wolfSSL 0:d92f9d21154c 4565
wolfSSL 0:d92f9d21154c 4566 #endif /* NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 4567
wolfSSL 0:d92f9d21154c 4568
wolfSSL 0:d92f9d21154c 4569 #if !defined(NO_CERTS)
wolfSSL 0:d92f9d21154c 4570 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:d92f9d21154c 4571
wolfSSL 0:d92f9d21154c 4572
wolfSSL 0:d92f9d21154c 4573 #define WOLFSSL_CACHE_CERT_VERSION 1
wolfSSL 0:d92f9d21154c 4574
wolfSSL 0:d92f9d21154c 4575 typedef struct {
wolfSSL 0:d92f9d21154c 4576 int version; /* cache cert layout version id */
wolfSSL 0:d92f9d21154c 4577 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 0:d92f9d21154c 4578 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 0:d92f9d21154c 4579 int signerSz; /* sizeof Signer object */
wolfSSL 0:d92f9d21154c 4580 } CertCacheHeader;
wolfSSL 0:d92f9d21154c 4581
wolfSSL 0:d92f9d21154c 4582 /* current cert persistance layout is:
wolfSSL 0:d92f9d21154c 4583
wolfSSL 0:d92f9d21154c 4584 1) CertCacheHeader
wolfSSL 0:d92f9d21154c 4585 2) caTable
wolfSSL 0:d92f9d21154c 4586
wolfSSL 0:d92f9d21154c 4587 update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 0:d92f9d21154c 4588 PERSIST_CERT_CACHE functions
wolfSSL 0:d92f9d21154c 4589 */
wolfSSL 0:d92f9d21154c 4590
wolfSSL 0:d92f9d21154c 4591
wolfSSL 0:d92f9d21154c 4592 /* Return memory needed to persist this signer, have lock */
wolfSSL 0:d92f9d21154c 4593 static INLINE int GetSignerMemory(Signer* signer)
wolfSSL 0:d92f9d21154c 4594 {
wolfSSL 0:d92f9d21154c 4595 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 0:d92f9d21154c 4596 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:d92f9d21154c 4597
wolfSSL 0:d92f9d21154c 4598 #if !defined(NO_SKID)
wolfSSL 0:d92f9d21154c 4599 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:d92f9d21154c 4600 #endif
wolfSSL 0:d92f9d21154c 4601
wolfSSL 0:d92f9d21154c 4602 /* add dynamic bytes needed */
wolfSSL 0:d92f9d21154c 4603 sz += signer->pubKeySize;
wolfSSL 0:d92f9d21154c 4604 sz += signer->nameLen;
wolfSSL 0:d92f9d21154c 4605
wolfSSL 0:d92f9d21154c 4606 return sz;
wolfSSL 0:d92f9d21154c 4607 }
wolfSSL 0:d92f9d21154c 4608
wolfSSL 0:d92f9d21154c 4609
wolfSSL 0:d92f9d21154c 4610 /* Return memory needed to persist this row, have lock */
wolfSSL 0:d92f9d21154c 4611 static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 0:d92f9d21154c 4612 {
wolfSSL 0:d92f9d21154c 4613 int sz = 0;
wolfSSL 0:d92f9d21154c 4614
wolfSSL 0:d92f9d21154c 4615 while (row) {
wolfSSL 0:d92f9d21154c 4616 sz += GetSignerMemory(row);
wolfSSL 0:d92f9d21154c 4617 row = row->next;
wolfSSL 0:d92f9d21154c 4618 }
wolfSSL 0:d92f9d21154c 4619
wolfSSL 0:d92f9d21154c 4620 return sz;
wolfSSL 0:d92f9d21154c 4621 }
wolfSSL 0:d92f9d21154c 4622
wolfSSL 0:d92f9d21154c 4623
wolfSSL 0:d92f9d21154c 4624 /* get the size of persist cert cache, have lock */
wolfSSL 0:d92f9d21154c 4625 static INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 4626 {
wolfSSL 0:d92f9d21154c 4627 int sz;
wolfSSL 0:d92f9d21154c 4628 int i;
wolfSSL 0:d92f9d21154c 4629
wolfSSL 0:d92f9d21154c 4630 sz = sizeof(CertCacheHeader);
wolfSSL 0:d92f9d21154c 4631
wolfSSL 0:d92f9d21154c 4632 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 0:d92f9d21154c 4633 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 0:d92f9d21154c 4634
wolfSSL 0:d92f9d21154c 4635 return sz;
wolfSSL 0:d92f9d21154c 4636 }
wolfSSL 0:d92f9d21154c 4637
wolfSSL 0:d92f9d21154c 4638
wolfSSL 0:d92f9d21154c 4639 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 0:d92f9d21154c 4640 static INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)
wolfSSL 0:d92f9d21154c 4641 {
wolfSSL 0:d92f9d21154c 4642 int i;
wolfSSL 0:d92f9d21154c 4643 Signer* row;
wolfSSL 0:d92f9d21154c 4644
wolfSSL 0:d92f9d21154c 4645 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 0:d92f9d21154c 4646 int count = 0;
wolfSSL 0:d92f9d21154c 4647 row = cm->caTable[i];
wolfSSL 0:d92f9d21154c 4648
wolfSSL 0:d92f9d21154c 4649 while (row) {
wolfSSL 0:d92f9d21154c 4650 ++count;
wolfSSL 0:d92f9d21154c 4651 row = row->next;
wolfSSL 0:d92f9d21154c 4652 }
wolfSSL 0:d92f9d21154c 4653 columns[i] = count;
wolfSSL 0:d92f9d21154c 4654 }
wolfSSL 0:d92f9d21154c 4655 }
wolfSSL 0:d92f9d21154c 4656
wolfSSL 0:d92f9d21154c 4657
wolfSSL 0:d92f9d21154c 4658 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 0:d92f9d21154c 4659 < 0 on error, have lock */
wolfSSL 0:d92f9d21154c 4660 static INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
wolfSSL 0:d92f9d21154c 4661 int row, int listSz, const byte* end)
wolfSSL 0:d92f9d21154c 4662 {
wolfSSL 0:d92f9d21154c 4663 int idx = 0;
wolfSSL 0:d92f9d21154c 4664
wolfSSL 0:d92f9d21154c 4665 if (listSz < 0) {
wolfSSL 0:d92f9d21154c 4666 WOLFSSL_MSG("Row header corrupted, negative value");
wolfSSL 0:d92f9d21154c 4667 return PARSE_ERROR;
wolfSSL 0:d92f9d21154c 4668 }
wolfSSL 0:d92f9d21154c 4669
wolfSSL 0:d92f9d21154c 4670 while (listSz) {
wolfSSL 0:d92f9d21154c 4671 Signer* signer;
wolfSSL 0:d92f9d21154c 4672 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 0:d92f9d21154c 4673 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 0:d92f9d21154c 4674 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:d92f9d21154c 4675 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 4676 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:d92f9d21154c 4677 #endif
wolfSSL 0:d92f9d21154c 4678
wolfSSL 0:d92f9d21154c 4679 if (start + minSz > end) {
wolfSSL 0:d92f9d21154c 4680 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 0:d92f9d21154c 4681 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4682 }
wolfSSL 0:d92f9d21154c 4683 signer = MakeSigner(cm->heap);
wolfSSL 0:d92f9d21154c 4684 if (signer == NULL)
wolfSSL 0:d92f9d21154c 4685 return MEMORY_E;
wolfSSL 0:d92f9d21154c 4686
wolfSSL 0:d92f9d21154c 4687 /* pubKeySize */
wolfSSL 0:d92f9d21154c 4688 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 0:d92f9d21154c 4689 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 0:d92f9d21154c 4690
wolfSSL 0:d92f9d21154c 4691 /* keyOID */
wolfSSL 0:d92f9d21154c 4692 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 0:d92f9d21154c 4693 idx += (int)sizeof(signer->keyOID);
wolfSSL 0:d92f9d21154c 4694
wolfSSL 0:d92f9d21154c 4695 /* pulicKey */
wolfSSL 0:d92f9d21154c 4696 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 0:d92f9d21154c 4697 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 0:d92f9d21154c 4698 FreeSigner(signer, cm->heap);
wolfSSL 0:d92f9d21154c 4699 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4700 }
wolfSSL 0:d92f9d21154c 4701 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 0:d92f9d21154c 4702 DYNAMIC_TYPE_KEY);
wolfSSL 0:d92f9d21154c 4703 if (signer->publicKey == NULL) {
wolfSSL 0:d92f9d21154c 4704 FreeSigner(signer, cm->heap);
wolfSSL 0:d92f9d21154c 4705 return MEMORY_E;
wolfSSL 0:d92f9d21154c 4706 }
wolfSSL 0:d92f9d21154c 4707
wolfSSL 0:d92f9d21154c 4708 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL 0:d92f9d21154c 4709 idx += signer->pubKeySize;
wolfSSL 0:d92f9d21154c 4710
wolfSSL 0:d92f9d21154c 4711 /* nameLen */
wolfSSL 0:d92f9d21154c 4712 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 0:d92f9d21154c 4713 idx += (int)sizeof(signer->nameLen);
wolfSSL 0:d92f9d21154c 4714
wolfSSL 0:d92f9d21154c 4715 /* name */
wolfSSL 0:d92f9d21154c 4716 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 0:d92f9d21154c 4717 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 0:d92f9d21154c 4718 FreeSigner(signer, cm->heap);
wolfSSL 0:d92f9d21154c 4719 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4720 }
wolfSSL 0:d92f9d21154c 4721 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 0:d92f9d21154c 4722 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 0:d92f9d21154c 4723 if (signer->name == NULL) {
wolfSSL 0:d92f9d21154c 4724 FreeSigner(signer, cm->heap);
wolfSSL 0:d92f9d21154c 4725 return MEMORY_E;
wolfSSL 0:d92f9d21154c 4726 }
wolfSSL 0:d92f9d21154c 4727
wolfSSL 0:d92f9d21154c 4728 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 0:d92f9d21154c 4729 idx += signer->nameLen;
wolfSSL 0:d92f9d21154c 4730
wolfSSL 0:d92f9d21154c 4731 /* subjectNameHash */
wolfSSL 0:d92f9d21154c 4732 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 4733 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 4734
wolfSSL 0:d92f9d21154c 4735 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 4736 /* subjectKeyIdHash */
wolfSSL 0:d92f9d21154c 4737 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 4738 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 4739 #endif
wolfSSL 0:d92f9d21154c 4740
wolfSSL 0:d92f9d21154c 4741 signer->next = cm->caTable[row];
wolfSSL 0:d92f9d21154c 4742 cm->caTable[row] = signer;
wolfSSL 0:d92f9d21154c 4743
wolfSSL 0:d92f9d21154c 4744 --listSz;
wolfSSL 0:d92f9d21154c 4745 }
wolfSSL 0:d92f9d21154c 4746
wolfSSL 0:d92f9d21154c 4747 return idx;
wolfSSL 0:d92f9d21154c 4748 }
wolfSSL 0:d92f9d21154c 4749
wolfSSL 0:d92f9d21154c 4750
wolfSSL 0:d92f9d21154c 4751 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 0:d92f9d21154c 4752 static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 0:d92f9d21154c 4753 {
wolfSSL 0:d92f9d21154c 4754 int added = 0;
wolfSSL 0:d92f9d21154c 4755 Signer* list = cm->caTable[row];
wolfSSL 0:d92f9d21154c 4756
wolfSSL 0:d92f9d21154c 4757 while (list) {
wolfSSL 0:d92f9d21154c 4758 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 0:d92f9d21154c 4759 added += (int)sizeof(list->pubKeySize);
wolfSSL 0:d92f9d21154c 4760
wolfSSL 0:d92f9d21154c 4761 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 0:d92f9d21154c 4762 added += (int)sizeof(list->keyOID);
wolfSSL 0:d92f9d21154c 4763
wolfSSL 0:d92f9d21154c 4764 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 0:d92f9d21154c 4765 added += list->pubKeySize;
wolfSSL 0:d92f9d21154c 4766
wolfSSL 0:d92f9d21154c 4767 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 0:d92f9d21154c 4768 added += (int)sizeof(list->nameLen);
wolfSSL 0:d92f9d21154c 4769
wolfSSL 0:d92f9d21154c 4770 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 0:d92f9d21154c 4771 added += list->nameLen;
wolfSSL 0:d92f9d21154c 4772
wolfSSL 0:d92f9d21154c 4773 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 4774 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 4775
wolfSSL 0:d92f9d21154c 4776 #ifndef NO_SKID
wolfSSL 0:d92f9d21154c 4777 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 4778 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 4779 #endif
wolfSSL 0:d92f9d21154c 4780
wolfSSL 0:d92f9d21154c 4781 list = list->next;
wolfSSL 0:d92f9d21154c 4782 }
wolfSSL 0:d92f9d21154c 4783
wolfSSL 0:d92f9d21154c 4784 return added;
wolfSSL 0:d92f9d21154c 4785 }
wolfSSL 0:d92f9d21154c 4786
wolfSSL 0:d92f9d21154c 4787
wolfSSL 0:d92f9d21154c 4788 /* Persist cert cache to memory, have lock */
wolfSSL 0:d92f9d21154c 4789 static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz)
wolfSSL 0:d92f9d21154c 4790 {
wolfSSL 0:d92f9d21154c 4791 int realSz;
wolfSSL 0:d92f9d21154c 4792 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4793 int i;
wolfSSL 0:d92f9d21154c 4794
wolfSSL 0:d92f9d21154c 4795 WOLFSSL_ENTER("DoMemSaveCertCache");
wolfSSL 0:d92f9d21154c 4796
wolfSSL 0:d92f9d21154c 4797 realSz = GetCertCacheMemSize(cm);
wolfSSL 0:d92f9d21154c 4798 if (realSz > sz) {
wolfSSL 0:d92f9d21154c 4799 WOLFSSL_MSG("Mem output buffer too small");
wolfSSL 0:d92f9d21154c 4800 ret = BUFFER_E;
wolfSSL 0:d92f9d21154c 4801 }
wolfSSL 0:d92f9d21154c 4802 else {
wolfSSL 0:d92f9d21154c 4803 byte* current;
wolfSSL 0:d92f9d21154c 4804 CertCacheHeader hdr;
wolfSSL 0:d92f9d21154c 4805
wolfSSL 0:d92f9d21154c 4806 hdr.version = WOLFSSL_CACHE_CERT_VERSION;
wolfSSL 0:d92f9d21154c 4807 hdr.rows = CA_TABLE_SIZE;
wolfSSL 0:d92f9d21154c 4808 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 0:d92f9d21154c 4809 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 0:d92f9d21154c 4810
wolfSSL 0:d92f9d21154c 4811 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 0:d92f9d21154c 4812 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:d92f9d21154c 4813
wolfSSL 0:d92f9d21154c 4814 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 0:d92f9d21154c 4815 current += StoreCertRow(cm, current, i);
wolfSSL 0:d92f9d21154c 4816 }
wolfSSL 0:d92f9d21154c 4817
wolfSSL 0:d92f9d21154c 4818 return ret;
wolfSSL 0:d92f9d21154c 4819 }
wolfSSL 0:d92f9d21154c 4820
wolfSSL 0:d92f9d21154c 4821
wolfSSL 0:d92f9d21154c 4822 #if !defined(NO_FILESYSTEM)
wolfSSL 0:d92f9d21154c 4823
wolfSSL 0:d92f9d21154c 4824 /* Persist cert cache to file */
wolfSSL 0:d92f9d21154c 4825 int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:d92f9d21154c 4826 {
wolfSSL 0:d92f9d21154c 4827 XFILE file;
wolfSSL 0:d92f9d21154c 4828 int rc = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4829 int memSz;
wolfSSL 0:d92f9d21154c 4830 byte* mem;
wolfSSL 0:d92f9d21154c 4831
wolfSSL 0:d92f9d21154c 4832 WOLFSSL_ENTER("CM_SaveCertCache");
wolfSSL 0:d92f9d21154c 4833
wolfSSL 0:d92f9d21154c 4834 file = XFOPEN(fname, "w+b");
wolfSSL 0:d92f9d21154c 4835 if (file == XBADFILE) {
wolfSSL 0:d92f9d21154c 4836 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:d92f9d21154c 4837 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 4838 }
wolfSSL 0:d92f9d21154c 4839
wolfSSL 0:d92f9d21154c 4840 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:d92f9d21154c 4841 WOLFSSL_MSG("LockMutex on caLock failed");
wolfSSL 0:d92f9d21154c 4842 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4843 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4844 }
wolfSSL 0:d92f9d21154c 4845
wolfSSL 0:d92f9d21154c 4846 memSz = GetCertCacheMemSize(cm);
wolfSSL 0:d92f9d21154c 4847 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 4848 if (mem == NULL) {
wolfSSL 0:d92f9d21154c 4849 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:d92f9d21154c 4850 rc = MEMORY_E;
wolfSSL 0:d92f9d21154c 4851 } else {
wolfSSL 0:d92f9d21154c 4852 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 0:d92f9d21154c 4853 if (rc == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 4854 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 0:d92f9d21154c 4855 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4856 WOLFSSL_MSG("Cert cache file write failed");
wolfSSL 0:d92f9d21154c 4857 rc = FWRITE_ERROR;
wolfSSL 0:d92f9d21154c 4858 }
wolfSSL 0:d92f9d21154c 4859 }
wolfSSL 0:d92f9d21154c 4860 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 4861 }
wolfSSL 0:d92f9d21154c 4862
wolfSSL 0:d92f9d21154c 4863 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 4864 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4865
wolfSSL 0:d92f9d21154c 4866 return rc;
wolfSSL 0:d92f9d21154c 4867 }
wolfSSL 0:d92f9d21154c 4868
wolfSSL 0:d92f9d21154c 4869
wolfSSL 0:d92f9d21154c 4870 /* Restore cert cache from file */
wolfSSL 0:d92f9d21154c 4871 int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:d92f9d21154c 4872 {
wolfSSL 0:d92f9d21154c 4873 XFILE file;
wolfSSL 0:d92f9d21154c 4874 int rc = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4875 int ret;
wolfSSL 0:d92f9d21154c 4876 int memSz;
wolfSSL 0:d92f9d21154c 4877 byte* mem;
wolfSSL 0:d92f9d21154c 4878
wolfSSL 0:d92f9d21154c 4879 WOLFSSL_ENTER("CM_RestoreCertCache");
wolfSSL 0:d92f9d21154c 4880
wolfSSL 0:d92f9d21154c 4881 file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 4882 if (file == XBADFILE) {
wolfSSL 0:d92f9d21154c 4883 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:d92f9d21154c 4884 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 4885 }
wolfSSL 0:d92f9d21154c 4886
wolfSSL 0:d92f9d21154c 4887 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 4888 memSz = (int)XFTELL(file);
wolfSSL 0:d92f9d21154c 4889 XREWIND(file);
wolfSSL 0:d92f9d21154c 4890
wolfSSL 0:d92f9d21154c 4891 if (memSz <= 0) {
wolfSSL 0:d92f9d21154c 4892 WOLFSSL_MSG("Bad file size");
wolfSSL 0:d92f9d21154c 4893 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4894 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 4895 }
wolfSSL 0:d92f9d21154c 4896
wolfSSL 0:d92f9d21154c 4897 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 4898 if (mem == NULL) {
wolfSSL 0:d92f9d21154c 4899 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:d92f9d21154c 4900 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4901 return MEMORY_E;
wolfSSL 0:d92f9d21154c 4902 }
wolfSSL 0:d92f9d21154c 4903
wolfSSL 0:d92f9d21154c 4904 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 0:d92f9d21154c 4905 if (ret != 1) {
wolfSSL 0:d92f9d21154c 4906 WOLFSSL_MSG("Cert file read error");
wolfSSL 0:d92f9d21154c 4907 rc = FREAD_ERROR;
wolfSSL 0:d92f9d21154c 4908 } else {
wolfSSL 0:d92f9d21154c 4909 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 0:d92f9d21154c 4910 if (rc != SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 4911 WOLFSSL_MSG("Mem restore cert cache failed");
wolfSSL 0:d92f9d21154c 4912 }
wolfSSL 0:d92f9d21154c 4913 }
wolfSSL 0:d92f9d21154c 4914
wolfSSL 0:d92f9d21154c 4915 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 4916 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 4917
wolfSSL 0:d92f9d21154c 4918 return rc;
wolfSSL 0:d92f9d21154c 4919 }
wolfSSL 0:d92f9d21154c 4920
wolfSSL 0:d92f9d21154c 4921 #endif /* NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 4922
wolfSSL 0:d92f9d21154c 4923
wolfSSL 0:d92f9d21154c 4924 /* Persist cert cache to memory */
wolfSSL 0:d92f9d21154c 4925 int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 0:d92f9d21154c 4926 {
wolfSSL 0:d92f9d21154c 4927 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4928
wolfSSL 0:d92f9d21154c 4929 WOLFSSL_ENTER("CM_MemSaveCertCache");
wolfSSL 0:d92f9d21154c 4930
wolfSSL 0:d92f9d21154c 4931 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:d92f9d21154c 4932 WOLFSSL_MSG("LockMutex on caLock failed");
wolfSSL 0:d92f9d21154c 4933 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4934 }
wolfSSL 0:d92f9d21154c 4935
wolfSSL 0:d92f9d21154c 4936 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 0:d92f9d21154c 4937 if (ret == SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 4938 *used = GetCertCacheMemSize(cm);
wolfSSL 0:d92f9d21154c 4939
wolfSSL 0:d92f9d21154c 4940 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 4941
wolfSSL 0:d92f9d21154c 4942 return ret;
wolfSSL 0:d92f9d21154c 4943 }
wolfSSL 0:d92f9d21154c 4944
wolfSSL 0:d92f9d21154c 4945
wolfSSL 0:d92f9d21154c 4946 /* Restore cert cache from memory */
wolfSSL 0:d92f9d21154c 4947 int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 0:d92f9d21154c 4948 {
wolfSSL 0:d92f9d21154c 4949 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 4950 int i;
wolfSSL 0:d92f9d21154c 4951 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 0:d92f9d21154c 4952 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:d92f9d21154c 4953 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 0:d92f9d21154c 4954
wolfSSL 0:d92f9d21154c 4955 WOLFSSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 0:d92f9d21154c 4956
wolfSSL 0:d92f9d21154c 4957 if (current > end) {
wolfSSL 0:d92f9d21154c 4958 WOLFSSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 0:d92f9d21154c 4959 return BUFFER_E;
wolfSSL 0:d92f9d21154c 4960 }
wolfSSL 0:d92f9d21154c 4961
wolfSSL 0:d92f9d21154c 4962 if (hdr->version != WOLFSSL_CACHE_CERT_VERSION ||
wolfSSL 0:d92f9d21154c 4963 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 0:d92f9d21154c 4964 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 0:d92f9d21154c 4965
wolfSSL 0:d92f9d21154c 4966 WOLFSSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 0:d92f9d21154c 4967 return CACHE_MATCH_ERROR;
wolfSSL 0:d92f9d21154c 4968 }
wolfSSL 0:d92f9d21154c 4969
wolfSSL 0:d92f9d21154c 4970 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:d92f9d21154c 4971 WOLFSSL_MSG("LockMutex on caLock failed");
wolfSSL 0:d92f9d21154c 4972 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 4973 }
wolfSSL 0:d92f9d21154c 4974
wolfSSL 0:d92f9d21154c 4975 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 0:d92f9d21154c 4976
wolfSSL 0:d92f9d21154c 4977 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 0:d92f9d21154c 4978 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 0:d92f9d21154c 4979 if (added < 0) {
wolfSSL 0:d92f9d21154c 4980 WOLFSSL_MSG("RestoreCertRow error");
wolfSSL 0:d92f9d21154c 4981 ret = added;
wolfSSL 0:d92f9d21154c 4982 break;
wolfSSL 0:d92f9d21154c 4983 }
wolfSSL 0:d92f9d21154c 4984 current += added;
wolfSSL 0:d92f9d21154c 4985 }
wolfSSL 0:d92f9d21154c 4986
wolfSSL 0:d92f9d21154c 4987 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 4988
wolfSSL 0:d92f9d21154c 4989 return ret;
wolfSSL 0:d92f9d21154c 4990 }
wolfSSL 0:d92f9d21154c 4991
wolfSSL 0:d92f9d21154c 4992
wolfSSL 0:d92f9d21154c 4993 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:d92f9d21154c 4994 int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 0:d92f9d21154c 4995 {
wolfSSL 0:d92f9d21154c 4996 int sz;
wolfSSL 0:d92f9d21154c 4997
wolfSSL 0:d92f9d21154c 4998 WOLFSSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 0:d92f9d21154c 4999
wolfSSL 0:d92f9d21154c 5000 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:d92f9d21154c 5001 WOLFSSL_MSG("LockMutex on caLock failed");
wolfSSL 0:d92f9d21154c 5002 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 5003 }
wolfSSL 0:d92f9d21154c 5004
wolfSSL 0:d92f9d21154c 5005 sz = GetCertCacheMemSize(cm);
wolfSSL 0:d92f9d21154c 5006
wolfSSL 0:d92f9d21154c 5007 UnLockMutex(&cm->caLock);
wolfSSL 0:d92f9d21154c 5008
wolfSSL 0:d92f9d21154c 5009 return sz;
wolfSSL 0:d92f9d21154c 5010 }
wolfSSL 0:d92f9d21154c 5011
wolfSSL 0:d92f9d21154c 5012 #endif /* PERSIST_CERT_CACHE */
wolfSSL 0:d92f9d21154c 5013 #endif /* NO_CERTS */
wolfSSL 0:d92f9d21154c 5014
wolfSSL 0:d92f9d21154c 5015
wolfSSL 0:d92f9d21154c 5016 int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
wolfSSL 0:d92f9d21154c 5017 {
wolfSSL 0:d92f9d21154c 5018 WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list");
wolfSSL 0:d92f9d21154c 5019
wolfSSL 0:d92f9d21154c 5020 /* alloc/init on demand only */
wolfSSL 0:d92f9d21154c 5021 if (ctx->suites == NULL) {
wolfSSL 0:d92f9d21154c 5022 ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
wolfSSL 0:d92f9d21154c 5023 DYNAMIC_TYPE_SUITES);
wolfSSL 0:d92f9d21154c 5024 if (ctx->suites == NULL) {
wolfSSL 0:d92f9d21154c 5025 WOLFSSL_MSG("Memory alloc for Suites failed");
wolfSSL 0:d92f9d21154c 5026 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 5027 }
wolfSSL 0:d92f9d21154c 5028 XMEMSET(ctx->suites, 0, sizeof(Suites));
wolfSSL 0:d92f9d21154c 5029 }
wolfSSL 0:d92f9d21154c 5030
wolfSSL 0:d92f9d21154c 5031 return (SetCipherList(ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 0:d92f9d21154c 5032 }
wolfSSL 0:d92f9d21154c 5033
wolfSSL 0:d92f9d21154c 5034
wolfSSL 0:d92f9d21154c 5035 int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
wolfSSL 0:d92f9d21154c 5036 {
wolfSSL 0:d92f9d21154c 5037 WOLFSSL_ENTER("wolfSSL_set_cipher_list");
wolfSSL 0:d92f9d21154c 5038 return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 0:d92f9d21154c 5039 }
wolfSSL 0:d92f9d21154c 5040
wolfSSL 0:d92f9d21154c 5041
wolfSSL 0:d92f9d21154c 5042 #ifndef WOLFSSL_LEANPSK
wolfSSL 0:d92f9d21154c 5043 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5044
wolfSSL 0:d92f9d21154c 5045 int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 5046 {
wolfSSL 0:d92f9d21154c 5047 (void)ssl;
wolfSSL 0:d92f9d21154c 5048
wolfSSL 0:d92f9d21154c 5049 return ssl->dtls_timeout;
wolfSSL 0:d92f9d21154c 5050 }
wolfSSL 0:d92f9d21154c 5051
wolfSSL 0:d92f9d21154c 5052
wolfSSL 0:d92f9d21154c 5053 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 5054 int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
wolfSSL 0:d92f9d21154c 5055 {
wolfSSL 0:d92f9d21154c 5056 if (ssl == NULL || timeout < 0)
wolfSSL 0:d92f9d21154c 5057 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5058
wolfSSL 0:d92f9d21154c 5059 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 0:d92f9d21154c 5060 WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 0:d92f9d21154c 5061 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5062 }
wolfSSL 0:d92f9d21154c 5063
wolfSSL 0:d92f9d21154c 5064 ssl->dtls_timeout_init = timeout;
wolfSSL 0:d92f9d21154c 5065 ssl->dtls_timeout = timeout;
wolfSSL 0:d92f9d21154c 5066
wolfSSL 0:d92f9d21154c 5067 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5068 }
wolfSSL 0:d92f9d21154c 5069
wolfSSL 0:d92f9d21154c 5070
wolfSSL 0:d92f9d21154c 5071 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 5072 int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout)
wolfSSL 0:d92f9d21154c 5073 {
wolfSSL 0:d92f9d21154c 5074 if (ssl == NULL || timeout < 0)
wolfSSL 0:d92f9d21154c 5075 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5076
wolfSSL 0:d92f9d21154c 5077 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 0:d92f9d21154c 5078 WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 0:d92f9d21154c 5079 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5080 }
wolfSSL 0:d92f9d21154c 5081
wolfSSL 0:d92f9d21154c 5082 ssl->dtls_timeout_max = timeout;
wolfSSL 0:d92f9d21154c 5083
wolfSSL 0:d92f9d21154c 5084 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5085 }
wolfSSL 0:d92f9d21154c 5086
wolfSSL 0:d92f9d21154c 5087
wolfSSL 0:d92f9d21154c 5088 int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 5089 {
wolfSSL 0:d92f9d21154c 5090 int result = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5091
wolfSSL 0:d92f9d21154c 5092 DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL 0:d92f9d21154c 5093 ssl->dtls_msg_list = NULL;
wolfSSL 0:d92f9d21154c 5094 if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) {
wolfSSL 0:d92f9d21154c 5095 result = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5096 }
wolfSSL 0:d92f9d21154c 5097 return result;
wolfSSL 0:d92f9d21154c 5098 }
wolfSSL 0:d92f9d21154c 5099
wolfSSL 0:d92f9d21154c 5100 #endif /* DTLS */
wolfSSL 0:d92f9d21154c 5101 #endif /* LEANPSK */
wolfSSL 0:d92f9d21154c 5102
wolfSSL 0:d92f9d21154c 5103
wolfSSL 0:d92f9d21154c 5104 /* client only parts */
wolfSSL 0:d92f9d21154c 5105 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 5106
wolfSSL 0:d92f9d21154c 5107 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5108 WOLFSSL_METHOD* wolfSSLv3_client_method(void)
wolfSSL 0:d92f9d21154c 5109 {
wolfSSL 0:d92f9d21154c 5110 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5111 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 5112 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5113 WOLFSSL_ENTER("SSLv3_client_method");
wolfSSL 0:d92f9d21154c 5114 if (method)
wolfSSL 0:d92f9d21154c 5115 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:d92f9d21154c 5116 return method;
wolfSSL 0:d92f9d21154c 5117 }
wolfSSL 0:d92f9d21154c 5118 #endif
wolfSSL 0:d92f9d21154c 5119
wolfSSL 0:d92f9d21154c 5120 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5121
wolfSSL 0:d92f9d21154c 5122 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5123 WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
wolfSSL 0:d92f9d21154c 5124 {
wolfSSL 0:d92f9d21154c 5125 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5126 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 5127 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5128 WOLFSSL_ENTER("DTLSv1_client_method");
wolfSSL 0:d92f9d21154c 5129 if (method)
wolfSSL 0:d92f9d21154c 5130 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:d92f9d21154c 5131 return method;
wolfSSL 0:d92f9d21154c 5132 }
wolfSSL 0:d92f9d21154c 5133 #endif /* NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 5134
wolfSSL 0:d92f9d21154c 5135 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
wolfSSL 0:d92f9d21154c 5136 {
wolfSSL 0:d92f9d21154c 5137 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5138 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 5139 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5140 WOLFSSL_ENTER("DTLSv1_2_client_method");
wolfSSL 0:d92f9d21154c 5141 if (method)
wolfSSL 0:d92f9d21154c 5142 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:d92f9d21154c 5143 return method;
wolfSSL 0:d92f9d21154c 5144 }
wolfSSL 0:d92f9d21154c 5145 #endif
wolfSSL 0:d92f9d21154c 5146
wolfSSL 0:d92f9d21154c 5147
wolfSSL 0:d92f9d21154c 5148 /* please see note at top of README if you get an error from connect */
wolfSSL 0:d92f9d21154c 5149 int wolfSSL_connect(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 5150 {
wolfSSL 0:d92f9d21154c 5151 int neededState;
wolfSSL 0:d92f9d21154c 5152
wolfSSL 0:d92f9d21154c 5153 WOLFSSL_ENTER("SSL_connect()");
wolfSSL 0:d92f9d21154c 5154
wolfSSL 0:d92f9d21154c 5155 #ifdef HAVE_ERRNO_H
wolfSSL 0:d92f9d21154c 5156 errno = 0;
wolfSSL 0:d92f9d21154c 5157 #endif
wolfSSL 0:d92f9d21154c 5158
wolfSSL 0:d92f9d21154c 5159 if (ssl->options.side != WOLFSSL_CLIENT_END) {
wolfSSL 0:d92f9d21154c 5160 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:d92f9d21154c 5161 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5162 }
wolfSSL 0:d92f9d21154c 5163
wolfSSL 0:d92f9d21154c 5164 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5165 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:d92f9d21154c 5166 ssl->options.dtls = 1;
wolfSSL 0:d92f9d21154c 5167 ssl->options.tls = 1;
wolfSSL 0:d92f9d21154c 5168 ssl->options.tls1_1 = 1;
wolfSSL 0:d92f9d21154c 5169
wolfSSL 0:d92f9d21154c 5170 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:d92f9d21154c 5171 ssl->error = MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 5172 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5173 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5174 }
wolfSSL 0:d92f9d21154c 5175 }
wolfSSL 0:d92f9d21154c 5176 #endif
wolfSSL 0:d92f9d21154c 5177
wolfSSL 0:d92f9d21154c 5178 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:d92f9d21154c 5179 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:d92f9d21154c 5180 ssl->options.connectState++;
wolfSSL 0:d92f9d21154c 5181 WOLFSSL_MSG("connect state: Advanced from buffered send");
wolfSSL 0:d92f9d21154c 5182 }
wolfSSL 0:d92f9d21154c 5183 else {
wolfSSL 0:d92f9d21154c 5184 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5185 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5186 }
wolfSSL 0:d92f9d21154c 5187 }
wolfSSL 0:d92f9d21154c 5188
wolfSSL 0:d92f9d21154c 5189 switch (ssl->options.connectState) {
wolfSSL 0:d92f9d21154c 5190
wolfSSL 0:d92f9d21154c 5191 case CONNECT_BEGIN :
wolfSSL 0:d92f9d21154c 5192 /* always send client hello first */
wolfSSL 0:d92f9d21154c 5193 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5194 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5195 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5196 }
wolfSSL 0:d92f9d21154c 5197 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 0:d92f9d21154c 5198 WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 0:d92f9d21154c 5199
wolfSSL 0:d92f9d21154c 5200 case CLIENT_HELLO_SENT :
wolfSSL 0:d92f9d21154c 5201 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 0:d92f9d21154c 5202 SERVER_HELLODONE_COMPLETE;
wolfSSL 0:d92f9d21154c 5203 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5204 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 0:d92f9d21154c 5205 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 0:d92f9d21154c 5206 * we need the cookie exchange first. */
wolfSSL 0:d92f9d21154c 5207 if (ssl->options.dtls)
wolfSSL 0:d92f9d21154c 5208 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:d92f9d21154c 5209 #endif
wolfSSL 0:d92f9d21154c 5210 /* get response */
wolfSSL 0:d92f9d21154c 5211 while (ssl->options.serverState < neededState) {
wolfSSL 0:d92f9d21154c 5212 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5213 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5214 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5215 }
wolfSSL 0:d92f9d21154c 5216 /* if resumption failed, reset needed state */
wolfSSL 0:d92f9d21154c 5217 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:d92f9d21154c 5218 if (!ssl->options.resuming) {
wolfSSL 0:d92f9d21154c 5219 if (!ssl->options.dtls)
wolfSSL 0:d92f9d21154c 5220 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:d92f9d21154c 5221 else
wolfSSL 0:d92f9d21154c 5222 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:d92f9d21154c 5223 }
wolfSSL 0:d92f9d21154c 5224 }
wolfSSL 0:d92f9d21154c 5225
wolfSSL 0:d92f9d21154c 5226 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 0:d92f9d21154c 5227 WOLFSSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 0:d92f9d21154c 5228
wolfSSL 0:d92f9d21154c 5229 case HELLO_AGAIN :
wolfSSL 0:d92f9d21154c 5230 if (ssl->options.certOnly)
wolfSSL 0:d92f9d21154c 5231 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5232
wolfSSL 0:d92f9d21154c 5233 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5234 if (ssl->options.dtls) {
wolfSSL 0:d92f9d21154c 5235 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:d92f9d21154c 5236 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5237 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 0:d92f9d21154c 5238 if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
wolfSSL 0:d92f9d21154c 5239 != 0) {
wolfSSL 0:d92f9d21154c 5240 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5241 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5242 }
wolfSSL 0:d92f9d21154c 5243 #endif
wolfSSL 0:d92f9d21154c 5244 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:d92f9d21154c 5245 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 5246 if ( (ssl->error = wc_InitSha256(
wolfSSL 0:d92f9d21154c 5247 &ssl->hsHashes->hashSha256)) != 0) {
wolfSSL 0:d92f9d21154c 5248 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5249 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5250 }
wolfSSL 0:d92f9d21154c 5251 #endif
wolfSSL 0:d92f9d21154c 5252 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 5253 if ( (ssl->error = wc_InitSha384(
wolfSSL 0:d92f9d21154c 5254 &ssl->hsHashes->hashSha384)) != 0) {
wolfSSL 0:d92f9d21154c 5255 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5256 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5257 }
wolfSSL 0:d92f9d21154c 5258 #endif
wolfSSL 0:d92f9d21154c 5259 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 5260 if ( (ssl->error = wc_InitSha512(
wolfSSL 0:d92f9d21154c 5261 &ssl->hsHashes->hashSha512)) != 0) {
wolfSSL 0:d92f9d21154c 5262 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5263 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5264 }
wolfSSL 0:d92f9d21154c 5265 #endif
wolfSSL 0:d92f9d21154c 5266 }
wolfSSL 0:d92f9d21154c 5267 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5268 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5269 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5270 }
wolfSSL 0:d92f9d21154c 5271 }
wolfSSL 0:d92f9d21154c 5272 #endif
wolfSSL 0:d92f9d21154c 5273
wolfSSL 0:d92f9d21154c 5274 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 0:d92f9d21154c 5275 WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 0:d92f9d21154c 5276
wolfSSL 0:d92f9d21154c 5277 case HELLO_AGAIN_REPLY :
wolfSSL 0:d92f9d21154c 5278 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5279 if (ssl->options.dtls) {
wolfSSL 0:d92f9d21154c 5280 neededState = ssl->options.resuming ?
wolfSSL 0:d92f9d21154c 5281 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 0:d92f9d21154c 5282
wolfSSL 0:d92f9d21154c 5283 /* get response */
wolfSSL 0:d92f9d21154c 5284 while (ssl->options.serverState < neededState) {
wolfSSL 0:d92f9d21154c 5285 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5286 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5287 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5288 }
wolfSSL 0:d92f9d21154c 5289 /* if resumption failed, reset needed state */
wolfSSL 0:d92f9d21154c 5290 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:d92f9d21154c 5291 if (!ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5292 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:d92f9d21154c 5293 }
wolfSSL 0:d92f9d21154c 5294 }
wolfSSL 0:d92f9d21154c 5295 #endif
wolfSSL 0:d92f9d21154c 5296
wolfSSL 0:d92f9d21154c 5297 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 0:d92f9d21154c 5298 WOLFSSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 0:d92f9d21154c 5299
wolfSSL 0:d92f9d21154c 5300 case FIRST_REPLY_DONE :
wolfSSL 0:d92f9d21154c 5301 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 5302 if (ssl->options.sendVerify) {
wolfSSL 0:d92f9d21154c 5303 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5304 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5305 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5306 }
wolfSSL 0:d92f9d21154c 5307 WOLFSSL_MSG("sent: certificate");
wolfSSL 0:d92f9d21154c 5308 }
wolfSSL 0:d92f9d21154c 5309
wolfSSL 0:d92f9d21154c 5310 #endif
wolfSSL 0:d92f9d21154c 5311 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 0:d92f9d21154c 5312 WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 0:d92f9d21154c 5313
wolfSSL 0:d92f9d21154c 5314 case FIRST_REPLY_FIRST :
wolfSSL 0:d92f9d21154c 5315 if (!ssl->options.resuming) {
wolfSSL 0:d92f9d21154c 5316 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5317 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5318 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5319 }
wolfSSL 0:d92f9d21154c 5320 WOLFSSL_MSG("sent: client key exchange");
wolfSSL 0:d92f9d21154c 5321 }
wolfSSL 0:d92f9d21154c 5322
wolfSSL 0:d92f9d21154c 5323 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 0:d92f9d21154c 5324 WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 0:d92f9d21154c 5325
wolfSSL 0:d92f9d21154c 5326 case FIRST_REPLY_SECOND :
wolfSSL 0:d92f9d21154c 5327 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 5328 if (ssl->options.sendVerify) {
wolfSSL 0:d92f9d21154c 5329 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5330 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5331 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5332 }
wolfSSL 0:d92f9d21154c 5333 WOLFSSL_MSG("sent: certificate verify");
wolfSSL 0:d92f9d21154c 5334 }
wolfSSL 0:d92f9d21154c 5335 #endif
wolfSSL 0:d92f9d21154c 5336 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 0:d92f9d21154c 5337 WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 0:d92f9d21154c 5338
wolfSSL 0:d92f9d21154c 5339 case FIRST_REPLY_THIRD :
wolfSSL 0:d92f9d21154c 5340 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5341 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5342 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5343 }
wolfSSL 0:d92f9d21154c 5344 WOLFSSL_MSG("sent: change cipher spec");
wolfSSL 0:d92f9d21154c 5345 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 0:d92f9d21154c 5346 WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 0:d92f9d21154c 5347
wolfSSL 0:d92f9d21154c 5348 case FIRST_REPLY_FOURTH :
wolfSSL 0:d92f9d21154c 5349 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5350 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5351 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5352 }
wolfSSL 0:d92f9d21154c 5353 WOLFSSL_MSG("sent: finished");
wolfSSL 0:d92f9d21154c 5354 ssl->options.connectState = FINISHED_DONE;
wolfSSL 0:d92f9d21154c 5355 WOLFSSL_MSG("connect state: FINISHED_DONE");
wolfSSL 0:d92f9d21154c 5356
wolfSSL 0:d92f9d21154c 5357 case FINISHED_DONE :
wolfSSL 0:d92f9d21154c 5358 /* get response */
wolfSSL 0:d92f9d21154c 5359 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 0:d92f9d21154c 5360 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5361 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5362 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5363 }
wolfSSL 0:d92f9d21154c 5364
wolfSSL 0:d92f9d21154c 5365 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 0:d92f9d21154c 5366 WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 0:d92f9d21154c 5367
wolfSSL 0:d92f9d21154c 5368 case SECOND_REPLY_DONE:
wolfSSL 0:d92f9d21154c 5369 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 0:d92f9d21154c 5370 if (ssl->hsDoneCb) {
wolfSSL 0:d92f9d21154c 5371 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 0:d92f9d21154c 5372 if (cbret < 0) {
wolfSSL 0:d92f9d21154c 5373 ssl->error = cbret;
wolfSSL 0:d92f9d21154c 5374 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 0:d92f9d21154c 5375 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5376 }
wolfSSL 0:d92f9d21154c 5377 }
wolfSSL 0:d92f9d21154c 5378 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 0:d92f9d21154c 5379 FreeHandshakeResources(ssl);
wolfSSL 0:d92f9d21154c 5380 WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL 0:d92f9d21154c 5381 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5382
wolfSSL 0:d92f9d21154c 5383 default:
wolfSSL 0:d92f9d21154c 5384 WOLFSSL_MSG("Unknown connect state ERROR");
wolfSSL 0:d92f9d21154c 5385 return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 0:d92f9d21154c 5386 }
wolfSSL 0:d92f9d21154c 5387 }
wolfSSL 0:d92f9d21154c 5388
wolfSSL 0:d92f9d21154c 5389 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 0:d92f9d21154c 5390
wolfSSL 0:d92f9d21154c 5391
wolfSSL 0:d92f9d21154c 5392 /* server only parts */
wolfSSL 0:d92f9d21154c 5393 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 5394
wolfSSL 0:d92f9d21154c 5395 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5396 WOLFSSL_METHOD* wolfSSLv3_server_method(void)
wolfSSL 0:d92f9d21154c 5397 {
wolfSSL 0:d92f9d21154c 5398 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5399 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
wolfSSL 0:d92f9d21154c 5400 DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5401 WOLFSSL_ENTER("SSLv3_server_method");
wolfSSL 0:d92f9d21154c 5402 if (method) {
wolfSSL 0:d92f9d21154c 5403 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:d92f9d21154c 5404 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 5405 }
wolfSSL 0:d92f9d21154c 5406 return method;
wolfSSL 0:d92f9d21154c 5407 }
wolfSSL 0:d92f9d21154c 5408 #endif
wolfSSL 0:d92f9d21154c 5409
wolfSSL 0:d92f9d21154c 5410
wolfSSL 0:d92f9d21154c 5411 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5412
wolfSSL 0:d92f9d21154c 5413 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5414 WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
wolfSSL 0:d92f9d21154c 5415 {
wolfSSL 0:d92f9d21154c 5416 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5417 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 0:d92f9d21154c 5418 0, DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5419 WOLFSSL_ENTER("DTLSv1_server_method");
wolfSSL 0:d92f9d21154c 5420 if (method) {
wolfSSL 0:d92f9d21154c 5421 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:d92f9d21154c 5422 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 5423 }
wolfSSL 0:d92f9d21154c 5424 return method;
wolfSSL 0:d92f9d21154c 5425 }
wolfSSL 0:d92f9d21154c 5426 #endif /* NO_OLD_TLS */
wolfSSL 0:d92f9d21154c 5427
wolfSSL 0:d92f9d21154c 5428 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
wolfSSL 0:d92f9d21154c 5429 {
wolfSSL 0:d92f9d21154c 5430 WOLFSSL_METHOD* method =
wolfSSL 0:d92f9d21154c 5431 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 0:d92f9d21154c 5432 0, DYNAMIC_TYPE_METHOD);
wolfSSL 0:d92f9d21154c 5433 WOLFSSL_ENTER("DTLSv1_2_server_method");
wolfSSL 0:d92f9d21154c 5434 if (method) {
wolfSSL 0:d92f9d21154c 5435 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:d92f9d21154c 5436 method->side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 5437 }
wolfSSL 0:d92f9d21154c 5438 return method;
wolfSSL 0:d92f9d21154c 5439 }
wolfSSL 0:d92f9d21154c 5440 #endif
wolfSSL 0:d92f9d21154c 5441
wolfSSL 0:d92f9d21154c 5442
wolfSSL 0:d92f9d21154c 5443 int wolfSSL_accept(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 5444 {
wolfSSL 0:d92f9d21154c 5445 byte havePSK = 0;
wolfSSL 0:d92f9d21154c 5446 byte haveAnon = 0;
wolfSSL 0:d92f9d21154c 5447 WOLFSSL_ENTER("SSL_accept()");
wolfSSL 0:d92f9d21154c 5448
wolfSSL 0:d92f9d21154c 5449 #ifdef HAVE_ERRNO_H
wolfSSL 0:d92f9d21154c 5450 errno = 0;
wolfSSL 0:d92f9d21154c 5451 #endif
wolfSSL 0:d92f9d21154c 5452
wolfSSL 0:d92f9d21154c 5453 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 5454 havePSK = ssl->options.havePSK;
wolfSSL 0:d92f9d21154c 5455 #endif
wolfSSL 0:d92f9d21154c 5456 (void)havePSK;
wolfSSL 0:d92f9d21154c 5457
wolfSSL 0:d92f9d21154c 5458 #ifdef HAVE_ANON
wolfSSL 0:d92f9d21154c 5459 haveAnon = ssl->options.haveAnon;
wolfSSL 0:d92f9d21154c 5460 #endif
wolfSSL 0:d92f9d21154c 5461 (void)haveAnon;
wolfSSL 0:d92f9d21154c 5462
wolfSSL 0:d92f9d21154c 5463 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 0:d92f9d21154c 5464 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:d92f9d21154c 5465 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5466 }
wolfSSL 0:d92f9d21154c 5467
wolfSSL 0:d92f9d21154c 5468 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 5469 /* in case used set_accept_state after init */
wolfSSL 0:d92f9d21154c 5470 if (!havePSK && !haveAnon &&
wolfSSL 0:d92f9d21154c 5471 (ssl->buffers.certificate.buffer == NULL ||
wolfSSL 0:d92f9d21154c 5472 ssl->buffers.key.buffer == NULL)) {
wolfSSL 0:d92f9d21154c 5473 WOLFSSL_MSG("accept error: don't have server cert and key");
wolfSSL 0:d92f9d21154c 5474 ssl->error = NO_PRIVATE_KEY;
wolfSSL 0:d92f9d21154c 5475 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5476 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5477 }
wolfSSL 0:d92f9d21154c 5478 #endif
wolfSSL 0:d92f9d21154c 5479
wolfSSL 0:d92f9d21154c 5480 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5481 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:d92f9d21154c 5482 ssl->options.dtls = 1;
wolfSSL 0:d92f9d21154c 5483 ssl->options.tls = 1;
wolfSSL 0:d92f9d21154c 5484 ssl->options.tls1_1 = 1;
wolfSSL 0:d92f9d21154c 5485
wolfSSL 0:d92f9d21154c 5486 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:d92f9d21154c 5487 ssl->error = MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 5488 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5489 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5490 }
wolfSSL 0:d92f9d21154c 5491 }
wolfSSL 0:d92f9d21154c 5492 #endif
wolfSSL 0:d92f9d21154c 5493
wolfSSL 0:d92f9d21154c 5494 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:d92f9d21154c 5495 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:d92f9d21154c 5496 ssl->options.acceptState++;
wolfSSL 0:d92f9d21154c 5497 WOLFSSL_MSG("accept state: Advanced from buffered send");
wolfSSL 0:d92f9d21154c 5498 }
wolfSSL 0:d92f9d21154c 5499 else {
wolfSSL 0:d92f9d21154c 5500 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5501 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5502 }
wolfSSL 0:d92f9d21154c 5503 }
wolfSSL 0:d92f9d21154c 5504
wolfSSL 0:d92f9d21154c 5505 switch (ssl->options.acceptState) {
wolfSSL 0:d92f9d21154c 5506
wolfSSL 0:d92f9d21154c 5507 case ACCEPT_BEGIN :
wolfSSL 0:d92f9d21154c 5508 /* get response */
wolfSSL 0:d92f9d21154c 5509 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:d92f9d21154c 5510 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5511 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5512 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5513 }
wolfSSL 0:d92f9d21154c 5514 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 0:d92f9d21154c 5515 WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 0:d92f9d21154c 5516
wolfSSL 0:d92f9d21154c 5517 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 0:d92f9d21154c 5518 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5519 if (ssl->options.dtls)
wolfSSL 0:d92f9d21154c 5520 if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5521 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5522 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5523 }
wolfSSL 0:d92f9d21154c 5524 #endif
wolfSSL 0:d92f9d21154c 5525 ssl->options.acceptState = HELLO_VERIFY_SENT;
wolfSSL 0:d92f9d21154c 5526 WOLFSSL_MSG("accept state HELLO_VERIFY_SENT");
wolfSSL 0:d92f9d21154c 5527
wolfSSL 0:d92f9d21154c 5528 case HELLO_VERIFY_SENT:
wolfSSL 0:d92f9d21154c 5529 #ifdef WOLFSSL_DTLS
wolfSSL 0:d92f9d21154c 5530 if (ssl->options.dtls) {
wolfSSL 0:d92f9d21154c 5531 ssl->options.clientState = NULL_STATE; /* get again */
wolfSSL 0:d92f9d21154c 5532 /* reset messages received */
wolfSSL 0:d92f9d21154c 5533 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 0:d92f9d21154c 5534 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:d92f9d21154c 5535 #ifndef NO_OLD_TLS
wolfSSL 0:d92f9d21154c 5536 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 0:d92f9d21154c 5537 if ( (ssl->error = wc_InitSha(&ssl->hsHashes->hashSha))
wolfSSL 0:d92f9d21154c 5538 != 0) {
wolfSSL 0:d92f9d21154c 5539 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5540 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5541 }
wolfSSL 0:d92f9d21154c 5542 #endif
wolfSSL 0:d92f9d21154c 5543 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:d92f9d21154c 5544 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 5545 if ( (ssl->error = wc_InitSha256(
wolfSSL 0:d92f9d21154c 5546 &ssl->hsHashes->hashSha256)) != 0) {
wolfSSL 0:d92f9d21154c 5547 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5548 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5549 }
wolfSSL 0:d92f9d21154c 5550 #endif
wolfSSL 0:d92f9d21154c 5551 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 5552 if ( (ssl->error = wc_InitSha384(
wolfSSL 0:d92f9d21154c 5553 &ssl->hsHashes->hashSha384)) != 0) {
wolfSSL 0:d92f9d21154c 5554 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5555 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5556 }
wolfSSL 0:d92f9d21154c 5557 #endif
wolfSSL 0:d92f9d21154c 5558 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 5559 if ( (ssl->error = wc_InitSha512(
wolfSSL 0:d92f9d21154c 5560 &ssl->hsHashes->hashSha512)) != 0) {
wolfSSL 0:d92f9d21154c 5561 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5562 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5563 }
wolfSSL 0:d92f9d21154c 5564 #endif
wolfSSL 0:d92f9d21154c 5565 }
wolfSSL 0:d92f9d21154c 5566
wolfSSL 0:d92f9d21154c 5567 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:d92f9d21154c 5568 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5569 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5570 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5571 }
wolfSSL 0:d92f9d21154c 5572 }
wolfSSL 0:d92f9d21154c 5573 #endif
wolfSSL 0:d92f9d21154c 5574 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 0:d92f9d21154c 5575 WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 0:d92f9d21154c 5576
wolfSSL 0:d92f9d21154c 5577 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 0:d92f9d21154c 5578 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5579 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5580 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5581 }
wolfSSL 0:d92f9d21154c 5582 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 0:d92f9d21154c 5583 WOLFSSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 0:d92f9d21154c 5584
wolfSSL 0:d92f9d21154c 5585 case SERVER_HELLO_SENT :
wolfSSL 0:d92f9d21154c 5586 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 5587 if (!ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5588 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5589 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5590 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5591 }
wolfSSL 0:d92f9d21154c 5592 #endif
wolfSSL 0:d92f9d21154c 5593 ssl->options.acceptState = CERT_SENT;
wolfSSL 0:d92f9d21154c 5594 WOLFSSL_MSG("accept state CERT_SENT");
wolfSSL 0:d92f9d21154c 5595
wolfSSL 0:d92f9d21154c 5596 case CERT_SENT :
wolfSSL 0:d92f9d21154c 5597 if (!ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5598 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5599 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5600 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5601 }
wolfSSL 0:d92f9d21154c 5602 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 0:d92f9d21154c 5603 WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 0:d92f9d21154c 5604
wolfSSL 0:d92f9d21154c 5605 case KEY_EXCHANGE_SENT :
wolfSSL 0:d92f9d21154c 5606 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 5607 if (!ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5608 if (ssl->options.verifyPeer)
wolfSSL 0:d92f9d21154c 5609 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5610 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5611 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5612 }
wolfSSL 0:d92f9d21154c 5613 #endif
wolfSSL 0:d92f9d21154c 5614 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 0:d92f9d21154c 5615 WOLFSSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 0:d92f9d21154c 5616
wolfSSL 0:d92f9d21154c 5617 case CERT_REQ_SENT :
wolfSSL 0:d92f9d21154c 5618 if (!ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5619 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5620 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5621 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5622 }
wolfSSL 0:d92f9d21154c 5623 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 0:d92f9d21154c 5624 WOLFSSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 0:d92f9d21154c 5625
wolfSSL 0:d92f9d21154c 5626 case SERVER_HELLO_DONE :
wolfSSL 0:d92f9d21154c 5627 if (!ssl->options.resuming) {
wolfSSL 0:d92f9d21154c 5628 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:d92f9d21154c 5629 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5630 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5631 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5632 }
wolfSSL 0:d92f9d21154c 5633 }
wolfSSL 0:d92f9d21154c 5634 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 0:d92f9d21154c 5635 WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 0:d92f9d21154c 5636
wolfSSL 0:d92f9d21154c 5637 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 0:d92f9d21154c 5638 #ifdef HAVE_SESSION_TICKET
wolfSSL 0:d92f9d21154c 5639 if (ssl->options.createTicket) {
wolfSSL 0:d92f9d21154c 5640 if ( (ssl->error = SendTicket(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5641 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5642 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5643 }
wolfSSL 0:d92f9d21154c 5644 }
wolfSSL 0:d92f9d21154c 5645 #endif /* HAVE_SESSION_TICKET */
wolfSSL 0:d92f9d21154c 5646 ssl->options.acceptState = TICKET_SENT;
wolfSSL 0:d92f9d21154c 5647 WOLFSSL_MSG("accept state TICKET_SENT");
wolfSSL 0:d92f9d21154c 5648
wolfSSL 0:d92f9d21154c 5649 case TICKET_SENT:
wolfSSL 0:d92f9d21154c 5650 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5651 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5652 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5653 }
wolfSSL 0:d92f9d21154c 5654 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 0:d92f9d21154c 5655 WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 0:d92f9d21154c 5656
wolfSSL 0:d92f9d21154c 5657 case CHANGE_CIPHER_SENT :
wolfSSL 0:d92f9d21154c 5658 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:d92f9d21154c 5659 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5660 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5661 }
wolfSSL 0:d92f9d21154c 5662
wolfSSL 0:d92f9d21154c 5663 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 0:d92f9d21154c 5664 WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 0:d92f9d21154c 5665
wolfSSL 0:d92f9d21154c 5666 case ACCEPT_FINISHED_DONE :
wolfSSL 0:d92f9d21154c 5667 if (ssl->options.resuming)
wolfSSL 0:d92f9d21154c 5668 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:d92f9d21154c 5669 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:d92f9d21154c 5670 WOLFSSL_ERROR(ssl->error);
wolfSSL 0:d92f9d21154c 5671 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5672 }
wolfSSL 0:d92f9d21154c 5673
wolfSSL 0:d92f9d21154c 5674 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 0:d92f9d21154c 5675 WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 0:d92f9d21154c 5676
wolfSSL 0:d92f9d21154c 5677 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 0:d92f9d21154c 5678 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 0:d92f9d21154c 5679 if (ssl->hsDoneCb) {
wolfSSL 0:d92f9d21154c 5680 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 0:d92f9d21154c 5681 if (cbret < 0) {
wolfSSL 0:d92f9d21154c 5682 ssl->error = cbret;
wolfSSL 0:d92f9d21154c 5683 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 0:d92f9d21154c 5684 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5685 }
wolfSSL 0:d92f9d21154c 5686 }
wolfSSL 0:d92f9d21154c 5687 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 0:d92f9d21154c 5688 FreeHandshakeResources(ssl);
wolfSSL 0:d92f9d21154c 5689 WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL 0:d92f9d21154c 5690 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5691
wolfSSL 0:d92f9d21154c 5692 default :
wolfSSL 0:d92f9d21154c 5693 WOLFSSL_MSG("Unknown accept state ERROR");
wolfSSL 0:d92f9d21154c 5694 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 5695 }
wolfSSL 0:d92f9d21154c 5696 }
wolfSSL 0:d92f9d21154c 5697
wolfSSL 0:d92f9d21154c 5698 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 0:d92f9d21154c 5699
wolfSSL 0:d92f9d21154c 5700
wolfSSL 0:d92f9d21154c 5701 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 0:d92f9d21154c 5702
wolfSSL 0:d92f9d21154c 5703 int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
wolfSSL 0:d92f9d21154c 5704 {
wolfSSL 0:d92f9d21154c 5705 WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
wolfSSL 0:d92f9d21154c 5706
wolfSSL 0:d92f9d21154c 5707 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 5708 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5709
wolfSSL 0:d92f9d21154c 5710 ssl->hsDoneCb = cb;
wolfSSL 0:d92f9d21154c 5711 ssl->hsDoneCtx = user_ctx;
wolfSSL 0:d92f9d21154c 5712
wolfSSL 0:d92f9d21154c 5713
wolfSSL 0:d92f9d21154c 5714 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5715 }
wolfSSL 0:d92f9d21154c 5716
wolfSSL 0:d92f9d21154c 5717 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 0:d92f9d21154c 5718
wolfSSL 0:d92f9d21154c 5719
wolfSSL 0:d92f9d21154c 5720 int wolfSSL_Cleanup(void)
wolfSSL 0:d92f9d21154c 5721 {
wolfSSL 0:d92f9d21154c 5722 int ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5723 int release = 0;
wolfSSL 0:d92f9d21154c 5724
wolfSSL 0:d92f9d21154c 5725 WOLFSSL_ENTER("wolfSSL_Cleanup");
wolfSSL 0:d92f9d21154c 5726
wolfSSL 0:d92f9d21154c 5727 if (initRefCount == 0)
wolfSSL 0:d92f9d21154c 5728 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 0:d92f9d21154c 5729
wolfSSL 0:d92f9d21154c 5730 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:d92f9d21154c 5731 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 0:d92f9d21154c 5732 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 5733 }
wolfSSL 0:d92f9d21154c 5734
wolfSSL 0:d92f9d21154c 5735 release = initRefCount-- == 1;
wolfSSL 0:d92f9d21154c 5736 if (initRefCount < 0)
wolfSSL 0:d92f9d21154c 5737 initRefCount = 0;
wolfSSL 0:d92f9d21154c 5738
wolfSSL 0:d92f9d21154c 5739 UnLockMutex(&count_mutex);
wolfSSL 0:d92f9d21154c 5740
wolfSSL 0:d92f9d21154c 5741 if (!release)
wolfSSL 0:d92f9d21154c 5742 return ret;
wolfSSL 0:d92f9d21154c 5743
wolfSSL 0:d92f9d21154c 5744 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 5745 if (FreeMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 5746 ret = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 5747 #endif
wolfSSL 0:d92f9d21154c 5748 if (FreeMutex(&count_mutex) != 0)
wolfSSL 0:d92f9d21154c 5749 ret = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 5750
wolfSSL 0:d92f9d21154c 5751 #if defined(HAVE_ECC) && defined(FP_ECC)
wolfSSL 0:d92f9d21154c 5752 wc_ecc_fp_free();
wolfSSL 0:d92f9d21154c 5753 #endif
wolfSSL 0:d92f9d21154c 5754
wolfSSL 0:d92f9d21154c 5755 return ret;
wolfSSL 0:d92f9d21154c 5756 }
wolfSSL 0:d92f9d21154c 5757
wolfSSL 0:d92f9d21154c 5758
wolfSSL 0:d92f9d21154c 5759 #ifndef NO_SESSION_CACHE
wolfSSL 0:d92f9d21154c 5760
wolfSSL 0:d92f9d21154c 5761
wolfSSL 0:d92f9d21154c 5762 /* some session IDs aren't random afterall, let's make them random */
wolfSSL 0:d92f9d21154c 5763 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:d92f9d21154c 5764 {
wolfSSL 0:d92f9d21154c 5765 byte digest[MAX_DIGEST_SIZE];
wolfSSL 0:d92f9d21154c 5766
wolfSSL 0:d92f9d21154c 5767 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 5768 *error = wc_Md5Hash(sessionID, len, digest);
wolfSSL 0:d92f9d21154c 5769 #elif !defined(NO_SHA)
wolfSSL 0:d92f9d21154c 5770 *error = wc_ShaHash(sessionID, len, digest);
wolfSSL 0:d92f9d21154c 5771 #elif !defined(NO_SHA256)
wolfSSL 0:d92f9d21154c 5772 *error = wc_Sha256Hash(sessionID, len, digest);
wolfSSL 0:d92f9d21154c 5773 #else
wolfSSL 0:d92f9d21154c 5774 #error "We need a digest to hash the session IDs"
wolfSSL 0:d92f9d21154c 5775 #endif
wolfSSL 0:d92f9d21154c 5776
wolfSSL 0:d92f9d21154c 5777 return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
wolfSSL 0:d92f9d21154c 5778 }
wolfSSL 0:d92f9d21154c 5779
wolfSSL 0:d92f9d21154c 5780
wolfSSL 0:d92f9d21154c 5781 void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
wolfSSL 0:d92f9d21154c 5782 {
wolfSSL 0:d92f9d21154c 5783 /* static table now, no flusing needed */
wolfSSL 0:d92f9d21154c 5784 (void)ctx;
wolfSSL 0:d92f9d21154c 5785 (void)tm;
wolfSSL 0:d92f9d21154c 5786 }
wolfSSL 0:d92f9d21154c 5787
wolfSSL 0:d92f9d21154c 5788
wolfSSL 0:d92f9d21154c 5789 /* set ssl session timeout in seconds */
wolfSSL 0:d92f9d21154c 5790 int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
wolfSSL 0:d92f9d21154c 5791 {
wolfSSL 0:d92f9d21154c 5792 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 5793 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5794
wolfSSL 0:d92f9d21154c 5795 ssl->timeout = to;
wolfSSL 0:d92f9d21154c 5796
wolfSSL 0:d92f9d21154c 5797 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5798 }
wolfSSL 0:d92f9d21154c 5799
wolfSSL 0:d92f9d21154c 5800
wolfSSL 0:d92f9d21154c 5801 /* set ctx session timeout in seconds */
wolfSSL 0:d92f9d21154c 5802 int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
wolfSSL 0:d92f9d21154c 5803 {
wolfSSL 0:d92f9d21154c 5804 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 5805 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 5806
wolfSSL 0:d92f9d21154c 5807 ctx->timeout = to;
wolfSSL 0:d92f9d21154c 5808
wolfSSL 0:d92f9d21154c 5809 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5810 }
wolfSSL 0:d92f9d21154c 5811
wolfSSL 0:d92f9d21154c 5812
wolfSSL 0:d92f9d21154c 5813 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 5814
wolfSSL 0:d92f9d21154c 5815 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 0:d92f9d21154c 5816 WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
wolfSSL 0:d92f9d21154c 5817 {
wolfSSL 0:d92f9d21154c 5818 WOLFSSL_SESSION* ret = NULL;
wolfSSL 0:d92f9d21154c 5819 word32 row;
wolfSSL 0:d92f9d21154c 5820 int idx;
wolfSSL 0:d92f9d21154c 5821 int count;
wolfSSL 0:d92f9d21154c 5822 int error = 0;
wolfSSL 0:d92f9d21154c 5823
wolfSSL 0:d92f9d21154c 5824 WOLFSSL_ENTER("GetSessionClient");
wolfSSL 0:d92f9d21154c 5825
wolfSSL 0:d92f9d21154c 5826 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 0:d92f9d21154c 5827 return NULL;
wolfSSL 0:d92f9d21154c 5828
wolfSSL 0:d92f9d21154c 5829 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:d92f9d21154c 5830 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 0:d92f9d21154c 5831 if (error != 0) {
wolfSSL 0:d92f9d21154c 5832 WOLFSSL_MSG("Hash session failed");
wolfSSL 0:d92f9d21154c 5833 return NULL;
wolfSSL 0:d92f9d21154c 5834 }
wolfSSL 0:d92f9d21154c 5835
wolfSSL 0:d92f9d21154c 5836 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 5837 WOLFSSL_MSG("Lock session mutex failed");
wolfSSL 0:d92f9d21154c 5838 return NULL;
wolfSSL 0:d92f9d21154c 5839 }
wolfSSL 0:d92f9d21154c 5840
wolfSSL 0:d92f9d21154c 5841 /* start from most recently used */
wolfSSL 0:d92f9d21154c 5842 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:d92f9d21154c 5843 idx = ClientCache[row].nextIdx - 1;
wolfSSL 0:d92f9d21154c 5844 if (idx < 0)
wolfSSL 0:d92f9d21154c 5845 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:d92f9d21154c 5846
wolfSSL 0:d92f9d21154c 5847 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:d92f9d21154c 5848 WOLFSSL_SESSION* current;
wolfSSL 0:d92f9d21154c 5849 ClientSession clSess;
wolfSSL 0:d92f9d21154c 5850
wolfSSL 0:d92f9d21154c 5851 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:d92f9d21154c 5852 WOLFSSL_MSG("Bad idx");
wolfSSL 0:d92f9d21154c 5853 break;
wolfSSL 0:d92f9d21154c 5854 }
wolfSSL 0:d92f9d21154c 5855
wolfSSL 0:d92f9d21154c 5856 clSess = ClientCache[row].Clients[idx];
wolfSSL 0:d92f9d21154c 5857
wolfSSL 0:d92f9d21154c 5858 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 0:d92f9d21154c 5859 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 0:d92f9d21154c 5860 WOLFSSL_MSG("Found a serverid match for client");
wolfSSL 0:d92f9d21154c 5861 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:d92f9d21154c 5862 WOLFSSL_MSG("Session valid");
wolfSSL 0:d92f9d21154c 5863 ret = current;
wolfSSL 0:d92f9d21154c 5864 break;
wolfSSL 0:d92f9d21154c 5865 } else {
wolfSSL 0:d92f9d21154c 5866 WOLFSSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 0:d92f9d21154c 5867 }
wolfSSL 0:d92f9d21154c 5868 } else {
wolfSSL 0:d92f9d21154c 5869 WOLFSSL_MSG("ServerID not a match from client table");
wolfSSL 0:d92f9d21154c 5870 }
wolfSSL 0:d92f9d21154c 5871 }
wolfSSL 0:d92f9d21154c 5872
wolfSSL 0:d92f9d21154c 5873 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 5874
wolfSSL 0:d92f9d21154c 5875 return ret;
wolfSSL 0:d92f9d21154c 5876 }
wolfSSL 0:d92f9d21154c 5877
wolfSSL 0:d92f9d21154c 5878 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 5879
wolfSSL 0:d92f9d21154c 5880
wolfSSL 0:d92f9d21154c 5881 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
wolfSSL 0:d92f9d21154c 5882 {
wolfSSL 0:d92f9d21154c 5883 WOLFSSL_SESSION* ret = 0;
wolfSSL 0:d92f9d21154c 5884 const byte* id = NULL;
wolfSSL 0:d92f9d21154c 5885 word32 row;
wolfSSL 0:d92f9d21154c 5886 int idx;
wolfSSL 0:d92f9d21154c 5887 int count;
wolfSSL 0:d92f9d21154c 5888 int error = 0;
wolfSSL 0:d92f9d21154c 5889
wolfSSL 0:d92f9d21154c 5890 if (ssl->options.sessionCacheOff)
wolfSSL 0:d92f9d21154c 5891 return NULL;
wolfSSL 0:d92f9d21154c 5892
wolfSSL 0:d92f9d21154c 5893 if (ssl->options.haveSessionId == 0)
wolfSSL 0:d92f9d21154c 5894 return NULL;
wolfSSL 0:d92f9d21154c 5895
wolfSSL 0:d92f9d21154c 5896 #ifdef HAVE_SESSION_TICKET
wolfSSL 0:d92f9d21154c 5897 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 0:d92f9d21154c 5898 return NULL;
wolfSSL 0:d92f9d21154c 5899 #endif
wolfSSL 0:d92f9d21154c 5900
wolfSSL 0:d92f9d21154c 5901 if (ssl->arrays)
wolfSSL 0:d92f9d21154c 5902 id = ssl->arrays->sessionID;
wolfSSL 0:d92f9d21154c 5903 else
wolfSSL 0:d92f9d21154c 5904 id = ssl->session.sessionID;
wolfSSL 0:d92f9d21154c 5905
wolfSSL 0:d92f9d21154c 5906 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:d92f9d21154c 5907 if (error != 0) {
wolfSSL 0:d92f9d21154c 5908 WOLFSSL_MSG("Hash session failed");
wolfSSL 0:d92f9d21154c 5909 return NULL;
wolfSSL 0:d92f9d21154c 5910 }
wolfSSL 0:d92f9d21154c 5911
wolfSSL 0:d92f9d21154c 5912 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 5913 return 0;
wolfSSL 0:d92f9d21154c 5914
wolfSSL 0:d92f9d21154c 5915 /* start from most recently used */
wolfSSL 0:d92f9d21154c 5916 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:d92f9d21154c 5917 idx = SessionCache[row].nextIdx - 1;
wolfSSL 0:d92f9d21154c 5918 if (idx < 0)
wolfSSL 0:d92f9d21154c 5919 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:d92f9d21154c 5920
wolfSSL 0:d92f9d21154c 5921 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:d92f9d21154c 5922 WOLFSSL_SESSION* current;
wolfSSL 0:d92f9d21154c 5923
wolfSSL 0:d92f9d21154c 5924 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:d92f9d21154c 5925 WOLFSSL_MSG("Bad idx");
wolfSSL 0:d92f9d21154c 5926 break;
wolfSSL 0:d92f9d21154c 5927 }
wolfSSL 0:d92f9d21154c 5928
wolfSSL 0:d92f9d21154c 5929 current = &SessionCache[row].Sessions[idx];
wolfSSL 0:d92f9d21154c 5930 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 0:d92f9d21154c 5931 WOLFSSL_MSG("Found a session match");
wolfSSL 0:d92f9d21154c 5932 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:d92f9d21154c 5933 WOLFSSL_MSG("Session valid");
wolfSSL 0:d92f9d21154c 5934 ret = current;
wolfSSL 0:d92f9d21154c 5935 if (masterSecret)
wolfSSL 0:d92f9d21154c 5936 XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
wolfSSL 0:d92f9d21154c 5937 } else {
wolfSSL 0:d92f9d21154c 5938 WOLFSSL_MSG("Session timed out");
wolfSSL 0:d92f9d21154c 5939 }
wolfSSL 0:d92f9d21154c 5940 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 0:d92f9d21154c 5941 } else {
wolfSSL 0:d92f9d21154c 5942 WOLFSSL_MSG("SessionID not a match at this idx");
wolfSSL 0:d92f9d21154c 5943 }
wolfSSL 0:d92f9d21154c 5944 }
wolfSSL 0:d92f9d21154c 5945
wolfSSL 0:d92f9d21154c 5946 UnLockMutex(&session_mutex);
wolfSSL 0:d92f9d21154c 5947
wolfSSL 0:d92f9d21154c 5948 return ret;
wolfSSL 0:d92f9d21154c 5949 }
wolfSSL 0:d92f9d21154c 5950
wolfSSL 0:d92f9d21154c 5951
wolfSSL 0:d92f9d21154c 5952 int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 5953 {
wolfSSL 0:d92f9d21154c 5954 if (ssl->options.sessionCacheOff)
wolfSSL 0:d92f9d21154c 5955 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 5956
wolfSSL 0:d92f9d21154c 5957 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 0:d92f9d21154c 5958 ssl->session = *session;
wolfSSL 0:d92f9d21154c 5959 ssl->options.resuming = 1;
wolfSSL 0:d92f9d21154c 5960
wolfSSL 0:d92f9d21154c 5961 #ifdef SESSION_CERTS
wolfSSL 0:d92f9d21154c 5962 ssl->version = session->version;
wolfSSL 0:d92f9d21154c 5963 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 0:d92f9d21154c 5964 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 0:d92f9d21154c 5965 #endif
wolfSSL 0:d92f9d21154c 5966
wolfSSL 0:d92f9d21154c 5967 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 5968 }
wolfSSL 0:d92f9d21154c 5969 return SSL_FAILURE; /* session timed out */
wolfSSL 0:d92f9d21154c 5970 }
wolfSSL 0:d92f9d21154c 5971
wolfSSL 0:d92f9d21154c 5972
wolfSSL 0:d92f9d21154c 5973 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 0:d92f9d21154c 5974 static int get_locked_session_stats(word32* active, word32* total,
wolfSSL 0:d92f9d21154c 5975 word32* peak);
wolfSSL 0:d92f9d21154c 5976 #endif
wolfSSL 0:d92f9d21154c 5977
wolfSSL 0:d92f9d21154c 5978 int AddSession(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 5979 {
wolfSSL 0:d92f9d21154c 5980 word32 row, idx;
wolfSSL 0:d92f9d21154c 5981 int error = 0;
wolfSSL 0:d92f9d21154c 5982
wolfSSL 0:d92f9d21154c 5983 if (ssl->options.sessionCacheOff)
wolfSSL 0:d92f9d21154c 5984 return 0;
wolfSSL 0:d92f9d21154c 5985
wolfSSL 0:d92f9d21154c 5986 if (ssl->options.haveSessionId == 0)
wolfSSL 0:d92f9d21154c 5987 return 0;
wolfSSL 0:d92f9d21154c 5988
wolfSSL 0:d92f9d21154c 5989 #ifdef HAVE_SESSION_TICKET
wolfSSL 0:d92f9d21154c 5990 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 0:d92f9d21154c 5991 return 0;
wolfSSL 0:d92f9d21154c 5992 #endif
wolfSSL 0:d92f9d21154c 5993
wolfSSL 0:d92f9d21154c 5994 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:d92f9d21154c 5995 if (error != 0) {
wolfSSL 0:d92f9d21154c 5996 WOLFSSL_MSG("Hash session failed");
wolfSSL 0:d92f9d21154c 5997 return error;
wolfSSL 0:d92f9d21154c 5998 }
wolfSSL 0:d92f9d21154c 5999
wolfSSL 0:d92f9d21154c 6000 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 6001 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6002
wolfSSL 0:d92f9d21154c 6003 idx = SessionCache[row].nextIdx++;
wolfSSL 0:d92f9d21154c 6004 #ifdef SESSION_INDEX
wolfSSL 0:d92f9d21154c 6005 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 0:d92f9d21154c 6006 #endif
wolfSSL 0:d92f9d21154c 6007
wolfSSL 0:d92f9d21154c 6008 XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
wolfSSL 0:d92f9d21154c 6009 ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 0:d92f9d21154c 6010 XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
wolfSSL 0:d92f9d21154c 6011 ID_LEN);
wolfSSL 0:d92f9d21154c 6012 SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 0:d92f9d21154c 6013
wolfSSL 0:d92f9d21154c 6014 SessionCache[row].Sessions[idx].timeout = ssl->timeout;
wolfSSL 0:d92f9d21154c 6015 SessionCache[row].Sessions[idx].bornOn = LowResTimer();
wolfSSL 0:d92f9d21154c 6016
wolfSSL 0:d92f9d21154c 6017 #ifdef HAVE_SESSION_TICKET
wolfSSL 0:d92f9d21154c 6018 SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
wolfSSL 0:d92f9d21154c 6019 XMEMCPY(SessionCache[row].Sessions[idx].ticket,
wolfSSL 0:d92f9d21154c 6020 ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 0:d92f9d21154c 6021 #endif
wolfSSL 0:d92f9d21154c 6022
wolfSSL 0:d92f9d21154c 6023 #ifdef SESSION_CERTS
wolfSSL 0:d92f9d21154c 6024 SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
wolfSSL 0:d92f9d21154c 6025 XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
wolfSSL 0:d92f9d21154c 6026 ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL 0:d92f9d21154c 6027
wolfSSL 0:d92f9d21154c 6028 SessionCache[row].Sessions[idx].version = ssl->version;
wolfSSL 0:d92f9d21154c 6029 SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 0:d92f9d21154c 6030 SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
wolfSSL 0:d92f9d21154c 6031 #endif /* SESSION_CERTS */
wolfSSL 0:d92f9d21154c 6032
wolfSSL 0:d92f9d21154c 6033 SessionCache[row].totalCount++;
wolfSSL 0:d92f9d21154c 6034 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:d92f9d21154c 6035 SessionCache[row].nextIdx = 0;
wolfSSL 0:d92f9d21154c 6036
wolfSSL 0:d92f9d21154c 6037 #ifndef NO_CLIENT_CACHE
wolfSSL 0:d92f9d21154c 6038 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 0:d92f9d21154c 6039 word32 clientRow, clientIdx;
wolfSSL 0:d92f9d21154c 6040
wolfSSL 0:d92f9d21154c 6041 WOLFSSL_MSG("Adding client cache entry");
wolfSSL 0:d92f9d21154c 6042
wolfSSL 0:d92f9d21154c 6043 SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
wolfSSL 0:d92f9d21154c 6044 XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
wolfSSL 0:d92f9d21154c 6045 ssl->session.idLen);
wolfSSL 0:d92f9d21154c 6046
wolfSSL 0:d92f9d21154c 6047 clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
wolfSSL 0:d92f9d21154c 6048 &error) % SESSION_ROWS;
wolfSSL 0:d92f9d21154c 6049 if (error != 0) {
wolfSSL 0:d92f9d21154c 6050 WOLFSSL_MSG("Hash session failed");
wolfSSL 0:d92f9d21154c 6051 } else {
wolfSSL 0:d92f9d21154c 6052 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 0:d92f9d21154c 6053
wolfSSL 0:d92f9d21154c 6054 ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
wolfSSL 0:d92f9d21154c 6055 ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
wolfSSL 0:d92f9d21154c 6056
wolfSSL 0:d92f9d21154c 6057 ClientCache[clientRow].totalCount++;
wolfSSL 0:d92f9d21154c 6058 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:d92f9d21154c 6059 ClientCache[clientRow].nextIdx = 0;
wolfSSL 0:d92f9d21154c 6060 }
wolfSSL 0:d92f9d21154c 6061 }
wolfSSL 0:d92f9d21154c 6062 else
wolfSSL 0:d92f9d21154c 6063 SessionCache[row].Sessions[idx].idLen = 0;
wolfSSL 0:d92f9d21154c 6064 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:d92f9d21154c 6065
wolfSSL 0:d92f9d21154c 6066 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 0:d92f9d21154c 6067 if (error == 0) {
wolfSSL 0:d92f9d21154c 6068 word32 active = 0;
wolfSSL 0:d92f9d21154c 6069
wolfSSL 0:d92f9d21154c 6070 error = get_locked_session_stats(&active, NULL, NULL);
wolfSSL 0:d92f9d21154c 6071 if (error == SSL_SUCCESS) {
wolfSSL 0:d92f9d21154c 6072 error = 0; /* back to this function ok */
wolfSSL 0:d92f9d21154c 6073
wolfSSL 0:d92f9d21154c 6074 if (active > PeakSessions)
wolfSSL 0:d92f9d21154c 6075 PeakSessions = active;
wolfSSL 0:d92f9d21154c 6076 }
wolfSSL 0:d92f9d21154c 6077 }
wolfSSL 0:d92f9d21154c 6078 #endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
wolfSSL 0:d92f9d21154c 6079
wolfSSL 0:d92f9d21154c 6080 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 6081 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6082
wolfSSL 0:d92f9d21154c 6083 return error;
wolfSSL 0:d92f9d21154c 6084 }
wolfSSL 0:d92f9d21154c 6085
wolfSSL 0:d92f9d21154c 6086
wolfSSL 0:d92f9d21154c 6087 #ifdef SESSION_INDEX
wolfSSL 0:d92f9d21154c 6088
wolfSSL 0:d92f9d21154c 6089 int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6090 {
wolfSSL 0:d92f9d21154c 6091 WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
wolfSSL 0:d92f9d21154c 6092 WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 0:d92f9d21154c 6093 return ssl->sessionIndex;
wolfSSL 0:d92f9d21154c 6094 }
wolfSSL 0:d92f9d21154c 6095
wolfSSL 0:d92f9d21154c 6096
wolfSSL 0:d92f9d21154c 6097 int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 6098 {
wolfSSL 0:d92f9d21154c 6099 int row, col, result = SSL_FAILURE;
wolfSSL 0:d92f9d21154c 6100
wolfSSL 0:d92f9d21154c 6101 WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
wolfSSL 0:d92f9d21154c 6102
wolfSSL 0:d92f9d21154c 6103 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 0:d92f9d21154c 6104 col = idx & SESSIDX_IDX_MASK;
wolfSSL 0:d92f9d21154c 6105
wolfSSL 0:d92f9d21154c 6106 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 6107 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6108 }
wolfSSL 0:d92f9d21154c 6109
wolfSSL 0:d92f9d21154c 6110 if (row < SESSION_ROWS &&
wolfSSL 0:d92f9d21154c 6111 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 0:d92f9d21154c 6112 XMEMCPY(session,
wolfSSL 0:d92f9d21154c 6113 &SessionCache[row].Sessions[col], sizeof(WOLFSSL_SESSION));
wolfSSL 0:d92f9d21154c 6114 result = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6115 }
wolfSSL 0:d92f9d21154c 6116
wolfSSL 0:d92f9d21154c 6117 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 6118 result = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6119
wolfSSL 0:d92f9d21154c 6120 WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
wolfSSL 0:d92f9d21154c 6121 return result;
wolfSSL 0:d92f9d21154c 6122 }
wolfSSL 0:d92f9d21154c 6123
wolfSSL 0:d92f9d21154c 6124 #endif /* SESSION_INDEX */
wolfSSL 0:d92f9d21154c 6125
wolfSSL 0:d92f9d21154c 6126 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL 0:d92f9d21154c 6127
wolfSSL 0:d92f9d21154c 6128 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 6129 {
wolfSSL 0:d92f9d21154c 6130 WOLFSSL_X509_CHAIN* chain = NULL;
wolfSSL 0:d92f9d21154c 6131
wolfSSL 0:d92f9d21154c 6132 WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
wolfSSL 0:d92f9d21154c 6133 if (session)
wolfSSL 0:d92f9d21154c 6134 chain = &session->chain;
wolfSSL 0:d92f9d21154c 6135
wolfSSL 0:d92f9d21154c 6136 WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 0:d92f9d21154c 6137 return chain;
wolfSSL 0:d92f9d21154c 6138 }
wolfSSL 0:d92f9d21154c 6139
wolfSSL 0:d92f9d21154c 6140 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 0:d92f9d21154c 6141
wolfSSL 0:d92f9d21154c 6142
wolfSSL 0:d92f9d21154c 6143 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 0:d92f9d21154c 6144
wolfSSL 0:d92f9d21154c 6145 /* requires session_mutex lock held, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 6146 static int get_locked_session_stats(word32* active, word32* total, word32* peak)
wolfSSL 0:d92f9d21154c 6147 {
wolfSSL 0:d92f9d21154c 6148 int result = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6149 int i;
wolfSSL 0:d92f9d21154c 6150 int count;
wolfSSL 0:d92f9d21154c 6151 int idx;
wolfSSL 0:d92f9d21154c 6152 word32 now = 0;
wolfSSL 0:d92f9d21154c 6153 word32 seen = 0;
wolfSSL 0:d92f9d21154c 6154 word32 ticks = LowResTimer();
wolfSSL 0:d92f9d21154c 6155
wolfSSL 0:d92f9d21154c 6156 (void)peak;
wolfSSL 0:d92f9d21154c 6157
wolfSSL 0:d92f9d21154c 6158 WOLFSSL_ENTER("get_locked_session_stats");
wolfSSL 0:d92f9d21154c 6159
wolfSSL 0:d92f9d21154c 6160 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:d92f9d21154c 6161 seen += SessionCache[i].totalCount;
wolfSSL 0:d92f9d21154c 6162
wolfSSL 0:d92f9d21154c 6163 if (active == NULL)
wolfSSL 0:d92f9d21154c 6164 continue; /* no need to calculate what we can't set */
wolfSSL 0:d92f9d21154c 6165
wolfSSL 0:d92f9d21154c 6166 count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:d92f9d21154c 6167 idx = SessionCache[i].nextIdx - 1;
wolfSSL 0:d92f9d21154c 6168 if (idx < 0)
wolfSSL 0:d92f9d21154c 6169 idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
wolfSSL 0:d92f9d21154c 6170
wolfSSL 0:d92f9d21154c 6171 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:d92f9d21154c 6172 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:d92f9d21154c 6173 WOLFSSL_MSG("Bad idx");
wolfSSL 0:d92f9d21154c 6174 break;
wolfSSL 0:d92f9d21154c 6175 }
wolfSSL 0:d92f9d21154c 6176
wolfSSL 0:d92f9d21154c 6177 /* if not expried then good */
wolfSSL 0:d92f9d21154c 6178 if (ticks < (SessionCache[i].Sessions[idx].bornOn +
wolfSSL 0:d92f9d21154c 6179 SessionCache[i].Sessions[idx].timeout) ) {
wolfSSL 0:d92f9d21154c 6180 now++;
wolfSSL 0:d92f9d21154c 6181 }
wolfSSL 0:d92f9d21154c 6182 }
wolfSSL 0:d92f9d21154c 6183 }
wolfSSL 0:d92f9d21154c 6184
wolfSSL 0:d92f9d21154c 6185 if (active)
wolfSSL 0:d92f9d21154c 6186 *active = now;
wolfSSL 0:d92f9d21154c 6187
wolfSSL 0:d92f9d21154c 6188 if (total)
wolfSSL 0:d92f9d21154c 6189 *total = seen;
wolfSSL 0:d92f9d21154c 6190
wolfSSL 0:d92f9d21154c 6191 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 0:d92f9d21154c 6192 if (peak)
wolfSSL 0:d92f9d21154c 6193 *peak = PeakSessions;
wolfSSL 0:d92f9d21154c 6194 #endif
wolfSSL 0:d92f9d21154c 6195
wolfSSL 0:d92f9d21154c 6196 WOLFSSL_LEAVE("get_locked_session_stats", result);
wolfSSL 0:d92f9d21154c 6197
wolfSSL 0:d92f9d21154c 6198 return result;
wolfSSL 0:d92f9d21154c 6199 }
wolfSSL 0:d92f9d21154c 6200
wolfSSL 0:d92f9d21154c 6201
wolfSSL 0:d92f9d21154c 6202 /* return SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 6203 int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
wolfSSL 0:d92f9d21154c 6204 word32* maxSessions)
wolfSSL 0:d92f9d21154c 6205 {
wolfSSL 0:d92f9d21154c 6206 int result = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6207
wolfSSL 0:d92f9d21154c 6208 WOLFSSL_ENTER("wolfSSL_get_session_stats");
wolfSSL 0:d92f9d21154c 6209
wolfSSL 0:d92f9d21154c 6210 if (maxSessions) {
wolfSSL 0:d92f9d21154c 6211 *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 0:d92f9d21154c 6212
wolfSSL 0:d92f9d21154c 6213 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 0:d92f9d21154c 6214 return result; /* we're done */
wolfSSL 0:d92f9d21154c 6215 }
wolfSSL 0:d92f9d21154c 6216
wolfSSL 0:d92f9d21154c 6217 /* user must provide at least one query value */
wolfSSL 0:d92f9d21154c 6218 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 0:d92f9d21154c 6219 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 6220
wolfSSL 0:d92f9d21154c 6221 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:d92f9d21154c 6222 return BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6223 }
wolfSSL 0:d92f9d21154c 6224
wolfSSL 0:d92f9d21154c 6225 result = get_locked_session_stats(active, total, peak);
wolfSSL 0:d92f9d21154c 6226
wolfSSL 0:d92f9d21154c 6227 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:d92f9d21154c 6228 result = BAD_MUTEX_E;
wolfSSL 0:d92f9d21154c 6229
wolfSSL 0:d92f9d21154c 6230 WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
wolfSSL 0:d92f9d21154c 6231
wolfSSL 0:d92f9d21154c 6232 return result;
wolfSSL 0:d92f9d21154c 6233 }
wolfSSL 0:d92f9d21154c 6234
wolfSSL 0:d92f9d21154c 6235 #endif /* WOLFSSL_SESSION_STATS */
wolfSSL 0:d92f9d21154c 6236
wolfSSL 0:d92f9d21154c 6237
wolfSSL 0:d92f9d21154c 6238 #ifdef PRINT_SESSION_STATS
wolfSSL 0:d92f9d21154c 6239
wolfSSL 0:d92f9d21154c 6240 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 6241 int wolfSSL_PrintSessionStats(void)
wolfSSL 0:d92f9d21154c 6242 {
wolfSSL 0:d92f9d21154c 6243 word32 totalSessionsSeen = 0;
wolfSSL 0:d92f9d21154c 6244 word32 totalSessionsNow = 0;
wolfSSL 0:d92f9d21154c 6245 word32 peak = 0;
wolfSSL 0:d92f9d21154c 6246 word32 maxSessions = 0;
wolfSSL 0:d92f9d21154c 6247 int i;
wolfSSL 0:d92f9d21154c 6248 int ret;
wolfSSL 0:d92f9d21154c 6249 double E; /* expected freq */
wolfSSL 0:d92f9d21154c 6250 double chiSquare = 0;
wolfSSL 0:d92f9d21154c 6251
wolfSSL 0:d92f9d21154c 6252 ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
wolfSSL 0:d92f9d21154c 6253 &peak, &maxSessions);
wolfSSL 0:d92f9d21154c 6254 if (ret != SSL_SUCCESS)
wolfSSL 0:d92f9d21154c 6255 return ret;
wolfSSL 0:d92f9d21154c 6256 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 0:d92f9d21154c 6257 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 0:d92f9d21154c 6258 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 0:d92f9d21154c 6259 printf("Peak Sessions = %d\n", peak);
wolfSSL 0:d92f9d21154c 6260 #endif
wolfSSL 0:d92f9d21154c 6261 printf("Max Sessions = %d\n", maxSessions);
wolfSSL 0:d92f9d21154c 6262
wolfSSL 0:d92f9d21154c 6263 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 0:d92f9d21154c 6264
wolfSSL 0:d92f9d21154c 6265 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:d92f9d21154c 6266 double diff = SessionCache[i].totalCount - E;
wolfSSL 0:d92f9d21154c 6267 diff *= diff; /* square */
wolfSSL 0:d92f9d21154c 6268 diff /= E; /* normalize */
wolfSSL 0:d92f9d21154c 6269
wolfSSL 0:d92f9d21154c 6270 chiSquare += diff;
wolfSSL 0:d92f9d21154c 6271 }
wolfSSL 0:d92f9d21154c 6272 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 0:d92f9d21154c 6273 SESSION_ROWS - 1);
wolfSSL 0:d92f9d21154c 6274 #if (SESSION_ROWS == 11)
wolfSSL 0:d92f9d21154c 6275 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 0:d92f9d21154c 6276 #elif (SESSION_ROWS == 211)
wolfSSL 0:d92f9d21154c 6277 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 0:d92f9d21154c 6278 #elif (SESSION_ROWS == 5981)
wolfSSL 0:d92f9d21154c 6279 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 0:d92f9d21154c 6280 #elif (SESSION_ROWS == 3)
wolfSSL 0:d92f9d21154c 6281 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 0:d92f9d21154c 6282 #elif (SESSION_ROWS == 2861)
wolfSSL 0:d92f9d21154c 6283 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 0:d92f9d21154c 6284 #endif
wolfSSL 0:d92f9d21154c 6285 printf("\n");
wolfSSL 0:d92f9d21154c 6286
wolfSSL 0:d92f9d21154c 6287 return ret;
wolfSSL 0:d92f9d21154c 6288 }
wolfSSL 0:d92f9d21154c 6289
wolfSSL 0:d92f9d21154c 6290 #endif /* SESSION_STATS */
wolfSSL 0:d92f9d21154c 6291
wolfSSL 0:d92f9d21154c 6292 #else /* NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 6293
wolfSSL 0:d92f9d21154c 6294 /* No session cache version */
wolfSSL 0:d92f9d21154c 6295 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
wolfSSL 0:d92f9d21154c 6296 {
wolfSSL 0:d92f9d21154c 6297 (void)ssl;
wolfSSL 0:d92f9d21154c 6298 (void)masterSecret;
wolfSSL 0:d92f9d21154c 6299
wolfSSL 0:d92f9d21154c 6300 return NULL;
wolfSSL 0:d92f9d21154c 6301 }
wolfSSL 0:d92f9d21154c 6302
wolfSSL 0:d92f9d21154c 6303 #endif /* NO_SESSION_CACHE */
wolfSSL 0:d92f9d21154c 6304
wolfSSL 0:d92f9d21154c 6305
wolfSSL 0:d92f9d21154c 6306 /* call before SSL_connect, if verifying will add name check to
wolfSSL 0:d92f9d21154c 6307 date check and signature check */
wolfSSL 0:d92f9d21154c 6308 int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
wolfSSL 0:d92f9d21154c 6309 {
wolfSSL 0:d92f9d21154c 6310 WOLFSSL_ENTER("wolfSSL_check_domain_name");
wolfSSL 0:d92f9d21154c 6311 if (ssl->buffers.domainName.buffer)
wolfSSL 0:d92f9d21154c 6312 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:d92f9d21154c 6313
wolfSSL 0:d92f9d21154c 6314 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL 0:d92f9d21154c 6315 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL 0:d92f9d21154c 6316 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:d92f9d21154c 6317
wolfSSL 0:d92f9d21154c 6318 if (ssl->buffers.domainName.buffer) {
wolfSSL 0:d92f9d21154c 6319 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL 0:d92f9d21154c 6320 ssl->buffers.domainName.length);
wolfSSL 0:d92f9d21154c 6321 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6322 }
wolfSSL 0:d92f9d21154c 6323 else {
wolfSSL 0:d92f9d21154c 6324 ssl->error = MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 6325 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 6326 }
wolfSSL 0:d92f9d21154c 6327 }
wolfSSL 0:d92f9d21154c 6328
wolfSSL 0:d92f9d21154c 6329
wolfSSL 0:d92f9d21154c 6330 /* turn on wolfSSL zlib compression
wolfSSL 0:d92f9d21154c 6331 returns SSL_SUCCESS for success, else error (not built in)
wolfSSL 0:d92f9d21154c 6332 */
wolfSSL 0:d92f9d21154c 6333 int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6334 {
wolfSSL 0:d92f9d21154c 6335 WOLFSSL_ENTER("wolfSSL_set_compression");
wolfSSL 0:d92f9d21154c 6336 (void)ssl;
wolfSSL 0:d92f9d21154c 6337 #ifdef HAVE_LIBZ
wolfSSL 0:d92f9d21154c 6338 ssl->options.usingCompression = 1;
wolfSSL 0:d92f9d21154c 6339 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6340 #else
wolfSSL 0:d92f9d21154c 6341 return NOT_COMPILED_IN;
wolfSSL 0:d92f9d21154c 6342 #endif
wolfSSL 0:d92f9d21154c 6343 }
wolfSSL 0:d92f9d21154c 6344
wolfSSL 0:d92f9d21154c 6345
wolfSSL 0:d92f9d21154c 6346 #ifndef USE_WINDOWS_API
wolfSSL 0:d92f9d21154c 6347 #ifndef NO_WRITEV
wolfSSL 0:d92f9d21154c 6348
wolfSSL 0:d92f9d21154c 6349 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 0:d92f9d21154c 6350 because of SSL_write behavior and because front adds may be small */
wolfSSL 0:d92f9d21154c 6351 int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 0:d92f9d21154c 6352 {
wolfSSL 0:d92f9d21154c 6353 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 6354 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 6355 #else
wolfSSL 0:d92f9d21154c 6356 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 6357 #endif
wolfSSL 0:d92f9d21154c 6358 byte* myBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 6359 int dynamic = 0;
wolfSSL 0:d92f9d21154c 6360 int sending = 0;
wolfSSL 0:d92f9d21154c 6361 int idx = 0;
wolfSSL 0:d92f9d21154c 6362 int i;
wolfSSL 0:d92f9d21154c 6363 int ret;
wolfSSL 0:d92f9d21154c 6364
wolfSSL 0:d92f9d21154c 6365 WOLFSSL_ENTER("wolfSSL_writev");
wolfSSL 0:d92f9d21154c 6366
wolfSSL 0:d92f9d21154c 6367 for (i = 0; i < iovcnt; i++)
wolfSSL 0:d92f9d21154c 6368 sending += (int)iov[i].iov_len;
wolfSSL 0:d92f9d21154c 6369
wolfSSL 0:d92f9d21154c 6370 if (sending > (int)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 6371 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
wolfSSL 0:d92f9d21154c 6372 DYNAMIC_TYPE_WRITEV);
wolfSSL 0:d92f9d21154c 6373 if (!myBuffer)
wolfSSL 0:d92f9d21154c 6374 return MEMORY_ERROR;
wolfSSL 0:d92f9d21154c 6375
wolfSSL 0:d92f9d21154c 6376 dynamic = 1;
wolfSSL 0:d92f9d21154c 6377 }
wolfSSL 0:d92f9d21154c 6378
wolfSSL 0:d92f9d21154c 6379 for (i = 0; i < iovcnt; i++) {
wolfSSL 0:d92f9d21154c 6380 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 0:d92f9d21154c 6381 idx += (int)iov[i].iov_len;
wolfSSL 0:d92f9d21154c 6382 }
wolfSSL 0:d92f9d21154c 6383
wolfSSL 0:d92f9d21154c 6384 ret = wolfSSL_write(ssl, myBuffer, sending);
wolfSSL 0:d92f9d21154c 6385
wolfSSL 0:d92f9d21154c 6386 if (dynamic)
wolfSSL 0:d92f9d21154c 6387 XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 0:d92f9d21154c 6388
wolfSSL 0:d92f9d21154c 6389 return ret;
wolfSSL 0:d92f9d21154c 6390 }
wolfSSL 0:d92f9d21154c 6391 #endif
wolfSSL 0:d92f9d21154c 6392 #endif
wolfSSL 0:d92f9d21154c 6393
wolfSSL 0:d92f9d21154c 6394
wolfSSL 0:d92f9d21154c 6395 #ifdef WOLFSSL_CALLBACKS
wolfSSL 0:d92f9d21154c 6396
wolfSSL 0:d92f9d21154c 6397 typedef struct itimerval Itimerval;
wolfSSL 0:d92f9d21154c 6398
wolfSSL 0:d92f9d21154c 6399 /* don't keep calling simple functions while setting up timer and singals
wolfSSL 0:d92f9d21154c 6400 if no inlining these are the next best */
wolfSSL 0:d92f9d21154c 6401
wolfSSL 0:d92f9d21154c 6402 #define AddTimes(a, b, c) \
wolfSSL 0:d92f9d21154c 6403 do { \
wolfSSL 0:d92f9d21154c 6404 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 0:d92f9d21154c 6405 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 0:d92f9d21154c 6406 if (c.tv_usec >= 1000000) { \
wolfSSL 0:d92f9d21154c 6407 c.tv_sec++; \
wolfSSL 0:d92f9d21154c 6408 c.tv_usec -= 1000000; \
wolfSSL 0:d92f9d21154c 6409 } \
wolfSSL 0:d92f9d21154c 6410 } while (0)
wolfSSL 0:d92f9d21154c 6411
wolfSSL 0:d92f9d21154c 6412
wolfSSL 0:d92f9d21154c 6413 #define SubtractTimes(a, b, c) \
wolfSSL 0:d92f9d21154c 6414 do { \
wolfSSL 0:d92f9d21154c 6415 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 0:d92f9d21154c 6416 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 0:d92f9d21154c 6417 if (c.tv_usec < 0) { \
wolfSSL 0:d92f9d21154c 6418 c.tv_sec--; \
wolfSSL 0:d92f9d21154c 6419 c.tv_usec += 1000000; \
wolfSSL 0:d92f9d21154c 6420 } \
wolfSSL 0:d92f9d21154c 6421 } while (0)
wolfSSL 0:d92f9d21154c 6422
wolfSSL 0:d92f9d21154c 6423 #define CmpTimes(a, b, cmp) \
wolfSSL 0:d92f9d21154c 6424 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 0:d92f9d21154c 6425 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 0:d92f9d21154c 6426 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 0:d92f9d21154c 6427
wolfSSL 0:d92f9d21154c 6428
wolfSSL 0:d92f9d21154c 6429 /* do nothing handler */
wolfSSL 0:d92f9d21154c 6430 static void myHandler(int signo)
wolfSSL 0:d92f9d21154c 6431 {
wolfSSL 0:d92f9d21154c 6432 (void)signo;
wolfSSL 0:d92f9d21154c 6433 return;
wolfSSL 0:d92f9d21154c 6434 }
wolfSSL 0:d92f9d21154c 6435
wolfSSL 0:d92f9d21154c 6436
wolfSSL 0:d92f9d21154c 6437 static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:d92f9d21154c 6438 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:d92f9d21154c 6439 {
wolfSSL 0:d92f9d21154c 6440 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 6441 int oldTimerOn = 0; /* was timer already on */
wolfSSL 0:d92f9d21154c 6442 Timeval startTime;
wolfSSL 0:d92f9d21154c 6443 Timeval endTime;
wolfSSL 0:d92f9d21154c 6444 Timeval totalTime;
wolfSSL 0:d92f9d21154c 6445 Itimerval myTimeout;
wolfSSL 0:d92f9d21154c 6446 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 0:d92f9d21154c 6447 struct sigaction act, oact;
wolfSSL 0:d92f9d21154c 6448
wolfSSL 0:d92f9d21154c 6449 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 0:d92f9d21154c 6450
wolfSSL 0:d92f9d21154c 6451 if (hsCb) {
wolfSSL 0:d92f9d21154c 6452 ssl->hsInfoOn = 1;
wolfSSL 0:d92f9d21154c 6453 InitHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 0:d92f9d21154c 6454 }
wolfSSL 0:d92f9d21154c 6455 if (toCb) {
wolfSSL 0:d92f9d21154c 6456 ssl->toInfoOn = 1;
wolfSSL 0:d92f9d21154c 6457 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 0:d92f9d21154c 6458
wolfSSL 0:d92f9d21154c 6459 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 0:d92f9d21154c 6460 ERR_OUT(GETTIME_ERROR);
wolfSSL 0:d92f9d21154c 6461
wolfSSL 0:d92f9d21154c 6462 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 0:d92f9d21154c 6463 myTimeout.it_interval.tv_sec = 0;
wolfSSL 0:d92f9d21154c 6464 myTimeout.it_interval.tv_usec = 0;
wolfSSL 0:d92f9d21154c 6465 myTimeout.it_value.tv_sec = 0;
wolfSSL 0:d92f9d21154c 6466 myTimeout.it_value.tv_usec = 0;
wolfSSL 0:d92f9d21154c 6467 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 0:d92f9d21154c 6468 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:d92f9d21154c 6469
wolfSSL 0:d92f9d21154c 6470 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 0:d92f9d21154c 6471 oldTimerOn = 1;
wolfSSL 0:d92f9d21154c 6472
wolfSSL 0:d92f9d21154c 6473 /* is old timer going to expire before ours */
wolfSSL 0:d92f9d21154c 6474 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 0:d92f9d21154c 6475 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 0:d92f9d21154c 6476 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 0:d92f9d21154c 6477 }
wolfSSL 0:d92f9d21154c 6478 }
wolfSSL 0:d92f9d21154c 6479 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 0:d92f9d21154c 6480 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 0:d92f9d21154c 6481
wolfSSL 0:d92f9d21154c 6482 /* set up signal handler, don't restart socket send/recv */
wolfSSL 0:d92f9d21154c 6483 act.sa_handler = myHandler;
wolfSSL 0:d92f9d21154c 6484 sigemptyset(&act.sa_mask);
wolfSSL 0:d92f9d21154c 6485 act.sa_flags = 0;
wolfSSL 0:d92f9d21154c 6486 #ifdef SA_INTERRUPT
wolfSSL 0:d92f9d21154c 6487 act.sa_flags |= SA_INTERRUPT;
wolfSSL 0:d92f9d21154c 6488 #endif
wolfSSL 0:d92f9d21154c 6489 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 0:d92f9d21154c 6490 ERR_OUT(SIGACT_ERROR);
wolfSSL 0:d92f9d21154c 6491
wolfSSL 0:d92f9d21154c 6492 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 0:d92f9d21154c 6493 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:d92f9d21154c 6494 }
wolfSSL 0:d92f9d21154c 6495
wolfSSL 0:d92f9d21154c 6496 /* do main work */
wolfSSL 0:d92f9d21154c 6497 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 6498 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 0:d92f9d21154c 6499 ret = wolfSSL_connect(ssl);
wolfSSL 0:d92f9d21154c 6500 #endif
wolfSSL 0:d92f9d21154c 6501 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 6502 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 0:d92f9d21154c 6503 ret = wolfSSL_accept(ssl);
wolfSSL 0:d92f9d21154c 6504 #endif
wolfSSL 0:d92f9d21154c 6505
wolfSSL 0:d92f9d21154c 6506 /* do callbacks */
wolfSSL 0:d92f9d21154c 6507 if (toCb) {
wolfSSL 0:d92f9d21154c 6508 if (oldTimerOn) {
wolfSSL 0:d92f9d21154c 6509 gettimeofday(&endTime, 0);
wolfSSL 0:d92f9d21154c 6510 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 0:d92f9d21154c 6511 /* adjust old timer for elapsed time */
wolfSSL 0:d92f9d21154c 6512 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 0:d92f9d21154c 6513 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 0:d92f9d21154c 6514 oldTimeout.it_value);
wolfSSL 0:d92f9d21154c 6515 else {
wolfSSL 0:d92f9d21154c 6516 /* reset value to interval, may be off */
wolfSSL 0:d92f9d21154c 6517 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 0:d92f9d21154c 6518 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 0:d92f9d21154c 6519 }
wolfSSL 0:d92f9d21154c 6520 /* keep iter the same whether there or not */
wolfSSL 0:d92f9d21154c 6521 }
wolfSSL 0:d92f9d21154c 6522 /* restore old handler */
wolfSSL 0:d92f9d21154c 6523 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 0:d92f9d21154c 6524 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 0:d92f9d21154c 6525 else
wolfSSL 0:d92f9d21154c 6526 /* use old settings which may turn off (expired or not there) */
wolfSSL 0:d92f9d21154c 6527 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 0:d92f9d21154c 6528 ret = SETITIMER_ERROR;
wolfSSL 0:d92f9d21154c 6529
wolfSSL 0:d92f9d21154c 6530 /* if we had a timeout call callback */
wolfSSL 0:d92f9d21154c 6531 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 0:d92f9d21154c 6532 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 0:d92f9d21154c 6533 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 0:d92f9d21154c 6534 (toCb)(&ssl->timeoutInfo);
wolfSSL 0:d92f9d21154c 6535 }
wolfSSL 0:d92f9d21154c 6536 /* clean up */
wolfSSL 0:d92f9d21154c 6537 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 0:d92f9d21154c 6538 ssl->toInfoOn = 0;
wolfSSL 0:d92f9d21154c 6539 }
wolfSSL 0:d92f9d21154c 6540 if (hsCb) {
wolfSSL 0:d92f9d21154c 6541 FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 0:d92f9d21154c 6542 (hsCb)(&ssl->handShakeInfo);
wolfSSL 0:d92f9d21154c 6543 ssl->hsInfoOn = 0;
wolfSSL 0:d92f9d21154c 6544 }
wolfSSL 0:d92f9d21154c 6545 return ret;
wolfSSL 0:d92f9d21154c 6546 }
wolfSSL 0:d92f9d21154c 6547
wolfSSL 0:d92f9d21154c 6548
wolfSSL 0:d92f9d21154c 6549 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 0:d92f9d21154c 6550
wolfSSL 0:d92f9d21154c 6551 int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:d92f9d21154c 6552 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:d92f9d21154c 6553 {
wolfSSL 0:d92f9d21154c 6554 WOLFSSL_ENTER("wolfSSL_connect_ex");
wolfSSL 0:d92f9d21154c 6555 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:d92f9d21154c 6556 }
wolfSSL 0:d92f9d21154c 6557
wolfSSL 0:d92f9d21154c 6558 #endif
wolfSSL 0:d92f9d21154c 6559
wolfSSL 0:d92f9d21154c 6560
wolfSSL 0:d92f9d21154c 6561 #ifndef NO_WOLFSSL_SERVER
wolfSSL 0:d92f9d21154c 6562
wolfSSL 0:d92f9d21154c 6563 int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:d92f9d21154c 6564 TimeoutCallBack toCb,Timeval timeout)
wolfSSL 0:d92f9d21154c 6565 {
wolfSSL 0:d92f9d21154c 6566 WOLFSSL_ENTER("wolfSSL_accept_ex");
wolfSSL 0:d92f9d21154c 6567 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:d92f9d21154c 6568 }
wolfSSL 0:d92f9d21154c 6569
wolfSSL 0:d92f9d21154c 6570 #endif
wolfSSL 0:d92f9d21154c 6571
wolfSSL 0:d92f9d21154c 6572 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 0:d92f9d21154c 6573
wolfSSL 0:d92f9d21154c 6574
wolfSSL 0:d92f9d21154c 6575 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 6576
wolfSSL 0:d92f9d21154c 6577 void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6578 psk_client_callback cb)
wolfSSL 0:d92f9d21154c 6579 {
wolfSSL 0:d92f9d21154c 6580 WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 0:d92f9d21154c 6581 ctx->havePSK = 1;
wolfSSL 0:d92f9d21154c 6582 ctx->client_psk_cb = cb;
wolfSSL 0:d92f9d21154c 6583 }
wolfSSL 0:d92f9d21154c 6584
wolfSSL 0:d92f9d21154c 6585
wolfSSL 0:d92f9d21154c 6586 void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, psk_client_callback cb)
wolfSSL 0:d92f9d21154c 6587 {
wolfSSL 0:d92f9d21154c 6588 byte haveRSA = 1;
wolfSSL 0:d92f9d21154c 6589
wolfSSL 0:d92f9d21154c 6590 WOLFSSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 0:d92f9d21154c 6591 ssl->options.havePSK = 1;
wolfSSL 0:d92f9d21154c 6592 ssl->options.client_psk_cb = cb;
wolfSSL 0:d92f9d21154c 6593
wolfSSL 0:d92f9d21154c 6594 #ifdef NO_RSA
wolfSSL 0:d92f9d21154c 6595 haveRSA = 0;
wolfSSL 0:d92f9d21154c 6596 #endif
wolfSSL 0:d92f9d21154c 6597 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:d92f9d21154c 6598 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:d92f9d21154c 6599 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:d92f9d21154c 6600 ssl->options.side);
wolfSSL 0:d92f9d21154c 6601 }
wolfSSL 0:d92f9d21154c 6602
wolfSSL 0:d92f9d21154c 6603
wolfSSL 0:d92f9d21154c 6604 void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6605 psk_server_callback cb)
wolfSSL 0:d92f9d21154c 6606 {
wolfSSL 0:d92f9d21154c 6607 WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 0:d92f9d21154c 6608 ctx->havePSK = 1;
wolfSSL 0:d92f9d21154c 6609 ctx->server_psk_cb = cb;
wolfSSL 0:d92f9d21154c 6610 }
wolfSSL 0:d92f9d21154c 6611
wolfSSL 0:d92f9d21154c 6612
wolfSSL 0:d92f9d21154c 6613 void wolfSSL_set_psk_server_callback(WOLFSSL* ssl, psk_server_callback cb)
wolfSSL 0:d92f9d21154c 6614 {
wolfSSL 0:d92f9d21154c 6615 byte haveRSA = 1;
wolfSSL 0:d92f9d21154c 6616
wolfSSL 0:d92f9d21154c 6617 WOLFSSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 0:d92f9d21154c 6618 ssl->options.havePSK = 1;
wolfSSL 0:d92f9d21154c 6619 ssl->options.server_psk_cb = cb;
wolfSSL 0:d92f9d21154c 6620
wolfSSL 0:d92f9d21154c 6621 #ifdef NO_RSA
wolfSSL 0:d92f9d21154c 6622 haveRSA = 0;
wolfSSL 0:d92f9d21154c 6623 #endif
wolfSSL 0:d92f9d21154c 6624 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:d92f9d21154c 6625 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:d92f9d21154c 6626 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:d92f9d21154c 6627 ssl->options.side);
wolfSSL 0:d92f9d21154c 6628 }
wolfSSL 0:d92f9d21154c 6629
wolfSSL 0:d92f9d21154c 6630
wolfSSL 0:d92f9d21154c 6631 const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6632 {
wolfSSL 0:d92f9d21154c 6633 WOLFSSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 0:d92f9d21154c 6634
wolfSSL 0:d92f9d21154c 6635 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:d92f9d21154c 6636 return NULL;
wolfSSL 0:d92f9d21154c 6637
wolfSSL 0:d92f9d21154c 6638 return ssl->arrays->server_hint;
wolfSSL 0:d92f9d21154c 6639 }
wolfSSL 0:d92f9d21154c 6640
wolfSSL 0:d92f9d21154c 6641
wolfSSL 0:d92f9d21154c 6642 const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6643 {
wolfSSL 0:d92f9d21154c 6644 WOLFSSL_ENTER("SSL_get_psk_identity");
wolfSSL 0:d92f9d21154c 6645
wolfSSL 0:d92f9d21154c 6646 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:d92f9d21154c 6647 return NULL;
wolfSSL 0:d92f9d21154c 6648
wolfSSL 0:d92f9d21154c 6649 return ssl->arrays->client_identity;
wolfSSL 0:d92f9d21154c 6650 }
wolfSSL 0:d92f9d21154c 6651
wolfSSL 0:d92f9d21154c 6652
wolfSSL 0:d92f9d21154c 6653 int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint)
wolfSSL 0:d92f9d21154c 6654 {
wolfSSL 0:d92f9d21154c 6655 WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 0:d92f9d21154c 6656 if (hint == 0)
wolfSSL 0:d92f9d21154c 6657 ctx->server_hint[0] = 0;
wolfSSL 0:d92f9d21154c 6658 else {
wolfSSL 0:d92f9d21154c 6659 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:d92f9d21154c 6660 ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:d92f9d21154c 6661 }
wolfSSL 0:d92f9d21154c 6662 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6663 }
wolfSSL 0:d92f9d21154c 6664
wolfSSL 0:d92f9d21154c 6665
wolfSSL 0:d92f9d21154c 6666 int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint)
wolfSSL 0:d92f9d21154c 6667 {
wolfSSL 0:d92f9d21154c 6668 WOLFSSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 0:d92f9d21154c 6669
wolfSSL 0:d92f9d21154c 6670 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:d92f9d21154c 6671 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 6672
wolfSSL 0:d92f9d21154c 6673 if (hint == 0)
wolfSSL 0:d92f9d21154c 6674 ssl->arrays->server_hint[0] = 0;
wolfSSL 0:d92f9d21154c 6675 else {
wolfSSL 0:d92f9d21154c 6676 XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:d92f9d21154c 6677 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:d92f9d21154c 6678 }
wolfSSL 0:d92f9d21154c 6679 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6680 }
wolfSSL 0:d92f9d21154c 6681
wolfSSL 0:d92f9d21154c 6682 #endif /* NO_PSK */
wolfSSL 0:d92f9d21154c 6683
wolfSSL 0:d92f9d21154c 6684
wolfSSL 0:d92f9d21154c 6685 #ifdef HAVE_ANON
wolfSSL 0:d92f9d21154c 6686
wolfSSL 0:d92f9d21154c 6687 int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 6688 {
wolfSSL 0:d92f9d21154c 6689 WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher");
wolfSSL 0:d92f9d21154c 6690
wolfSSL 0:d92f9d21154c 6691 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 6692 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 6693
wolfSSL 0:d92f9d21154c 6694 ctx->haveAnon = 1;
wolfSSL 0:d92f9d21154c 6695
wolfSSL 0:d92f9d21154c 6696 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6697 }
wolfSSL 0:d92f9d21154c 6698
wolfSSL 0:d92f9d21154c 6699 #endif /* HAVE_ANON */
wolfSSL 0:d92f9d21154c 6700
wolfSSL 0:d92f9d21154c 6701
wolfSSL 0:d92f9d21154c 6702 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 6703 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 0:d92f9d21154c 6704
wolfSSL 0:d92f9d21154c 6705 /* wolfSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 0:d92f9d21154c 6706 int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
wolfSSL 0:d92f9d21154c 6707 long sz, int format)
wolfSSL 0:d92f9d21154c 6708 {
wolfSSL 0:d92f9d21154c 6709 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
wolfSSL 0:d92f9d21154c 6710 if (format == SSL_FILETYPE_PEM)
wolfSSL 0:d92f9d21154c 6711 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL 0:d92f9d21154c 6712 else
wolfSSL 0:d92f9d21154c 6713 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL 0:d92f9d21154c 6714 }
wolfSSL 0:d92f9d21154c 6715
wolfSSL 0:d92f9d21154c 6716
wolfSSL 0:d92f9d21154c 6717 int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6718 const unsigned char* in, long sz, int format)
wolfSSL 0:d92f9d21154c 6719 {
wolfSSL 0:d92f9d21154c 6720 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
wolfSSL 0:d92f9d21154c 6721 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL 0:d92f9d21154c 6722 }
wolfSSL 0:d92f9d21154c 6723
wolfSSL 0:d92f9d21154c 6724
wolfSSL 0:d92f9d21154c 6725 int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6726 const unsigned char* in, long sz, int format)
wolfSSL 0:d92f9d21154c 6727 {
wolfSSL 0:d92f9d21154c 6728 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
wolfSSL 0:d92f9d21154c 6729 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL 0:d92f9d21154c 6730 }
wolfSSL 0:d92f9d21154c 6731
wolfSSL 0:d92f9d21154c 6732
wolfSSL 0:d92f9d21154c 6733 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6734 const unsigned char* in, long sz)
wolfSSL 0:d92f9d21154c 6735 {
wolfSSL 0:d92f9d21154c 6736 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer");
wolfSSL 0:d92f9d21154c 6737 return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
wolfSSL 0:d92f9d21154c 6738 NULL, 1);
wolfSSL 0:d92f9d21154c 6739 }
wolfSSL 0:d92f9d21154c 6740
wolfSSL 0:d92f9d21154c 6741 int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 6742 const unsigned char* in, long sz, int format)
wolfSSL 0:d92f9d21154c 6743 {
wolfSSL 0:d92f9d21154c 6744 WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
wolfSSL 0:d92f9d21154c 6745 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL 0:d92f9d21154c 6746 }
wolfSSL 0:d92f9d21154c 6747
wolfSSL 0:d92f9d21154c 6748
wolfSSL 0:d92f9d21154c 6749 int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 6750 const unsigned char* in, long sz, int format)
wolfSSL 0:d92f9d21154c 6751 {
wolfSSL 0:d92f9d21154c 6752 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
wolfSSL 0:d92f9d21154c 6753 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 0:d92f9d21154c 6754 ssl, NULL, 0);
wolfSSL 0:d92f9d21154c 6755 }
wolfSSL 0:d92f9d21154c 6756
wolfSSL 0:d92f9d21154c 6757
wolfSSL 0:d92f9d21154c 6758 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
wolfSSL 0:d92f9d21154c 6759 const unsigned char* in, long sz)
wolfSSL 0:d92f9d21154c 6760 {
wolfSSL 0:d92f9d21154c 6761 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer");
wolfSSL 0:d92f9d21154c 6762 return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 0:d92f9d21154c 6763 ssl, NULL, 1);
wolfSSL 0:d92f9d21154c 6764 }
wolfSSL 0:d92f9d21154c 6765
wolfSSL 0:d92f9d21154c 6766
wolfSSL 0:d92f9d21154c 6767 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 0:d92f9d21154c 6768 SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 6769 int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6770 {
wolfSSL 0:d92f9d21154c 6771 if (ssl == NULL) {
wolfSSL 0:d92f9d21154c 6772 WOLFSSL_MSG("Null function arg");
wolfSSL 0:d92f9d21154c 6773 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 6774 }
wolfSSL 0:d92f9d21154c 6775
wolfSSL 0:d92f9d21154c 6776 if (ssl->buffers.weOwnCert) {
wolfSSL 0:d92f9d21154c 6777 WOLFSSL_MSG("Unloading cert");
wolfSSL 0:d92f9d21154c 6778 XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 6779 ssl->buffers.weOwnCert = 0;
wolfSSL 0:d92f9d21154c 6780 ssl->buffers.certificate.length = 0;
wolfSSL 0:d92f9d21154c 6781 ssl->buffers.certificate.buffer = NULL;
wolfSSL 0:d92f9d21154c 6782 }
wolfSSL 0:d92f9d21154c 6783
wolfSSL 0:d92f9d21154c 6784 if (ssl->buffers.weOwnCertChain) {
wolfSSL 0:d92f9d21154c 6785 WOLFSSL_MSG("Unloading cert chain");
wolfSSL 0:d92f9d21154c 6786 XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 6787 ssl->buffers.weOwnCertChain = 0;
wolfSSL 0:d92f9d21154c 6788 ssl->buffers.certChain.length = 0;
wolfSSL 0:d92f9d21154c 6789 ssl->buffers.certChain.buffer = NULL;
wolfSSL 0:d92f9d21154c 6790 }
wolfSSL 0:d92f9d21154c 6791
wolfSSL 0:d92f9d21154c 6792 if (ssl->buffers.weOwnKey) {
wolfSSL 0:d92f9d21154c 6793 WOLFSSL_MSG("Unloading key");
wolfSSL 0:d92f9d21154c 6794 XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:d92f9d21154c 6795 ssl->buffers.weOwnKey = 0;
wolfSSL 0:d92f9d21154c 6796 ssl->buffers.key.length = 0;
wolfSSL 0:d92f9d21154c 6797 ssl->buffers.key.buffer = NULL;
wolfSSL 0:d92f9d21154c 6798 }
wolfSSL 0:d92f9d21154c 6799
wolfSSL 0:d92f9d21154c 6800 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6801 }
wolfSSL 0:d92f9d21154c 6802
wolfSSL 0:d92f9d21154c 6803
wolfSSL 0:d92f9d21154c 6804 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 6805 {
wolfSSL 0:d92f9d21154c 6806 WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs");
wolfSSL 0:d92f9d21154c 6807
wolfSSL 0:d92f9d21154c 6808 if (ctx == NULL)
wolfSSL 0:d92f9d21154c 6809 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 6810
wolfSSL 0:d92f9d21154c 6811 return wolfSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 0:d92f9d21154c 6812 }
wolfSSL 0:d92f9d21154c 6813
wolfSSL 0:d92f9d21154c 6814 /* old NO_FILESYSTEM end */
wolfSSL 0:d92f9d21154c 6815 #endif /* !NO_CERTS */
wolfSSL 0:d92f9d21154c 6816
wolfSSL 0:d92f9d21154c 6817
wolfSSL 0:d92f9d21154c 6818 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:d92f9d21154c 6819
wolfSSL 0:d92f9d21154c 6820
wolfSSL 0:d92f9d21154c 6821 int wolfSSL_add_all_algorithms(void)
wolfSSL 0:d92f9d21154c 6822 {
wolfSSL 0:d92f9d21154c 6823 WOLFSSL_ENTER("wolfSSL_add_all_algorithms");
wolfSSL 0:d92f9d21154c 6824 wolfSSL_Init();
wolfSSL 0:d92f9d21154c 6825 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6826 }
wolfSSL 0:d92f9d21154c 6827
wolfSSL 0:d92f9d21154c 6828
wolfSSL 0:d92f9d21154c 6829 long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
wolfSSL 0:d92f9d21154c 6830 {
wolfSSL 0:d92f9d21154c 6831 /* cache size fixed at compile time in wolfSSL */
wolfSSL 0:d92f9d21154c 6832 (void)ctx;
wolfSSL 0:d92f9d21154c 6833 (void)sz;
wolfSSL 0:d92f9d21154c 6834 return 0;
wolfSSL 0:d92f9d21154c 6835 }
wolfSSL 0:d92f9d21154c 6836
wolfSSL 0:d92f9d21154c 6837
wolfSSL 0:d92f9d21154c 6838 void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
wolfSSL 0:d92f9d21154c 6839 {
wolfSSL 0:d92f9d21154c 6840 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 0:d92f9d21154c 6841 if (mode)
wolfSSL 0:d92f9d21154c 6842 ctx->quietShutdown = 1;
wolfSSL 0:d92f9d21154c 6843 }
wolfSSL 0:d92f9d21154c 6844
wolfSSL 0:d92f9d21154c 6845
wolfSSL 0:d92f9d21154c 6846 void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode)
wolfSSL 0:d92f9d21154c 6847 {
wolfSSL 0:d92f9d21154c 6848 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 0:d92f9d21154c 6849 if (mode)
wolfSSL 0:d92f9d21154c 6850 ssl->options.quietShutdown = 1;
wolfSSL 0:d92f9d21154c 6851 }
wolfSSL 0:d92f9d21154c 6852
wolfSSL 0:d92f9d21154c 6853
wolfSSL 0:d92f9d21154c 6854 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
wolfSSL 0:d92f9d21154c 6855 {
wolfSSL 0:d92f9d21154c 6856 WOLFSSL_ENTER("SSL_set_bio");
wolfSSL 0:d92f9d21154c 6857 wolfSSL_set_rfd(ssl, rd->fd);
wolfSSL 0:d92f9d21154c 6858 wolfSSL_set_wfd(ssl, wr->fd);
wolfSSL 0:d92f9d21154c 6859
wolfSSL 0:d92f9d21154c 6860 ssl->biord = rd;
wolfSSL 0:d92f9d21154c 6861 ssl->biowr = wr;
wolfSSL 0:d92f9d21154c 6862 }
wolfSSL 0:d92f9d21154c 6863
wolfSSL 0:d92f9d21154c 6864
wolfSSL 0:d92f9d21154c 6865 void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6866 STACK_OF(WOLFSSL_X509_NAME)* names)
wolfSSL 0:d92f9d21154c 6867 {
wolfSSL 0:d92f9d21154c 6868 (void)ctx;
wolfSSL 0:d92f9d21154c 6869 (void)names;
wolfSSL 0:d92f9d21154c 6870 }
wolfSSL 0:d92f9d21154c 6871
wolfSSL 0:d92f9d21154c 6872
wolfSSL 0:d92f9d21154c 6873 STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
wolfSSL 0:d92f9d21154c 6874 {
wolfSSL 0:d92f9d21154c 6875 (void)fname;
wolfSSL 0:d92f9d21154c 6876 return 0;
wolfSSL 0:d92f9d21154c 6877 }
wolfSSL 0:d92f9d21154c 6878
wolfSSL 0:d92f9d21154c 6879
wolfSSL 0:d92f9d21154c 6880 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 6881 {
wolfSSL 0:d92f9d21154c 6882 /* TODO:, not needed in goahead */
wolfSSL 0:d92f9d21154c 6883 (void)ctx;
wolfSSL 0:d92f9d21154c 6884 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:d92f9d21154c 6885 }
wolfSSL 0:d92f9d21154c 6886
wolfSSL 0:d92f9d21154c 6887
wolfSSL 0:d92f9d21154c 6888 /* keyblock size in bytes or -1 */
wolfSSL 0:d92f9d21154c 6889 int wolfSSL_get_keyblock_size(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6890 {
wolfSSL 0:d92f9d21154c 6891 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 6892 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 6893
wolfSSL 0:d92f9d21154c 6894 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 0:d92f9d21154c 6895 ssl->specs.hash_size);
wolfSSL 0:d92f9d21154c 6896 }
wolfSSL 0:d92f9d21154c 6897
wolfSSL 0:d92f9d21154c 6898
wolfSSL 0:d92f9d21154c 6899 /* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL 0:d92f9d21154c 6900 int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 0:d92f9d21154c 6901 unsigned char** sr, unsigned int* srLen,
wolfSSL 0:d92f9d21154c 6902 unsigned char** cr, unsigned int* crLen)
wolfSSL 0:d92f9d21154c 6903 {
wolfSSL 0:d92f9d21154c 6904 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:d92f9d21154c 6905 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 6906
wolfSSL 0:d92f9d21154c 6907 *ms = ssl->arrays->masterSecret;
wolfSSL 0:d92f9d21154c 6908 *sr = ssl->arrays->serverRandom;
wolfSSL 0:d92f9d21154c 6909 *cr = ssl->arrays->clientRandom;
wolfSSL 0:d92f9d21154c 6910
wolfSSL 0:d92f9d21154c 6911 *msLen = SECRET_LEN;
wolfSSL 0:d92f9d21154c 6912 *srLen = RAN_LEN;
wolfSSL 0:d92f9d21154c 6913 *crLen = RAN_LEN;
wolfSSL 0:d92f9d21154c 6914
wolfSSL 0:d92f9d21154c 6915 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6916 }
wolfSSL 0:d92f9d21154c 6917
wolfSSL 0:d92f9d21154c 6918
wolfSSL 0:d92f9d21154c 6919 void wolfSSL_set_accept_state(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6920 {
wolfSSL 0:d92f9d21154c 6921 byte haveRSA = 1;
wolfSSL 0:d92f9d21154c 6922 byte havePSK = 0;
wolfSSL 0:d92f9d21154c 6923
wolfSSL 0:d92f9d21154c 6924 WOLFSSL_ENTER("SSL_set_accept_state");
wolfSSL 0:d92f9d21154c 6925 ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL 0:d92f9d21154c 6926 /* reset suites in case user switched */
wolfSSL 0:d92f9d21154c 6927
wolfSSL 0:d92f9d21154c 6928 #ifdef NO_RSA
wolfSSL 0:d92f9d21154c 6929 haveRSA = 0;
wolfSSL 0:d92f9d21154c 6930 #endif
wolfSSL 0:d92f9d21154c 6931 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 6932 havePSK = ssl->options.havePSK;
wolfSSL 0:d92f9d21154c 6933 #endif
wolfSSL 0:d92f9d21154c 6934 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 0:d92f9d21154c 6935 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:d92f9d21154c 6936 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:d92f9d21154c 6937 ssl->options.side);
wolfSSL 0:d92f9d21154c 6938 }
wolfSSL 0:d92f9d21154c 6939 #endif
wolfSSL 0:d92f9d21154c 6940
wolfSSL 0:d92f9d21154c 6941 /* return true if connection established */
wolfSSL 0:d92f9d21154c 6942 int wolfSSL_is_init_finished(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 6943 {
wolfSSL 0:d92f9d21154c 6944 if (ssl == NULL)
wolfSSL 0:d92f9d21154c 6945 return 0;
wolfSSL 0:d92f9d21154c 6946
wolfSSL 0:d92f9d21154c 6947 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 0:d92f9d21154c 6948 return 1;
wolfSSL 0:d92f9d21154c 6949
wolfSSL 0:d92f9d21154c 6950 return 0;
wolfSSL 0:d92f9d21154c 6951 }
wolfSSL 0:d92f9d21154c 6952
wolfSSL 0:d92f9d21154c 6953 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:d92f9d21154c 6954 void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 6955 WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
wolfSSL 0:d92f9d21154c 6956 {
wolfSSL 0:d92f9d21154c 6957 /* wolfSSL verifies all these internally */
wolfSSL 0:d92f9d21154c 6958 (void)ctx;
wolfSSL 0:d92f9d21154c 6959 (void)f;
wolfSSL 0:d92f9d21154c 6960 }
wolfSSL 0:d92f9d21154c 6961
wolfSSL 0:d92f9d21154c 6962
wolfSSL 0:d92f9d21154c 6963 void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
wolfSSL 0:d92f9d21154c 6964 {
wolfSSL 0:d92f9d21154c 6965 (void)ssl;
wolfSSL 0:d92f9d21154c 6966 (void)opt;
wolfSSL 0:d92f9d21154c 6967 }
wolfSSL 0:d92f9d21154c 6968
wolfSSL 0:d92f9d21154c 6969
wolfSSL 0:d92f9d21154c 6970 long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 0:d92f9d21154c 6971 {
wolfSSL 0:d92f9d21154c 6972 /* goahead calls with 0, do nothing */
wolfSSL 0:d92f9d21154c 6973 WOLFSSL_ENTER("SSL_CTX_set_options");
wolfSSL 0:d92f9d21154c 6974 (void)ctx;
wolfSSL 0:d92f9d21154c 6975 return opt;
wolfSSL 0:d92f9d21154c 6976 }
wolfSSL 0:d92f9d21154c 6977
wolfSSL 0:d92f9d21154c 6978
wolfSSL 0:d92f9d21154c 6979 int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
wolfSSL 0:d92f9d21154c 6980 {
wolfSSL 0:d92f9d21154c 6981 WOLFSSL_ENTER("SSL_set_rfd");
wolfSSL 0:d92f9d21154c 6982 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 0:d92f9d21154c 6983
wolfSSL 0:d92f9d21154c 6984 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:d92f9d21154c 6985
wolfSSL 0:d92f9d21154c 6986 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6987 }
wolfSSL 0:d92f9d21154c 6988
wolfSSL 0:d92f9d21154c 6989
wolfSSL 0:d92f9d21154c 6990 int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd)
wolfSSL 0:d92f9d21154c 6991 {
wolfSSL 0:d92f9d21154c 6992 WOLFSSL_ENTER("SSL_set_wfd");
wolfSSL 0:d92f9d21154c 6993 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 0:d92f9d21154c 6994
wolfSSL 0:d92f9d21154c 6995 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:d92f9d21154c 6996
wolfSSL 0:d92f9d21154c 6997 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 6998 }
wolfSSL 0:d92f9d21154c 6999
wolfSSL 0:d92f9d21154c 7000
wolfSSL 0:d92f9d21154c 7001 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL 0:d92f9d21154c 7002 void(*f)(int, int, void*), void* data)
wolfSSL 0:d92f9d21154c 7003 {
wolfSSL 0:d92f9d21154c 7004 /* no tmp key needed, actual generation not supported */
wolfSSL 0:d92f9d21154c 7005 WOLFSSL_ENTER("RSA_generate_key");
wolfSSL 0:d92f9d21154c 7006 (void)len;
wolfSSL 0:d92f9d21154c 7007 (void)bits;
wolfSSL 0:d92f9d21154c 7008 (void)f;
wolfSSL 0:d92f9d21154c 7009 (void)data;
wolfSSL 0:d92f9d21154c 7010 return NULL;
wolfSSL 0:d92f9d21154c 7011 }
wolfSSL 0:d92f9d21154c 7012
wolfSSL 0:d92f9d21154c 7013
wolfSSL 0:d92f9d21154c 7014
wolfSSL 0:d92f9d21154c 7015 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 0:d92f9d21154c 7016 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 7017 {
wolfSSL 0:d92f9d21154c 7018 (void)ctx;
wolfSSL 0:d92f9d21154c 7019 return 0;
wolfSSL 0:d92f9d21154c 7020 }
wolfSSL 0:d92f9d21154c 7021
wolfSSL 0:d92f9d21154c 7022
wolfSSL 0:d92f9d21154c 7023 int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 7024 {
wolfSSL 0:d92f9d21154c 7025 if (ctx != NULL)
wolfSSL 0:d92f9d21154c 7026 return ctx->error;
wolfSSL 0:d92f9d21154c 7027 return 0;
wolfSSL 0:d92f9d21154c 7028 }
wolfSSL 0:d92f9d21154c 7029
wolfSSL 0:d92f9d21154c 7030
wolfSSL 0:d92f9d21154c 7031 int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 7032 {
wolfSSL 0:d92f9d21154c 7033 (void)ctx;
wolfSSL 0:d92f9d21154c 7034 return 0;
wolfSSL 0:d92f9d21154c 7035 }
wolfSSL 0:d92f9d21154c 7036
wolfSSL 0:d92f9d21154c 7037
wolfSSL 0:d92f9d21154c 7038 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
wolfSSL 0:d92f9d21154c 7039 {
wolfSSL 0:d92f9d21154c 7040 static WOLFSSL_BIO_METHOD meth;
wolfSSL 0:d92f9d21154c 7041
wolfSSL 0:d92f9d21154c 7042 WOLFSSL_ENTER("BIO_f_buffer");
wolfSSL 0:d92f9d21154c 7043 meth.type = BIO_BUFFER;
wolfSSL 0:d92f9d21154c 7044
wolfSSL 0:d92f9d21154c 7045 return &meth;
wolfSSL 0:d92f9d21154c 7046 }
wolfSSL 0:d92f9d21154c 7047
wolfSSL 0:d92f9d21154c 7048
wolfSSL 0:d92f9d21154c 7049 long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size)
wolfSSL 0:d92f9d21154c 7050 {
wolfSSL 0:d92f9d21154c 7051 /* wolfSSL has internal buffer, compatibility only */
wolfSSL 0:d92f9d21154c 7052 WOLFSSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 0:d92f9d21154c 7053 (void)bio;
wolfSSL 0:d92f9d21154c 7054 return size;
wolfSSL 0:d92f9d21154c 7055 }
wolfSSL 0:d92f9d21154c 7056
wolfSSL 0:d92f9d21154c 7057
wolfSSL 0:d92f9d21154c 7058 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void)
wolfSSL 0:d92f9d21154c 7059 {
wolfSSL 0:d92f9d21154c 7060 static WOLFSSL_BIO_METHOD meth;
wolfSSL 0:d92f9d21154c 7061
wolfSSL 0:d92f9d21154c 7062 WOLFSSL_ENTER("BIO_f_ssl");
wolfSSL 0:d92f9d21154c 7063 meth.type = BIO_SSL;
wolfSSL 0:d92f9d21154c 7064
wolfSSL 0:d92f9d21154c 7065 return &meth;
wolfSSL 0:d92f9d21154c 7066 }
wolfSSL 0:d92f9d21154c 7067
wolfSSL 0:d92f9d21154c 7068
wolfSSL 0:d92f9d21154c 7069 WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 0:d92f9d21154c 7070 {
wolfSSL 0:d92f9d21154c 7071 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 0:d92f9d21154c 7072 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7073
wolfSSL 0:d92f9d21154c 7074 WOLFSSL_ENTER("BIO_new_socket");
wolfSSL 0:d92f9d21154c 7075 if (bio) {
wolfSSL 0:d92f9d21154c 7076 bio->type = BIO_SOCKET;
wolfSSL 0:d92f9d21154c 7077 bio->close = (byte)closeF;
wolfSSL 0:d92f9d21154c 7078 bio->eof = 0;
wolfSSL 0:d92f9d21154c 7079 bio->ssl = 0;
wolfSSL 0:d92f9d21154c 7080 bio->fd = sfd;
wolfSSL 0:d92f9d21154c 7081 bio->prev = 0;
wolfSSL 0:d92f9d21154c 7082 bio->next = 0;
wolfSSL 0:d92f9d21154c 7083 bio->mem = NULL;
wolfSSL 0:d92f9d21154c 7084 bio->memLen = 0;
wolfSSL 0:d92f9d21154c 7085 }
wolfSSL 0:d92f9d21154c 7086 return bio;
wolfSSL 0:d92f9d21154c 7087 }
wolfSSL 0:d92f9d21154c 7088
wolfSSL 0:d92f9d21154c 7089
wolfSSL 0:d92f9d21154c 7090 int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
wolfSSL 0:d92f9d21154c 7091 {
wolfSSL 0:d92f9d21154c 7092 WOLFSSL_ENTER("BIO_eof");
wolfSSL 0:d92f9d21154c 7093 if (b->eof)
wolfSSL 0:d92f9d21154c 7094 return 1;
wolfSSL 0:d92f9d21154c 7095
wolfSSL 0:d92f9d21154c 7096 return 0;
wolfSSL 0:d92f9d21154c 7097 }
wolfSSL 0:d92f9d21154c 7098
wolfSSL 0:d92f9d21154c 7099
wolfSSL 0:d92f9d21154c 7100 long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
wolfSSL 0:d92f9d21154c 7101 {
wolfSSL 0:d92f9d21154c 7102 WOLFSSL_ENTER("BIO_set_ssl");
wolfSSL 0:d92f9d21154c 7103 b->ssl = ssl;
wolfSSL 0:d92f9d21154c 7104 b->close = (byte)closeF;
wolfSSL 0:d92f9d21154c 7105 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 0:d92f9d21154c 7106
wolfSSL 0:d92f9d21154c 7107 return 0;
wolfSSL 0:d92f9d21154c 7108 }
wolfSSL 0:d92f9d21154c 7109
wolfSSL 0:d92f9d21154c 7110
wolfSSL 0:d92f9d21154c 7111 WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method)
wolfSSL 0:d92f9d21154c 7112 {
wolfSSL 0:d92f9d21154c 7113 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 0:d92f9d21154c 7114 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7115 WOLFSSL_ENTER("BIO_new");
wolfSSL 0:d92f9d21154c 7116 if (bio) {
wolfSSL 0:d92f9d21154c 7117 bio->type = method->type;
wolfSSL 0:d92f9d21154c 7118 bio->close = 0;
wolfSSL 0:d92f9d21154c 7119 bio->eof = 0;
wolfSSL 0:d92f9d21154c 7120 bio->ssl = NULL;
wolfSSL 0:d92f9d21154c 7121 bio->mem = NULL;
wolfSSL 0:d92f9d21154c 7122 bio->memLen = 0;
wolfSSL 0:d92f9d21154c 7123 bio->fd = 0;
wolfSSL 0:d92f9d21154c 7124 bio->prev = NULL;
wolfSSL 0:d92f9d21154c 7125 bio->next = NULL;
wolfSSL 0:d92f9d21154c 7126 }
wolfSSL 0:d92f9d21154c 7127 return bio;
wolfSSL 0:d92f9d21154c 7128 }
wolfSSL 0:d92f9d21154c 7129
wolfSSL 0:d92f9d21154c 7130
wolfSSL 0:d92f9d21154c 7131 int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, const byte** p)
wolfSSL 0:d92f9d21154c 7132 {
wolfSSL 0:d92f9d21154c 7133 if (bio == NULL || p == NULL)
wolfSSL 0:d92f9d21154c 7134 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 7135
wolfSSL 0:d92f9d21154c 7136 *p = bio->mem;
wolfSSL 0:d92f9d21154c 7137
wolfSSL 0:d92f9d21154c 7138 return bio->memLen;
wolfSSL 0:d92f9d21154c 7139 }
wolfSSL 0:d92f9d21154c 7140
wolfSSL 0:d92f9d21154c 7141
wolfSSL 0:d92f9d21154c 7142 WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL 0:d92f9d21154c 7143 {
wolfSSL 0:d92f9d21154c 7144 WOLFSSL_BIO* bio = NULL;
wolfSSL 0:d92f9d21154c 7145 if (buf == NULL)
wolfSSL 0:d92f9d21154c 7146 return bio;
wolfSSL 0:d92f9d21154c 7147
wolfSSL 0:d92f9d21154c 7148 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
wolfSSL 0:d92f9d21154c 7149 if (bio == NULL)
wolfSSL 0:d92f9d21154c 7150 return bio;
wolfSSL 0:d92f9d21154c 7151
wolfSSL 0:d92f9d21154c 7152 bio->memLen = len;
wolfSSL 0:d92f9d21154c 7153 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7154 if (bio->mem == NULL) {
wolfSSL 0:d92f9d21154c 7155 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7156 return NULL;
wolfSSL 0:d92f9d21154c 7157 }
wolfSSL 0:d92f9d21154c 7158
wolfSSL 0:d92f9d21154c 7159 XMEMCPY(bio->mem, buf, len);
wolfSSL 0:d92f9d21154c 7160
wolfSSL 0:d92f9d21154c 7161 return bio;
wolfSSL 0:d92f9d21154c 7162 }
wolfSSL 0:d92f9d21154c 7163
wolfSSL 0:d92f9d21154c 7164
wolfSSL 0:d92f9d21154c 7165 #ifdef USE_WINDOWS_API
wolfSSL 0:d92f9d21154c 7166 #define CloseSocket(s) closesocket(s)
wolfSSL 0:d92f9d21154c 7167 #elif defined(WOLFSSL_MDK_ARM)
wolfSSL 0:d92f9d21154c 7168 #define CloseSocket(s) closesocket(s)
wolfSSL 0:d92f9d21154c 7169 extern int closesocket(int) ;
wolfSSL 0:d92f9d21154c 7170 #else
wolfSSL 0:d92f9d21154c 7171 #define CloseSocket(s) close(s)
wolfSSL 0:d92f9d21154c 7172 #endif
wolfSSL 0:d92f9d21154c 7173
wolfSSL 0:d92f9d21154c 7174 int wolfSSL_BIO_free(WOLFSSL_BIO* bio)
wolfSSL 0:d92f9d21154c 7175 {
wolfSSL 0:d92f9d21154c 7176 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 0:d92f9d21154c 7177 WOLFSSL_ENTER("BIO_free");
wolfSSL 0:d92f9d21154c 7178 if (bio) {
wolfSSL 0:d92f9d21154c 7179 if (bio->close) {
wolfSSL 0:d92f9d21154c 7180 if (bio->ssl)
wolfSSL 0:d92f9d21154c 7181 wolfSSL_free(bio->ssl);
wolfSSL 0:d92f9d21154c 7182 if (bio->fd)
wolfSSL 0:d92f9d21154c 7183 CloseSocket(bio->fd);
wolfSSL 0:d92f9d21154c 7184 }
wolfSSL 0:d92f9d21154c 7185 if (bio->mem)
wolfSSL 0:d92f9d21154c 7186 XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7187 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 7188 }
wolfSSL 0:d92f9d21154c 7189 return 0;
wolfSSL 0:d92f9d21154c 7190 }
wolfSSL 0:d92f9d21154c 7191
wolfSSL 0:d92f9d21154c 7192
wolfSSL 0:d92f9d21154c 7193 int wolfSSL_BIO_free_all(WOLFSSL_BIO* bio)
wolfSSL 0:d92f9d21154c 7194 {
wolfSSL 0:d92f9d21154c 7195 WOLFSSL_ENTER("BIO_free_all");
wolfSSL 0:d92f9d21154c 7196 while (bio) {
wolfSSL 0:d92f9d21154c 7197 WOLFSSL_BIO* next = bio->next;
wolfSSL 0:d92f9d21154c 7198 wolfSSL_BIO_free(bio);
wolfSSL 0:d92f9d21154c 7199 bio = next;
wolfSSL 0:d92f9d21154c 7200 }
wolfSSL 0:d92f9d21154c 7201 return 0;
wolfSSL 0:d92f9d21154c 7202 }
wolfSSL 0:d92f9d21154c 7203
wolfSSL 0:d92f9d21154c 7204
wolfSSL 0:d92f9d21154c 7205 int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
wolfSSL 0:d92f9d21154c 7206 {
wolfSSL 0:d92f9d21154c 7207 int ret;
wolfSSL 0:d92f9d21154c 7208 WOLFSSL* ssl = 0;
wolfSSL 0:d92f9d21154c 7209 WOLFSSL_BIO* front = bio;
wolfSSL 0:d92f9d21154c 7210
wolfSSL 0:d92f9d21154c 7211 WOLFSSL_ENTER("BIO_read");
wolfSSL 0:d92f9d21154c 7212 /* already got eof, again is error */
wolfSSL 0:d92f9d21154c 7213 if (front->eof)
wolfSSL 0:d92f9d21154c 7214 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 7215
wolfSSL 0:d92f9d21154c 7216 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:d92f9d21154c 7217 bio = bio->next;
wolfSSL 0:d92f9d21154c 7218
wolfSSL 0:d92f9d21154c 7219 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 7220
wolfSSL 0:d92f9d21154c 7221 ret = wolfSSL_read(ssl, buf, len);
wolfSSL 0:d92f9d21154c 7222 if (ret == 0)
wolfSSL 0:d92f9d21154c 7223 front->eof = 1;
wolfSSL 0:d92f9d21154c 7224 else if (ret < 0) {
wolfSSL 0:d92f9d21154c 7225 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 0:d92f9d21154c 7226 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:d92f9d21154c 7227 front->eof = 1;
wolfSSL 0:d92f9d21154c 7228 }
wolfSSL 0:d92f9d21154c 7229 return ret;
wolfSSL 0:d92f9d21154c 7230 }
wolfSSL 0:d92f9d21154c 7231
wolfSSL 0:d92f9d21154c 7232
wolfSSL 0:d92f9d21154c 7233 int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
wolfSSL 0:d92f9d21154c 7234 {
wolfSSL 0:d92f9d21154c 7235 int ret;
wolfSSL 0:d92f9d21154c 7236 WOLFSSL* ssl = 0;
wolfSSL 0:d92f9d21154c 7237 WOLFSSL_BIO* front = bio;
wolfSSL 0:d92f9d21154c 7238
wolfSSL 0:d92f9d21154c 7239 WOLFSSL_ENTER("BIO_write");
wolfSSL 0:d92f9d21154c 7240 /* already got eof, again is error */
wolfSSL 0:d92f9d21154c 7241 if (front->eof)
wolfSSL 0:d92f9d21154c 7242 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 7243
wolfSSL 0:d92f9d21154c 7244 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:d92f9d21154c 7245 bio = bio->next;
wolfSSL 0:d92f9d21154c 7246
wolfSSL 0:d92f9d21154c 7247 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 7248
wolfSSL 0:d92f9d21154c 7249 ret = wolfSSL_write(ssl, data, len);
wolfSSL 0:d92f9d21154c 7250 if (ret == 0)
wolfSSL 0:d92f9d21154c 7251 front->eof = 1;
wolfSSL 0:d92f9d21154c 7252 else if (ret < 0) {
wolfSSL 0:d92f9d21154c 7253 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 0:d92f9d21154c 7254 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:d92f9d21154c 7255 front->eof = 1;
wolfSSL 0:d92f9d21154c 7256 }
wolfSSL 0:d92f9d21154c 7257
wolfSSL 0:d92f9d21154c 7258 return ret;
wolfSSL 0:d92f9d21154c 7259 }
wolfSSL 0:d92f9d21154c 7260
wolfSSL 0:d92f9d21154c 7261
wolfSSL 0:d92f9d21154c 7262 WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append)
wolfSSL 0:d92f9d21154c 7263 {
wolfSSL 0:d92f9d21154c 7264 WOLFSSL_ENTER("BIO_push");
wolfSSL 0:d92f9d21154c 7265 top->next = append;
wolfSSL 0:d92f9d21154c 7266 append->prev = top;
wolfSSL 0:d92f9d21154c 7267
wolfSSL 0:d92f9d21154c 7268 return top;
wolfSSL 0:d92f9d21154c 7269 }
wolfSSL 0:d92f9d21154c 7270
wolfSSL 0:d92f9d21154c 7271
wolfSSL 0:d92f9d21154c 7272 int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
wolfSSL 0:d92f9d21154c 7273 {
wolfSSL 0:d92f9d21154c 7274 /* for wolfSSL no flushing needed */
wolfSSL 0:d92f9d21154c 7275 WOLFSSL_ENTER("BIO_flush");
wolfSSL 0:d92f9d21154c 7276 (void)bio;
wolfSSL 0:d92f9d21154c 7277 return 1;
wolfSSL 0:d92f9d21154c 7278 }
wolfSSL 0:d92f9d21154c 7279
wolfSSL 0:d92f9d21154c 7280
wolfSSL 0:d92f9d21154c 7281 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
wolfSSL 0:d92f9d21154c 7282
wolfSSL 0:d92f9d21154c 7283
wolfSSL 0:d92f9d21154c 7284 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:d92f9d21154c 7285
wolfSSL 0:d92f9d21154c 7286 void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 7287 void* userdata)
wolfSSL 0:d92f9d21154c 7288 {
wolfSSL 0:d92f9d21154c 7289 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 0:d92f9d21154c 7290 ctx->userdata = userdata;
wolfSSL 0:d92f9d21154c 7291 }
wolfSSL 0:d92f9d21154c 7292
wolfSSL 0:d92f9d21154c 7293
wolfSSL 0:d92f9d21154c 7294 void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, pem_password_cb cb)
wolfSSL 0:d92f9d21154c 7295 {
wolfSSL 0:d92f9d21154c 7296 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 0:d92f9d21154c 7297 ctx->passwd_cb = cb;
wolfSSL 0:d92f9d21154c 7298 }
wolfSSL 0:d92f9d21154c 7299
wolfSSL 0:d92f9d21154c 7300 int wolfSSL_num_locks(void)
wolfSSL 0:d92f9d21154c 7301 {
wolfSSL 0:d92f9d21154c 7302 return 0;
wolfSSL 0:d92f9d21154c 7303 }
wolfSSL 0:d92f9d21154c 7304
wolfSSL 0:d92f9d21154c 7305 void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 0:d92f9d21154c 7306 {
wolfSSL 0:d92f9d21154c 7307 (void)f;
wolfSSL 0:d92f9d21154c 7308 }
wolfSSL 0:d92f9d21154c 7309
wolfSSL 0:d92f9d21154c 7310 void wolfSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 0:d92f9d21154c 7311 {
wolfSSL 0:d92f9d21154c 7312 (void)f;
wolfSSL 0:d92f9d21154c 7313 }
wolfSSL 0:d92f9d21154c 7314
wolfSSL 0:d92f9d21154c 7315 unsigned long wolfSSL_ERR_get_error(void)
wolfSSL 0:d92f9d21154c 7316 {
wolfSSL 0:d92f9d21154c 7317 /* TODO: */
wolfSSL 0:d92f9d21154c 7318 return 0;
wolfSSL 0:d92f9d21154c 7319 }
wolfSSL 0:d92f9d21154c 7320
wolfSSL 0:d92f9d21154c 7321 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 7322
wolfSSL 0:d92f9d21154c 7323 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
wolfSSL 0:d92f9d21154c 7324 const WOLFSSL_EVP_MD* md, const byte* salt,
wolfSSL 0:d92f9d21154c 7325 const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL 0:d92f9d21154c 7326 {
wolfSSL 0:d92f9d21154c 7327 int keyLen = 0;
wolfSSL 0:d92f9d21154c 7328 int ivLen = 0;
wolfSSL 0:d92f9d21154c 7329 int j;
wolfSSL 0:d92f9d21154c 7330 int keyLeft;
wolfSSL 0:d92f9d21154c 7331 int ivLeft;
wolfSSL 0:d92f9d21154c 7332 int keyOutput = 0;
wolfSSL 0:d92f9d21154c 7333 byte digest[MD5_DIGEST_SIZE];
wolfSSL 0:d92f9d21154c 7334 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 7335 Md5* md5 = NULL;
wolfSSL 0:d92f9d21154c 7336 #else
wolfSSL 0:d92f9d21154c 7337 Md5 md5[1];
wolfSSL 0:d92f9d21154c 7338 #endif
wolfSSL 0:d92f9d21154c 7339
wolfSSL 0:d92f9d21154c 7340 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 7341 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 7342 if (md5 == NULL)
wolfSSL 0:d92f9d21154c 7343 return 0;
wolfSSL 0:d92f9d21154c 7344 #endif
wolfSSL 0:d92f9d21154c 7345
wolfSSL 0:d92f9d21154c 7346 WOLFSSL_ENTER("EVP_BytesToKey");
wolfSSL 0:d92f9d21154c 7347 wc_InitMd5(md5);
wolfSSL 0:d92f9d21154c 7348
wolfSSL 0:d92f9d21154c 7349 /* only support MD5 for now */
wolfSSL 0:d92f9d21154c 7350 if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
wolfSSL 0:d92f9d21154c 7351
wolfSSL 0:d92f9d21154c 7352 /* only support CBC DES and AES for now */
wolfSSL 0:d92f9d21154c 7353 if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
wolfSSL 0:d92f9d21154c 7354 keyLen = DES_KEY_SIZE;
wolfSSL 0:d92f9d21154c 7355 ivLen = DES_IV_SIZE;
wolfSSL 0:d92f9d21154c 7356 }
wolfSSL 0:d92f9d21154c 7357 else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
wolfSSL 0:d92f9d21154c 7358 keyLen = DES3_KEY_SIZE;
wolfSSL 0:d92f9d21154c 7359 ivLen = DES_IV_SIZE;
wolfSSL 0:d92f9d21154c 7360 }
wolfSSL 0:d92f9d21154c 7361 else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
wolfSSL 0:d92f9d21154c 7362 keyLen = AES_128_KEY_SIZE;
wolfSSL 0:d92f9d21154c 7363 ivLen = AES_IV_SIZE;
wolfSSL 0:d92f9d21154c 7364 }
wolfSSL 0:d92f9d21154c 7365 else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
wolfSSL 0:d92f9d21154c 7366 keyLen = AES_192_KEY_SIZE;
wolfSSL 0:d92f9d21154c 7367 ivLen = AES_IV_SIZE;
wolfSSL 0:d92f9d21154c 7368 }
wolfSSL 0:d92f9d21154c 7369 else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
wolfSSL 0:d92f9d21154c 7370 keyLen = AES_256_KEY_SIZE;
wolfSSL 0:d92f9d21154c 7371 ivLen = AES_IV_SIZE;
wolfSSL 0:d92f9d21154c 7372 }
wolfSSL 0:d92f9d21154c 7373 else {
wolfSSL 0:d92f9d21154c 7374 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 7375 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 7376 #endif
wolfSSL 0:d92f9d21154c 7377 return 0;
wolfSSL 0:d92f9d21154c 7378 }
wolfSSL 0:d92f9d21154c 7379
wolfSSL 0:d92f9d21154c 7380 keyLeft = keyLen;
wolfSSL 0:d92f9d21154c 7381 ivLeft = ivLen;
wolfSSL 0:d92f9d21154c 7382
wolfSSL 0:d92f9d21154c 7383 while (keyOutput < (keyLen + ivLen)) {
wolfSSL 0:d92f9d21154c 7384 int digestLeft = MD5_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 7385 /* D_(i - 1) */
wolfSSL 0:d92f9d21154c 7386 if (keyOutput) /* first time D_0 is empty */
wolfSSL 0:d92f9d21154c 7387 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 7388 /* data */
wolfSSL 0:d92f9d21154c 7389 wc_Md5Update(md5, data, sz);
wolfSSL 0:d92f9d21154c 7390 /* salt */
wolfSSL 0:d92f9d21154c 7391 if (salt)
wolfSSL 0:d92f9d21154c 7392 wc_Md5Update(md5, salt, EVP_SALT_SIZE);
wolfSSL 0:d92f9d21154c 7393 wc_Md5Final(md5, digest);
wolfSSL 0:d92f9d21154c 7394 /* count */
wolfSSL 0:d92f9d21154c 7395 for (j = 1; j < count; j++) {
wolfSSL 0:d92f9d21154c 7396 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 7397 wc_Md5Final(md5, digest);
wolfSSL 0:d92f9d21154c 7398 }
wolfSSL 0:d92f9d21154c 7399
wolfSSL 0:d92f9d21154c 7400 if (keyLeft) {
wolfSSL 0:d92f9d21154c 7401 int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL 0:d92f9d21154c 7402 XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL 0:d92f9d21154c 7403
wolfSSL 0:d92f9d21154c 7404 keyOutput += store;
wolfSSL 0:d92f9d21154c 7405 keyLeft -= store;
wolfSSL 0:d92f9d21154c 7406 digestLeft -= store;
wolfSSL 0:d92f9d21154c 7407 }
wolfSSL 0:d92f9d21154c 7408
wolfSSL 0:d92f9d21154c 7409 if (ivLeft && digestLeft) {
wolfSSL 0:d92f9d21154c 7410 int store = min(ivLeft, digestLeft);
wolfSSL 0:d92f9d21154c 7411 XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
wolfSSL 0:d92f9d21154c 7412 digestLeft], store);
wolfSSL 0:d92f9d21154c 7413 keyOutput += store;
wolfSSL 0:d92f9d21154c 7414 ivLeft -= store;
wolfSSL 0:d92f9d21154c 7415 }
wolfSSL 0:d92f9d21154c 7416 }
wolfSSL 0:d92f9d21154c 7417
wolfSSL 0:d92f9d21154c 7418 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 7419 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 7420 #endif
wolfSSL 0:d92f9d21154c 7421
wolfSSL 0:d92f9d21154c 7422 return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
wolfSSL 0:d92f9d21154c 7423 }
wolfSSL 0:d92f9d21154c 7424
wolfSSL 0:d92f9d21154c 7425 #endif /* NO_MD5 */
wolfSSL 0:d92f9d21154c 7426
wolfSSL 0:d92f9d21154c 7427 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:d92f9d21154c 7428
wolfSSL 0:d92f9d21154c 7429
wolfSSL 0:d92f9d21154c 7430 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 7431
wolfSSL 0:d92f9d21154c 7432 unsigned long wolfSSLeay(void)
wolfSSL 0:d92f9d21154c 7433 {
wolfSSL 0:d92f9d21154c 7434 return SSLEAY_VERSION_NUMBER;
wolfSSL 0:d92f9d21154c 7435 }
wolfSSL 0:d92f9d21154c 7436
wolfSSL 0:d92f9d21154c 7437
wolfSSL 0:d92f9d21154c 7438 const char* wolfSSLeay_version(int type)
wolfSSL 0:d92f9d21154c 7439 {
wolfSSL 0:d92f9d21154c 7440 static const char* version = "SSLeay wolfSSL compatibility";
wolfSSL 0:d92f9d21154c 7441 (void)type;
wolfSSL 0:d92f9d21154c 7442 return version;
wolfSSL 0:d92f9d21154c 7443 }
wolfSSL 0:d92f9d21154c 7444
wolfSSL 0:d92f9d21154c 7445
wolfSSL 0:d92f9d21154c 7446 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 7447 void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
wolfSSL 0:d92f9d21154c 7448 {
wolfSSL 0:d92f9d21154c 7449 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL 0:d92f9d21154c 7450 (void)sizeof(md5_test);
wolfSSL 0:d92f9d21154c 7451
wolfSSL 0:d92f9d21154c 7452 WOLFSSL_ENTER("MD5_Init");
wolfSSL 0:d92f9d21154c 7453 wc_InitMd5((Md5*)md5);
wolfSSL 0:d92f9d21154c 7454 }
wolfSSL 0:d92f9d21154c 7455
wolfSSL 0:d92f9d21154c 7456
wolfSSL 0:d92f9d21154c 7457 void wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
wolfSSL 0:d92f9d21154c 7458 unsigned long sz)
wolfSSL 0:d92f9d21154c 7459 {
wolfSSL 0:d92f9d21154c 7460 WOLFSSL_ENTER("wolfSSL_MD5_Update");
wolfSSL 0:d92f9d21154c 7461 wc_Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 0:d92f9d21154c 7462 }
wolfSSL 0:d92f9d21154c 7463
wolfSSL 0:d92f9d21154c 7464
wolfSSL 0:d92f9d21154c 7465 void wolfSSL_MD5_Final(byte* input, WOLFSSL_MD5_CTX* md5)
wolfSSL 0:d92f9d21154c 7466 {
wolfSSL 0:d92f9d21154c 7467 WOLFSSL_ENTER("MD5_Final");
wolfSSL 0:d92f9d21154c 7468 wc_Md5Final((Md5*)md5, input);
wolfSSL 0:d92f9d21154c 7469 }
wolfSSL 0:d92f9d21154c 7470 #endif /* NO_MD5 */
wolfSSL 0:d92f9d21154c 7471
wolfSSL 0:d92f9d21154c 7472
wolfSSL 0:d92f9d21154c 7473 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 7474 void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 0:d92f9d21154c 7475 {
wolfSSL 0:d92f9d21154c 7476 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL 0:d92f9d21154c 7477 (void)sizeof(sha_test);
wolfSSL 0:d92f9d21154c 7478
wolfSSL 0:d92f9d21154c 7479 WOLFSSL_ENTER("SHA_Init");
wolfSSL 0:d92f9d21154c 7480 wc_InitSha((Sha*)sha); /* OpenSSL compat, no ret */
wolfSSL 0:d92f9d21154c 7481 }
wolfSSL 0:d92f9d21154c 7482
wolfSSL 0:d92f9d21154c 7483
wolfSSL 0:d92f9d21154c 7484 void wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 0:d92f9d21154c 7485 unsigned long sz)
wolfSSL 0:d92f9d21154c 7486 {
wolfSSL 0:d92f9d21154c 7487 WOLFSSL_ENTER("SHA_Update");
wolfSSL 0:d92f9d21154c 7488 wc_ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:d92f9d21154c 7489 }
wolfSSL 0:d92f9d21154c 7490
wolfSSL 0:d92f9d21154c 7491
wolfSSL 0:d92f9d21154c 7492 void wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 0:d92f9d21154c 7493 {
wolfSSL 0:d92f9d21154c 7494 WOLFSSL_ENTER("SHA_Final");
wolfSSL 0:d92f9d21154c 7495 wc_ShaFinal((Sha*)sha, input);
wolfSSL 0:d92f9d21154c 7496 }
wolfSSL 0:d92f9d21154c 7497
wolfSSL 0:d92f9d21154c 7498
wolfSSL 0:d92f9d21154c 7499 void wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 0:d92f9d21154c 7500 {
wolfSSL 0:d92f9d21154c 7501 WOLFSSL_ENTER("SHA1_Init");
wolfSSL 0:d92f9d21154c 7502 SHA_Init(sha);
wolfSSL 0:d92f9d21154c 7503 }
wolfSSL 0:d92f9d21154c 7504
wolfSSL 0:d92f9d21154c 7505
wolfSSL 0:d92f9d21154c 7506 void wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 0:d92f9d21154c 7507 unsigned long sz)
wolfSSL 0:d92f9d21154c 7508 {
wolfSSL 0:d92f9d21154c 7509 WOLFSSL_ENTER("SHA1_Update");
wolfSSL 0:d92f9d21154c 7510 SHA_Update(sha, input, sz);
wolfSSL 0:d92f9d21154c 7511 }
wolfSSL 0:d92f9d21154c 7512
wolfSSL 0:d92f9d21154c 7513
wolfSSL 0:d92f9d21154c 7514 void wolfSSL_SHA1_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 0:d92f9d21154c 7515 {
wolfSSL 0:d92f9d21154c 7516 WOLFSSL_ENTER("SHA1_Final");
wolfSSL 0:d92f9d21154c 7517 SHA_Final(input, sha);
wolfSSL 0:d92f9d21154c 7518 }
wolfSSL 0:d92f9d21154c 7519 #endif /* NO_SHA */
wolfSSL 0:d92f9d21154c 7520
wolfSSL 0:d92f9d21154c 7521
wolfSSL 0:d92f9d21154c 7522 void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
wolfSSL 0:d92f9d21154c 7523 {
wolfSSL 0:d92f9d21154c 7524 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL 0:d92f9d21154c 7525 (void)sizeof(sha_test);
wolfSSL 0:d92f9d21154c 7526
wolfSSL 0:d92f9d21154c 7527 WOLFSSL_ENTER("SHA256_Init");
wolfSSL 0:d92f9d21154c 7528 wc_InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7529 }
wolfSSL 0:d92f9d21154c 7530
wolfSSL 0:d92f9d21154c 7531
wolfSSL 0:d92f9d21154c 7532 void wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
wolfSSL 0:d92f9d21154c 7533 unsigned long sz)
wolfSSL 0:d92f9d21154c 7534 {
wolfSSL 0:d92f9d21154c 7535 WOLFSSL_ENTER("SHA256_Update");
wolfSSL 0:d92f9d21154c 7536 wc_Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:d92f9d21154c 7537 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7538 }
wolfSSL 0:d92f9d21154c 7539
wolfSSL 0:d92f9d21154c 7540
wolfSSL 0:d92f9d21154c 7541 void wolfSSL_SHA256_Final(byte* input, WOLFSSL_SHA256_CTX* sha)
wolfSSL 0:d92f9d21154c 7542 {
wolfSSL 0:d92f9d21154c 7543 WOLFSSL_ENTER("SHA256_Final");
wolfSSL 0:d92f9d21154c 7544 wc_Sha256Final((Sha256*)sha, input);
wolfSSL 0:d92f9d21154c 7545 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7546 }
wolfSSL 0:d92f9d21154c 7547
wolfSSL 0:d92f9d21154c 7548
wolfSSL 0:d92f9d21154c 7549 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 7550
wolfSSL 0:d92f9d21154c 7551 void wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
wolfSSL 0:d92f9d21154c 7552 {
wolfSSL 0:d92f9d21154c 7553 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL 0:d92f9d21154c 7554 (void)sizeof(sha_test);
wolfSSL 0:d92f9d21154c 7555
wolfSSL 0:d92f9d21154c 7556 WOLFSSL_ENTER("SHA384_Init");
wolfSSL 0:d92f9d21154c 7557 wc_InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7558 }
wolfSSL 0:d92f9d21154c 7559
wolfSSL 0:d92f9d21154c 7560
wolfSSL 0:d92f9d21154c 7561 void wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
wolfSSL 0:d92f9d21154c 7562 unsigned long sz)
wolfSSL 0:d92f9d21154c 7563 {
wolfSSL 0:d92f9d21154c 7564 WOLFSSL_ENTER("SHA384_Update");
wolfSSL 0:d92f9d21154c 7565 wc_Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:d92f9d21154c 7566 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7567 }
wolfSSL 0:d92f9d21154c 7568
wolfSSL 0:d92f9d21154c 7569
wolfSSL 0:d92f9d21154c 7570 void wolfSSL_SHA384_Final(byte* input, WOLFSSL_SHA384_CTX* sha)
wolfSSL 0:d92f9d21154c 7571 {
wolfSSL 0:d92f9d21154c 7572 WOLFSSL_ENTER("SHA384_Final");
wolfSSL 0:d92f9d21154c 7573 wc_Sha384Final((Sha384*)sha, input);
wolfSSL 0:d92f9d21154c 7574 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7575 }
wolfSSL 0:d92f9d21154c 7576
wolfSSL 0:d92f9d21154c 7577 #endif /* WOLFSSL_SHA384 */
wolfSSL 0:d92f9d21154c 7578
wolfSSL 0:d92f9d21154c 7579
wolfSSL 0:d92f9d21154c 7580 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 7581
wolfSSL 0:d92f9d21154c 7582 void wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha)
wolfSSL 0:d92f9d21154c 7583 {
wolfSSL 0:d92f9d21154c 7584 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL 0:d92f9d21154c 7585 (void)sizeof(sha_test);
wolfSSL 0:d92f9d21154c 7586
wolfSSL 0:d92f9d21154c 7587 WOLFSSL_ENTER("SHA512_Init");
wolfSSL 0:d92f9d21154c 7588 wc_InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7589 }
wolfSSL 0:d92f9d21154c 7590
wolfSSL 0:d92f9d21154c 7591
wolfSSL 0:d92f9d21154c 7592 void wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, const void* input,
wolfSSL 0:d92f9d21154c 7593 unsigned long sz)
wolfSSL 0:d92f9d21154c 7594 {
wolfSSL 0:d92f9d21154c 7595 WOLFSSL_ENTER("SHA512_Update");
wolfSSL 0:d92f9d21154c 7596 wc_Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:d92f9d21154c 7597 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7598 }
wolfSSL 0:d92f9d21154c 7599
wolfSSL 0:d92f9d21154c 7600
wolfSSL 0:d92f9d21154c 7601 void wolfSSL_SHA512_Final(byte* input, WOLFSSL_SHA512_CTX* sha)
wolfSSL 0:d92f9d21154c 7602 {
wolfSSL 0:d92f9d21154c 7603 WOLFSSL_ENTER("SHA512_Final");
wolfSSL 0:d92f9d21154c 7604 wc_Sha512Final((Sha512*)sha, input);
wolfSSL 0:d92f9d21154c 7605 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 7606 }
wolfSSL 0:d92f9d21154c 7607
wolfSSL 0:d92f9d21154c 7608 #endif /* WOLFSSL_SHA512 */
wolfSSL 0:d92f9d21154c 7609
wolfSSL 0:d92f9d21154c 7610
wolfSSL 0:d92f9d21154c 7611 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 7612
wolfSSL 0:d92f9d21154c 7613 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
wolfSSL 0:d92f9d21154c 7614 {
wolfSSL 0:d92f9d21154c 7615 static const char* type = "MD5";
wolfSSL 0:d92f9d21154c 7616 WOLFSSL_ENTER("EVP_md5");
wolfSSL 0:d92f9d21154c 7617 return type;
wolfSSL 0:d92f9d21154c 7618 }
wolfSSL 0:d92f9d21154c 7619
wolfSSL 0:d92f9d21154c 7620 #endif /* NO_MD5 */
wolfSSL 0:d92f9d21154c 7621
wolfSSL 0:d92f9d21154c 7622
wolfSSL 0:d92f9d21154c 7623 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 7624 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
wolfSSL 0:d92f9d21154c 7625 {
wolfSSL 0:d92f9d21154c 7626 static const char* type = "SHA";
wolfSSL 0:d92f9d21154c 7627 WOLFSSL_ENTER("EVP_sha1");
wolfSSL 0:d92f9d21154c 7628 return type;
wolfSSL 0:d92f9d21154c 7629 }
wolfSSL 0:d92f9d21154c 7630 #endif /* NO_SHA */
wolfSSL 0:d92f9d21154c 7631
wolfSSL 0:d92f9d21154c 7632
wolfSSL 0:d92f9d21154c 7633 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
wolfSSL 0:d92f9d21154c 7634 {
wolfSSL 0:d92f9d21154c 7635 static const char* type = "SHA256";
wolfSSL 0:d92f9d21154c 7636 WOLFSSL_ENTER("EVP_sha256");
wolfSSL 0:d92f9d21154c 7637 return type;
wolfSSL 0:d92f9d21154c 7638 }
wolfSSL 0:d92f9d21154c 7639
wolfSSL 0:d92f9d21154c 7640 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 7641
wolfSSL 0:d92f9d21154c 7642 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
wolfSSL 0:d92f9d21154c 7643 {
wolfSSL 0:d92f9d21154c 7644 static const char* type = "SHA384";
wolfSSL 0:d92f9d21154c 7645 WOLFSSL_ENTER("EVP_sha384");
wolfSSL 0:d92f9d21154c 7646 return type;
wolfSSL 0:d92f9d21154c 7647 }
wolfSSL 0:d92f9d21154c 7648
wolfSSL 0:d92f9d21154c 7649 #endif /* WOLFSSL_SHA384 */
wolfSSL 0:d92f9d21154c 7650
wolfSSL 0:d92f9d21154c 7651 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 7652
wolfSSL 0:d92f9d21154c 7653 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
wolfSSL 0:d92f9d21154c 7654 {
wolfSSL 0:d92f9d21154c 7655 static const char* type = "SHA512";
wolfSSL 0:d92f9d21154c 7656 WOLFSSL_ENTER("EVP_sha512");
wolfSSL 0:d92f9d21154c 7657 return type;
wolfSSL 0:d92f9d21154c 7658 }
wolfSSL 0:d92f9d21154c 7659
wolfSSL 0:d92f9d21154c 7660 #endif /* WOLFSSL_SHA512 */
wolfSSL 0:d92f9d21154c 7661
wolfSSL 0:d92f9d21154c 7662
wolfSSL 0:d92f9d21154c 7663 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 0:d92f9d21154c 7664 {
wolfSSL 0:d92f9d21154c 7665 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL 0:d92f9d21154c 7666 (void)ctx;
wolfSSL 0:d92f9d21154c 7667 /* do nothing */
wolfSSL 0:d92f9d21154c 7668 }
wolfSSL 0:d92f9d21154c 7669
wolfSSL 0:d92f9d21154c 7670
wolfSSL 0:d92f9d21154c 7671 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
wolfSSL 0:d92f9d21154c 7672 {
wolfSSL 0:d92f9d21154c 7673 static const char* type = "AES128-CBC";
wolfSSL 0:d92f9d21154c 7674 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
wolfSSL 0:d92f9d21154c 7675 return type;
wolfSSL 0:d92f9d21154c 7676 }
wolfSSL 0:d92f9d21154c 7677
wolfSSL 0:d92f9d21154c 7678
wolfSSL 0:d92f9d21154c 7679 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
wolfSSL 0:d92f9d21154c 7680 {
wolfSSL 0:d92f9d21154c 7681 static const char* type = "AES192-CBC";
wolfSSL 0:d92f9d21154c 7682 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
wolfSSL 0:d92f9d21154c 7683 return type;
wolfSSL 0:d92f9d21154c 7684 }
wolfSSL 0:d92f9d21154c 7685
wolfSSL 0:d92f9d21154c 7686
wolfSSL 0:d92f9d21154c 7687 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
wolfSSL 0:d92f9d21154c 7688 {
wolfSSL 0:d92f9d21154c 7689 static const char* type = "AES256-CBC";
wolfSSL 0:d92f9d21154c 7690 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
wolfSSL 0:d92f9d21154c 7691 return type;
wolfSSL 0:d92f9d21154c 7692 }
wolfSSL 0:d92f9d21154c 7693
wolfSSL 0:d92f9d21154c 7694
wolfSSL 0:d92f9d21154c 7695 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
wolfSSL 0:d92f9d21154c 7696 {
wolfSSL 0:d92f9d21154c 7697 static const char* type = "AES128-CTR";
wolfSSL 0:d92f9d21154c 7698 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
wolfSSL 0:d92f9d21154c 7699 return type;
wolfSSL 0:d92f9d21154c 7700 }
wolfSSL 0:d92f9d21154c 7701
wolfSSL 0:d92f9d21154c 7702
wolfSSL 0:d92f9d21154c 7703 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
wolfSSL 0:d92f9d21154c 7704 {
wolfSSL 0:d92f9d21154c 7705 static const char* type = "AES192-CTR";
wolfSSL 0:d92f9d21154c 7706 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
wolfSSL 0:d92f9d21154c 7707 return type;
wolfSSL 0:d92f9d21154c 7708 }
wolfSSL 0:d92f9d21154c 7709
wolfSSL 0:d92f9d21154c 7710
wolfSSL 0:d92f9d21154c 7711 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
wolfSSL 0:d92f9d21154c 7712 {
wolfSSL 0:d92f9d21154c 7713 static const char* type = "AES256-CTR";
wolfSSL 0:d92f9d21154c 7714 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
wolfSSL 0:d92f9d21154c 7715 return type;
wolfSSL 0:d92f9d21154c 7716 }
wolfSSL 0:d92f9d21154c 7717
wolfSSL 0:d92f9d21154c 7718
wolfSSL 0:d92f9d21154c 7719 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
wolfSSL 0:d92f9d21154c 7720 {
wolfSSL 0:d92f9d21154c 7721 static const char* type = "DES-CBC";
wolfSSL 0:d92f9d21154c 7722 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
wolfSSL 0:d92f9d21154c 7723 return type;
wolfSSL 0:d92f9d21154c 7724 }
wolfSSL 0:d92f9d21154c 7725
wolfSSL 0:d92f9d21154c 7726
wolfSSL 0:d92f9d21154c 7727 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
wolfSSL 0:d92f9d21154c 7728 {
wolfSSL 0:d92f9d21154c 7729 static const char* type = "DES-EDE3-CBC";
wolfSSL 0:d92f9d21154c 7730 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
wolfSSL 0:d92f9d21154c 7731 return type;
wolfSSL 0:d92f9d21154c 7732 }
wolfSSL 0:d92f9d21154c 7733
wolfSSL 0:d92f9d21154c 7734
wolfSSL 0:d92f9d21154c 7735 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
wolfSSL 0:d92f9d21154c 7736 {
wolfSSL 0:d92f9d21154c 7737 static const char* type = "ARC4";
wolfSSL 0:d92f9d21154c 7738 WOLFSSL_ENTER("wolfSSL_EVP_rc4");
wolfSSL 0:d92f9d21154c 7739 return type;
wolfSSL 0:d92f9d21154c 7740 }
wolfSSL 0:d92f9d21154c 7741
wolfSSL 0:d92f9d21154c 7742
wolfSSL 0:d92f9d21154c 7743 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
wolfSSL 0:d92f9d21154c 7744 {
wolfSSL 0:d92f9d21154c 7745 static const char* type = "NULL";
wolfSSL 0:d92f9d21154c 7746 WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
wolfSSL 0:d92f9d21154c 7747 return type;
wolfSSL 0:d92f9d21154c 7748 }
wolfSSL 0:d92f9d21154c 7749
wolfSSL 0:d92f9d21154c 7750
wolfSSL 0:d92f9d21154c 7751 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 0:d92f9d21154c 7752 {
wolfSSL 0:d92f9d21154c 7753 WOLFSSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL 0:d92f9d21154c 7754 (void)ctx;
wolfSSL 0:d92f9d21154c 7755 return 0;
wolfSSL 0:d92f9d21154c 7756 }
wolfSSL 0:d92f9d21154c 7757
wolfSSL 0:d92f9d21154c 7758
wolfSSL 0:d92f9d21154c 7759
wolfSSL 0:d92f9d21154c 7760 void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 7761 {
wolfSSL 0:d92f9d21154c 7762 WOLFSSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL 0:d92f9d21154c 7763 if (ctx) {
wolfSSL 0:d92f9d21154c 7764 ctx->cipherType = 0xff; /* no init */
wolfSSL 0:d92f9d21154c 7765 ctx->keyLen = 0;
wolfSSL 0:d92f9d21154c 7766 ctx->enc = 1; /* start in encrypt mode */
wolfSSL 0:d92f9d21154c 7767 }
wolfSSL 0:d92f9d21154c 7768 }
wolfSSL 0:d92f9d21154c 7769
wolfSSL 0:d92f9d21154c 7770
wolfSSL 0:d92f9d21154c 7771 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 7772 int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 7773 {
wolfSSL 0:d92f9d21154c 7774 WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL 0:d92f9d21154c 7775 if (ctx) {
wolfSSL 0:d92f9d21154c 7776 ctx->cipherType = 0xff; /* no more init */
wolfSSL 0:d92f9d21154c 7777 ctx->keyLen = 0;
wolfSSL 0:d92f9d21154c 7778 }
wolfSSL 0:d92f9d21154c 7779
wolfSSL 0:d92f9d21154c 7780 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 7781 }
wolfSSL 0:d92f9d21154c 7782
wolfSSL 0:d92f9d21154c 7783
wolfSSL 0:d92f9d21154c 7784 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 7785 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:d92f9d21154c 7786 const WOLFSSL_EVP_CIPHER* type, byte* key,
wolfSSL 0:d92f9d21154c 7787 byte* iv, int enc)
wolfSSL 0:d92f9d21154c 7788 {
wolfSSL 0:d92f9d21154c 7789 #if defined(NO_AES) && defined(NO_DES3)
wolfSSL 0:d92f9d21154c 7790 (void)iv;
wolfSSL 0:d92f9d21154c 7791 (void)enc;
wolfSSL 0:d92f9d21154c 7792 #else
wolfSSL 0:d92f9d21154c 7793 int ret = 0;
wolfSSL 0:d92f9d21154c 7794 #endif
wolfSSL 0:d92f9d21154c 7795
wolfSSL 0:d92f9d21154c 7796 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
wolfSSL 0:d92f9d21154c 7797 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 7798 WOLFSSL_MSG("no ctx");
wolfSSL 0:d92f9d21154c 7799 return 0; /* failure */
wolfSSL 0:d92f9d21154c 7800 }
wolfSSL 0:d92f9d21154c 7801
wolfSSL 0:d92f9d21154c 7802 if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL 0:d92f9d21154c 7803 WOLFSSL_MSG("no type set");
wolfSSL 0:d92f9d21154c 7804 return 0; /* failure */
wolfSSL 0:d92f9d21154c 7805 }
wolfSSL 0:d92f9d21154c 7806
wolfSSL 0:d92f9d21154c 7807 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 7808 if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7809 XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7810 WOLFSSL_MSG("AES-128-CBC");
wolfSSL 0:d92f9d21154c 7811 ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL 0:d92f9d21154c 7812 ctx->keyLen = 16;
wolfSSL 0:d92f9d21154c 7813 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7814 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7815 if (key) {
wolfSSL 0:d92f9d21154c 7816 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7817 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:d92f9d21154c 7818 if (ret != 0)
wolfSSL 0:d92f9d21154c 7819 return ret;
wolfSSL 0:d92f9d21154c 7820 }
wolfSSL 0:d92f9d21154c 7821 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7822 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7823 if (ret != 0)
wolfSSL 0:d92f9d21154c 7824 return ret;
wolfSSL 0:d92f9d21154c 7825 }
wolfSSL 0:d92f9d21154c 7826 }
wolfSSL 0:d92f9d21154c 7827 else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7828 XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7829 WOLFSSL_MSG("AES-192-CBC");
wolfSSL 0:d92f9d21154c 7830 ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL 0:d92f9d21154c 7831 ctx->keyLen = 24;
wolfSSL 0:d92f9d21154c 7832 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7833 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7834 if (key) {
wolfSSL 0:d92f9d21154c 7835 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7836 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:d92f9d21154c 7837 if (ret != 0)
wolfSSL 0:d92f9d21154c 7838 return ret;
wolfSSL 0:d92f9d21154c 7839 }
wolfSSL 0:d92f9d21154c 7840 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7841 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7842 if (ret != 0)
wolfSSL 0:d92f9d21154c 7843 return ret;
wolfSSL 0:d92f9d21154c 7844 }
wolfSSL 0:d92f9d21154c 7845 }
wolfSSL 0:d92f9d21154c 7846 else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7847 XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7848 WOLFSSL_MSG("AES-256-CBC");
wolfSSL 0:d92f9d21154c 7849 ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL 0:d92f9d21154c 7850 ctx->keyLen = 32;
wolfSSL 0:d92f9d21154c 7851 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7852 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7853 if (key) {
wolfSSL 0:d92f9d21154c 7854 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7855 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:d92f9d21154c 7856 if (ret != 0)
wolfSSL 0:d92f9d21154c 7857 return ret;
wolfSSL 0:d92f9d21154c 7858 }
wolfSSL 0:d92f9d21154c 7859 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7860 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7861 if (ret != 0)
wolfSSL 0:d92f9d21154c 7862 return ret;
wolfSSL 0:d92f9d21154c 7863 }
wolfSSL 0:d92f9d21154c 7864 }
wolfSSL 0:d92f9d21154c 7865 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 0:d92f9d21154c 7866 else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7867 XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7868 WOLFSSL_MSG("AES-128-CTR");
wolfSSL 0:d92f9d21154c 7869 ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL 0:d92f9d21154c 7870 ctx->keyLen = 16;
wolfSSL 0:d92f9d21154c 7871 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7872 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7873 if (key) {
wolfSSL 0:d92f9d21154c 7874 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7875 AES_ENCRYPTION);
wolfSSL 0:d92f9d21154c 7876 if (ret != 0)
wolfSSL 0:d92f9d21154c 7877 return ret;
wolfSSL 0:d92f9d21154c 7878 }
wolfSSL 0:d92f9d21154c 7879 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7880 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7881 if (ret != 0)
wolfSSL 0:d92f9d21154c 7882 return ret;
wolfSSL 0:d92f9d21154c 7883 }
wolfSSL 0:d92f9d21154c 7884 }
wolfSSL 0:d92f9d21154c 7885 else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7886 XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7887 WOLFSSL_MSG("AES-192-CTR");
wolfSSL 0:d92f9d21154c 7888 ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL 0:d92f9d21154c 7889 ctx->keyLen = 24;
wolfSSL 0:d92f9d21154c 7890 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7891 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7892 if (key) {
wolfSSL 0:d92f9d21154c 7893 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7894 AES_ENCRYPTION);
wolfSSL 0:d92f9d21154c 7895 if (ret != 0)
wolfSSL 0:d92f9d21154c 7896 return ret;
wolfSSL 0:d92f9d21154c 7897 }
wolfSSL 0:d92f9d21154c 7898 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7899 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7900 if (ret != 0)
wolfSSL 0:d92f9d21154c 7901 return ret;
wolfSSL 0:d92f9d21154c 7902 }
wolfSSL 0:d92f9d21154c 7903 }
wolfSSL 0:d92f9d21154c 7904 else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7905 XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
wolfSSL 0:d92f9d21154c 7906 WOLFSSL_MSG("AES-256-CTR");
wolfSSL 0:d92f9d21154c 7907 ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL 0:d92f9d21154c 7908 ctx->keyLen = 32;
wolfSSL 0:d92f9d21154c 7909 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7910 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7911 if (key) {
wolfSSL 0:d92f9d21154c 7912 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:d92f9d21154c 7913 AES_ENCRYPTION);
wolfSSL 0:d92f9d21154c 7914 if (ret != 0)
wolfSSL 0:d92f9d21154c 7915 return ret;
wolfSSL 0:d92f9d21154c 7916 }
wolfSSL 0:d92f9d21154c 7917 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7918 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:d92f9d21154c 7919 if (ret != 0)
wolfSSL 0:d92f9d21154c 7920 return ret;
wolfSSL 0:d92f9d21154c 7921 }
wolfSSL 0:d92f9d21154c 7922 }
wolfSSL 0:d92f9d21154c 7923 #endif /* WOLFSSL_AES_CTR */
wolfSSL 0:d92f9d21154c 7924 #endif /* NO_AES */
wolfSSL 0:d92f9d21154c 7925
wolfSSL 0:d92f9d21154c 7926 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 7927 else if (ctx->cipherType == DES_CBC_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7928 XSTRNCMP(type, "DES-CBC", 7) == 0)) {
wolfSSL 0:d92f9d21154c 7929 WOLFSSL_MSG("DES-CBC");
wolfSSL 0:d92f9d21154c 7930 ctx->cipherType = DES_CBC_TYPE;
wolfSSL 0:d92f9d21154c 7931 ctx->keyLen = 8;
wolfSSL 0:d92f9d21154c 7932 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7933 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7934 if (key) {
wolfSSL 0:d92f9d21154c 7935 ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL 0:d92f9d21154c 7936 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:d92f9d21154c 7937 if (ret != 0)
wolfSSL 0:d92f9d21154c 7938 return ret;
wolfSSL 0:d92f9d21154c 7939 }
wolfSSL 0:d92f9d21154c 7940
wolfSSL 0:d92f9d21154c 7941 if (iv && key == NULL)
wolfSSL 0:d92f9d21154c 7942 wc_Des_SetIV(&ctx->cipher.des, iv);
wolfSSL 0:d92f9d21154c 7943 }
wolfSSL 0:d92f9d21154c 7944 else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7945 XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
wolfSSL 0:d92f9d21154c 7946 WOLFSSL_MSG("DES-EDE3-CBC");
wolfSSL 0:d92f9d21154c 7947 ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL 0:d92f9d21154c 7948 ctx->keyLen = 24;
wolfSSL 0:d92f9d21154c 7949 if (enc == 0 || enc == 1)
wolfSSL 0:d92f9d21154c 7950 ctx->enc = enc ? 1 : 0;
wolfSSL 0:d92f9d21154c 7951 if (key) {
wolfSSL 0:d92f9d21154c 7952 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL 0:d92f9d21154c 7953 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:d92f9d21154c 7954 if (ret != 0)
wolfSSL 0:d92f9d21154c 7955 return ret;
wolfSSL 0:d92f9d21154c 7956 }
wolfSSL 0:d92f9d21154c 7957
wolfSSL 0:d92f9d21154c 7958 if (iv && key == NULL) {
wolfSSL 0:d92f9d21154c 7959 ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL 0:d92f9d21154c 7960 if (ret != 0)
wolfSSL 0:d92f9d21154c 7961 return ret;
wolfSSL 0:d92f9d21154c 7962 }
wolfSSL 0:d92f9d21154c 7963 }
wolfSSL 0:d92f9d21154c 7964 #endif /* NO_DES3 */
wolfSSL 0:d92f9d21154c 7965 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 7966 else if (ctx->cipherType == ARC4_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7967 XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL 0:d92f9d21154c 7968 WOLFSSL_MSG("ARC4");
wolfSSL 0:d92f9d21154c 7969 ctx->cipherType = ARC4_TYPE;
wolfSSL 0:d92f9d21154c 7970 if (ctx->keyLen == 0) /* user may have already set */
wolfSSL 0:d92f9d21154c 7971 ctx->keyLen = 16; /* default to 128 */
wolfSSL 0:d92f9d21154c 7972 if (key)
wolfSSL 0:d92f9d21154c 7973 wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL 0:d92f9d21154c 7974 }
wolfSSL 0:d92f9d21154c 7975 #endif /* NO_RC4 */
wolfSSL 0:d92f9d21154c 7976 else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
wolfSSL 0:d92f9d21154c 7977 XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL 0:d92f9d21154c 7978 WOLFSSL_MSG("NULL cipher");
wolfSSL 0:d92f9d21154c 7979 ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL 0:d92f9d21154c 7980 ctx->keyLen = 0;
wolfSSL 0:d92f9d21154c 7981 }
wolfSSL 0:d92f9d21154c 7982 else
wolfSSL 0:d92f9d21154c 7983 return 0; /* failure */
wolfSSL 0:d92f9d21154c 7984
wolfSSL 0:d92f9d21154c 7985
wolfSSL 0:d92f9d21154c 7986 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 7987 }
wolfSSL 0:d92f9d21154c 7988
wolfSSL 0:d92f9d21154c 7989
wolfSSL 0:d92f9d21154c 7990 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 7991 int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 7992 {
wolfSSL 0:d92f9d21154c 7993 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
wolfSSL 0:d92f9d21154c 7994 if (ctx)
wolfSSL 0:d92f9d21154c 7995 return ctx->keyLen;
wolfSSL 0:d92f9d21154c 7996
wolfSSL 0:d92f9d21154c 7997 return 0; /* failure */
wolfSSL 0:d92f9d21154c 7998 }
wolfSSL 0:d92f9d21154c 7999
wolfSSL 0:d92f9d21154c 8000
wolfSSL 0:d92f9d21154c 8001 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8002 int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:d92f9d21154c 8003 int keylen)
wolfSSL 0:d92f9d21154c 8004 {
wolfSSL 0:d92f9d21154c 8005 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL 0:d92f9d21154c 8006 if (ctx)
wolfSSL 0:d92f9d21154c 8007 ctx->keyLen = keylen;
wolfSSL 0:d92f9d21154c 8008 else
wolfSSL 0:d92f9d21154c 8009 return 0; /* failure */
wolfSSL 0:d92f9d21154c 8010
wolfSSL 0:d92f9d21154c 8011 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8012 }
wolfSSL 0:d92f9d21154c 8013
wolfSSL 0:d92f9d21154c 8014
wolfSSL 0:d92f9d21154c 8015 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8016 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL 0:d92f9d21154c 8017 word32 len)
wolfSSL 0:d92f9d21154c 8018 {
wolfSSL 0:d92f9d21154c 8019 int ret = 0;
wolfSSL 0:d92f9d21154c 8020 WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
wolfSSL 0:d92f9d21154c 8021
wolfSSL 0:d92f9d21154c 8022 if (ctx == NULL || dst == NULL || src == NULL) {
wolfSSL 0:d92f9d21154c 8023 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 8024 return 0; /* failure */
wolfSSL 0:d92f9d21154c 8025 }
wolfSSL 0:d92f9d21154c 8026
wolfSSL 0:d92f9d21154c 8027 if (ctx->cipherType == 0xff) {
wolfSSL 0:d92f9d21154c 8028 WOLFSSL_MSG("no init");
wolfSSL 0:d92f9d21154c 8029 return 0; /* failure */
wolfSSL 0:d92f9d21154c 8030 }
wolfSSL 0:d92f9d21154c 8031
wolfSSL 0:d92f9d21154c 8032 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 8033
wolfSSL 0:d92f9d21154c 8034 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 8035 case AES_128_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8036 case AES_192_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8037 case AES_256_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8038 WOLFSSL_MSG("AES CBC");
wolfSSL 0:d92f9d21154c 8039 if (ctx->enc)
wolfSSL 0:d92f9d21154c 8040 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:d92f9d21154c 8041 else
wolfSSL 0:d92f9d21154c 8042 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:d92f9d21154c 8043 break;
wolfSSL 0:d92f9d21154c 8044
wolfSSL 0:d92f9d21154c 8045 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 0:d92f9d21154c 8046 case AES_128_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8047 case AES_192_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8048 case AES_256_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8049 WOLFSSL_MSG("AES CTR");
wolfSSL 0:d92f9d21154c 8050 wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:d92f9d21154c 8051 break;
wolfSSL 0:d92f9d21154c 8052 #endif
wolfSSL 0:d92f9d21154c 8053 #endif /* NO_AES */
wolfSSL 0:d92f9d21154c 8054
wolfSSL 0:d92f9d21154c 8055 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 8056 case DES_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8057 if (ctx->enc)
wolfSSL 0:d92f9d21154c 8058 wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:d92f9d21154c 8059 else
wolfSSL 0:d92f9d21154c 8060 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:d92f9d21154c 8061 break;
wolfSSL 0:d92f9d21154c 8062
wolfSSL 0:d92f9d21154c 8063 case DES_EDE3_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8064 if (ctx->enc)
wolfSSL 0:d92f9d21154c 8065 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:d92f9d21154c 8066 else
wolfSSL 0:d92f9d21154c 8067 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:d92f9d21154c 8068 break;
wolfSSL 0:d92f9d21154c 8069 #endif
wolfSSL 0:d92f9d21154c 8070
wolfSSL 0:d92f9d21154c 8071 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 8072 case ARC4_TYPE :
wolfSSL 0:d92f9d21154c 8073 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL 0:d92f9d21154c 8074 break;
wolfSSL 0:d92f9d21154c 8075 #endif
wolfSSL 0:d92f9d21154c 8076
wolfSSL 0:d92f9d21154c 8077 case NULL_CIPHER_TYPE :
wolfSSL 0:d92f9d21154c 8078 XMEMCPY(dst, src, len);
wolfSSL 0:d92f9d21154c 8079 break;
wolfSSL 0:d92f9d21154c 8080
wolfSSL 0:d92f9d21154c 8081 default: {
wolfSSL 0:d92f9d21154c 8082 WOLFSSL_MSG("bad type");
wolfSSL 0:d92f9d21154c 8083 return 0; /* failure */
wolfSSL 0:d92f9d21154c 8084 }
wolfSSL 0:d92f9d21154c 8085 }
wolfSSL 0:d92f9d21154c 8086
wolfSSL 0:d92f9d21154c 8087 if (ret != 0) {
wolfSSL 0:d92f9d21154c 8088 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
wolfSSL 0:d92f9d21154c 8089 return 0; /* failuer */
wolfSSL 0:d92f9d21154c 8090 }
wolfSSL 0:d92f9d21154c 8091
wolfSSL 0:d92f9d21154c 8092 WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
wolfSSL 0:d92f9d21154c 8093 return SSL_SUCCESS; /* success */
wolfSSL 0:d92f9d21154c 8094 }
wolfSSL 0:d92f9d21154c 8095
wolfSSL 0:d92f9d21154c 8096
wolfSSL 0:d92f9d21154c 8097 /* store for external read of iv, SSL_SUCCESS on success */
wolfSSL 0:d92f9d21154c 8098 int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 8099 {
wolfSSL 0:d92f9d21154c 8100 WOLFSSL_ENTER("wolfSSL_StoreExternalIV");
wolfSSL 0:d92f9d21154c 8101
wolfSSL 0:d92f9d21154c 8102 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 8103 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 8104 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 8105 }
wolfSSL 0:d92f9d21154c 8106
wolfSSL 0:d92f9d21154c 8107 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 8108
wolfSSL 0:d92f9d21154c 8109 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 8110 case AES_128_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8111 case AES_192_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8112 case AES_256_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8113 WOLFSSL_MSG("AES CBC");
wolfSSL 0:d92f9d21154c 8114 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8115 break;
wolfSSL 0:d92f9d21154c 8116
wolfSSL 0:d92f9d21154c 8117 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 0:d92f9d21154c 8118 case AES_128_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8119 case AES_192_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8120 case AES_256_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8121 WOLFSSL_MSG("AES CTR");
wolfSSL 0:d92f9d21154c 8122 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8123 break;
wolfSSL 0:d92f9d21154c 8124 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 0:d92f9d21154c 8125
wolfSSL 0:d92f9d21154c 8126 #endif /* NO_AES */
wolfSSL 0:d92f9d21154c 8127
wolfSSL 0:d92f9d21154c 8128 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 8129 case DES_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8130 WOLFSSL_MSG("DES CBC");
wolfSSL 0:d92f9d21154c 8131 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8132 break;
wolfSSL 0:d92f9d21154c 8133
wolfSSL 0:d92f9d21154c 8134 case DES_EDE3_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8135 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 0:d92f9d21154c 8136 memcpy(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8137 break;
wolfSSL 0:d92f9d21154c 8138 #endif
wolfSSL 0:d92f9d21154c 8139
wolfSSL 0:d92f9d21154c 8140 case ARC4_TYPE :
wolfSSL 0:d92f9d21154c 8141 WOLFSSL_MSG("ARC4");
wolfSSL 0:d92f9d21154c 8142 break;
wolfSSL 0:d92f9d21154c 8143
wolfSSL 0:d92f9d21154c 8144 case NULL_CIPHER_TYPE :
wolfSSL 0:d92f9d21154c 8145 WOLFSSL_MSG("NULL");
wolfSSL 0:d92f9d21154c 8146 break;
wolfSSL 0:d92f9d21154c 8147
wolfSSL 0:d92f9d21154c 8148 default: {
wolfSSL 0:d92f9d21154c 8149 WOLFSSL_MSG("bad type");
wolfSSL 0:d92f9d21154c 8150 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 8151 }
wolfSSL 0:d92f9d21154c 8152 }
wolfSSL 0:d92f9d21154c 8153 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8154 }
wolfSSL 0:d92f9d21154c 8155
wolfSSL 0:d92f9d21154c 8156
wolfSSL 0:d92f9d21154c 8157 /* set internal IV from external, SSL_SUCCESS on success */
wolfSSL 0:d92f9d21154c 8158 int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 8159 {
wolfSSL 0:d92f9d21154c 8160
wolfSSL 0:d92f9d21154c 8161 WOLFSSL_ENTER("wolfSSL_SetInternalIV");
wolfSSL 0:d92f9d21154c 8162
wolfSSL 0:d92f9d21154c 8163 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 8164 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 8165 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 8166 }
wolfSSL 0:d92f9d21154c 8167
wolfSSL 0:d92f9d21154c 8168 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 8169
wolfSSL 0:d92f9d21154c 8170 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 8171 case AES_128_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8172 case AES_192_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8173 case AES_256_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8174 WOLFSSL_MSG("AES CBC");
wolfSSL 0:d92f9d21154c 8175 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8176 break;
wolfSSL 0:d92f9d21154c 8177
wolfSSL 0:d92f9d21154c 8178 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 0:d92f9d21154c 8179 case AES_128_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8180 case AES_192_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8181 case AES_256_CTR_TYPE :
wolfSSL 0:d92f9d21154c 8182 WOLFSSL_MSG("AES CTR");
wolfSSL 0:d92f9d21154c 8183 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8184 break;
wolfSSL 0:d92f9d21154c 8185 #endif
wolfSSL 0:d92f9d21154c 8186
wolfSSL 0:d92f9d21154c 8187 #endif /* NO_AES */
wolfSSL 0:d92f9d21154c 8188
wolfSSL 0:d92f9d21154c 8189 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 8190 case DES_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8191 WOLFSSL_MSG("DES CBC");
wolfSSL 0:d92f9d21154c 8192 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8193 break;
wolfSSL 0:d92f9d21154c 8194
wolfSSL 0:d92f9d21154c 8195 case DES_EDE3_CBC_TYPE :
wolfSSL 0:d92f9d21154c 8196 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 0:d92f9d21154c 8197 memcpy(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 8198 break;
wolfSSL 0:d92f9d21154c 8199 #endif
wolfSSL 0:d92f9d21154c 8200
wolfSSL 0:d92f9d21154c 8201 case ARC4_TYPE :
wolfSSL 0:d92f9d21154c 8202 WOLFSSL_MSG("ARC4");
wolfSSL 0:d92f9d21154c 8203 break;
wolfSSL 0:d92f9d21154c 8204
wolfSSL 0:d92f9d21154c 8205 case NULL_CIPHER_TYPE :
wolfSSL 0:d92f9d21154c 8206 WOLFSSL_MSG("NULL");
wolfSSL 0:d92f9d21154c 8207 break;
wolfSSL 0:d92f9d21154c 8208
wolfSSL 0:d92f9d21154c 8209 default: {
wolfSSL 0:d92f9d21154c 8210 WOLFSSL_MSG("bad type");
wolfSSL 0:d92f9d21154c 8211 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 8212 }
wolfSSL 0:d92f9d21154c 8213 }
wolfSSL 0:d92f9d21154c 8214 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8215 }
wolfSSL 0:d92f9d21154c 8216
wolfSSL 0:d92f9d21154c 8217
wolfSSL 0:d92f9d21154c 8218 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8219 int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type)
wolfSSL 0:d92f9d21154c 8220 {
wolfSSL 0:d92f9d21154c 8221 WOLFSSL_ENTER("EVP_DigestInit");
wolfSSL 0:d92f9d21154c 8222 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:d92f9d21154c 8223 ctx->macType = SHA256;
wolfSSL 0:d92f9d21154c 8224 wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8225 }
wolfSSL 0:d92f9d21154c 8226 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 8227 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:d92f9d21154c 8228 ctx->macType = SHA384;
wolfSSL 0:d92f9d21154c 8229 wolfSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8230 }
wolfSSL 0:d92f9d21154c 8231 #endif
wolfSSL 0:d92f9d21154c 8232 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 8233 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:d92f9d21154c 8234 ctx->macType = SHA512;
wolfSSL 0:d92f9d21154c 8235 wolfSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8236 }
wolfSSL 0:d92f9d21154c 8237 #endif
wolfSSL 0:d92f9d21154c 8238 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 8239 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:d92f9d21154c 8240 ctx->macType = MD5;
wolfSSL 0:d92f9d21154c 8241 wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8242 }
wolfSSL 0:d92f9d21154c 8243 #endif
wolfSSL 0:d92f9d21154c 8244 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 8245 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:d92f9d21154c 8246 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:d92f9d21154c 8247 ctx->macType = SHA;
wolfSSL 0:d92f9d21154c 8248 wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8249 }
wolfSSL 0:d92f9d21154c 8250 #endif /* NO_SHA */
wolfSSL 0:d92f9d21154c 8251 else
wolfSSL 0:d92f9d21154c 8252 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 8253
wolfSSL 0:d92f9d21154c 8254 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8255 }
wolfSSL 0:d92f9d21154c 8256
wolfSSL 0:d92f9d21154c 8257
wolfSSL 0:d92f9d21154c 8258 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8259 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL 0:d92f9d21154c 8260 unsigned long sz)
wolfSSL 0:d92f9d21154c 8261 {
wolfSSL 0:d92f9d21154c 8262 WOLFSSL_ENTER("EVP_DigestUpdate");
wolfSSL 0:d92f9d21154c 8263
wolfSSL 0:d92f9d21154c 8264 switch (ctx->macType) {
wolfSSL 0:d92f9d21154c 8265 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 8266 case MD5:
wolfSSL 0:d92f9d21154c 8267 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
wolfSSL 0:d92f9d21154c 8268 (unsigned long)sz);
wolfSSL 0:d92f9d21154c 8269 break;
wolfSSL 0:d92f9d21154c 8270 #endif
wolfSSL 0:d92f9d21154c 8271 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 8272 case SHA:
wolfSSL 0:d92f9d21154c 8273 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
wolfSSL 0:d92f9d21154c 8274 (unsigned long)sz);
wolfSSL 0:d92f9d21154c 8275 break;
wolfSSL 0:d92f9d21154c 8276 #endif
wolfSSL 0:d92f9d21154c 8277 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 8278 case SHA256:
wolfSSL 0:d92f9d21154c 8279 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL 0:d92f9d21154c 8280 (unsigned long)sz);
wolfSSL 0:d92f9d21154c 8281 break;
wolfSSL 0:d92f9d21154c 8282 #endif
wolfSSL 0:d92f9d21154c 8283 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 8284 case SHA384:
wolfSSL 0:d92f9d21154c 8285 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL 0:d92f9d21154c 8286 (unsigned long)sz);
wolfSSL 0:d92f9d21154c 8287 break;
wolfSSL 0:d92f9d21154c 8288 #endif
wolfSSL 0:d92f9d21154c 8289 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 8290 case SHA512:
wolfSSL 0:d92f9d21154c 8291 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL 0:d92f9d21154c 8292 (unsigned long)sz);
wolfSSL 0:d92f9d21154c 8293 break;
wolfSSL 0:d92f9d21154c 8294 #endif
wolfSSL 0:d92f9d21154c 8295 default:
wolfSSL 0:d92f9d21154c 8296 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 8297 }
wolfSSL 0:d92f9d21154c 8298
wolfSSL 0:d92f9d21154c 8299 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8300 }
wolfSSL 0:d92f9d21154c 8301
wolfSSL 0:d92f9d21154c 8302
wolfSSL 0:d92f9d21154c 8303 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8304 int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:d92f9d21154c 8305 unsigned int* s)
wolfSSL 0:d92f9d21154c 8306 {
wolfSSL 0:d92f9d21154c 8307 WOLFSSL_ENTER("EVP_DigestFinal");
wolfSSL 0:d92f9d21154c 8308 switch (ctx->macType) {
wolfSSL 0:d92f9d21154c 8309 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 8310 case MD5:
wolfSSL 0:d92f9d21154c 8311 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8312 if (s) *s = MD5_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8313 break;
wolfSSL 0:d92f9d21154c 8314 #endif
wolfSSL 0:d92f9d21154c 8315 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 8316 case SHA:
wolfSSL 0:d92f9d21154c 8317 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8318 if (s) *s = SHA_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8319 break;
wolfSSL 0:d92f9d21154c 8320 #endif
wolfSSL 0:d92f9d21154c 8321 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 8322 case SHA256:
wolfSSL 0:d92f9d21154c 8323 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8324 if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8325 break;
wolfSSL 0:d92f9d21154c 8326 #endif
wolfSSL 0:d92f9d21154c 8327 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 8328 case SHA384:
wolfSSL 0:d92f9d21154c 8329 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8330 if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8331 break;
wolfSSL 0:d92f9d21154c 8332 #endif
wolfSSL 0:d92f9d21154c 8333 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 8334 case SHA512:
wolfSSL 0:d92f9d21154c 8335 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL 0:d92f9d21154c 8336 if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8337 break;
wolfSSL 0:d92f9d21154c 8338 #endif
wolfSSL 0:d92f9d21154c 8339 default:
wolfSSL 0:d92f9d21154c 8340 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 8341 }
wolfSSL 0:d92f9d21154c 8342
wolfSSL 0:d92f9d21154c 8343 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8344 }
wolfSSL 0:d92f9d21154c 8345
wolfSSL 0:d92f9d21154c 8346
wolfSSL 0:d92f9d21154c 8347 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8348 int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:d92f9d21154c 8349 unsigned int* s)
wolfSSL 0:d92f9d21154c 8350 {
wolfSSL 0:d92f9d21154c 8351 WOLFSSL_ENTER("EVP_DigestFinal_ex");
wolfSSL 0:d92f9d21154c 8352 return EVP_DigestFinal(ctx, md, s);
wolfSSL 0:d92f9d21154c 8353 }
wolfSSL 0:d92f9d21154c 8354
wolfSSL 0:d92f9d21154c 8355
wolfSSL 0:d92f9d21154c 8356 unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
wolfSSL 0:d92f9d21154c 8357 int key_len, const unsigned char* d, int n,
wolfSSL 0:d92f9d21154c 8358 unsigned char* md, unsigned int* md_len)
wolfSSL 0:d92f9d21154c 8359 {
wolfSSL 0:d92f9d21154c 8360 int type;
wolfSSL 0:d92f9d21154c 8361 unsigned char* ret = NULL;
wolfSSL 0:d92f9d21154c 8362 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 8363 Hmac* hmac = NULL;
wolfSSL 0:d92f9d21154c 8364 #else
wolfSSL 0:d92f9d21154c 8365 Hmac hmac[1];
wolfSSL 0:d92f9d21154c 8366 #endif
wolfSSL 0:d92f9d21154c 8367
wolfSSL 0:d92f9d21154c 8368 WOLFSSL_ENTER("HMAC");
wolfSSL 0:d92f9d21154c 8369 if (!md)
wolfSSL 0:d92f9d21154c 8370 return NULL; /* no static buffer support */
wolfSSL 0:d92f9d21154c 8371
wolfSSL 0:d92f9d21154c 8372 if (XSTRNCMP(evp_md, "MD5", 3) == 0)
wolfSSL 0:d92f9d21154c 8373 type = MD5;
wolfSSL 0:d92f9d21154c 8374 else if (XSTRNCMP(evp_md, "SHA", 3) == 0)
wolfSSL 0:d92f9d21154c 8375 type = SHA;
wolfSSL 0:d92f9d21154c 8376 else
wolfSSL 0:d92f9d21154c 8377 return NULL;
wolfSSL 0:d92f9d21154c 8378
wolfSSL 0:d92f9d21154c 8379 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 8380 hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 8381 if (hmac == NULL)
wolfSSL 0:d92f9d21154c 8382 return NULL;
wolfSSL 0:d92f9d21154c 8383 #endif
wolfSSL 0:d92f9d21154c 8384
wolfSSL 0:d92f9d21154c 8385 if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0)
wolfSSL 0:d92f9d21154c 8386 if (wc_HmacUpdate(hmac, d, n) == 0)
wolfSSL 0:d92f9d21154c 8387 if (wc_HmacFinal(hmac, md) == 0) {
wolfSSL 0:d92f9d21154c 8388 if (md_len)
wolfSSL 0:d92f9d21154c 8389 *md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
wolfSSL 0:d92f9d21154c 8390 : (int)SHA_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 8391 ret = md;
wolfSSL 0:d92f9d21154c 8392 }
wolfSSL 0:d92f9d21154c 8393
wolfSSL 0:d92f9d21154c 8394 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 8395 XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 8396 #endif
wolfSSL 0:d92f9d21154c 8397
wolfSSL 0:d92f9d21154c 8398 return ret;
wolfSSL 0:d92f9d21154c 8399 }
wolfSSL 0:d92f9d21154c 8400
wolfSSL 0:d92f9d21154c 8401 void wolfSSL_ERR_clear_error(void)
wolfSSL 0:d92f9d21154c 8402 {
wolfSSL 0:d92f9d21154c 8403 /* TODO: */
wolfSSL 0:d92f9d21154c 8404 }
wolfSSL 0:d92f9d21154c 8405
wolfSSL 0:d92f9d21154c 8406
wolfSSL 0:d92f9d21154c 8407 int wolfSSL_RAND_status(void)
wolfSSL 0:d92f9d21154c 8408 {
wolfSSL 0:d92f9d21154c 8409 return SSL_SUCCESS; /* wolfCrypt provides enough seed internally */
wolfSSL 0:d92f9d21154c 8410 }
wolfSSL 0:d92f9d21154c 8411
wolfSSL 0:d92f9d21154c 8412
wolfSSL 0:d92f9d21154c 8413
wolfSSL 0:d92f9d21154c 8414 void wolfSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 0:d92f9d21154c 8415 {
wolfSSL 0:d92f9d21154c 8416 (void)add;
wolfSSL 0:d92f9d21154c 8417 (void)len;
wolfSSL 0:d92f9d21154c 8418 (void)entropy;
wolfSSL 0:d92f9d21154c 8419
wolfSSL 0:d92f9d21154c 8420 /* wolfSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 0:d92f9d21154c 8421 to take control */
wolfSSL 0:d92f9d21154c 8422 }
wolfSSL 0:d92f9d21154c 8423
wolfSSL 0:d92f9d21154c 8424
wolfSSL 0:d92f9d21154c 8425 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 8426 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 8427 int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
wolfSSL 0:d92f9d21154c 8428 WOLFSSL_DES_key_schedule* schedule)
wolfSSL 0:d92f9d21154c 8429 {
wolfSSL 0:d92f9d21154c 8430 WOLFSSL_ENTER("DES_key_sched");
wolfSSL 0:d92f9d21154c 8431 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL 0:d92f9d21154c 8432 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8433 }
wolfSSL 0:d92f9d21154c 8434
wolfSSL 0:d92f9d21154c 8435
wolfSSL 0:d92f9d21154c 8436 void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 0:d92f9d21154c 8437 unsigned char* output, long length,
wolfSSL 0:d92f9d21154c 8438 WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
wolfSSL 0:d92f9d21154c 8439 int enc)
wolfSSL 0:d92f9d21154c 8440 {
wolfSSL 0:d92f9d21154c 8441 Des myDes;
wolfSSL 0:d92f9d21154c 8442
wolfSSL 0:d92f9d21154c 8443 WOLFSSL_ENTER("DES_cbc_encrypt");
wolfSSL 0:d92f9d21154c 8444
wolfSSL 0:d92f9d21154c 8445 /* OpenSSL compat, no ret */
wolfSSL 0:d92f9d21154c 8446 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:d92f9d21154c 8447
wolfSSL 0:d92f9d21154c 8448 if (enc)
wolfSSL 0:d92f9d21154c 8449 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:d92f9d21154c 8450 else
wolfSSL 0:d92f9d21154c 8451 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:d92f9d21154c 8452 }
wolfSSL 0:d92f9d21154c 8453
wolfSSL 0:d92f9d21154c 8454
wolfSSL 0:d92f9d21154c 8455 /* correctly sets ivec for next call */
wolfSSL 0:d92f9d21154c 8456 void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 0:d92f9d21154c 8457 unsigned char* output, long length,
wolfSSL 0:d92f9d21154c 8458 WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
wolfSSL 0:d92f9d21154c 8459 int enc)
wolfSSL 0:d92f9d21154c 8460 {
wolfSSL 0:d92f9d21154c 8461 Des myDes;
wolfSSL 0:d92f9d21154c 8462
wolfSSL 0:d92f9d21154c 8463 WOLFSSL_ENTER("DES_ncbc_encrypt");
wolfSSL 0:d92f9d21154c 8464
wolfSSL 0:d92f9d21154c 8465 /* OpenSSL compat, no ret */
wolfSSL 0:d92f9d21154c 8466 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:d92f9d21154c 8467
wolfSSL 0:d92f9d21154c 8468 if (enc)
wolfSSL 0:d92f9d21154c 8469 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:d92f9d21154c 8470 else
wolfSSL 0:d92f9d21154c 8471 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:d92f9d21154c 8472
wolfSSL 0:d92f9d21154c 8473 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL 0:d92f9d21154c 8474 }
wolfSSL 0:d92f9d21154c 8475
wolfSSL 0:d92f9d21154c 8476 #endif /* NO_DES3 */
wolfSSL 0:d92f9d21154c 8477
wolfSSL 0:d92f9d21154c 8478
wolfSSL 0:d92f9d21154c 8479 void wolfSSL_ERR_free_strings(void)
wolfSSL 0:d92f9d21154c 8480 {
wolfSSL 0:d92f9d21154c 8481 /* handled internally */
wolfSSL 0:d92f9d21154c 8482 }
wolfSSL 0:d92f9d21154c 8483
wolfSSL 0:d92f9d21154c 8484
wolfSSL 0:d92f9d21154c 8485 void wolfSSL_ERR_remove_state(unsigned long state)
wolfSSL 0:d92f9d21154c 8486 {
wolfSSL 0:d92f9d21154c 8487 /* TODO: GetErrors().Remove(); */
wolfSSL 0:d92f9d21154c 8488 (void)state;
wolfSSL 0:d92f9d21154c 8489 }
wolfSSL 0:d92f9d21154c 8490
wolfSSL 0:d92f9d21154c 8491
wolfSSL 0:d92f9d21154c 8492 void wolfSSL_EVP_cleanup(void)
wolfSSL 0:d92f9d21154c 8493 {
wolfSSL 0:d92f9d21154c 8494 /* nothing to do here */
wolfSSL 0:d92f9d21154c 8495 }
wolfSSL 0:d92f9d21154c 8496
wolfSSL 0:d92f9d21154c 8497
wolfSSL 0:d92f9d21154c 8498 void wolfSSL_cleanup_all_ex_data(void)
wolfSSL 0:d92f9d21154c 8499 {
wolfSSL 0:d92f9d21154c 8500 /* nothing to do here */
wolfSSL 0:d92f9d21154c 8501 }
wolfSSL 0:d92f9d21154c 8502
wolfSSL 0:d92f9d21154c 8503
wolfSSL 0:d92f9d21154c 8504 int wolfSSL_clear(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 8505 {
wolfSSL 0:d92f9d21154c 8506 (void)ssl;
wolfSSL 0:d92f9d21154c 8507 /* TODO: GetErrors().Remove(); */
wolfSSL 0:d92f9d21154c 8508 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8509 }
wolfSSL 0:d92f9d21154c 8510
wolfSSL 0:d92f9d21154c 8511
wolfSSL 0:d92f9d21154c 8512 long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
wolfSSL 0:d92f9d21154c 8513 {
wolfSSL 0:d92f9d21154c 8514 word32 tmptime;
wolfSSL 0:d92f9d21154c 8515 if (!ses || t < 0)
wolfSSL 0:d92f9d21154c 8516 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 8517
wolfSSL 0:d92f9d21154c 8518 tmptime = t & 0xFFFFFFFF;
wolfSSL 0:d92f9d21154c 8519
wolfSSL 0:d92f9d21154c 8520 ses->timeout = tmptime;
wolfSSL 0:d92f9d21154c 8521
wolfSSL 0:d92f9d21154c 8522 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8523 }
wolfSSL 0:d92f9d21154c 8524
wolfSSL 0:d92f9d21154c 8525
wolfSSL 0:d92f9d21154c 8526 long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 0:d92f9d21154c 8527 {
wolfSSL 0:d92f9d21154c 8528 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */
wolfSSL 0:d92f9d21154c 8529
wolfSSL 0:d92f9d21154c 8530 WOLFSSL_ENTER("SSL_CTX_set_mode");
wolfSSL 0:d92f9d21154c 8531 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL 0:d92f9d21154c 8532 ctx->partialWrite = 1;
wolfSSL 0:d92f9d21154c 8533
wolfSSL 0:d92f9d21154c 8534 return mode;
wolfSSL 0:d92f9d21154c 8535 }
wolfSSL 0:d92f9d21154c 8536
wolfSSL 0:d92f9d21154c 8537
wolfSSL 0:d92f9d21154c 8538 long wolfSSL_SSL_get_mode(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 8539 {
wolfSSL 0:d92f9d21154c 8540 /* TODO: */
wolfSSL 0:d92f9d21154c 8541 (void)ssl;
wolfSSL 0:d92f9d21154c 8542 return 0;
wolfSSL 0:d92f9d21154c 8543 }
wolfSSL 0:d92f9d21154c 8544
wolfSSL 0:d92f9d21154c 8545
wolfSSL 0:d92f9d21154c 8546 long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 8547 {
wolfSSL 0:d92f9d21154c 8548 /* TODO: */
wolfSSL 0:d92f9d21154c 8549 (void)ctx;
wolfSSL 0:d92f9d21154c 8550 return 0;
wolfSSL 0:d92f9d21154c 8551 }
wolfSSL 0:d92f9d21154c 8552
wolfSSL 0:d92f9d21154c 8553
wolfSSL 0:d92f9d21154c 8554 void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m)
wolfSSL 0:d92f9d21154c 8555 {
wolfSSL 0:d92f9d21154c 8556 /* TODO: maybe? */
wolfSSL 0:d92f9d21154c 8557 (void)ctx;
wolfSSL 0:d92f9d21154c 8558 (void)m;
wolfSSL 0:d92f9d21154c 8559 }
wolfSSL 0:d92f9d21154c 8560
wolfSSL 0:d92f9d21154c 8561
wolfSSL 0:d92f9d21154c 8562 int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 8563 const unsigned char* sid_ctx,
wolfSSL 0:d92f9d21154c 8564 unsigned int sid_ctx_len)
wolfSSL 0:d92f9d21154c 8565 {
wolfSSL 0:d92f9d21154c 8566 /* No application specific context needed for wolfSSL */
wolfSSL 0:d92f9d21154c 8567 (void)ctx;
wolfSSL 0:d92f9d21154c 8568 (void)sid_ctx;
wolfSSL 0:d92f9d21154c 8569 (void)sid_ctx_len;
wolfSSL 0:d92f9d21154c 8570 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8571 }
wolfSSL 0:d92f9d21154c 8572
wolfSSL 0:d92f9d21154c 8573
wolfSSL 0:d92f9d21154c 8574 long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 8575 {
wolfSSL 0:d92f9d21154c 8576 /* TODO: maybe? */
wolfSSL 0:d92f9d21154c 8577 (void)ctx;
wolfSSL 0:d92f9d21154c 8578 return (~0);
wolfSSL 0:d92f9d21154c 8579 }
wolfSSL 0:d92f9d21154c 8580
wolfSSL 0:d92f9d21154c 8581 unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 0:d92f9d21154c 8582 const char** data, int *flags)
wolfSSL 0:d92f9d21154c 8583 {
wolfSSL 0:d92f9d21154c 8584 /* Not implemented */
wolfSSL 0:d92f9d21154c 8585 (void)file;
wolfSSL 0:d92f9d21154c 8586 (void)line;
wolfSSL 0:d92f9d21154c 8587 (void)data;
wolfSSL 0:d92f9d21154c 8588 (void)flags;
wolfSSL 0:d92f9d21154c 8589 return 0;
wolfSSL 0:d92f9d21154c 8590 }
wolfSSL 0:d92f9d21154c 8591
wolfSSL 0:d92f9d21154c 8592 #endif /* OPENSSL_EXTRA */
wolfSSL 0:d92f9d21154c 8593
wolfSSL 0:d92f9d21154c 8594
wolfSSL 0:d92f9d21154c 8595 #if defined(KEEP_PEER_CERT)
wolfSSL 0:d92f9d21154c 8596
wolfSSL 0:d92f9d21154c 8597 WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 8598 {
wolfSSL 0:d92f9d21154c 8599 WOLFSSL_ENTER("SSL_get_peer_certificate");
wolfSSL 0:d92f9d21154c 8600 if (ssl->peerCert.issuer.sz)
wolfSSL 0:d92f9d21154c 8601 return &ssl->peerCert;
wolfSSL 0:d92f9d21154c 8602 else
wolfSSL 0:d92f9d21154c 8603 return 0;
wolfSSL 0:d92f9d21154c 8604 }
wolfSSL 0:d92f9d21154c 8605
wolfSSL 0:d92f9d21154c 8606 #endif /* KEEP_PEER_CERT */
wolfSSL 0:d92f9d21154c 8607
wolfSSL 0:d92f9d21154c 8608
wolfSSL 0:d92f9d21154c 8609 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 0:d92f9d21154c 8610
wolfSSL 0:d92f9d21154c 8611 void wolfSSL_FreeX509(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8612 {
wolfSSL 0:d92f9d21154c 8613 WOLFSSL_ENTER("wolfSSL_FreeX509");
wolfSSL 0:d92f9d21154c 8614 FreeX509(x509);
wolfSSL 0:d92f9d21154c 8615 }
wolfSSL 0:d92f9d21154c 8616
wolfSSL 0:d92f9d21154c 8617
wolfSSL 0:d92f9d21154c 8618 /* return the next, if any, altname from the peer cert */
wolfSSL 0:d92f9d21154c 8619 char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
wolfSSL 0:d92f9d21154c 8620 {
wolfSSL 0:d92f9d21154c 8621 char* ret = NULL;
wolfSSL 0:d92f9d21154c 8622 WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
wolfSSL 0:d92f9d21154c 8623
wolfSSL 0:d92f9d21154c 8624 /* don't have any to work with */
wolfSSL 0:d92f9d21154c 8625 if (cert == NULL || cert->altNames == NULL)
wolfSSL 0:d92f9d21154c 8626 return NULL;
wolfSSL 0:d92f9d21154c 8627
wolfSSL 0:d92f9d21154c 8628 /* already went through them */
wolfSSL 0:d92f9d21154c 8629 if (cert->altNamesNext == NULL)
wolfSSL 0:d92f9d21154c 8630 return NULL;
wolfSSL 0:d92f9d21154c 8631
wolfSSL 0:d92f9d21154c 8632 ret = cert->altNamesNext->name;
wolfSSL 0:d92f9d21154c 8633 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 0:d92f9d21154c 8634
wolfSSL 0:d92f9d21154c 8635 return ret;
wolfSSL 0:d92f9d21154c 8636 }
wolfSSL 0:d92f9d21154c 8637
wolfSSL 0:d92f9d21154c 8638
wolfSSL 0:d92f9d21154c 8639 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
wolfSSL 0:d92f9d21154c 8640 {
wolfSSL 0:d92f9d21154c 8641 WOLFSSL_ENTER("X509_get_issuer_name");
wolfSSL 0:d92f9d21154c 8642 return &cert->issuer;
wolfSSL 0:d92f9d21154c 8643 }
wolfSSL 0:d92f9d21154c 8644
wolfSSL 0:d92f9d21154c 8645
wolfSSL 0:d92f9d21154c 8646 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
wolfSSL 0:d92f9d21154c 8647 {
wolfSSL 0:d92f9d21154c 8648 WOLFSSL_ENTER("X509_get_subject_name");
wolfSSL 0:d92f9d21154c 8649 return &cert->subject;
wolfSSL 0:d92f9d21154c 8650 }
wolfSSL 0:d92f9d21154c 8651
wolfSSL 0:d92f9d21154c 8652
wolfSSL 0:d92f9d21154c 8653 int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8654 {
wolfSSL 0:d92f9d21154c 8655 int isCA = 0;
wolfSSL 0:d92f9d21154c 8656
wolfSSL 0:d92f9d21154c 8657 WOLFSSL_ENTER("wolfSSL_X509_get_isCA");
wolfSSL 0:d92f9d21154c 8658
wolfSSL 0:d92f9d21154c 8659 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 8660 isCA = x509->isCa;
wolfSSL 0:d92f9d21154c 8661
wolfSSL 0:d92f9d21154c 8662 WOLFSSL_LEAVE("wolfSSL_X509_get_isCA", isCA);
wolfSSL 0:d92f9d21154c 8663
wolfSSL 0:d92f9d21154c 8664 return isCA;
wolfSSL 0:d92f9d21154c 8665 }
wolfSSL 0:d92f9d21154c 8666
wolfSSL 0:d92f9d21154c 8667
wolfSSL 0:d92f9d21154c 8668 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 8669 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 0:d92f9d21154c 8670 {
wolfSSL 0:d92f9d21154c 8671 int isSet = 0;
wolfSSL 0:d92f9d21154c 8672
wolfSSL 0:d92f9d21154c 8673 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");
wolfSSL 0:d92f9d21154c 8674
wolfSSL 0:d92f9d21154c 8675 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 8676 switch (nid) {
wolfSSL 0:d92f9d21154c 8677 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 0:d92f9d21154c 8678 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 0:d92f9d21154c 8679 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 0:d92f9d21154c 8680 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 0:d92f9d21154c 8681 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 0:d92f9d21154c 8682 #ifdef WOLFSSL_SEP
wolfSSL 0:d92f9d21154c 8683 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 0:d92f9d21154c 8684 #endif /* WOLFSSL_SEP */
wolfSSL 0:d92f9d21154c 8685 }
wolfSSL 0:d92f9d21154c 8686 }
wolfSSL 0:d92f9d21154c 8687
wolfSSL 0:d92f9d21154c 8688 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 0:d92f9d21154c 8689
wolfSSL 0:d92f9d21154c 8690 return isSet;
wolfSSL 0:d92f9d21154c 8691 }
wolfSSL 0:d92f9d21154c 8692
wolfSSL 0:d92f9d21154c 8693
wolfSSL 0:d92f9d21154c 8694 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 0:d92f9d21154c 8695 {
wolfSSL 0:d92f9d21154c 8696 int crit = 0;
wolfSSL 0:d92f9d21154c 8697
wolfSSL 0:d92f9d21154c 8698 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");
wolfSSL 0:d92f9d21154c 8699
wolfSSL 0:d92f9d21154c 8700 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 8701 switch (nid) {
wolfSSL 0:d92f9d21154c 8702 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 0:d92f9d21154c 8703 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 0:d92f9d21154c 8704 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 0:d92f9d21154c 8705 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 0:d92f9d21154c 8706 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 0:d92f9d21154c 8707 #ifdef WOLFSSL_SEP
wolfSSL 0:d92f9d21154c 8708 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 0:d92f9d21154c 8709 #endif /* WOLFSSL_SEP */
wolfSSL 0:d92f9d21154c 8710 }
wolfSSL 0:d92f9d21154c 8711 }
wolfSSL 0:d92f9d21154c 8712
wolfSSL 0:d92f9d21154c 8713 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 0:d92f9d21154c 8714
wolfSSL 0:d92f9d21154c 8715 return crit;
wolfSSL 0:d92f9d21154c 8716 }
wolfSSL 0:d92f9d21154c 8717
wolfSSL 0:d92f9d21154c 8718
wolfSSL 0:d92f9d21154c 8719 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8720 {
wolfSSL 0:d92f9d21154c 8721 int isSet = 0;
wolfSSL 0:d92f9d21154c 8722
wolfSSL 0:d92f9d21154c 8723 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");
wolfSSL 0:d92f9d21154c 8724
wolfSSL 0:d92f9d21154c 8725 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 8726 isSet = x509->basicConstPlSet;
wolfSSL 0:d92f9d21154c 8727
wolfSSL 0:d92f9d21154c 8728 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 0:d92f9d21154c 8729
wolfSSL 0:d92f9d21154c 8730 return isSet;
wolfSSL 0:d92f9d21154c 8731 }
wolfSSL 0:d92f9d21154c 8732
wolfSSL 0:d92f9d21154c 8733
wolfSSL 0:d92f9d21154c 8734 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8735 {
wolfSSL 0:d92f9d21154c 8736 word32 pathLength = 0;
wolfSSL 0:d92f9d21154c 8737
wolfSSL 0:d92f9d21154c 8738 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");
wolfSSL 0:d92f9d21154c 8739
wolfSSL 0:d92f9d21154c 8740 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 8741 pathLength = x509->pathLength;
wolfSSL 0:d92f9d21154c 8742
wolfSSL 0:d92f9d21154c 8743 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);
wolfSSL 0:d92f9d21154c 8744
wolfSSL 0:d92f9d21154c 8745 return pathLength;
wolfSSL 0:d92f9d21154c 8746 }
wolfSSL 0:d92f9d21154c 8747
wolfSSL 0:d92f9d21154c 8748
wolfSSL 0:d92f9d21154c 8749 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8750 {
wolfSSL 0:d92f9d21154c 8751 word16 usage = 0;
wolfSSL 0:d92f9d21154c 8752
wolfSSL 0:d92f9d21154c 8753 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");
wolfSSL 0:d92f9d21154c 8754
wolfSSL 0:d92f9d21154c 8755 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 8756 usage = x509->keyUsage;
wolfSSL 0:d92f9d21154c 8757
wolfSSL 0:d92f9d21154c 8758 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);
wolfSSL 0:d92f9d21154c 8759
wolfSSL 0:d92f9d21154c 8760 return usage;
wolfSSL 0:d92f9d21154c 8761 }
wolfSSL 0:d92f9d21154c 8762
wolfSSL 0:d92f9d21154c 8763
wolfSSL 0:d92f9d21154c 8764 byte* wolfSSL_X509_get_authorityKeyID(
wolfSSL 0:d92f9d21154c 8765 WOLFSSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:d92f9d21154c 8766 {
wolfSSL 0:d92f9d21154c 8767 byte *id = NULL;
wolfSSL 0:d92f9d21154c 8768 int copySz = 0;
wolfSSL 0:d92f9d21154c 8769
wolfSSL 0:d92f9d21154c 8770 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");
wolfSSL 0:d92f9d21154c 8771
wolfSSL 0:d92f9d21154c 8772 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 8773 if (x509->authKeyIdSet) {
wolfSSL 0:d92f9d21154c 8774 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:d92f9d21154c 8775 (int)x509->authKeyIdSz);
wolfSSL 0:d92f9d21154c 8776 id = x509->authKeyId;
wolfSSL 0:d92f9d21154c 8777 }
wolfSSL 0:d92f9d21154c 8778
wolfSSL 0:d92f9d21154c 8779 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:d92f9d21154c 8780 XMEMCPY(dst, id, copySz);
wolfSSL 0:d92f9d21154c 8781 id = dst;
wolfSSL 0:d92f9d21154c 8782 *dstLen = copySz;
wolfSSL 0:d92f9d21154c 8783 }
wolfSSL 0:d92f9d21154c 8784 }
wolfSSL 0:d92f9d21154c 8785
wolfSSL 0:d92f9d21154c 8786 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);
wolfSSL 0:d92f9d21154c 8787
wolfSSL 0:d92f9d21154c 8788 return id;
wolfSSL 0:d92f9d21154c 8789 }
wolfSSL 0:d92f9d21154c 8790
wolfSSL 0:d92f9d21154c 8791
wolfSSL 0:d92f9d21154c 8792 byte* wolfSSL_X509_get_subjectKeyID(
wolfSSL 0:d92f9d21154c 8793 WOLFSSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:d92f9d21154c 8794 {
wolfSSL 0:d92f9d21154c 8795 byte *id = NULL;
wolfSSL 0:d92f9d21154c 8796 int copySz = 0;
wolfSSL 0:d92f9d21154c 8797
wolfSSL 0:d92f9d21154c 8798 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");
wolfSSL 0:d92f9d21154c 8799
wolfSSL 0:d92f9d21154c 8800 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 8801 if (x509->subjKeyIdSet) {
wolfSSL 0:d92f9d21154c 8802 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:d92f9d21154c 8803 (int)x509->subjKeyIdSz);
wolfSSL 0:d92f9d21154c 8804 id = x509->subjKeyId;
wolfSSL 0:d92f9d21154c 8805 }
wolfSSL 0:d92f9d21154c 8806
wolfSSL 0:d92f9d21154c 8807 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:d92f9d21154c 8808 XMEMCPY(dst, id, copySz);
wolfSSL 0:d92f9d21154c 8809 id = dst;
wolfSSL 0:d92f9d21154c 8810 *dstLen = copySz;
wolfSSL 0:d92f9d21154c 8811 }
wolfSSL 0:d92f9d21154c 8812 }
wolfSSL 0:d92f9d21154c 8813
wolfSSL 0:d92f9d21154c 8814 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);
wolfSSL 0:d92f9d21154c 8815
wolfSSL 0:d92f9d21154c 8816 return id;
wolfSSL 0:d92f9d21154c 8817 }
wolfSSL 0:d92f9d21154c 8818
wolfSSL 0:d92f9d21154c 8819
wolfSSL 0:d92f9d21154c 8820 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
wolfSSL 0:d92f9d21154c 8821 {
wolfSSL 0:d92f9d21154c 8822 int count = 0;
wolfSSL 0:d92f9d21154c 8823
wolfSSL 0:d92f9d21154c 8824 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");
wolfSSL 0:d92f9d21154c 8825
wolfSSL 0:d92f9d21154c 8826 if (name != NULL)
wolfSSL 0:d92f9d21154c 8827 count = name->fullName.entryCount;
wolfSSL 0:d92f9d21154c 8828
wolfSSL 0:d92f9d21154c 8829 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
wolfSSL 0:d92f9d21154c 8830 return count;
wolfSSL 0:d92f9d21154c 8831 }
wolfSSL 0:d92f9d21154c 8832
wolfSSL 0:d92f9d21154c 8833
wolfSSL 0:d92f9d21154c 8834 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 0:d92f9d21154c 8835 int nid, char* buf, int len)
wolfSSL 0:d92f9d21154c 8836 {
wolfSSL 0:d92f9d21154c 8837 char *text = NULL;
wolfSSL 0:d92f9d21154c 8838 int textSz = 0;
wolfSSL 0:d92f9d21154c 8839
wolfSSL 0:d92f9d21154c 8840 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");
wolfSSL 0:d92f9d21154c 8841
wolfSSL 0:d92f9d21154c 8842 switch (nid) {
wolfSSL 0:d92f9d21154c 8843 case ASN_COMMON_NAME:
wolfSSL 0:d92f9d21154c 8844 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 0:d92f9d21154c 8845 textSz = name->fullName.cnLen;
wolfSSL 0:d92f9d21154c 8846 break;
wolfSSL 0:d92f9d21154c 8847 case ASN_SUR_NAME:
wolfSSL 0:d92f9d21154c 8848 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 0:d92f9d21154c 8849 textSz = name->fullName.snLen;
wolfSSL 0:d92f9d21154c 8850 break;
wolfSSL 0:d92f9d21154c 8851 case ASN_SERIAL_NUMBER:
wolfSSL 0:d92f9d21154c 8852 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 0:d92f9d21154c 8853 textSz = name->fullName.serialLen;
wolfSSL 0:d92f9d21154c 8854 break;
wolfSSL 0:d92f9d21154c 8855 case ASN_COUNTRY_NAME:
wolfSSL 0:d92f9d21154c 8856 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 0:d92f9d21154c 8857 textSz = name->fullName.cLen;
wolfSSL 0:d92f9d21154c 8858 break;
wolfSSL 0:d92f9d21154c 8859 case ASN_LOCALITY_NAME:
wolfSSL 0:d92f9d21154c 8860 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 0:d92f9d21154c 8861 textSz = name->fullName.lLen;
wolfSSL 0:d92f9d21154c 8862 break;
wolfSSL 0:d92f9d21154c 8863 case ASN_STATE_NAME:
wolfSSL 0:d92f9d21154c 8864 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 0:d92f9d21154c 8865 textSz = name->fullName.stLen;
wolfSSL 0:d92f9d21154c 8866 break;
wolfSSL 0:d92f9d21154c 8867 case ASN_ORG_NAME:
wolfSSL 0:d92f9d21154c 8868 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 0:d92f9d21154c 8869 textSz = name->fullName.oLen;
wolfSSL 0:d92f9d21154c 8870 break;
wolfSSL 0:d92f9d21154c 8871 case ASN_ORGUNIT_NAME:
wolfSSL 0:d92f9d21154c 8872 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 0:d92f9d21154c 8873 textSz = name->fullName.ouLen;
wolfSSL 0:d92f9d21154c 8874 break;
wolfSSL 0:d92f9d21154c 8875 default:
wolfSSL 0:d92f9d21154c 8876 break;
wolfSSL 0:d92f9d21154c 8877 }
wolfSSL 0:d92f9d21154c 8878
wolfSSL 0:d92f9d21154c 8879 if (buf != NULL && text != NULL) {
wolfSSL 0:d92f9d21154c 8880 textSz = min(textSz, len);
wolfSSL 0:d92f9d21154c 8881 XMEMCPY(buf, text, textSz);
wolfSSL 0:d92f9d21154c 8882 buf[textSz] = '\0';
wolfSSL 0:d92f9d21154c 8883 }
wolfSSL 0:d92f9d21154c 8884
wolfSSL 0:d92f9d21154c 8885 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 0:d92f9d21154c 8886 return textSz;
wolfSSL 0:d92f9d21154c 8887 }
wolfSSL 0:d92f9d21154c 8888 #endif
wolfSSL 0:d92f9d21154c 8889
wolfSSL 0:d92f9d21154c 8890
wolfSSL 0:d92f9d21154c 8891 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 0:d92f9d21154c 8892 malloc buffer, call responsible for freeing */
wolfSSL 0:d92f9d21154c 8893 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
wolfSSL 0:d92f9d21154c 8894 {
wolfSSL 0:d92f9d21154c 8895 int copySz = min(sz, name->sz);
wolfSSL 0:d92f9d21154c 8896
wolfSSL 0:d92f9d21154c 8897 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
wolfSSL 0:d92f9d21154c 8898 if (!name->sz) return in;
wolfSSL 0:d92f9d21154c 8899
wolfSSL 0:d92f9d21154c 8900 if (!in) {
wolfSSL 0:d92f9d21154c 8901 in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 8902 if (!in ) return in;
wolfSSL 0:d92f9d21154c 8903 copySz = name->sz;
wolfSSL 0:d92f9d21154c 8904 }
wolfSSL 0:d92f9d21154c 8905
wolfSSL 0:d92f9d21154c 8906 if (copySz == 0)
wolfSSL 0:d92f9d21154c 8907 return in;
wolfSSL 0:d92f9d21154c 8908
wolfSSL 0:d92f9d21154c 8909 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 0:d92f9d21154c 8910 in[copySz - 1] = 0;
wolfSSL 0:d92f9d21154c 8911
wolfSSL 0:d92f9d21154c 8912 return in;
wolfSSL 0:d92f9d21154c 8913 }
wolfSSL 0:d92f9d21154c 8914
wolfSSL 0:d92f9d21154c 8915
wolfSSL 0:d92f9d21154c 8916 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8917 {
wolfSSL 0:d92f9d21154c 8918 int type = 0;
wolfSSL 0:d92f9d21154c 8919
wolfSSL 0:d92f9d21154c 8920 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");
wolfSSL 0:d92f9d21154c 8921
wolfSSL 0:d92f9d21154c 8922 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 8923 type = x509->sigOID;
wolfSSL 0:d92f9d21154c 8924
wolfSSL 0:d92f9d21154c 8925 return type;
wolfSSL 0:d92f9d21154c 8926 }
wolfSSL 0:d92f9d21154c 8927
wolfSSL 0:d92f9d21154c 8928
wolfSSL 0:d92f9d21154c 8929 int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
wolfSSL 0:d92f9d21154c 8930 unsigned char* buf, int* bufSz)
wolfSSL 0:d92f9d21154c 8931 {
wolfSSL 0:d92f9d21154c 8932 WOLFSSL_ENTER("wolfSSL_X509_get_signature");
wolfSSL 0:d92f9d21154c 8933 if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
wolfSSL 0:d92f9d21154c 8934 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 8935
wolfSSL 0:d92f9d21154c 8936 if (buf != NULL)
wolfSSL 0:d92f9d21154c 8937 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 0:d92f9d21154c 8938 *bufSz = x509->sig.length;
wolfSSL 0:d92f9d21154c 8939
wolfSSL 0:d92f9d21154c 8940 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8941 }
wolfSSL 0:d92f9d21154c 8942
wolfSSL 0:d92f9d21154c 8943
wolfSSL 0:d92f9d21154c 8944 /* write X509 serial number in unsigned binary to buffer
wolfSSL 0:d92f9d21154c 8945 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 0:d92f9d21154c 8946 return SSL_SUCCESS on success */
wolfSSL 0:d92f9d21154c 8947 int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:d92f9d21154c 8948 {
wolfSSL 0:d92f9d21154c 8949 WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
wolfSSL 0:d92f9d21154c 8950 if (x509 == NULL || in == NULL ||
wolfSSL 0:d92f9d21154c 8951 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 0:d92f9d21154c 8952 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 8953
wolfSSL 0:d92f9d21154c 8954 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 0:d92f9d21154c 8955 *inOutSz = x509->serialSz;
wolfSSL 0:d92f9d21154c 8956
wolfSSL 0:d92f9d21154c 8957 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 8958 }
wolfSSL 0:d92f9d21154c 8959
wolfSSL 0:d92f9d21154c 8960
wolfSSL 0:d92f9d21154c 8961 const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
wolfSSL 0:d92f9d21154c 8962 {
wolfSSL 0:d92f9d21154c 8963 WOLFSSL_ENTER("wolfSSL_X509_get_der");
wolfSSL 0:d92f9d21154c 8964
wolfSSL 0:d92f9d21154c 8965 if (x509 == NULL || outSz == NULL)
wolfSSL 0:d92f9d21154c 8966 return NULL;
wolfSSL 0:d92f9d21154c 8967
wolfSSL 0:d92f9d21154c 8968 *outSz = (int)x509->derCert.length;
wolfSSL 0:d92f9d21154c 8969 return x509->derCert.buffer;
wolfSSL 0:d92f9d21154c 8970 }
wolfSSL 0:d92f9d21154c 8971
wolfSSL 0:d92f9d21154c 8972
wolfSSL 0:d92f9d21154c 8973 int wolfSSL_X509_version(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8974 {
wolfSSL 0:d92f9d21154c 8975 WOLFSSL_ENTER("wolfSSL_X509_version");
wolfSSL 0:d92f9d21154c 8976
wolfSSL 0:d92f9d21154c 8977 if (x509 == NULL)
wolfSSL 0:d92f9d21154c 8978 return 0;
wolfSSL 0:d92f9d21154c 8979
wolfSSL 0:d92f9d21154c 8980 return x509->version;
wolfSSL 0:d92f9d21154c 8981 }
wolfSSL 0:d92f9d21154c 8982
wolfSSL 0:d92f9d21154c 8983
wolfSSL 0:d92f9d21154c 8984 const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8985 {
wolfSSL 0:d92f9d21154c 8986 WOLFSSL_ENTER("wolfSSL_X509_notBefore");
wolfSSL 0:d92f9d21154c 8987
wolfSSL 0:d92f9d21154c 8988 if (x509 == NULL)
wolfSSL 0:d92f9d21154c 8989 return NULL;
wolfSSL 0:d92f9d21154c 8990
wolfSSL 0:d92f9d21154c 8991 return x509->notBefore;
wolfSSL 0:d92f9d21154c 8992 }
wolfSSL 0:d92f9d21154c 8993
wolfSSL 0:d92f9d21154c 8994
wolfSSL 0:d92f9d21154c 8995 const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 8996 {
wolfSSL 0:d92f9d21154c 8997 WOLFSSL_ENTER("wolfSSL_X509_notAfter");
wolfSSL 0:d92f9d21154c 8998
wolfSSL 0:d92f9d21154c 8999 if (x509 == NULL)
wolfSSL 0:d92f9d21154c 9000 return NULL;
wolfSSL 0:d92f9d21154c 9001
wolfSSL 0:d92f9d21154c 9002 return x509->notAfter;
wolfSSL 0:d92f9d21154c 9003 }
wolfSSL 0:d92f9d21154c 9004
wolfSSL 0:d92f9d21154c 9005
wolfSSL 0:d92f9d21154c 9006 #ifdef WOLFSSL_SEP
wolfSSL 0:d92f9d21154c 9007
wolfSSL 0:d92f9d21154c 9008 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 0:d92f9d21154c 9009 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 0:d92f9d21154c 9010 *inOutSz. Requires inOutSz be non-null */
wolfSSL 0:d92f9d21154c 9011 byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 0:d92f9d21154c 9012 {
wolfSSL 0:d92f9d21154c 9013 int copySz;
wolfSSL 0:d92f9d21154c 9014
wolfSSL 0:d92f9d21154c 9015 WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
wolfSSL 0:d92f9d21154c 9016 if (inOutSz == NULL) return NULL;
wolfSSL 0:d92f9d21154c 9017 if (!x509->deviceTypeSz) return in;
wolfSSL 0:d92f9d21154c 9018
wolfSSL 0:d92f9d21154c 9019 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 0:d92f9d21154c 9020
wolfSSL 0:d92f9d21154c 9021 if (!in) {
wolfSSL 0:d92f9d21154c 9022 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 9023 if (!in) return in;
wolfSSL 0:d92f9d21154c 9024 copySz = x509->deviceTypeSz;
wolfSSL 0:d92f9d21154c 9025 }
wolfSSL 0:d92f9d21154c 9026
wolfSSL 0:d92f9d21154c 9027 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 0:d92f9d21154c 9028 *inOutSz = copySz;
wolfSSL 0:d92f9d21154c 9029
wolfSSL 0:d92f9d21154c 9030 return in;
wolfSSL 0:d92f9d21154c 9031 }
wolfSSL 0:d92f9d21154c 9032
wolfSSL 0:d92f9d21154c 9033
wolfSSL 0:d92f9d21154c 9034 byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:d92f9d21154c 9035 {
wolfSSL 0:d92f9d21154c 9036 int copySz;
wolfSSL 0:d92f9d21154c 9037
wolfSSL 0:d92f9d21154c 9038 WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
wolfSSL 0:d92f9d21154c 9039 if (inOutSz == NULL) return NULL;
wolfSSL 0:d92f9d21154c 9040 if (!x509->hwTypeSz) return in;
wolfSSL 0:d92f9d21154c 9041
wolfSSL 0:d92f9d21154c 9042 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 0:d92f9d21154c 9043
wolfSSL 0:d92f9d21154c 9044 if (!in) {
wolfSSL 0:d92f9d21154c 9045 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 9046 if (!in) return in;
wolfSSL 0:d92f9d21154c 9047 copySz = x509->hwTypeSz;
wolfSSL 0:d92f9d21154c 9048 }
wolfSSL 0:d92f9d21154c 9049
wolfSSL 0:d92f9d21154c 9050 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 0:d92f9d21154c 9051 *inOutSz = copySz;
wolfSSL 0:d92f9d21154c 9052
wolfSSL 0:d92f9d21154c 9053 return in;
wolfSSL 0:d92f9d21154c 9054 }
wolfSSL 0:d92f9d21154c 9055
wolfSSL 0:d92f9d21154c 9056
wolfSSL 0:d92f9d21154c 9057 byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,int* inOutSz)
wolfSSL 0:d92f9d21154c 9058 {
wolfSSL 0:d92f9d21154c 9059 int copySz;
wolfSSL 0:d92f9d21154c 9060
wolfSSL 0:d92f9d21154c 9061 WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
wolfSSL 0:d92f9d21154c 9062 if (inOutSz == NULL) return NULL;
wolfSSL 0:d92f9d21154c 9063 if (!x509->hwTypeSz) return in;
wolfSSL 0:d92f9d21154c 9064
wolfSSL 0:d92f9d21154c 9065 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 0:d92f9d21154c 9066
wolfSSL 0:d92f9d21154c 9067 if (!in) {
wolfSSL 0:d92f9d21154c 9068 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:d92f9d21154c 9069 if (!in) return in;
wolfSSL 0:d92f9d21154c 9070 copySz = x509->hwSerialNumSz;
wolfSSL 0:d92f9d21154c 9071 }
wolfSSL 0:d92f9d21154c 9072
wolfSSL 0:d92f9d21154c 9073 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 0:d92f9d21154c 9074 *inOutSz = copySz;
wolfSSL 0:d92f9d21154c 9075
wolfSSL 0:d92f9d21154c 9076 return in;
wolfSSL 0:d92f9d21154c 9077 }
wolfSSL 0:d92f9d21154c 9078
wolfSSL 0:d92f9d21154c 9079 #endif /* WOLFSSL_SEP */
wolfSSL 0:d92f9d21154c 9080
wolfSSL 0:d92f9d21154c 9081
wolfSSL 0:d92f9d21154c 9082 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
wolfSSL 0:d92f9d21154c 9083 {
wolfSSL 0:d92f9d21154c 9084 WOLFSSL_X509 *newX509 = NULL;
wolfSSL 0:d92f9d21154c 9085
wolfSSL 0:d92f9d21154c 9086 WOLFSSL_ENTER("wolfSSL_X509_d2i");
wolfSSL 0:d92f9d21154c 9087
wolfSSL 0:d92f9d21154c 9088 if (in != NULL && len != 0) {
wolfSSL 0:d92f9d21154c 9089 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9090 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 9091 #else
wolfSSL 0:d92f9d21154c 9092 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 9093 #endif
wolfSSL 0:d92f9d21154c 9094
wolfSSL 0:d92f9d21154c 9095 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9096 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 9097 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9098 if (cert == NULL)
wolfSSL 0:d92f9d21154c 9099 return NULL;
wolfSSL 0:d92f9d21154c 9100 #endif
wolfSSL 0:d92f9d21154c 9101
wolfSSL 0:d92f9d21154c 9102 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 0:d92f9d21154c 9103 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:d92f9d21154c 9104 newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509),
wolfSSL 0:d92f9d21154c 9105 NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 9106 if (newX509 != NULL) {
wolfSSL 0:d92f9d21154c 9107 InitX509(newX509, 1);
wolfSSL 0:d92f9d21154c 9108 if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL 0:d92f9d21154c 9109 XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 9110 newX509 = NULL;
wolfSSL 0:d92f9d21154c 9111 }
wolfSSL 0:d92f9d21154c 9112 }
wolfSSL 0:d92f9d21154c 9113 }
wolfSSL 0:d92f9d21154c 9114 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 9115 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9116 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9117 #endif
wolfSSL 0:d92f9d21154c 9118 }
wolfSSL 0:d92f9d21154c 9119
wolfSSL 0:d92f9d21154c 9120 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 9121 *x509 = newX509;
wolfSSL 0:d92f9d21154c 9122
wolfSSL 0:d92f9d21154c 9123 return newX509;
wolfSSL 0:d92f9d21154c 9124 }
wolfSSL 0:d92f9d21154c 9125
wolfSSL 0:d92f9d21154c 9126
wolfSSL 0:d92f9d21154c 9127 #ifndef NO_FILESYSTEM
wolfSSL 0:d92f9d21154c 9128
wolfSSL 0:d92f9d21154c 9129 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 0:d92f9d21154c 9130
wolfSSL 0:d92f9d21154c 9131 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
wolfSSL 0:d92f9d21154c 9132 {
wolfSSL 0:d92f9d21154c 9133 WOLFSSL_X509* newX509 = NULL;
wolfSSL 0:d92f9d21154c 9134
wolfSSL 0:d92f9d21154c 9135 WOLFSSL_ENTER("wolfSSL_X509_d2i_fp");
wolfSSL 0:d92f9d21154c 9136
wolfSSL 0:d92f9d21154c 9137 if (file != XBADFILE) {
wolfSSL 0:d92f9d21154c 9138 byte* fileBuffer = NULL;
wolfSSL 0:d92f9d21154c 9139 long sz = 0;
wolfSSL 0:d92f9d21154c 9140
wolfSSL 0:d92f9d21154c 9141 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 9142 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 9143 XREWIND(file);
wolfSSL 0:d92f9d21154c 9144
wolfSSL 0:d92f9d21154c 9145 if (sz < 0) {
wolfSSL 0:d92f9d21154c 9146 WOLFSSL_MSG("Bad tell on FILE");
wolfSSL 0:d92f9d21154c 9147 return NULL;
wolfSSL 0:d92f9d21154c 9148 }
wolfSSL 0:d92f9d21154c 9149
wolfSSL 0:d92f9d21154c 9150 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9151 if (fileBuffer != NULL) {
wolfSSL 0:d92f9d21154c 9152 int ret = (int)XFREAD(fileBuffer, sz, 1, file);
wolfSSL 0:d92f9d21154c 9153 if (ret > 0) {
wolfSSL 0:d92f9d21154c 9154 newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 0:d92f9d21154c 9155 }
wolfSSL 0:d92f9d21154c 9156 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9157 }
wolfSSL 0:d92f9d21154c 9158 }
wolfSSL 0:d92f9d21154c 9159
wolfSSL 0:d92f9d21154c 9160 if (x509 != NULL)
wolfSSL 0:d92f9d21154c 9161 *x509 = newX509;
wolfSSL 0:d92f9d21154c 9162
wolfSSL 0:d92f9d21154c 9163 return newX509;
wolfSSL 0:d92f9d21154c 9164 }
wolfSSL 0:d92f9d21154c 9165
wolfSSL 0:d92f9d21154c 9166 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 9167
wolfSSL 0:d92f9d21154c 9168 WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 0:d92f9d21154c 9169 {
wolfSSL 0:d92f9d21154c 9170 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9171 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 9172 #else
wolfSSL 0:d92f9d21154c 9173 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 9174 #endif
wolfSSL 0:d92f9d21154c 9175 byte* fileBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 9176 int dynamic = 0;
wolfSSL 0:d92f9d21154c 9177 int ret;
wolfSSL 0:d92f9d21154c 9178 long sz = 0;
wolfSSL 0:d92f9d21154c 9179 XFILE file;
wolfSSL 0:d92f9d21154c 9180
wolfSSL 0:d92f9d21154c 9181 WOLFSSL_X509* x509 = NULL;
wolfSSL 0:d92f9d21154c 9182 buffer der;
wolfSSL 0:d92f9d21154c 9183
wolfSSL 0:d92f9d21154c 9184 WOLFSSL_ENTER("wolfSSL_X509_load_certificate");
wolfSSL 0:d92f9d21154c 9185
wolfSSL 0:d92f9d21154c 9186 /* Check the inputs */
wolfSSL 0:d92f9d21154c 9187 if ((fname == NULL) ||
wolfSSL 0:d92f9d21154c 9188 (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL 0:d92f9d21154c 9189 return NULL;
wolfSSL 0:d92f9d21154c 9190
wolfSSL 0:d92f9d21154c 9191 file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 9192 if (file == XBADFILE)
wolfSSL 0:d92f9d21154c 9193 return NULL;
wolfSSL 0:d92f9d21154c 9194
wolfSSL 0:d92f9d21154c 9195 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 9196 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 9197 XREWIND(file);
wolfSSL 0:d92f9d21154c 9198
wolfSSL 0:d92f9d21154c 9199 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 9200 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9201 if (fileBuffer == NULL) {
wolfSSL 0:d92f9d21154c 9202 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 9203 return NULL;
wolfSSL 0:d92f9d21154c 9204 }
wolfSSL 0:d92f9d21154c 9205 dynamic = 1;
wolfSSL 0:d92f9d21154c 9206 }
wolfSSL 0:d92f9d21154c 9207 else if (sz < 0) {
wolfSSL 0:d92f9d21154c 9208 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 9209 return NULL;
wolfSSL 0:d92f9d21154c 9210 }
wolfSSL 0:d92f9d21154c 9211
wolfSSL 0:d92f9d21154c 9212 ret = (int)XFREAD(fileBuffer, sz, 1, file);
wolfSSL 0:d92f9d21154c 9213 if (ret < 0) {
wolfSSL 0:d92f9d21154c 9214 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 9215 if (dynamic)
wolfSSL 0:d92f9d21154c 9216 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9217 return NULL;
wolfSSL 0:d92f9d21154c 9218 }
wolfSSL 0:d92f9d21154c 9219
wolfSSL 0:d92f9d21154c 9220 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 9221
wolfSSL 0:d92f9d21154c 9222 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 9223 der.length = 0;
wolfSSL 0:d92f9d21154c 9224
wolfSSL 0:d92f9d21154c 9225 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:d92f9d21154c 9226 int ecc = 0;
wolfSSL 0:d92f9d21154c 9227 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9228 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 9229 #else
wolfSSL 0:d92f9d21154c 9230 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 9231 #endif
wolfSSL 0:d92f9d21154c 9232
wolfSSL 0:d92f9d21154c 9233 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9234 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 9235 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9236 if (info == NULL) {
wolfSSL 0:d92f9d21154c 9237 if (dynamic)
wolfSSL 0:d92f9d21154c 9238 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9239
wolfSSL 0:d92f9d21154c 9240 return NULL;
wolfSSL 0:d92f9d21154c 9241 }
wolfSSL 0:d92f9d21154c 9242 #endif
wolfSSL 0:d92f9d21154c 9243
wolfSSL 0:d92f9d21154c 9244 info->set = 0;
wolfSSL 0:d92f9d21154c 9245 info->ctx = NULL;
wolfSSL 0:d92f9d21154c 9246 info->consumed = 0;
wolfSSL 0:d92f9d21154c 9247
wolfSSL 0:d92f9d21154c 9248 if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0)
wolfSSL 0:d92f9d21154c 9249 {
wolfSSL 0:d92f9d21154c 9250 /* Only time this should fail, and leave `der` with a buffer
wolfSSL 0:d92f9d21154c 9251 is when the Base64 Decode fails. Release `der.buffer` in
wolfSSL 0:d92f9d21154c 9252 that case. */
wolfSSL 0:d92f9d21154c 9253 if (der.buffer != NULL) {
wolfSSL 0:d92f9d21154c 9254 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 9255 der.buffer = NULL;
wolfSSL 0:d92f9d21154c 9256 }
wolfSSL 0:d92f9d21154c 9257 }
wolfSSL 0:d92f9d21154c 9258
wolfSSL 0:d92f9d21154c 9259 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9260 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9261 #endif
wolfSSL 0:d92f9d21154c 9262 }
wolfSSL 0:d92f9d21154c 9263 else {
wolfSSL 0:d92f9d21154c 9264 der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 9265 if (der.buffer != NULL) {
wolfSSL 0:d92f9d21154c 9266 XMEMCPY(der.buffer, fileBuffer, sz);
wolfSSL 0:d92f9d21154c 9267 der.length = (word32)sz;
wolfSSL 0:d92f9d21154c 9268 }
wolfSSL 0:d92f9d21154c 9269 }
wolfSSL 0:d92f9d21154c 9270
wolfSSL 0:d92f9d21154c 9271 if (dynamic)
wolfSSL 0:d92f9d21154c 9272 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 9273
wolfSSL 0:d92f9d21154c 9274 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 0:d92f9d21154c 9275 /* ready to be decoded. */
wolfSSL 0:d92f9d21154c 9276 if (der.buffer != NULL) {
wolfSSL 0:d92f9d21154c 9277 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9278 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 9279 #else
wolfSSL 0:d92f9d21154c 9280 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 9281 #endif
wolfSSL 0:d92f9d21154c 9282
wolfSSL 0:d92f9d21154c 9283 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9284 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 9285 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9286 if (cert != NULL)
wolfSSL 0:d92f9d21154c 9287 #endif
wolfSSL 0:d92f9d21154c 9288 {
wolfSSL 0:d92f9d21154c 9289 InitDecodedCert(cert, der.buffer, der.length, NULL);
wolfSSL 0:d92f9d21154c 9290 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:d92f9d21154c 9291 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 0:d92f9d21154c 9292 DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 9293 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 9294 InitX509(x509, 1);
wolfSSL 0:d92f9d21154c 9295 if (CopyDecodedToX509(x509, cert) != 0) {
wolfSSL 0:d92f9d21154c 9296 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 9297 x509 = NULL;
wolfSSL 0:d92f9d21154c 9298 }
wolfSSL 0:d92f9d21154c 9299 }
wolfSSL 0:d92f9d21154c 9300 }
wolfSSL 0:d92f9d21154c 9301
wolfSSL 0:d92f9d21154c 9302 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 9303 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 9304 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 9305 #endif
wolfSSL 0:d92f9d21154c 9306 }
wolfSSL 0:d92f9d21154c 9307
wolfSSL 0:d92f9d21154c 9308 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 9309 }
wolfSSL 0:d92f9d21154c 9310
wolfSSL 0:d92f9d21154c 9311 return x509;
wolfSSL 0:d92f9d21154c 9312 }
wolfSSL 0:d92f9d21154c 9313
wolfSSL 0:d92f9d21154c 9314 #endif /* NO_FILESYSTEM */
wolfSSL 0:d92f9d21154c 9315
wolfSSL 0:d92f9d21154c 9316 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 0:d92f9d21154c 9317
wolfSSL 0:d92f9d21154c 9318
wolfSSL 0:d92f9d21154c 9319 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 9320 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
wolfSSL 0:d92f9d21154c 9321 {
wolfSSL 0:d92f9d21154c 9322 #ifdef FORTRESS
wolfSSL 0:d92f9d21154c 9323 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:d92f9d21154c 9324 {
wolfSSL 0:d92f9d21154c 9325 ssl->ex_data[idx] = data;
wolfSSL 0:d92f9d21154c 9326 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 9327 }
wolfSSL 0:d92f9d21154c 9328 #else
wolfSSL 0:d92f9d21154c 9329 (void)ssl;
wolfSSL 0:d92f9d21154c 9330 (void)idx;
wolfSSL 0:d92f9d21154c 9331 (void)data;
wolfSSL 0:d92f9d21154c 9332 #endif
wolfSSL 0:d92f9d21154c 9333 return SSL_FAILURE;
wolfSSL 0:d92f9d21154c 9334 }
wolfSSL 0:d92f9d21154c 9335
wolfSSL 0:d92f9d21154c 9336
wolfSSL 0:d92f9d21154c 9337 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
wolfSSL 0:d92f9d21154c 9338 unsigned int len)
wolfSSL 0:d92f9d21154c 9339 {
wolfSSL 0:d92f9d21154c 9340 (void)ssl;
wolfSSL 0:d92f9d21154c 9341 (void)id;
wolfSSL 0:d92f9d21154c 9342 (void)len;
wolfSSL 0:d92f9d21154c 9343 return 0;
wolfSSL 0:d92f9d21154c 9344 }
wolfSSL 0:d92f9d21154c 9345
wolfSSL 0:d92f9d21154c 9346
wolfSSL 0:d92f9d21154c 9347 void wolfSSL_set_connect_state(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9348 {
wolfSSL 0:d92f9d21154c 9349 (void)ssl;
wolfSSL 0:d92f9d21154c 9350 /* client by default */
wolfSSL 0:d92f9d21154c 9351 }
wolfSSL 0:d92f9d21154c 9352 #endif
wolfSSL 0:d92f9d21154c 9353
wolfSSL 0:d92f9d21154c 9354 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9355 {
wolfSSL 0:d92f9d21154c 9356 return (ssl->options.isClosed ||
wolfSSL 0:d92f9d21154c 9357 ssl->options.connReset ||
wolfSSL 0:d92f9d21154c 9358 ssl->options.sentNotify);
wolfSSL 0:d92f9d21154c 9359 }
wolfSSL 0:d92f9d21154c 9360
wolfSSL 0:d92f9d21154c 9361
wolfSSL 0:d92f9d21154c 9362 int wolfSSL_session_reused(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9363 {
wolfSSL 0:d92f9d21154c 9364 return ssl->options.resuming;
wolfSSL 0:d92f9d21154c 9365 }
wolfSSL 0:d92f9d21154c 9366
wolfSSL 0:d92f9d21154c 9367 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 9368 void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 9369 {
wolfSSL 0:d92f9d21154c 9370 (void)session;
wolfSSL 0:d92f9d21154c 9371 }
wolfSSL 0:d92f9d21154c 9372 #endif
wolfSSL 0:d92f9d21154c 9373
wolfSSL 0:d92f9d21154c 9374 const char* wolfSSL_get_version(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9375 {
wolfSSL 0:d92f9d21154c 9376 WOLFSSL_ENTER("SSL_get_version");
wolfSSL 0:d92f9d21154c 9377 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 0:d92f9d21154c 9378 switch (ssl->version.minor) {
wolfSSL 0:d92f9d21154c 9379 case SSLv3_MINOR :
wolfSSL 0:d92f9d21154c 9380 return "SSLv3";
wolfSSL 0:d92f9d21154c 9381 case TLSv1_MINOR :
wolfSSL 0:d92f9d21154c 9382 return "TLSv1";
wolfSSL 0:d92f9d21154c 9383 case TLSv1_1_MINOR :
wolfSSL 0:d92f9d21154c 9384 return "TLSv1.1";
wolfSSL 0:d92f9d21154c 9385 case TLSv1_2_MINOR :
wolfSSL 0:d92f9d21154c 9386 return "TLSv1.2";
wolfSSL 0:d92f9d21154c 9387 default:
wolfSSL 0:d92f9d21154c 9388 return "unknown";
wolfSSL 0:d92f9d21154c 9389 }
wolfSSL 0:d92f9d21154c 9390 }
wolfSSL 0:d92f9d21154c 9391 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:d92f9d21154c 9392 switch (ssl->version.minor) {
wolfSSL 0:d92f9d21154c 9393 case DTLS_MINOR :
wolfSSL 0:d92f9d21154c 9394 return "DTLS";
wolfSSL 0:d92f9d21154c 9395 case DTLSv1_2_MINOR :
wolfSSL 0:d92f9d21154c 9396 return "DTLSv1.2";
wolfSSL 0:d92f9d21154c 9397 default:
wolfSSL 0:d92f9d21154c 9398 return "unknown";
wolfSSL 0:d92f9d21154c 9399 }
wolfSSL 0:d92f9d21154c 9400 }
wolfSSL 0:d92f9d21154c 9401 return "unknown";
wolfSSL 0:d92f9d21154c 9402 }
wolfSSL 0:d92f9d21154c 9403
wolfSSL 0:d92f9d21154c 9404
wolfSSL 0:d92f9d21154c 9405 /* current library version */
wolfSSL 0:d92f9d21154c 9406 const char* wolfSSL_lib_version(void)
wolfSSL 0:d92f9d21154c 9407 {
wolfSSL 0:d92f9d21154c 9408 return LIBWOLFSSL_VERSION_STRING;
wolfSSL 0:d92f9d21154c 9409 }
wolfSSL 0:d92f9d21154c 9410
wolfSSL 0:d92f9d21154c 9411
wolfSSL 0:d92f9d21154c 9412 /* current library version in hex */
wolfSSL 0:d92f9d21154c 9413 word32 wolfSSL_lib_version_hex(void)
wolfSSL 0:d92f9d21154c 9414 {
wolfSSL 0:d92f9d21154c 9415 return LIBWOLFSSL_VERSION_HEX;
wolfSSL 0:d92f9d21154c 9416 }
wolfSSL 0:d92f9d21154c 9417
wolfSSL 0:d92f9d21154c 9418
wolfSSL 0:d92f9d21154c 9419 int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9420 {
wolfSSL 0:d92f9d21154c 9421 WOLFSSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 0:d92f9d21154c 9422 if (ssl)
wolfSSL 0:d92f9d21154c 9423 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 0:d92f9d21154c 9424 return 0;
wolfSSL 0:d92f9d21154c 9425 }
wolfSSL 0:d92f9d21154c 9426
wolfSSL 0:d92f9d21154c 9427 WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9428 {
wolfSSL 0:d92f9d21154c 9429 WOLFSSL_ENTER("SSL_get_current_cipher");
wolfSSL 0:d92f9d21154c 9430 if (ssl)
wolfSSL 0:d92f9d21154c 9431 return &ssl->cipher;
wolfSSL 0:d92f9d21154c 9432 else
wolfSSL 0:d92f9d21154c 9433 return NULL;
wolfSSL 0:d92f9d21154c 9434 }
wolfSSL 0:d92f9d21154c 9435
wolfSSL 0:d92f9d21154c 9436
wolfSSL 0:d92f9d21154c 9437 const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
wolfSSL 0:d92f9d21154c 9438 {
wolfSSL 0:d92f9d21154c 9439 (void)cipher;
wolfSSL 0:d92f9d21154c 9440
wolfSSL 0:d92f9d21154c 9441 WOLFSSL_ENTER("SSL_CIPHER_get_name");
wolfSSL 0:d92f9d21154c 9442 #ifndef NO_ERROR_STRINGS
wolfSSL 0:d92f9d21154c 9443 if (cipher) {
wolfSSL 0:d92f9d21154c 9444 #if defined(HAVE_CHACHA)
wolfSSL 0:d92f9d21154c 9445 if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
wolfSSL 0:d92f9d21154c 9446 /* ChaCha suites */
wolfSSL 0:d92f9d21154c 9447 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:d92f9d21154c 9448 #ifdef HAVE_CHACHA
wolfSSL 0:d92f9d21154c 9449 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9450 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 0:d92f9d21154c 9451 return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 0:d92f9d21154c 9452
wolfSSL 0:d92f9d21154c 9453 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 0:d92f9d21154c 9454 return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 0:d92f9d21154c 9455 #endif
wolfSSL 0:d92f9d21154c 9456 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 0:d92f9d21154c 9457 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 0:d92f9d21154c 9458 #endif
wolfSSL 0:d92f9d21154c 9459 }
wolfSSL 0:d92f9d21154c 9460 }
wolfSSL 0:d92f9d21154c 9461 #endif
wolfSSL 0:d92f9d21154c 9462
wolfSSL 0:d92f9d21154c 9463 #if defined(HAVE_ECC) || defined(HAVE_AESCCM)
wolfSSL 0:d92f9d21154c 9464 /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
wolfSSL 0:d92f9d21154c 9465 * but the AES-CCM cipher suites also use it, even the ones that
wolfSSL 0:d92f9d21154c 9466 * aren't ECC. */
wolfSSL 0:d92f9d21154c 9467 if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
wolfSSL 0:d92f9d21154c 9468 /* ECC suites */
wolfSSL 0:d92f9d21154c 9469 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:d92f9d21154c 9470 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 9471 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9472 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9473 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9474 #endif
wolfSSL 0:d92f9d21154c 9475 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9476 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9477 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9478 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9479 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9480 #endif
wolfSSL 0:d92f9d21154c 9481 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9482 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9483 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9484 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9485 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9486 #endif
wolfSSL 0:d92f9d21154c 9487 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9488 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9489 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9490 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9491 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9492 #endif
wolfSSL 0:d92f9d21154c 9493 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9494 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9495 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9496 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9497 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9498 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9499 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9500 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9501 #endif
wolfSSL 0:d92f9d21154c 9502 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9503 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9504 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9505 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9506 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 9507 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9508 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9509 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9510 #endif
wolfSSL 0:d92f9d21154c 9511 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9512 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9513 #endif
wolfSSL 0:d92f9d21154c 9514 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 9515 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9516 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9517 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9518 #endif
wolfSSL 0:d92f9d21154c 9519 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9520 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9521 #endif
wolfSSL 0:d92f9d21154c 9522
wolfSSL 0:d92f9d21154c 9523 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9524 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9525 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9526 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9527 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9528 #endif
wolfSSL 0:d92f9d21154c 9529 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9530 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9531 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9532 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9533 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 9534 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9535 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9536 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9537 #endif
wolfSSL 0:d92f9d21154c 9538 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9539 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9540 #endif
wolfSSL 0:d92f9d21154c 9541 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 9542 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9543 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9544 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9545 #endif
wolfSSL 0:d92f9d21154c 9546 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9547 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9548 #endif
wolfSSL 0:d92f9d21154c 9549 #endif /* NO_SHA */
wolfSSL 0:d92f9d21154c 9550
wolfSSL 0:d92f9d21154c 9551 #ifdef HAVE_AESGCM
wolfSSL 0:d92f9d21154c 9552 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9553 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9554 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9555 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9556 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9557 #endif
wolfSSL 0:d92f9d21154c 9558 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9559 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9560 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9561 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9562 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9563 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9564 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9565 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9566 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9567 #endif
wolfSSL 0:d92f9d21154c 9568 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9569 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9570 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9571 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9572 #endif
wolfSSL 0:d92f9d21154c 9573 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 9574
wolfSSL 0:d92f9d21154c 9575 #ifdef HAVE_AESCCM
wolfSSL 0:d92f9d21154c 9576 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9577 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 0:d92f9d21154c 9578 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 0:d92f9d21154c 9579 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 0:d92f9d21154c 9580 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 0:d92f9d21154c 9581 #endif
wolfSSL 0:d92f9d21154c 9582 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 9583 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 0:d92f9d21154c 9584 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 0:d92f9d21154c 9585 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 0:d92f9d21154c 9586 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 0:d92f9d21154c 9587 case TLS_PSK_WITH_AES_128_CCM :
wolfSSL 0:d92f9d21154c 9588 return "TLS_PSK_WITH_AES_128_CCM";
wolfSSL 0:d92f9d21154c 9589 case TLS_PSK_WITH_AES_256_CCM :
wolfSSL 0:d92f9d21154c 9590 return "TLS_PSK_WITH_AES_256_CCM";
wolfSSL 0:d92f9d21154c 9591 case TLS_DHE_PSK_WITH_AES_128_CCM :
wolfSSL 0:d92f9d21154c 9592 return "TLS_DHE_PSK_WITH_AES_128_CCM";
wolfSSL 0:d92f9d21154c 9593 case TLS_DHE_PSK_WITH_AES_256_CCM :
wolfSSL 0:d92f9d21154c 9594 return "TLS_DHE_PSK_WITH_AES_256_CCM";
wolfSSL 0:d92f9d21154c 9595 #endif
wolfSSL 0:d92f9d21154c 9596 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 9597 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 0:d92f9d21154c 9598 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 0:d92f9d21154c 9599 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 0:d92f9d21154c 9600 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 0:d92f9d21154c 9601 #endif
wolfSSL 0:d92f9d21154c 9602 #endif
wolfSSL 0:d92f9d21154c 9603
wolfSSL 0:d92f9d21154c 9604 default:
wolfSSL 0:d92f9d21154c 9605 return "NONE";
wolfSSL 0:d92f9d21154c 9606 }
wolfSSL 0:d92f9d21154c 9607 }
wolfSSL 0:d92f9d21154c 9608 #endif /* ECC */
wolfSSL 0:d92f9d21154c 9609 if (cipher->ssl->options.cipherSuite0 != ECC_BYTE &&
wolfSSL 0:d92f9d21154c 9610 cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
wolfSSL 0:d92f9d21154c 9611
wolfSSL 0:d92f9d21154c 9612 /* normal suites */
wolfSSL 0:d92f9d21154c 9613 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:d92f9d21154c 9614 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9615 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 9616 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9617 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9618 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9619 #endif
wolfSSL 0:d92f9d21154c 9620 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 9621 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 0:d92f9d21154c 9622 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 0:d92f9d21154c 9623 #endif
wolfSSL 0:d92f9d21154c 9624 #endif
wolfSSL 0:d92f9d21154c 9625 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9626 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 9627 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9628 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9629 #endif
wolfSSL 0:d92f9d21154c 9630 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9631 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9632 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9633 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9634 #endif
wolfSSL 0:d92f9d21154c 9635 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9636 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9637 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9638 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9639 #ifdef HAVE_BLAKE2
wolfSSL 0:d92f9d21154c 9640 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 0:d92f9d21154c 9641 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 0:d92f9d21154c 9642 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 0:d92f9d21154c 9643 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 0:d92f9d21154c 9644 #endif
wolfSSL 0:d92f9d21154c 9645 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9646 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 0:d92f9d21154c 9647 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 0:d92f9d21154c 9648 #endif
wolfSSL 0:d92f9d21154c 9649 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 0:d92f9d21154c 9650 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 0:d92f9d21154c 9651 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 9652 #ifndef NO_PSK
wolfSSL 0:d92f9d21154c 9653 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9654 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9655 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9656 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9657 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9658 #endif
wolfSSL 0:d92f9d21154c 9659 #ifndef NO_SHA256
wolfSSL 0:d92f9d21154c 9660 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9661 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9662 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 0:d92f9d21154c 9663 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 0:d92f9d21154c 9664 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9665 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9666 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 0:d92f9d21154c 9667 return "TLS_DHE_PSK_WITH_NULL_SHA256";
wolfSSL 0:d92f9d21154c 9668 #ifdef HAVE_AESGCM
wolfSSL 0:d92f9d21154c 9669 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9670 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9671 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9672 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9673 #endif
wolfSSL 0:d92f9d21154c 9674 #endif
wolfSSL 0:d92f9d21154c 9675 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 9676 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9677 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9678 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 0:d92f9d21154c 9679 return "TLS_PSK_WITH_NULL_SHA384";
wolfSSL 0:d92f9d21154c 9680 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:d92f9d21154c 9681 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 0:d92f9d21154c 9682 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 0:d92f9d21154c 9683 return "TLS_DHE_PSK_WITH_NULL_SHA384";
wolfSSL 0:d92f9d21154c 9684 #ifdef HAVE_AESGCM
wolfSSL 0:d92f9d21154c 9685 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9686 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9687 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9688 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9689 #endif
wolfSSL 0:d92f9d21154c 9690 #endif
wolfSSL 0:d92f9d21154c 9691 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9692 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 0:d92f9d21154c 9693 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 0:d92f9d21154c 9694 #endif
wolfSSL 0:d92f9d21154c 9695 #endif /* NO_PSK */
wolfSSL 0:d92f9d21154c 9696 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 9697 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9698 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9699 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9700 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9701 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9702 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9703 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9704 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9705 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9706 #endif
wolfSSL 0:d92f9d21154c 9707 #ifndef NO_HC128
wolfSSL 0:d92f9d21154c 9708 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 9709 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 0:d92f9d21154c 9710 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 0:d92f9d21154c 9711 #endif
wolfSSL 0:d92f9d21154c 9712 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9713 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 0:d92f9d21154c 9714 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 0:d92f9d21154c 9715 #endif
wolfSSL 0:d92f9d21154c 9716 #ifdef HAVE_BLAKE2
wolfSSL 0:d92f9d21154c 9717 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 0:d92f9d21154c 9718 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 0:d92f9d21154c 9719 #endif
wolfSSL 0:d92f9d21154c 9720 #endif /* NO_HC128 */
wolfSSL 0:d92f9d21154c 9721 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9722 #ifndef NO_RABBIT
wolfSSL 0:d92f9d21154c 9723 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 0:d92f9d21154c 9724 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 0:d92f9d21154c 9725 #endif
wolfSSL 0:d92f9d21154c 9726 #ifdef HAVE_NTRU
wolfSSL 0:d92f9d21154c 9727 #ifndef NO_RC4
wolfSSL 0:d92f9d21154c 9728 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 0:d92f9d21154c 9729 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 0:d92f9d21154c 9730 #endif
wolfSSL 0:d92f9d21154c 9731 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 9732 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:d92f9d21154c 9733 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:d92f9d21154c 9734 #endif
wolfSSL 0:d92f9d21154c 9735 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9736 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9737 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9738 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9739 #endif /* HAVE_NTRU */
wolfSSL 0:d92f9d21154c 9740 #endif /* NO_SHA */
wolfSSL 0:d92f9d21154c 9741 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9742 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9743 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9744 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9745 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:d92f9d21154c 9746 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:d92f9d21154c 9747 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:d92f9d21154c 9748 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:d92f9d21154c 9749 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9750 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9751 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9752 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9753 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9754 #endif
wolfSSL 0:d92f9d21154c 9755 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9756 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9757 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9758 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9759 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 9760 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9761 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9762 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:d92f9d21154c 9763 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:d92f9d21154c 9764 #endif
wolfSSL 0:d92f9d21154c 9765 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9766 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9767 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:d92f9d21154c 9768 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:d92f9d21154c 9769 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 9770 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 0:d92f9d21154c 9771 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 0:d92f9d21154c 9772 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
wolfSSL 0:d92f9d21154c 9773 #endif
wolfSSL 0:d92f9d21154c 9774 default:
wolfSSL 0:d92f9d21154c 9775 return "NONE";
wolfSSL 0:d92f9d21154c 9776 } /* switch */
wolfSSL 0:d92f9d21154c 9777 } /* normal / ECC */
wolfSSL 0:d92f9d21154c 9778 }
wolfSSL 0:d92f9d21154c 9779 #endif /* NO_ERROR_STRINGS */
wolfSSL 0:d92f9d21154c 9780 return "NONE";
wolfSSL 0:d92f9d21154c 9781 }
wolfSSL 0:d92f9d21154c 9782
wolfSSL 0:d92f9d21154c 9783
wolfSSL 0:d92f9d21154c 9784 const char* wolfSSL_get_cipher(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 9785 {
wolfSSL 0:d92f9d21154c 9786 WOLFSSL_ENTER("wolfSSL_get_cipher");
wolfSSL 0:d92f9d21154c 9787 return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
wolfSSL 0:d92f9d21154c 9788 }
wolfSSL 0:d92f9d21154c 9789
wolfSSL 0:d92f9d21154c 9790 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 9791
wolfSSL 0:d92f9d21154c 9792
wolfSSL 0:d92f9d21154c 9793
wolfSSL 0:d92f9d21154c 9794 char* wolfSSL_CIPHER_description(WOLFSSL_CIPHER* cipher, char* in, int len)
wolfSSL 0:d92f9d21154c 9795 {
wolfSSL 0:d92f9d21154c 9796 (void)cipher;
wolfSSL 0:d92f9d21154c 9797 (void)in;
wolfSSL 0:d92f9d21154c 9798 (void)len;
wolfSSL 0:d92f9d21154c 9799 return 0;
wolfSSL 0:d92f9d21154c 9800 }
wolfSSL 0:d92f9d21154c 9801
wolfSSL 0:d92f9d21154c 9802
wolfSSL 0:d92f9d21154c 9803 WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) /* what's ref count */
wolfSSL 0:d92f9d21154c 9804 {
wolfSSL 0:d92f9d21154c 9805 (void)ssl;
wolfSSL 0:d92f9d21154c 9806 return 0;
wolfSSL 0:d92f9d21154c 9807 }
wolfSSL 0:d92f9d21154c 9808
wolfSSL 0:d92f9d21154c 9809
wolfSSL 0:d92f9d21154c 9810 void wolfSSL_X509_free(WOLFSSL_X509* buf)
wolfSSL 0:d92f9d21154c 9811 {
wolfSSL 0:d92f9d21154c 9812 FreeX509(buf);
wolfSSL 0:d92f9d21154c 9813 }
wolfSSL 0:d92f9d21154c 9814
wolfSSL 0:d92f9d21154c 9815
wolfSSL 0:d92f9d21154c 9816 /* was do nothing */
wolfSSL 0:d92f9d21154c 9817 /*
wolfSSL 0:d92f9d21154c 9818 void OPENSSL_free(void* buf)
wolfSSL 0:d92f9d21154c 9819 {
wolfSSL 0:d92f9d21154c 9820 (void)buf;
wolfSSL 0:d92f9d21154c 9821 }
wolfSSL 0:d92f9d21154c 9822 */
wolfSSL 0:d92f9d21154c 9823
wolfSSL 0:d92f9d21154c 9824
wolfSSL 0:d92f9d21154c 9825 int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 0:d92f9d21154c 9826 int* ssl)
wolfSSL 0:d92f9d21154c 9827 {
wolfSSL 0:d92f9d21154c 9828 (void)url;
wolfSSL 0:d92f9d21154c 9829 (void)host;
wolfSSL 0:d92f9d21154c 9830 (void)port;
wolfSSL 0:d92f9d21154c 9831 (void)path;
wolfSSL 0:d92f9d21154c 9832 (void)ssl;
wolfSSL 0:d92f9d21154c 9833 return 0;
wolfSSL 0:d92f9d21154c 9834 }
wolfSSL 0:d92f9d21154c 9835
wolfSSL 0:d92f9d21154c 9836
wolfSSL 0:d92f9d21154c 9837 WOLFSSL_METHOD* wolfSSLv2_client_method(void)
wolfSSL 0:d92f9d21154c 9838 {
wolfSSL 0:d92f9d21154c 9839 return 0;
wolfSSL 0:d92f9d21154c 9840 }
wolfSSL 0:d92f9d21154c 9841
wolfSSL 0:d92f9d21154c 9842
wolfSSL 0:d92f9d21154c 9843 WOLFSSL_METHOD* wolfSSLv2_server_method(void)
wolfSSL 0:d92f9d21154c 9844 {
wolfSSL 0:d92f9d21154c 9845 return 0;
wolfSSL 0:d92f9d21154c 9846 }
wolfSSL 0:d92f9d21154c 9847
wolfSSL 0:d92f9d21154c 9848
wolfSSL 0:d92f9d21154c 9849 #ifndef NO_MD4
wolfSSL 0:d92f9d21154c 9850
wolfSSL 0:d92f9d21154c 9851 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
wolfSSL 0:d92f9d21154c 9852 {
wolfSSL 0:d92f9d21154c 9853 /* make sure we have a big enough buffer */
wolfSSL 0:d92f9d21154c 9854 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 0:d92f9d21154c 9855 (void) sizeof(ok);
wolfSSL 0:d92f9d21154c 9856
wolfSSL 0:d92f9d21154c 9857 WOLFSSL_ENTER("MD4_Init");
wolfSSL 0:d92f9d21154c 9858 wc_InitMd4((Md4*)md4);
wolfSSL 0:d92f9d21154c 9859 }
wolfSSL 0:d92f9d21154c 9860
wolfSSL 0:d92f9d21154c 9861
wolfSSL 0:d92f9d21154c 9862 void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
wolfSSL 0:d92f9d21154c 9863 unsigned long len)
wolfSSL 0:d92f9d21154c 9864 {
wolfSSL 0:d92f9d21154c 9865 WOLFSSL_ENTER("MD4_Update");
wolfSSL 0:d92f9d21154c 9866 wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 0:d92f9d21154c 9867 }
wolfSSL 0:d92f9d21154c 9868
wolfSSL 0:d92f9d21154c 9869
wolfSSL 0:d92f9d21154c 9870 void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
wolfSSL 0:d92f9d21154c 9871 {
wolfSSL 0:d92f9d21154c 9872 WOLFSSL_ENTER("MD4_Final");
wolfSSL 0:d92f9d21154c 9873 wc_Md4Final((Md4*)md4, digest);
wolfSSL 0:d92f9d21154c 9874 }
wolfSSL 0:d92f9d21154c 9875
wolfSSL 0:d92f9d21154c 9876 #endif /* NO_MD4 */
wolfSSL 0:d92f9d21154c 9877
wolfSSL 0:d92f9d21154c 9878
wolfSSL 0:d92f9d21154c 9879 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* top)
wolfSSL 0:d92f9d21154c 9880 {
wolfSSL 0:d92f9d21154c 9881 (void)top;
wolfSSL 0:d92f9d21154c 9882 return 0;
wolfSSL 0:d92f9d21154c 9883 }
wolfSSL 0:d92f9d21154c 9884
wolfSSL 0:d92f9d21154c 9885
wolfSSL 0:d92f9d21154c 9886 int wolfSSL_BIO_pending(WOLFSSL_BIO* bio)
wolfSSL 0:d92f9d21154c 9887 {
wolfSSL 0:d92f9d21154c 9888 (void)bio;
wolfSSL 0:d92f9d21154c 9889 return 0;
wolfSSL 0:d92f9d21154c 9890 }
wolfSSL 0:d92f9d21154c 9891
wolfSSL 0:d92f9d21154c 9892
wolfSSL 0:d92f9d21154c 9893
wolfSSL 0:d92f9d21154c 9894 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void)
wolfSSL 0:d92f9d21154c 9895 {
wolfSSL 0:d92f9d21154c 9896 static WOLFSSL_BIO_METHOD meth;
wolfSSL 0:d92f9d21154c 9897
wolfSSL 0:d92f9d21154c 9898 WOLFSSL_ENTER("BIO_s_mem");
wolfSSL 0:d92f9d21154c 9899 meth.type = BIO_MEMORY;
wolfSSL 0:d92f9d21154c 9900
wolfSSL 0:d92f9d21154c 9901 return &meth;
wolfSSL 0:d92f9d21154c 9902 }
wolfSSL 0:d92f9d21154c 9903
wolfSSL 0:d92f9d21154c 9904
wolfSSL 0:d92f9d21154c 9905 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void)
wolfSSL 0:d92f9d21154c 9906 {
wolfSSL 0:d92f9d21154c 9907 return 0;
wolfSSL 0:d92f9d21154c 9908 }
wolfSSL 0:d92f9d21154c 9909
wolfSSL 0:d92f9d21154c 9910
wolfSSL 0:d92f9d21154c 9911 void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags)
wolfSSL 0:d92f9d21154c 9912 {
wolfSSL 0:d92f9d21154c 9913 (void)bio;
wolfSSL 0:d92f9d21154c 9914 (void)flags;
wolfSSL 0:d92f9d21154c 9915 }
wolfSSL 0:d92f9d21154c 9916
wolfSSL 0:d92f9d21154c 9917
wolfSSL 0:d92f9d21154c 9918
wolfSSL 0:d92f9d21154c 9919 void wolfSSL_RAND_screen(void)
wolfSSL 0:d92f9d21154c 9920 {
wolfSSL 0:d92f9d21154c 9921
wolfSSL 0:d92f9d21154c 9922 }
wolfSSL 0:d92f9d21154c 9923
wolfSSL 0:d92f9d21154c 9924
wolfSSL 0:d92f9d21154c 9925 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 0:d92f9d21154c 9926 {
wolfSSL 0:d92f9d21154c 9927 (void)fname;
wolfSSL 0:d92f9d21154c 9928 (void)len;
wolfSSL 0:d92f9d21154c 9929 return 0;
wolfSSL 0:d92f9d21154c 9930 }
wolfSSL 0:d92f9d21154c 9931
wolfSSL 0:d92f9d21154c 9932
wolfSSL 0:d92f9d21154c 9933 int wolfSSL_RAND_write_file(const char* fname)
wolfSSL 0:d92f9d21154c 9934 {
wolfSSL 0:d92f9d21154c 9935 (void)fname;
wolfSSL 0:d92f9d21154c 9936 return 0;
wolfSSL 0:d92f9d21154c 9937 }
wolfSSL 0:d92f9d21154c 9938
wolfSSL 0:d92f9d21154c 9939
wolfSSL 0:d92f9d21154c 9940 int wolfSSL_RAND_load_file(const char* fname, long len)
wolfSSL 0:d92f9d21154c 9941 {
wolfSSL 0:d92f9d21154c 9942 (void)fname;
wolfSSL 0:d92f9d21154c 9943 /* wolfCrypt provides enough entropy internally or will report error */
wolfSSL 0:d92f9d21154c 9944 if (len == -1)
wolfSSL 0:d92f9d21154c 9945 return 1024;
wolfSSL 0:d92f9d21154c 9946 else
wolfSSL 0:d92f9d21154c 9947 return (int)len;
wolfSSL 0:d92f9d21154c 9948 }
wolfSSL 0:d92f9d21154c 9949
wolfSSL 0:d92f9d21154c 9950
wolfSSL 0:d92f9d21154c 9951 int wolfSSL_RAND_egd(const char* path)
wolfSSL 0:d92f9d21154c 9952 {
wolfSSL 0:d92f9d21154c 9953 (void)path;
wolfSSL 0:d92f9d21154c 9954 return 0;
wolfSSL 0:d92f9d21154c 9955 }
wolfSSL 0:d92f9d21154c 9956
wolfSSL 0:d92f9d21154c 9957
wolfSSL 0:d92f9d21154c 9958
wolfSSL 0:d92f9d21154c 9959 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
wolfSSL 0:d92f9d21154c 9960 {
wolfSSL 0:d92f9d21154c 9961 return 0;
wolfSSL 0:d92f9d21154c 9962 }
wolfSSL 0:d92f9d21154c 9963
wolfSSL 0:d92f9d21154c 9964
wolfSSL 0:d92f9d21154c 9965 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
wolfSSL 0:d92f9d21154c 9966 {
wolfSSL 0:d92f9d21154c 9967 return 0;
wolfSSL 0:d92f9d21154c 9968 }
wolfSSL 0:d92f9d21154c 9969
wolfSSL 0:d92f9d21154c 9970
wolfSSL 0:d92f9d21154c 9971 int wolfSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 0:d92f9d21154c 9972 {
wolfSSL 0:d92f9d21154c 9973 (void)method;
wolfSSL 0:d92f9d21154c 9974 (void)data;
wolfSSL 0:d92f9d21154c 9975 return 0;
wolfSSL 0:d92f9d21154c 9976 }
wolfSSL 0:d92f9d21154c 9977
wolfSSL 0:d92f9d21154c 9978
wolfSSL 0:d92f9d21154c 9979
wolfSSL 0:d92f9d21154c 9980 int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL 0:d92f9d21154c 9981 void* cb3)
wolfSSL 0:d92f9d21154c 9982 {
wolfSSL 0:d92f9d21154c 9983 (void)idx;
wolfSSL 0:d92f9d21154c 9984 (void)data;
wolfSSL 0:d92f9d21154c 9985 (void)cb1;
wolfSSL 0:d92f9d21154c 9986 (void)cb2;
wolfSSL 0:d92f9d21154c 9987 (void)cb3;
wolfSSL 0:d92f9d21154c 9988 return 0;
wolfSSL 0:d92f9d21154c 9989 }
wolfSSL 0:d92f9d21154c 9990
wolfSSL 0:d92f9d21154c 9991
wolfSSL 0:d92f9d21154c 9992 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
wolfSSL 0:d92f9d21154c 9993 const char*, int))
wolfSSL 0:d92f9d21154c 9994 {
wolfSSL 0:d92f9d21154c 9995 (void)f;
wolfSSL 0:d92f9d21154c 9996 }
wolfSSL 0:d92f9d21154c 9997
wolfSSL 0:d92f9d21154c 9998
wolfSSL 0:d92f9d21154c 9999 void wolfSSL_set_dynlock_lock_callback(
wolfSSL 0:d92f9d21154c 10000 void (*f)(int, WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 0:d92f9d21154c 10001 {
wolfSSL 0:d92f9d21154c 10002 (void)f;
wolfSSL 0:d92f9d21154c 10003 }
wolfSSL 0:d92f9d21154c 10004
wolfSSL 0:d92f9d21154c 10005
wolfSSL 0:d92f9d21154c 10006 void wolfSSL_set_dynlock_destroy_callback(
wolfSSL 0:d92f9d21154c 10007 void (*f)(WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 0:d92f9d21154c 10008 {
wolfSSL 0:d92f9d21154c 10009 (void)f;
wolfSSL 0:d92f9d21154c 10010 }
wolfSSL 0:d92f9d21154c 10011
wolfSSL 0:d92f9d21154c 10012
wolfSSL 0:d92f9d21154c 10013
wolfSSL 0:d92f9d21154c 10014 const char* wolfSSL_X509_verify_cert_error_string(long err)
wolfSSL 0:d92f9d21154c 10015 {
wolfSSL 0:d92f9d21154c 10016 (void)err;
wolfSSL 0:d92f9d21154c 10017 return 0;
wolfSSL 0:d92f9d21154c 10018 }
wolfSSL 0:d92f9d21154c 10019
wolfSSL 0:d92f9d21154c 10020
wolfSSL 0:d92f9d21154c 10021
wolfSSL 0:d92f9d21154c 10022 int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 0:d92f9d21154c 10023 long len)
wolfSSL 0:d92f9d21154c 10024 {
wolfSSL 0:d92f9d21154c 10025 (void)lookup;
wolfSSL 0:d92f9d21154c 10026 (void)dir;
wolfSSL 0:d92f9d21154c 10027 (void)len;
wolfSSL 0:d92f9d21154c 10028 return 0;
wolfSSL 0:d92f9d21154c 10029 }
wolfSSL 0:d92f9d21154c 10030
wolfSSL 0:d92f9d21154c 10031
wolfSSL 0:d92f9d21154c 10032 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
wolfSSL 0:d92f9d21154c 10033 const char* file, long len)
wolfSSL 0:d92f9d21154c 10034 {
wolfSSL 0:d92f9d21154c 10035 (void)lookup;
wolfSSL 0:d92f9d21154c 10036 (void)file;
wolfSSL 0:d92f9d21154c 10037 (void)len;
wolfSSL 0:d92f9d21154c 10038 return 0;
wolfSSL 0:d92f9d21154c 10039 }
wolfSSL 0:d92f9d21154c 10040
wolfSSL 0:d92f9d21154c 10041
wolfSSL 0:d92f9d21154c 10042 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 0:d92f9d21154c 10043 {
wolfSSL 0:d92f9d21154c 10044 return 0;
wolfSSL 0:d92f9d21154c 10045 }
wolfSSL 0:d92f9d21154c 10046
wolfSSL 0:d92f9d21154c 10047
wolfSSL 0:d92f9d21154c 10048 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
wolfSSL 0:d92f9d21154c 10049 {
wolfSSL 0:d92f9d21154c 10050 return 0;
wolfSSL 0:d92f9d21154c 10051 }
wolfSSL 0:d92f9d21154c 10052
wolfSSL 0:d92f9d21154c 10053
wolfSSL 0:d92f9d21154c 10054
wolfSSL 0:d92f9d21154c 10055 WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
wolfSSL 0:d92f9d21154c 10056 WOLFSSL_X509_LOOKUP_METHOD* m)
wolfSSL 0:d92f9d21154c 10057 {
wolfSSL 0:d92f9d21154c 10058 (void)store;
wolfSSL 0:d92f9d21154c 10059 (void)m;
wolfSSL 0:d92f9d21154c 10060 return 0;
wolfSSL 0:d92f9d21154c 10061 }
wolfSSL 0:d92f9d21154c 10062
wolfSSL 0:d92f9d21154c 10063
wolfSSL 0:d92f9d21154c 10064 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 10065 {
wolfSSL 0:d92f9d21154c 10066 int result = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 10067
wolfSSL 0:d92f9d21154c 10068 WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
wolfSSL 0:d92f9d21154c 10069 if (store != NULL && store->cm != NULL && x509 != NULL) {
wolfSSL 0:d92f9d21154c 10070 buffer derCert;
wolfSSL 0:d92f9d21154c 10071 derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
wolfSSL 0:d92f9d21154c 10072 NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 10073 if (derCert.buffer != NULL) {
wolfSSL 0:d92f9d21154c 10074 derCert.length = x509->derCert.length;
wolfSSL 0:d92f9d21154c 10075 /* AddCA() frees the buffer. */
wolfSSL 0:d92f9d21154c 10076 XMEMCPY(derCert.buffer,
wolfSSL 0:d92f9d21154c 10077 x509->derCert.buffer, x509->derCert.length);
wolfSSL 0:d92f9d21154c 10078 result = AddCA(store->cm, derCert, WOLFSSL_USER_CA, 1);
wolfSSL 0:d92f9d21154c 10079 if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 10080 }
wolfSSL 0:d92f9d21154c 10081 }
wolfSSL 0:d92f9d21154c 10082
wolfSSL 0:d92f9d21154c 10083 WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
wolfSSL 0:d92f9d21154c 10084 return result;
wolfSSL 0:d92f9d21154c 10085 }
wolfSSL 0:d92f9d21154c 10086
wolfSSL 0:d92f9d21154c 10087
wolfSSL 0:d92f9d21154c 10088 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
wolfSSL 0:d92f9d21154c 10089 {
wolfSSL 0:d92f9d21154c 10090 WOLFSSL_X509_STORE* store = NULL;
wolfSSL 0:d92f9d21154c 10091
wolfSSL 0:d92f9d21154c 10092 store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, 0);
wolfSSL 0:d92f9d21154c 10093 if (store != NULL) {
wolfSSL 0:d92f9d21154c 10094 store->cm = wolfSSL_CertManagerNew();
wolfSSL 0:d92f9d21154c 10095 if (store->cm == NULL) {
wolfSSL 0:d92f9d21154c 10096 XFREE(store, NULL, 0);
wolfSSL 0:d92f9d21154c 10097 store = NULL;
wolfSSL 0:d92f9d21154c 10098 }
wolfSSL 0:d92f9d21154c 10099 }
wolfSSL 0:d92f9d21154c 10100
wolfSSL 0:d92f9d21154c 10101 return store;
wolfSSL 0:d92f9d21154c 10102 }
wolfSSL 0:d92f9d21154c 10103
wolfSSL 0:d92f9d21154c 10104
wolfSSL 0:d92f9d21154c 10105 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
wolfSSL 0:d92f9d21154c 10106 {
wolfSSL 0:d92f9d21154c 10107 if (store != NULL) {
wolfSSL 0:d92f9d21154c 10108 if (store->cm != NULL)
wolfSSL 0:d92f9d21154c 10109 wolfSSL_CertManagerFree(store->cm);
wolfSSL 0:d92f9d21154c 10110 XFREE(store, NULL, 0);
wolfSSL 0:d92f9d21154c 10111 }
wolfSSL 0:d92f9d21154c 10112 }
wolfSSL 0:d92f9d21154c 10113
wolfSSL 0:d92f9d21154c 10114
wolfSSL 0:d92f9d21154c 10115 int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
wolfSSL 0:d92f9d21154c 10116 {
wolfSSL 0:d92f9d21154c 10117 (void)store;
wolfSSL 0:d92f9d21154c 10118 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10119 }
wolfSSL 0:d92f9d21154c 10120
wolfSSL 0:d92f9d21154c 10121
wolfSSL 0:d92f9d21154c 10122 int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 0:d92f9d21154c 10123 WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
wolfSSL 0:d92f9d21154c 10124 {
wolfSSL 0:d92f9d21154c 10125 (void)ctx;
wolfSSL 0:d92f9d21154c 10126 (void)idx;
wolfSSL 0:d92f9d21154c 10127 (void)name;
wolfSSL 0:d92f9d21154c 10128 (void)obj;
wolfSSL 0:d92f9d21154c 10129 return 0;
wolfSSL 0:d92f9d21154c 10130 }
wolfSSL 0:d92f9d21154c 10131
wolfSSL 0:d92f9d21154c 10132
wolfSSL 0:d92f9d21154c 10133 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
wolfSSL 0:d92f9d21154c 10134 {
wolfSSL 0:d92f9d21154c 10135 WOLFSSL_X509_STORE_CTX* ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 0:d92f9d21154c 10136 sizeof(WOLFSSL_X509_STORE_CTX), NULL, 0);
wolfSSL 0:d92f9d21154c 10137
wolfSSL 0:d92f9d21154c 10138 if (ctx != NULL)
wolfSSL 0:d92f9d21154c 10139 wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 0:d92f9d21154c 10140
wolfSSL 0:d92f9d21154c 10141 return ctx;
wolfSSL 0:d92f9d21154c 10142 }
wolfSSL 0:d92f9d21154c 10143
wolfSSL 0:d92f9d21154c 10144
wolfSSL 0:d92f9d21154c 10145 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 0:d92f9d21154c 10146 WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 0:d92f9d21154c 10147 {
wolfSSL 0:d92f9d21154c 10148 (void)sk;
wolfSSL 0:d92f9d21154c 10149 if (ctx != NULL) {
wolfSSL 0:d92f9d21154c 10150 ctx->store = store;
wolfSSL 0:d92f9d21154c 10151 ctx->current_cert = x509;
wolfSSL 0:d92f9d21154c 10152 ctx->domain = NULL;
wolfSSL 0:d92f9d21154c 10153 ctx->ex_data = NULL;
wolfSSL 0:d92f9d21154c 10154 ctx->userCtx = NULL;
wolfSSL 0:d92f9d21154c 10155 ctx->error = 0;
wolfSSL 0:d92f9d21154c 10156 ctx->error_depth = 0;
wolfSSL 0:d92f9d21154c 10157 ctx->discardSessionCerts = 0;
wolfSSL 0:d92f9d21154c 10158 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10159 }
wolfSSL 0:d92f9d21154c 10160 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 10161 }
wolfSSL 0:d92f9d21154c 10162
wolfSSL 0:d92f9d21154c 10163
wolfSSL 0:d92f9d21154c 10164 void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 10165 {
wolfSSL 0:d92f9d21154c 10166 if (ctx != NULL) {
wolfSSL 0:d92f9d21154c 10167 if (ctx->store != NULL)
wolfSSL 0:d92f9d21154c 10168 wolfSSL_X509_STORE_free(ctx->store);
wolfSSL 0:d92f9d21154c 10169 if (ctx->current_cert != NULL)
wolfSSL 0:d92f9d21154c 10170 wolfSSL_FreeX509(ctx->current_cert);
wolfSSL 0:d92f9d21154c 10171 XFREE(ctx, NULL, 0);
wolfSSL 0:d92f9d21154c 10172 }
wolfSSL 0:d92f9d21154c 10173 }
wolfSSL 0:d92f9d21154c 10174
wolfSSL 0:d92f9d21154c 10175
wolfSSL 0:d92f9d21154c 10176 void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 10177 {
wolfSSL 0:d92f9d21154c 10178 (void)ctx;
wolfSSL 0:d92f9d21154c 10179 }
wolfSSL 0:d92f9d21154c 10180
wolfSSL 0:d92f9d21154c 10181
wolfSSL 0:d92f9d21154c 10182 int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 0:d92f9d21154c 10183 {
wolfSSL 0:d92f9d21154c 10184 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 0:d92f9d21154c 10185 && ctx->current_cert != NULL) {
wolfSSL 0:d92f9d21154c 10186 return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 0:d92f9d21154c 10187 ctx->current_cert->derCert.buffer,
wolfSSL 0:d92f9d21154c 10188 ctx->current_cert->derCert.length,
wolfSSL 0:d92f9d21154c 10189 SSL_FILETYPE_ASN1);
wolfSSL 0:d92f9d21154c 10190 }
wolfSSL 0:d92f9d21154c 10191 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 10192 }
wolfSSL 0:d92f9d21154c 10193
wolfSSL 0:d92f9d21154c 10194
wolfSSL 0:d92f9d21154c 10195 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 0:d92f9d21154c 10196 {
wolfSSL 0:d92f9d21154c 10197 (void)crl;
wolfSSL 0:d92f9d21154c 10198 return 0;
wolfSSL 0:d92f9d21154c 10199 }
wolfSSL 0:d92f9d21154c 10200
wolfSSL 0:d92f9d21154c 10201
wolfSSL 0:d92f9d21154c 10202 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 0:d92f9d21154c 10203 {
wolfSSL 0:d92f9d21154c 10204 (void)crl;
wolfSSL 0:d92f9d21154c 10205 return 0;
wolfSSL 0:d92f9d21154c 10206 }
wolfSSL 0:d92f9d21154c 10207
wolfSSL 0:d92f9d21154c 10208
wolfSSL 0:d92f9d21154c 10209
wolfSSL 0:d92f9d21154c 10210 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 10211 {
wolfSSL 0:d92f9d21154c 10212 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 0:d92f9d21154c 10213 if (x509 != NULL) {
wolfSSL 0:d92f9d21154c 10214 key = (WOLFSSL_EVP_PKEY*)XMALLOC(
wolfSSL 0:d92f9d21154c 10215 sizeof(WOLFSSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:d92f9d21154c 10216 if (key != NULL) {
wolfSSL 0:d92f9d21154c 10217 key->type = x509->pubKeyOID;
wolfSSL 0:d92f9d21154c 10218 key->save_type = 0;
wolfSSL 0:d92f9d21154c 10219 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 0:d92f9d21154c 10220 x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:d92f9d21154c 10221 if (key->pkey.ptr == NULL) {
wolfSSL 0:d92f9d21154c 10222 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:d92f9d21154c 10223 return NULL;
wolfSSL 0:d92f9d21154c 10224 }
wolfSSL 0:d92f9d21154c 10225 XMEMCPY(key->pkey.ptr,
wolfSSL 0:d92f9d21154c 10226 x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 0:d92f9d21154c 10227 key->pkey_sz = x509->pubKey.length;
wolfSSL 0:d92f9d21154c 10228 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 10229 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 0:d92f9d21154c 10230 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 10231 }
wolfSSL 0:d92f9d21154c 10232 }
wolfSSL 0:d92f9d21154c 10233 return key;
wolfSSL 0:d92f9d21154c 10234 }
wolfSSL 0:d92f9d21154c 10235
wolfSSL 0:d92f9d21154c 10236
wolfSSL 0:d92f9d21154c 10237 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
wolfSSL 0:d92f9d21154c 10238 {
wolfSSL 0:d92f9d21154c 10239 (void)crl;
wolfSSL 0:d92f9d21154c 10240 (void)key;
wolfSSL 0:d92f9d21154c 10241 return 0;
wolfSSL 0:d92f9d21154c 10242 }
wolfSSL 0:d92f9d21154c 10243
wolfSSL 0:d92f9d21154c 10244
wolfSSL 0:d92f9d21154c 10245 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err)
wolfSSL 0:d92f9d21154c 10246 {
wolfSSL 0:d92f9d21154c 10247 (void)ctx;
wolfSSL 0:d92f9d21154c 10248 (void)err;
wolfSSL 0:d92f9d21154c 10249 }
wolfSSL 0:d92f9d21154c 10250
wolfSSL 0:d92f9d21154c 10251
wolfSSL 0:d92f9d21154c 10252 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
wolfSSL 0:d92f9d21154c 10253 {
wolfSSL 0:d92f9d21154c 10254 (void)obj;
wolfSSL 0:d92f9d21154c 10255 }
wolfSSL 0:d92f9d21154c 10256
wolfSSL 0:d92f9d21154c 10257
wolfSSL 0:d92f9d21154c 10258 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
wolfSSL 0:d92f9d21154c 10259 {
wolfSSL 0:d92f9d21154c 10260 if (key != NULL) {
wolfSSL 0:d92f9d21154c 10261 if (key->pkey.ptr != NULL)
wolfSSL 0:d92f9d21154c 10262 XFREE(key->pkey.ptr, NULL, 0);
wolfSSL 0:d92f9d21154c 10263 XFREE(key, NULL, 0);
wolfSSL 0:d92f9d21154c 10264 }
wolfSSL 0:d92f9d21154c 10265 }
wolfSSL 0:d92f9d21154c 10266
wolfSSL 0:d92f9d21154c 10267
wolfSSL 0:d92f9d21154c 10268 int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 0:d92f9d21154c 10269 {
wolfSSL 0:d92f9d21154c 10270 (void)asnTime;
wolfSSL 0:d92f9d21154c 10271 return 0;
wolfSSL 0:d92f9d21154c 10272 }
wolfSSL 0:d92f9d21154c 10273
wolfSSL 0:d92f9d21154c 10274
wolfSSL 0:d92f9d21154c 10275 int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked)
wolfSSL 0:d92f9d21154c 10276 {
wolfSSL 0:d92f9d21154c 10277 (void)revoked;
wolfSSL 0:d92f9d21154c 10278 return 0;
wolfSSL 0:d92f9d21154c 10279 }
wolfSSL 0:d92f9d21154c 10280
wolfSSL 0:d92f9d21154c 10281
wolfSSL 0:d92f9d21154c 10282
wolfSSL 0:d92f9d21154c 10283 WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
wolfSSL 0:d92f9d21154c 10284 {
wolfSSL 0:d92f9d21154c 10285 (void)crl;
wolfSSL 0:d92f9d21154c 10286 return 0;
wolfSSL 0:d92f9d21154c 10287 }
wolfSSL 0:d92f9d21154c 10288
wolfSSL 0:d92f9d21154c 10289
wolfSSL 0:d92f9d21154c 10290 WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
wolfSSL 0:d92f9d21154c 10291 WOLFSSL_X509_REVOKED* revoked, int value)
wolfSSL 0:d92f9d21154c 10292 {
wolfSSL 0:d92f9d21154c 10293 (void)revoked;
wolfSSL 0:d92f9d21154c 10294 (void)value;
wolfSSL 0:d92f9d21154c 10295 return 0;
wolfSSL 0:d92f9d21154c 10296 }
wolfSSL 0:d92f9d21154c 10297
wolfSSL 0:d92f9d21154c 10298
wolfSSL 0:d92f9d21154c 10299
wolfSSL 0:d92f9d21154c 10300 WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 10301 {
wolfSSL 0:d92f9d21154c 10302 (void)x509;
wolfSSL 0:d92f9d21154c 10303 return 0;
wolfSSL 0:d92f9d21154c 10304 }
wolfSSL 0:d92f9d21154c 10305
wolfSSL 0:d92f9d21154c 10306
wolfSSL 0:d92f9d21154c 10307 int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 0:d92f9d21154c 10308 {
wolfSSL 0:d92f9d21154c 10309 (void)bio;
wolfSSL 0:d92f9d21154c 10310 (void)asnTime;
wolfSSL 0:d92f9d21154c 10311 return 0;
wolfSSL 0:d92f9d21154c 10312 }
wolfSSL 0:d92f9d21154c 10313
wolfSSL 0:d92f9d21154c 10314
wolfSSL 0:d92f9d21154c 10315
wolfSSL 0:d92f9d21154c 10316 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
wolfSSL 0:d92f9d21154c 10317 const WOLFSSL_ASN1_INTEGER* b)
wolfSSL 0:d92f9d21154c 10318 {
wolfSSL 0:d92f9d21154c 10319 (void)a;
wolfSSL 0:d92f9d21154c 10320 (void)b;
wolfSSL 0:d92f9d21154c 10321 return 0;
wolfSSL 0:d92f9d21154c 10322 }
wolfSSL 0:d92f9d21154c 10323
wolfSSL 0:d92f9d21154c 10324
wolfSSL 0:d92f9d21154c 10325 long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
wolfSSL 0:d92f9d21154c 10326 {
wolfSSL 0:d92f9d21154c 10327 (void)i;
wolfSSL 0:d92f9d21154c 10328 return 0;
wolfSSL 0:d92f9d21154c 10329 }
wolfSSL 0:d92f9d21154c 10330
wolfSSL 0:d92f9d21154c 10331
wolfSSL 0:d92f9d21154c 10332
wolfSSL 0:d92f9d21154c 10333 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 0:d92f9d21154c 10334 {
wolfSSL 0:d92f9d21154c 10335 #ifdef FORTRESS
wolfSSL 0:d92f9d21154c 10336 if (ctx != NULL && idx == 0)
wolfSSL 0:d92f9d21154c 10337 return ctx->ex_data;
wolfSSL 0:d92f9d21154c 10338 #else
wolfSSL 0:d92f9d21154c 10339 (void)ctx;
wolfSSL 0:d92f9d21154c 10340 (void)idx;
wolfSSL 0:d92f9d21154c 10341 #endif
wolfSSL 0:d92f9d21154c 10342 return 0;
wolfSSL 0:d92f9d21154c 10343 }
wolfSSL 0:d92f9d21154c 10344
wolfSSL 0:d92f9d21154c 10345
wolfSSL 0:d92f9d21154c 10346 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 0:d92f9d21154c 10347 {
wolfSSL 0:d92f9d21154c 10348 return 0;
wolfSSL 0:d92f9d21154c 10349 }
wolfSSL 0:d92f9d21154c 10350
wolfSSL 0:d92f9d21154c 10351
wolfSSL 0:d92f9d21154c 10352 void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
wolfSSL 0:d92f9d21154c 10353 {
wolfSSL 0:d92f9d21154c 10354 #ifdef FORTRESS
wolfSSL 0:d92f9d21154c 10355 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:d92f9d21154c 10356 return ssl->ex_data[idx];
wolfSSL 0:d92f9d21154c 10357 #else
wolfSSL 0:d92f9d21154c 10358 (void)ssl;
wolfSSL 0:d92f9d21154c 10359 (void)idx;
wolfSSL 0:d92f9d21154c 10360 #endif
wolfSSL 0:d92f9d21154c 10361 return 0;
wolfSSL 0:d92f9d21154c 10362 }
wolfSSL 0:d92f9d21154c 10363
wolfSSL 0:d92f9d21154c 10364
wolfSSL 0:d92f9d21154c 10365 void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void))
wolfSSL 0:d92f9d21154c 10366 {
wolfSSL 0:d92f9d21154c 10367 (void)ctx;
wolfSSL 0:d92f9d21154c 10368 (void)f;
wolfSSL 0:d92f9d21154c 10369 }
wolfSSL 0:d92f9d21154c 10370
wolfSSL 0:d92f9d21154c 10371
wolfSSL 0:d92f9d21154c 10372 unsigned long wolfSSL_ERR_peek_error(void)
wolfSSL 0:d92f9d21154c 10373 {
wolfSSL 0:d92f9d21154c 10374 return 0;
wolfSSL 0:d92f9d21154c 10375 }
wolfSSL 0:d92f9d21154c 10376
wolfSSL 0:d92f9d21154c 10377
wolfSSL 0:d92f9d21154c 10378 int wolfSSL_ERR_GET_REASON(int err)
wolfSSL 0:d92f9d21154c 10379 {
wolfSSL 0:d92f9d21154c 10380 (void)err;
wolfSSL 0:d92f9d21154c 10381 return 0;
wolfSSL 0:d92f9d21154c 10382 }
wolfSSL 0:d92f9d21154c 10383
wolfSSL 0:d92f9d21154c 10384
wolfSSL 0:d92f9d21154c 10385 char* wolfSSL_alert_type_string_long(int alertID)
wolfSSL 0:d92f9d21154c 10386 {
wolfSSL 0:d92f9d21154c 10387 (void)alertID;
wolfSSL 0:d92f9d21154c 10388 return 0;
wolfSSL 0:d92f9d21154c 10389 }
wolfSSL 0:d92f9d21154c 10390
wolfSSL 0:d92f9d21154c 10391
wolfSSL 0:d92f9d21154c 10392 char* wolfSSL_alert_desc_string_long(int alertID)
wolfSSL 0:d92f9d21154c 10393 {
wolfSSL 0:d92f9d21154c 10394 (void)alertID;
wolfSSL 0:d92f9d21154c 10395 return 0;
wolfSSL 0:d92f9d21154c 10396 }
wolfSSL 0:d92f9d21154c 10397
wolfSSL 0:d92f9d21154c 10398
wolfSSL 0:d92f9d21154c 10399 char* wolfSSL_state_string_long(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 10400 {
wolfSSL 0:d92f9d21154c 10401 (void)ssl;
wolfSSL 0:d92f9d21154c 10402 return 0;
wolfSSL 0:d92f9d21154c 10403 }
wolfSSL 0:d92f9d21154c 10404
wolfSSL 0:d92f9d21154c 10405
wolfSSL 0:d92f9d21154c 10406 int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 0:d92f9d21154c 10407 {
wolfSSL 0:d92f9d21154c 10408 (void)name;
wolfSSL 0:d92f9d21154c 10409 (void)num;
wolfSSL 0:d92f9d21154c 10410 (void)w;
wolfSSL 0:d92f9d21154c 10411 (void)key;
wolfSSL 0:d92f9d21154c 10412 return 0;
wolfSSL 0:d92f9d21154c 10413 }
wolfSSL 0:d92f9d21154c 10414
wolfSSL 0:d92f9d21154c 10415
wolfSSL 0:d92f9d21154c 10416 long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10417 {
wolfSSL 0:d92f9d21154c 10418 (void)ctx;
wolfSSL 0:d92f9d21154c 10419 return 0;
wolfSSL 0:d92f9d21154c 10420 }
wolfSSL 0:d92f9d21154c 10421
wolfSSL 0:d92f9d21154c 10422
wolfSSL 0:d92f9d21154c 10423 long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10424 {
wolfSSL 0:d92f9d21154c 10425 (void)ctx;
wolfSSL 0:d92f9d21154c 10426 return 0;
wolfSSL 0:d92f9d21154c 10427 }
wolfSSL 0:d92f9d21154c 10428
wolfSSL 0:d92f9d21154c 10429
wolfSSL 0:d92f9d21154c 10430 long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10431 {
wolfSSL 0:d92f9d21154c 10432 (void)ctx;
wolfSSL 0:d92f9d21154c 10433 return 0;
wolfSSL 0:d92f9d21154c 10434 }
wolfSSL 0:d92f9d21154c 10435
wolfSSL 0:d92f9d21154c 10436
wolfSSL 0:d92f9d21154c 10437 long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10438 {
wolfSSL 0:d92f9d21154c 10439 (void)ctx;
wolfSSL 0:d92f9d21154c 10440 return 0;
wolfSSL 0:d92f9d21154c 10441 }
wolfSSL 0:d92f9d21154c 10442
wolfSSL 0:d92f9d21154c 10443
wolfSSL 0:d92f9d21154c 10444 long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10445 {
wolfSSL 0:d92f9d21154c 10446 (void)ctx;
wolfSSL 0:d92f9d21154c 10447 return 0;
wolfSSL 0:d92f9d21154c 10448 }
wolfSSL 0:d92f9d21154c 10449
wolfSSL 0:d92f9d21154c 10450
wolfSSL 0:d92f9d21154c 10451 long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10452 {
wolfSSL 0:d92f9d21154c 10453 (void)ctx;
wolfSSL 0:d92f9d21154c 10454 return 0;
wolfSSL 0:d92f9d21154c 10455 }
wolfSSL 0:d92f9d21154c 10456
wolfSSL 0:d92f9d21154c 10457
wolfSSL 0:d92f9d21154c 10458 long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10459 {
wolfSSL 0:d92f9d21154c 10460 (void)ctx;
wolfSSL 0:d92f9d21154c 10461 return 0;
wolfSSL 0:d92f9d21154c 10462 }
wolfSSL 0:d92f9d21154c 10463
wolfSSL 0:d92f9d21154c 10464
wolfSSL 0:d92f9d21154c 10465 long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10466 {
wolfSSL 0:d92f9d21154c 10467 (void)ctx;
wolfSSL 0:d92f9d21154c 10468 return 0;
wolfSSL 0:d92f9d21154c 10469 }
wolfSSL 0:d92f9d21154c 10470
wolfSSL 0:d92f9d21154c 10471
wolfSSL 0:d92f9d21154c 10472 long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10473 {
wolfSSL 0:d92f9d21154c 10474 (void)ctx;
wolfSSL 0:d92f9d21154c 10475 return 0;
wolfSSL 0:d92f9d21154c 10476 }
wolfSSL 0:d92f9d21154c 10477
wolfSSL 0:d92f9d21154c 10478
wolfSSL 0:d92f9d21154c 10479 long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10480 {
wolfSSL 0:d92f9d21154c 10481 (void)ctx;
wolfSSL 0:d92f9d21154c 10482 return 0;
wolfSSL 0:d92f9d21154c 10483 }
wolfSSL 0:d92f9d21154c 10484
wolfSSL 0:d92f9d21154c 10485
wolfSSL 0:d92f9d21154c 10486 long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10487 {
wolfSSL 0:d92f9d21154c 10488 (void)ctx;
wolfSSL 0:d92f9d21154c 10489 return 0;
wolfSSL 0:d92f9d21154c 10490 }
wolfSSL 0:d92f9d21154c 10491
wolfSSL 0:d92f9d21154c 10492
wolfSSL 0:d92f9d21154c 10493 long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
wolfSSL 0:d92f9d21154c 10494 {
wolfSSL 0:d92f9d21154c 10495 (void)ctx;
wolfSSL 0:d92f9d21154c 10496 return 0;
wolfSSL 0:d92f9d21154c 10497 }
wolfSSL 0:d92f9d21154c 10498
wolfSSL 0:d92f9d21154c 10499 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 10500
wolfSSL 0:d92f9d21154c 10501 void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 0:d92f9d21154c 10502 WOLFSSL_DES_key_schedule* key)
wolfSSL 0:d92f9d21154c 10503 {
wolfSSL 0:d92f9d21154c 10504 (void)myDes;
wolfSSL 0:d92f9d21154c 10505 (void)key;
wolfSSL 0:d92f9d21154c 10506 }
wolfSSL 0:d92f9d21154c 10507
wolfSSL 0:d92f9d21154c 10508
wolfSSL 0:d92f9d21154c 10509 void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
wolfSSL 0:d92f9d21154c 10510 {
wolfSSL 0:d92f9d21154c 10511 (void)myDes;
wolfSSL 0:d92f9d21154c 10512 }
wolfSSL 0:d92f9d21154c 10513
wolfSSL 0:d92f9d21154c 10514
wolfSSL 0:d92f9d21154c 10515 void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
wolfSSL 0:d92f9d21154c 10516 WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len)
wolfSSL 0:d92f9d21154c 10517 {
wolfSSL 0:d92f9d21154c 10518 (void)desa;
wolfSSL 0:d92f9d21154c 10519 (void)desb;
wolfSSL 0:d92f9d21154c 10520 (void)key;
wolfSSL 0:d92f9d21154c 10521 (void)len;
wolfSSL 0:d92f9d21154c 10522 }
wolfSSL 0:d92f9d21154c 10523
wolfSSL 0:d92f9d21154c 10524 #endif /* NO_DES3 */
wolfSSL 0:d92f9d21154c 10525
wolfSSL 0:d92f9d21154c 10526 int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
wolfSSL 0:d92f9d21154c 10527 {
wolfSSL 0:d92f9d21154c 10528 (void)bio;
wolfSSL 0:d92f9d21154c 10529 (void)format;
wolfSSL 0:d92f9d21154c 10530 return 0;
wolfSSL 0:d92f9d21154c 10531 }
wolfSSL 0:d92f9d21154c 10532
wolfSSL 0:d92f9d21154c 10533
wolfSSL 0:d92f9d21154c 10534 int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
wolfSSL 0:d92f9d21154c 10535 {
wolfSSL 0:d92f9d21154c 10536 (void)bio;
wolfSSL 0:d92f9d21154c 10537 (void)a;
wolfSSL 0:d92f9d21154c 10538 return 0;
wolfSSL 0:d92f9d21154c 10539 }
wolfSSL 0:d92f9d21154c 10540
wolfSSL 0:d92f9d21154c 10541
wolfSSL 0:d92f9d21154c 10542 int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev)
wolfSSL 0:d92f9d21154c 10543 {
wolfSSL 0:d92f9d21154c 10544 (void)rev;
wolfSSL 0:d92f9d21154c 10545 return 0;
wolfSSL 0:d92f9d21154c 10546 }
wolfSSL 0:d92f9d21154c 10547
wolfSSL 0:d92f9d21154c 10548
wolfSSL 0:d92f9d21154c 10549 void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
wolfSSL 0:d92f9d21154c 10550 {
wolfSSL 0:d92f9d21154c 10551 (void)rev;
wolfSSL 0:d92f9d21154c 10552 (void)i;
wolfSSL 0:d92f9d21154c 10553 return 0;
wolfSSL 0:d92f9d21154c 10554 }
wolfSSL 0:d92f9d21154c 10555
wolfSSL 0:d92f9d21154c 10556
wolfSSL 0:d92f9d21154c 10557 /* stunnel 4.28 needs */
wolfSSL 0:d92f9d21154c 10558 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d)
wolfSSL 0:d92f9d21154c 10559 {
wolfSSL 0:d92f9d21154c 10560 (void)ctx;
wolfSSL 0:d92f9d21154c 10561 (void)d;
wolfSSL 0:d92f9d21154c 10562 return 0;
wolfSSL 0:d92f9d21154c 10563 }
wolfSSL 0:d92f9d21154c 10564
wolfSSL 0:d92f9d21154c 10565
wolfSSL 0:d92f9d21154c 10566 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p)
wolfSSL 0:d92f9d21154c 10567 {
wolfSSL 0:d92f9d21154c 10568 (void)ctx;
wolfSSL 0:d92f9d21154c 10569 (void)d;
wolfSSL 0:d92f9d21154c 10570 (void)p;
wolfSSL 0:d92f9d21154c 10571 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10572 }
wolfSSL 0:d92f9d21154c 10573
wolfSSL 0:d92f9d21154c 10574
wolfSSL 0:d92f9d21154c 10575 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 10576 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
wolfSSL 0:d92f9d21154c 10577 {
wolfSSL 0:d92f9d21154c 10578 (void)ctx;
wolfSSL 0:d92f9d21154c 10579 (void)f;
wolfSSL 0:d92f9d21154c 10580 }
wolfSSL 0:d92f9d21154c 10581
wolfSSL 0:d92f9d21154c 10582
wolfSSL 0:d92f9d21154c 10583 void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
wolfSSL 0:d92f9d21154c 10584 int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
wolfSSL 0:d92f9d21154c 10585 {
wolfSSL 0:d92f9d21154c 10586 (void)ctx;
wolfSSL 0:d92f9d21154c 10587 (void)f;
wolfSSL 0:d92f9d21154c 10588 }
wolfSSL 0:d92f9d21154c 10589
wolfSSL 0:d92f9d21154c 10590
wolfSSL 0:d92f9d21154c 10591 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
wolfSSL 0:d92f9d21154c 10592 WOLFSSL_SESSION*))
wolfSSL 0:d92f9d21154c 10593 {
wolfSSL 0:d92f9d21154c 10594 (void)ctx;
wolfSSL 0:d92f9d21154c 10595 (void)f;
wolfSSL 0:d92f9d21154c 10596 }
wolfSSL 0:d92f9d21154c 10597
wolfSSL 0:d92f9d21154c 10598
wolfSSL 0:d92f9d21154c 10599 int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
wolfSSL 0:d92f9d21154c 10600 {
wolfSSL 0:d92f9d21154c 10601 (void)sess;
wolfSSL 0:d92f9d21154c 10602 (void)p;
wolfSSL 0:d92f9d21154c 10603 return sizeof(WOLFSSL_SESSION);
wolfSSL 0:d92f9d21154c 10604 }
wolfSSL 0:d92f9d21154c 10605
wolfSSL 0:d92f9d21154c 10606
wolfSSL 0:d92f9d21154c 10607 WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
wolfSSL 0:d92f9d21154c 10608 const unsigned char** p, long i)
wolfSSL 0:d92f9d21154c 10609 {
wolfSSL 0:d92f9d21154c 10610 (void)p;
wolfSSL 0:d92f9d21154c 10611 (void)i;
wolfSSL 0:d92f9d21154c 10612 if (sess)
wolfSSL 0:d92f9d21154c 10613 return *sess;
wolfSSL 0:d92f9d21154c 10614 return NULL;
wolfSSL 0:d92f9d21154c 10615 }
wolfSSL 0:d92f9d21154c 10616
wolfSSL 0:d92f9d21154c 10617
wolfSSL 0:d92f9d21154c 10618 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
wolfSSL 0:d92f9d21154c 10619 {
wolfSSL 0:d92f9d21154c 10620 WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
wolfSSL 0:d92f9d21154c 10621 return sess->timeout;
wolfSSL 0:d92f9d21154c 10622 }
wolfSSL 0:d92f9d21154c 10623
wolfSSL 0:d92f9d21154c 10624
wolfSSL 0:d92f9d21154c 10625 long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
wolfSSL 0:d92f9d21154c 10626 {
wolfSSL 0:d92f9d21154c 10627 WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
wolfSSL 0:d92f9d21154c 10628 return sess->bornOn;
wolfSSL 0:d92f9d21154c 10629 }
wolfSSL 0:d92f9d21154c 10630
wolfSSL 0:d92f9d21154c 10631
wolfSSL 0:d92f9d21154c 10632 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 0:d92f9d21154c 10633 void* c)
wolfSSL 0:d92f9d21154c 10634 {
wolfSSL 0:d92f9d21154c 10635 (void)idx;
wolfSSL 0:d92f9d21154c 10636 (void)arg;
wolfSSL 0:d92f9d21154c 10637 (void)a;
wolfSSL 0:d92f9d21154c 10638 (void)b;
wolfSSL 0:d92f9d21154c 10639 (void)c;
wolfSSL 0:d92f9d21154c 10640 return 0;
wolfSSL 0:d92f9d21154c 10641 }
wolfSSL 0:d92f9d21154c 10642
wolfSSL 0:d92f9d21154c 10643 #endif /* OPENSSL_EXTRA */
wolfSSL 0:d92f9d21154c 10644
wolfSSL 0:d92f9d21154c 10645
wolfSSL 0:d92f9d21154c 10646 #ifdef KEEP_PEER_CERT
wolfSSL 0:d92f9d21154c 10647 char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509)
wolfSSL 0:d92f9d21154c 10648 {
wolfSSL 0:d92f9d21154c 10649 if (x509 == NULL)
wolfSSL 0:d92f9d21154c 10650 return NULL;
wolfSSL 0:d92f9d21154c 10651
wolfSSL 0:d92f9d21154c 10652 return x509->subjectCN;
wolfSSL 0:d92f9d21154c 10653 }
wolfSSL 0:d92f9d21154c 10654 #endif /* KEEP_PEER_CERT */
wolfSSL 0:d92f9d21154c 10655
wolfSSL 0:d92f9d21154c 10656 #ifdef OPENSSL_EXTRA
wolfSSL 0:d92f9d21154c 10657
wolfSSL 0:d92f9d21154c 10658 #ifdef FORTRESS
wolfSSL 0:d92f9d21154c 10659 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
wolfSSL 0:d92f9d21154c 10660 {
wolfSSL 0:d92f9d21154c 10661 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 10662
wolfSSL 0:d92f9d21154c 10663 WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
wolfSSL 0:d92f9d21154c 10664 if (ssl != NULL && fname != NULL)
wolfSSL 0:d92f9d21154c 10665 {
wolfSSL 0:d92f9d21154c 10666 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10667 EncryptedInfo* info = NULL;
wolfSSL 0:d92f9d21154c 10668 byte staticBuffer[1]; /* force heap usage */
wolfSSL 0:d92f9d21154c 10669 #else
wolfSSL 0:d92f9d21154c 10670 EncryptedInfo info[1];
wolfSSL 0:d92f9d21154c 10671 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:d92f9d21154c 10672 #endif
wolfSSL 0:d92f9d21154c 10673 byte* myBuffer = staticBuffer;
wolfSSL 0:d92f9d21154c 10674 int dynamic = 0;
wolfSSL 0:d92f9d21154c 10675 XFILE file = XBADFILE;
wolfSSL 0:d92f9d21154c 10676 long sz = 0;
wolfSSL 0:d92f9d21154c 10677 int eccKey = 0;
wolfSSL 0:d92f9d21154c 10678 WOLFSSL_CTX* ctx = ssl->ctx;
wolfSSL 0:d92f9d21154c 10679 WOLFSSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 0:d92f9d21154c 10680 buffer fileDer;
wolfSSL 0:d92f9d21154c 10681
wolfSSL 0:d92f9d21154c 10682 file = XFOPEN(fname, "rb");
wolfSSL 0:d92f9d21154c 10683 if (file == XBADFILE)
wolfSSL 0:d92f9d21154c 10684 return SSL_BAD_FILE;
wolfSSL 0:d92f9d21154c 10685
wolfSSL 0:d92f9d21154c 10686 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:d92f9d21154c 10687 sz = XFTELL(file);
wolfSSL 0:d92f9d21154c 10688 XREWIND(file);
wolfSSL 0:d92f9d21154c 10689
wolfSSL 0:d92f9d21154c 10690 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:d92f9d21154c 10691 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 0:d92f9d21154c 10692 myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 10693 dynamic = 1;
wolfSSL 0:d92f9d21154c 10694 }
wolfSSL 0:d92f9d21154c 10695
wolfSSL 0:d92f9d21154c 10696 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10697 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 0:d92f9d21154c 10698 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 10699 if (info == NULL)
wolfSSL 0:d92f9d21154c 10700 ret = MEMORY_E;
wolfSSL 0:d92f9d21154c 10701 else
wolfSSL 0:d92f9d21154c 10702 #endif
wolfSSL 0:d92f9d21154c 10703 {
wolfSSL 0:d92f9d21154c 10704 info->set = 0;
wolfSSL 0:d92f9d21154c 10705 info->ctx = ctx;
wolfSSL 0:d92f9d21154c 10706 info->consumed = 0;
wolfSSL 0:d92f9d21154c 10707 fileDer.buffer = 0;
wolfSSL 0:d92f9d21154c 10708
wolfSSL 0:d92f9d21154c 10709 if ((myBuffer != NULL) &&
wolfSSL 0:d92f9d21154c 10710 (sz > 0) &&
wolfSSL 0:d92f9d21154c 10711 (XFREAD(myBuffer, sz, 1, file) > 0) &&
wolfSSL 0:d92f9d21154c 10712 (PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL 0:d92f9d21154c 10713 &fileDer, ctx->heap, info, &eccKey) == 0) &&
wolfSSL 0:d92f9d21154c 10714 (fileDer.length != 0) &&
wolfSSL 0:d92f9d21154c 10715 (fileDer.length == peer_cert->derCert.length) &&
wolfSSL 0:d92f9d21154c 10716 (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
wolfSSL 0:d92f9d21154c 10717 fileDer.length) == 0))
wolfSSL 0:d92f9d21154c 10718 {
wolfSSL 0:d92f9d21154c 10719 ret = 0;
wolfSSL 0:d92f9d21154c 10720 }
wolfSSL 0:d92f9d21154c 10721
wolfSSL 0:d92f9d21154c 10722 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10723 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 10724 #endif
wolfSSL 0:d92f9d21154c 10725 }
wolfSSL 0:d92f9d21154c 10726
wolfSSL 0:d92f9d21154c 10727 XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:d92f9d21154c 10728 if (dynamic)
wolfSSL 0:d92f9d21154c 10729 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:d92f9d21154c 10730
wolfSSL 0:d92f9d21154c 10731 XFCLOSE(file);
wolfSSL 0:d92f9d21154c 10732 }
wolfSSL 0:d92f9d21154c 10733
wolfSSL 0:d92f9d21154c 10734 return ret;
wolfSSL 0:d92f9d21154c 10735 }
wolfSSL 0:d92f9d21154c 10736 #endif
wolfSSL 0:d92f9d21154c 10737
wolfSSL 0:d92f9d21154c 10738
wolfSSL 0:d92f9d21154c 10739 static RNG globalRNG;
wolfSSL 0:d92f9d21154c 10740 static int initGlobalRNG = 0;
wolfSSL 0:d92f9d21154c 10741
wolfSSL 0:d92f9d21154c 10742 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 10743 int wolfSSL_RAND_seed(const void* seed, int len)
wolfSSL 0:d92f9d21154c 10744 {
wolfSSL 0:d92f9d21154c 10745
wolfSSL 0:d92f9d21154c 10746 WOLFSSL_MSG("wolfSSL_RAND_seed");
wolfSSL 0:d92f9d21154c 10747
wolfSSL 0:d92f9d21154c 10748 (void)seed;
wolfSSL 0:d92f9d21154c 10749 (void)len;
wolfSSL 0:d92f9d21154c 10750
wolfSSL 0:d92f9d21154c 10751 if (initGlobalRNG == 0) {
wolfSSL 0:d92f9d21154c 10752 if (wc_InitRng(&globalRNG) < 0) {
wolfSSL 0:d92f9d21154c 10753 WOLFSSL_MSG("wolfSSL Init Global RNG failed");
wolfSSL 0:d92f9d21154c 10754 return 0;
wolfSSL 0:d92f9d21154c 10755 }
wolfSSL 0:d92f9d21154c 10756 initGlobalRNG = 1;
wolfSSL 0:d92f9d21154c 10757 }
wolfSSL 0:d92f9d21154c 10758
wolfSSL 0:d92f9d21154c 10759 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10760 }
wolfSSL 0:d92f9d21154c 10761
wolfSSL 0:d92f9d21154c 10762
wolfSSL 0:d92f9d21154c 10763 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 10764 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 0:d92f9d21154c 10765 {
wolfSSL 0:d92f9d21154c 10766 int ret = 0;
wolfSSL 0:d92f9d21154c 10767 int initTmpRng = 0;
wolfSSL 0:d92f9d21154c 10768 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 10769 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10770 RNG* tmpRNG = NULL;
wolfSSL 0:d92f9d21154c 10771 #else
wolfSSL 0:d92f9d21154c 10772 RNG tmpRNG[1];
wolfSSL 0:d92f9d21154c 10773 #endif
wolfSSL 0:d92f9d21154c 10774
wolfSSL 0:d92f9d21154c 10775 WOLFSSL_ENTER("RAND_bytes");
wolfSSL 0:d92f9d21154c 10776
wolfSSL 0:d92f9d21154c 10777 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10778 tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 10779 if (tmpRNG == NULL)
wolfSSL 0:d92f9d21154c 10780 return ret;
wolfSSL 0:d92f9d21154c 10781 #endif
wolfSSL 0:d92f9d21154c 10782
wolfSSL 0:d92f9d21154c 10783 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 0:d92f9d21154c 10784 rng = tmpRNG;
wolfSSL 0:d92f9d21154c 10785 initTmpRng = 1;
wolfSSL 0:d92f9d21154c 10786 }
wolfSSL 0:d92f9d21154c 10787 else if (initGlobalRNG)
wolfSSL 0:d92f9d21154c 10788 rng = &globalRNG;
wolfSSL 0:d92f9d21154c 10789
wolfSSL 0:d92f9d21154c 10790 if (rng) {
wolfSSL 0:d92f9d21154c 10791 if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
wolfSSL 0:d92f9d21154c 10792 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 0:d92f9d21154c 10793 else
wolfSSL 0:d92f9d21154c 10794 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10795 }
wolfSSL 0:d92f9d21154c 10796
wolfSSL 0:d92f9d21154c 10797 if (initTmpRng)
wolfSSL 0:d92f9d21154c 10798 wc_FreeRng(tmpRNG);
wolfSSL 0:d92f9d21154c 10799
wolfSSL 0:d92f9d21154c 10800 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 10801 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 10802 #endif
wolfSSL 0:d92f9d21154c 10803
wolfSSL 0:d92f9d21154c 10804 return ret;
wolfSSL 0:d92f9d21154c 10805 }
wolfSSL 0:d92f9d21154c 10806
wolfSSL 0:d92f9d21154c 10807 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
wolfSSL 0:d92f9d21154c 10808 {
wolfSSL 0:d92f9d21154c 10809 static int ctx; /* wolfcrypt doesn't now need ctx */
wolfSSL 0:d92f9d21154c 10810
wolfSSL 0:d92f9d21154c 10811 WOLFSSL_MSG("wolfSSL_BN_CTX_new");
wolfSSL 0:d92f9d21154c 10812
wolfSSL 0:d92f9d21154c 10813 return (WOLFSSL_BN_CTX*)&ctx;
wolfSSL 0:d92f9d21154c 10814 }
wolfSSL 0:d92f9d21154c 10815
wolfSSL 0:d92f9d21154c 10816 void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
wolfSSL 0:d92f9d21154c 10817 {
wolfSSL 0:d92f9d21154c 10818 (void)ctx;
wolfSSL 0:d92f9d21154c 10819 WOLFSSL_MSG("wolfSSL_BN_CTX_init");
wolfSSL 0:d92f9d21154c 10820 }
wolfSSL 0:d92f9d21154c 10821
wolfSSL 0:d92f9d21154c 10822
wolfSSL 0:d92f9d21154c 10823 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
wolfSSL 0:d92f9d21154c 10824 {
wolfSSL 0:d92f9d21154c 10825 (void)ctx;
wolfSSL 0:d92f9d21154c 10826 WOLFSSL_MSG("wolfSSL_BN_CTX_free");
wolfSSL 0:d92f9d21154c 10827
wolfSSL 0:d92f9d21154c 10828 /* do free since static ctx that does nothing */
wolfSSL 0:d92f9d21154c 10829 }
wolfSSL 0:d92f9d21154c 10830
wolfSSL 0:d92f9d21154c 10831
wolfSSL 0:d92f9d21154c 10832 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10833 {
wolfSSL 0:d92f9d21154c 10834 WOLFSSL_MSG("InitwolfSSL_BigNum");
wolfSSL 0:d92f9d21154c 10835 if (bn) {
wolfSSL 0:d92f9d21154c 10836 bn->neg = 0;
wolfSSL 0:d92f9d21154c 10837 bn->internal = NULL;
wolfSSL 0:d92f9d21154c 10838 }
wolfSSL 0:d92f9d21154c 10839 }
wolfSSL 0:d92f9d21154c 10840
wolfSSL 0:d92f9d21154c 10841
wolfSSL 0:d92f9d21154c 10842 WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
wolfSSL 0:d92f9d21154c 10843 {
wolfSSL 0:d92f9d21154c 10844 WOLFSSL_BIGNUM* external;
wolfSSL 0:d92f9d21154c 10845 mp_int* mpi;
wolfSSL 0:d92f9d21154c 10846
wolfSSL 0:d92f9d21154c 10847 WOLFSSL_MSG("wolfSSL_BN_new");
wolfSSL 0:d92f9d21154c 10848
wolfSSL 0:d92f9d21154c 10849 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:d92f9d21154c 10850 if (mpi == NULL) {
wolfSSL 0:d92f9d21154c 10851 WOLFSSL_MSG("wolfSSL_BN_new malloc mpi failure");
wolfSSL 0:d92f9d21154c 10852 return NULL;
wolfSSL 0:d92f9d21154c 10853 }
wolfSSL 0:d92f9d21154c 10854
wolfSSL 0:d92f9d21154c 10855 external = (WOLFSSL_BIGNUM*) XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
wolfSSL 0:d92f9d21154c 10856 DYNAMIC_TYPE_BIGINT);
wolfSSL 0:d92f9d21154c 10857 if (external == NULL) {
wolfSSL 0:d92f9d21154c 10858 WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
wolfSSL 0:d92f9d21154c 10859 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:d92f9d21154c 10860 return NULL;
wolfSSL 0:d92f9d21154c 10861 }
wolfSSL 0:d92f9d21154c 10862
wolfSSL 0:d92f9d21154c 10863 InitwolfSSL_BigNum(external);
wolfSSL 0:d92f9d21154c 10864 external->internal = mpi;
wolfSSL 0:d92f9d21154c 10865 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 10866 wolfSSL_BN_free(external);
wolfSSL 0:d92f9d21154c 10867 return NULL;
wolfSSL 0:d92f9d21154c 10868 }
wolfSSL 0:d92f9d21154c 10869
wolfSSL 0:d92f9d21154c 10870 return external;
wolfSSL 0:d92f9d21154c 10871 }
wolfSSL 0:d92f9d21154c 10872
wolfSSL 0:d92f9d21154c 10873
wolfSSL 0:d92f9d21154c 10874 void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10875 {
wolfSSL 0:d92f9d21154c 10876 WOLFSSL_MSG("wolfSSL_BN_free");
wolfSSL 0:d92f9d21154c 10877 if (bn) {
wolfSSL 0:d92f9d21154c 10878 if (bn->internal) {
wolfSSL 0:d92f9d21154c 10879 mp_clear((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 10880 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:d92f9d21154c 10881 bn->internal = NULL;
wolfSSL 0:d92f9d21154c 10882 }
wolfSSL 0:d92f9d21154c 10883 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:d92f9d21154c 10884 }
wolfSSL 0:d92f9d21154c 10885 }
wolfSSL 0:d92f9d21154c 10886
wolfSSL 0:d92f9d21154c 10887
wolfSSL 0:d92f9d21154c 10888 void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10889 {
wolfSSL 0:d92f9d21154c 10890 WOLFSSL_MSG("wolfSSL_BN_clear_free");
wolfSSL 0:d92f9d21154c 10891
wolfSSL 0:d92f9d21154c 10892 wolfSSL_BN_free(bn);
wolfSSL 0:d92f9d21154c 10893 }
wolfSSL 0:d92f9d21154c 10894
wolfSSL 0:d92f9d21154c 10895
wolfSSL 0:d92f9d21154c 10896 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 10897 int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 0:d92f9d21154c 10898 const WOLFSSL_BIGNUM* b)
wolfSSL 0:d92f9d21154c 10899 {
wolfSSL 0:d92f9d21154c 10900 WOLFSSL_MSG("wolfSSL_BN_sub");
wolfSSL 0:d92f9d21154c 10901
wolfSSL 0:d92f9d21154c 10902 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:d92f9d21154c 10903 return 0;
wolfSSL 0:d92f9d21154c 10904
wolfSSL 0:d92f9d21154c 10905 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:d92f9d21154c 10906 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:d92f9d21154c 10907 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10908
wolfSSL 0:d92f9d21154c 10909 WOLFSSL_MSG("wolfSSL_BN_sub mp_sub failed");
wolfSSL 0:d92f9d21154c 10910 return 0;
wolfSSL 0:d92f9d21154c 10911 }
wolfSSL 0:d92f9d21154c 10912
wolfSSL 0:d92f9d21154c 10913
wolfSSL 0:d92f9d21154c 10914 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 10915 int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 0:d92f9d21154c 10916 const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
wolfSSL 0:d92f9d21154c 10917 {
wolfSSL 0:d92f9d21154c 10918 (void)c;
wolfSSL 0:d92f9d21154c 10919 WOLFSSL_MSG("wolfSSL_BN_mod");
wolfSSL 0:d92f9d21154c 10920
wolfSSL 0:d92f9d21154c 10921 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:d92f9d21154c 10922 return 0;
wolfSSL 0:d92f9d21154c 10923
wolfSSL 0:d92f9d21154c 10924 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:d92f9d21154c 10925 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:d92f9d21154c 10926 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 10927
wolfSSL 0:d92f9d21154c 10928 WOLFSSL_MSG("wolfSSL_BN_mod mp_mod failed");
wolfSSL 0:d92f9d21154c 10929 return 0;
wolfSSL 0:d92f9d21154c 10930 }
wolfSSL 0:d92f9d21154c 10931
wolfSSL 0:d92f9d21154c 10932
wolfSSL 0:d92f9d21154c 10933 const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
wolfSSL 0:d92f9d21154c 10934 {
wolfSSL 0:d92f9d21154c 10935 static WOLFSSL_BIGNUM* bn_one = NULL;
wolfSSL 0:d92f9d21154c 10936
wolfSSL 0:d92f9d21154c 10937 WOLFSSL_MSG("wolfSSL_BN_value_one");
wolfSSL 0:d92f9d21154c 10938
wolfSSL 0:d92f9d21154c 10939 if (bn_one == NULL) {
wolfSSL 0:d92f9d21154c 10940 bn_one = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 10941 if (bn_one)
wolfSSL 0:d92f9d21154c 10942 mp_set_int((mp_int*)bn_one->internal, 1);
wolfSSL 0:d92f9d21154c 10943 }
wolfSSL 0:d92f9d21154c 10944
wolfSSL 0:d92f9d21154c 10945 return bn_one;
wolfSSL 0:d92f9d21154c 10946 }
wolfSSL 0:d92f9d21154c 10947
wolfSSL 0:d92f9d21154c 10948
wolfSSL 0:d92f9d21154c 10949 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10950 {
wolfSSL 0:d92f9d21154c 10951 WOLFSSL_MSG("wolfSSL_BN_num_bytes");
wolfSSL 0:d92f9d21154c 10952
wolfSSL 0:d92f9d21154c 10953 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 10954 return 0;
wolfSSL 0:d92f9d21154c 10955
wolfSSL 0:d92f9d21154c 10956 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 10957 }
wolfSSL 0:d92f9d21154c 10958
wolfSSL 0:d92f9d21154c 10959
wolfSSL 0:d92f9d21154c 10960 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10961 {
wolfSSL 0:d92f9d21154c 10962 WOLFSSL_MSG("wolfSSL_BN_num_bits");
wolfSSL 0:d92f9d21154c 10963
wolfSSL 0:d92f9d21154c 10964 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 10965 return 0;
wolfSSL 0:d92f9d21154c 10966
wolfSSL 0:d92f9d21154c 10967 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 10968 }
wolfSSL 0:d92f9d21154c 10969
wolfSSL 0:d92f9d21154c 10970
wolfSSL 0:d92f9d21154c 10971 int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10972 {
wolfSSL 0:d92f9d21154c 10973 WOLFSSL_MSG("wolfSSL_BN_is_zero");
wolfSSL 0:d92f9d21154c 10974
wolfSSL 0:d92f9d21154c 10975 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 10976 return 0;
wolfSSL 0:d92f9d21154c 10977
wolfSSL 0:d92f9d21154c 10978 return mp_iszero((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 10979 }
wolfSSL 0:d92f9d21154c 10980
wolfSSL 0:d92f9d21154c 10981
wolfSSL 0:d92f9d21154c 10982 int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10983 {
wolfSSL 0:d92f9d21154c 10984 WOLFSSL_MSG("wolfSSL_BN_is_one");
wolfSSL 0:d92f9d21154c 10985
wolfSSL 0:d92f9d21154c 10986 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 10987 return 0;
wolfSSL 0:d92f9d21154c 10988
wolfSSL 0:d92f9d21154c 10989 if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
wolfSSL 0:d92f9d21154c 10990 return 1;
wolfSSL 0:d92f9d21154c 10991
wolfSSL 0:d92f9d21154c 10992 return 0;
wolfSSL 0:d92f9d21154c 10993 }
wolfSSL 0:d92f9d21154c 10994
wolfSSL 0:d92f9d21154c 10995
wolfSSL 0:d92f9d21154c 10996 int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 10997 {
wolfSSL 0:d92f9d21154c 10998 WOLFSSL_MSG("wolfSSL_BN_is_odd");
wolfSSL 0:d92f9d21154c 10999
wolfSSL 0:d92f9d21154c 11000 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 11001 return 0;
wolfSSL 0:d92f9d21154c 11002
wolfSSL 0:d92f9d21154c 11003 return mp_isodd((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 11004 }
wolfSSL 0:d92f9d21154c 11005
wolfSSL 0:d92f9d21154c 11006
wolfSSL 0:d92f9d21154c 11007 int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
wolfSSL 0:d92f9d21154c 11008 {
wolfSSL 0:d92f9d21154c 11009 WOLFSSL_MSG("wolfSSL_BN_cmp");
wolfSSL 0:d92f9d21154c 11010
wolfSSL 0:d92f9d21154c 11011 if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
wolfSSL 0:d92f9d21154c 11012 return 0;
wolfSSL 0:d92f9d21154c 11013
wolfSSL 0:d92f9d21154c 11014 return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 0:d92f9d21154c 11015 }
wolfSSL 0:d92f9d21154c 11016
wolfSSL 0:d92f9d21154c 11017
wolfSSL 0:d92f9d21154c 11018 int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
wolfSSL 0:d92f9d21154c 11019 {
wolfSSL 0:d92f9d21154c 11020 WOLFSSL_MSG("wolfSSL_BN_bn2bin");
wolfSSL 0:d92f9d21154c 11021
wolfSSL 0:d92f9d21154c 11022 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:d92f9d21154c 11023 WOLFSSL_MSG("NULL bn error");
wolfSSL 0:d92f9d21154c 11024 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11025 }
wolfSSL 0:d92f9d21154c 11026
wolfSSL 0:d92f9d21154c 11027 if (r == NULL)
wolfSSL 0:d92f9d21154c 11028 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 11029
wolfSSL 0:d92f9d21154c 11030 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 11031 WOLFSSL_MSG("mp_to_unsigned_bin error");
wolfSSL 0:d92f9d21154c 11032 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11033 }
wolfSSL 0:d92f9d21154c 11034
wolfSSL 0:d92f9d21154c 11035 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:d92f9d21154c 11036 }
wolfSSL 0:d92f9d21154c 11037
wolfSSL 0:d92f9d21154c 11038
wolfSSL 0:d92f9d21154c 11039 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 0:d92f9d21154c 11040 WOLFSSL_BIGNUM* ret)
wolfSSL 0:d92f9d21154c 11041 {
wolfSSL 0:d92f9d21154c 11042 WOLFSSL_MSG("wolfSSL_BN_bin2bn");
wolfSSL 0:d92f9d21154c 11043
wolfSSL 0:d92f9d21154c 11044 if (ret && ret->internal) {
wolfSSL 0:d92f9d21154c 11045 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 0:d92f9d21154c 11046 WOLFSSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 0:d92f9d21154c 11047 return NULL;
wolfSSL 0:d92f9d21154c 11048 }
wolfSSL 0:d92f9d21154c 11049 }
wolfSSL 0:d92f9d21154c 11050 else {
wolfSSL 0:d92f9d21154c 11051 WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum");
wolfSSL 0:d92f9d21154c 11052 }
wolfSSL 0:d92f9d21154c 11053
wolfSSL 0:d92f9d21154c 11054 return ret;
wolfSSL 0:d92f9d21154c 11055 }
wolfSSL 0:d92f9d21154c 11056
wolfSSL 0:d92f9d21154c 11057
wolfSSL 0:d92f9d21154c 11058 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 0:d92f9d21154c 11059 {
wolfSSL 0:d92f9d21154c 11060 (void)bn;
wolfSSL 0:d92f9d21154c 11061 (void)n;
wolfSSL 0:d92f9d21154c 11062 WOLFSSL_MSG("wolfSSL_BN_mask_bits");
wolfSSL 0:d92f9d21154c 11063
wolfSSL 0:d92f9d21154c 11064 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11065 }
wolfSSL 0:d92f9d21154c 11066
wolfSSL 0:d92f9d21154c 11067
wolfSSL 0:d92f9d21154c 11068 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 11069 int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 0:d92f9d21154c 11070 {
wolfSSL 0:d92f9d21154c 11071 int ret = 0;
wolfSSL 0:d92f9d21154c 11072 int len = bits / 8;
wolfSSL 0:d92f9d21154c 11073 int initTmpRng = 0;
wolfSSL 0:d92f9d21154c 11074 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 11075 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11076 RNG* tmpRNG = NULL;
wolfSSL 0:d92f9d21154c 11077 byte* buff = NULL;
wolfSSL 0:d92f9d21154c 11078 #else
wolfSSL 0:d92f9d21154c 11079 RNG tmpRNG[1];
wolfSSL 0:d92f9d21154c 11080 byte buff[1024];
wolfSSL 0:d92f9d21154c 11081 #endif
wolfSSL 0:d92f9d21154c 11082
wolfSSL 0:d92f9d21154c 11083 (void)top;
wolfSSL 0:d92f9d21154c 11084 (void)bottom;
wolfSSL 0:d92f9d21154c 11085 WOLFSSL_MSG("wolfSSL_BN_rand");
wolfSSL 0:d92f9d21154c 11086
wolfSSL 0:d92f9d21154c 11087 if (bits % 8)
wolfSSL 0:d92f9d21154c 11088 len++;
wolfSSL 0:d92f9d21154c 11089
wolfSSL 0:d92f9d21154c 11090 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11091 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11092 tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11093 if (buff == NULL || tmpRNG == NULL) {
wolfSSL 0:d92f9d21154c 11094 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11095 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11096 return ret;
wolfSSL 0:d92f9d21154c 11097 }
wolfSSL 0:d92f9d21154c 11098 #endif
wolfSSL 0:d92f9d21154c 11099
wolfSSL 0:d92f9d21154c 11100 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:d92f9d21154c 11101 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 11102 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 0:d92f9d21154c 11103 rng = tmpRNG;
wolfSSL 0:d92f9d21154c 11104 initTmpRng = 1;
wolfSSL 0:d92f9d21154c 11105 }
wolfSSL 0:d92f9d21154c 11106 else if (initGlobalRNG)
wolfSSL 0:d92f9d21154c 11107 rng = &globalRNG;
wolfSSL 0:d92f9d21154c 11108
wolfSSL 0:d92f9d21154c 11109 if (rng) {
wolfSSL 0:d92f9d21154c 11110 if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
wolfSSL 0:d92f9d21154c 11111 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 0:d92f9d21154c 11112 else {
wolfSSL 0:d92f9d21154c 11113 buff[0] |= 0x80 | 0x40;
wolfSSL 0:d92f9d21154c 11114 buff[len-1] |= 0x01;
wolfSSL 0:d92f9d21154c 11115
wolfSSL 0:d92f9d21154c 11116 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
wolfSSL 0:d92f9d21154c 11117 WOLFSSL_MSG("mp read bin failed");
wolfSSL 0:d92f9d21154c 11118 else
wolfSSL 0:d92f9d21154c 11119 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 11120 }
wolfSSL 0:d92f9d21154c 11121 }
wolfSSL 0:d92f9d21154c 11122
wolfSSL 0:d92f9d21154c 11123 if (initTmpRng)
wolfSSL 0:d92f9d21154c 11124 wc_FreeRng(tmpRNG);
wolfSSL 0:d92f9d21154c 11125
wolfSSL 0:d92f9d21154c 11126 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11127 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11128 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11129 #endif
wolfSSL 0:d92f9d21154c 11130
wolfSSL 0:d92f9d21154c 11131 return ret;
wolfSSL 0:d92f9d21154c 11132 }
wolfSSL 0:d92f9d21154c 11133
wolfSSL 0:d92f9d21154c 11134
wolfSSL 0:d92f9d21154c 11135 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
wolfSSL 0:d92f9d21154c 11136 {
wolfSSL 0:d92f9d21154c 11137 (void)bn;
wolfSSL 0:d92f9d21154c 11138 (void)n;
wolfSSL 0:d92f9d21154c 11139
wolfSSL 0:d92f9d21154c 11140 WOLFSSL_MSG("wolfSSL_BN_is_bit_set");
wolfSSL 0:d92f9d21154c 11141
wolfSSL 0:d92f9d21154c 11142 return 0;
wolfSSL 0:d92f9d21154c 11143 }
wolfSSL 0:d92f9d21154c 11144
wolfSSL 0:d92f9d21154c 11145
wolfSSL 0:d92f9d21154c 11146 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 11147 int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 0:d92f9d21154c 11148 {
wolfSSL 0:d92f9d21154c 11149 int ret = 0;
wolfSSL 0:d92f9d21154c 11150 word32 decSz = 1024;
wolfSSL 0:d92f9d21154c 11151 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11152 byte* decoded = NULL;
wolfSSL 0:d92f9d21154c 11153 #else
wolfSSL 0:d92f9d21154c 11154 byte decoded[1024];
wolfSSL 0:d92f9d21154c 11155 #endif
wolfSSL 0:d92f9d21154c 11156
wolfSSL 0:d92f9d21154c 11157 WOLFSSL_MSG("wolfSSL_BN_hex2bn");
wolfSSL 0:d92f9d21154c 11158
wolfSSL 0:d92f9d21154c 11159 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11160 decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11161 if (decoded == NULL)
wolfSSL 0:d92f9d21154c 11162 return ret;
wolfSSL 0:d92f9d21154c 11163 #endif
wolfSSL 0:d92f9d21154c 11164
wolfSSL 0:d92f9d21154c 11165 if (str == NULL)
wolfSSL 0:d92f9d21154c 11166 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 11167 else if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0)
wolfSSL 0:d92f9d21154c 11168 WOLFSSL_MSG("Bad Base16_Decode error");
wolfSSL 0:d92f9d21154c 11169 else if (bn == NULL)
wolfSSL 0:d92f9d21154c 11170 ret = decSz;
wolfSSL 0:d92f9d21154c 11171 else {
wolfSSL 0:d92f9d21154c 11172 if (*bn == NULL)
wolfSSL 0:d92f9d21154c 11173 *bn = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 11174
wolfSSL 0:d92f9d21154c 11175 if (*bn == NULL)
wolfSSL 0:d92f9d21154c 11176 WOLFSSL_MSG("BN new failed");
wolfSSL 0:d92f9d21154c 11177 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL)
wolfSSL 0:d92f9d21154c 11178 WOLFSSL_MSG("Bad bin2bn error");
wolfSSL 0:d92f9d21154c 11179 else
wolfSSL 0:d92f9d21154c 11180 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 11181 }
wolfSSL 0:d92f9d21154c 11182
wolfSSL 0:d92f9d21154c 11183 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11184 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11185 #endif
wolfSSL 0:d92f9d21154c 11186
wolfSSL 0:d92f9d21154c 11187 return ret;
wolfSSL 0:d92f9d21154c 11188 }
wolfSSL 0:d92f9d21154c 11189
wolfSSL 0:d92f9d21154c 11190
wolfSSL 0:d92f9d21154c 11191 WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 11192 {
wolfSSL 0:d92f9d21154c 11193 WOLFSSL_BIGNUM* ret;
wolfSSL 0:d92f9d21154c 11194
wolfSSL 0:d92f9d21154c 11195 WOLFSSL_MSG("wolfSSL_BN_dup");
wolfSSL 0:d92f9d21154c 11196
wolfSSL 0:d92f9d21154c 11197 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:d92f9d21154c 11198 WOLFSSL_MSG("bn NULL error");
wolfSSL 0:d92f9d21154c 11199 return NULL;
wolfSSL 0:d92f9d21154c 11200 }
wolfSSL 0:d92f9d21154c 11201
wolfSSL 0:d92f9d21154c 11202 ret = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 11203 if (ret == NULL) {
wolfSSL 0:d92f9d21154c 11204 WOLFSSL_MSG("bn new error");
wolfSSL 0:d92f9d21154c 11205 return NULL;
wolfSSL 0:d92f9d21154c 11206 }
wolfSSL 0:d92f9d21154c 11207
wolfSSL 0:d92f9d21154c 11208 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 11209 WOLFSSL_MSG("mp_copy error");
wolfSSL 0:d92f9d21154c 11210 wolfSSL_BN_free(ret);
wolfSSL 0:d92f9d21154c 11211 return NULL;
wolfSSL 0:d92f9d21154c 11212 }
wolfSSL 0:d92f9d21154c 11213
wolfSSL 0:d92f9d21154c 11214 return ret;
wolfSSL 0:d92f9d21154c 11215 }
wolfSSL 0:d92f9d21154c 11216
wolfSSL 0:d92f9d21154c 11217
wolfSSL 0:d92f9d21154c 11218 WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 11219 {
wolfSSL 0:d92f9d21154c 11220 (void)r;
wolfSSL 0:d92f9d21154c 11221 (void)bn;
wolfSSL 0:d92f9d21154c 11222
wolfSSL 0:d92f9d21154c 11223 WOLFSSL_MSG("wolfSSL_BN_copy");
wolfSSL 0:d92f9d21154c 11224
wolfSSL 0:d92f9d21154c 11225 return NULL;
wolfSSL 0:d92f9d21154c 11226 }
wolfSSL 0:d92f9d21154c 11227
wolfSSL 0:d92f9d21154c 11228
wolfSSL 0:d92f9d21154c 11229 int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, unsigned long w)
wolfSSL 0:d92f9d21154c 11230 {
wolfSSL 0:d92f9d21154c 11231 (void)bn;
wolfSSL 0:d92f9d21154c 11232 (void)w;
wolfSSL 0:d92f9d21154c 11233
wolfSSL 0:d92f9d21154c 11234 WOLFSSL_MSG("wolfSSL_BN_set_word");
wolfSSL 0:d92f9d21154c 11235
wolfSSL 0:d92f9d21154c 11236 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11237 }
wolfSSL 0:d92f9d21154c 11238
wolfSSL 0:d92f9d21154c 11239
wolfSSL 0:d92f9d21154c 11240 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 0:d92f9d21154c 11241 {
wolfSSL 0:d92f9d21154c 11242 (void)bn;
wolfSSL 0:d92f9d21154c 11243 (void)str;
wolfSSL 0:d92f9d21154c 11244
wolfSSL 0:d92f9d21154c 11245 WOLFSSL_MSG("wolfSSL_BN_dec2bn");
wolfSSL 0:d92f9d21154c 11246
wolfSSL 0:d92f9d21154c 11247 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11248 }
wolfSSL 0:d92f9d21154c 11249
wolfSSL 0:d92f9d21154c 11250
wolfSSL 0:d92f9d21154c 11251 char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
wolfSSL 0:d92f9d21154c 11252 {
wolfSSL 0:d92f9d21154c 11253 (void)bn;
wolfSSL 0:d92f9d21154c 11254
wolfSSL 0:d92f9d21154c 11255 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 0:d92f9d21154c 11256
wolfSSL 0:d92f9d21154c 11257 return NULL;
wolfSSL 0:d92f9d21154c 11258 }
wolfSSL 0:d92f9d21154c 11259
wolfSSL 0:d92f9d21154c 11260
wolfSSL 0:d92f9d21154c 11261 #ifndef NO_DH
wolfSSL 0:d92f9d21154c 11262
wolfSSL 0:d92f9d21154c 11263 static void InitwolfSSL_DH(WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11264 {
wolfSSL 0:d92f9d21154c 11265 if (dh) {
wolfSSL 0:d92f9d21154c 11266 dh->p = NULL;
wolfSSL 0:d92f9d21154c 11267 dh->g = NULL;
wolfSSL 0:d92f9d21154c 11268 dh->pub_key = NULL;
wolfSSL 0:d92f9d21154c 11269 dh->priv_key = NULL;
wolfSSL 0:d92f9d21154c 11270 dh->internal = NULL;
wolfSSL 0:d92f9d21154c 11271 dh->inSet = 0;
wolfSSL 0:d92f9d21154c 11272 dh->exSet = 0;
wolfSSL 0:d92f9d21154c 11273 }
wolfSSL 0:d92f9d21154c 11274 }
wolfSSL 0:d92f9d21154c 11275
wolfSSL 0:d92f9d21154c 11276
wolfSSL 0:d92f9d21154c 11277 WOLFSSL_DH* wolfSSL_DH_new(void)
wolfSSL 0:d92f9d21154c 11278 {
wolfSSL 0:d92f9d21154c 11279 WOLFSSL_DH* external;
wolfSSL 0:d92f9d21154c 11280 DhKey* key;
wolfSSL 0:d92f9d21154c 11281
wolfSSL 0:d92f9d21154c 11282 WOLFSSL_MSG("wolfSSL_DH_new");
wolfSSL 0:d92f9d21154c 11283
wolfSSL 0:d92f9d21154c 11284 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 11285 if (key == NULL) {
wolfSSL 0:d92f9d21154c 11286 WOLFSSL_MSG("wolfSSL_DH_new malloc DhKey failure");
wolfSSL 0:d92f9d21154c 11287 return NULL;
wolfSSL 0:d92f9d21154c 11288 }
wolfSSL 0:d92f9d21154c 11289
wolfSSL 0:d92f9d21154c 11290 external = (WOLFSSL_DH*) XMALLOC(sizeof(WOLFSSL_DH), NULL,
wolfSSL 0:d92f9d21154c 11291 DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 11292 if (external == NULL) {
wolfSSL 0:d92f9d21154c 11293 WOLFSSL_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
wolfSSL 0:d92f9d21154c 11294 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 11295 return NULL;
wolfSSL 0:d92f9d21154c 11296 }
wolfSSL 0:d92f9d21154c 11297
wolfSSL 0:d92f9d21154c 11298 InitwolfSSL_DH(external);
wolfSSL 0:d92f9d21154c 11299 wc_InitDhKey(key);
wolfSSL 0:d92f9d21154c 11300 external->internal = key;
wolfSSL 0:d92f9d21154c 11301
wolfSSL 0:d92f9d21154c 11302 return external;
wolfSSL 0:d92f9d21154c 11303 }
wolfSSL 0:d92f9d21154c 11304
wolfSSL 0:d92f9d21154c 11305
wolfSSL 0:d92f9d21154c 11306 void wolfSSL_DH_free(WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11307 {
wolfSSL 0:d92f9d21154c 11308 WOLFSSL_MSG("wolfSSL_DH_free");
wolfSSL 0:d92f9d21154c 11309
wolfSSL 0:d92f9d21154c 11310 if (dh) {
wolfSSL 0:d92f9d21154c 11311 if (dh->internal) {
wolfSSL 0:d92f9d21154c 11312 wc_FreeDhKey((DhKey*)dh->internal);
wolfSSL 0:d92f9d21154c 11313 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 11314 dh->internal = NULL;
wolfSSL 0:d92f9d21154c 11315 }
wolfSSL 0:d92f9d21154c 11316 wolfSSL_BN_free(dh->priv_key);
wolfSSL 0:d92f9d21154c 11317 wolfSSL_BN_free(dh->pub_key);
wolfSSL 0:d92f9d21154c 11318 wolfSSL_BN_free(dh->g);
wolfSSL 0:d92f9d21154c 11319 wolfSSL_BN_free(dh->p);
wolfSSL 0:d92f9d21154c 11320 InitwolfSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 0:d92f9d21154c 11321
wolfSSL 0:d92f9d21154c 11322 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:d92f9d21154c 11323 }
wolfSSL 0:d92f9d21154c 11324 }
wolfSSL 0:d92f9d21154c 11325
wolfSSL 0:d92f9d21154c 11326
wolfSSL 0:d92f9d21154c 11327 static int SetDhInternal(WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11328 {
wolfSSL 0:d92f9d21154c 11329 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11330 int pSz = 1024;
wolfSSL 0:d92f9d21154c 11331 int gSz = 1024;
wolfSSL 0:d92f9d21154c 11332 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11333 unsigned char* p = NULL;
wolfSSL 0:d92f9d21154c 11334 unsigned char* g = NULL;
wolfSSL 0:d92f9d21154c 11335 #else
wolfSSL 0:d92f9d21154c 11336 unsigned char p[1024];
wolfSSL 0:d92f9d21154c 11337 unsigned char g[1024];
wolfSSL 0:d92f9d21154c 11338 #endif
wolfSSL 0:d92f9d21154c 11339
wolfSSL 0:d92f9d21154c 11340 WOLFSSL_ENTER("SetDhInternal");
wolfSSL 0:d92f9d21154c 11341
wolfSSL 0:d92f9d21154c 11342 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 0:d92f9d21154c 11343 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 11344 else if (wolfSSL_BN_bn2bin(dh->p, NULL) > pSz)
wolfSSL 0:d92f9d21154c 11345 WOLFSSL_MSG("Bad p internal size");
wolfSSL 0:d92f9d21154c 11346 else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz)
wolfSSL 0:d92f9d21154c 11347 WOLFSSL_MSG("Bad g internal size");
wolfSSL 0:d92f9d21154c 11348 else {
wolfSSL 0:d92f9d21154c 11349 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11350 p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11351 g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11352
wolfSSL 0:d92f9d21154c 11353 if (p == NULL || g == NULL) {
wolfSSL 0:d92f9d21154c 11354 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11355 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11356 return ret;
wolfSSL 0:d92f9d21154c 11357 }
wolfSSL 0:d92f9d21154c 11358 #endif
wolfSSL 0:d92f9d21154c 11359
wolfSSL 0:d92f9d21154c 11360 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 0:d92f9d21154c 11361 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 0:d92f9d21154c 11362
wolfSSL 0:d92f9d21154c 11363 if (pSz <= 0 || gSz <= 0)
wolfSSL 0:d92f9d21154c 11364 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 0:d92f9d21154c 11365 else if (wc_DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
wolfSSL 0:d92f9d21154c 11366 WOLFSSL_MSG("Bad DH SetKey");
wolfSSL 0:d92f9d21154c 11367 else {
wolfSSL 0:d92f9d21154c 11368 dh->inSet = 1;
wolfSSL 0:d92f9d21154c 11369 ret = 0;
wolfSSL 0:d92f9d21154c 11370 }
wolfSSL 0:d92f9d21154c 11371
wolfSSL 0:d92f9d21154c 11372 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11373 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11374 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11375 #endif
wolfSSL 0:d92f9d21154c 11376 }
wolfSSL 0:d92f9d21154c 11377
wolfSSL 0:d92f9d21154c 11378
wolfSSL 0:d92f9d21154c 11379 return ret;
wolfSSL 0:d92f9d21154c 11380 }
wolfSSL 0:d92f9d21154c 11381
wolfSSL 0:d92f9d21154c 11382
wolfSSL 0:d92f9d21154c 11383 int wolfSSL_DH_size(WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11384 {
wolfSSL 0:d92f9d21154c 11385 WOLFSSL_MSG("wolfSSL_DH_size");
wolfSSL 0:d92f9d21154c 11386
wolfSSL 0:d92f9d21154c 11387 if (dh == NULL)
wolfSSL 0:d92f9d21154c 11388 return 0;
wolfSSL 0:d92f9d21154c 11389
wolfSSL 0:d92f9d21154c 11390 return wolfSSL_BN_num_bytes(dh->p);
wolfSSL 0:d92f9d21154c 11391 }
wolfSSL 0:d92f9d21154c 11392
wolfSSL 0:d92f9d21154c 11393
wolfSSL 0:d92f9d21154c 11394 /* return SSL_SUCCESS on ok, else 0 */
wolfSSL 0:d92f9d21154c 11395 int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11396 {
wolfSSL 0:d92f9d21154c 11397 int ret = 0;
wolfSSL 0:d92f9d21154c 11398 word32 pubSz = 768;
wolfSSL 0:d92f9d21154c 11399 word32 privSz = 768;
wolfSSL 0:d92f9d21154c 11400 int initTmpRng = 0;
wolfSSL 0:d92f9d21154c 11401 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 11402 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11403 unsigned char* pub = NULL;
wolfSSL 0:d92f9d21154c 11404 unsigned char* priv = NULL;
wolfSSL 0:d92f9d21154c 11405 RNG* tmpRNG = NULL;
wolfSSL 0:d92f9d21154c 11406 #else
wolfSSL 0:d92f9d21154c 11407 unsigned char pub [768];
wolfSSL 0:d92f9d21154c 11408 unsigned char priv[768];
wolfSSL 0:d92f9d21154c 11409 RNG tmpRNG[1];
wolfSSL 0:d92f9d21154c 11410 #endif
wolfSSL 0:d92f9d21154c 11411
wolfSSL 0:d92f9d21154c 11412 WOLFSSL_MSG("wolfSSL_DH_generate_key");
wolfSSL 0:d92f9d21154c 11413
wolfSSL 0:d92f9d21154c 11414 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11415 tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11416 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11417 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11418
wolfSSL 0:d92f9d21154c 11419 if (tmpRNG == NULL || pub == NULL || priv == NULL) {
wolfSSL 0:d92f9d21154c 11420 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11421 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11422 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11423 return ret;
wolfSSL 0:d92f9d21154c 11424 }
wolfSSL 0:d92f9d21154c 11425 #endif
wolfSSL 0:d92f9d21154c 11426
wolfSSL 0:d92f9d21154c 11427 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 0:d92f9d21154c 11428 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 11429 else if (dh->inSet == 0 && SetDhInternal(dh) < 0)
wolfSSL 0:d92f9d21154c 11430 WOLFSSL_MSG("Bad DH set internal");
wolfSSL 0:d92f9d21154c 11431 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 0:d92f9d21154c 11432 rng = tmpRNG;
wolfSSL 0:d92f9d21154c 11433 initTmpRng = 1;
wolfSSL 0:d92f9d21154c 11434 }
wolfSSL 0:d92f9d21154c 11435 else {
wolfSSL 0:d92f9d21154c 11436 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:d92f9d21154c 11437 if (initGlobalRNG == 0)
wolfSSL 0:d92f9d21154c 11438 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 0:d92f9d21154c 11439 else
wolfSSL 0:d92f9d21154c 11440 rng = &globalRNG;
wolfSSL 0:d92f9d21154c 11441 }
wolfSSL 0:d92f9d21154c 11442
wolfSSL 0:d92f9d21154c 11443 if (rng) {
wolfSSL 0:d92f9d21154c 11444 if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 0:d92f9d21154c 11445 pub, &pubSz) < 0)
wolfSSL 0:d92f9d21154c 11446 WOLFSSL_MSG("Bad wc_DhGenerateKeyPair");
wolfSSL 0:d92f9d21154c 11447 else {
wolfSSL 0:d92f9d21154c 11448 if (dh->pub_key)
wolfSSL 0:d92f9d21154c 11449 wolfSSL_BN_free(dh->pub_key);
wolfSSL 0:d92f9d21154c 11450
wolfSSL 0:d92f9d21154c 11451 dh->pub_key = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 11452 if (dh->pub_key == NULL) {
wolfSSL 0:d92f9d21154c 11453 WOLFSSL_MSG("Bad DH new pub");
wolfSSL 0:d92f9d21154c 11454 }
wolfSSL 0:d92f9d21154c 11455 if (dh->priv_key)
wolfSSL 0:d92f9d21154c 11456 wolfSSL_BN_free(dh->priv_key);
wolfSSL 0:d92f9d21154c 11457
wolfSSL 0:d92f9d21154c 11458 dh->priv_key = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 11459
wolfSSL 0:d92f9d21154c 11460 if (dh->priv_key == NULL) {
wolfSSL 0:d92f9d21154c 11461 WOLFSSL_MSG("Bad DH new priv");
wolfSSL 0:d92f9d21154c 11462 }
wolfSSL 0:d92f9d21154c 11463
wolfSSL 0:d92f9d21154c 11464 if (dh->pub_key && dh->priv_key) {
wolfSSL 0:d92f9d21154c 11465 if (wolfSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
wolfSSL 0:d92f9d21154c 11466 WOLFSSL_MSG("Bad DH bn2bin error pub");
wolfSSL 0:d92f9d21154c 11467 else if (wolfSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
wolfSSL 0:d92f9d21154c 11468 WOLFSSL_MSG("Bad DH bn2bin error priv");
wolfSSL 0:d92f9d21154c 11469 else
wolfSSL 0:d92f9d21154c 11470 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 11471 }
wolfSSL 0:d92f9d21154c 11472 }
wolfSSL 0:d92f9d21154c 11473 }
wolfSSL 0:d92f9d21154c 11474
wolfSSL 0:d92f9d21154c 11475 if (initTmpRng)
wolfSSL 0:d92f9d21154c 11476 wc_FreeRng(tmpRNG);
wolfSSL 0:d92f9d21154c 11477
wolfSSL 0:d92f9d21154c 11478 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11479 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11480 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11481 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11482 #endif
wolfSSL 0:d92f9d21154c 11483
wolfSSL 0:d92f9d21154c 11484 return ret;
wolfSSL 0:d92f9d21154c 11485 }
wolfSSL 0:d92f9d21154c 11486
wolfSSL 0:d92f9d21154c 11487
wolfSSL 0:d92f9d21154c 11488 /* return key size on ok, 0 otherwise */
wolfSSL 0:d92f9d21154c 11489 int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
wolfSSL 0:d92f9d21154c 11490 WOLFSSL_DH* dh)
wolfSSL 0:d92f9d21154c 11491 {
wolfSSL 0:d92f9d21154c 11492 int ret = 0;
wolfSSL 0:d92f9d21154c 11493 word32 keySz = 0;
wolfSSL 0:d92f9d21154c 11494 word32 pubSz = 1024;
wolfSSL 0:d92f9d21154c 11495 word32 privSz = 1024;
wolfSSL 0:d92f9d21154c 11496 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11497 unsigned char* pub = NULL;
wolfSSL 0:d92f9d21154c 11498 unsigned char* priv = NULL;
wolfSSL 0:d92f9d21154c 11499 #else
wolfSSL 0:d92f9d21154c 11500 unsigned char pub [1024];
wolfSSL 0:d92f9d21154c 11501 unsigned char priv[1024];
wolfSSL 0:d92f9d21154c 11502 #endif
wolfSSL 0:d92f9d21154c 11503
wolfSSL 0:d92f9d21154c 11504 WOLFSSL_MSG("wolfSSL_DH_compute_key");
wolfSSL 0:d92f9d21154c 11505
wolfSSL 0:d92f9d21154c 11506 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11507 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11508 if (pub == NULL)
wolfSSL 0:d92f9d21154c 11509 return ret;
wolfSSL 0:d92f9d21154c 11510
wolfSSL 0:d92f9d21154c 11511 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11512 if (priv == NULL) {
wolfSSL 0:d92f9d21154c 11513 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11514 return 0;
wolfSSL 0:d92f9d21154c 11515 }
wolfSSL 0:d92f9d21154c 11516 #endif
wolfSSL 0:d92f9d21154c 11517
wolfSSL 0:d92f9d21154c 11518 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL)
wolfSSL 0:d92f9d21154c 11519 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 11520 else if ((keySz = (word32)DH_size(dh)) == 0)
wolfSSL 0:d92f9d21154c 11521 WOLFSSL_MSG("Bad DH_size");
wolfSSL 0:d92f9d21154c 11522 else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
wolfSSL 0:d92f9d21154c 11523 WOLFSSL_MSG("Bad priv internal size");
wolfSSL 0:d92f9d21154c 11524 else if (wolfSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
wolfSSL 0:d92f9d21154c 11525 WOLFSSL_MSG("Bad otherPub size");
wolfSSL 0:d92f9d21154c 11526 else {
wolfSSL 0:d92f9d21154c 11527 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 0:d92f9d21154c 11528 pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
wolfSSL 0:d92f9d21154c 11529
wolfSSL 0:d92f9d21154c 11530 if (privSz <= 0 || pubSz <= 0)
wolfSSL 0:d92f9d21154c 11531 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 0:d92f9d21154c 11532 else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
wolfSSL 0:d92f9d21154c 11533 pubSz) < 0)
wolfSSL 0:d92f9d21154c 11534 WOLFSSL_MSG("wc_DhAgree failed");
wolfSSL 0:d92f9d21154c 11535 else
wolfSSL 0:d92f9d21154c 11536 ret = (int)keySz;
wolfSSL 0:d92f9d21154c 11537 }
wolfSSL 0:d92f9d21154c 11538
wolfSSL 0:d92f9d21154c 11539 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11540 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11541 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11542 #endif
wolfSSL 0:d92f9d21154c 11543
wolfSSL 0:d92f9d21154c 11544 return ret;
wolfSSL 0:d92f9d21154c 11545 }
wolfSSL 0:d92f9d21154c 11546 #endif /* NO_DH */
wolfSSL 0:d92f9d21154c 11547
wolfSSL 0:d92f9d21154c 11548
wolfSSL 0:d92f9d21154c 11549 #ifndef NO_DSA
wolfSSL 0:d92f9d21154c 11550 static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
wolfSSL 0:d92f9d21154c 11551 {
wolfSSL 0:d92f9d21154c 11552 if (dsa) {
wolfSSL 0:d92f9d21154c 11553 dsa->p = NULL;
wolfSSL 0:d92f9d21154c 11554 dsa->q = NULL;
wolfSSL 0:d92f9d21154c 11555 dsa->g = NULL;
wolfSSL 0:d92f9d21154c 11556 dsa->pub_key = NULL;
wolfSSL 0:d92f9d21154c 11557 dsa->priv_key = NULL;
wolfSSL 0:d92f9d21154c 11558 dsa->internal = NULL;
wolfSSL 0:d92f9d21154c 11559 dsa->inSet = 0;
wolfSSL 0:d92f9d21154c 11560 dsa->exSet = 0;
wolfSSL 0:d92f9d21154c 11561 }
wolfSSL 0:d92f9d21154c 11562 }
wolfSSL 0:d92f9d21154c 11563
wolfSSL 0:d92f9d21154c 11564
wolfSSL 0:d92f9d21154c 11565 WOLFSSL_DSA* wolfSSL_DSA_new(void)
wolfSSL 0:d92f9d21154c 11566 {
wolfSSL 0:d92f9d21154c 11567 WOLFSSL_DSA* external;
wolfSSL 0:d92f9d21154c 11568 DsaKey* key;
wolfSSL 0:d92f9d21154c 11569
wolfSSL 0:d92f9d21154c 11570 WOLFSSL_MSG("wolfSSL_DSA_new");
wolfSSL 0:d92f9d21154c 11571
wolfSSL 0:d92f9d21154c 11572 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:d92f9d21154c 11573 if (key == NULL) {
wolfSSL 0:d92f9d21154c 11574 WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
wolfSSL 0:d92f9d21154c 11575 return NULL;
wolfSSL 0:d92f9d21154c 11576 }
wolfSSL 0:d92f9d21154c 11577
wolfSSL 0:d92f9d21154c 11578 external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
wolfSSL 0:d92f9d21154c 11579 DYNAMIC_TYPE_DSA);
wolfSSL 0:d92f9d21154c 11580 if (external == NULL) {
wolfSSL 0:d92f9d21154c 11581 WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
wolfSSL 0:d92f9d21154c 11582 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:d92f9d21154c 11583 return NULL;
wolfSSL 0:d92f9d21154c 11584 }
wolfSSL 0:d92f9d21154c 11585
wolfSSL 0:d92f9d21154c 11586 InitwolfSSL_DSA(external);
wolfSSL 0:d92f9d21154c 11587 InitDsaKey(key);
wolfSSL 0:d92f9d21154c 11588 external->internal = key;
wolfSSL 0:d92f9d21154c 11589
wolfSSL 0:d92f9d21154c 11590 return external;
wolfSSL 0:d92f9d21154c 11591 }
wolfSSL 0:d92f9d21154c 11592
wolfSSL 0:d92f9d21154c 11593
wolfSSL 0:d92f9d21154c 11594 void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
wolfSSL 0:d92f9d21154c 11595 {
wolfSSL 0:d92f9d21154c 11596 WOLFSSL_MSG("wolfSSL_DSA_free");
wolfSSL 0:d92f9d21154c 11597
wolfSSL 0:d92f9d21154c 11598 if (dsa) {
wolfSSL 0:d92f9d21154c 11599 if (dsa->internal) {
wolfSSL 0:d92f9d21154c 11600 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 0:d92f9d21154c 11601 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:d92f9d21154c 11602 dsa->internal = NULL;
wolfSSL 0:d92f9d21154c 11603 }
wolfSSL 0:d92f9d21154c 11604 wolfSSL_BN_free(dsa->priv_key);
wolfSSL 0:d92f9d21154c 11605 wolfSSL_BN_free(dsa->pub_key);
wolfSSL 0:d92f9d21154c 11606 wolfSSL_BN_free(dsa->g);
wolfSSL 0:d92f9d21154c 11607 wolfSSL_BN_free(dsa->q);
wolfSSL 0:d92f9d21154c 11608 wolfSSL_BN_free(dsa->p);
wolfSSL 0:d92f9d21154c 11609 InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 0:d92f9d21154c 11610
wolfSSL 0:d92f9d21154c 11611 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:d92f9d21154c 11612 }
wolfSSL 0:d92f9d21154c 11613 }
wolfSSL 0:d92f9d21154c 11614
wolfSSL 0:d92f9d21154c 11615
wolfSSL 0:d92f9d21154c 11616 int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
wolfSSL 0:d92f9d21154c 11617 {
wolfSSL 0:d92f9d21154c 11618 (void)dsa;
wolfSSL 0:d92f9d21154c 11619
wolfSSL 0:d92f9d21154c 11620 WOLFSSL_MSG("wolfSSL_DSA_generate_key");
wolfSSL 0:d92f9d21154c 11621
wolfSSL 0:d92f9d21154c 11622 return 0; /* key gen not needed by server */
wolfSSL 0:d92f9d21154c 11623 }
wolfSSL 0:d92f9d21154c 11624
wolfSSL 0:d92f9d21154c 11625
wolfSSL 0:d92f9d21154c 11626 int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
wolfSSL 0:d92f9d21154c 11627 unsigned char* seed, int seedLen, int* counterRet,
wolfSSL 0:d92f9d21154c 11628 unsigned long* hRet, void* cb)
wolfSSL 0:d92f9d21154c 11629 {
wolfSSL 0:d92f9d21154c 11630 (void)dsa;
wolfSSL 0:d92f9d21154c 11631 (void)bits;
wolfSSL 0:d92f9d21154c 11632 (void)seed;
wolfSSL 0:d92f9d21154c 11633 (void)seedLen;
wolfSSL 0:d92f9d21154c 11634 (void)counterRet;
wolfSSL 0:d92f9d21154c 11635 (void)hRet;
wolfSSL 0:d92f9d21154c 11636 (void)cb;
wolfSSL 0:d92f9d21154c 11637
wolfSSL 0:d92f9d21154c 11638 WOLFSSL_MSG("wolfSSL_DSA_generate_parameters_ex");
wolfSSL 0:d92f9d21154c 11639
wolfSSL 0:d92f9d21154c 11640 return 0; /* key gen not needed by server */
wolfSSL 0:d92f9d21154c 11641 }
wolfSSL 0:d92f9d21154c 11642 #endif /* NO_DSA */
wolfSSL 0:d92f9d21154c 11643
wolfSSL 0:d92f9d21154c 11644 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 11645 static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 11646 {
wolfSSL 0:d92f9d21154c 11647 if (rsa) {
wolfSSL 0:d92f9d21154c 11648 rsa->n = NULL;
wolfSSL 0:d92f9d21154c 11649 rsa->e = NULL;
wolfSSL 0:d92f9d21154c 11650 rsa->d = NULL;
wolfSSL 0:d92f9d21154c 11651 rsa->p = NULL;
wolfSSL 0:d92f9d21154c 11652 rsa->q = NULL;
wolfSSL 0:d92f9d21154c 11653 rsa->dmp1 = NULL;
wolfSSL 0:d92f9d21154c 11654 rsa->dmq1 = NULL;
wolfSSL 0:d92f9d21154c 11655 rsa->iqmp = NULL;
wolfSSL 0:d92f9d21154c 11656 rsa->internal = NULL;
wolfSSL 0:d92f9d21154c 11657 rsa->inSet = 0;
wolfSSL 0:d92f9d21154c 11658 rsa->exSet = 0;
wolfSSL 0:d92f9d21154c 11659 }
wolfSSL 0:d92f9d21154c 11660 }
wolfSSL 0:d92f9d21154c 11661
wolfSSL 0:d92f9d21154c 11662
wolfSSL 0:d92f9d21154c 11663 WOLFSSL_RSA* wolfSSL_RSA_new(void)
wolfSSL 0:d92f9d21154c 11664 {
wolfSSL 0:d92f9d21154c 11665 WOLFSSL_RSA* external;
wolfSSL 0:d92f9d21154c 11666 RsaKey* key;
wolfSSL 0:d92f9d21154c 11667
wolfSSL 0:d92f9d21154c 11668 WOLFSSL_MSG("wolfSSL_RSA_new");
wolfSSL 0:d92f9d21154c 11669
wolfSSL 0:d92f9d21154c 11670 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11671 if (key == NULL) {
wolfSSL 0:d92f9d21154c 11672 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure");
wolfSSL 0:d92f9d21154c 11673 return NULL;
wolfSSL 0:d92f9d21154c 11674 }
wolfSSL 0:d92f9d21154c 11675
wolfSSL 0:d92f9d21154c 11676 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL,
wolfSSL 0:d92f9d21154c 11677 DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11678 if (external == NULL) {
wolfSSL 0:d92f9d21154c 11679 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
wolfSSL 0:d92f9d21154c 11680 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11681 return NULL;
wolfSSL 0:d92f9d21154c 11682 }
wolfSSL 0:d92f9d21154c 11683
wolfSSL 0:d92f9d21154c 11684 InitwolfSSL_Rsa(external);
wolfSSL 0:d92f9d21154c 11685 if (wc_InitRsaKey(key, NULL) != 0) {
wolfSSL 0:d92f9d21154c 11686 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure");
wolfSSL 0:d92f9d21154c 11687 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11688 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11689 return NULL;
wolfSSL 0:d92f9d21154c 11690 }
wolfSSL 0:d92f9d21154c 11691 external->internal = key;
wolfSSL 0:d92f9d21154c 11692
wolfSSL 0:d92f9d21154c 11693 return external;
wolfSSL 0:d92f9d21154c 11694 }
wolfSSL 0:d92f9d21154c 11695
wolfSSL 0:d92f9d21154c 11696
wolfSSL 0:d92f9d21154c 11697 void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 11698 {
wolfSSL 0:d92f9d21154c 11699 WOLFSSL_MSG("wolfSSL_RSA_free");
wolfSSL 0:d92f9d21154c 11700
wolfSSL 0:d92f9d21154c 11701 if (rsa) {
wolfSSL 0:d92f9d21154c 11702 if (rsa->internal) {
wolfSSL 0:d92f9d21154c 11703 wc_FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 0:d92f9d21154c 11704 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11705 rsa->internal = NULL;
wolfSSL 0:d92f9d21154c 11706 }
wolfSSL 0:d92f9d21154c 11707 wolfSSL_BN_free(rsa->iqmp);
wolfSSL 0:d92f9d21154c 11708 wolfSSL_BN_free(rsa->dmq1);
wolfSSL 0:d92f9d21154c 11709 wolfSSL_BN_free(rsa->dmp1);
wolfSSL 0:d92f9d21154c 11710 wolfSSL_BN_free(rsa->q);
wolfSSL 0:d92f9d21154c 11711 wolfSSL_BN_free(rsa->p);
wolfSSL 0:d92f9d21154c 11712 wolfSSL_BN_free(rsa->d);
wolfSSL 0:d92f9d21154c 11713 wolfSSL_BN_free(rsa->e);
wolfSSL 0:d92f9d21154c 11714 wolfSSL_BN_free(rsa->n);
wolfSSL 0:d92f9d21154c 11715 InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 0:d92f9d21154c 11716
wolfSSL 0:d92f9d21154c 11717 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:d92f9d21154c 11718 }
wolfSSL 0:d92f9d21154c 11719 }
wolfSSL 0:d92f9d21154c 11720 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 11721
wolfSSL 0:d92f9d21154c 11722
wolfSSL 0:d92f9d21154c 11723 #if !defined(NO_RSA) || !defined(NO_DSA)
wolfSSL 0:d92f9d21154c 11724 static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 0:d92f9d21154c 11725 {
wolfSSL 0:d92f9d21154c 11726 WOLFSSL_MSG("Entering SetIndividualExternal");
wolfSSL 0:d92f9d21154c 11727
wolfSSL 0:d92f9d21154c 11728 if (mpi == NULL) {
wolfSSL 0:d92f9d21154c 11729 WOLFSSL_MSG("mpi NULL error");
wolfSSL 0:d92f9d21154c 11730 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11731 }
wolfSSL 0:d92f9d21154c 11732
wolfSSL 0:d92f9d21154c 11733 if (*bn == NULL) {
wolfSSL 0:d92f9d21154c 11734 *bn = wolfSSL_BN_new();
wolfSSL 0:d92f9d21154c 11735 if (*bn == NULL) {
wolfSSL 0:d92f9d21154c 11736 WOLFSSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 0:d92f9d21154c 11737 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11738 }
wolfSSL 0:d92f9d21154c 11739 }
wolfSSL 0:d92f9d21154c 11740
wolfSSL 0:d92f9d21154c 11741 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 11742 WOLFSSL_MSG("mp_copy error");
wolfSSL 0:d92f9d21154c 11743 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11744 }
wolfSSL 0:d92f9d21154c 11745
wolfSSL 0:d92f9d21154c 11746 return 0;
wolfSSL 0:d92f9d21154c 11747 }
wolfSSL 0:d92f9d21154c 11748 #endif /* !NO_RSA && !NO_DSA */
wolfSSL 0:d92f9d21154c 11749
wolfSSL 0:d92f9d21154c 11750
wolfSSL 0:d92f9d21154c 11751 #ifndef NO_DSA
wolfSSL 0:d92f9d21154c 11752 static int SetDsaExternal(WOLFSSL_DSA* dsa)
wolfSSL 0:d92f9d21154c 11753 {
wolfSSL 0:d92f9d21154c 11754 DsaKey* key;
wolfSSL 0:d92f9d21154c 11755 WOLFSSL_MSG("Entering SetDsaExternal");
wolfSSL 0:d92f9d21154c 11756
wolfSSL 0:d92f9d21154c 11757 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 0:d92f9d21154c 11758 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 0:d92f9d21154c 11759 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11760 }
wolfSSL 0:d92f9d21154c 11761
wolfSSL 0:d92f9d21154c 11762 key = (DsaKey*)dsa->internal;
wolfSSL 0:d92f9d21154c 11763
wolfSSL 0:d92f9d21154c 11764 if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
wolfSSL 0:d92f9d21154c 11765 WOLFSSL_MSG("dsa p key error");
wolfSSL 0:d92f9d21154c 11766 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11767 }
wolfSSL 0:d92f9d21154c 11768
wolfSSL 0:d92f9d21154c 11769 if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
wolfSSL 0:d92f9d21154c 11770 WOLFSSL_MSG("dsa q key error");
wolfSSL 0:d92f9d21154c 11771 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11772 }
wolfSSL 0:d92f9d21154c 11773
wolfSSL 0:d92f9d21154c 11774 if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
wolfSSL 0:d92f9d21154c 11775 WOLFSSL_MSG("dsa g key error");
wolfSSL 0:d92f9d21154c 11776 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11777 }
wolfSSL 0:d92f9d21154c 11778
wolfSSL 0:d92f9d21154c 11779 if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
wolfSSL 0:d92f9d21154c 11780 WOLFSSL_MSG("dsa y key error");
wolfSSL 0:d92f9d21154c 11781 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11782 }
wolfSSL 0:d92f9d21154c 11783
wolfSSL 0:d92f9d21154c 11784 if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
wolfSSL 0:d92f9d21154c 11785 WOLFSSL_MSG("dsa x key error");
wolfSSL 0:d92f9d21154c 11786 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11787 }
wolfSSL 0:d92f9d21154c 11788
wolfSSL 0:d92f9d21154c 11789 dsa->exSet = 1;
wolfSSL 0:d92f9d21154c 11790
wolfSSL 0:d92f9d21154c 11791 return 0;
wolfSSL 0:d92f9d21154c 11792 }
wolfSSL 0:d92f9d21154c 11793 #endif /* NO_DSA */
wolfSSL 0:d92f9d21154c 11794
wolfSSL 0:d92f9d21154c 11795
wolfSSL 0:d92f9d21154c 11796 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 11797 static int SetRsaExternal(WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 11798 {
wolfSSL 0:d92f9d21154c 11799 RsaKey* key;
wolfSSL 0:d92f9d21154c 11800 WOLFSSL_MSG("Entering SetRsaExternal");
wolfSSL 0:d92f9d21154c 11801
wolfSSL 0:d92f9d21154c 11802 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 0:d92f9d21154c 11803 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 0:d92f9d21154c 11804 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11805 }
wolfSSL 0:d92f9d21154c 11806
wolfSSL 0:d92f9d21154c 11807 key = (RsaKey*)rsa->internal;
wolfSSL 0:d92f9d21154c 11808
wolfSSL 0:d92f9d21154c 11809 if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
wolfSSL 0:d92f9d21154c 11810 WOLFSSL_MSG("rsa n key error");
wolfSSL 0:d92f9d21154c 11811 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11812 }
wolfSSL 0:d92f9d21154c 11813
wolfSSL 0:d92f9d21154c 11814 if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
wolfSSL 0:d92f9d21154c 11815 WOLFSSL_MSG("rsa e key error");
wolfSSL 0:d92f9d21154c 11816 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11817 }
wolfSSL 0:d92f9d21154c 11818
wolfSSL 0:d92f9d21154c 11819 if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
wolfSSL 0:d92f9d21154c 11820 WOLFSSL_MSG("rsa d key error");
wolfSSL 0:d92f9d21154c 11821 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11822 }
wolfSSL 0:d92f9d21154c 11823
wolfSSL 0:d92f9d21154c 11824 if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
wolfSSL 0:d92f9d21154c 11825 WOLFSSL_MSG("rsa p key error");
wolfSSL 0:d92f9d21154c 11826 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11827 }
wolfSSL 0:d92f9d21154c 11828
wolfSSL 0:d92f9d21154c 11829 if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
wolfSSL 0:d92f9d21154c 11830 WOLFSSL_MSG("rsa q key error");
wolfSSL 0:d92f9d21154c 11831 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11832 }
wolfSSL 0:d92f9d21154c 11833
wolfSSL 0:d92f9d21154c 11834 if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
wolfSSL 0:d92f9d21154c 11835 WOLFSSL_MSG("rsa dP key error");
wolfSSL 0:d92f9d21154c 11836 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11837 }
wolfSSL 0:d92f9d21154c 11838
wolfSSL 0:d92f9d21154c 11839 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
wolfSSL 0:d92f9d21154c 11840 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 0:d92f9d21154c 11841 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11842 }
wolfSSL 0:d92f9d21154c 11843
wolfSSL 0:d92f9d21154c 11844 if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
wolfSSL 0:d92f9d21154c 11845 WOLFSSL_MSG("rsa u key error");
wolfSSL 0:d92f9d21154c 11846 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11847 }
wolfSSL 0:d92f9d21154c 11848
wolfSSL 0:d92f9d21154c 11849 rsa->exSet = 1;
wolfSSL 0:d92f9d21154c 11850
wolfSSL 0:d92f9d21154c 11851 return 0;
wolfSSL 0:d92f9d21154c 11852 }
wolfSSL 0:d92f9d21154c 11853
wolfSSL 0:d92f9d21154c 11854
wolfSSL 0:d92f9d21154c 11855 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 11856 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
wolfSSL 0:d92f9d21154c 11857 void* cb)
wolfSSL 0:d92f9d21154c 11858 {
wolfSSL 0:d92f9d21154c 11859 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11860
wolfSSL 0:d92f9d21154c 11861 WOLFSSL_MSG("wolfSSL_RSA_generate_key_ex");
wolfSSL 0:d92f9d21154c 11862
wolfSSL 0:d92f9d21154c 11863 (void)rsa;
wolfSSL 0:d92f9d21154c 11864 (void)bits;
wolfSSL 0:d92f9d21154c 11865 (void)cb;
wolfSSL 0:d92f9d21154c 11866 (void)bn;
wolfSSL 0:d92f9d21154c 11867
wolfSSL 0:d92f9d21154c 11868 #ifdef WOLFSSL_KEY_GEN
wolfSSL 0:d92f9d21154c 11869 {
wolfSSL 0:d92f9d21154c 11870 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11871 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 11872 #else
wolfSSL 0:d92f9d21154c 11873 RNG rng[1];
wolfSSL 0:d92f9d21154c 11874 #endif
wolfSSL 0:d92f9d21154c 11875
wolfSSL 0:d92f9d21154c 11876 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11877 rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11878 if (rng == NULL)
wolfSSL 0:d92f9d21154c 11879 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11880 #endif
wolfSSL 0:d92f9d21154c 11881
wolfSSL 0:d92f9d21154c 11882 if (wc_InitRng(rng) < 0)
wolfSSL 0:d92f9d21154c 11883 WOLFSSL_MSG("RNG init failed");
wolfSSL 0:d92f9d21154c 11884 else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
wolfSSL 0:d92f9d21154c 11885 WOLFSSL_MSG("wc_MakeRsaKey failed");
wolfSSL 0:d92f9d21154c 11886 else if (SetRsaExternal(rsa) < 0)
wolfSSL 0:d92f9d21154c 11887 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 0:d92f9d21154c 11888 else {
wolfSSL 0:d92f9d21154c 11889 rsa->inSet = 1;
wolfSSL 0:d92f9d21154c 11890 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 11891 }
wolfSSL 0:d92f9d21154c 11892
wolfSSL 0:d92f9d21154c 11893 wc_FreeRng(rng);
wolfSSL 0:d92f9d21154c 11894 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11895 XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11896 #endif
wolfSSL 0:d92f9d21154c 11897 }
wolfSSL 0:d92f9d21154c 11898 #else
wolfSSL 0:d92f9d21154c 11899 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 0:d92f9d21154c 11900 #endif
wolfSSL 0:d92f9d21154c 11901 return ret;
wolfSSL 0:d92f9d21154c 11902 }
wolfSSL 0:d92f9d21154c 11903
wolfSSL 0:d92f9d21154c 11904
wolfSSL 0:d92f9d21154c 11905 /* SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 11906 int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
wolfSSL 0:d92f9d21154c 11907 {
wolfSSL 0:d92f9d21154c 11908 (void)rsa;
wolfSSL 0:d92f9d21154c 11909 (void)bn;
wolfSSL 0:d92f9d21154c 11910
wolfSSL 0:d92f9d21154c 11911 WOLFSSL_MSG("wolfSSL_RSA_blinding_on");
wolfSSL 0:d92f9d21154c 11912
wolfSSL 0:d92f9d21154c 11913 return SSL_SUCCESS; /* on by default */
wolfSSL 0:d92f9d21154c 11914 }
wolfSSL 0:d92f9d21154c 11915
wolfSSL 0:d92f9d21154c 11916
wolfSSL 0:d92f9d21154c 11917 int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL 0:d92f9d21154c 11918 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 0:d92f9d21154c 11919 {
wolfSSL 0:d92f9d21154c 11920 (void)len;
wolfSSL 0:d92f9d21154c 11921 (void)fr;
wolfSSL 0:d92f9d21154c 11922 (void)to;
wolfSSL 0:d92f9d21154c 11923 (void)rsa;
wolfSSL 0:d92f9d21154c 11924 (void)padding;
wolfSSL 0:d92f9d21154c 11925
wolfSSL 0:d92f9d21154c 11926 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
wolfSSL 0:d92f9d21154c 11927
wolfSSL 0:d92f9d21154c 11928 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11929 }
wolfSSL 0:d92f9d21154c 11930
wolfSSL 0:d92f9d21154c 11931
wolfSSL 0:d92f9d21154c 11932 int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL 0:d92f9d21154c 11933 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 0:d92f9d21154c 11934 {
wolfSSL 0:d92f9d21154c 11935 (void)len;
wolfSSL 0:d92f9d21154c 11936 (void)fr;
wolfSSL 0:d92f9d21154c 11937 (void)to;
wolfSSL 0:d92f9d21154c 11938 (void)rsa;
wolfSSL 0:d92f9d21154c 11939 (void)padding;
wolfSSL 0:d92f9d21154c 11940
wolfSSL 0:d92f9d21154c 11941 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
wolfSSL 0:d92f9d21154c 11942
wolfSSL 0:d92f9d21154c 11943 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11944 }
wolfSSL 0:d92f9d21154c 11945
wolfSSL 0:d92f9d21154c 11946
wolfSSL 0:d92f9d21154c 11947 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 11948 {
wolfSSL 0:d92f9d21154c 11949 WOLFSSL_MSG("wolfSSL_RSA_size");
wolfSSL 0:d92f9d21154c 11950
wolfSSL 0:d92f9d21154c 11951 if (rsa == NULL)
wolfSSL 0:d92f9d21154c 11952 return 0;
wolfSSL 0:d92f9d21154c 11953
wolfSSL 0:d92f9d21154c 11954 return wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 0:d92f9d21154c 11955 }
wolfSSL 0:d92f9d21154c 11956 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 11957
wolfSSL 0:d92f9d21154c 11958
wolfSSL 0:d92f9d21154c 11959 #ifndef NO_DSA
wolfSSL 0:d92f9d21154c 11960 /* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL 0:d92f9d21154c 11961 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 0:d92f9d21154c 11962 WOLFSSL_DSA* dsa)
wolfSSL 0:d92f9d21154c 11963 {
wolfSSL 0:d92f9d21154c 11964 int ret = SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11965 int initTmpRng = 0;
wolfSSL 0:d92f9d21154c 11966 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 11967 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11968 RNG* tmpRNG = NULL;
wolfSSL 0:d92f9d21154c 11969 #else
wolfSSL 0:d92f9d21154c 11970 RNG tmpRNG[1];
wolfSSL 0:d92f9d21154c 11971 #endif
wolfSSL 0:d92f9d21154c 11972
wolfSSL 0:d92f9d21154c 11973 WOLFSSL_MSG("wolfSSL_DSA_do_sign");
wolfSSL 0:d92f9d21154c 11974
wolfSSL 0:d92f9d21154c 11975 if (d == NULL || sigRet == NULL || dsa == NULL)
wolfSSL 0:d92f9d21154c 11976 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 11977 else if (dsa->inSet == 0)
wolfSSL 0:d92f9d21154c 11978 WOLFSSL_MSG("No DSA internal set");
wolfSSL 0:d92f9d21154c 11979 else {
wolfSSL 0:d92f9d21154c 11980 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 11981 tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 11982 if (tmpRNG == NULL)
wolfSSL 0:d92f9d21154c 11983 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 11984 #endif
wolfSSL 0:d92f9d21154c 11985
wolfSSL 0:d92f9d21154c 11986 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 0:d92f9d21154c 11987 rng = tmpRNG;
wolfSSL 0:d92f9d21154c 11988 initTmpRng = 1;
wolfSSL 0:d92f9d21154c 11989 }
wolfSSL 0:d92f9d21154c 11990 else {
wolfSSL 0:d92f9d21154c 11991 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:d92f9d21154c 11992 if (initGlobalRNG == 0)
wolfSSL 0:d92f9d21154c 11993 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 0:d92f9d21154c 11994 else
wolfSSL 0:d92f9d21154c 11995 rng = &globalRNG;
wolfSSL 0:d92f9d21154c 11996 }
wolfSSL 0:d92f9d21154c 11997
wolfSSL 0:d92f9d21154c 11998 if (rng) {
wolfSSL 0:d92f9d21154c 11999 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
wolfSSL 0:d92f9d21154c 12000 WOLFSSL_MSG("DsaSign failed");
wolfSSL 0:d92f9d21154c 12001 else
wolfSSL 0:d92f9d21154c 12002 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12003 }
wolfSSL 0:d92f9d21154c 12004
wolfSSL 0:d92f9d21154c 12005 if (initTmpRng)
wolfSSL 0:d92f9d21154c 12006 wc_FreeRng(tmpRNG);
wolfSSL 0:d92f9d21154c 12007 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12008 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12009 #endif
wolfSSL 0:d92f9d21154c 12010 }
wolfSSL 0:d92f9d21154c 12011
wolfSSL 0:d92f9d21154c 12012 return ret;
wolfSSL 0:d92f9d21154c 12013 }
wolfSSL 0:d92f9d21154c 12014 #endif /* NO_DSA */
wolfSSL 0:d92f9d21154c 12015
wolfSSL 0:d92f9d21154c 12016
wolfSSL 0:d92f9d21154c 12017 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 12018 /* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL 0:d92f9d21154c 12019 int wolfSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 0:d92f9d21154c 12020 unsigned int mLen, unsigned char* sigRet,
wolfSSL 0:d92f9d21154c 12021 unsigned int* sigLen, WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 12022 {
wolfSSL 0:d92f9d21154c 12023 word32 outLen;
wolfSSL 0:d92f9d21154c 12024 word32 signSz;
wolfSSL 0:d92f9d21154c 12025 int initTmpRng = 0;
wolfSSL 0:d92f9d21154c 12026 RNG* rng = NULL;
wolfSSL 0:d92f9d21154c 12027 int ret = 0;
wolfSSL 0:d92f9d21154c 12028 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12029 RNG* tmpRNG = NULL;
wolfSSL 0:d92f9d21154c 12030 byte* encodedSig = NULL;
wolfSSL 0:d92f9d21154c 12031 #else
wolfSSL 0:d92f9d21154c 12032 RNG tmpRNG[1];
wolfSSL 0:d92f9d21154c 12033 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 0:d92f9d21154c 12034 #endif
wolfSSL 0:d92f9d21154c 12035
wolfSSL 0:d92f9d21154c 12036 WOLFSSL_MSG("wolfSSL_RSA_sign");
wolfSSL 0:d92f9d21154c 12037
wolfSSL 0:d92f9d21154c 12038 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL)
wolfSSL 0:d92f9d21154c 12039 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 12040 else if (rsa->inSet == 0)
wolfSSL 0:d92f9d21154c 12041 WOLFSSL_MSG("No RSA internal set");
wolfSSL 0:d92f9d21154c 12042 else if (type != NID_md5 && type != NID_sha1)
wolfSSL 0:d92f9d21154c 12043 WOLFSSL_MSG("Bad md type");
wolfSSL 0:d92f9d21154c 12044 else {
wolfSSL 0:d92f9d21154c 12045 outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 0:d92f9d21154c 12046
wolfSSL 0:d92f9d21154c 12047 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12048 tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12049 if (tmpRNG == NULL)
wolfSSL 0:d92f9d21154c 12050 return 0;
wolfSSL 0:d92f9d21154c 12051
wolfSSL 0:d92f9d21154c 12052 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL 0:d92f9d21154c 12053 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12054 if (encodedSig == NULL) {
wolfSSL 0:d92f9d21154c 12055 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12056 return 0;
wolfSSL 0:d92f9d21154c 12057 }
wolfSSL 0:d92f9d21154c 12058 #endif
wolfSSL 0:d92f9d21154c 12059
wolfSSL 0:d92f9d21154c 12060 if (outLen == 0)
wolfSSL 0:d92f9d21154c 12061 WOLFSSL_MSG("Bad RSA size");
wolfSSL 0:d92f9d21154c 12062 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 0:d92f9d21154c 12063 rng = tmpRNG;
wolfSSL 0:d92f9d21154c 12064 initTmpRng = 1;
wolfSSL 0:d92f9d21154c 12065 }
wolfSSL 0:d92f9d21154c 12066 else {
wolfSSL 0:d92f9d21154c 12067 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:d92f9d21154c 12068
wolfSSL 0:d92f9d21154c 12069 if (initGlobalRNG == 0)
wolfSSL 0:d92f9d21154c 12070 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 0:d92f9d21154c 12071 else
wolfSSL 0:d92f9d21154c 12072 rng = &globalRNG;
wolfSSL 0:d92f9d21154c 12073 }
wolfSSL 0:d92f9d21154c 12074 }
wolfSSL 0:d92f9d21154c 12075
wolfSSL 0:d92f9d21154c 12076 if (rng) {
wolfSSL 0:d92f9d21154c 12077 type = (type == NID_md5) ? MD5h : SHAh;
wolfSSL 0:d92f9d21154c 12078
wolfSSL 0:d92f9d21154c 12079 signSz = wc_EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 0:d92f9d21154c 12080 if (signSz == 0) {
wolfSSL 0:d92f9d21154c 12081 WOLFSSL_MSG("Bad Encode Signature");
wolfSSL 0:d92f9d21154c 12082 }
wolfSSL 0:d92f9d21154c 12083 else {
wolfSSL 0:d92f9d21154c 12084 *sigLen = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 0:d92f9d21154c 12085 (RsaKey*)rsa->internal, rng);
wolfSSL 0:d92f9d21154c 12086 if (*sigLen <= 0)
wolfSSL 0:d92f9d21154c 12087 WOLFSSL_MSG("Bad Rsa Sign");
wolfSSL 0:d92f9d21154c 12088 else
wolfSSL 0:d92f9d21154c 12089 ret = SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12090 }
wolfSSL 0:d92f9d21154c 12091
wolfSSL 0:d92f9d21154c 12092 }
wolfSSL 0:d92f9d21154c 12093
wolfSSL 0:d92f9d21154c 12094 if (initTmpRng)
wolfSSL 0:d92f9d21154c 12095 wc_FreeRng(tmpRNG);
wolfSSL 0:d92f9d21154c 12096
wolfSSL 0:d92f9d21154c 12097 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12098 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12099 XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12100 #endif
wolfSSL 0:d92f9d21154c 12101
wolfSSL 0:d92f9d21154c 12102 WOLFSSL_MSG("wolfSSL_RSA_sign success");
wolfSSL 0:d92f9d21154c 12103 return ret;
wolfSSL 0:d92f9d21154c 12104 }
wolfSSL 0:d92f9d21154c 12105
wolfSSL 0:d92f9d21154c 12106
wolfSSL 0:d92f9d21154c 12107 int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL 0:d92f9d21154c 12108 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 0:d92f9d21154c 12109 {
wolfSSL 0:d92f9d21154c 12110 (void)flen;
wolfSSL 0:d92f9d21154c 12111 (void)from;
wolfSSL 0:d92f9d21154c 12112 (void)to;
wolfSSL 0:d92f9d21154c 12113 (void)rsa;
wolfSSL 0:d92f9d21154c 12114 (void)padding;
wolfSSL 0:d92f9d21154c 12115
wolfSSL 0:d92f9d21154c 12116 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
wolfSSL 0:d92f9d21154c 12117
wolfSSL 0:d92f9d21154c 12118 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12119 }
wolfSSL 0:d92f9d21154c 12120
wolfSSL 0:d92f9d21154c 12121
wolfSSL 0:d92f9d21154c 12122 /* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 12123 int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
wolfSSL 0:d92f9d21154c 12124 {
wolfSSL 0:d92f9d21154c 12125 int err;
wolfSSL 0:d92f9d21154c 12126 mp_int tmp;
wolfSSL 0:d92f9d21154c 12127
wolfSSL 0:d92f9d21154c 12128 WOLFSSL_MSG("wolfSSL_RsaGenAdd");
wolfSSL 0:d92f9d21154c 12129
wolfSSL 0:d92f9d21154c 12130 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 0:d92f9d21154c 12131 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 0:d92f9d21154c 12132 WOLFSSL_MSG("rsa no init error");
wolfSSL 0:d92f9d21154c 12133 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12134 }
wolfSSL 0:d92f9d21154c 12135
wolfSSL 0:d92f9d21154c 12136 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 0:d92f9d21154c 12137 WOLFSSL_MSG("mp_init error");
wolfSSL 0:d92f9d21154c 12138 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12139 }
wolfSSL 0:d92f9d21154c 12140
wolfSSL 0:d92f9d21154c 12141 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 0:d92f9d21154c 12142 if (err != MP_OKAY) {
wolfSSL 0:d92f9d21154c 12143 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 0:d92f9d21154c 12144 }
wolfSSL 0:d92f9d21154c 12145 else
wolfSSL 0:d92f9d21154c 12146 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:d92f9d21154c 12147 (mp_int*)rsa->dmp1->internal);
wolfSSL 0:d92f9d21154c 12148
wolfSSL 0:d92f9d21154c 12149 if (err != MP_OKAY) {
wolfSSL 0:d92f9d21154c 12150 WOLFSSL_MSG("mp_mod error");
wolfSSL 0:d92f9d21154c 12151 }
wolfSSL 0:d92f9d21154c 12152 else
wolfSSL 0:d92f9d21154c 12153 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 0:d92f9d21154c 12154 if (err != MP_OKAY) {
wolfSSL 0:d92f9d21154c 12155 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 0:d92f9d21154c 12156 }
wolfSSL 0:d92f9d21154c 12157 else
wolfSSL 0:d92f9d21154c 12158 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:d92f9d21154c 12159 (mp_int*)rsa->dmq1->internal);
wolfSSL 0:d92f9d21154c 12160
wolfSSL 0:d92f9d21154c 12161 mp_clear(&tmp);
wolfSSL 0:d92f9d21154c 12162
wolfSSL 0:d92f9d21154c 12163 if (err == MP_OKAY)
wolfSSL 0:d92f9d21154c 12164 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12165 else
wolfSSL 0:d92f9d21154c 12166 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12167 }
wolfSSL 0:d92f9d21154c 12168 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 12169
wolfSSL 0:d92f9d21154c 12170
wolfSSL 0:d92f9d21154c 12171 void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 0:d92f9d21154c 12172 const EVP_MD* type)
wolfSSL 0:d92f9d21154c 12173 {
wolfSSL 0:d92f9d21154c 12174 WOLFSSL_MSG("wolfSSL_HMAC_Init");
wolfSSL 0:d92f9d21154c 12175
wolfSSL 0:d92f9d21154c 12176 if (ctx == NULL) {
wolfSSL 0:d92f9d21154c 12177 WOLFSSL_MSG("no ctx on init");
wolfSSL 0:d92f9d21154c 12178 return;
wolfSSL 0:d92f9d21154c 12179 }
wolfSSL 0:d92f9d21154c 12180
wolfSSL 0:d92f9d21154c 12181 if (type) {
wolfSSL 0:d92f9d21154c 12182 WOLFSSL_MSG("init has type");
wolfSSL 0:d92f9d21154c 12183
wolfSSL 0:d92f9d21154c 12184 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:d92f9d21154c 12185 WOLFSSL_MSG("md5 hmac");
wolfSSL 0:d92f9d21154c 12186 ctx->type = MD5;
wolfSSL 0:d92f9d21154c 12187 }
wolfSSL 0:d92f9d21154c 12188 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:d92f9d21154c 12189 WOLFSSL_MSG("sha256 hmac");
wolfSSL 0:d92f9d21154c 12190 ctx->type = SHA256;
wolfSSL 0:d92f9d21154c 12191 }
wolfSSL 0:d92f9d21154c 12192
wolfSSL 0:d92f9d21154c 12193 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:d92f9d21154c 12194 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:d92f9d21154c 12195 WOLFSSL_MSG("sha hmac");
wolfSSL 0:d92f9d21154c 12196 ctx->type = SHA;
wolfSSL 0:d92f9d21154c 12197 }
wolfSSL 0:d92f9d21154c 12198 else {
wolfSSL 0:d92f9d21154c 12199 WOLFSSL_MSG("bad init type");
wolfSSL 0:d92f9d21154c 12200 }
wolfSSL 0:d92f9d21154c 12201 }
wolfSSL 0:d92f9d21154c 12202
wolfSSL 0:d92f9d21154c 12203 if (key && keylen) {
wolfSSL 0:d92f9d21154c 12204 WOLFSSL_MSG("keying hmac");
wolfSSL 0:d92f9d21154c 12205 wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
wolfSSL 0:d92f9d21154c 12206 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 12207 }
wolfSSL 0:d92f9d21154c 12208 }
wolfSSL 0:d92f9d21154c 12209
wolfSSL 0:d92f9d21154c 12210
wolfSSL 0:d92f9d21154c 12211 void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 0:d92f9d21154c 12212 int len)
wolfSSL 0:d92f9d21154c 12213 {
wolfSSL 0:d92f9d21154c 12214 WOLFSSL_MSG("wolfSSL_HMAC_Update");
wolfSSL 0:d92f9d21154c 12215
wolfSSL 0:d92f9d21154c 12216 if (ctx && data) {
wolfSSL 0:d92f9d21154c 12217 WOLFSSL_MSG("updating hmac");
wolfSSL 0:d92f9d21154c 12218 wc_HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 0:d92f9d21154c 12219 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 12220 }
wolfSSL 0:d92f9d21154c 12221 }
wolfSSL 0:d92f9d21154c 12222
wolfSSL 0:d92f9d21154c 12223
wolfSSL 0:d92f9d21154c 12224 void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 0:d92f9d21154c 12225 unsigned int* len)
wolfSSL 0:d92f9d21154c 12226 {
wolfSSL 0:d92f9d21154c 12227 WOLFSSL_MSG("wolfSSL_HMAC_Final");
wolfSSL 0:d92f9d21154c 12228
wolfSSL 0:d92f9d21154c 12229 if (ctx && hash) {
wolfSSL 0:d92f9d21154c 12230 WOLFSSL_MSG("final hmac");
wolfSSL 0:d92f9d21154c 12231 wc_HmacFinal(&ctx->hmac, hash);
wolfSSL 0:d92f9d21154c 12232 /* OpenSSL compat, no error */
wolfSSL 0:d92f9d21154c 12233
wolfSSL 0:d92f9d21154c 12234 if (len) {
wolfSSL 0:d92f9d21154c 12235 WOLFSSL_MSG("setting output len");
wolfSSL 0:d92f9d21154c 12236 switch (ctx->type) {
wolfSSL 0:d92f9d21154c 12237 case MD5:
wolfSSL 0:d92f9d21154c 12238 *len = MD5_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12239 break;
wolfSSL 0:d92f9d21154c 12240
wolfSSL 0:d92f9d21154c 12241 case SHA:
wolfSSL 0:d92f9d21154c 12242 *len = SHA_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12243 break;
wolfSSL 0:d92f9d21154c 12244
wolfSSL 0:d92f9d21154c 12245 case SHA256:
wolfSSL 0:d92f9d21154c 12246 *len = SHA256_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12247 break;
wolfSSL 0:d92f9d21154c 12248
wolfSSL 0:d92f9d21154c 12249 default:
wolfSSL 0:d92f9d21154c 12250 WOLFSSL_MSG("bad hmac type");
wolfSSL 0:d92f9d21154c 12251 }
wolfSSL 0:d92f9d21154c 12252 }
wolfSSL 0:d92f9d21154c 12253 }
wolfSSL 0:d92f9d21154c 12254 }
wolfSSL 0:d92f9d21154c 12255
wolfSSL 0:d92f9d21154c 12256
wolfSSL 0:d92f9d21154c 12257 void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 0:d92f9d21154c 12258 {
wolfSSL 0:d92f9d21154c 12259 (void)ctx;
wolfSSL 0:d92f9d21154c 12260
wolfSSL 0:d92f9d21154c 12261 WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
wolfSSL 0:d92f9d21154c 12262 }
wolfSSL 0:d92f9d21154c 12263
wolfSSL 0:d92f9d21154c 12264
wolfSSL 0:d92f9d21154c 12265 const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
wolfSSL 0:d92f9d21154c 12266 {
wolfSSL 0:d92f9d21154c 12267 WOLFSSL_MSG("wolfSSL_get_digestbynid");
wolfSSL 0:d92f9d21154c 12268
wolfSSL 0:d92f9d21154c 12269 switch(id) {
wolfSSL 0:d92f9d21154c 12270 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 12271 case NID_md5:
wolfSSL 0:d92f9d21154c 12272 return wolfSSL_EVP_md5();
wolfSSL 0:d92f9d21154c 12273 #endif
wolfSSL 0:d92f9d21154c 12274 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 12275 case NID_sha1:
wolfSSL 0:d92f9d21154c 12276 return wolfSSL_EVP_sha1();
wolfSSL 0:d92f9d21154c 12277 #endif
wolfSSL 0:d92f9d21154c 12278 default:
wolfSSL 0:d92f9d21154c 12279 WOLFSSL_MSG("Bad digest id value");
wolfSSL 0:d92f9d21154c 12280 }
wolfSSL 0:d92f9d21154c 12281
wolfSSL 0:d92f9d21154c 12282 return NULL;
wolfSSL 0:d92f9d21154c 12283 }
wolfSSL 0:d92f9d21154c 12284
wolfSSL 0:d92f9d21154c 12285
wolfSSL 0:d92f9d21154c 12286 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 0:d92f9d21154c 12287 {
wolfSSL 0:d92f9d21154c 12288 (void)key;
wolfSSL 0:d92f9d21154c 12289 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
wolfSSL 0:d92f9d21154c 12290
wolfSSL 0:d92f9d21154c 12291 return NULL;
wolfSSL 0:d92f9d21154c 12292 }
wolfSSL 0:d92f9d21154c 12293
wolfSSL 0:d92f9d21154c 12294
wolfSSL 0:d92f9d21154c 12295 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 0:d92f9d21154c 12296 {
wolfSSL 0:d92f9d21154c 12297 (void)key;
wolfSSL 0:d92f9d21154c 12298 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA");
wolfSSL 0:d92f9d21154c 12299
wolfSSL 0:d92f9d21154c 12300 return NULL;
wolfSSL 0:d92f9d21154c 12301 }
wolfSSL 0:d92f9d21154c 12302
wolfSSL 0:d92f9d21154c 12303
wolfSSL 0:d92f9d21154c 12304 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 12305 {
wolfSSL 0:d92f9d21154c 12306 WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
wolfSSL 0:d92f9d21154c 12307
wolfSSL 0:d92f9d21154c 12308 if (ctx) {
wolfSSL 0:d92f9d21154c 12309 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 12310 case ARC4_TYPE:
wolfSSL 0:d92f9d21154c 12311 WOLFSSL_MSG("returning arc4 state");
wolfSSL 0:d92f9d21154c 12312 return (void*)&ctx->cipher.arc4.x;
wolfSSL 0:d92f9d21154c 12313
wolfSSL 0:d92f9d21154c 12314 default:
wolfSSL 0:d92f9d21154c 12315 WOLFSSL_MSG("bad x state type");
wolfSSL 0:d92f9d21154c 12316 return 0;
wolfSSL 0:d92f9d21154c 12317 }
wolfSSL 0:d92f9d21154c 12318 }
wolfSSL 0:d92f9d21154c 12319
wolfSSL 0:d92f9d21154c 12320 return NULL;
wolfSSL 0:d92f9d21154c 12321 }
wolfSSL 0:d92f9d21154c 12322
wolfSSL 0:d92f9d21154c 12323
wolfSSL 0:d92f9d21154c 12324 int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 12325 {
wolfSSL 0:d92f9d21154c 12326 WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
wolfSSL 0:d92f9d21154c 12327
wolfSSL 0:d92f9d21154c 12328 if (ctx) {
wolfSSL 0:d92f9d21154c 12329 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 12330 case ARC4_TYPE:
wolfSSL 0:d92f9d21154c 12331 WOLFSSL_MSG("returning arc4 state size");
wolfSSL 0:d92f9d21154c 12332 return sizeof(Arc4);
wolfSSL 0:d92f9d21154c 12333
wolfSSL 0:d92f9d21154c 12334 default:
wolfSSL 0:d92f9d21154c 12335 WOLFSSL_MSG("bad x state type");
wolfSSL 0:d92f9d21154c 12336 return 0;
wolfSSL 0:d92f9d21154c 12337 }
wolfSSL 0:d92f9d21154c 12338 }
wolfSSL 0:d92f9d21154c 12339
wolfSSL 0:d92f9d21154c 12340 return 0;
wolfSSL 0:d92f9d21154c 12341 }
wolfSSL 0:d92f9d21154c 12342
wolfSSL 0:d92f9d21154c 12343
wolfSSL 0:d92f9d21154c 12344 #ifndef NO_DES3
wolfSSL 0:d92f9d21154c 12345
wolfSSL 0:d92f9d21154c 12346 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:d92f9d21154c 12347 unsigned char* iv, int len)
wolfSSL 0:d92f9d21154c 12348 {
wolfSSL 0:d92f9d21154c 12349 (void)len;
wolfSSL 0:d92f9d21154c 12350
wolfSSL 0:d92f9d21154c 12351 WOLFSSL_MSG("wolfSSL_3des_iv");
wolfSSL 0:d92f9d21154c 12352
wolfSSL 0:d92f9d21154c 12353 if (ctx == NULL || iv == NULL) {
wolfSSL 0:d92f9d21154c 12354 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 12355 return;
wolfSSL 0:d92f9d21154c 12356 }
wolfSSL 0:d92f9d21154c 12357
wolfSSL 0:d92f9d21154c 12358 if (doset)
wolfSSL 0:d92f9d21154c 12359 wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 0:d92f9d21154c 12360 else
wolfSSL 0:d92f9d21154c 12361 memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 12362 }
wolfSSL 0:d92f9d21154c 12363
wolfSSL 0:d92f9d21154c 12364 #endif /* NO_DES3 */
wolfSSL 0:d92f9d21154c 12365
wolfSSL 0:d92f9d21154c 12366
wolfSSL 0:d92f9d21154c 12367 #ifndef NO_AES
wolfSSL 0:d92f9d21154c 12368
wolfSSL 0:d92f9d21154c 12369 void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:d92f9d21154c 12370 unsigned char* iv, int len)
wolfSSL 0:d92f9d21154c 12371 {
wolfSSL 0:d92f9d21154c 12372 (void)len;
wolfSSL 0:d92f9d21154c 12373
wolfSSL 0:d92f9d21154c 12374 WOLFSSL_MSG("wolfSSL_aes_ctr_iv");
wolfSSL 0:d92f9d21154c 12375
wolfSSL 0:d92f9d21154c 12376 if (ctx == NULL || iv == NULL) {
wolfSSL 0:d92f9d21154c 12377 WOLFSSL_MSG("Bad function argument");
wolfSSL 0:d92f9d21154c 12378 return;
wolfSSL 0:d92f9d21154c 12379 }
wolfSSL 0:d92f9d21154c 12380
wolfSSL 0:d92f9d21154c 12381 if (doset)
wolfSSL 0:d92f9d21154c 12382 wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 0:d92f9d21154c 12383 else
wolfSSL 0:d92f9d21154c 12384 memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:d92f9d21154c 12385 }
wolfSSL 0:d92f9d21154c 12386
wolfSSL 0:d92f9d21154c 12387 #endif /* NO_AES */
wolfSSL 0:d92f9d21154c 12388
wolfSSL 0:d92f9d21154c 12389
wolfSSL 0:d92f9d21154c 12390 const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
wolfSSL 0:d92f9d21154c 12391 {
wolfSSL 0:d92f9d21154c 12392 WOLFSSL_MSG("wolfSSL_ripemd160");
wolfSSL 0:d92f9d21154c 12393
wolfSSL 0:d92f9d21154c 12394 return NULL;
wolfSSL 0:d92f9d21154c 12395 }
wolfSSL 0:d92f9d21154c 12396
wolfSSL 0:d92f9d21154c 12397
wolfSSL 0:d92f9d21154c 12398 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
wolfSSL 0:d92f9d21154c 12399 {
wolfSSL 0:d92f9d21154c 12400 WOLFSSL_MSG("wolfSSL_EVP_MD_size");
wolfSSL 0:d92f9d21154c 12401
wolfSSL 0:d92f9d21154c 12402 if (type == NULL) {
wolfSSL 0:d92f9d21154c 12403 WOLFSSL_MSG("No md type arg");
wolfSSL 0:d92f9d21154c 12404 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12405 }
wolfSSL 0:d92f9d21154c 12406
wolfSSL 0:d92f9d21154c 12407 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:d92f9d21154c 12408 return SHA256_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12409 }
wolfSSL 0:d92f9d21154c 12410 #ifndef NO_MD5
wolfSSL 0:d92f9d21154c 12411 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:d92f9d21154c 12412 return MD5_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12413 }
wolfSSL 0:d92f9d21154c 12414 #endif
wolfSSL 0:d92f9d21154c 12415 #ifdef WOLFSSL_SHA384
wolfSSL 0:d92f9d21154c 12416 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:d92f9d21154c 12417 return SHA384_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12418 }
wolfSSL 0:d92f9d21154c 12419 #endif
wolfSSL 0:d92f9d21154c 12420 #ifdef WOLFSSL_SHA512
wolfSSL 0:d92f9d21154c 12421 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:d92f9d21154c 12422 return SHA512_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12423 }
wolfSSL 0:d92f9d21154c 12424 #endif
wolfSSL 0:d92f9d21154c 12425 #ifndef NO_SHA
wolfSSL 0:d92f9d21154c 12426 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:d92f9d21154c 12427 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:d92f9d21154c 12428 return SHA_DIGEST_SIZE;
wolfSSL 0:d92f9d21154c 12429 }
wolfSSL 0:d92f9d21154c 12430 #endif
wolfSSL 0:d92f9d21154c 12431
wolfSSL 0:d92f9d21154c 12432 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12433 }
wolfSSL 0:d92f9d21154c 12434
wolfSSL 0:d92f9d21154c 12435
wolfSSL 0:d92f9d21154c 12436 int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:d92f9d21154c 12437 {
wolfSSL 0:d92f9d21154c 12438 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL 0:d92f9d21154c 12439
wolfSSL 0:d92f9d21154c 12440 switch (ctx->cipherType) {
wolfSSL 0:d92f9d21154c 12441
wolfSSL 0:d92f9d21154c 12442 case AES_128_CBC_TYPE :
wolfSSL 0:d92f9d21154c 12443 case AES_192_CBC_TYPE :
wolfSSL 0:d92f9d21154c 12444 case AES_256_CBC_TYPE :
wolfSSL 0:d92f9d21154c 12445 WOLFSSL_MSG("AES CBC");
wolfSSL 0:d92f9d21154c 12446 return AES_BLOCK_SIZE;
wolfSSL 0:d92f9d21154c 12447
wolfSSL 0:d92f9d21154c 12448 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 0:d92f9d21154c 12449 case AES_128_CTR_TYPE :
wolfSSL 0:d92f9d21154c 12450 case AES_192_CTR_TYPE :
wolfSSL 0:d92f9d21154c 12451 case AES_256_CTR_TYPE :
wolfSSL 0:d92f9d21154c 12452 WOLFSSL_MSG("AES CTR");
wolfSSL 0:d92f9d21154c 12453 return AES_BLOCK_SIZE;
wolfSSL 0:d92f9d21154c 12454 #endif
wolfSSL 0:d92f9d21154c 12455
wolfSSL 0:d92f9d21154c 12456 case DES_CBC_TYPE :
wolfSSL 0:d92f9d21154c 12457 WOLFSSL_MSG("DES CBC");
wolfSSL 0:d92f9d21154c 12458 return DES_BLOCK_SIZE;
wolfSSL 0:d92f9d21154c 12459
wolfSSL 0:d92f9d21154c 12460 case DES_EDE3_CBC_TYPE :
wolfSSL 0:d92f9d21154c 12461 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 0:d92f9d21154c 12462 return DES_BLOCK_SIZE;
wolfSSL 0:d92f9d21154c 12463
wolfSSL 0:d92f9d21154c 12464 case ARC4_TYPE :
wolfSSL 0:d92f9d21154c 12465 WOLFSSL_MSG("ARC4");
wolfSSL 0:d92f9d21154c 12466 return 0;
wolfSSL 0:d92f9d21154c 12467
wolfSSL 0:d92f9d21154c 12468 case NULL_CIPHER_TYPE :
wolfSSL 0:d92f9d21154c 12469 WOLFSSL_MSG("NULL");
wolfSSL 0:d92f9d21154c 12470 return 0;
wolfSSL 0:d92f9d21154c 12471
wolfSSL 0:d92f9d21154c 12472 default: {
wolfSSL 0:d92f9d21154c 12473 WOLFSSL_MSG("bad type");
wolfSSL 0:d92f9d21154c 12474 }
wolfSSL 0:d92f9d21154c 12475 }
wolfSSL 0:d92f9d21154c 12476 return 0;
wolfSSL 0:d92f9d21154c 12477 }
wolfSSL 0:d92f9d21154c 12478
wolfSSL 0:d92f9d21154c 12479
wolfSSL 0:d92f9d21154c 12480 void wolfSSL_OPENSSL_free(void* p)
wolfSSL 0:d92f9d21154c 12481 {
wolfSSL 0:d92f9d21154c 12482 WOLFSSL_MSG("wolfSSL_OPENSSL_free");
wolfSSL 0:d92f9d21154c 12483
wolfSSL 0:d92f9d21154c 12484 XFREE(p, NULL, 0);
wolfSSL 0:d92f9d21154c 12485 }
wolfSSL 0:d92f9d21154c 12486
wolfSSL 0:d92f9d21154c 12487
wolfSSL 0:d92f9d21154c 12488 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
wolfSSL 0:d92f9d21154c 12489 const EVP_CIPHER* cipher,
wolfSSL 0:d92f9d21154c 12490 unsigned char* passwd, int len,
wolfSSL 0:d92f9d21154c 12491 pem_password_cb cb, void* arg)
wolfSSL 0:d92f9d21154c 12492 {
wolfSSL 0:d92f9d21154c 12493 (void)bio;
wolfSSL 0:d92f9d21154c 12494 (void)rsa;
wolfSSL 0:d92f9d21154c 12495 (void)cipher;
wolfSSL 0:d92f9d21154c 12496 (void)passwd;
wolfSSL 0:d92f9d21154c 12497 (void)len;
wolfSSL 0:d92f9d21154c 12498 (void)cb;
wolfSSL 0:d92f9d21154c 12499 (void)arg;
wolfSSL 0:d92f9d21154c 12500
wolfSSL 0:d92f9d21154c 12501 WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey");
wolfSSL 0:d92f9d21154c 12502
wolfSSL 0:d92f9d21154c 12503 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12504 }
wolfSSL 0:d92f9d21154c 12505
wolfSSL 0:d92f9d21154c 12506
wolfSSL 0:d92f9d21154c 12507
wolfSSL 0:d92f9d21154c 12508 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* rsa,
wolfSSL 0:d92f9d21154c 12509 const EVP_CIPHER* cipher,
wolfSSL 0:d92f9d21154c 12510 unsigned char* passwd, int len,
wolfSSL 0:d92f9d21154c 12511 pem_password_cb cb, void* arg)
wolfSSL 0:d92f9d21154c 12512 {
wolfSSL 0:d92f9d21154c 12513 (void)bio;
wolfSSL 0:d92f9d21154c 12514 (void)rsa;
wolfSSL 0:d92f9d21154c 12515 (void)cipher;
wolfSSL 0:d92f9d21154c 12516 (void)passwd;
wolfSSL 0:d92f9d21154c 12517 (void)len;
wolfSSL 0:d92f9d21154c 12518 (void)cb;
wolfSSL 0:d92f9d21154c 12519 (void)arg;
wolfSSL 0:d92f9d21154c 12520
wolfSSL 0:d92f9d21154c 12521 WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey");
wolfSSL 0:d92f9d21154c 12522
wolfSSL 0:d92f9d21154c 12523 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12524 }
wolfSSL 0:d92f9d21154c 12525
wolfSSL 0:d92f9d21154c 12526
wolfSSL 0:d92f9d21154c 12527
wolfSSL 0:d92f9d21154c 12528 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
wolfSSL 0:d92f9d21154c 12529 WOLFSSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
wolfSSL 0:d92f9d21154c 12530 {
wolfSSL 0:d92f9d21154c 12531 (void)bio;
wolfSSL 0:d92f9d21154c 12532 (void)key;
wolfSSL 0:d92f9d21154c 12533 (void)cb;
wolfSSL 0:d92f9d21154c 12534 (void)arg;
wolfSSL 0:d92f9d21154c 12535
wolfSSL 0:d92f9d21154c 12536 WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey");
wolfSSL 0:d92f9d21154c 12537
wolfSSL 0:d92f9d21154c 12538 return NULL;
wolfSSL 0:d92f9d21154c 12539 }
wolfSSL 0:d92f9d21154c 12540
wolfSSL 0:d92f9d21154c 12541
wolfSSL 0:d92f9d21154c 12542
wolfSSL 0:d92f9d21154c 12543 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 12544 /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:d92f9d21154c 12545 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
wolfSSL 0:d92f9d21154c 12546 {
wolfSSL 0:d92f9d21154c 12547 word32 idx = 0;
wolfSSL 0:d92f9d21154c 12548 int ret;
wolfSSL 0:d92f9d21154c 12549
wolfSSL 0:d92f9d21154c 12550 WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
wolfSSL 0:d92f9d21154c 12551
wolfSSL 0:d92f9d21154c 12552 if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:d92f9d21154c 12553 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 12554 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12555 }
wolfSSL 0:d92f9d21154c 12556
wolfSSL 0:d92f9d21154c 12557 ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 0:d92f9d21154c 12558 if (ret < 0) {
wolfSSL 0:d92f9d21154c 12559 WOLFSSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 0:d92f9d21154c 12560 return ret;
wolfSSL 0:d92f9d21154c 12561 }
wolfSSL 0:d92f9d21154c 12562
wolfSSL 0:d92f9d21154c 12563 if (SetRsaExternal(rsa) < 0) {
wolfSSL 0:d92f9d21154c 12564 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 0:d92f9d21154c 12565 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12566 }
wolfSSL 0:d92f9d21154c 12567
wolfSSL 0:d92f9d21154c 12568 rsa->inSet = 1;
wolfSSL 0:d92f9d21154c 12569
wolfSSL 0:d92f9d21154c 12570 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12571 }
wolfSSL 0:d92f9d21154c 12572 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 12573
wolfSSL 0:d92f9d21154c 12574
wolfSSL 0:d92f9d21154c 12575 #ifndef NO_DSA
wolfSSL 0:d92f9d21154c 12576 /* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:d92f9d21154c 12577 int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
wolfSSL 0:d92f9d21154c 12578 {
wolfSSL 0:d92f9d21154c 12579 word32 idx = 0;
wolfSSL 0:d92f9d21154c 12580 int ret;
wolfSSL 0:d92f9d21154c 12581
wolfSSL 0:d92f9d21154c 12582 WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
wolfSSL 0:d92f9d21154c 12583
wolfSSL 0:d92f9d21154c 12584 if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:d92f9d21154c 12585 WOLFSSL_MSG("Bad function arguments");
wolfSSL 0:d92f9d21154c 12586 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12587 }
wolfSSL 0:d92f9d21154c 12588
wolfSSL 0:d92f9d21154c 12589 ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 0:d92f9d21154c 12590 if (ret < 0) {
wolfSSL 0:d92f9d21154c 12591 WOLFSSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 0:d92f9d21154c 12592 return ret;
wolfSSL 0:d92f9d21154c 12593 }
wolfSSL 0:d92f9d21154c 12594
wolfSSL 0:d92f9d21154c 12595 if (SetDsaExternal(dsa) < 0) {
wolfSSL 0:d92f9d21154c 12596 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 0:d92f9d21154c 12597 return SSL_FATAL_ERROR;
wolfSSL 0:d92f9d21154c 12598 }
wolfSSL 0:d92f9d21154c 12599
wolfSSL 0:d92f9d21154c 12600 dsa->inSet = 1;
wolfSSL 0:d92f9d21154c 12601
wolfSSL 0:d92f9d21154c 12602 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12603 }
wolfSSL 0:d92f9d21154c 12604 #endif /* NO_DSA */
wolfSSL 0:d92f9d21154c 12605
wolfSSL 0:d92f9d21154c 12606
wolfSSL 0:d92f9d21154c 12607
wolfSSL 0:d92f9d21154c 12608
wolfSSL 0:d92f9d21154c 12609 #endif /* OPENSSL_EXTRA */
wolfSSL 0:d92f9d21154c 12610
wolfSSL 0:d92f9d21154c 12611
wolfSSL 0:d92f9d21154c 12612 #ifdef SESSION_CERTS
wolfSSL 0:d92f9d21154c 12613
wolfSSL 0:d92f9d21154c 12614
wolfSSL 0:d92f9d21154c 12615 /* Get peer's certificate chain */
wolfSSL 0:d92f9d21154c 12616 WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12617 {
wolfSSL 0:d92f9d21154c 12618 WOLFSSL_ENTER("wolfSSL_get_peer_chain");
wolfSSL 0:d92f9d21154c 12619 if (ssl)
wolfSSL 0:d92f9d21154c 12620 return &ssl->session.chain;
wolfSSL 0:d92f9d21154c 12621
wolfSSL 0:d92f9d21154c 12622 return 0;
wolfSSL 0:d92f9d21154c 12623 }
wolfSSL 0:d92f9d21154c 12624
wolfSSL 0:d92f9d21154c 12625
wolfSSL 0:d92f9d21154c 12626 /* Get peer's certificate chain total count */
wolfSSL 0:d92f9d21154c 12627 int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain)
wolfSSL 0:d92f9d21154c 12628 {
wolfSSL 0:d92f9d21154c 12629 WOLFSSL_ENTER("wolfSSL_get_chain_count");
wolfSSL 0:d92f9d21154c 12630 if (chain)
wolfSSL 0:d92f9d21154c 12631 return chain->count;
wolfSSL 0:d92f9d21154c 12632
wolfSSL 0:d92f9d21154c 12633 return 0;
wolfSSL 0:d92f9d21154c 12634 }
wolfSSL 0:d92f9d21154c 12635
wolfSSL 0:d92f9d21154c 12636
wolfSSL 0:d92f9d21154c 12637 /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
wolfSSL 0:d92f9d21154c 12638 int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 0:d92f9d21154c 12639 {
wolfSSL 0:d92f9d21154c 12640 WOLFSSL_ENTER("wolfSSL_get_chain_length");
wolfSSL 0:d92f9d21154c 12641 if (chain)
wolfSSL 0:d92f9d21154c 12642 return chain->certs[idx].length;
wolfSSL 0:d92f9d21154c 12643
wolfSSL 0:d92f9d21154c 12644 return 0;
wolfSSL 0:d92f9d21154c 12645 }
wolfSSL 0:d92f9d21154c 12646
wolfSSL 0:d92f9d21154c 12647
wolfSSL 0:d92f9d21154c 12648 /* Get peer's ASN.1 DER ceritifcate at index (idx) */
wolfSSL 0:d92f9d21154c 12649 byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 0:d92f9d21154c 12650 {
wolfSSL 0:d92f9d21154c 12651 WOLFSSL_ENTER("wolfSSL_get_chain_cert");
wolfSSL 0:d92f9d21154c 12652 if (chain)
wolfSSL 0:d92f9d21154c 12653 return chain->certs[idx].buffer;
wolfSSL 0:d92f9d21154c 12654
wolfSSL 0:d92f9d21154c 12655 return 0;
wolfSSL 0:d92f9d21154c 12656 }
wolfSSL 0:d92f9d21154c 12657
wolfSSL 0:d92f9d21154c 12658
wolfSSL 0:d92f9d21154c 12659 /* Get peer's wolfSSL X509 ceritifcate at index (idx) */
wolfSSL 0:d92f9d21154c 12660 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 0:d92f9d21154c 12661 {
wolfSSL 0:d92f9d21154c 12662 int ret;
wolfSSL 0:d92f9d21154c 12663 WOLFSSL_X509* x509 = NULL;
wolfSSL 0:d92f9d21154c 12664 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12665 DecodedCert* cert = NULL;
wolfSSL 0:d92f9d21154c 12666 #else
wolfSSL 0:d92f9d21154c 12667 DecodedCert cert[1];
wolfSSL 0:d92f9d21154c 12668 #endif
wolfSSL 0:d92f9d21154c 12669
wolfSSL 0:d92f9d21154c 12670 WOLFSSL_ENTER("wolfSSL_get_chain_X509");
wolfSSL 0:d92f9d21154c 12671 if (chain != NULL) {
wolfSSL 0:d92f9d21154c 12672 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12673 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 0:d92f9d21154c 12674 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12675 if (cert != NULL)
wolfSSL 0:d92f9d21154c 12676 #endif
wolfSSL 0:d92f9d21154c 12677 {
wolfSSL 0:d92f9d21154c 12678 InitDecodedCert(cert, chain->certs[idx].buffer,
wolfSSL 0:d92f9d21154c 12679 chain->certs[idx].length, NULL);
wolfSSL 0:d92f9d21154c 12680
wolfSSL 0:d92f9d21154c 12681 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0)
wolfSSL 0:d92f9d21154c 12682 WOLFSSL_MSG("Failed to parse cert");
wolfSSL 0:d92f9d21154c 12683 else {
wolfSSL 0:d92f9d21154c 12684 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 0:d92f9d21154c 12685 DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 12686 if (x509 == NULL) {
wolfSSL 0:d92f9d21154c 12687 WOLFSSL_MSG("Failed alloc X509");
wolfSSL 0:d92f9d21154c 12688 }
wolfSSL 0:d92f9d21154c 12689 else {
wolfSSL 0:d92f9d21154c 12690 InitX509(x509, 1);
wolfSSL 0:d92f9d21154c 12691
wolfSSL 0:d92f9d21154c 12692 if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
wolfSSL 0:d92f9d21154c 12693 WOLFSSL_MSG("Failed to copy decoded");
wolfSSL 0:d92f9d21154c 12694 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:d92f9d21154c 12695 x509 = NULL;
wolfSSL 0:d92f9d21154c 12696 }
wolfSSL 0:d92f9d21154c 12697 }
wolfSSL 0:d92f9d21154c 12698 }
wolfSSL 0:d92f9d21154c 12699
wolfSSL 0:d92f9d21154c 12700 FreeDecodedCert(cert);
wolfSSL 0:d92f9d21154c 12701 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 0:d92f9d21154c 12702 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:d92f9d21154c 12703 #endif
wolfSSL 0:d92f9d21154c 12704 }
wolfSSL 0:d92f9d21154c 12705 }
wolfSSL 0:d92f9d21154c 12706
wolfSSL 0:d92f9d21154c 12707 return x509;
wolfSSL 0:d92f9d21154c 12708 }
wolfSSL 0:d92f9d21154c 12709
wolfSSL 0:d92f9d21154c 12710
wolfSSL 0:d92f9d21154c 12711 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
wolfSSL 0:d92f9d21154c 12712 enough else return error (-1), output length is in *outLen
wolfSSL 0:d92f9d21154c 12713 SSL_SUCCESS on ok */
wolfSSL 0:d92f9d21154c 12714 int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
wolfSSL 0:d92f9d21154c 12715 unsigned char* buf, int inLen, int* outLen)
wolfSSL 0:d92f9d21154c 12716 {
wolfSSL 0:d92f9d21154c 12717 const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL 0:d92f9d21154c 12718 const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL 0:d92f9d21154c 12719
wolfSSL 0:d92f9d21154c 12720 int headerLen = sizeof(header) - 1;
wolfSSL 0:d92f9d21154c 12721 int footerLen = sizeof(footer) - 1;
wolfSSL 0:d92f9d21154c 12722 int i;
wolfSSL 0:d92f9d21154c 12723 int err;
wolfSSL 0:d92f9d21154c 12724
wolfSSL 0:d92f9d21154c 12725 WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
wolfSSL 0:d92f9d21154c 12726 if (!chain || !outLen || !buf)
wolfSSL 0:d92f9d21154c 12727 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12728
wolfSSL 0:d92f9d21154c 12729 /* don't even try if inLen too short */
wolfSSL 0:d92f9d21154c 12730 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 0:d92f9d21154c 12731 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12732
wolfSSL 0:d92f9d21154c 12733 /* header */
wolfSSL 0:d92f9d21154c 12734 XMEMCPY(buf, header, headerLen);
wolfSSL 0:d92f9d21154c 12735 i = headerLen;
wolfSSL 0:d92f9d21154c 12736
wolfSSL 0:d92f9d21154c 12737 /* body */
wolfSSL 0:d92f9d21154c 12738 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 0:d92f9d21154c 12739 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 0:d92f9d21154c 12740 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 0:d92f9d21154c 12741 return err;
wolfSSL 0:d92f9d21154c 12742 i += *outLen;
wolfSSL 0:d92f9d21154c 12743
wolfSSL 0:d92f9d21154c 12744 /* footer */
wolfSSL 0:d92f9d21154c 12745 if ( (i + footerLen) > inLen)
wolfSSL 0:d92f9d21154c 12746 return BAD_FUNC_ARG;
wolfSSL 0:d92f9d21154c 12747 XMEMCPY(buf + i, footer, footerLen);
wolfSSL 0:d92f9d21154c 12748 *outLen += headerLen + footerLen;
wolfSSL 0:d92f9d21154c 12749
wolfSSL 0:d92f9d21154c 12750 return SSL_SUCCESS;
wolfSSL 0:d92f9d21154c 12751 }
wolfSSL 0:d92f9d21154c 12752
wolfSSL 0:d92f9d21154c 12753
wolfSSL 0:d92f9d21154c 12754 /* get session ID */
wolfSSL 0:d92f9d21154c 12755 const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
wolfSSL 0:d92f9d21154c 12756 {
wolfSSL 0:d92f9d21154c 12757 WOLFSSL_ENTER("wolfSSL_get_sessionID");
wolfSSL 0:d92f9d21154c 12758 if (session)
wolfSSL 0:d92f9d21154c 12759 return session->sessionID;
wolfSSL 0:d92f9d21154c 12760
wolfSSL 0:d92f9d21154c 12761 return NULL;
wolfSSL 0:d92f9d21154c 12762 }
wolfSSL 0:d92f9d21154c 12763
wolfSSL 0:d92f9d21154c 12764
wolfSSL 0:d92f9d21154c 12765 #endif /* SESSION_CERTS */
wolfSSL 0:d92f9d21154c 12766
wolfSSL 0:d92f9d21154c 12767 #ifdef HAVE_FUZZER
wolfSSL 0:d92f9d21154c 12768 void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx)
wolfSSL 0:d92f9d21154c 12769 {
wolfSSL 0:d92f9d21154c 12770 if (ssl) {
wolfSSL 0:d92f9d21154c 12771 ssl->fuzzerCb = cbf;
wolfSSL 0:d92f9d21154c 12772 ssl->fuzzerCtx = fCtx;
wolfSSL 0:d92f9d21154c 12773 }
wolfSSL 0:d92f9d21154c 12774 }
wolfSSL 0:d92f9d21154c 12775 #endif
wolfSSL 0:d92f9d21154c 12776
wolfSSL 0:d92f9d21154c 12777 #ifndef NO_CERTS
wolfSSL 0:d92f9d21154c 12778 #ifdef HAVE_PK_CALLBACKS
wolfSSL 0:d92f9d21154c 12779
wolfSSL 0:d92f9d21154c 12780 #ifdef HAVE_ECC
wolfSSL 0:d92f9d21154c 12781
wolfSSL 0:d92f9d21154c 12782 void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 0:d92f9d21154c 12783 {
wolfSSL 0:d92f9d21154c 12784 if (ctx)
wolfSSL 0:d92f9d21154c 12785 ctx->EccSignCb = cb;
wolfSSL 0:d92f9d21154c 12786 }
wolfSSL 0:d92f9d21154c 12787
wolfSSL 0:d92f9d21154c 12788
wolfSSL 0:d92f9d21154c 12789 void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12790 {
wolfSSL 0:d92f9d21154c 12791 if (ssl)
wolfSSL 0:d92f9d21154c 12792 ssl->EccSignCtx = ctx;
wolfSSL 0:d92f9d21154c 12793 }
wolfSSL 0:d92f9d21154c 12794
wolfSSL 0:d92f9d21154c 12795
wolfSSL 0:d92f9d21154c 12796 void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12797 {
wolfSSL 0:d92f9d21154c 12798 if (ssl)
wolfSSL 0:d92f9d21154c 12799 return ssl->EccSignCtx;
wolfSSL 0:d92f9d21154c 12800
wolfSSL 0:d92f9d21154c 12801 return NULL;
wolfSSL 0:d92f9d21154c 12802 }
wolfSSL 0:d92f9d21154c 12803
wolfSSL 0:d92f9d21154c 12804
wolfSSL 0:d92f9d21154c 12805 void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 0:d92f9d21154c 12806 {
wolfSSL 0:d92f9d21154c 12807 if (ctx)
wolfSSL 0:d92f9d21154c 12808 ctx->EccVerifyCb = cb;
wolfSSL 0:d92f9d21154c 12809 }
wolfSSL 0:d92f9d21154c 12810
wolfSSL 0:d92f9d21154c 12811
wolfSSL 0:d92f9d21154c 12812 void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12813 {
wolfSSL 0:d92f9d21154c 12814 if (ssl)
wolfSSL 0:d92f9d21154c 12815 ssl->EccVerifyCtx = ctx;
wolfSSL 0:d92f9d21154c 12816 }
wolfSSL 0:d92f9d21154c 12817
wolfSSL 0:d92f9d21154c 12818
wolfSSL 0:d92f9d21154c 12819 void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12820 {
wolfSSL 0:d92f9d21154c 12821 if (ssl)
wolfSSL 0:d92f9d21154c 12822 return ssl->EccVerifyCtx;
wolfSSL 0:d92f9d21154c 12823
wolfSSL 0:d92f9d21154c 12824 return NULL;
wolfSSL 0:d92f9d21154c 12825 }
wolfSSL 0:d92f9d21154c 12826
wolfSSL 0:d92f9d21154c 12827 #endif /* HAVE_ECC */
wolfSSL 0:d92f9d21154c 12828
wolfSSL 0:d92f9d21154c 12829 #ifndef NO_RSA
wolfSSL 0:d92f9d21154c 12830
wolfSSL 0:d92f9d21154c 12831 void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 0:d92f9d21154c 12832 {
wolfSSL 0:d92f9d21154c 12833 if (ctx)
wolfSSL 0:d92f9d21154c 12834 ctx->RsaSignCb = cb;
wolfSSL 0:d92f9d21154c 12835 }
wolfSSL 0:d92f9d21154c 12836
wolfSSL 0:d92f9d21154c 12837
wolfSSL 0:d92f9d21154c 12838 void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12839 {
wolfSSL 0:d92f9d21154c 12840 if (ssl)
wolfSSL 0:d92f9d21154c 12841 ssl->RsaSignCtx = ctx;
wolfSSL 0:d92f9d21154c 12842 }
wolfSSL 0:d92f9d21154c 12843
wolfSSL 0:d92f9d21154c 12844
wolfSSL 0:d92f9d21154c 12845 void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12846 {
wolfSSL 0:d92f9d21154c 12847 if (ssl)
wolfSSL 0:d92f9d21154c 12848 return ssl->RsaSignCtx;
wolfSSL 0:d92f9d21154c 12849
wolfSSL 0:d92f9d21154c 12850 return NULL;
wolfSSL 0:d92f9d21154c 12851 }
wolfSSL 0:d92f9d21154c 12852
wolfSSL 0:d92f9d21154c 12853
wolfSSL 0:d92f9d21154c 12854 void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 0:d92f9d21154c 12855 {
wolfSSL 0:d92f9d21154c 12856 if (ctx)
wolfSSL 0:d92f9d21154c 12857 ctx->RsaVerifyCb = cb;
wolfSSL 0:d92f9d21154c 12858 }
wolfSSL 0:d92f9d21154c 12859
wolfSSL 0:d92f9d21154c 12860
wolfSSL 0:d92f9d21154c 12861 void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12862 {
wolfSSL 0:d92f9d21154c 12863 if (ssl)
wolfSSL 0:d92f9d21154c 12864 ssl->RsaVerifyCtx = ctx;
wolfSSL 0:d92f9d21154c 12865 }
wolfSSL 0:d92f9d21154c 12866
wolfSSL 0:d92f9d21154c 12867
wolfSSL 0:d92f9d21154c 12868 void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12869 {
wolfSSL 0:d92f9d21154c 12870 if (ssl)
wolfSSL 0:d92f9d21154c 12871 return ssl->RsaVerifyCtx;
wolfSSL 0:d92f9d21154c 12872
wolfSSL 0:d92f9d21154c 12873 return NULL;
wolfSSL 0:d92f9d21154c 12874 }
wolfSSL 0:d92f9d21154c 12875
wolfSSL 0:d92f9d21154c 12876 void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 0:d92f9d21154c 12877 {
wolfSSL 0:d92f9d21154c 12878 if (ctx)
wolfSSL 0:d92f9d21154c 12879 ctx->RsaEncCb = cb;
wolfSSL 0:d92f9d21154c 12880 }
wolfSSL 0:d92f9d21154c 12881
wolfSSL 0:d92f9d21154c 12882
wolfSSL 0:d92f9d21154c 12883 void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12884 {
wolfSSL 0:d92f9d21154c 12885 if (ssl)
wolfSSL 0:d92f9d21154c 12886 ssl->RsaEncCtx = ctx;
wolfSSL 0:d92f9d21154c 12887 }
wolfSSL 0:d92f9d21154c 12888
wolfSSL 0:d92f9d21154c 12889
wolfSSL 0:d92f9d21154c 12890 void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12891 {
wolfSSL 0:d92f9d21154c 12892 if (ssl)
wolfSSL 0:d92f9d21154c 12893 return ssl->RsaEncCtx;
wolfSSL 0:d92f9d21154c 12894
wolfSSL 0:d92f9d21154c 12895 return NULL;
wolfSSL 0:d92f9d21154c 12896 }
wolfSSL 0:d92f9d21154c 12897
wolfSSL 0:d92f9d21154c 12898 void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 0:d92f9d21154c 12899 {
wolfSSL 0:d92f9d21154c 12900 if (ctx)
wolfSSL 0:d92f9d21154c 12901 ctx->RsaDecCb = cb;
wolfSSL 0:d92f9d21154c 12902 }
wolfSSL 0:d92f9d21154c 12903
wolfSSL 0:d92f9d21154c 12904
wolfSSL 0:d92f9d21154c 12905 void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 0:d92f9d21154c 12906 {
wolfSSL 0:d92f9d21154c 12907 if (ssl)
wolfSSL 0:d92f9d21154c 12908 ssl->RsaDecCtx = ctx;
wolfSSL 0:d92f9d21154c 12909 }
wolfSSL 0:d92f9d21154c 12910
wolfSSL 0:d92f9d21154c 12911
wolfSSL 0:d92f9d21154c 12912 void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
wolfSSL 0:d92f9d21154c 12913 {
wolfSSL 0:d92f9d21154c 12914 if (ssl)
wolfSSL 0:d92f9d21154c 12915 return ssl->RsaDecCtx;
wolfSSL 0:d92f9d21154c 12916
wolfSSL 0:d92f9d21154c 12917 return NULL;
wolfSSL 0:d92f9d21154c 12918 }
wolfSSL 0:d92f9d21154c 12919
wolfSSL 0:d92f9d21154c 12920
wolfSSL 0:d92f9d21154c 12921 #endif /* NO_RSA */
wolfSSL 0:d92f9d21154c 12922
wolfSSL 0:d92f9d21154c 12923 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 0:d92f9d21154c 12924 #endif /* NO_CERTS */
wolfSSL 0:d92f9d21154c 12925
wolfSSL 0:d92f9d21154c 12926
wolfSSL 0:d92f9d21154c 12927 #ifdef WOLFSSL_HAVE_WOLFSCEP
wolfSSL 0:d92f9d21154c 12928 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 0:d92f9d21154c 12929 void wolfSSL_wolfSCEP(void) {}
wolfSSL 0:d92f9d21154c 12930 #endif
wolfSSL 0:d92f9d21154c 12931
wolfSSL 0:d92f9d21154c 12932
wolfSSL 0:d92f9d21154c 12933 #ifdef WOLFSSL_HAVE_CERT_SERVICE
wolfSSL 0:d92f9d21154c 12934 /* Used by autoconf to see if cert service is available */
wolfSSL 0:d92f9d21154c 12935 void wolfSSL_cert_service(void) {}
wolfSSL 0:d92f9d21154c 12936 #endif
wolfSSL 0:d92f9d21154c 12937
wolfSSL 0:d92f9d21154c 12938