wolfSSL-TLS13-Beta - wolfSSL 3.11.1 for TLS1.3 beta

Users » wolfSSL » Code » wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

src/internal.c@4:1b0d80432c79, 2016-04-28 (annotated)

Committer:: wolfSSL
Date:: Thu Apr 28 00:57:21 2016 +0000
Revision:: 4:1b0d80432c79

wolfSSL 3.9.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	4:1b0d80432c79	1	/* internal.c
wolfSSL	4:1b0d80432c79	2	*
wolfSSL	4:1b0d80432c79	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	4:1b0d80432c79	4	*
wolfSSL	4:1b0d80432c79	5	* This file is part of wolfSSL.
wolfSSL	4:1b0d80432c79	6	*
wolfSSL	4:1b0d80432c79	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	4:1b0d80432c79	8	* it under the terms of the GNU General Public License as published by
wolfSSL	4:1b0d80432c79	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	4:1b0d80432c79	10	* (at your option) any later version.
wolfSSL	4:1b0d80432c79	11	*
wolfSSL	4:1b0d80432c79	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	4:1b0d80432c79	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	4:1b0d80432c79	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	4:1b0d80432c79	15	* GNU General Public License for more details.
wolfSSL	4:1b0d80432c79	16	*
wolfSSL	4:1b0d80432c79	17	* You should have received a copy of the GNU General Public License
wolfSSL	4:1b0d80432c79	18	* along with this program; if not, write to the Free Software
wolfSSL	4:1b0d80432c79	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	4:1b0d80432c79	20	*/
wolfSSL	4:1b0d80432c79	21
wolfSSL	4:1b0d80432c79	22
wolfSSL	4:1b0d80432c79	23
wolfSSL	4:1b0d80432c79	24	#ifdef HAVE_CONFIG_H
wolfSSL	4:1b0d80432c79	25	#include <config.h>
wolfSSL	4:1b0d80432c79	26	#endif
wolfSSL	4:1b0d80432c79	27
wolfSSL	4:1b0d80432c79	28	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	4:1b0d80432c79	29
wolfSSL	4:1b0d80432c79	30	#ifndef WOLFCRYPT_ONLY
wolfSSL	4:1b0d80432c79	31
wolfSSL	4:1b0d80432c79	32	#include <wolfssl/internal.h>
wolfSSL	4:1b0d80432c79	33	#include <wolfssl/error-ssl.h>
wolfSSL	4:1b0d80432c79	34	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	4:1b0d80432c79	35	#include <wolfssl/wolfcrypt/dh.h>
wolfSSL	4:1b0d80432c79	36	#ifdef NO_INLINE
wolfSSL	4:1b0d80432c79	37	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	4:1b0d80432c79	38	#else
wolfSSL	4:1b0d80432c79	39	#include <wolfcrypt/src/misc.c>
wolfSSL	4:1b0d80432c79	40	#endif
wolfSSL	4:1b0d80432c79	41
wolfSSL	4:1b0d80432c79	42	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	43	#include "zlib.h"
wolfSSL	4:1b0d80432c79	44	#endif
wolfSSL	4:1b0d80432c79	45
wolfSSL	4:1b0d80432c79	46	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	47	#include "libntruencrypt/ntru_crypto.h"
wolfSSL	4:1b0d80432c79	48	#endif
wolfSSL	4:1b0d80432c79	49
wolfSSL	4:1b0d80432c79	50	#if defined(DEBUG_WOLFSSL) \|\| defined(SHOW_SECRETS) \|\| defined(CHACHA_AEAD_TEST)
wolfSSL	4:1b0d80432c79	51	#if defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	4:1b0d80432c79	52	#if MQX_USE_IO_OLD
wolfSSL	4:1b0d80432c79	53	#include <fio.h>
wolfSSL	4:1b0d80432c79	54	#else
wolfSSL	4:1b0d80432c79	55	#include <nio.h>
wolfSSL	4:1b0d80432c79	56	#endif
wolfSSL	4:1b0d80432c79	57	#else
wolfSSL	4:1b0d80432c79	58	#include <stdio.h>
wolfSSL	4:1b0d80432c79	59	#endif
wolfSSL	4:1b0d80432c79	60	#endif
wolfSSL	4:1b0d80432c79	61
wolfSSL	4:1b0d80432c79	62	#ifdef __sun
wolfSSL	4:1b0d80432c79	63	#include <sys/filio.h>
wolfSSL	4:1b0d80432c79	64	#endif
wolfSSL	4:1b0d80432c79	65
wolfSSL	4:1b0d80432c79	66	#ifndef TRUE
wolfSSL	4:1b0d80432c79	67	#define TRUE 1
wolfSSL	4:1b0d80432c79	68	#endif
wolfSSL	4:1b0d80432c79	69	#ifndef FALSE
wolfSSL	4:1b0d80432c79	70	#define FALSE 0
wolfSSL	4:1b0d80432c79	71	#endif
wolfSSL	4:1b0d80432c79	72
wolfSSL	4:1b0d80432c79	73	#ifdef _MSC_VER
wolfSSL	4:1b0d80432c79	74	/* disable for while(0) cases at the .c level for now */
wolfSSL	4:1b0d80432c79	75	#pragma warning(disable:4127)
wolfSSL	4:1b0d80432c79	76	#endif
wolfSSL	4:1b0d80432c79	77
wolfSSL	4:1b0d80432c79	78	#if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL	4:1b0d80432c79	79	#error \
wolfSSL	4:1b0d80432c79	80	WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL	4:1b0d80432c79	81	#endif
wolfSSL	4:1b0d80432c79	82
wolfSSL	4:1b0d80432c79	83	#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
wolfSSL	4:1b0d80432c79	84	#error Cannot use both secure-renegotiation and renegotiation-indication
wolfSSL	4:1b0d80432c79	85	#endif
wolfSSL	4:1b0d80432c79	86
wolfSSL	4:1b0d80432c79	87	static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	4:1b0d80432c79	88	const byte* input, int inSz, int type, int hashOutput);
wolfSSL	4:1b0d80432c79	89
wolfSSL	4:1b0d80432c79	90	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	91	static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	4:1b0d80432c79	92	word32);
wolfSSL	4:1b0d80432c79	93	static int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL	4:1b0d80432c79	94	static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	4:1b0d80432c79	95	word32);
wolfSSL	4:1b0d80432c79	96	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	97	static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	4:1b0d80432c79	98	word32);
wolfSSL	4:1b0d80432c79	99	#endif
wolfSSL	4:1b0d80432c79	100	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	101	static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	4:1b0d80432c79	102	word32);
wolfSSL	4:1b0d80432c79	103	#endif
wolfSSL	4:1b0d80432c79	104	#endif
wolfSSL	4:1b0d80432c79	105
wolfSSL	4:1b0d80432c79	106
wolfSSL	4:1b0d80432c79	107	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	108	static int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL	4:1b0d80432c79	109	static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
wolfSSL	4:1b0d80432c79	110	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	111	static int DoCertificateVerify(WOLFSSL* ssl, byte, word32, word32);
wolfSSL	4:1b0d80432c79	112	#endif
wolfSSL	4:1b0d80432c79	113	#ifdef HAVE_STUNNEL
wolfSSL	4:1b0d80432c79	114	static int SNI_Callback(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	115	#endif
wolfSSL	4:1b0d80432c79	116	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	117	static int SendHelloVerifyRequest(WOLFSSL, const byte, byte);
wolfSSL	4:1b0d80432c79	118	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	119	#endif
wolfSSL	4:1b0d80432c79	120
wolfSSL	4:1b0d80432c79	121
wolfSSL	4:1b0d80432c79	122	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	123	static INLINE int DtlsCheckWindow(DtlsState* state);
wolfSSL	4:1b0d80432c79	124	static INLINE int DtlsUpdateWindow(DtlsState* state);
wolfSSL	4:1b0d80432c79	125	#endif
wolfSSL	4:1b0d80432c79	126
wolfSSL	4:1b0d80432c79	127
wolfSSL	4:1b0d80432c79	128	typedef enum {
wolfSSL	4:1b0d80432c79	129	doProcessInit = 0,
wolfSSL	4:1b0d80432c79	130	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	131	runProcessOldClientHello,
wolfSSL	4:1b0d80432c79	132	#endif
wolfSSL	4:1b0d80432c79	133	getRecordLayerHeader,
wolfSSL	4:1b0d80432c79	134	getData,
wolfSSL	4:1b0d80432c79	135	runProcessingOneMessage
wolfSSL	4:1b0d80432c79	136	} processReply;
wolfSSL	4:1b0d80432c79	137
wolfSSL	4:1b0d80432c79	138	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	139	static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	4:1b0d80432c79	140	int content, int verify);
wolfSSL	4:1b0d80432c79	141
wolfSSL	4:1b0d80432c79	142	#endif
wolfSSL	4:1b0d80432c79	143
wolfSSL	4:1b0d80432c79	144	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	145	static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL	4:1b0d80432c79	146	#endif
wolfSSL	4:1b0d80432c79	147
wolfSSL	4:1b0d80432c79	148	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	149	int QSH_Init(WOLFSSL* ssl);
wolfSSL	4:1b0d80432c79	150	#endif
wolfSSL	4:1b0d80432c79	151
wolfSSL	4:1b0d80432c79	152	#ifndef WOLFSSL_HAVE_MIN
wolfSSL	4:1b0d80432c79	153	#define WOLFSSL_HAVE_MIN
wolfSSL	4:1b0d80432c79	154
wolfSSL	4:1b0d80432c79	155	static INLINE word32 min(word32 a, word32 b)
wolfSSL	4:1b0d80432c79	156	{
wolfSSL	4:1b0d80432c79	157	return a > b ? b : a;
wolfSSL	4:1b0d80432c79	158	}
wolfSSL	4:1b0d80432c79	159
wolfSSL	4:1b0d80432c79	160	#endif /* WOLFSSL_HAVE_MIN */
wolfSSL	4:1b0d80432c79	161
wolfSSL	4:1b0d80432c79	162
wolfSSL	4:1b0d80432c79	163	int IsTLS(const WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	164	{
wolfSSL	4:1b0d80432c79	165	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL	4:1b0d80432c79	166	return 1;
wolfSSL	4:1b0d80432c79	167
wolfSSL	4:1b0d80432c79	168	return 0;
wolfSSL	4:1b0d80432c79	169	}
wolfSSL	4:1b0d80432c79	170
wolfSSL	4:1b0d80432c79	171
wolfSSL	4:1b0d80432c79	172	int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	173	{
wolfSSL	4:1b0d80432c79	174	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL	4:1b0d80432c79	175	return 1;
wolfSSL	4:1b0d80432c79	176	if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL	4:1b0d80432c79	177	return 1;
wolfSSL	4:1b0d80432c79	178
wolfSSL	4:1b0d80432c79	179	return 0;
wolfSSL	4:1b0d80432c79	180	}
wolfSSL	4:1b0d80432c79	181
wolfSSL	4:1b0d80432c79	182
wolfSSL	4:1b0d80432c79	183	static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
wolfSSL	4:1b0d80432c79	184	{
wolfSSL	4:1b0d80432c79	185	(void)isSend;
wolfSSL	4:1b0d80432c79	186
wolfSSL	4:1b0d80432c79	187	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	188	/* For DTLS, epoch 0 is always not encrypted. */
wolfSSL	4:1b0d80432c79	189	if (ssl->options.dtls && !isSend && ssl->keys.dtls_state.curEpoch == 0)
wolfSSL	4:1b0d80432c79	190	return 0;
wolfSSL	4:1b0d80432c79	191	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	192
wolfSSL	4:1b0d80432c79	193	return ssl->keys.encryptionOn;
wolfSSL	4:1b0d80432c79	194	}
wolfSSL	4:1b0d80432c79	195
wolfSSL	4:1b0d80432c79	196
wolfSSL	4:1b0d80432c79	197	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	198	/* free all structs that where used with QSH */
wolfSSL	4:1b0d80432c79	199	static int QSH_FreeAll(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	200	{
wolfSSL	4:1b0d80432c79	201	QSHKey* key = ssl->QSH_Key;
wolfSSL	4:1b0d80432c79	202	QSHKey* preKey = NULL;
wolfSSL	4:1b0d80432c79	203	QSHSecret* secret = ssl->QSH_secret;
wolfSSL	4:1b0d80432c79	204	QSHScheme* list = NULL;
wolfSSL	4:1b0d80432c79	205	QSHScheme* preList = NULL;
wolfSSL	4:1b0d80432c79	206
wolfSSL	4:1b0d80432c79	207	/* free elements in struct */
wolfSSL	4:1b0d80432c79	208	while (key) {
wolfSSL	4:1b0d80432c79	209	preKey = key;
wolfSSL	4:1b0d80432c79	210	if (key->pri.buffer) {
wolfSSL	4:1b0d80432c79	211	ForceZero(key->pri.buffer, key->pri.length);
wolfSSL	4:1b0d80432c79	212	XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	213	}
wolfSSL	4:1b0d80432c79	214	if (key->pub.buffer)
wolfSSL	4:1b0d80432c79	215	XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	216	key = (QSHKey*)key->next;
wolfSSL	4:1b0d80432c79	217
wolfSSL	4:1b0d80432c79	218	/* free struct */
wolfSSL	4:1b0d80432c79	219	XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	220	}
wolfSSL	4:1b0d80432c79	221	key = NULL;
wolfSSL	4:1b0d80432c79	222
wolfSSL	4:1b0d80432c79	223
wolfSSL	4:1b0d80432c79	224	/* free all of peers QSH keys */
wolfSSL	4:1b0d80432c79	225	key = ssl->peerQSHKey;
wolfSSL	4:1b0d80432c79	226	while (key) {
wolfSSL	4:1b0d80432c79	227	preKey = key;
wolfSSL	4:1b0d80432c79	228	if (key->pri.buffer) {
wolfSSL	4:1b0d80432c79	229	ForceZero(key->pri.buffer, key->pri.length);
wolfSSL	4:1b0d80432c79	230	XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	231	}
wolfSSL	4:1b0d80432c79	232	if (key->pub.buffer)
wolfSSL	4:1b0d80432c79	233	XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	234	key = (QSHKey*)key->next;
wolfSSL	4:1b0d80432c79	235
wolfSSL	4:1b0d80432c79	236	/* free struct */
wolfSSL	4:1b0d80432c79	237	XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	238	}
wolfSSL	4:1b0d80432c79	239	key = NULL;
wolfSSL	4:1b0d80432c79	240
wolfSSL	4:1b0d80432c79	241	/* free secret information */
wolfSSL	4:1b0d80432c79	242	if (secret) {
wolfSSL	4:1b0d80432c79	243	/* free up the QSHScheme list in QSHSecret */
wolfSSL	4:1b0d80432c79	244	if (secret->list)
wolfSSL	4:1b0d80432c79	245	list = secret->list;
wolfSSL	4:1b0d80432c79	246	while (list) {
wolfSSL	4:1b0d80432c79	247	preList = list;
wolfSSL	4:1b0d80432c79	248	if (list->PK)
wolfSSL	4:1b0d80432c79	249	XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	250	list = (QSHScheme*)list->next;
wolfSSL	4:1b0d80432c79	251	XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	252	}
wolfSSL	4:1b0d80432c79	253
wolfSSL	4:1b0d80432c79	254	/* free secret buffers */
wolfSSL	4:1b0d80432c79	255	if (secret->SerSi) {
wolfSSL	4:1b0d80432c79	256	if (secret->SerSi->buffer) {
wolfSSL	4:1b0d80432c79	257	/* clear extra secret material that supplemented Master Secret*/
wolfSSL	4:1b0d80432c79	258	ForceZero(secret->SerSi->buffer, secret->SerSi->length);
wolfSSL	4:1b0d80432c79	259	XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	260	}
wolfSSL	4:1b0d80432c79	261	XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	262	}
wolfSSL	4:1b0d80432c79	263	if (secret->CliSi) {
wolfSSL	4:1b0d80432c79	264	if (secret->CliSi->buffer) {
wolfSSL	4:1b0d80432c79	265	/* clear extra secret material that supplemented Master Secret*/
wolfSSL	4:1b0d80432c79	266	ForceZero(secret->CliSi->buffer, secret->CliSi->length);
wolfSSL	4:1b0d80432c79	267	XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	268	}
wolfSSL	4:1b0d80432c79	269	XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	270	}
wolfSSL	4:1b0d80432c79	271	}
wolfSSL	4:1b0d80432c79	272	XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
wolfSSL	4:1b0d80432c79	273	secret = NULL;
wolfSSL	4:1b0d80432c79	274
wolfSSL	4:1b0d80432c79	275	return 0;
wolfSSL	4:1b0d80432c79	276	}
wolfSSL	4:1b0d80432c79	277	#endif
wolfSSL	4:1b0d80432c79	278
wolfSSL	4:1b0d80432c79	279
wolfSSL	4:1b0d80432c79	280	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	281	static WC_RNG* rng;
wolfSSL	4:1b0d80432c79	282	static wolfSSL_Mutex* rngMutex;
wolfSSL	4:1b0d80432c79	283
wolfSSL	4:1b0d80432c79	284	static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL	4:1b0d80432c79	285	{
wolfSSL	4:1b0d80432c79	286	int ret = 0;
wolfSSL	4:1b0d80432c79	287
wolfSSL	4:1b0d80432c79	288	if (rng == NULL) {
wolfSSL	4:1b0d80432c79	289	if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
wolfSSL	4:1b0d80432c79	290	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	291	return DRBG_OUT_OF_MEMORY;
wolfSSL	4:1b0d80432c79	292	wc_InitRng(rng);
wolfSSL	4:1b0d80432c79	293	}
wolfSSL	4:1b0d80432c79	294
wolfSSL	4:1b0d80432c79	295	if (rngMutex == NULL) {
wolfSSL	4:1b0d80432c79	296	if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
wolfSSL	4:1b0d80432c79	297	DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	4:1b0d80432c79	298	return DRBG_OUT_OF_MEMORY;
wolfSSL	4:1b0d80432c79	299	InitMutex(rngMutex);
wolfSSL	4:1b0d80432c79	300	}
wolfSSL	4:1b0d80432c79	301
wolfSSL	4:1b0d80432c79	302	ret \|= LockMutex(rngMutex);
wolfSSL	4:1b0d80432c79	303	ret \|= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL	4:1b0d80432c79	304	ret \|= UnLockMutex(rngMutex);
wolfSSL	4:1b0d80432c79	305
wolfSSL	4:1b0d80432c79	306	if (ret != 0)
wolfSSL	4:1b0d80432c79	307	return DRBG_ENTROPY_FAIL;
wolfSSL	4:1b0d80432c79	308
wolfSSL	4:1b0d80432c79	309	return DRBG_OK;
wolfSSL	4:1b0d80432c79	310	}
wolfSSL	4:1b0d80432c79	311	#endif /* HAVE_NTRU */
wolfSSL	4:1b0d80432c79	312
wolfSSL	4:1b0d80432c79	313	/* used by ssl.c too */
wolfSSL	4:1b0d80432c79	314	void c32to24(word32 in, word24 out)
wolfSSL	4:1b0d80432c79	315	{
wolfSSL	4:1b0d80432c79	316	out[0] = (in >> 16) & 0xff;
wolfSSL	4:1b0d80432c79	317	out[1] = (in >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	318	out[2] = in & 0xff;
wolfSSL	4:1b0d80432c79	319	}
wolfSSL	4:1b0d80432c79	320
wolfSSL	4:1b0d80432c79	321
wolfSSL	4:1b0d80432c79	322	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	323
wolfSSL	4:1b0d80432c79	324	static INLINE void c32to48(word32 in, byte out[6])
wolfSSL	4:1b0d80432c79	325	{
wolfSSL	4:1b0d80432c79	326	out[0] = 0;
wolfSSL	4:1b0d80432c79	327	out[1] = 0;
wolfSSL	4:1b0d80432c79	328	out[2] = (in >> 24) & 0xff;
wolfSSL	4:1b0d80432c79	329	out[3] = (in >> 16) & 0xff;
wolfSSL	4:1b0d80432c79	330	out[4] = (in >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	331	out[5] = in & 0xff;
wolfSSL	4:1b0d80432c79	332	}
wolfSSL	4:1b0d80432c79	333
wolfSSL	4:1b0d80432c79	334	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	335
wolfSSL	4:1b0d80432c79	336
wolfSSL	4:1b0d80432c79	337	/* convert 16 bit integer to opaque */
wolfSSL	4:1b0d80432c79	338	static INLINE void c16toa(word16 u16, byte* c)
wolfSSL	4:1b0d80432c79	339	{
wolfSSL	4:1b0d80432c79	340	c[0] = (u16 >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	341	c[1] = u16 & 0xff;
wolfSSL	4:1b0d80432c79	342	}
wolfSSL	4:1b0d80432c79	343
wolfSSL	4:1b0d80432c79	344
wolfSSL	4:1b0d80432c79	345	#if !defined(NO_OLD_TLS) \|\| defined(HAVE_CHACHA) \|\| defined(HAVE_AESCCM) \
wolfSSL	4:1b0d80432c79	346	\|\| defined(HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	347	/* convert 32 bit integer to opaque */
wolfSSL	4:1b0d80432c79	348	static INLINE void c32toa(word32 u32, byte* c)
wolfSSL	4:1b0d80432c79	349	{
wolfSSL	4:1b0d80432c79	350	c[0] = (u32 >> 24) & 0xff;
wolfSSL	4:1b0d80432c79	351	c[1] = (u32 >> 16) & 0xff;
wolfSSL	4:1b0d80432c79	352	c[2] = (u32 >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	353	c[3] = u32 & 0xff;
wolfSSL	4:1b0d80432c79	354	}
wolfSSL	4:1b0d80432c79	355	#endif
wolfSSL	4:1b0d80432c79	356
wolfSSL	4:1b0d80432c79	357
wolfSSL	4:1b0d80432c79	358	/* convert a 24 bit integer into a 32 bit one */
wolfSSL	4:1b0d80432c79	359	static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL	4:1b0d80432c79	360	{
wolfSSL	4:1b0d80432c79	361	*u32 = (u24[0] << 16) \| (u24[1] << 8) \| u24[2];
wolfSSL	4:1b0d80432c79	362	}
wolfSSL	4:1b0d80432c79	363
wolfSSL	4:1b0d80432c79	364
wolfSSL	4:1b0d80432c79	365	/* convert opaque to 16 bit integer */
wolfSSL	4:1b0d80432c79	366	static INLINE void ato16(const byte* c, word16* u16)
wolfSSL	4:1b0d80432c79	367	{
wolfSSL	4:1b0d80432c79	368	*u16 = (word16) ((c[0] << 8) \| (c[1]));
wolfSSL	4:1b0d80432c79	369	}
wolfSSL	4:1b0d80432c79	370
wolfSSL	4:1b0d80432c79	371
wolfSSL	4:1b0d80432c79	372	#if defined(WOLFSSL_DTLS) \|\| defined(HAVE_SESSION_TICKET)
wolfSSL	4:1b0d80432c79	373
wolfSSL	4:1b0d80432c79	374	/* convert opaque to 32 bit integer */
wolfSSL	4:1b0d80432c79	375	static INLINE void ato32(const byte* c, word32* u32)
wolfSSL	4:1b0d80432c79	376	{
wolfSSL	4:1b0d80432c79	377	*u32 = (c[0] << 24) \| (c[1] << 16) \| (c[2] << 8) \| c[3];
wolfSSL	4:1b0d80432c79	378	}
wolfSSL	4:1b0d80432c79	379
wolfSSL	4:1b0d80432c79	380	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	381
wolfSSL	4:1b0d80432c79	382
wolfSSL	4:1b0d80432c79	383	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	384
wolfSSL	4:1b0d80432c79	385	/* alloc user allocs to work with zlib */
wolfSSL	4:1b0d80432c79	386	static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL	4:1b0d80432c79	387	{
wolfSSL	4:1b0d80432c79	388	(void)opaque;
wolfSSL	4:1b0d80432c79	389	return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	4:1b0d80432c79	390	}
wolfSSL	4:1b0d80432c79	391
wolfSSL	4:1b0d80432c79	392
wolfSSL	4:1b0d80432c79	393	static void myFree(void* opaque, void* memory)
wolfSSL	4:1b0d80432c79	394	{
wolfSSL	4:1b0d80432c79	395	(void)opaque;
wolfSSL	4:1b0d80432c79	396	XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	4:1b0d80432c79	397	}
wolfSSL	4:1b0d80432c79	398
wolfSSL	4:1b0d80432c79	399
wolfSSL	4:1b0d80432c79	400	/* init zlib comp/decomp streams, 0 on success */
wolfSSL	4:1b0d80432c79	401	static int InitStreams(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	402	{
wolfSSL	4:1b0d80432c79	403	ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	4:1b0d80432c79	404	ssl->c_stream.zfree = (free_func)myFree;
wolfSSL	4:1b0d80432c79	405	ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL	4:1b0d80432c79	406
wolfSSL	4:1b0d80432c79	407	if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL	4:1b0d80432c79	408	return ZLIB_INIT_ERROR;
wolfSSL	4:1b0d80432c79	409
wolfSSL	4:1b0d80432c79	410	ssl->didStreamInit = 1;
wolfSSL	4:1b0d80432c79	411
wolfSSL	4:1b0d80432c79	412	ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	4:1b0d80432c79	413	ssl->d_stream.zfree = (free_func)myFree;
wolfSSL	4:1b0d80432c79	414	ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL	4:1b0d80432c79	415
wolfSSL	4:1b0d80432c79	416	if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL	4:1b0d80432c79	417
wolfSSL	4:1b0d80432c79	418	return 0;
wolfSSL	4:1b0d80432c79	419	}
wolfSSL	4:1b0d80432c79	420
wolfSSL	4:1b0d80432c79	421
wolfSSL	4:1b0d80432c79	422	static void FreeStreams(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	423	{
wolfSSL	4:1b0d80432c79	424	if (ssl->didStreamInit) {
wolfSSL	4:1b0d80432c79	425	deflateEnd(&ssl->c_stream);
wolfSSL	4:1b0d80432c79	426	inflateEnd(&ssl->d_stream);
wolfSSL	4:1b0d80432c79	427	}
wolfSSL	4:1b0d80432c79	428	}
wolfSSL	4:1b0d80432c79	429
wolfSSL	4:1b0d80432c79	430
wolfSSL	4:1b0d80432c79	431	/* compress in to out, return out size or error */
wolfSSL	4:1b0d80432c79	432	static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL	4:1b0d80432c79	433	{
wolfSSL	4:1b0d80432c79	434	int err;
wolfSSL	4:1b0d80432c79	435	int currTotal = (int)ssl->c_stream.total_out;
wolfSSL	4:1b0d80432c79	436
wolfSSL	4:1b0d80432c79	437	ssl->c_stream.next_in = in;
wolfSSL	4:1b0d80432c79	438	ssl->c_stream.avail_in = inSz;
wolfSSL	4:1b0d80432c79	439	ssl->c_stream.next_out = out;
wolfSSL	4:1b0d80432c79	440	ssl->c_stream.avail_out = outSz;
wolfSSL	4:1b0d80432c79	441
wolfSSL	4:1b0d80432c79	442	err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL	4:1b0d80432c79	443	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL	4:1b0d80432c79	444
wolfSSL	4:1b0d80432c79	445	return (int)ssl->c_stream.total_out - currTotal;
wolfSSL	4:1b0d80432c79	446	}
wolfSSL	4:1b0d80432c79	447
wolfSSL	4:1b0d80432c79	448
wolfSSL	4:1b0d80432c79	449	/* decompress in to out, return out size or error */
wolfSSL	4:1b0d80432c79	450	static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL	4:1b0d80432c79	451	{
wolfSSL	4:1b0d80432c79	452	int err;
wolfSSL	4:1b0d80432c79	453	int currTotal = (int)ssl->d_stream.total_out;
wolfSSL	4:1b0d80432c79	454
wolfSSL	4:1b0d80432c79	455	ssl->d_stream.next_in = in;
wolfSSL	4:1b0d80432c79	456	ssl->d_stream.avail_in = inSz;
wolfSSL	4:1b0d80432c79	457	ssl->d_stream.next_out = out;
wolfSSL	4:1b0d80432c79	458	ssl->d_stream.avail_out = outSz;
wolfSSL	4:1b0d80432c79	459
wolfSSL	4:1b0d80432c79	460	err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL	4:1b0d80432c79	461	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL	4:1b0d80432c79	462
wolfSSL	4:1b0d80432c79	463	return (int)ssl->d_stream.total_out - currTotal;
wolfSSL	4:1b0d80432c79	464	}
wolfSSL	4:1b0d80432c79	465
wolfSSL	4:1b0d80432c79	466	#endif /* HAVE_LIBZ */
wolfSSL	4:1b0d80432c79	467
wolfSSL	4:1b0d80432c79	468
wolfSSL	4:1b0d80432c79	469	void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
wolfSSL	4:1b0d80432c79	470	{
wolfSSL	4:1b0d80432c79	471	method->version = pv;
wolfSSL	4:1b0d80432c79	472	method->side = WOLFSSL_CLIENT_END;
wolfSSL	4:1b0d80432c79	473	method->downgrade = 0;
wolfSSL	4:1b0d80432c79	474	}
wolfSSL	4:1b0d80432c79	475
wolfSSL	4:1b0d80432c79	476
wolfSSL	4:1b0d80432c79	477	/* Initialize SSL context, return 0 on success */
wolfSSL	4:1b0d80432c79	478	int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
wolfSSL	4:1b0d80432c79	479	{
wolfSSL	4:1b0d80432c79	480	XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
wolfSSL	4:1b0d80432c79	481
wolfSSL	4:1b0d80432c79	482	ctx->method = method;
wolfSSL	4:1b0d80432c79	483	ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL	4:1b0d80432c79	484	ctx->heap = ctx; /* defaults to self */
wolfSSL	4:1b0d80432c79	485	ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
wolfSSL	4:1b0d80432c79	486	ctx->minDowngrade = TLSv1_MINOR; /* current default */
wolfSSL	4:1b0d80432c79	487
wolfSSL	4:1b0d80432c79	488	if (InitMutex(&ctx->countMutex) < 0) {
wolfSSL	4:1b0d80432c79	489	WOLFSSL_MSG("Mutex error on CTX init");
wolfSSL	4:1b0d80432c79	490	return BAD_MUTEX_E;
wolfSSL	4:1b0d80432c79	491	}
wolfSSL	4:1b0d80432c79	492
wolfSSL	4:1b0d80432c79	493	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	494	ctx->minDhKeySz = MIN_DHKEY_SZ;
wolfSSL	4:1b0d80432c79	495	#endif
wolfSSL	4:1b0d80432c79	496
wolfSSL	4:1b0d80432c79	497	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	498	ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL	4:1b0d80432c79	499	#endif
wolfSSL	4:1b0d80432c79	500
wolfSSL	4:1b0d80432c79	501	#ifndef WOLFSSL_USER_IO
wolfSSL	4:1b0d80432c79	502	ctx->CBIORecv = EmbedReceive;
wolfSSL	4:1b0d80432c79	503	ctx->CBIOSend = EmbedSend;
wolfSSL	4:1b0d80432c79	504	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	505	if (method->version.major == DTLS_MAJOR) {
wolfSSL	4:1b0d80432c79	506	ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL	4:1b0d80432c79	507	ctx->CBIOSend = EmbedSendTo;
wolfSSL	4:1b0d80432c79	508	}
wolfSSL	4:1b0d80432c79	509	#endif
wolfSSL	4:1b0d80432c79	510	#endif /* WOLFSSL_USER_IO */
wolfSSL	4:1b0d80432c79	511
wolfSSL	4:1b0d80432c79	512	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	513	ctx->CBIORecv = NetX_Receive;
wolfSSL	4:1b0d80432c79	514	ctx->CBIOSend = NetX_Send;
wolfSSL	4:1b0d80432c79	515	#endif
wolfSSL	4:1b0d80432c79	516
wolfSSL	4:1b0d80432c79	517	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	518	if (method->side == WOLFSSL_CLIENT_END)
wolfSSL	4:1b0d80432c79	519	ctx->haveNTRU = 1; /* always on cliet side */
wolfSSL	4:1b0d80432c79	520	/* server can turn on by loading key */
wolfSSL	4:1b0d80432c79	521	#endif
wolfSSL	4:1b0d80432c79	522	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	523	if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	524	ctx->haveECDSAsig = 1; /* always on cliet side */
wolfSSL	4:1b0d80432c79	525	ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL	4:1b0d80432c79	526	ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL	4:1b0d80432c79	527	}
wolfSSL	4:1b0d80432c79	528	#endif
wolfSSL	4:1b0d80432c79	529
wolfSSL	4:1b0d80432c79	530	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	531	ctx->devId = NO_CAVIUM_DEVICE;
wolfSSL	4:1b0d80432c79	532	#endif
wolfSSL	4:1b0d80432c79	533
wolfSSL	4:1b0d80432c79	534	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	535	ctx->cm = wolfSSL_CertManagerNew();
wolfSSL	4:1b0d80432c79	536	if (ctx->cm == NULL) {
wolfSSL	4:1b0d80432c79	537	WOLFSSL_MSG("Bad Cert Manager New");
wolfSSL	4:1b0d80432c79	538	return BAD_CERT_MANAGER_ERROR;
wolfSSL	4:1b0d80432c79	539	}
wolfSSL	4:1b0d80432c79	540	#endif
wolfSSL	4:1b0d80432c79	541
wolfSSL	4:1b0d80432c79	542	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	4:1b0d80432c79	543	ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
wolfSSL	4:1b0d80432c79	544	#endif
wolfSSL	4:1b0d80432c79	545
wolfSSL	4:1b0d80432c79	546	return 0;
wolfSSL	4:1b0d80432c79	547	}
wolfSSL	4:1b0d80432c79	548
wolfSSL	4:1b0d80432c79	549
wolfSSL	4:1b0d80432c79	550	/* In case contexts are held in array and don't want to free actual ctx */
wolfSSL	4:1b0d80432c79	551	void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL	4:1b0d80432c79	552	{
wolfSSL	4:1b0d80432c79	553	int i;
wolfSSL	4:1b0d80432c79	554
wolfSSL	4:1b0d80432c79	555	(void)i;
wolfSSL	4:1b0d80432c79	556
wolfSSL	4:1b0d80432c79	557	XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL	4:1b0d80432c79	558	if (ctx->suites)
wolfSSL	4:1b0d80432c79	559	XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	4:1b0d80432c79	560
wolfSSL	4:1b0d80432c79	561	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	562	XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	563	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	564	#endif
wolfSSL	4:1b0d80432c79	565
wolfSSL	4:1b0d80432c79	566	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	567	FreeDer(&ctx->privateKey);
wolfSSL	4:1b0d80432c79	568	FreeDer(&ctx->certificate);
wolfSSL	4:1b0d80432c79	569	FreeDer(&ctx->certChain);
wolfSSL	4:1b0d80432c79	570	wolfSSL_CertManagerFree(ctx->cm);
wolfSSL	4:1b0d80432c79	571	#endif
wolfSSL	4:1b0d80432c79	572
wolfSSL	4:1b0d80432c79	573	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	574	TLSX_FreeAll(ctx->extensions);
wolfSSL	4:1b0d80432c79	575
wolfSSL	4:1b0d80432c79	576	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	577
wolfSSL	4:1b0d80432c79	578	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	579	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	580	if (ctx->certOcspRequest) {
wolfSSL	4:1b0d80432c79	581	FreeOcspRequest(ctx->certOcspRequest);
wolfSSL	4:1b0d80432c79	582	XFREE(ctx->certOcspRequest, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	583	}
wolfSSL	4:1b0d80432c79	584	#endif
wolfSSL	4:1b0d80432c79	585
wolfSSL	4:1b0d80432c79	586	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	587	for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
wolfSSL	4:1b0d80432c79	588	if (ctx->chainOcspRequest[i]) {
wolfSSL	4:1b0d80432c79	589	FreeOcspRequest(ctx->chainOcspRequest[i]);
wolfSSL	4:1b0d80432c79	590	XFREE(ctx->chainOcspRequest[i], NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	591	}
wolfSSL	4:1b0d80432c79	592	}
wolfSSL	4:1b0d80432c79	593	#endif
wolfSSL	4:1b0d80432c79	594
wolfSSL	4:1b0d80432c79	595	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	596
wolfSSL	4:1b0d80432c79	597	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	4:1b0d80432c79	598	}
wolfSSL	4:1b0d80432c79	599
wolfSSL	4:1b0d80432c79	600
wolfSSL	4:1b0d80432c79	601	void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
wolfSSL	4:1b0d80432c79	602	{
wolfSSL	4:1b0d80432c79	603	int doFree = 0;
wolfSSL	4:1b0d80432c79	604
wolfSSL	4:1b0d80432c79	605	if (LockMutex(&ctx->countMutex) != 0) {
wolfSSL	4:1b0d80432c79	606	WOLFSSL_MSG("Couldn't lock count mutex");
wolfSSL	4:1b0d80432c79	607	return;
wolfSSL	4:1b0d80432c79	608	}
wolfSSL	4:1b0d80432c79	609	ctx->refCount--;
wolfSSL	4:1b0d80432c79	610	if (ctx->refCount == 0)
wolfSSL	4:1b0d80432c79	611	doFree = 1;
wolfSSL	4:1b0d80432c79	612	UnLockMutex(&ctx->countMutex);
wolfSSL	4:1b0d80432c79	613
wolfSSL	4:1b0d80432c79	614	if (doFree) {
wolfSSL	4:1b0d80432c79	615	WOLFSSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL	4:1b0d80432c79	616	SSL_CtxResourceFree(ctx);
wolfSSL	4:1b0d80432c79	617	FreeMutex(&ctx->countMutex);
wolfSSL	4:1b0d80432c79	618	XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL	4:1b0d80432c79	619	}
wolfSSL	4:1b0d80432c79	620	else {
wolfSSL	4:1b0d80432c79	621	(void)ctx;
wolfSSL	4:1b0d80432c79	622	WOLFSSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL	4:1b0d80432c79	623	}
wolfSSL	4:1b0d80432c79	624	}
wolfSSL	4:1b0d80432c79	625
wolfSSL	4:1b0d80432c79	626
wolfSSL	4:1b0d80432c79	627	/* Set cipher pointers to null */
wolfSSL	4:1b0d80432c79	628	void InitCiphers(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	629	{
wolfSSL	4:1b0d80432c79	630	#ifdef BUILD_ARC4
wolfSSL	4:1b0d80432c79	631	ssl->encrypt.arc4 = NULL;
wolfSSL	4:1b0d80432c79	632	ssl->decrypt.arc4 = NULL;
wolfSSL	4:1b0d80432c79	633	#endif
wolfSSL	4:1b0d80432c79	634	#ifdef BUILD_DES3
wolfSSL	4:1b0d80432c79	635	ssl->encrypt.des3 = NULL;
wolfSSL	4:1b0d80432c79	636	ssl->decrypt.des3 = NULL;
wolfSSL	4:1b0d80432c79	637	#endif
wolfSSL	4:1b0d80432c79	638	#ifdef BUILD_AES
wolfSSL	4:1b0d80432c79	639	ssl->encrypt.aes = NULL;
wolfSSL	4:1b0d80432c79	640	ssl->decrypt.aes = NULL;
wolfSSL	4:1b0d80432c79	641	#endif
wolfSSL	4:1b0d80432c79	642	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	643	ssl->encrypt.cam = NULL;
wolfSSL	4:1b0d80432c79	644	ssl->decrypt.cam = NULL;
wolfSSL	4:1b0d80432c79	645	#endif
wolfSSL	4:1b0d80432c79	646	#ifdef HAVE_HC128
wolfSSL	4:1b0d80432c79	647	ssl->encrypt.hc128 = NULL;
wolfSSL	4:1b0d80432c79	648	ssl->decrypt.hc128 = NULL;
wolfSSL	4:1b0d80432c79	649	#endif
wolfSSL	4:1b0d80432c79	650	#ifdef BUILD_RABBIT
wolfSSL	4:1b0d80432c79	651	ssl->encrypt.rabbit = NULL;
wolfSSL	4:1b0d80432c79	652	ssl->decrypt.rabbit = NULL;
wolfSSL	4:1b0d80432c79	653	#endif
wolfSSL	4:1b0d80432c79	654	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	655	ssl->encrypt.chacha = NULL;
wolfSSL	4:1b0d80432c79	656	ssl->decrypt.chacha = NULL;
wolfSSL	4:1b0d80432c79	657	#endif
wolfSSL	4:1b0d80432c79	658	#ifdef HAVE_POLY1305
wolfSSL	4:1b0d80432c79	659	ssl->auth.poly1305 = NULL;
wolfSSL	4:1b0d80432c79	660	#endif
wolfSSL	4:1b0d80432c79	661	ssl->encrypt.setup = 0;
wolfSSL	4:1b0d80432c79	662	ssl->decrypt.setup = 0;
wolfSSL	4:1b0d80432c79	663	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	4:1b0d80432c79	664	ssl->auth.setup = 0;
wolfSSL	4:1b0d80432c79	665	#endif
wolfSSL	4:1b0d80432c79	666	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	667	ssl->encrypt.idea = NULL;
wolfSSL	4:1b0d80432c79	668	ssl->decrypt.idea = NULL;
wolfSSL	4:1b0d80432c79	669	#endif
wolfSSL	4:1b0d80432c79	670	}
wolfSSL	4:1b0d80432c79	671
wolfSSL	4:1b0d80432c79	672
wolfSSL	4:1b0d80432c79	673	/* Free ciphers */
wolfSSL	4:1b0d80432c79	674	void FreeCiphers(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	675	{
wolfSSL	4:1b0d80432c79	676	(void)ssl;
wolfSSL	4:1b0d80432c79	677	#ifdef BUILD_ARC4
wolfSSL	4:1b0d80432c79	678	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	679	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	4:1b0d80432c79	680	wc_Arc4FreeCavium(ssl->encrypt.arc4);
wolfSSL	4:1b0d80432c79	681	wc_Arc4FreeCavium(ssl->decrypt.arc4);
wolfSSL	4:1b0d80432c79	682	}
wolfSSL	4:1b0d80432c79	683	#endif
wolfSSL	4:1b0d80432c79	684	XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	685	XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	686	#endif
wolfSSL	4:1b0d80432c79	687	#ifdef BUILD_DES3
wolfSSL	4:1b0d80432c79	688	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	689	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	4:1b0d80432c79	690	wc_Des3_FreeCavium(ssl->encrypt.des3);
wolfSSL	4:1b0d80432c79	691	wc_Des3_FreeCavium(ssl->decrypt.des3);
wolfSSL	4:1b0d80432c79	692	}
wolfSSL	4:1b0d80432c79	693	#endif
wolfSSL	4:1b0d80432c79	694	XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	695	XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	696	#endif
wolfSSL	4:1b0d80432c79	697	#ifdef BUILD_AES
wolfSSL	4:1b0d80432c79	698	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	699	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	4:1b0d80432c79	700	wc_AesFreeCavium(ssl->encrypt.aes);
wolfSSL	4:1b0d80432c79	701	wc_AesFreeCavium(ssl->decrypt.aes);
wolfSSL	4:1b0d80432c79	702	}
wolfSSL	4:1b0d80432c79	703	#endif
wolfSSL	4:1b0d80432c79	704	XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	705	XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	706	#endif
wolfSSL	4:1b0d80432c79	707	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	708	XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	709	XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	710	#endif
wolfSSL	4:1b0d80432c79	711	#ifdef HAVE_HC128
wolfSSL	4:1b0d80432c79	712	XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	713	XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	714	#endif
wolfSSL	4:1b0d80432c79	715	#ifdef BUILD_RABBIT
wolfSSL	4:1b0d80432c79	716	XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	717	XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	718	#endif
wolfSSL	4:1b0d80432c79	719	#ifdef HAVE_CHACHA
wolfSSL	4:1b0d80432c79	720	XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	721	XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	722	#endif
wolfSSL	4:1b0d80432c79	723	#ifdef HAVE_POLY1305
wolfSSL	4:1b0d80432c79	724	XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	725	#endif
wolfSSL	4:1b0d80432c79	726	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	727	XFREE(ssl->encrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	728	XFREE(ssl->decrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	4:1b0d80432c79	729	#endif
wolfSSL	4:1b0d80432c79	730	}
wolfSSL	4:1b0d80432c79	731
wolfSSL	4:1b0d80432c79	732
wolfSSL	4:1b0d80432c79	733	void InitCipherSpecs(CipherSpecs* cs)
wolfSSL	4:1b0d80432c79	734	{
wolfSSL	4:1b0d80432c79	735	cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL	4:1b0d80432c79	736	cs->cipher_type = INVALID_BYTE;
wolfSSL	4:1b0d80432c79	737	cs->mac_algorithm = INVALID_BYTE;
wolfSSL	4:1b0d80432c79	738	cs->kea = INVALID_BYTE;
wolfSSL	4:1b0d80432c79	739	cs->sig_algo = INVALID_BYTE;
wolfSSL	4:1b0d80432c79	740
wolfSSL	4:1b0d80432c79	741	cs->hash_size = 0;
wolfSSL	4:1b0d80432c79	742	cs->static_ecdh = 0;
wolfSSL	4:1b0d80432c79	743	cs->key_size = 0;
wolfSSL	4:1b0d80432c79	744	cs->iv_size = 0;
wolfSSL	4:1b0d80432c79	745	cs->block_size = 0;
wolfSSL	4:1b0d80432c79	746	}
wolfSSL	4:1b0d80432c79	747
wolfSSL	4:1b0d80432c79	748	static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
wolfSSL	4:1b0d80432c79	749	int haveRSAsig, int haveAnon)
wolfSSL	4:1b0d80432c79	750	{
wolfSSL	4:1b0d80432c79	751	int idx = 0;
wolfSSL	4:1b0d80432c79	752
wolfSSL	4:1b0d80432c79	753	if (haveECDSAsig) {
wolfSSL	4:1b0d80432c79	754	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	755	suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL	4:1b0d80432c79	756	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	4:1b0d80432c79	757	#endif
wolfSSL	4:1b0d80432c79	758	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	759	suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	4:1b0d80432c79	760	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	4:1b0d80432c79	761	#endif
wolfSSL	4:1b0d80432c79	762	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	763	suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	4:1b0d80432c79	764	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	4:1b0d80432c79	765	#endif
wolfSSL	4:1b0d80432c79	766	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	767	suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL	4:1b0d80432c79	768	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	4:1b0d80432c79	769	#endif
wolfSSL	4:1b0d80432c79	770	}
wolfSSL	4:1b0d80432c79	771
wolfSSL	4:1b0d80432c79	772	if (haveRSAsig) {
wolfSSL	4:1b0d80432c79	773	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	774	suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL	4:1b0d80432c79	775	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	4:1b0d80432c79	776	#endif
wolfSSL	4:1b0d80432c79	777	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	778	suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	4:1b0d80432c79	779	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	4:1b0d80432c79	780	#endif
wolfSSL	4:1b0d80432c79	781	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	782	suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	4:1b0d80432c79	783	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	4:1b0d80432c79	784	#endif
wolfSSL	4:1b0d80432c79	785	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	786	suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL	4:1b0d80432c79	787	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	4:1b0d80432c79	788	#endif
wolfSSL	4:1b0d80432c79	789	}
wolfSSL	4:1b0d80432c79	790
wolfSSL	4:1b0d80432c79	791	if (haveAnon) {
wolfSSL	4:1b0d80432c79	792	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	793	suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL	4:1b0d80432c79	794	suites->hashSigAlgo[idx++] = anonymous_sa_algo;
wolfSSL	4:1b0d80432c79	795	#endif
wolfSSL	4:1b0d80432c79	796	}
wolfSSL	4:1b0d80432c79	797
wolfSSL	4:1b0d80432c79	798	suites->hashSigAlgoSz = (word16)idx;
wolfSSL	4:1b0d80432c79	799	}
wolfSSL	4:1b0d80432c79	800
wolfSSL	4:1b0d80432c79	801	void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
wolfSSL	4:1b0d80432c79	802	word16 havePSK, word16 haveDH, word16 haveNTRU,
wolfSSL	4:1b0d80432c79	803	word16 haveECDSAsig, word16 haveECC,
wolfSSL	4:1b0d80432c79	804	word16 haveStaticECC, int side)
wolfSSL	4:1b0d80432c79	805	{
wolfSSL	4:1b0d80432c79	806	word16 idx = 0;
wolfSSL	4:1b0d80432c79	807	int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL	4:1b0d80432c79	808	int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL	4:1b0d80432c79	809	int dtls = 0;
wolfSSL	4:1b0d80432c79	810	int haveRSAsig = 1;
wolfSSL	4:1b0d80432c79	811
wolfSSL	4:1b0d80432c79	812	(void)tls; /* shut up compiler */
wolfSSL	4:1b0d80432c79	813	(void)tls1_2;
wolfSSL	4:1b0d80432c79	814	(void)dtls;
wolfSSL	4:1b0d80432c79	815	(void)haveDH;
wolfSSL	4:1b0d80432c79	816	(void)havePSK;
wolfSSL	4:1b0d80432c79	817	(void)haveNTRU;
wolfSSL	4:1b0d80432c79	818	(void)haveStaticECC;
wolfSSL	4:1b0d80432c79	819	(void)haveECC;
wolfSSL	4:1b0d80432c79	820
wolfSSL	4:1b0d80432c79	821	if (suites == NULL) {
wolfSSL	4:1b0d80432c79	822	WOLFSSL_MSG("InitSuites pointer error");
wolfSSL	4:1b0d80432c79	823	return;
wolfSSL	4:1b0d80432c79	824	}
wolfSSL	4:1b0d80432c79	825
wolfSSL	4:1b0d80432c79	826	if (suites->setSuites)
wolfSSL	4:1b0d80432c79	827	return; /* trust user settings, don't override */
wolfSSL	4:1b0d80432c79	828
wolfSSL	4:1b0d80432c79	829	if (side == WOLFSSL_SERVER_END && haveStaticECC) {
wolfSSL	4:1b0d80432c79	830	haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL	4:1b0d80432c79	831	(void)haveRSA; /* some builds won't read */
wolfSSL	4:1b0d80432c79	832	}
wolfSSL	4:1b0d80432c79	833
wolfSSL	4:1b0d80432c79	834	if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
wolfSSL	4:1b0d80432c79	835	haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL	4:1b0d80432c79	836	(void)haveRSAsig; /* non ecc builds won't read */
wolfSSL	4:1b0d80432c79	837	}
wolfSSL	4:1b0d80432c79	838
wolfSSL	4:1b0d80432c79	839	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	840	if (pv.major == DTLS_MAJOR) {
wolfSSL	4:1b0d80432c79	841	dtls = 1;
wolfSSL	4:1b0d80432c79	842	tls = 1;
wolfSSL	4:1b0d80432c79	843	/* May be dead assignments dependant upon configuration */
wolfSSL	4:1b0d80432c79	844	(void) dtls;
wolfSSL	4:1b0d80432c79	845	(void) tls;
wolfSSL	4:1b0d80432c79	846	tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL	4:1b0d80432c79	847	}
wolfSSL	4:1b0d80432c79	848	#endif
wolfSSL	4:1b0d80432c79	849
wolfSSL	4:1b0d80432c79	850	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	4:1b0d80432c79	851	if (side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	852	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	853	suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL	4:1b0d80432c79	854	}
wolfSSL	4:1b0d80432c79	855	#endif
wolfSSL	4:1b0d80432c79	856
wolfSSL	4:1b0d80432c79	857	#ifdef BUILD_TLS_QSH
wolfSSL	4:1b0d80432c79	858	if (tls) {
wolfSSL	4:1b0d80432c79	859	suites->suites[idx++] = QSH_BYTE;
wolfSSL	4:1b0d80432c79	860	suites->suites[idx++] = TLS_QSH;
wolfSSL	4:1b0d80432c79	861	}
wolfSSL	4:1b0d80432c79	862	#endif
wolfSSL	4:1b0d80432c79	863
wolfSSL	4:1b0d80432c79	864	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	865	if (tls && haveNTRU && haveRSA) {
wolfSSL	4:1b0d80432c79	866	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	867	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	868	}
wolfSSL	4:1b0d80432c79	869	#endif
wolfSSL	4:1b0d80432c79	870
wolfSSL	4:1b0d80432c79	871	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	872	if (tls && haveNTRU && haveRSA) {
wolfSSL	4:1b0d80432c79	873	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	874	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	875	}
wolfSSL	4:1b0d80432c79	876	#endif
wolfSSL	4:1b0d80432c79	877
wolfSSL	4:1b0d80432c79	878	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	879	if (!dtls && tls && haveNTRU && haveRSA) {
wolfSSL	4:1b0d80432c79	880	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	881	suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	882	}
wolfSSL	4:1b0d80432c79	883	#endif
wolfSSL	4:1b0d80432c79	884
wolfSSL	4:1b0d80432c79	885	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	886	if (tls && haveNTRU && haveRSA) {
wolfSSL	4:1b0d80432c79	887	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	888	suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	889	}
wolfSSL	4:1b0d80432c79	890	#endif
wolfSSL	4:1b0d80432c79	891
wolfSSL	4:1b0d80432c79	892	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	893	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	894	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	895	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	896	}
wolfSSL	4:1b0d80432c79	897	#endif
wolfSSL	4:1b0d80432c79	898
wolfSSL	4:1b0d80432c79	899	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	900	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	901	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	902	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	903	}
wolfSSL	4:1b0d80432c79	904	#endif
wolfSSL	4:1b0d80432c79	905
wolfSSL	4:1b0d80432c79	906	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	907	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	908	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	909	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	910	}
wolfSSL	4:1b0d80432c79	911	#endif
wolfSSL	4:1b0d80432c79	912
wolfSSL	4:1b0d80432c79	913	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	914	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	915	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	916	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	917	}
wolfSSL	4:1b0d80432c79	918	#endif
wolfSSL	4:1b0d80432c79	919
wolfSSL	4:1b0d80432c79	920	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	921	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	922	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	923	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	924	}
wolfSSL	4:1b0d80432c79	925	#endif
wolfSSL	4:1b0d80432c79	926
wolfSSL	4:1b0d80432c79	927	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	928	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	929	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	930	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	931	}
wolfSSL	4:1b0d80432c79	932	#endif
wolfSSL	4:1b0d80432c79	933
wolfSSL	4:1b0d80432c79	934	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	935	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	936	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	937	suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	938	}
wolfSSL	4:1b0d80432c79	939	#endif
wolfSSL	4:1b0d80432c79	940
wolfSSL	4:1b0d80432c79	941	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	942	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	943	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	944	suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	945	}
wolfSSL	4:1b0d80432c79	946	#endif
wolfSSL	4:1b0d80432c79	947
wolfSSL	4:1b0d80432c79	948	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	949	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	950	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	951	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	952	}
wolfSSL	4:1b0d80432c79	953	#endif
wolfSSL	4:1b0d80432c79	954
wolfSSL	4:1b0d80432c79	955	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	956	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	957	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	958	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	959	}
wolfSSL	4:1b0d80432c79	960	#endif
wolfSSL	4:1b0d80432c79	961
wolfSSL	4:1b0d80432c79	962	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	963	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	964	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	965	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	966	}
wolfSSL	4:1b0d80432c79	967	#endif
wolfSSL	4:1b0d80432c79	968
wolfSSL	4:1b0d80432c79	969	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	970	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	971	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	972	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	973	}
wolfSSL	4:1b0d80432c79	974	#endif
wolfSSL	4:1b0d80432c79	975
wolfSSL	4:1b0d80432c79	976	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	977	if (tls1_2 && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	978	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	979	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	980	}
wolfSSL	4:1b0d80432c79	981	#endif
wolfSSL	4:1b0d80432c79	982
wolfSSL	4:1b0d80432c79	983	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	984	if (tls1_2 && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	985	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	986	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	987	}
wolfSSL	4:1b0d80432c79	988	#endif
wolfSSL	4:1b0d80432c79	989
wolfSSL	4:1b0d80432c79	990	#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	991	if (tls1_2 && havePSK) {
wolfSSL	4:1b0d80432c79	992	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	993	suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL	4:1b0d80432c79	994	}
wolfSSL	4:1b0d80432c79	995	#endif
wolfSSL	4:1b0d80432c79	996
wolfSSL	4:1b0d80432c79	997	#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	998	if (tls1_2 && havePSK) {
wolfSSL	4:1b0d80432c79	999	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1000	suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL	4:1b0d80432c79	1001	}
wolfSSL	4:1b0d80432c79	1002	#endif
wolfSSL	4:1b0d80432c79	1003
wolfSSL	4:1b0d80432c79	1004	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1005	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1006	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1007	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1008	}
wolfSSL	4:1b0d80432c79	1009	#endif
wolfSSL	4:1b0d80432c79	1010
wolfSSL	4:1b0d80432c79	1011	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1012	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1013	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1014	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1015	}
wolfSSL	4:1b0d80432c79	1016	#endif
wolfSSL	4:1b0d80432c79	1017
wolfSSL	4:1b0d80432c79	1018	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1019	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1020	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1021	suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1022	}
wolfSSL	4:1b0d80432c79	1023	#endif
wolfSSL	4:1b0d80432c79	1024
wolfSSL	4:1b0d80432c79	1025	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1026	if (tls1_2 && haveRSAsig) {
wolfSSL	4:1b0d80432c79	1027	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1028	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1029	}
wolfSSL	4:1b0d80432c79	1030	#endif
wolfSSL	4:1b0d80432c79	1031
wolfSSL	4:1b0d80432c79	1032	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1033	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1034	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1035	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1036	}
wolfSSL	4:1b0d80432c79	1037	#endif
wolfSSL	4:1b0d80432c79	1038
wolfSSL	4:1b0d80432c79	1039	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1040	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1041	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1042	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1043	}
wolfSSL	4:1b0d80432c79	1044	#endif
wolfSSL	4:1b0d80432c79	1045
wolfSSL	4:1b0d80432c79	1046	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1047	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1048	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1049	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1050	}
wolfSSL	4:1b0d80432c79	1051	#endif
wolfSSL	4:1b0d80432c79	1052
wolfSSL	4:1b0d80432c79	1053	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1054	if (tls1_2 && haveRSAsig) {
wolfSSL	4:1b0d80432c79	1055	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1056	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1057	}
wolfSSL	4:1b0d80432c79	1058	#endif
wolfSSL	4:1b0d80432c79	1059
wolfSSL	4:1b0d80432c79	1060	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1061	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1062	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1063	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1064	}
wolfSSL	4:1b0d80432c79	1065	#endif
wolfSSL	4:1b0d80432c79	1066
wolfSSL	4:1b0d80432c79	1067	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1068	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1069	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1070	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1071	}
wolfSSL	4:1b0d80432c79	1072	#endif
wolfSSL	4:1b0d80432c79	1073
wolfSSL	4:1b0d80432c79	1074	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1075	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1076	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1077	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1078	}
wolfSSL	4:1b0d80432c79	1079	#endif
wolfSSL	4:1b0d80432c79	1080
wolfSSL	4:1b0d80432c79	1081	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1082	if (tls && haveECC) {
wolfSSL	4:1b0d80432c79	1083	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1084	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1085	}
wolfSSL	4:1b0d80432c79	1086	#endif
wolfSSL	4:1b0d80432c79	1087
wolfSSL	4:1b0d80432c79	1088	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1089	if (tls && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1090	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1091	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1092	}
wolfSSL	4:1b0d80432c79	1093	#endif
wolfSSL	4:1b0d80432c79	1094
wolfSSL	4:1b0d80432c79	1095	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1096	if (tls && haveECC) {
wolfSSL	4:1b0d80432c79	1097	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1098	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1099	}
wolfSSL	4:1b0d80432c79	1100	#endif
wolfSSL	4:1b0d80432c79	1101
wolfSSL	4:1b0d80432c79	1102	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1103	if (tls && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1104	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1105	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1106	}
wolfSSL	4:1b0d80432c79	1107	#endif
wolfSSL	4:1b0d80432c79	1108
wolfSSL	4:1b0d80432c79	1109	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	1110	if (!dtls && tls && haveECC) {
wolfSSL	4:1b0d80432c79	1111	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1112	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	1113	}
wolfSSL	4:1b0d80432c79	1114	#endif
wolfSSL	4:1b0d80432c79	1115
wolfSSL	4:1b0d80432c79	1116	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	1117	if (!dtls && tls && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1118	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1119	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	1120	}
wolfSSL	4:1b0d80432c79	1121	#endif
wolfSSL	4:1b0d80432c79	1122
wolfSSL	4:1b0d80432c79	1123	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	1124	if (tls && haveECC) {
wolfSSL	4:1b0d80432c79	1125	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1126	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	1127	}
wolfSSL	4:1b0d80432c79	1128	#endif
wolfSSL	4:1b0d80432c79	1129
wolfSSL	4:1b0d80432c79	1130	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	1131	if (tls && haveECC && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1132	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1133	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	1134	}
wolfSSL	4:1b0d80432c79	1135	#endif
wolfSSL	4:1b0d80432c79	1136
wolfSSL	4:1b0d80432c79	1137	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1138	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1139	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1140	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1141	}
wolfSSL	4:1b0d80432c79	1142	#endif
wolfSSL	4:1b0d80432c79	1143
wolfSSL	4:1b0d80432c79	1144	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1145	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1146	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1147	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1148	}
wolfSSL	4:1b0d80432c79	1149	#endif
wolfSSL	4:1b0d80432c79	1150
wolfSSL	4:1b0d80432c79	1151	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1152	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1153	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1154	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1155	}
wolfSSL	4:1b0d80432c79	1156	#endif
wolfSSL	4:1b0d80432c79	1157
wolfSSL	4:1b0d80432c79	1158	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1159	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1160	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1161	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1162	}
wolfSSL	4:1b0d80432c79	1163	#endif
wolfSSL	4:1b0d80432c79	1164
wolfSSL	4:1b0d80432c79	1165	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	1166	if (!dtls && tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1167	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1168	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	1169	}
wolfSSL	4:1b0d80432c79	1170	#endif
wolfSSL	4:1b0d80432c79	1171
wolfSSL	4:1b0d80432c79	1172	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	1173	if (!dtls && tls && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1174	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1175	suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	1176	}
wolfSSL	4:1b0d80432c79	1177	#endif
wolfSSL	4:1b0d80432c79	1178
wolfSSL	4:1b0d80432c79	1179	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	1180	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1181	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1182	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	1183	}
wolfSSL	4:1b0d80432c79	1184	#endif
wolfSSL	4:1b0d80432c79	1185
wolfSSL	4:1b0d80432c79	1186	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	1187	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	4:1b0d80432c79	1188	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1189	suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	1190	}
wolfSSL	4:1b0d80432c79	1191	#endif
wolfSSL	4:1b0d80432c79	1192
wolfSSL	4:1b0d80432c79	1193	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	1194	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1195	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1196	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL	4:1b0d80432c79	1197	}
wolfSSL	4:1b0d80432c79	1198	#endif
wolfSSL	4:1b0d80432c79	1199
wolfSSL	4:1b0d80432c79	1200	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	1201	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1202	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1203	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL	4:1b0d80432c79	1204	}
wolfSSL	4:1b0d80432c79	1205	#endif
wolfSSL	4:1b0d80432c79	1206
wolfSSL	4:1b0d80432c79	1207	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	1208	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1209	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1210	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL	4:1b0d80432c79	1211	}
wolfSSL	4:1b0d80432c79	1212	#endif
wolfSSL	4:1b0d80432c79	1213
wolfSSL	4:1b0d80432c79	1214	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	1215	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1216	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1217	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL	4:1b0d80432c79	1218	}
wolfSSL	4:1b0d80432c79	1219	#endif
wolfSSL	4:1b0d80432c79	1220
wolfSSL	4:1b0d80432c79	1221	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	1222	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1223	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1224	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1225	}
wolfSSL	4:1b0d80432c79	1226	#endif
wolfSSL	4:1b0d80432c79	1227
wolfSSL	4:1b0d80432c79	1228	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1229	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1230	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1231	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1232	}
wolfSSL	4:1b0d80432c79	1233	#endif
wolfSSL	4:1b0d80432c79	1234
wolfSSL	4:1b0d80432c79	1235	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1236	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1237	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1238	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1239	}
wolfSSL	4:1b0d80432c79	1240	#endif
wolfSSL	4:1b0d80432c79	1241
wolfSSL	4:1b0d80432c79	1242	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1243	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1244	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1245	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1246	}
wolfSSL	4:1b0d80432c79	1247	#endif
wolfSSL	4:1b0d80432c79	1248
wolfSSL	4:1b0d80432c79	1249	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	1250	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1251	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1252	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1253	}
wolfSSL	4:1b0d80432c79	1254	#endif
wolfSSL	4:1b0d80432c79	1255
wolfSSL	4:1b0d80432c79	1256	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1257	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1258	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1259	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1260	}
wolfSSL	4:1b0d80432c79	1261	#endif
wolfSSL	4:1b0d80432c79	1262
wolfSSL	4:1b0d80432c79	1263	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1264	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1265	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1266	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1267	}
wolfSSL	4:1b0d80432c79	1268	#endif
wolfSSL	4:1b0d80432c79	1269
wolfSSL	4:1b0d80432c79	1270	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1271	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1272	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1273	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1274	}
wolfSSL	4:1b0d80432c79	1275	#endif
wolfSSL	4:1b0d80432c79	1276
wolfSSL	4:1b0d80432c79	1277	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1278	if (tls1_2 && haveECC) {
wolfSSL	4:1b0d80432c79	1279	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1280	suites->suites[idx++] =
wolfSSL	4:1b0d80432c79	1281	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1282	}
wolfSSL	4:1b0d80432c79	1283	#endif
wolfSSL	4:1b0d80432c79	1284
wolfSSL	4:1b0d80432c79	1285	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1286	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1287	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1288	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1289	}
wolfSSL	4:1b0d80432c79	1290	#endif
wolfSSL	4:1b0d80432c79	1291
wolfSSL	4:1b0d80432c79	1292	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1293	if (tls1_2 && haveRSA) {
wolfSSL	4:1b0d80432c79	1294	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1295	suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1296	}
wolfSSL	4:1b0d80432c79	1297	#endif
wolfSSL	4:1b0d80432c79	1298
wolfSSL	4:1b0d80432c79	1299	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	1300	if (tls && haveECC) {
wolfSSL	4:1b0d80432c79	1301	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1302	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
wolfSSL	4:1b0d80432c79	1303	}
wolfSSL	4:1b0d80432c79	1304	#endif
wolfSSL	4:1b0d80432c79	1305
wolfSSL	4:1b0d80432c79	1306	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	1307	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1308	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1309	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL	4:1b0d80432c79	1310	}
wolfSSL	4:1b0d80432c79	1311	#endif
wolfSSL	4:1b0d80432c79	1312
wolfSSL	4:1b0d80432c79	1313	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	1314	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1315	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1316	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL	4:1b0d80432c79	1317	}
wolfSSL	4:1b0d80432c79	1318	#endif
wolfSSL	4:1b0d80432c79	1319
wolfSSL	4:1b0d80432c79	1320	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1321	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1322	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1323	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1324	}
wolfSSL	4:1b0d80432c79	1325	#endif
wolfSSL	4:1b0d80432c79	1326
wolfSSL	4:1b0d80432c79	1327	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1328	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1329	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1330	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1331	}
wolfSSL	4:1b0d80432c79	1332	#endif
wolfSSL	4:1b0d80432c79	1333
wolfSSL	4:1b0d80432c79	1334	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	1335	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1336	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1337	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL	4:1b0d80432c79	1338	}
wolfSSL	4:1b0d80432c79	1339	#endif
wolfSSL	4:1b0d80432c79	1340
wolfSSL	4:1b0d80432c79	1341	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1342	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1343	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1344	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1345	}
wolfSSL	4:1b0d80432c79	1346	#endif
wolfSSL	4:1b0d80432c79	1347
wolfSSL	4:1b0d80432c79	1348	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1349	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1350	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1351	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1352	}
wolfSSL	4:1b0d80432c79	1353	#endif
wolfSSL	4:1b0d80432c79	1354
wolfSSL	4:1b0d80432c79	1355	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1356	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1357	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1358	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1359	}
wolfSSL	4:1b0d80432c79	1360	#endif
wolfSSL	4:1b0d80432c79	1361
wolfSSL	4:1b0d80432c79	1362	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	1363	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1364	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1365	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
wolfSSL	4:1b0d80432c79	1366	}
wolfSSL	4:1b0d80432c79	1367	#endif
wolfSSL	4:1b0d80432c79	1368
wolfSSL	4:1b0d80432c79	1369	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	1370	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1371	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1372	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
wolfSSL	4:1b0d80432c79	1373	}
wolfSSL	4:1b0d80432c79	1374	#endif
wolfSSL	4:1b0d80432c79	1375
wolfSSL	4:1b0d80432c79	1376	#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1377	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1378	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1379	suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1380	}
wolfSSL	4:1b0d80432c79	1381	#endif
wolfSSL	4:1b0d80432c79	1382
wolfSSL	4:1b0d80432c79	1383	#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1384	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1385	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1386	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1387	}
wolfSSL	4:1b0d80432c79	1388	#endif
wolfSSL	4:1b0d80432c79	1389
wolfSSL	4:1b0d80432c79	1390	#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	1391	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1392	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	4:1b0d80432c79	1393	suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	4:1b0d80432c79	1394	}
wolfSSL	4:1b0d80432c79	1395	#endif
wolfSSL	4:1b0d80432c79	1396
wolfSSL	4:1b0d80432c79	1397	#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1398	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1399	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1400	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1401	}
wolfSSL	4:1b0d80432c79	1402	#endif
wolfSSL	4:1b0d80432c79	1403
wolfSSL	4:1b0d80432c79	1404	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	1405	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1406	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1407	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
wolfSSL	4:1b0d80432c79	1408	}
wolfSSL	4:1b0d80432c79	1409	#endif
wolfSSL	4:1b0d80432c79	1410
wolfSSL	4:1b0d80432c79	1411	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	1412	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1413	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1414	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
wolfSSL	4:1b0d80432c79	1415	}
wolfSSL	4:1b0d80432c79	1416	#endif
wolfSSL	4:1b0d80432c79	1417
wolfSSL	4:1b0d80432c79	1418	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	1419	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1420	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1421	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL	4:1b0d80432c79	1422	}
wolfSSL	4:1b0d80432c79	1423	#endif
wolfSSL	4:1b0d80432c79	1424
wolfSSL	4:1b0d80432c79	1425	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	1426	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1427	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1428	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL	4:1b0d80432c79	1429	}
wolfSSL	4:1b0d80432c79	1430	#endif
wolfSSL	4:1b0d80432c79	1431
wolfSSL	4:1b0d80432c79	1432	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	1433	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1434	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1435	suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
wolfSSL	4:1b0d80432c79	1436	}
wolfSSL	4:1b0d80432c79	1437	#endif
wolfSSL	4:1b0d80432c79	1438
wolfSSL	4:1b0d80432c79	1439	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	1440	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1441	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1442	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
wolfSSL	4:1b0d80432c79	1443	}
wolfSSL	4:1b0d80432c79	1444	#endif
wolfSSL	4:1b0d80432c79	1445
wolfSSL	4:1b0d80432c79	1446	#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	1447	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1448	suites->suites[idx++] = ECC_BYTE;
wolfSSL	4:1b0d80432c79	1449	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
wolfSSL	4:1b0d80432c79	1450	}
wolfSSL	4:1b0d80432c79	1451	#endif
wolfSSL	4:1b0d80432c79	1452
wolfSSL	4:1b0d80432c79	1453	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	1454	if (tls && haveDH && havePSK) {
wolfSSL	4:1b0d80432c79	1455	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1456	suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
wolfSSL	4:1b0d80432c79	1457	}
wolfSSL	4:1b0d80432c79	1458	#endif
wolfSSL	4:1b0d80432c79	1459
wolfSSL	4:1b0d80432c79	1460	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	1461	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1462	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1463	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL	4:1b0d80432c79	1464	}
wolfSSL	4:1b0d80432c79	1465	#endif
wolfSSL	4:1b0d80432c79	1466
wolfSSL	4:1b0d80432c79	1467	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	1468	if (tls && havePSK) {
wolfSSL	4:1b0d80432c79	1469	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1470	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL	4:1b0d80432c79	1471	}
wolfSSL	4:1b0d80432c79	1472	#endif
wolfSSL	4:1b0d80432c79	1473
wolfSSL	4:1b0d80432c79	1474	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	1475	if (!dtls && haveRSA) {
wolfSSL	4:1b0d80432c79	1476	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1477	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL	4:1b0d80432c79	1478	}
wolfSSL	4:1b0d80432c79	1479	#endif
wolfSSL	4:1b0d80432c79	1480
wolfSSL	4:1b0d80432c79	1481	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	4:1b0d80432c79	1482	if (!dtls && haveRSA) {
wolfSSL	4:1b0d80432c79	1483	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1484	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL	4:1b0d80432c79	1485	}
wolfSSL	4:1b0d80432c79	1486	#endif
wolfSSL	4:1b0d80432c79	1487
wolfSSL	4:1b0d80432c79	1488	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	1489	if (haveRSA ) {
wolfSSL	4:1b0d80432c79	1490	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1491	suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	4:1b0d80432c79	1492	}
wolfSSL	4:1b0d80432c79	1493	#endif
wolfSSL	4:1b0d80432c79	1494
wolfSSL	4:1b0d80432c79	1495	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	4:1b0d80432c79	1496	if (!dtls && tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1497	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1498	suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL	4:1b0d80432c79	1499	}
wolfSSL	4:1b0d80432c79	1500	#endif
wolfSSL	4:1b0d80432c79	1501
wolfSSL	4:1b0d80432c79	1502	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	4:1b0d80432c79	1503	if (!dtls && tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1504	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1505	suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL	4:1b0d80432c79	1506	}
wolfSSL	4:1b0d80432c79	1507	#endif
wolfSSL	4:1b0d80432c79	1508
wolfSSL	4:1b0d80432c79	1509	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	4:1b0d80432c79	1510	if (!dtls && tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1511	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1512	suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
wolfSSL	4:1b0d80432c79	1513	}
wolfSSL	4:1b0d80432c79	1514	#endif
wolfSSL	4:1b0d80432c79	1515
wolfSSL	4:1b0d80432c79	1516	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	4:1b0d80432c79	1517	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1518	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1519	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
wolfSSL	4:1b0d80432c79	1520	}
wolfSSL	4:1b0d80432c79	1521	#endif
wolfSSL	4:1b0d80432c79	1522
wolfSSL	4:1b0d80432c79	1523	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	4:1b0d80432c79	1524	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1525	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1526	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
wolfSSL	4:1b0d80432c79	1527	}
wolfSSL	4:1b0d80432c79	1528	#endif
wolfSSL	4:1b0d80432c79	1529
wolfSSL	4:1b0d80432c79	1530	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	4:1b0d80432c79	1531	if (!dtls && tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1532	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1533	suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL	4:1b0d80432c79	1534	}
wolfSSL	4:1b0d80432c79	1535	#endif
wolfSSL	4:1b0d80432c79	1536
wolfSSL	4:1b0d80432c79	1537	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1538	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1539	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1540	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1541	}
wolfSSL	4:1b0d80432c79	1542	#endif
wolfSSL	4:1b0d80432c79	1543
wolfSSL	4:1b0d80432c79	1544	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	1545	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1546	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1547	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	4:1b0d80432c79	1548	}
wolfSSL	4:1b0d80432c79	1549	#endif
wolfSSL	4:1b0d80432c79	1550
wolfSSL	4:1b0d80432c79	1551	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1552	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1553	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1554	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1555	}
wolfSSL	4:1b0d80432c79	1556	#endif
wolfSSL	4:1b0d80432c79	1557
wolfSSL	4:1b0d80432c79	1558	#ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	1559	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1560	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1561	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	4:1b0d80432c79	1562	}
wolfSSL	4:1b0d80432c79	1563	#endif
wolfSSL	4:1b0d80432c79	1564
wolfSSL	4:1b0d80432c79	1565	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1566	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1567	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1568	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1569	}
wolfSSL	4:1b0d80432c79	1570	#endif
wolfSSL	4:1b0d80432c79	1571
wolfSSL	4:1b0d80432c79	1572	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	1573	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1574	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1575	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1576	}
wolfSSL	4:1b0d80432c79	1577	#endif
wolfSSL	4:1b0d80432c79	1578
wolfSSL	4:1b0d80432c79	1579	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	1580	if (tls && haveRSA) {
wolfSSL	4:1b0d80432c79	1581	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1582	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1583	}
wolfSSL	4:1b0d80432c79	1584	#endif
wolfSSL	4:1b0d80432c79	1585
wolfSSL	4:1b0d80432c79	1586	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	1587	if (tls && haveDH && haveRSA) {
wolfSSL	4:1b0d80432c79	1588	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1589	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	4:1b0d80432c79	1590	}
wolfSSL	4:1b0d80432c79	1591	#endif
wolfSSL	4:1b0d80432c79	1592
wolfSSL	4:1b0d80432c79	1593	#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	4:1b0d80432c79	1594	if (haveRSA) {
wolfSSL	4:1b0d80432c79	1595	suites->suites[idx++] = 0;
wolfSSL	4:1b0d80432c79	1596	suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA;
wolfSSL	4:1b0d80432c79	1597	}
wolfSSL	4:1b0d80432c79	1598	#endif
wolfSSL	4:1b0d80432c79	1599
wolfSSL	4:1b0d80432c79	1600	suites->suiteSz = idx;
wolfSSL	4:1b0d80432c79	1601
wolfSSL	4:1b0d80432c79	1602	InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0);
wolfSSL	4:1b0d80432c79	1603	}
wolfSSL	4:1b0d80432c79	1604
wolfSSL	4:1b0d80432c79	1605
wolfSSL	4:1b0d80432c79	1606	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1607
wolfSSL	4:1b0d80432c79	1608
wolfSSL	4:1b0d80432c79	1609	void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
wolfSSL	4:1b0d80432c79	1610	{
wolfSSL	4:1b0d80432c79	1611	(void)dynamicFlag;
wolfSSL	4:1b0d80432c79	1612
wolfSSL	4:1b0d80432c79	1613	if (name != NULL) {
wolfSSL	4:1b0d80432c79	1614	name->name = name->staticName;
wolfSSL	4:1b0d80432c79	1615	name->dynamicName = 0;
wolfSSL	4:1b0d80432c79	1616	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	1617	XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL	4:1b0d80432c79	1618	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	1619	}
wolfSSL	4:1b0d80432c79	1620	}
wolfSSL	4:1b0d80432c79	1621
wolfSSL	4:1b0d80432c79	1622
wolfSSL	4:1b0d80432c79	1623	void FreeX509Name(WOLFSSL_X509_NAME* name)
wolfSSL	4:1b0d80432c79	1624	{
wolfSSL	4:1b0d80432c79	1625	if (name != NULL) {
wolfSSL	4:1b0d80432c79	1626	if (name->dynamicName)
wolfSSL	4:1b0d80432c79	1627	XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL	4:1b0d80432c79	1628	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	1629	if (name->fullName.fullName != NULL)
wolfSSL	4:1b0d80432c79	1630	XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509);
wolfSSL	4:1b0d80432c79	1631	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	1632	}
wolfSSL	4:1b0d80432c79	1633	}
wolfSSL	4:1b0d80432c79	1634
wolfSSL	4:1b0d80432c79	1635
wolfSSL	4:1b0d80432c79	1636	/* Initialize wolfSSL X509 type */
wolfSSL	4:1b0d80432c79	1637	void InitX509(WOLFSSL_X509* x509, int dynamicFlag)
wolfSSL	4:1b0d80432c79	1638	{
wolfSSL	4:1b0d80432c79	1639	InitX509Name(&x509->issuer, 0);
wolfSSL	4:1b0d80432c79	1640	InitX509Name(&x509->subject, 0);
wolfSSL	4:1b0d80432c79	1641	x509->version = 0;
wolfSSL	4:1b0d80432c79	1642	x509->pubKey.buffer = NULL;
wolfSSL	4:1b0d80432c79	1643	x509->sig.buffer = NULL;
wolfSSL	4:1b0d80432c79	1644	x509->derCert = NULL;
wolfSSL	4:1b0d80432c79	1645	x509->altNames = NULL;
wolfSSL	4:1b0d80432c79	1646	x509->altNamesNext = NULL;
wolfSSL	4:1b0d80432c79	1647	x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL	4:1b0d80432c79	1648	x509->isCa = 0;
wolfSSL	4:1b0d80432c79	1649	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	1650	x509->pkCurveOID = 0;
wolfSSL	4:1b0d80432c79	1651	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	1652	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	1653	x509->pathLength = 0;
wolfSSL	4:1b0d80432c79	1654	x509->basicConstSet = 0;
wolfSSL	4:1b0d80432c79	1655	x509->basicConstCrit = 0;
wolfSSL	4:1b0d80432c79	1656	x509->basicConstPlSet = 0;
wolfSSL	4:1b0d80432c79	1657	x509->subjAltNameSet = 0;
wolfSSL	4:1b0d80432c79	1658	x509->subjAltNameCrit = 0;
wolfSSL	4:1b0d80432c79	1659	x509->authKeyIdSet = 0;
wolfSSL	4:1b0d80432c79	1660	x509->authKeyIdCrit = 0;
wolfSSL	4:1b0d80432c79	1661	x509->authKeyId = NULL;
wolfSSL	4:1b0d80432c79	1662	x509->authKeyIdSz = 0;
wolfSSL	4:1b0d80432c79	1663	x509->subjKeyIdSet = 0;
wolfSSL	4:1b0d80432c79	1664	x509->subjKeyIdCrit = 0;
wolfSSL	4:1b0d80432c79	1665	x509->subjKeyId = NULL;
wolfSSL	4:1b0d80432c79	1666	x509->subjKeyIdSz = 0;
wolfSSL	4:1b0d80432c79	1667	x509->keyUsageSet = 0;
wolfSSL	4:1b0d80432c79	1668	x509->keyUsageCrit = 0;
wolfSSL	4:1b0d80432c79	1669	x509->keyUsage = 0;
wolfSSL	4:1b0d80432c79	1670	#ifdef WOLFSSL_SEP
wolfSSL	4:1b0d80432c79	1671	x509->certPolicySet = 0;
wolfSSL	4:1b0d80432c79	1672	x509->certPolicyCrit = 0;
wolfSSL	4:1b0d80432c79	1673	#endif /* WOLFSSL_SEP */
wolfSSL	4:1b0d80432c79	1674	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	1675	}
wolfSSL	4:1b0d80432c79	1676
wolfSSL	4:1b0d80432c79	1677
wolfSSL	4:1b0d80432c79	1678	/* Free wolfSSL X509 type */
wolfSSL	4:1b0d80432c79	1679	void FreeX509(WOLFSSL_X509* x509)
wolfSSL	4:1b0d80432c79	1680	{
wolfSSL	4:1b0d80432c79	1681	if (x509 == NULL)
wolfSSL	4:1b0d80432c79	1682	return;
wolfSSL	4:1b0d80432c79	1683
wolfSSL	4:1b0d80432c79	1684	FreeX509Name(&x509->issuer);
wolfSSL	4:1b0d80432c79	1685	FreeX509Name(&x509->subject);
wolfSSL	4:1b0d80432c79	1686	if (x509->pubKey.buffer)
wolfSSL	4:1b0d80432c79	1687	XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	4:1b0d80432c79	1688	FreeDer(&x509->derCert);
wolfSSL	4:1b0d80432c79	1689	XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	4:1b0d80432c79	1690	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	1691	XFREE(x509->authKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL	4:1b0d80432c79	1692	XFREE(x509->subjKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL	4:1b0d80432c79	1693	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	1694	if (x509->altNames)
wolfSSL	4:1b0d80432c79	1695	FreeAltNames(x509->altNames, NULL);
wolfSSL	4:1b0d80432c79	1696	}
wolfSSL	4:1b0d80432c79	1697
wolfSSL	4:1b0d80432c79	1698
wolfSSL	4:1b0d80432c79	1699	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	1700
wolfSSL	4:1b0d80432c79	1701	/* Verify RSA signature, 0 on success */
wolfSSL	4:1b0d80432c79	1702	int VerifyRsaSign(const byte* sig, word32 sigSz,
wolfSSL	4:1b0d80432c79	1703	const byte* plain, word32 plainSz, RsaKey* key)
wolfSSL	4:1b0d80432c79	1704	{
wolfSSL	4:1b0d80432c79	1705	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	1706	byte* verifySig = NULL;
wolfSSL	4:1b0d80432c79	1707	#else
wolfSSL	4:1b0d80432c79	1708	byte verifySig[ENCRYPT_LEN];
wolfSSL	4:1b0d80432c79	1709	#endif
wolfSSL	4:1b0d80432c79	1710	byte* out = NULL; /* inline result */
wolfSSL	4:1b0d80432c79	1711	int ret;
wolfSSL	4:1b0d80432c79	1712
wolfSSL	4:1b0d80432c79	1713	WOLFSSL_ENTER("VerifyRsaSign");
wolfSSL	4:1b0d80432c79	1714
wolfSSL	4:1b0d80432c79	1715	if (sig == NULL \|\| plain == NULL \|\| key == NULL) {
wolfSSL	4:1b0d80432c79	1716	WOLFSSL_MSG("Null pointer input");
wolfSSL	4:1b0d80432c79	1717	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1718	}
wolfSSL	4:1b0d80432c79	1719
wolfSSL	4:1b0d80432c79	1720	if (sigSz > ENCRYPT_LEN) {
wolfSSL	4:1b0d80432c79	1721	WOLFSSL_MSG("Signature buffer too big");
wolfSSL	4:1b0d80432c79	1722	return BUFFER_E;
wolfSSL	4:1b0d80432c79	1723	}
wolfSSL	4:1b0d80432c79	1724
wolfSSL	4:1b0d80432c79	1725	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	1726	verifySig = (byte*)XMALLOC(ENCRYPT_LEN, NULL,
wolfSSL	4:1b0d80432c79	1727	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	4:1b0d80432c79	1728	if (verifySig == NULL)
wolfSSL	4:1b0d80432c79	1729	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	1730	#endif
wolfSSL	4:1b0d80432c79	1731
wolfSSL	4:1b0d80432c79	1732	XMEMCPY(verifySig, sig, sigSz);
wolfSSL	4:1b0d80432c79	1733	ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
wolfSSL	4:1b0d80432c79	1734
wolfSSL	4:1b0d80432c79	1735	if (ret != (int)plainSz \|\| !out \|\| XMEMCMP(plain, out, plainSz) != 0) {
wolfSSL	4:1b0d80432c79	1736	WOLFSSL_MSG("RSA Signature verification failed");
wolfSSL	4:1b0d80432c79	1737	ret = RSA_SIGN_FAULT;
wolfSSL	4:1b0d80432c79	1738	} else {
wolfSSL	4:1b0d80432c79	1739	ret = 0; /* RSA reset */
wolfSSL	4:1b0d80432c79	1740	}
wolfSSL	4:1b0d80432c79	1741
wolfSSL	4:1b0d80432c79	1742	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	1743	XFREE(verifySig, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	4:1b0d80432c79	1744	#endif
wolfSSL	4:1b0d80432c79	1745
wolfSSL	4:1b0d80432c79	1746	return ret;
wolfSSL	4:1b0d80432c79	1747	}
wolfSSL	4:1b0d80432c79	1748
wolfSSL	4:1b0d80432c79	1749	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	1750
wolfSSL	4:1b0d80432c79	1751	#endif /* NO_CERTS */
wolfSSL	4:1b0d80432c79	1752
wolfSSL	4:1b0d80432c79	1753
wolfSSL	4:1b0d80432c79	1754	/* This function inherits a WOLFSSL_CTX's fields into an SSL object.
wolfSSL	4:1b0d80432c79	1755	It is used during initialization and to switch an ssl's CTX with
wolfSSL	4:1b0d80432c79	1756	wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK
wolfSSL	4:1b0d80432c79	1757	SSL_SUCCESS return value on success */
wolfSSL	4:1b0d80432c79	1758	int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL	4:1b0d80432c79	1759	{
wolfSSL	4:1b0d80432c79	1760	byte havePSK = 0;
wolfSSL	4:1b0d80432c79	1761	byte haveAnon = 0;
wolfSSL	4:1b0d80432c79	1762	byte newSSL;
wolfSSL	4:1b0d80432c79	1763	byte haveRSA = 0;
wolfSSL	4:1b0d80432c79	1764	(void) haveAnon; /* Squash unused var warnings */
wolfSSL	4:1b0d80432c79	1765
wolfSSL	4:1b0d80432c79	1766	if(!ssl \|\| !ctx \|\| ssl->suites == NULL)
wolfSSL	4:1b0d80432c79	1767	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	1768
wolfSSL	4:1b0d80432c79	1769	newSSL = ssl->ctx == NULL; /* Assign after null check */
wolfSSL	4:1b0d80432c79	1770
wolfSSL	4:1b0d80432c79	1771	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	1772	if (ctx->server_hint[0] && ssl->arrays == NULL) {
wolfSSL	4:1b0d80432c79	1773	return BAD_FUNC_ARG; /* needed for copy below */
wolfSSL	4:1b0d80432c79	1774	}
wolfSSL	4:1b0d80432c79	1775	#endif
wolfSSL	4:1b0d80432c79	1776
wolfSSL	4:1b0d80432c79	1777
wolfSSL	4:1b0d80432c79	1778	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	1779	haveRSA = 1;
wolfSSL	4:1b0d80432c79	1780	#endif
wolfSSL	4:1b0d80432c79	1781	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	1782	havePSK = ctx->havePSK;
wolfSSL	4:1b0d80432c79	1783	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	1784	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	1785	haveAnon = ctx->haveAnon;
wolfSSL	4:1b0d80432c79	1786	#endif /* HAVE_ANON*/
wolfSSL	4:1b0d80432c79	1787
wolfSSL	4:1b0d80432c79	1788	/* decrement previous CTX reference count if exists.
wolfSSL	4:1b0d80432c79	1789	* This should only happen if switching ctxs!*/
wolfSSL	4:1b0d80432c79	1790	if (!newSSL) {
wolfSSL	4:1b0d80432c79	1791	WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL	4:1b0d80432c79	1792	wolfSSL_CTX_free(ssl->ctx);
wolfSSL	4:1b0d80432c79	1793	}
wolfSSL	4:1b0d80432c79	1794
wolfSSL	4:1b0d80432c79	1795	/* increment CTX reference count */
wolfSSL	4:1b0d80432c79	1796	if (LockMutex(&ctx->countMutex) != 0) {
wolfSSL	4:1b0d80432c79	1797	WOLFSSL_MSG("Couldn't lock CTX count mutex");
wolfSSL	4:1b0d80432c79	1798	return BAD_MUTEX_E;
wolfSSL	4:1b0d80432c79	1799	}
wolfSSL	4:1b0d80432c79	1800	ctx->refCount++;
wolfSSL	4:1b0d80432c79	1801	UnLockMutex(&ctx->countMutex);
wolfSSL	4:1b0d80432c79	1802	ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL	4:1b0d80432c79	1803	ssl->version = ctx->method->version;
wolfSSL	4:1b0d80432c79	1804
wolfSSL	4:1b0d80432c79	1805	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	1806	ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL	4:1b0d80432c79	1807	ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL	4:1b0d80432c79	1808	#endif
wolfSSL	4:1b0d80432c79	1809
wolfSSL	4:1b0d80432c79	1810	ssl->timeout = ctx->timeout;
wolfSSL	4:1b0d80432c79	1811	ssl->verifyCallback = ctx->verifyCallback;
wolfSSL	4:1b0d80432c79	1812	ssl->options.side = ctx->method->side;
wolfSSL	4:1b0d80432c79	1813	ssl->options.downgrade = ctx->method->downgrade;
wolfSSL	4:1b0d80432c79	1814	ssl->options.minDowngrade = ctx->minDowngrade;
wolfSSL	4:1b0d80432c79	1815
wolfSSL	4:1b0d80432c79	1816	if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	4:1b0d80432c79	1817	ssl->options.haveDH = ctx->haveDH;
wolfSSL	4:1b0d80432c79	1818
wolfSSL	4:1b0d80432c79	1819	ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL	4:1b0d80432c79	1820	ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL	4:1b0d80432c79	1821	ssl->options.haveECC = ctx->haveECC;
wolfSSL	4:1b0d80432c79	1822	ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL	4:1b0d80432c79	1823
wolfSSL	4:1b0d80432c79	1824	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	1825	ssl->options.havePSK = ctx->havePSK;
wolfSSL	4:1b0d80432c79	1826	ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL	4:1b0d80432c79	1827	ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL	4:1b0d80432c79	1828	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	1829
wolfSSL	4:1b0d80432c79	1830	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	1831	ssl->options.haveAnon = ctx->haveAnon;
wolfSSL	4:1b0d80432c79	1832	#endif
wolfSSL	4:1b0d80432c79	1833	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	1834	ssl->options.minDhKeySz = ctx->minDhKeySz;
wolfSSL	4:1b0d80432c79	1835	#endif
wolfSSL	4:1b0d80432c79	1836
wolfSSL	4:1b0d80432c79	1837	ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL	4:1b0d80432c79	1838	ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL	4:1b0d80432c79	1839
wolfSSL	4:1b0d80432c79	1840	ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL	4:1b0d80432c79	1841	ssl->options.verifyNone = ctx->verifyNone;
wolfSSL	4:1b0d80432c79	1842	ssl->options.failNoCert = ctx->failNoCert;
wolfSSL	4:1b0d80432c79	1843	ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
wolfSSL	4:1b0d80432c79	1844	ssl->options.sendVerify = ctx->sendVerify;
wolfSSL	4:1b0d80432c79	1845
wolfSSL	4:1b0d80432c79	1846	ssl->heap = ctx->heap; /* defaults to self */
wolfSSL	4:1b0d80432c79	1847	ssl->options.partialWrite = ctx->partialWrite;
wolfSSL	4:1b0d80432c79	1848	ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL	4:1b0d80432c79	1849	ssl->options.groupMessages = ctx->groupMessages;
wolfSSL	4:1b0d80432c79	1850
wolfSSL	4:1b0d80432c79	1851	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	1852	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	1853	ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL	4:1b0d80432c79	1854	ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL	4:1b0d80432c79	1855	}
wolfSSL	4:1b0d80432c79	1856	#endif
wolfSSL	4:1b0d80432c79	1857
wolfSSL	4:1b0d80432c79	1858	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1859	/* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL	4:1b0d80432c79	1860	ssl->buffers.certificate = ctx->certificate;
wolfSSL	4:1b0d80432c79	1861	ssl->buffers.certChain = ctx->certChain;
wolfSSL	4:1b0d80432c79	1862	ssl->buffers.key = ctx->privateKey;
wolfSSL	4:1b0d80432c79	1863	#endif
wolfSSL	4:1b0d80432c79	1864
wolfSSL	4:1b0d80432c79	1865	#ifdef HAVE_CAVIUM
wolfSSL	4:1b0d80432c79	1866	ssl->devId = ctx->devId;
wolfSSL	4:1b0d80432c79	1867	#endif
wolfSSL	4:1b0d80432c79	1868
wolfSSL	4:1b0d80432c79	1869	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	1870	if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL	4:1b0d80432c79	1871	XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
wolfSSL	4:1b0d80432c79	1872	ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL	4:1b0d80432c79	1873	}
wolfSSL	4:1b0d80432c79	1874	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	1875
wolfSSL	4:1b0d80432c79	1876	if (ctx->suites)
wolfSSL	4:1b0d80432c79	1877	ssl->suites = ctx->suites;
wolfSSL	4:1b0d80432c79	1878	else
wolfSSL	4:1b0d80432c79	1879	XMEMSET(ssl->suites, 0, sizeof(Suites));
wolfSSL	4:1b0d80432c79	1880
wolfSSL	4:1b0d80432c79	1881	/* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL	4:1b0d80432c79	1882	if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	4:1b0d80432c79	1883	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	4:1b0d80432c79	1884	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	4:1b0d80432c79	1885	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	4:1b0d80432c79	1886	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	4:1b0d80432c79	1887	else
wolfSSL	4:1b0d80432c79	1888	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
wolfSSL	4:1b0d80432c79	1889	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL	4:1b0d80432c79	1890	ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL	4:1b0d80432c79	1891	ssl->options.side);
wolfSSL	4:1b0d80432c79	1892
wolfSSL	4:1b0d80432c79	1893	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	1894	/* make sure server has cert and key unless using PSK or Anon
wolfSSL	4:1b0d80432c79	1895	* This should be true even if just switching ssl ctx */
wolfSSL	4:1b0d80432c79	1896	if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
wolfSSL	4:1b0d80432c79	1897	if (!ssl->buffers.certificate \|\| !ssl->buffers.certificate->buffer \|\|
wolfSSL	4:1b0d80432c79	1898	!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	4:1b0d80432c79	1899	WOLFSSL_MSG("Server missing certificate and/or private key");
wolfSSL	4:1b0d80432c79	1900	return NO_PRIVATE_KEY;
wolfSSL	4:1b0d80432c79	1901	}
wolfSSL	4:1b0d80432c79	1902	#endif
wolfSSL	4:1b0d80432c79	1903
wolfSSL	4:1b0d80432c79	1904	return SSL_SUCCESS;
wolfSSL	4:1b0d80432c79	1905	}
wolfSSL	4:1b0d80432c79	1906
wolfSSL	4:1b0d80432c79	1907
wolfSSL	4:1b0d80432c79	1908	/* init everything to 0, NULL, default values before calling anything that may
wolfSSL	4:1b0d80432c79	1909	fail so that destructor has a "good" state to cleanup
wolfSSL	4:1b0d80432c79	1910	0 on success */
wolfSSL	4:1b0d80432c79	1911	int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL	4:1b0d80432c79	1912	{
wolfSSL	4:1b0d80432c79	1913	int ret;
wolfSSL	4:1b0d80432c79	1914
wolfSSL	4:1b0d80432c79	1915	XMEMSET(ssl, 0, sizeof(WOLFSSL));
wolfSSL	4:1b0d80432c79	1916
wolfSSL	4:1b0d80432c79	1917	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	4:1b0d80432c79	1918	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	4:1b0d80432c79	1919
wolfSSL	4:1b0d80432c79	1920	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	4:1b0d80432c79	1921	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	4:1b0d80432c79	1922
wolfSSL	4:1b0d80432c79	1923	#if defined(KEEP_PEER_CERT) \|\| defined(GOAHEAD_WS)
wolfSSL	4:1b0d80432c79	1924	InitX509(&ssl->peerCert, 0);
wolfSSL	4:1b0d80432c79	1925	#endif
wolfSSL	4:1b0d80432c79	1926
wolfSSL	4:1b0d80432c79	1927	ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL	4:1b0d80432c79	1928	ssl->wfd = -1;
wolfSSL	4:1b0d80432c79	1929
wolfSSL	4:1b0d80432c79	1930	ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL	4:1b0d80432c79	1931	ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL	4:1b0d80432c79	1932
wolfSSL	4:1b0d80432c79	1933	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	1934	ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL	4:1b0d80432c79	1935	ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL	4:1b0d80432c79	1936	#endif
wolfSSL	4:1b0d80432c79	1937	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1938	ssl->dtls_expected_rx = MAX_MTU;
wolfSSL	4:1b0d80432c79	1939	#endif
wolfSSL	4:1b0d80432c79	1940
wolfSSL	4:1b0d80432c79	1941	ssl->options.serverState = NULL_STATE;
wolfSSL	4:1b0d80432c79	1942	ssl->options.clientState = NULL_STATE;
wolfSSL	4:1b0d80432c79	1943	ssl->options.connectState = CONNECT_BEGIN;
wolfSSL	4:1b0d80432c79	1944	ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL	4:1b0d80432c79	1945	ssl->options.handShakeState = NULL_STATE;
wolfSSL	4:1b0d80432c79	1946	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	1947
wolfSSL	4:1b0d80432c79	1948	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1949	ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL	4:1b0d80432c79	1950	ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL	4:1b0d80432c79	1951	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	4:1b0d80432c79	1952	#endif
wolfSSL	4:1b0d80432c79	1953
wolfSSL	4:1b0d80432c79	1954	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	1955	ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL	4:1b0d80432c79	1956	#else
wolfSSL	4:1b0d80432c79	1957	ssl->hmac = TLS_hmac;
wolfSSL	4:1b0d80432c79	1958	#endif
wolfSSL	4:1b0d80432c79	1959
wolfSSL	4:1b0d80432c79	1960
wolfSSL	4:1b0d80432c79	1961	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	1962	ssl->buffers.dtlsCtx.fd = -1;
wolfSSL	4:1b0d80432c79	1963	#endif
wolfSSL	4:1b0d80432c79	1964
wolfSSL	4:1b0d80432c79	1965	ssl->cipher.ssl = ssl;
wolfSSL	4:1b0d80432c79	1966
wolfSSL	4:1b0d80432c79	1967	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	1968	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	1969	ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL	4:1b0d80432c79	1970	#endif
wolfSSL	4:1b0d80432c79	1971	#ifdef HAVE_ALPN
wolfSSL	4:1b0d80432c79	1972	ssl->alpn_client_list = NULL;
wolfSSL	4:1b0d80432c79	1973	#endif
wolfSSL	4:1b0d80432c79	1974	#endif
wolfSSL	4:1b0d80432c79	1975
wolfSSL	4:1b0d80432c79	1976	/* default alert state (none) */
wolfSSL	4:1b0d80432c79	1977	ssl->alert_history.last_rx.code = -1;
wolfSSL	4:1b0d80432c79	1978	ssl->alert_history.last_rx.level = -1;
wolfSSL	4:1b0d80432c79	1979	ssl->alert_history.last_tx.code = -1;
wolfSSL	4:1b0d80432c79	1980	ssl->alert_history.last_tx.level = -1;
wolfSSL	4:1b0d80432c79	1981
wolfSSL	4:1b0d80432c79	1982	InitCiphers(ssl);
wolfSSL	4:1b0d80432c79	1983	InitCipherSpecs(&ssl->specs);
wolfSSL	4:1b0d80432c79	1984
wolfSSL	4:1b0d80432c79	1985	/* all done with init, now can return errors, call other stuff */
wolfSSL	4:1b0d80432c79	1986
wolfSSL	4:1b0d80432c79	1987	/* arrays */
wolfSSL	4:1b0d80432c79	1988	ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL	4:1b0d80432c79	1989	DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	1990	if (ssl->arrays == NULL) {
wolfSSL	4:1b0d80432c79	1991	WOLFSSL_MSG("Arrays Memory error");
wolfSSL	4:1b0d80432c79	1992	return MEMORY_E;
wolfSSL	4:1b0d80432c79	1993	}
wolfSSL	4:1b0d80432c79	1994	XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL	4:1b0d80432c79	1995
wolfSSL	4:1b0d80432c79	1996	/* suites */
wolfSSL	4:1b0d80432c79	1997	ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL	4:1b0d80432c79	1998	DYNAMIC_TYPE_SUITES);
wolfSSL	4:1b0d80432c79	1999	if (ssl->suites == NULL) {
wolfSSL	4:1b0d80432c79	2000	WOLFSSL_MSG("Suites Memory error");
wolfSSL	4:1b0d80432c79	2001	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2002	}
wolfSSL	4:1b0d80432c79	2003
wolfSSL	4:1b0d80432c79	2004	/* Initialize SSL with the appropriate fields from it's ctx */
wolfSSL	4:1b0d80432c79	2005	/* requires valid arrays and suites */
wolfSSL	4:1b0d80432c79	2006	if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	2007	return ret;
wolfSSL	4:1b0d80432c79	2008
wolfSSL	4:1b0d80432c79	2009	ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	2010
wolfSSL	4:1b0d80432c79	2011	/* hsHashes */
wolfSSL	4:1b0d80432c79	2012	ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
wolfSSL	4:1b0d80432c79	2013	DYNAMIC_TYPE_HASHES);
wolfSSL	4:1b0d80432c79	2014	if (ssl->hsHashes == NULL) {
wolfSSL	4:1b0d80432c79	2015	WOLFSSL_MSG("HS_Hashes Memory error");
wolfSSL	4:1b0d80432c79	2016	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2017	}
wolfSSL	4:1b0d80432c79	2018
wolfSSL	4:1b0d80432c79	2019	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	2020	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	2021	wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL	4:1b0d80432c79	2022	#endif
wolfSSL	4:1b0d80432c79	2023	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	2024	ret = wc_InitSha(&ssl->hsHashes->hashSha);
wolfSSL	4:1b0d80432c79	2025	if (ret != 0) {
wolfSSL	4:1b0d80432c79	2026	return ret;
wolfSSL	4:1b0d80432c79	2027	}
wolfSSL	4:1b0d80432c79	2028	#endif
wolfSSL	4:1b0d80432c79	2029	#endif
wolfSSL	4:1b0d80432c79	2030	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	2031	ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
wolfSSL	4:1b0d80432c79	2032	if (ret != 0) {
wolfSSL	4:1b0d80432c79	2033	return ret;
wolfSSL	4:1b0d80432c79	2034	}
wolfSSL	4:1b0d80432c79	2035	#endif
wolfSSL	4:1b0d80432c79	2036	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	2037	ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
wolfSSL	4:1b0d80432c79	2038	if (ret != 0) {
wolfSSL	4:1b0d80432c79	2039	return ret;
wolfSSL	4:1b0d80432c79	2040	}
wolfSSL	4:1b0d80432c79	2041	#endif
wolfSSL	4:1b0d80432c79	2042	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	2043	ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
wolfSSL	4:1b0d80432c79	2044	if (ret != 0) {
wolfSSL	4:1b0d80432c79	2045	return ret;
wolfSSL	4:1b0d80432c79	2046	}
wolfSSL	4:1b0d80432c79	2047	#endif
wolfSSL	4:1b0d80432c79	2048
wolfSSL	4:1b0d80432c79	2049	/* RNG */
wolfSSL	4:1b0d80432c79	2050	ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	4:1b0d80432c79	2051	if (ssl->rng == NULL) {
wolfSSL	4:1b0d80432c79	2052	WOLFSSL_MSG("RNG Memory error");
wolfSSL	4:1b0d80432c79	2053	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2054	}
wolfSSL	4:1b0d80432c79	2055
wolfSSL	4:1b0d80432c79	2056	if ( (ret = wc_InitRng(ssl->rng)) != 0) {
wolfSSL	4:1b0d80432c79	2057	WOLFSSL_MSG("RNG Init error");
wolfSSL	4:1b0d80432c79	2058	return ret;
wolfSSL	4:1b0d80432c79	2059	}
wolfSSL	4:1b0d80432c79	2060
wolfSSL	4:1b0d80432c79	2061	#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	4:1b0d80432c79	2062	if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	2063	ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL	4:1b0d80432c79	2064	if (ret != 0) {
wolfSSL	4:1b0d80432c79	2065	WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL	4:1b0d80432c79	2066	return ret;
wolfSSL	4:1b0d80432c79	2067	}
wolfSSL	4:1b0d80432c79	2068	}
wolfSSL	4:1b0d80432c79	2069	#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	2070
wolfSSL	4:1b0d80432c79	2071	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	4:1b0d80432c79	2072	ssl->sessionSecretCb = NULL;
wolfSSL	4:1b0d80432c79	2073	ssl->sessionSecretCtx = NULL;
wolfSSL	4:1b0d80432c79	2074	#endif
wolfSSL	4:1b0d80432c79	2075	return 0;
wolfSSL	4:1b0d80432c79	2076	}
wolfSSL	4:1b0d80432c79	2077
wolfSSL	4:1b0d80432c79	2078
wolfSSL	4:1b0d80432c79	2079	/* free use of temporary arrays */
wolfSSL	4:1b0d80432c79	2080	void FreeArrays(WOLFSSL* ssl, int keep)
wolfSSL	4:1b0d80432c79	2081	{
wolfSSL	4:1b0d80432c79	2082	if (ssl->arrays && keep) {
wolfSSL	4:1b0d80432c79	2083	/* keeps session id for user retrieval */
wolfSSL	4:1b0d80432c79	2084	XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL	4:1b0d80432c79	2085	ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL	4:1b0d80432c79	2086	}
wolfSSL	4:1b0d80432c79	2087	if (ssl->arrays) {
wolfSSL	4:1b0d80432c79	2088	XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	2089	ssl->arrays->pendingMsg = NULL;
wolfSSL	4:1b0d80432c79	2090	ForceZero(ssl->arrays, sizeof(Arrays)); /* clear arrays struct */
wolfSSL	4:1b0d80432c79	2091	}
wolfSSL	4:1b0d80432c79	2092	XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	2093	ssl->arrays = NULL;
wolfSSL	4:1b0d80432c79	2094	}
wolfSSL	4:1b0d80432c79	2095
wolfSSL	4:1b0d80432c79	2096
wolfSSL	4:1b0d80432c79	2097	/* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL	4:1b0d80432c79	2098	void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2099	{
wolfSSL	4:1b0d80432c79	2100	/* Note: any resources used during the handshake should be released in the
wolfSSL	4:1b0d80432c79	2101	* function FreeHandshakeResources(). Be careful with the special cases
wolfSSL	4:1b0d80432c79	2102	* like the RNG which may optionally be kept for the whole session. (For
wolfSSL	4:1b0d80432c79	2103	* example with the RNG, it isn't used beyond the handshake except when
wolfSSL	4:1b0d80432c79	2104	* using stream ciphers where it is retained. */
wolfSSL	4:1b0d80432c79	2105
wolfSSL	4:1b0d80432c79	2106	FreeCiphers(ssl);
wolfSSL	4:1b0d80432c79	2107	FreeArrays(ssl, 0);
wolfSSL	4:1b0d80432c79	2108	wc_FreeRng(ssl->rng);
wolfSSL	4:1b0d80432c79	2109	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	4:1b0d80432c79	2110	XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	4:1b0d80432c79	2111	XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	4:1b0d80432c79	2112	XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL	4:1b0d80432c79	2113
wolfSSL	4:1b0d80432c79	2114	/* clear keys struct after session */
wolfSSL	4:1b0d80432c79	2115	ForceZero(&(ssl->keys), sizeof(Keys));
wolfSSL	4:1b0d80432c79	2116
wolfSSL	4:1b0d80432c79	2117	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	2118	if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL	4:1b0d80432c79	2119	ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	2120	ssl->buffers.serverDH_Priv.length);
wolfSSL	4:1b0d80432c79	2121	}
wolfSSL	4:1b0d80432c79	2122	XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2123	XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2124	/* parameters (p,g) may be owned by ctx */
wolfSSL	4:1b0d80432c79	2125	if (ssl->buffers.weOwnDH \|\| ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	2126	XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2127	XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2128	}
wolfSSL	4:1b0d80432c79	2129	#endif
wolfSSL	4:1b0d80432c79	2130	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2131	wolfSSL_UnloadCertsKeys(ssl);
wolfSSL	4:1b0d80432c79	2132	#endif
wolfSSL	4:1b0d80432c79	2133	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2134	if (ssl->peerRsaKey) {
wolfSSL	4:1b0d80432c79	2135	wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL	4:1b0d80432c79	2136	XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	2137	}
wolfSSL	4:1b0d80432c79	2138	#endif
wolfSSL	4:1b0d80432c79	2139	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	2140	ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL	4:1b0d80432c79	2141	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	2142	ShrinkOutputBuffer(ssl);
wolfSSL	4:1b0d80432c79	2143	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2144	DtlsPoolDelete(ssl);
wolfSSL	4:1b0d80432c79	2145	if (ssl->dtls_msg_list != NULL) {
wolfSSL	4:1b0d80432c79	2146	DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL	4:1b0d80432c79	2147	ssl->dtls_msg_list = NULL;
wolfSSL	4:1b0d80432c79	2148	}
wolfSSL	4:1b0d80432c79	2149	XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL	4:1b0d80432c79	2150	ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL	4:1b0d80432c79	2151	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	2152	XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
wolfSSL	4:1b0d80432c79	2153	DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL	4:1b0d80432c79	2154	#endif
wolfSSL	4:1b0d80432c79	2155	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	2156	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	4:1b0d80432c79	2157	if (ssl->biord != ssl->biowr) /* only free write if different */
wolfSSL	4:1b0d80432c79	2158	wolfSSL_BIO_free(ssl->biowr);
wolfSSL	4:1b0d80432c79	2159	wolfSSL_BIO_free(ssl->biord); /* always free read bio */
wolfSSL	4:1b0d80432c79	2160	#endif
wolfSSL	4:1b0d80432c79	2161	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	2162	FreeStreams(ssl);
wolfSSL	4:1b0d80432c79	2163	#endif
wolfSSL	4:1b0d80432c79	2164	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2165	if (ssl->peerEccKey) {
wolfSSL	4:1b0d80432c79	2166	if (ssl->peerEccKeyPresent)
wolfSSL	4:1b0d80432c79	2167	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	2168	XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2169	}
wolfSSL	4:1b0d80432c79	2170	if (ssl->peerEccDsaKey) {
wolfSSL	4:1b0d80432c79	2171	if (ssl->peerEccDsaKeyPresent)
wolfSSL	4:1b0d80432c79	2172	wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	2173	XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2174	}
wolfSSL	4:1b0d80432c79	2175	if (ssl->eccTempKey) {
wolfSSL	4:1b0d80432c79	2176	if (ssl->eccTempKeyPresent)
wolfSSL	4:1b0d80432c79	2177	wc_ecc_free(ssl->eccTempKey);
wolfSSL	4:1b0d80432c79	2178	XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2179	}
wolfSSL	4:1b0d80432c79	2180	#endif
wolfSSL	4:1b0d80432c79	2181	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	2182	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2183	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2184	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	2185	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2186	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	2187	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	2188	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	4:1b0d80432c79	2189	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	2190	TLSX_FreeAll(ssl->extensions);
wolfSSL	4:1b0d80432c79	2191
wolfSSL	4:1b0d80432c79	2192	#ifdef HAVE_ALPN
wolfSSL	4:1b0d80432c79	2193	if (ssl->alpn_client_list != NULL) {
wolfSSL	4:1b0d80432c79	2194	XFREE(ssl->alpn_client_list, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	2195	ssl->alpn_client_list = NULL;
wolfSSL	4:1b0d80432c79	2196	}
wolfSSL	4:1b0d80432c79	2197	#endif
wolfSSL	4:1b0d80432c79	2198	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	4:1b0d80432c79	2199	#ifdef HAVE_NETX
wolfSSL	4:1b0d80432c79	2200	if (ssl->nxCtx.nxPacket)
wolfSSL	4:1b0d80432c79	2201	nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL	4:1b0d80432c79	2202	#endif
wolfSSL	4:1b0d80432c79	2203	#if defined(KEEP_PEER_CERT) \|\| defined(GOAHEAD_WS)
wolfSSL	4:1b0d80432c79	2204	FreeX509(&ssl->peerCert);
wolfSSL	4:1b0d80432c79	2205	#endif
wolfSSL	4:1b0d80432c79	2206	}
wolfSSL	4:1b0d80432c79	2207
wolfSSL	4:1b0d80432c79	2208	#ifdef WOLFSSL_TI_HASH
wolfSSL	4:1b0d80432c79	2209	static void HashFinal(WOLFSSL * ssl) {
wolfSSL	4:1b0d80432c79	2210	byte dummyHash[32] ;
wolfSSL	4:1b0d80432c79	2211	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	2212	wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
wolfSSL	4:1b0d80432c79	2213	#endif
wolfSSL	4:1b0d80432c79	2214	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	2215	wc_ShaFinal(&(ssl->hsHashes->hashSha), dummyHash) ;
wolfSSL	4:1b0d80432c79	2216	#endif
wolfSSL	4:1b0d80432c79	2217	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	2218	wc_Sha256Final(&(ssl->hsHashes->hashSha256), dummyHash) ;
wolfSSL	4:1b0d80432c79	2219	#endif
wolfSSL	4:1b0d80432c79	2220	}
wolfSSL	4:1b0d80432c79	2221	#else
wolfSSL	4:1b0d80432c79	2222
wolfSSL	4:1b0d80432c79	2223	#define HashFinal(ssl)
wolfSSL	4:1b0d80432c79	2224
wolfSSL	4:1b0d80432c79	2225	#endif
wolfSSL	4:1b0d80432c79	2226
wolfSSL	4:1b0d80432c79	2227	/* Free any handshake resources no longer needed */
wolfSSL	4:1b0d80432c79	2228	void FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2229	{
wolfSSL	4:1b0d80432c79	2230
wolfSSL	4:1b0d80432c79	2231	HashFinal(ssl) ;
wolfSSL	4:1b0d80432c79	2232	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	2233	if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL	4:1b0d80432c79	2234	WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
wolfSSL	4:1b0d80432c79	2235	return;
wolfSSL	4:1b0d80432c79	2236	}
wolfSSL	4:1b0d80432c79	2237	#endif
wolfSSL	4:1b0d80432c79	2238
wolfSSL	4:1b0d80432c79	2239	/* input buffer */
wolfSSL	4:1b0d80432c79	2240	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	2241	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	4:1b0d80432c79	2242
wolfSSL	4:1b0d80432c79	2243	/* suites */
wolfSSL	4:1b0d80432c79	2244	XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	4:1b0d80432c79	2245	ssl->suites = NULL;
wolfSSL	4:1b0d80432c79	2246
wolfSSL	4:1b0d80432c79	2247	/* hsHashes */
wolfSSL	4:1b0d80432c79	2248	XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	4:1b0d80432c79	2249	ssl->hsHashes = NULL;
wolfSSL	4:1b0d80432c79	2250
wolfSSL	4:1b0d80432c79	2251	/* RNG */
wolfSSL	4:1b0d80432c79	2252	if (ssl->specs.cipher_type == stream \|\| ssl->options.tls1_1 == 0) {
wolfSSL	4:1b0d80432c79	2253	wc_FreeRng(ssl->rng);
wolfSSL	4:1b0d80432c79	2254	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	4:1b0d80432c79	2255	ssl->rng = NULL;
wolfSSL	4:1b0d80432c79	2256	}
wolfSSL	4:1b0d80432c79	2257
wolfSSL	4:1b0d80432c79	2258	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2259	/* DTLS_POOL */
wolfSSL	4:1b0d80432c79	2260	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	2261	DtlsPoolDelete(ssl);
wolfSSL	4:1b0d80432c79	2262	DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL	4:1b0d80432c79	2263	ssl->dtls_msg_list = NULL;
wolfSSL	4:1b0d80432c79	2264	}
wolfSSL	4:1b0d80432c79	2265	#endif
wolfSSL	4:1b0d80432c79	2266
wolfSSL	4:1b0d80432c79	2267	/* arrays */
wolfSSL	4:1b0d80432c79	2268	if (ssl->options.saveArrays == 0)
wolfSSL	4:1b0d80432c79	2269	FreeArrays(ssl, 1);
wolfSSL	4:1b0d80432c79	2270
wolfSSL	4:1b0d80432c79	2271	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2272	/* peerRsaKey */
wolfSSL	4:1b0d80432c79	2273	if (ssl->peerRsaKey) {
wolfSSL	4:1b0d80432c79	2274	wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL	4:1b0d80432c79	2275	XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	2276	ssl->peerRsaKey = NULL;
wolfSSL	4:1b0d80432c79	2277	}
wolfSSL	4:1b0d80432c79	2278	#endif
wolfSSL	4:1b0d80432c79	2279
wolfSSL	4:1b0d80432c79	2280	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2281	if (ssl->peerEccKey)
wolfSSL	4:1b0d80432c79	2282	{
wolfSSL	4:1b0d80432c79	2283	if (ssl->peerEccKeyPresent) {
wolfSSL	4:1b0d80432c79	2284	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	2285	ssl->peerEccKeyPresent = 0;
wolfSSL	4:1b0d80432c79	2286	}
wolfSSL	4:1b0d80432c79	2287	XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2288	ssl->peerEccKey = NULL;
wolfSSL	4:1b0d80432c79	2289	}
wolfSSL	4:1b0d80432c79	2290	if (ssl->peerEccDsaKey)
wolfSSL	4:1b0d80432c79	2291	{
wolfSSL	4:1b0d80432c79	2292	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	4:1b0d80432c79	2293	wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	2294	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	4:1b0d80432c79	2295	}
wolfSSL	4:1b0d80432c79	2296	XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2297	ssl->peerEccDsaKey = NULL;
wolfSSL	4:1b0d80432c79	2298	}
wolfSSL	4:1b0d80432c79	2299	if (ssl->eccTempKey)
wolfSSL	4:1b0d80432c79	2300	{
wolfSSL	4:1b0d80432c79	2301	if (ssl->eccTempKeyPresent) {
wolfSSL	4:1b0d80432c79	2302	wc_ecc_free(ssl->eccTempKey);
wolfSSL	4:1b0d80432c79	2303	ssl->eccTempKeyPresent = 0;
wolfSSL	4:1b0d80432c79	2304	}
wolfSSL	4:1b0d80432c79	2305	XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2306	ssl->eccTempKey = NULL;
wolfSSL	4:1b0d80432c79	2307	}
wolfSSL	4:1b0d80432c79	2308	#endif
wolfSSL	4:1b0d80432c79	2309	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	2310	if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL	4:1b0d80432c79	2311	ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	2312	ssl->buffers.serverDH_Priv.length);
wolfSSL	4:1b0d80432c79	2313	}
wolfSSL	4:1b0d80432c79	2314	XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2315	ssl->buffers.serverDH_Priv.buffer = NULL;
wolfSSL	4:1b0d80432c79	2316	XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2317	ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL	4:1b0d80432c79	2318	/* parameters (p,g) may be owned by ctx */
wolfSSL	4:1b0d80432c79	2319	if (ssl->buffers.weOwnDH \|\| ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	2320	XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2321	ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL	4:1b0d80432c79	2322	XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	2323	ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL	4:1b0d80432c79	2324	}
wolfSSL	4:1b0d80432c79	2325	#endif
wolfSSL	4:1b0d80432c79	2326	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2327	wolfSSL_UnloadCertsKeys(ssl);
wolfSSL	4:1b0d80432c79	2328	#endif
wolfSSL	4:1b0d80432c79	2329	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	2330	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	2331	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	2332	ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL	4:1b0d80432c79	2333	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	2334	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	2335	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	2336	ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL	4:1b0d80432c79	2337	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	2338	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	4:1b0d80432c79	2339
wolfSSL	4:1b0d80432c79	2340	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	2341	QSH_FreeAll(ssl);
wolfSSL	4:1b0d80432c79	2342	#endif
wolfSSL	4:1b0d80432c79	2343	}
wolfSSL	4:1b0d80432c79	2344
wolfSSL	4:1b0d80432c79	2345
wolfSSL	4:1b0d80432c79	2346	void FreeSSL(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2347	{
wolfSSL	4:1b0d80432c79	2348	FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
wolfSSL	4:1b0d80432c79	2349	SSL_ResourceFree(ssl);
wolfSSL	4:1b0d80432c79	2350	XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
wolfSSL	4:1b0d80432c79	2351	}
wolfSSL	4:1b0d80432c79	2352
wolfSSL	4:1b0d80432c79	2353
wolfSSL	4:1b0d80432c79	2354	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2355
wolfSSL	4:1b0d80432c79	2356	int DtlsPoolInit(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2357	{
wolfSSL	4:1b0d80432c79	2358	if (ssl->dtls_pool == NULL) {
wolfSSL	4:1b0d80432c79	2359	DtlsPool pool = (DtlsPool)XMALLOC(sizeof(DtlsPool),
wolfSSL	4:1b0d80432c79	2360	ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	4:1b0d80432c79	2361	if (pool == NULL) {
wolfSSL	4:1b0d80432c79	2362	WOLFSSL_MSG("DTLS Buffer Pool Memory error");
wolfSSL	4:1b0d80432c79	2363	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2364	}
wolfSSL	4:1b0d80432c79	2365	else {
wolfSSL	4:1b0d80432c79	2366	int i;
wolfSSL	4:1b0d80432c79	2367
wolfSSL	4:1b0d80432c79	2368	for (i = 0; i < DTLS_POOL_SZ; i++) {
wolfSSL	4:1b0d80432c79	2369	pool->buf[i].length = 0;
wolfSSL	4:1b0d80432c79	2370	pool->buf[i].buffer = NULL;
wolfSSL	4:1b0d80432c79	2371	}
wolfSSL	4:1b0d80432c79	2372	pool->used = 0;
wolfSSL	4:1b0d80432c79	2373	ssl->dtls_pool = pool;
wolfSSL	4:1b0d80432c79	2374	}
wolfSSL	4:1b0d80432c79	2375	}
wolfSSL	4:1b0d80432c79	2376	return 0;
wolfSSL	4:1b0d80432c79	2377	}
wolfSSL	4:1b0d80432c79	2378
wolfSSL	4:1b0d80432c79	2379
wolfSSL	4:1b0d80432c79	2380	int DtlsPoolSave(WOLFSSL* ssl, const byte *src, int sz)
wolfSSL	4:1b0d80432c79	2381	{
wolfSSL	4:1b0d80432c79	2382	DtlsPool *pool = ssl->dtls_pool;
wolfSSL	4:1b0d80432c79	2383	if (pool != NULL && pool->used < DTLS_POOL_SZ) {
wolfSSL	4:1b0d80432c79	2384	buffer *pBuf = &pool->buf[pool->used];
wolfSSL	4:1b0d80432c79	2385	pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	4:1b0d80432c79	2386	if (pBuf->buffer == NULL) {
wolfSSL	4:1b0d80432c79	2387	WOLFSSL_MSG("DTLS Buffer Memory error");
wolfSSL	4:1b0d80432c79	2388	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	2389	}
wolfSSL	4:1b0d80432c79	2390	XMEMCPY(pBuf->buffer, src, sz);
wolfSSL	4:1b0d80432c79	2391	pool->epoch[pool->used] = ssl->keys.dtls_epoch;
wolfSSL	4:1b0d80432c79	2392	pBuf->length = (word32)sz;
wolfSSL	4:1b0d80432c79	2393	pool->used++;
wolfSSL	4:1b0d80432c79	2394	}
wolfSSL	4:1b0d80432c79	2395	return 0;
wolfSSL	4:1b0d80432c79	2396	}
wolfSSL	4:1b0d80432c79	2397
wolfSSL	4:1b0d80432c79	2398
wolfSSL	4:1b0d80432c79	2399	void DtlsPoolReset(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2400	{
wolfSSL	4:1b0d80432c79	2401	DtlsPool *pool = ssl->dtls_pool;
wolfSSL	4:1b0d80432c79	2402	if (pool != NULL) {
wolfSSL	4:1b0d80432c79	2403	buffer *pBuf;
wolfSSL	4:1b0d80432c79	2404	int i, used;
wolfSSL	4:1b0d80432c79	2405
wolfSSL	4:1b0d80432c79	2406	used = pool->used;
wolfSSL	4:1b0d80432c79	2407	for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) {
wolfSSL	4:1b0d80432c79	2408	XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	4:1b0d80432c79	2409	pBuf->buffer = NULL;
wolfSSL	4:1b0d80432c79	2410	pBuf->length = 0;
wolfSSL	4:1b0d80432c79	2411	}
wolfSSL	4:1b0d80432c79	2412	pool->used = 0;
wolfSSL	4:1b0d80432c79	2413	}
wolfSSL	4:1b0d80432c79	2414	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	4:1b0d80432c79	2415	}
wolfSSL	4:1b0d80432c79	2416
wolfSSL	4:1b0d80432c79	2417
wolfSSL	4:1b0d80432c79	2418	void DtlsPoolDelete(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2419	{
wolfSSL	4:1b0d80432c79	2420	if (ssl->dtls_pool != NULL) {
wolfSSL	4:1b0d80432c79	2421	DtlsPoolReset(ssl);
wolfSSL	4:1b0d80432c79	2422	XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	4:1b0d80432c79	2423	ssl->dtls_pool = NULL;
wolfSSL	4:1b0d80432c79	2424	}
wolfSSL	4:1b0d80432c79	2425	}
wolfSSL	4:1b0d80432c79	2426
wolfSSL	4:1b0d80432c79	2427
wolfSSL	4:1b0d80432c79	2428	int DtlsPoolTimeout(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2429	{
wolfSSL	4:1b0d80432c79	2430	int result = -1;
wolfSSL	4:1b0d80432c79	2431	if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL	4:1b0d80432c79	2432	ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL	4:1b0d80432c79	2433	result = 0;
wolfSSL	4:1b0d80432c79	2434	}
wolfSSL	4:1b0d80432c79	2435	return result;
wolfSSL	4:1b0d80432c79	2436	}
wolfSSL	4:1b0d80432c79	2437
wolfSSL	4:1b0d80432c79	2438
wolfSSL	4:1b0d80432c79	2439	int DtlsPoolSend(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	2440	{
wolfSSL	4:1b0d80432c79	2441	DtlsPool* pool = ssl->dtls_pool;
wolfSSL	4:1b0d80432c79	2442
wolfSSL	4:1b0d80432c79	2443	if (pool != NULL && pool->used > 0) {
wolfSSL	4:1b0d80432c79	2444	int ret = 0;
wolfSSL	4:1b0d80432c79	2445	int i;
wolfSSL	4:1b0d80432c79	2446	buffer* buf;
wolfSSL	4:1b0d80432c79	2447
wolfSSL	4:1b0d80432c79	2448	for (i = 0, buf = pool->buf; i < pool->used; i++, buf++) {
wolfSSL	4:1b0d80432c79	2449	if (pool->epoch[i] == 0) {
wolfSSL	4:1b0d80432c79	2450	DtlsRecordLayerHeader* dtls;
wolfSSL	4:1b0d80432c79	2451	word32* seqNumber;
wolfSSL	4:1b0d80432c79	2452
wolfSSL	4:1b0d80432c79	2453	dtls = (DtlsRecordLayerHeader*)buf->buffer;
wolfSSL	4:1b0d80432c79	2454	seqNumber = (ssl->keys.dtls_epoch == 0) ?
wolfSSL	4:1b0d80432c79	2455	&ssl->keys.dtls_sequence_number :
wolfSSL	4:1b0d80432c79	2456	&ssl->keys.dtls_prev_sequence_number;
wolfSSL	4:1b0d80432c79	2457	c32to48((*seqNumber)++, dtls->sequence_number);
wolfSSL	4:1b0d80432c79	2458	if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
wolfSSL	4:1b0d80432c79	2459	return ret;
wolfSSL	4:1b0d80432c79	2460
wolfSSL	4:1b0d80432c79	2461	XMEMCPY(ssl->buffers.outputBuffer.buffer,
wolfSSL	4:1b0d80432c79	2462	buf->buffer, buf->length);
wolfSSL	4:1b0d80432c79	2463	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	2464	ssl->buffers.outputBuffer.length = buf->length;
wolfSSL	4:1b0d80432c79	2465	}
wolfSSL	4:1b0d80432c79	2466	else if (pool->epoch[i] == ssl->keys.dtls_epoch) {
wolfSSL	4:1b0d80432c79	2467	byte* input;
wolfSSL	4:1b0d80432c79	2468	byte* output;
wolfSSL	4:1b0d80432c79	2469	int inputSz, sendSz;
wolfSSL	4:1b0d80432c79	2470
wolfSSL	4:1b0d80432c79	2471	input = buf->buffer;
wolfSSL	4:1b0d80432c79	2472	inputSz = buf->length;
wolfSSL	4:1b0d80432c79	2473	sendSz = inputSz + MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	2474
wolfSSL	4:1b0d80432c79	2475	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	2476	return ret;
wolfSSL	4:1b0d80432c79	2477
wolfSSL	4:1b0d80432c79	2478	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	2479	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	2480	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	4:1b0d80432c79	2481	handshake, 0);
wolfSSL	4:1b0d80432c79	2482	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	2483	return BUILD_MSG_ERROR;
wolfSSL	4:1b0d80432c79	2484
wolfSSL	4:1b0d80432c79	2485	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	2486	}
wolfSSL	4:1b0d80432c79	2487
wolfSSL	4:1b0d80432c79	2488	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	2489	if (ret < 0) {
wolfSSL	4:1b0d80432c79	2490	return ret;
wolfSSL	4:1b0d80432c79	2491	}
wolfSSL	4:1b0d80432c79	2492	}
wolfSSL	4:1b0d80432c79	2493	}
wolfSSL	4:1b0d80432c79	2494	return 0;
wolfSSL	4:1b0d80432c79	2495	}
wolfSSL	4:1b0d80432c79	2496
wolfSSL	4:1b0d80432c79	2497
wolfSSL	4:1b0d80432c79	2498	/* functions for managing DTLS datagram reordering */
wolfSSL	4:1b0d80432c79	2499
wolfSSL	4:1b0d80432c79	2500	/* Need to allocate space for the handshake message header. The hashing
wolfSSL	4:1b0d80432c79	2501	* routines assume the message pointer is still within the buffer that
wolfSSL	4:1b0d80432c79	2502	* has the headers, and will include those headers in the hash. The store
wolfSSL	4:1b0d80432c79	2503	* routines need to take that into account as well. New will allocate
wolfSSL	4:1b0d80432c79	2504	* extra space for the headers. */
wolfSSL	4:1b0d80432c79	2505	DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL	4:1b0d80432c79	2506	{
wolfSSL	4:1b0d80432c79	2507	DtlsMsg* msg = NULL;
wolfSSL	4:1b0d80432c79	2508
wolfSSL	4:1b0d80432c79	2509	msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	4:1b0d80432c79	2510
wolfSSL	4:1b0d80432c79	2511	if (msg != NULL) {
wolfSSL	4:1b0d80432c79	2512	XMEMSET(msg, 0, sizeof(DtlsMsg));
wolfSSL	4:1b0d80432c79	2513	msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	2514	heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL	4:1b0d80432c79	2515	if (msg->buf != NULL) {
wolfSSL	4:1b0d80432c79	2516	msg->sz = sz;
wolfSSL	4:1b0d80432c79	2517	msg->type = no_shake;
wolfSSL	4:1b0d80432c79	2518	msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	2519	}
wolfSSL	4:1b0d80432c79	2520	else {
wolfSSL	4:1b0d80432c79	2521	XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	4:1b0d80432c79	2522	msg = NULL;
wolfSSL	4:1b0d80432c79	2523	}
wolfSSL	4:1b0d80432c79	2524	}
wolfSSL	4:1b0d80432c79	2525
wolfSSL	4:1b0d80432c79	2526	return msg;
wolfSSL	4:1b0d80432c79	2527	}
wolfSSL	4:1b0d80432c79	2528
wolfSSL	4:1b0d80432c79	2529	void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL	4:1b0d80432c79	2530	{
wolfSSL	4:1b0d80432c79	2531	(void)heap;
wolfSSL	4:1b0d80432c79	2532
wolfSSL	4:1b0d80432c79	2533	if (item != NULL) {
wolfSSL	4:1b0d80432c79	2534	DtlsFrag* cur = item->fragList;
wolfSSL	4:1b0d80432c79	2535	while (cur != NULL) {
wolfSSL	4:1b0d80432c79	2536	DtlsFrag* next = cur->next;
wolfSSL	4:1b0d80432c79	2537	XFREE(cur, heap, DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL	4:1b0d80432c79	2538	cur = next;
wolfSSL	4:1b0d80432c79	2539	}
wolfSSL	4:1b0d80432c79	2540	if (item->buf != NULL)
wolfSSL	4:1b0d80432c79	2541	XFREE(item->buf, heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL	4:1b0d80432c79	2542	XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	4:1b0d80432c79	2543	}
wolfSSL	4:1b0d80432c79	2544	}
wolfSSL	4:1b0d80432c79	2545
wolfSSL	4:1b0d80432c79	2546
wolfSSL	4:1b0d80432c79	2547	void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL	4:1b0d80432c79	2548	{
wolfSSL	4:1b0d80432c79	2549	DtlsMsg* next;
wolfSSL	4:1b0d80432c79	2550	while (head) {
wolfSSL	4:1b0d80432c79	2551	next = head->next;
wolfSSL	4:1b0d80432c79	2552	DtlsMsgDelete(head, heap);
wolfSSL	4:1b0d80432c79	2553	head = next;
wolfSSL	4:1b0d80432c79	2554	}
wolfSSL	4:1b0d80432c79	2555	}
wolfSSL	4:1b0d80432c79	2556
wolfSSL	4:1b0d80432c79	2557
wolfSSL	4:1b0d80432c79	2558	/* Create a DTLS Fragment from begin - end, adjust new begin and bytesLeft */
wolfSSL	4:1b0d80432c79	2559	static DtlsFrag* CreateFragment(word32* begin, word32 end, const byte* data,
wolfSSL	4:1b0d80432c79	2560	byte* buf, word32* bytesLeft, void* heap)
wolfSSL	4:1b0d80432c79	2561	{
wolfSSL	4:1b0d80432c79	2562	DtlsFrag* newFrag;
wolfSSL	4:1b0d80432c79	2563	word32 added = end - *begin + 1;
wolfSSL	4:1b0d80432c79	2564
wolfSSL	4:1b0d80432c79	2565	newFrag = (DtlsFrag*)XMALLOC(sizeof(DtlsFrag), heap,
wolfSSL	4:1b0d80432c79	2566	DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL	4:1b0d80432c79	2567	if (newFrag != NULL) {
wolfSSL	4:1b0d80432c79	2568	newFrag->next = NULL;
wolfSSL	4:1b0d80432c79	2569	newFrag->begin = *begin;
wolfSSL	4:1b0d80432c79	2570	newFrag->end = end;
wolfSSL	4:1b0d80432c79	2571
wolfSSL	4:1b0d80432c79	2572	XMEMCPY(buf + *begin, data, added);
wolfSSL	4:1b0d80432c79	2573	*bytesLeft -= added;
wolfSSL	4:1b0d80432c79	2574	*begin = newFrag->end + 1;
wolfSSL	4:1b0d80432c79	2575	}
wolfSSL	4:1b0d80432c79	2576
wolfSSL	4:1b0d80432c79	2577	return newFrag;
wolfSSL	4:1b0d80432c79	2578	}
wolfSSL	4:1b0d80432c79	2579
wolfSSL	4:1b0d80432c79	2580
wolfSSL	4:1b0d80432c79	2581	int DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL	4:1b0d80432c79	2582	word32 fragOffset, word32 fragSz, void* heap)
wolfSSL	4:1b0d80432c79	2583	{
wolfSSL	4:1b0d80432c79	2584	if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
wolfSSL	4:1b0d80432c79	2585	(fragOffset + fragSz) <= msg->sz) {
wolfSSL	4:1b0d80432c79	2586	DtlsFrag* cur = msg->fragList;
wolfSSL	4:1b0d80432c79	2587	DtlsFrag* prev = cur;
wolfSSL	4:1b0d80432c79	2588	DtlsFrag* newFrag;
wolfSSL	4:1b0d80432c79	2589	word32 bytesLeft = fragSz; /* could be overlapping fragment */
wolfSSL	4:1b0d80432c79	2590	word32 startOffset = fragOffset;
wolfSSL	4:1b0d80432c79	2591	word32 added;
wolfSSL	4:1b0d80432c79	2592
wolfSSL	4:1b0d80432c79	2593	msg->seq = seq;
wolfSSL	4:1b0d80432c79	2594	msg->type = type;
wolfSSL	4:1b0d80432c79	2595
wolfSSL	4:1b0d80432c79	2596	if (fragOffset == 0) {
wolfSSL	4:1b0d80432c79	2597	XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	2598	DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL	4:1b0d80432c79	2599	c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL	4:1b0d80432c79	2600	}
wolfSSL	4:1b0d80432c79	2601
wolfSSL	4:1b0d80432c79	2602	/* if no mesage data, just return */
wolfSSL	4:1b0d80432c79	2603	if (fragSz == 0)
wolfSSL	4:1b0d80432c79	2604	return 0;
wolfSSL	4:1b0d80432c79	2605
wolfSSL	4:1b0d80432c79	2606	/* if list is empty add full fragment to front */
wolfSSL	4:1b0d80432c79	2607	if (cur == NULL) {
wolfSSL	4:1b0d80432c79	2608	newFrag = CreateFragment(&fragOffset, fragOffset + fragSz - 1, data,
wolfSSL	4:1b0d80432c79	2609	msg->msg, &bytesLeft, heap);
wolfSSL	4:1b0d80432c79	2610	if (newFrag == NULL)
wolfSSL	4:1b0d80432c79	2611	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2612
wolfSSL	4:1b0d80432c79	2613	msg->fragSz = fragSz;
wolfSSL	4:1b0d80432c79	2614	msg->fragList = newFrag;
wolfSSL	4:1b0d80432c79	2615
wolfSSL	4:1b0d80432c79	2616	return 0;
wolfSSL	4:1b0d80432c79	2617	}
wolfSSL	4:1b0d80432c79	2618
wolfSSL	4:1b0d80432c79	2619	/* add to front if before current front, up to next->begin */
wolfSSL	4:1b0d80432c79	2620	if (fragOffset < cur->begin) {
wolfSSL	4:1b0d80432c79	2621	word32 end = fragOffset + fragSz - 1;
wolfSSL	4:1b0d80432c79	2622
wolfSSL	4:1b0d80432c79	2623	if (end >= cur->begin)
wolfSSL	4:1b0d80432c79	2624	end = cur->begin - 1;
wolfSSL	4:1b0d80432c79	2625
wolfSSL	4:1b0d80432c79	2626	added = end - fragOffset + 1;
wolfSSL	4:1b0d80432c79	2627	newFrag = CreateFragment(&fragOffset, end, data, msg->msg,
wolfSSL	4:1b0d80432c79	2628	&bytesLeft, heap);
wolfSSL	4:1b0d80432c79	2629	if (newFrag == NULL)
wolfSSL	4:1b0d80432c79	2630	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2631
wolfSSL	4:1b0d80432c79	2632	msg->fragSz += added;
wolfSSL	4:1b0d80432c79	2633
wolfSSL	4:1b0d80432c79	2634	newFrag->next = cur;
wolfSSL	4:1b0d80432c79	2635	msg->fragList = newFrag;
wolfSSL	4:1b0d80432c79	2636	}
wolfSSL	4:1b0d80432c79	2637
wolfSSL	4:1b0d80432c79	2638	/* while we have bytes left, try to find a gap to fill */
wolfSSL	4:1b0d80432c79	2639	while (bytesLeft > 0) {
wolfSSL	4:1b0d80432c79	2640	/* get previous packet in list */
wolfSSL	4:1b0d80432c79	2641	while (cur && (fragOffset >= cur->begin)) {
wolfSSL	4:1b0d80432c79	2642	prev = cur;
wolfSSL	4:1b0d80432c79	2643	cur = cur->next;
wolfSSL	4:1b0d80432c79	2644	}
wolfSSL	4:1b0d80432c79	2645
wolfSSL	4:1b0d80432c79	2646	/* don't add duplicate data */
wolfSSL	4:1b0d80432c79	2647	if (prev->end >= fragOffset) {
wolfSSL	4:1b0d80432c79	2648	if ( (fragOffset + bytesLeft - 1) <= prev->end)
wolfSSL	4:1b0d80432c79	2649	return 0;
wolfSSL	4:1b0d80432c79	2650	fragOffset = prev->end + 1;
wolfSSL	4:1b0d80432c79	2651	bytesLeft = startOffset + fragSz - fragOffset;
wolfSSL	4:1b0d80432c79	2652	}
wolfSSL	4:1b0d80432c79	2653
wolfSSL	4:1b0d80432c79	2654	if (cur == NULL)
wolfSSL	4:1b0d80432c79	2655	/* we're at the end */
wolfSSL	4:1b0d80432c79	2656	added = bytesLeft;
wolfSSL	4:1b0d80432c79	2657	else
wolfSSL	4:1b0d80432c79	2658	/* we're in between two frames */
wolfSSL	4:1b0d80432c79	2659	added = min(bytesLeft, cur->begin - fragOffset);
wolfSSL	4:1b0d80432c79	2660
wolfSSL	4:1b0d80432c79	2661	/* data already there */
wolfSSL	4:1b0d80432c79	2662	if (added == 0)
wolfSSL	4:1b0d80432c79	2663	continue;
wolfSSL	4:1b0d80432c79	2664
wolfSSL	4:1b0d80432c79	2665	newFrag = CreateFragment(&fragOffset, fragOffset + added - 1,
wolfSSL	4:1b0d80432c79	2666	data + fragOffset - startOffset,
wolfSSL	4:1b0d80432c79	2667	msg->msg, &bytesLeft, heap);
wolfSSL	4:1b0d80432c79	2668	if (newFrag == NULL)
wolfSSL	4:1b0d80432c79	2669	return MEMORY_E;
wolfSSL	4:1b0d80432c79	2670
wolfSSL	4:1b0d80432c79	2671	msg->fragSz += added;
wolfSSL	4:1b0d80432c79	2672
wolfSSL	4:1b0d80432c79	2673	newFrag->next = prev->next;
wolfSSL	4:1b0d80432c79	2674	prev->next = newFrag;
wolfSSL	4:1b0d80432c79	2675	}
wolfSSL	4:1b0d80432c79	2676	}
wolfSSL	4:1b0d80432c79	2677
wolfSSL	4:1b0d80432c79	2678	return 0;
wolfSSL	4:1b0d80432c79	2679	}
wolfSSL	4:1b0d80432c79	2680
wolfSSL	4:1b0d80432c79	2681
wolfSSL	4:1b0d80432c79	2682	DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL	4:1b0d80432c79	2683	{
wolfSSL	4:1b0d80432c79	2684	while (head != NULL && head->seq != seq) {
wolfSSL	4:1b0d80432c79	2685	head = head->next;
wolfSSL	4:1b0d80432c79	2686	}
wolfSSL	4:1b0d80432c79	2687	return head;
wolfSSL	4:1b0d80432c79	2688	}
wolfSSL	4:1b0d80432c79	2689
wolfSSL	4:1b0d80432c79	2690
wolfSSL	4:1b0d80432c79	2691	DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
wolfSSL	4:1b0d80432c79	2692	word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL	4:1b0d80432c79	2693	{
wolfSSL	4:1b0d80432c79	2694
wolfSSL	4:1b0d80432c79	2695	/* See if seq exists in the list. If it isn't in the list, make
wolfSSL	4:1b0d80432c79	2696	* a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL	4:1b0d80432c79	2697	* starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL	4:1b0d80432c79	2698	* the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL	4:1b0d80432c79	2699	* data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL	4:1b0d80432c79	2700	* msg->fragSz. Insertions take into account data already in the list
wolfSSL	4:1b0d80432c79	2701	* in case there are overlaps in the handshake message due to retransmit
wolfSSL	4:1b0d80432c79	2702	* messages. The new item should be inserted into the list in its
wolfSSL	4:1b0d80432c79	2703	* proper position.
wolfSSL	4:1b0d80432c79	2704	*
wolfSSL	4:1b0d80432c79	2705	* 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL	4:1b0d80432c79	2706	* list, create new item and insert into list. Either case, keep
wolfSSL	4:1b0d80432c79	2707	* pointer to item.
wolfSSL	4:1b0d80432c79	2708	* 2. Copy the data from the message to the stored message where it
wolfSSL	4:1b0d80432c79	2709	* belongs without overlaps.
wolfSSL	4:1b0d80432c79	2710	*/
wolfSSL	4:1b0d80432c79	2711
wolfSSL	4:1b0d80432c79	2712	if (head != NULL) {
wolfSSL	4:1b0d80432c79	2713	DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL	4:1b0d80432c79	2714	if (cur == NULL) {
wolfSSL	4:1b0d80432c79	2715	cur = DtlsMsgNew(dataSz, heap);
wolfSSL	4:1b0d80432c79	2716	if (cur != NULL) {
wolfSSL	4:1b0d80432c79	2717	if (DtlsMsgSet(cur, seq, data, type,
wolfSSL	4:1b0d80432c79	2718	fragOffset, fragSz, heap) < 0) {
wolfSSL	4:1b0d80432c79	2719	DtlsMsgDelete(cur, heap);
wolfSSL	4:1b0d80432c79	2720	return head;
wolfSSL	4:1b0d80432c79	2721	}
wolfSSL	4:1b0d80432c79	2722	head = DtlsMsgInsert(head, cur);
wolfSSL	4:1b0d80432c79	2723	}
wolfSSL	4:1b0d80432c79	2724	}
wolfSSL	4:1b0d80432c79	2725	else {
wolfSSL	4:1b0d80432c79	2726	/* If this fails, the data is just dropped. */
wolfSSL	4:1b0d80432c79	2727	DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
wolfSSL	4:1b0d80432c79	2728	}
wolfSSL	4:1b0d80432c79	2729	}
wolfSSL	4:1b0d80432c79	2730	else {
wolfSSL	4:1b0d80432c79	2731	head = DtlsMsgNew(dataSz, heap);
wolfSSL	4:1b0d80432c79	2732	if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
wolfSSL	4:1b0d80432c79	2733	DtlsMsgDelete(head, heap);
wolfSSL	4:1b0d80432c79	2734	return NULL;
wolfSSL	4:1b0d80432c79	2735	}
wolfSSL	4:1b0d80432c79	2736	}
wolfSSL	4:1b0d80432c79	2737
wolfSSL	4:1b0d80432c79	2738	return head;
wolfSSL	4:1b0d80432c79	2739	}
wolfSSL	4:1b0d80432c79	2740
wolfSSL	4:1b0d80432c79	2741
wolfSSL	4:1b0d80432c79	2742	/* DtlsMsgInsert() is an in-order insert. */
wolfSSL	4:1b0d80432c79	2743	DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL	4:1b0d80432c79	2744	{
wolfSSL	4:1b0d80432c79	2745	if (head == NULL \|\| item->seq < head->seq) {
wolfSSL	4:1b0d80432c79	2746	item->next = head;
wolfSSL	4:1b0d80432c79	2747	head = item;
wolfSSL	4:1b0d80432c79	2748	}
wolfSSL	4:1b0d80432c79	2749	else if (head->next == NULL) {
wolfSSL	4:1b0d80432c79	2750	head->next = item;
wolfSSL	4:1b0d80432c79	2751	}
wolfSSL	4:1b0d80432c79	2752	else {
wolfSSL	4:1b0d80432c79	2753	DtlsMsg* cur = head->next;
wolfSSL	4:1b0d80432c79	2754	DtlsMsg* prev = head;
wolfSSL	4:1b0d80432c79	2755	while (cur) {
wolfSSL	4:1b0d80432c79	2756	if (item->seq < cur->seq) {
wolfSSL	4:1b0d80432c79	2757	item->next = cur;
wolfSSL	4:1b0d80432c79	2758	prev->next = item;
wolfSSL	4:1b0d80432c79	2759	break;
wolfSSL	4:1b0d80432c79	2760	}
wolfSSL	4:1b0d80432c79	2761	prev = cur;
wolfSSL	4:1b0d80432c79	2762	cur = cur->next;
wolfSSL	4:1b0d80432c79	2763	}
wolfSSL	4:1b0d80432c79	2764	if (cur == NULL) {
wolfSSL	4:1b0d80432c79	2765	prev->next = item;
wolfSSL	4:1b0d80432c79	2766	}
wolfSSL	4:1b0d80432c79	2767	}
wolfSSL	4:1b0d80432c79	2768
wolfSSL	4:1b0d80432c79	2769	return head;
wolfSSL	4:1b0d80432c79	2770	}
wolfSSL	4:1b0d80432c79	2771
wolfSSL	4:1b0d80432c79	2772	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	2773
wolfSSL	4:1b0d80432c79	2774	#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL	4:1b0d80432c79	2775
wolfSSL	4:1b0d80432c79	2776	ProtocolVersion MakeSSLv3(void)
wolfSSL	4:1b0d80432c79	2777	{
wolfSSL	4:1b0d80432c79	2778	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	2779	pv.major = SSLv3_MAJOR;
wolfSSL	4:1b0d80432c79	2780	pv.minor = SSLv3_MINOR;
wolfSSL	4:1b0d80432c79	2781
wolfSSL	4:1b0d80432c79	2782	return pv;
wolfSSL	4:1b0d80432c79	2783	}
wolfSSL	4:1b0d80432c79	2784
wolfSSL	4:1b0d80432c79	2785	#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	2786
wolfSSL	4:1b0d80432c79	2787
wolfSSL	4:1b0d80432c79	2788	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	2789
wolfSSL	4:1b0d80432c79	2790	ProtocolVersion MakeDTLSv1(void)
wolfSSL	4:1b0d80432c79	2791	{
wolfSSL	4:1b0d80432c79	2792	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	2793	pv.major = DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	2794	pv.minor = DTLS_MINOR;
wolfSSL	4:1b0d80432c79	2795
wolfSSL	4:1b0d80432c79	2796	return pv;
wolfSSL	4:1b0d80432c79	2797	}
wolfSSL	4:1b0d80432c79	2798
wolfSSL	4:1b0d80432c79	2799	ProtocolVersion MakeDTLSv1_2(void)
wolfSSL	4:1b0d80432c79	2800	{
wolfSSL	4:1b0d80432c79	2801	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	2802	pv.major = DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	2803	pv.minor = DTLSv1_2_MINOR;
wolfSSL	4:1b0d80432c79	2804
wolfSSL	4:1b0d80432c79	2805	return pv;
wolfSSL	4:1b0d80432c79	2806	}
wolfSSL	4:1b0d80432c79	2807
wolfSSL	4:1b0d80432c79	2808	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	2809
wolfSSL	4:1b0d80432c79	2810
wolfSSL	4:1b0d80432c79	2811
wolfSSL	4:1b0d80432c79	2812
wolfSSL	4:1b0d80432c79	2813	#ifdef USE_WINDOWS_API
wolfSSL	4:1b0d80432c79	2814
wolfSSL	4:1b0d80432c79	2815	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2816	{
wolfSSL	4:1b0d80432c79	2817	static int init = 0;
wolfSSL	4:1b0d80432c79	2818	static LARGE_INTEGER freq;
wolfSSL	4:1b0d80432c79	2819	LARGE_INTEGER count;
wolfSSL	4:1b0d80432c79	2820
wolfSSL	4:1b0d80432c79	2821	if (!init) {
wolfSSL	4:1b0d80432c79	2822	QueryPerformanceFrequency(&freq);
wolfSSL	4:1b0d80432c79	2823	init = 1;
wolfSSL	4:1b0d80432c79	2824	}
wolfSSL	4:1b0d80432c79	2825
wolfSSL	4:1b0d80432c79	2826	QueryPerformanceCounter(&count);
wolfSSL	4:1b0d80432c79	2827
wolfSSL	4:1b0d80432c79	2828	return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL	4:1b0d80432c79	2829	}
wolfSSL	4:1b0d80432c79	2830
wolfSSL	4:1b0d80432c79	2831	#elif defined(HAVE_RTP_SYS)
wolfSSL	4:1b0d80432c79	2832
wolfSSL	4:1b0d80432c79	2833	#include "rtptime.h"
wolfSSL	4:1b0d80432c79	2834
wolfSSL	4:1b0d80432c79	2835	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2836	{
wolfSSL	4:1b0d80432c79	2837	return (word32)rtp_get_system_sec();
wolfSSL	4:1b0d80432c79	2838	}
wolfSSL	4:1b0d80432c79	2839
wolfSSL	4:1b0d80432c79	2840
wolfSSL	4:1b0d80432c79	2841	#elif defined(MICRIUM)
wolfSSL	4:1b0d80432c79	2842
wolfSSL	4:1b0d80432c79	2843	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2844	{
wolfSSL	4:1b0d80432c79	2845	NET_SECURE_OS_TICK clk = 0;
wolfSSL	4:1b0d80432c79	2846
wolfSSL	4:1b0d80432c79	2847	#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL	4:1b0d80432c79	2848	clk = NetSecure_OS_TimeGet();
wolfSSL	4:1b0d80432c79	2849	#endif
wolfSSL	4:1b0d80432c79	2850	return (word32)clk;
wolfSSL	4:1b0d80432c79	2851	}
wolfSSL	4:1b0d80432c79	2852
wolfSSL	4:1b0d80432c79	2853
wolfSSL	4:1b0d80432c79	2854	#elif defined(MICROCHIP_TCPIP_V5)
wolfSSL	4:1b0d80432c79	2855
wolfSSL	4:1b0d80432c79	2856	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2857	{
wolfSSL	4:1b0d80432c79	2858	return (word32) (TickGet() / TICKS_PER_SECOND);
wolfSSL	4:1b0d80432c79	2859	}
wolfSSL	4:1b0d80432c79	2860
wolfSSL	4:1b0d80432c79	2861
wolfSSL	4:1b0d80432c79	2862	#elif defined(MICROCHIP_TCPIP)
wolfSSL	4:1b0d80432c79	2863
wolfSSL	4:1b0d80432c79	2864	#if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL	4:1b0d80432c79	2865
wolfSSL	4:1b0d80432c79	2866	#include <system/tmr/sys_tmr.h>
wolfSSL	4:1b0d80432c79	2867
wolfSSL	4:1b0d80432c79	2868	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2869	{
wolfSSL	4:1b0d80432c79	2870	return (word32) (SYS_TMR_TickCountGet() /
wolfSSL	4:1b0d80432c79	2871	SYS_TMR_TickCounterFrequencyGet());
wolfSSL	4:1b0d80432c79	2872	}
wolfSSL	4:1b0d80432c79	2873
wolfSSL	4:1b0d80432c79	2874	#else
wolfSSL	4:1b0d80432c79	2875
wolfSSL	4:1b0d80432c79	2876	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2877	{
wolfSSL	4:1b0d80432c79	2878	return (word32) (SYS_TICK_Get() / SYS_TICK_TicksPerSecondGet());
wolfSSL	4:1b0d80432c79	2879	}
wolfSSL	4:1b0d80432c79	2880
wolfSSL	4:1b0d80432c79	2881	#endif
wolfSSL	4:1b0d80432c79	2882
wolfSSL	4:1b0d80432c79	2883	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	4:1b0d80432c79	2884
wolfSSL	4:1b0d80432c79	2885	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2886	{
wolfSSL	4:1b0d80432c79	2887	TIME_STRUCT mqxTime;
wolfSSL	4:1b0d80432c79	2888
wolfSSL	4:1b0d80432c79	2889	_time_get_elapsed(&mqxTime);
wolfSSL	4:1b0d80432c79	2890
wolfSSL	4:1b0d80432c79	2891	return (word32) mqxTime.SECONDS;
wolfSSL	4:1b0d80432c79	2892	}
wolfSSL	4:1b0d80432c79	2893
wolfSSL	4:1b0d80432c79	2894	#elif defined(FREESCALE_KSDK_BM) \|\| defined(FREESCALE_FREE_RTOS)
wolfSSL	4:1b0d80432c79	2895
wolfSSL	4:1b0d80432c79	2896	#include "fsl_pit_driver.h"
wolfSSL	4:1b0d80432c79	2897
wolfSSL	4:1b0d80432c79	2898	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2899	{
wolfSSL	4:1b0d80432c79	2900	return PIT_DRV_GetUs();
wolfSSL	4:1b0d80432c79	2901	}
wolfSSL	4:1b0d80432c79	2902
wolfSSL	4:1b0d80432c79	2903	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	4:1b0d80432c79	2904
wolfSSL	4:1b0d80432c79	2905	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2906	{
wolfSSL	4:1b0d80432c79	2907	return (word32) Seconds_get();
wolfSSL	4:1b0d80432c79	2908	}
wolfSSL	4:1b0d80432c79	2909
wolfSSL	4:1b0d80432c79	2910	#elif defined(USER_TICKS)
wolfSSL	4:1b0d80432c79	2911	#if 0
wolfSSL	4:1b0d80432c79	2912	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2913	{
wolfSSL	4:1b0d80432c79	2914	/*
wolfSSL	4:1b0d80432c79	2915	write your own clock tick function if don't want time(0)
wolfSSL	4:1b0d80432c79	2916	needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL	4:1b0d80432c79	2917	*/
wolfSSL	4:1b0d80432c79	2918	}
wolfSSL	4:1b0d80432c79	2919	#endif
wolfSSL	4:1b0d80432c79	2920
wolfSSL	4:1b0d80432c79	2921	#elif defined(TIME_OVERRIDES)
wolfSSL	4:1b0d80432c79	2922
wolfSSL	4:1b0d80432c79	2923	/* use same asn time overrides unless user wants tick override above */
wolfSSL	4:1b0d80432c79	2924
wolfSSL	4:1b0d80432c79	2925	#ifndef HAVE_TIME_T_TYPE
wolfSSL	4:1b0d80432c79	2926	typedef long time_t;
wolfSSL	4:1b0d80432c79	2927	#endif
wolfSSL	4:1b0d80432c79	2928	extern time_t XTIME(time_t * timer);
wolfSSL	4:1b0d80432c79	2929
wolfSSL	4:1b0d80432c79	2930	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2931	{
wolfSSL	4:1b0d80432c79	2932	return (word32) XTIME(0);
wolfSSL	4:1b0d80432c79	2933	}
wolfSSL	4:1b0d80432c79	2934
wolfSSL	4:1b0d80432c79	2935	#else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */
wolfSSL	4:1b0d80432c79	2936
wolfSSL	4:1b0d80432c79	2937	#include <time.h>
wolfSSL	4:1b0d80432c79	2938
wolfSSL	4:1b0d80432c79	2939	word32 LowResTimer(void)
wolfSSL	4:1b0d80432c79	2940	{
wolfSSL	4:1b0d80432c79	2941	return (word32)time(0);
wolfSSL	4:1b0d80432c79	2942	}
wolfSSL	4:1b0d80432c79	2943
wolfSSL	4:1b0d80432c79	2944
wolfSSL	4:1b0d80432c79	2945	#endif /* USE_WINDOWS_API */
wolfSSL	4:1b0d80432c79	2946
wolfSSL	4:1b0d80432c79	2947
wolfSSL	4:1b0d80432c79	2948	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	2949	static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wolfSSL	4:1b0d80432c79	2950	{
wolfSSL	4:1b0d80432c79	2951	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	2952	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	2953	ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	2954	#endif
wolfSSL	4:1b0d80432c79	2955	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	2956	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	2957	wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
wolfSSL	4:1b0d80432c79	2958	#endif
wolfSSL	4:1b0d80432c79	2959	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	2960	wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
wolfSSL	4:1b0d80432c79	2961	#endif
wolfSSL	4:1b0d80432c79	2962	#endif
wolfSSL	4:1b0d80432c79	2963
wolfSSL	4:1b0d80432c79	2964	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	2965	int ret;
wolfSSL	4:1b0d80432c79	2966
wolfSSL	4:1b0d80432c79	2967	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	2968	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
wolfSSL	4:1b0d80432c79	2969	if (ret != 0)
wolfSSL	4:1b0d80432c79	2970	return ret;
wolfSSL	4:1b0d80432c79	2971	#endif
wolfSSL	4:1b0d80432c79	2972	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	2973	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
wolfSSL	4:1b0d80432c79	2974	if (ret != 0)
wolfSSL	4:1b0d80432c79	2975	return ret;
wolfSSL	4:1b0d80432c79	2976	#endif
wolfSSL	4:1b0d80432c79	2977	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	2978	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
wolfSSL	4:1b0d80432c79	2979	if (ret != 0)
wolfSSL	4:1b0d80432c79	2980	return ret;
wolfSSL	4:1b0d80432c79	2981	#endif
wolfSSL	4:1b0d80432c79	2982	}
wolfSSL	4:1b0d80432c79	2983
wolfSSL	4:1b0d80432c79	2984	return 0;
wolfSSL	4:1b0d80432c79	2985	}
wolfSSL	4:1b0d80432c79	2986	#endif /* NO_CERTS */
wolfSSL	4:1b0d80432c79	2987
wolfSSL	4:1b0d80432c79	2988
wolfSSL	4:1b0d80432c79	2989	/* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL	4:1b0d80432c79	2990	static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL	4:1b0d80432c79	2991	{
wolfSSL	4:1b0d80432c79	2992	const byte* adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL	4:1b0d80432c79	2993	sz -= RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	2994
wolfSSL	4:1b0d80432c79	2995	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	2996	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	2997	ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	2998	#endif
wolfSSL	4:1b0d80432c79	2999	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3000	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3001	adj += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	3002	sz -= DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	3003	}
wolfSSL	4:1b0d80432c79	3004	#endif
wolfSSL	4:1b0d80432c79	3005	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	3006	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	3007	wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL	4:1b0d80432c79	3008	#endif
wolfSSL	4:1b0d80432c79	3009	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	3010	wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL	4:1b0d80432c79	3011	#endif
wolfSSL	4:1b0d80432c79	3012	#endif
wolfSSL	4:1b0d80432c79	3013
wolfSSL	4:1b0d80432c79	3014	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	3015	int ret;
wolfSSL	4:1b0d80432c79	3016
wolfSSL	4:1b0d80432c79	3017	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	3018	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL	4:1b0d80432c79	3019	if (ret != 0)
wolfSSL	4:1b0d80432c79	3020	return ret;
wolfSSL	4:1b0d80432c79	3021	#endif
wolfSSL	4:1b0d80432c79	3022	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3023	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL	4:1b0d80432c79	3024	if (ret != 0)
wolfSSL	4:1b0d80432c79	3025	return ret;
wolfSSL	4:1b0d80432c79	3026	#endif
wolfSSL	4:1b0d80432c79	3027	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	3028	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL	4:1b0d80432c79	3029	if (ret != 0)
wolfSSL	4:1b0d80432c79	3030	return ret;
wolfSSL	4:1b0d80432c79	3031	#endif
wolfSSL	4:1b0d80432c79	3032	}
wolfSSL	4:1b0d80432c79	3033
wolfSSL	4:1b0d80432c79	3034	return 0;
wolfSSL	4:1b0d80432c79	3035	}
wolfSSL	4:1b0d80432c79	3036
wolfSSL	4:1b0d80432c79	3037
wolfSSL	4:1b0d80432c79	3038	/* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL	4:1b0d80432c79	3039	static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
wolfSSL	4:1b0d80432c79	3040	{
wolfSSL	4:1b0d80432c79	3041	const byte* adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3042	sz += HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3043
wolfSSL	4:1b0d80432c79	3044	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3045	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3046	adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	3047	sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	3048	}
wolfSSL	4:1b0d80432c79	3049	#endif
wolfSSL	4:1b0d80432c79	3050
wolfSSL	4:1b0d80432c79	3051	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	3052	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	3053	wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL	4:1b0d80432c79	3054	#endif
wolfSSL	4:1b0d80432c79	3055	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	3056	wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL	4:1b0d80432c79	3057	#endif
wolfSSL	4:1b0d80432c79	3058	#endif
wolfSSL	4:1b0d80432c79	3059
wolfSSL	4:1b0d80432c79	3060	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	3061	int ret;
wolfSSL	4:1b0d80432c79	3062
wolfSSL	4:1b0d80432c79	3063	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	3064	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL	4:1b0d80432c79	3065	if (ret != 0)
wolfSSL	4:1b0d80432c79	3066	return ret;
wolfSSL	4:1b0d80432c79	3067	#endif
wolfSSL	4:1b0d80432c79	3068	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3069	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL	4:1b0d80432c79	3070	if (ret != 0)
wolfSSL	4:1b0d80432c79	3071	return ret;
wolfSSL	4:1b0d80432c79	3072	#endif
wolfSSL	4:1b0d80432c79	3073	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	3074	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL	4:1b0d80432c79	3075	if (ret != 0)
wolfSSL	4:1b0d80432c79	3076	return ret;
wolfSSL	4:1b0d80432c79	3077	#endif
wolfSSL	4:1b0d80432c79	3078	}
wolfSSL	4:1b0d80432c79	3079
wolfSSL	4:1b0d80432c79	3080	return 0;
wolfSSL	4:1b0d80432c79	3081	}
wolfSSL	4:1b0d80432c79	3082
wolfSSL	4:1b0d80432c79	3083
wolfSSL	4:1b0d80432c79	3084	/* add record layer header for message */
wolfSSL	4:1b0d80432c79	3085	static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3086	{
wolfSSL	4:1b0d80432c79	3087	RecordLayerHeader* rl;
wolfSSL	4:1b0d80432c79	3088
wolfSSL	4:1b0d80432c79	3089	/* record layer header */
wolfSSL	4:1b0d80432c79	3090	rl = (RecordLayerHeader*)output;
wolfSSL	4:1b0d80432c79	3091	rl->type = type;
wolfSSL	4:1b0d80432c79	3092	rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL	4:1b0d80432c79	3093	rl->pvMinor = ssl->version.minor;
wolfSSL	4:1b0d80432c79	3094
wolfSSL	4:1b0d80432c79	3095	#ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
wolfSSL	4:1b0d80432c79	3096	if (ssl->options.side == WOLFSSL_CLIENT_END
wolfSSL	4:1b0d80432c79	3097	&& ssl->options.connectState == CONNECT_BEGIN
wolfSSL	4:1b0d80432c79	3098	&& !ssl->options.resuming)
wolfSSL	4:1b0d80432c79	3099	rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
wolfSSL	4:1b0d80432c79	3100	: ssl->version.minor;
wolfSSL	4:1b0d80432c79	3101	#endif
wolfSSL	4:1b0d80432c79	3102
wolfSSL	4:1b0d80432c79	3103	if (!ssl->options.dtls)
wolfSSL	4:1b0d80432c79	3104	c16toa((word16)length, rl->length);
wolfSSL	4:1b0d80432c79	3105	else {
wolfSSL	4:1b0d80432c79	3106	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3107	DtlsRecordLayerHeader* dtls;
wolfSSL	4:1b0d80432c79	3108
wolfSSL	4:1b0d80432c79	3109	/* dtls record layer header extensions */
wolfSSL	4:1b0d80432c79	3110	dtls = (DtlsRecordLayerHeader*)output;
wolfSSL	4:1b0d80432c79	3111	c16toa(ssl->keys.dtls_epoch, dtls->epoch);
wolfSSL	4:1b0d80432c79	3112	c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
wolfSSL	4:1b0d80432c79	3113	c16toa((word16)length, dtls->length);
wolfSSL	4:1b0d80432c79	3114	#endif
wolfSSL	4:1b0d80432c79	3115	}
wolfSSL	4:1b0d80432c79	3116	}
wolfSSL	4:1b0d80432c79	3117
wolfSSL	4:1b0d80432c79	3118
wolfSSL	4:1b0d80432c79	3119	/* add handshake header for message */
wolfSSL	4:1b0d80432c79	3120	static void AddHandShakeHeader(byte* output, word32 length,
wolfSSL	4:1b0d80432c79	3121	word32 fragOffset, word32 fragLength,
wolfSSL	4:1b0d80432c79	3122	byte type, WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3123	{
wolfSSL	4:1b0d80432c79	3124	HandShakeHeader* hs;
wolfSSL	4:1b0d80432c79	3125	(void)fragOffset;
wolfSSL	4:1b0d80432c79	3126	(void)fragLength;
wolfSSL	4:1b0d80432c79	3127	(void)ssl;
wolfSSL	4:1b0d80432c79	3128
wolfSSL	4:1b0d80432c79	3129	/* handshake header */
wolfSSL	4:1b0d80432c79	3130	hs = (HandShakeHeader*)output;
wolfSSL	4:1b0d80432c79	3131	hs->type = type;
wolfSSL	4:1b0d80432c79	3132	c32to24(length, hs->length); /* type and length same for each */
wolfSSL	4:1b0d80432c79	3133	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3134	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3135	DtlsHandShakeHeader* dtls;
wolfSSL	4:1b0d80432c79	3136
wolfSSL	4:1b0d80432c79	3137	/* dtls handshake header extensions */
wolfSSL	4:1b0d80432c79	3138	dtls = (DtlsHandShakeHeader*)output;
wolfSSL	4:1b0d80432c79	3139	c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL	4:1b0d80432c79	3140	c32to24(fragOffset, dtls->fragment_offset);
wolfSSL	4:1b0d80432c79	3141	c32to24(fragLength, dtls->fragment_length);
wolfSSL	4:1b0d80432c79	3142	}
wolfSSL	4:1b0d80432c79	3143	#endif
wolfSSL	4:1b0d80432c79	3144	}
wolfSSL	4:1b0d80432c79	3145
wolfSSL	4:1b0d80432c79	3146
wolfSSL	4:1b0d80432c79	3147	/* add both headers for handshake message */
wolfSSL	4:1b0d80432c79	3148	static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3149	{
wolfSSL	4:1b0d80432c79	3150	word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3151	word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3152
wolfSSL	4:1b0d80432c79	3153	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3154	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3155	lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	3156	outputAdj += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	3157	}
wolfSSL	4:1b0d80432c79	3158	#endif
wolfSSL	4:1b0d80432c79	3159
wolfSSL	4:1b0d80432c79	3160	AddRecordHeader(output, length + lengthAdj, handshake, ssl);
wolfSSL	4:1b0d80432c79	3161	AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
wolfSSL	4:1b0d80432c79	3162	}
wolfSSL	4:1b0d80432c79	3163
wolfSSL	4:1b0d80432c79	3164
wolfSSL	4:1b0d80432c79	3165	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	3166	static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
wolfSSL	4:1b0d80432c79	3167	word32 length, byte type, WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3168	{
wolfSSL	4:1b0d80432c79	3169	word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3170	word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3171	(void)fragSz;
wolfSSL	4:1b0d80432c79	3172
wolfSSL	4:1b0d80432c79	3173	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3174	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3175	lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	3176	outputAdj += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	3177	}
wolfSSL	4:1b0d80432c79	3178	#endif
wolfSSL	4:1b0d80432c79	3179
wolfSSL	4:1b0d80432c79	3180	AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
wolfSSL	4:1b0d80432c79	3181	AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
wolfSSL	4:1b0d80432c79	3182	}
wolfSSL	4:1b0d80432c79	3183	#endif /* NO_CERTS */
wolfSSL	4:1b0d80432c79	3184
wolfSSL	4:1b0d80432c79	3185
wolfSSL	4:1b0d80432c79	3186	/* return bytes received, -1 on error */
wolfSSL	4:1b0d80432c79	3187	static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	4:1b0d80432c79	3188	{
wolfSSL	4:1b0d80432c79	3189	int recvd;
wolfSSL	4:1b0d80432c79	3190
wolfSSL	4:1b0d80432c79	3191	if (ssl->ctx->CBIORecv == NULL) {
wolfSSL	4:1b0d80432c79	3192	WOLFSSL_MSG("Your IO Recv callback is null, please set");
wolfSSL	4:1b0d80432c79	3193	return -1;
wolfSSL	4:1b0d80432c79	3194	}
wolfSSL	4:1b0d80432c79	3195
wolfSSL	4:1b0d80432c79	3196	retry:
wolfSSL	4:1b0d80432c79	3197	recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL	4:1b0d80432c79	3198	if (recvd < 0)
wolfSSL	4:1b0d80432c79	3199	switch (recvd) {
wolfSSL	4:1b0d80432c79	3200	case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL	4:1b0d80432c79	3201	return -1;
wolfSSL	4:1b0d80432c79	3202
wolfSSL	4:1b0d80432c79	3203	case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL	4:1b0d80432c79	3204	return WANT_READ;
wolfSSL	4:1b0d80432c79	3205
wolfSSL	4:1b0d80432c79	3206	case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	4:1b0d80432c79	3207	#ifdef USE_WINDOWS_API
wolfSSL	4:1b0d80432c79	3208	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3209	goto retry;
wolfSSL	4:1b0d80432c79	3210	}
wolfSSL	4:1b0d80432c79	3211	#endif
wolfSSL	4:1b0d80432c79	3212	ssl->options.connReset = 1;
wolfSSL	4:1b0d80432c79	3213	return -1;
wolfSSL	4:1b0d80432c79	3214
wolfSSL	4:1b0d80432c79	3215	case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	4:1b0d80432c79	3216	/* see if we got our timeout */
wolfSSL	4:1b0d80432c79	3217	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	3218	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	3219	struct itimerval timeout;
wolfSSL	4:1b0d80432c79	3220	getitimer(ITIMER_REAL, &timeout);
wolfSSL	4:1b0d80432c79	3221	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	4:1b0d80432c79	3222	timeout.it_value.tv_usec == 0) {
wolfSSL	4:1b0d80432c79	3223	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	4:1b0d80432c79	3224	"recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	4:1b0d80432c79	3225	WOLFSSL_MSG("Got our timeout");
wolfSSL	4:1b0d80432c79	3226	return WANT_READ;
wolfSSL	4:1b0d80432c79	3227	}
wolfSSL	4:1b0d80432c79	3228	}
wolfSSL	4:1b0d80432c79	3229	#endif
wolfSSL	4:1b0d80432c79	3230	goto retry;
wolfSSL	4:1b0d80432c79	3231
wolfSSL	4:1b0d80432c79	3232	case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL	4:1b0d80432c79	3233	ssl->options.isClosed = 1;
wolfSSL	4:1b0d80432c79	3234	return -1;
wolfSSL	4:1b0d80432c79	3235
wolfSSL	4:1b0d80432c79	3236	case WOLFSSL_CBIO_ERR_TIMEOUT:
wolfSSL	4:1b0d80432c79	3237	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3238	if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
wolfSSL	4:1b0d80432c79	3239	goto retry;
wolfSSL	4:1b0d80432c79	3240	else
wolfSSL	4:1b0d80432c79	3241	#endif
wolfSSL	4:1b0d80432c79	3242	return -1;
wolfSSL	4:1b0d80432c79	3243
wolfSSL	4:1b0d80432c79	3244	default:
wolfSSL	4:1b0d80432c79	3245	return recvd;
wolfSSL	4:1b0d80432c79	3246	}
wolfSSL	4:1b0d80432c79	3247
wolfSSL	4:1b0d80432c79	3248	return recvd;
wolfSSL	4:1b0d80432c79	3249	}
wolfSSL	4:1b0d80432c79	3250
wolfSSL	4:1b0d80432c79	3251
wolfSSL	4:1b0d80432c79	3252	/* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL	4:1b0d80432c79	3253	void ShrinkOutputBuffer(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3254	{
wolfSSL	4:1b0d80432c79	3255	WOLFSSL_MSG("Shrinking output buffer\n");
wolfSSL	4:1b0d80432c79	3256	XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL	4:1b0d80432c79	3257	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	4:1b0d80432c79	3258	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	4:1b0d80432c79	3259	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	4:1b0d80432c79	3260	ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL	4:1b0d80432c79	3261	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	4:1b0d80432c79	3262	}
wolfSSL	4:1b0d80432c79	3263
wolfSSL	4:1b0d80432c79	3264
wolfSSL	4:1b0d80432c79	3265	/* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL	4:1b0d80432c79	3266	/* forced free means cleaning up */
wolfSSL	4:1b0d80432c79	3267	void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
wolfSSL	4:1b0d80432c79	3268	{
wolfSSL	4:1b0d80432c79	3269	int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL	4:1b0d80432c79	3270	ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	3271	if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL	4:1b0d80432c79	3272	return;
wolfSSL	4:1b0d80432c79	3273
wolfSSL	4:1b0d80432c79	3274	WOLFSSL_MSG("Shrinking input buffer\n");
wolfSSL	4:1b0d80432c79	3275
wolfSSL	4:1b0d80432c79	3276	if (!forcedFree && usedLength)
wolfSSL	4:1b0d80432c79	3277	XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL	4:1b0d80432c79	3278	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	3279	usedLength);
wolfSSL	4:1b0d80432c79	3280
wolfSSL	4:1b0d80432c79	3281	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	4:1b0d80432c79	3282	ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	4:1b0d80432c79	3283	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	4:1b0d80432c79	3284	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	4:1b0d80432c79	3285	ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL	4:1b0d80432c79	3286	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	4:1b0d80432c79	3287	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	3288	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	4:1b0d80432c79	3289	}
wolfSSL	4:1b0d80432c79	3290
wolfSSL	4:1b0d80432c79	3291	int SendBuffered(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	3292	{
wolfSSL	4:1b0d80432c79	3293	if (ssl->ctx->CBIOSend == NULL) {
wolfSSL	4:1b0d80432c79	3294	WOLFSSL_MSG("Your IO Send callback is null, please set");
wolfSSL	4:1b0d80432c79	3295	return SOCKET_ERROR_E;
wolfSSL	4:1b0d80432c79	3296	}
wolfSSL	4:1b0d80432c79	3297
wolfSSL	4:1b0d80432c79	3298	while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	4:1b0d80432c79	3299	int sent = ssl->ctx->CBIOSend(ssl,
wolfSSL	4:1b0d80432c79	3300	(char*)ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	3301	ssl->buffers.outputBuffer.idx,
wolfSSL	4:1b0d80432c79	3302	(int)ssl->buffers.outputBuffer.length,
wolfSSL	4:1b0d80432c79	3303	ssl->IOCB_WriteCtx);
wolfSSL	4:1b0d80432c79	3304	if (sent < 0) {
wolfSSL	4:1b0d80432c79	3305	switch (sent) {
wolfSSL	4:1b0d80432c79	3306
wolfSSL	4:1b0d80432c79	3307	case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL	4:1b0d80432c79	3308	return WANT_WRITE;
wolfSSL	4:1b0d80432c79	3309
wolfSSL	4:1b0d80432c79	3310	case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	4:1b0d80432c79	3311	ssl->options.connReset = 1;
wolfSSL	4:1b0d80432c79	3312	break;
wolfSSL	4:1b0d80432c79	3313
wolfSSL	4:1b0d80432c79	3314	case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	4:1b0d80432c79	3315	/* see if we got our timeout */
wolfSSL	4:1b0d80432c79	3316	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	3317	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	3318	struct itimerval timeout;
wolfSSL	4:1b0d80432c79	3319	getitimer(ITIMER_REAL, &timeout);
wolfSSL	4:1b0d80432c79	3320	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	4:1b0d80432c79	3321	timeout.it_value.tv_usec == 0) {
wolfSSL	4:1b0d80432c79	3322	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	4:1b0d80432c79	3323	"send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	4:1b0d80432c79	3324	WOLFSSL_MSG("Got our timeout");
wolfSSL	4:1b0d80432c79	3325	return WANT_WRITE;
wolfSSL	4:1b0d80432c79	3326	}
wolfSSL	4:1b0d80432c79	3327	}
wolfSSL	4:1b0d80432c79	3328	#endif
wolfSSL	4:1b0d80432c79	3329	continue;
wolfSSL	4:1b0d80432c79	3330
wolfSSL	4:1b0d80432c79	3331	case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL	4:1b0d80432c79	3332	ssl->options.connReset = 1; /* treat same as reset */
wolfSSL	4:1b0d80432c79	3333	break;
wolfSSL	4:1b0d80432c79	3334
wolfSSL	4:1b0d80432c79	3335	default:
wolfSSL	4:1b0d80432c79	3336	return SOCKET_ERROR_E;
wolfSSL	4:1b0d80432c79	3337	}
wolfSSL	4:1b0d80432c79	3338
wolfSSL	4:1b0d80432c79	3339	return SOCKET_ERROR_E;
wolfSSL	4:1b0d80432c79	3340	}
wolfSSL	4:1b0d80432c79	3341
wolfSSL	4:1b0d80432c79	3342	if (sent > (int)ssl->buffers.outputBuffer.length) {
wolfSSL	4:1b0d80432c79	3343	WOLFSSL_MSG("SendBuffered() out of bounds read");
wolfSSL	4:1b0d80432c79	3344	return SEND_OOB_READ_E;
wolfSSL	4:1b0d80432c79	3345	}
wolfSSL	4:1b0d80432c79	3346
wolfSSL	4:1b0d80432c79	3347	ssl->buffers.outputBuffer.idx += sent;
wolfSSL	4:1b0d80432c79	3348	ssl->buffers.outputBuffer.length -= sent;
wolfSSL	4:1b0d80432c79	3349	}
wolfSSL	4:1b0d80432c79	3350
wolfSSL	4:1b0d80432c79	3351	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	3352
wolfSSL	4:1b0d80432c79	3353	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	3354	ShrinkOutputBuffer(ssl);
wolfSSL	4:1b0d80432c79	3355
wolfSSL	4:1b0d80432c79	3356	return 0;
wolfSSL	4:1b0d80432c79	3357	}
wolfSSL	4:1b0d80432c79	3358
wolfSSL	4:1b0d80432c79	3359
wolfSSL	4:1b0d80432c79	3360	/* Grow the output buffer */
wolfSSL	4:1b0d80432c79	3361	static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
wolfSSL	4:1b0d80432c79	3362	{
wolfSSL	4:1b0d80432c79	3363	byte* tmp;
wolfSSL	4:1b0d80432c79	3364	byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL	4:1b0d80432c79	3365	RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3366	byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL	4:1b0d80432c79	3367	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	4:1b0d80432c79	3368	the header, if the user wants encrypted alignment they need
wolfSSL	4:1b0d80432c79	3369	to define their alignment requirement */
wolfSSL	4:1b0d80432c79	3370
wolfSSL	4:1b0d80432c79	3371	if (align) {
wolfSSL	4:1b0d80432c79	3372	while (align < hdrSz)
wolfSSL	4:1b0d80432c79	3373	align *= 2;
wolfSSL	4:1b0d80432c79	3374	}
wolfSSL	4:1b0d80432c79	3375
wolfSSL	4:1b0d80432c79	3376	tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL	4:1b0d80432c79	3377	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	4:1b0d80432c79	3378	WOLFSSL_MSG("growing output buffer\n");
wolfSSL	4:1b0d80432c79	3379
wolfSSL	4:1b0d80432c79	3380	if (!tmp) return MEMORY_E;
wolfSSL	4:1b0d80432c79	3381	if (align)
wolfSSL	4:1b0d80432c79	3382	tmp += align - hdrSz;
wolfSSL	4:1b0d80432c79	3383
wolfSSL	4:1b0d80432c79	3384	if (ssl->buffers.outputBuffer.length)
wolfSSL	4:1b0d80432c79	3385	XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL	4:1b0d80432c79	3386	ssl->buffers.outputBuffer.length);
wolfSSL	4:1b0d80432c79	3387
wolfSSL	4:1b0d80432c79	3388	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	3389	XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL	4:1b0d80432c79	3390	ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL	4:1b0d80432c79	3391	DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	4:1b0d80432c79	3392	ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL	4:1b0d80432c79	3393	if (align)
wolfSSL	4:1b0d80432c79	3394	ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL	4:1b0d80432c79	3395	else
wolfSSL	4:1b0d80432c79	3396	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	4:1b0d80432c79	3397	ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL	4:1b0d80432c79	3398	ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL	4:1b0d80432c79	3399	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	3400	return 0;
wolfSSL	4:1b0d80432c79	3401	}
wolfSSL	4:1b0d80432c79	3402
wolfSSL	4:1b0d80432c79	3403
wolfSSL	4:1b0d80432c79	3404	/* Grow the input buffer, should only be to read cert or big app data */
wolfSSL	4:1b0d80432c79	3405	int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
wolfSSL	4:1b0d80432c79	3406	{
wolfSSL	4:1b0d80432c79	3407	byte* tmp;
wolfSSL	4:1b0d80432c79	3408	byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3409	byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
wolfSSL	4:1b0d80432c79	3410	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	4:1b0d80432c79	3411	the dtls record header, if the user wants encrypted alignment they need
wolfSSL	4:1b0d80432c79	3412	to define their alignment requirement. in tls we read record header
wolfSSL	4:1b0d80432c79	3413	to get size of record and put actual data back at front, so don't need */
wolfSSL	4:1b0d80432c79	3414
wolfSSL	4:1b0d80432c79	3415	if (align) {
wolfSSL	4:1b0d80432c79	3416	while (align < hdrSz)
wolfSSL	4:1b0d80432c79	3417	align *= 2;
wolfSSL	4:1b0d80432c79	3418	}
wolfSSL	4:1b0d80432c79	3419	tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
wolfSSL	4:1b0d80432c79	3420	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	4:1b0d80432c79	3421	WOLFSSL_MSG("growing input buffer\n");
wolfSSL	4:1b0d80432c79	3422
wolfSSL	4:1b0d80432c79	3423	if (!tmp) return MEMORY_E;
wolfSSL	4:1b0d80432c79	3424	if (align)
wolfSSL	4:1b0d80432c79	3425	tmp += align - hdrSz;
wolfSSL	4:1b0d80432c79	3426
wolfSSL	4:1b0d80432c79	3427	if (usedLength)
wolfSSL	4:1b0d80432c79	3428	XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	3429	ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL	4:1b0d80432c79	3430
wolfSSL	4:1b0d80432c79	3431	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	3432	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	4:1b0d80432c79	3433	ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	4:1b0d80432c79	3434
wolfSSL	4:1b0d80432c79	3435	ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL	4:1b0d80432c79	3436	if (align)
wolfSSL	4:1b0d80432c79	3437	ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL	4:1b0d80432c79	3438	else
wolfSSL	4:1b0d80432c79	3439	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	4:1b0d80432c79	3440	ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL	4:1b0d80432c79	3441	ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL	4:1b0d80432c79	3442	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	3443	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	4:1b0d80432c79	3444
wolfSSL	4:1b0d80432c79	3445	return 0;
wolfSSL	4:1b0d80432c79	3446	}
wolfSSL	4:1b0d80432c79	3447
wolfSSL	4:1b0d80432c79	3448
wolfSSL	4:1b0d80432c79	3449	/* check available size into output buffer, make room if needed */
wolfSSL	4:1b0d80432c79	3450	int CheckAvailableSize(WOLFSSL *ssl, int size)
wolfSSL	4:1b0d80432c79	3451	{
wolfSSL	4:1b0d80432c79	3452
wolfSSL	4:1b0d80432c79	3453	if (size < 0) {
wolfSSL	4:1b0d80432c79	3454	WOLFSSL_MSG("CheckAvailableSize() called with negative number");
wolfSSL	4:1b0d80432c79	3455	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	3456	}
wolfSSL	4:1b0d80432c79	3457
wolfSSL	4:1b0d80432c79	3458	if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL	4:1b0d80432c79	3459	< (word32)size) {
wolfSSL	4:1b0d80432c79	3460	if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL	4:1b0d80432c79	3461	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3462	}
wolfSSL	4:1b0d80432c79	3463
wolfSSL	4:1b0d80432c79	3464	return 0;
wolfSSL	4:1b0d80432c79	3465	}
wolfSSL	4:1b0d80432c79	3466
wolfSSL	4:1b0d80432c79	3467
wolfSSL	4:1b0d80432c79	3468	/* do all verify and sanity checks on record header */
wolfSSL	4:1b0d80432c79	3469	static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	3470	RecordLayerHeader* rh, word16 *size)
wolfSSL	4:1b0d80432c79	3471	{
wolfSSL	4:1b0d80432c79	3472	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	3473	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	3474	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	3475	ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
wolfSSL	4:1b0d80432c79	3476	ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	3477	#endif
wolfSSL	4:1b0d80432c79	3478	XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL	4:1b0d80432c79	3479	*inOutIdx += RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3480	ato16(rh->length, size);
wolfSSL	4:1b0d80432c79	3481	}
wolfSSL	4:1b0d80432c79	3482	else {
wolfSSL	4:1b0d80432c79	3483	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3484	/* type and version in same sport */
wolfSSL	4:1b0d80432c79	3485	XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL	4:1b0d80432c79	3486	*inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL	4:1b0d80432c79	3487	ato16(input + *inOutIdx, &ssl->keys.dtls_state.curEpoch);
wolfSSL	4:1b0d80432c79	3488	inOutIdx += 4; / advance past epoch, skip first 2 seq bytes for now */
wolfSSL	4:1b0d80432c79	3489	ato32(input + *inOutIdx, &ssl->keys.dtls_state.curSeq);
wolfSSL	4:1b0d80432c79	3490	inOutIdx += 4; / advance past rest of seq */
wolfSSL	4:1b0d80432c79	3491	ato16(input + *inOutIdx, size);
wolfSSL	4:1b0d80432c79	3492	*inOutIdx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	3493	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	3494	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	3495	ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN -
wolfSSL	4:1b0d80432c79	3496	VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ,
wolfSSL	4:1b0d80432c79	3497	FUZZ_HEAD, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	3498	#endif
wolfSSL	4:1b0d80432c79	3499	#endif
wolfSSL	4:1b0d80432c79	3500	}
wolfSSL	4:1b0d80432c79	3501
wolfSSL	4:1b0d80432c79	3502	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3503	if (ssl->options.dtls &&
wolfSSL	4:1b0d80432c79	3504	(!DtlsCheckWindow(&ssl->keys.dtls_state) \|\|
wolfSSL	4:1b0d80432c79	3505	(ssl->options.handShakeDone && ssl->keys.dtls_state.curEpoch == 0))) {
wolfSSL	4:1b0d80432c79	3506	return SEQUENCE_ERROR;
wolfSSL	4:1b0d80432c79	3507	}
wolfSSL	4:1b0d80432c79	3508	#endif
wolfSSL	4:1b0d80432c79	3509
wolfSSL	4:1b0d80432c79	3510	/* catch version mismatch */
wolfSSL	4:1b0d80432c79	3511	if (rh->pvMajor != ssl->version.major \|\| rh->pvMinor != ssl->version.minor){
wolfSSL	4:1b0d80432c79	3512	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	4:1b0d80432c79	3513	ssl->options.acceptState < ACCEPT_FIRST_REPLY_DONE)
wolfSSL	4:1b0d80432c79	3514
wolfSSL	4:1b0d80432c79	3515	WOLFSSL_MSG("Client attempting to connect with different version");
wolfSSL	4:1b0d80432c79	3516	else if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL	4:1b0d80432c79	3517	ssl->options.downgrade &&
wolfSSL	4:1b0d80432c79	3518	ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL	4:1b0d80432c79	3519	WOLFSSL_MSG("Server attempting to accept with different version");
wolfSSL	4:1b0d80432c79	3520	else if (ssl->options.dtls
wolfSSL	4:1b0d80432c79	3521	&& (ssl->options.acceptState == ACCEPT_BEGIN
wolfSSL	4:1b0d80432c79	3522	\|\| ssl->options.acceptState == CLIENT_HELLO_SENT))
wolfSSL	4:1b0d80432c79	3523	/* Do not check version until Server Hello or Hello Again (2) */
wolfSSL	4:1b0d80432c79	3524	WOLFSSL_MSG("Use version for formatting only in DTLS till ");
wolfSSL	4:1b0d80432c79	3525	else {
wolfSSL	4:1b0d80432c79	3526	WOLFSSL_MSG("SSL version error");
wolfSSL	4:1b0d80432c79	3527	return VERSION_ERROR; /* only use requested version */
wolfSSL	4:1b0d80432c79	3528	}
wolfSSL	4:1b0d80432c79	3529	}
wolfSSL	4:1b0d80432c79	3530
wolfSSL	4:1b0d80432c79	3531	/* record layer length check */
wolfSSL	4:1b0d80432c79	3532	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	3533	if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
wolfSSL	4:1b0d80432c79	3534	SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL	4:1b0d80432c79	3535	return LENGTH_ERROR;
wolfSSL	4:1b0d80432c79	3536	}
wolfSSL	4:1b0d80432c79	3537	#else
wolfSSL	4:1b0d80432c79	3538	if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	4:1b0d80432c79	3539	return LENGTH_ERROR;
wolfSSL	4:1b0d80432c79	3540	#endif
wolfSSL	4:1b0d80432c79	3541
wolfSSL	4:1b0d80432c79	3542	/* verify record type here as well */
wolfSSL	4:1b0d80432c79	3543	switch (rh->type) {
wolfSSL	4:1b0d80432c79	3544	case handshake:
wolfSSL	4:1b0d80432c79	3545	case change_cipher_spec:
wolfSSL	4:1b0d80432c79	3546	case application_data:
wolfSSL	4:1b0d80432c79	3547	case alert:
wolfSSL	4:1b0d80432c79	3548	break;
wolfSSL	4:1b0d80432c79	3549	case no_type:
wolfSSL	4:1b0d80432c79	3550	default:
wolfSSL	4:1b0d80432c79	3551	WOLFSSL_MSG("Unknown Record Type");
wolfSSL	4:1b0d80432c79	3552	return UNKNOWN_RECORD_TYPE;
wolfSSL	4:1b0d80432c79	3553	}
wolfSSL	4:1b0d80432c79	3554
wolfSSL	4:1b0d80432c79	3555	/* haven't decrypted this record yet */
wolfSSL	4:1b0d80432c79	3556	ssl->keys.decryptedCur = 0;
wolfSSL	4:1b0d80432c79	3557
wolfSSL	4:1b0d80432c79	3558	return 0;
wolfSSL	4:1b0d80432c79	3559	}
wolfSSL	4:1b0d80432c79	3560
wolfSSL	4:1b0d80432c79	3561
wolfSSL	4:1b0d80432c79	3562	static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	3563	byte type, word32 size, word32 totalSz)
wolfSSL	4:1b0d80432c79	3564	{
wolfSSL	4:1b0d80432c79	3565	const byte ptr = input + inOutIdx;
wolfSSL	4:1b0d80432c79	3566	(void)ssl;
wolfSSL	4:1b0d80432c79	3567
wolfSSL	4:1b0d80432c79	3568	*inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	3569	if (*inOutIdx > totalSz)
wolfSSL	4:1b0d80432c79	3570	return BUFFER_E;
wolfSSL	4:1b0d80432c79	3571
wolfSSL	4:1b0d80432c79	3572	*type = ptr[0];
wolfSSL	4:1b0d80432c79	3573	c24to32(&ptr[1], size);
wolfSSL	4:1b0d80432c79	3574
wolfSSL	4:1b0d80432c79	3575	return 0;
wolfSSL	4:1b0d80432c79	3576	}
wolfSSL	4:1b0d80432c79	3577
wolfSSL	4:1b0d80432c79	3578
wolfSSL	4:1b0d80432c79	3579	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	3580	static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
wolfSSL	4:1b0d80432c79	3581	word32* inOutIdx, byte type, word32 size,
wolfSSL	4:1b0d80432c79	3582	word32 fragOffset, word32 fragSz,
wolfSSL	4:1b0d80432c79	3583	word32 totalSz)
wolfSSL	4:1b0d80432c79	3584	{
wolfSSL	4:1b0d80432c79	3585	word32 idx = *inOutIdx;
wolfSSL	4:1b0d80432c79	3586
wolfSSL	4:1b0d80432c79	3587	*inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	3588	if (*inOutIdx > totalSz)
wolfSSL	4:1b0d80432c79	3589	return BUFFER_E;
wolfSSL	4:1b0d80432c79	3590
wolfSSL	4:1b0d80432c79	3591	*type = input[idx++];
wolfSSL	4:1b0d80432c79	3592	c24to32(input + idx, size);
wolfSSL	4:1b0d80432c79	3593	idx += BYTE3_LEN;
wolfSSL	4:1b0d80432c79	3594
wolfSSL	4:1b0d80432c79	3595	ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL	4:1b0d80432c79	3596	idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL	4:1b0d80432c79	3597
wolfSSL	4:1b0d80432c79	3598	c24to32(input + idx, fragOffset);
wolfSSL	4:1b0d80432c79	3599	idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL	4:1b0d80432c79	3600	c24to32(input + idx, fragSz);
wolfSSL	4:1b0d80432c79	3601
wolfSSL	4:1b0d80432c79	3602	return 0;
wolfSSL	4:1b0d80432c79	3603	}
wolfSSL	4:1b0d80432c79	3604	#endif
wolfSSL	4:1b0d80432c79	3605
wolfSSL	4:1b0d80432c79	3606
wolfSSL	4:1b0d80432c79	3607	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	3608	/* fill with MD5 pad size since biggest required */
wolfSSL	4:1b0d80432c79	3609	static const byte PAD1[PAD_MD5] =
wolfSSL	4:1b0d80432c79	3610	{ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	4:1b0d80432c79	3611	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	4:1b0d80432c79	3612	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	4:1b0d80432c79	3613	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	4:1b0d80432c79	3614	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	4:1b0d80432c79	3615	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL	4:1b0d80432c79	3616	};
wolfSSL	4:1b0d80432c79	3617	static const byte PAD2[PAD_MD5] =
wolfSSL	4:1b0d80432c79	3618	{ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	4:1b0d80432c79	3619	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	4:1b0d80432c79	3620	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	4:1b0d80432c79	3621	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	4:1b0d80432c79	3622	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	4:1b0d80432c79	3623	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL	4:1b0d80432c79	3624	};
wolfSSL	4:1b0d80432c79	3625
wolfSSL	4:1b0d80432c79	3626	/* calculate MD5 hash for finished */
wolfSSL	4:1b0d80432c79	3627	#ifdef WOLFSSL_TI_HASH
wolfSSL	4:1b0d80432c79	3628	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	4:1b0d80432c79	3629	#endif
wolfSSL	4:1b0d80432c79	3630
wolfSSL	4:1b0d80432c79	3631	static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	4:1b0d80432c79	3632	{
wolfSSL	4:1b0d80432c79	3633
wolfSSL	4:1b0d80432c79	3634	byte md5_result[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	3635
wolfSSL	4:1b0d80432c79	3636	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3637	Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3638	Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3639	#else
wolfSSL	4:1b0d80432c79	3640	Md5 md5[1];
wolfSSL	4:1b0d80432c79	3641	Md5 md5_2[1];
wolfSSL	4:1b0d80432c79	3642	#endif
wolfSSL	4:1b0d80432c79	3643
wolfSSL	4:1b0d80432c79	3644	/* make md5 inner */
wolfSSL	4:1b0d80432c79	3645	md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
wolfSSL	4:1b0d80432c79	3646
wolfSSL	4:1b0d80432c79	3647	wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
wolfSSL	4:1b0d80432c79	3648	wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	3649	wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wolfSSL	4:1b0d80432c79	3650	wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wolfSSL	4:1b0d80432c79	3651	wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
wolfSSL	4:1b0d80432c79	3652
wolfSSL	4:1b0d80432c79	3653	/* make md5 outer */
wolfSSL	4:1b0d80432c79	3654	wc_InitMd5(md5_2) ;
wolfSSL	4:1b0d80432c79	3655	wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	3656	wc_Md5Update(md5_2, PAD2, PAD_MD5);
wolfSSL	4:1b0d80432c79	3657	wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	3658	wc_Md5Final(md5_2, hashes->md5);
wolfSSL	4:1b0d80432c79	3659
wolfSSL	4:1b0d80432c79	3660	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3661	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3662	XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3663	#endif
wolfSSL	4:1b0d80432c79	3664
wolfSSL	4:1b0d80432c79	3665	}
wolfSSL	4:1b0d80432c79	3666
wolfSSL	4:1b0d80432c79	3667
wolfSSL	4:1b0d80432c79	3668	/* calculate SHA hash for finished */
wolfSSL	4:1b0d80432c79	3669	static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	4:1b0d80432c79	3670	{
wolfSSL	4:1b0d80432c79	3671	byte sha_result[SHA_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	3672
wolfSSL	4:1b0d80432c79	3673	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3674	Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3675	Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3676	#else
wolfSSL	4:1b0d80432c79	3677	Sha sha[1];
wolfSSL	4:1b0d80432c79	3678	Sha sha2[1] ;
wolfSSL	4:1b0d80432c79	3679	#endif
wolfSSL	4:1b0d80432c79	3680	/* make sha inner */
wolfSSL	4:1b0d80432c79	3681	sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
wolfSSL	4:1b0d80432c79	3682
wolfSSL	4:1b0d80432c79	3683	wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
wolfSSL	4:1b0d80432c79	3684	wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	3685	wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
wolfSSL	4:1b0d80432c79	3686	wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
wolfSSL	4:1b0d80432c79	3687	wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
wolfSSL	4:1b0d80432c79	3688
wolfSSL	4:1b0d80432c79	3689	/* make sha outer */
wolfSSL	4:1b0d80432c79	3690	wc_InitSha(sha2) ;
wolfSSL	4:1b0d80432c79	3691	wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	3692	wc_ShaUpdate(sha2, PAD2, PAD_SHA);
wolfSSL	4:1b0d80432c79	3693	wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	3694	wc_ShaFinal(sha2, hashes->sha);
wolfSSL	4:1b0d80432c79	3695
wolfSSL	4:1b0d80432c79	3696	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3697	XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3698	XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3699	#endif
wolfSSL	4:1b0d80432c79	3700
wolfSSL	4:1b0d80432c79	3701	}
wolfSSL	4:1b0d80432c79	3702	#endif
wolfSSL	4:1b0d80432c79	3703
wolfSSL	4:1b0d80432c79	3704	/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
wolfSSL	4:1b0d80432c79	3705	static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	4:1b0d80432c79	3706	{
wolfSSL	4:1b0d80432c79	3707	int ret = 0;
wolfSSL	4:1b0d80432c79	3708	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3709	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3710	Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3711	#endif
wolfSSL	4:1b0d80432c79	3712	#else
wolfSSL	4:1b0d80432c79	3713	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3714	Sha384 sha384[1];
wolfSSL	4:1b0d80432c79	3715	#endif
wolfSSL	4:1b0d80432c79	3716	#endif
wolfSSL	4:1b0d80432c79	3717
wolfSSL	4:1b0d80432c79	3718	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3719	if (ssl == NULL
wolfSSL	4:1b0d80432c79	3720	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3721	\|\| sha384 == NULL
wolfSSL	4:1b0d80432c79	3722	#endif
wolfSSL	4:1b0d80432c79	3723	) {
wolfSSL	4:1b0d80432c79	3724	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3725	XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3726	#endif
wolfSSL	4:1b0d80432c79	3727	return MEMORY_E;
wolfSSL	4:1b0d80432c79	3728	}
wolfSSL	4:1b0d80432c79	3729	#endif
wolfSSL	4:1b0d80432c79	3730
wolfSSL	4:1b0d80432c79	3731	/* store current states, building requires get_digest which resets state */
wolfSSL	4:1b0d80432c79	3732	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3733	sha384[0] = ssl->hsHashes->hashSha384;
wolfSSL	4:1b0d80432c79	3734	#endif
wolfSSL	4:1b0d80432c79	3735
wolfSSL	4:1b0d80432c79	3736	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	3737	if (ssl->options.tls) {
wolfSSL	4:1b0d80432c79	3738	ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL	4:1b0d80432c79	3739	}
wolfSSL	4:1b0d80432c79	3740	#endif
wolfSSL	4:1b0d80432c79	3741	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	3742	if (!ssl->options.tls) {
wolfSSL	4:1b0d80432c79	3743	BuildMD5(ssl, hashes, sender);
wolfSSL	4:1b0d80432c79	3744	BuildSHA(ssl, hashes, sender);
wolfSSL	4:1b0d80432c79	3745	}
wolfSSL	4:1b0d80432c79	3746	#endif
wolfSSL	4:1b0d80432c79	3747
wolfSSL	4:1b0d80432c79	3748	/* restore */
wolfSSL	4:1b0d80432c79	3749	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	3750	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3751	ssl->hsHashes->hashSha384 = sha384[0];
wolfSSL	4:1b0d80432c79	3752	#endif
wolfSSL	4:1b0d80432c79	3753	}
wolfSSL	4:1b0d80432c79	3754
wolfSSL	4:1b0d80432c79	3755	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	3756	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	3757	XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	3758	#endif
wolfSSL	4:1b0d80432c79	3759	#endif
wolfSSL	4:1b0d80432c79	3760
wolfSSL	4:1b0d80432c79	3761	return ret;
wolfSSL	4:1b0d80432c79	3762	}
wolfSSL	4:1b0d80432c79	3763
wolfSSL	4:1b0d80432c79	3764
wolfSSL	4:1b0d80432c79	3765	/* cipher requirements */
wolfSSL	4:1b0d80432c79	3766	enum {
wolfSSL	4:1b0d80432c79	3767	REQUIRES_RSA,
wolfSSL	4:1b0d80432c79	3768	REQUIRES_DHE,
wolfSSL	4:1b0d80432c79	3769	REQUIRES_ECC,
wolfSSL	4:1b0d80432c79	3770	REQUIRES_ECC_STATIC,
wolfSSL	4:1b0d80432c79	3771	REQUIRES_PSK,
wolfSSL	4:1b0d80432c79	3772	REQUIRES_NTRU,
wolfSSL	4:1b0d80432c79	3773	REQUIRES_RSA_SIG
wolfSSL	4:1b0d80432c79	3774	};
wolfSSL	4:1b0d80432c79	3775
wolfSSL	4:1b0d80432c79	3776
wolfSSL	4:1b0d80432c79	3777
wolfSSL	4:1b0d80432c79	3778	/* Does this cipher suite (first, second) have the requirement
wolfSSL	4:1b0d80432c79	3779	an ephemeral key exchange will still require the key for signing
wolfSSL	4:1b0d80432c79	3780	the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL	4:1b0d80432c79	3781	static int CipherRequires(byte first, byte second, int requirement)
wolfSSL	4:1b0d80432c79	3782	{
wolfSSL	4:1b0d80432c79	3783
wolfSSL	4:1b0d80432c79	3784	if (first == CHACHA_BYTE) {
wolfSSL	4:1b0d80432c79	3785
wolfSSL	4:1b0d80432c79	3786	switch (second) {
wolfSSL	4:1b0d80432c79	3787
wolfSSL	4:1b0d80432c79	3788	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3789	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3790	return 1;
wolfSSL	4:1b0d80432c79	3791	break;
wolfSSL	4:1b0d80432c79	3792
wolfSSL	4:1b0d80432c79	3793	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3794	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3795	return 1;
wolfSSL	4:1b0d80432c79	3796	break;
wolfSSL	4:1b0d80432c79	3797
wolfSSL	4:1b0d80432c79	3798	case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3799	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3800	return 1;
wolfSSL	4:1b0d80432c79	3801	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	3802	return 1;
wolfSSL	4:1b0d80432c79	3803	break;
wolfSSL	4:1b0d80432c79	3804
wolfSSL	4:1b0d80432c79	3805	case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3806	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3807	return 1;
wolfSSL	4:1b0d80432c79	3808	break;
wolfSSL	4:1b0d80432c79	3809
wolfSSL	4:1b0d80432c79	3810	case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3811	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3812	return 1;
wolfSSL	4:1b0d80432c79	3813	break;
wolfSSL	4:1b0d80432c79	3814
wolfSSL	4:1b0d80432c79	3815	case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3816	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3817	return 1;
wolfSSL	4:1b0d80432c79	3818	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	3819	return 1;
wolfSSL	4:1b0d80432c79	3820	break;
wolfSSL	4:1b0d80432c79	3821
wolfSSL	4:1b0d80432c79	3822
wolfSSL	4:1b0d80432c79	3823	case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3824	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	3825	return 1;
wolfSSL	4:1b0d80432c79	3826	break;
wolfSSL	4:1b0d80432c79	3827
wolfSSL	4:1b0d80432c79	3828	case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3829	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	3830	return 1;
wolfSSL	4:1b0d80432c79	3831	break;
wolfSSL	4:1b0d80432c79	3832
wolfSSL	4:1b0d80432c79	3833	case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	4:1b0d80432c79	3834	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	3835	return 1;
wolfSSL	4:1b0d80432c79	3836	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	3837	return 1;
wolfSSL	4:1b0d80432c79	3838	break;
wolfSSL	4:1b0d80432c79	3839	}
wolfSSL	4:1b0d80432c79	3840	}
wolfSSL	4:1b0d80432c79	3841
wolfSSL	4:1b0d80432c79	3842	/* ECC extensions */
wolfSSL	4:1b0d80432c79	3843	if (first == ECC_BYTE) {
wolfSSL	4:1b0d80432c79	3844
wolfSSL	4:1b0d80432c79	3845	switch (second) {
wolfSSL	4:1b0d80432c79	3846
wolfSSL	4:1b0d80432c79	3847	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	3848	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	3849	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3850	return 1;
wolfSSL	4:1b0d80432c79	3851	break;
wolfSSL	4:1b0d80432c79	3852
wolfSSL	4:1b0d80432c79	3853	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	3854	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3855	return 1;
wolfSSL	4:1b0d80432c79	3856	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3857	return 1;
wolfSSL	4:1b0d80432c79	3858	break;
wolfSSL	4:1b0d80432c79	3859
wolfSSL	4:1b0d80432c79	3860	#ifndef NO_DES3
wolfSSL	4:1b0d80432c79	3861	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	3862	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3863	return 1;
wolfSSL	4:1b0d80432c79	3864	break;
wolfSSL	4:1b0d80432c79	3865
wolfSSL	4:1b0d80432c79	3866	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	3867	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3868	return 1;
wolfSSL	4:1b0d80432c79	3869	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3870	return 1;
wolfSSL	4:1b0d80432c79	3871	break;
wolfSSL	4:1b0d80432c79	3872	#endif
wolfSSL	4:1b0d80432c79	3873
wolfSSL	4:1b0d80432c79	3874	#ifndef NO_RC4
wolfSSL	4:1b0d80432c79	3875	case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	3876	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3877	return 1;
wolfSSL	4:1b0d80432c79	3878	break;
wolfSSL	4:1b0d80432c79	3879
wolfSSL	4:1b0d80432c79	3880	case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	3881	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3882	return 1;
wolfSSL	4:1b0d80432c79	3883	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3884	return 1;
wolfSSL	4:1b0d80432c79	3885	break;
wolfSSL	4:1b0d80432c79	3886	#endif
wolfSSL	4:1b0d80432c79	3887	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	3888
wolfSSL	4:1b0d80432c79	3889	#ifndef NO_DES3
wolfSSL	4:1b0d80432c79	3890	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	3891	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3892	return 1;
wolfSSL	4:1b0d80432c79	3893	break;
wolfSSL	4:1b0d80432c79	3894
wolfSSL	4:1b0d80432c79	3895	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	3896	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3897	return 1;
wolfSSL	4:1b0d80432c79	3898	break;
wolfSSL	4:1b0d80432c79	3899	#endif
wolfSSL	4:1b0d80432c79	3900	#ifndef NO_RC4
wolfSSL	4:1b0d80432c79	3901	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	3902	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3903	return 1;
wolfSSL	4:1b0d80432c79	3904	break;
wolfSSL	4:1b0d80432c79	3905
wolfSSL	4:1b0d80432c79	3906	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	3907	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3908	return 1;
wolfSSL	4:1b0d80432c79	3909	break;
wolfSSL	4:1b0d80432c79	3910	#endif
wolfSSL	4:1b0d80432c79	3911	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	3912	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	3913	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3914	return 1;
wolfSSL	4:1b0d80432c79	3915	break;
wolfSSL	4:1b0d80432c79	3916
wolfSSL	4:1b0d80432c79	3917	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	3918	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3919	return 1;
wolfSSL	4:1b0d80432c79	3920	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3921	return 1;
wolfSSL	4:1b0d80432c79	3922	break;
wolfSSL	4:1b0d80432c79	3923	#endif
wolfSSL	4:1b0d80432c79	3924
wolfSSL	4:1b0d80432c79	3925	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	3926	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3927	return 1;
wolfSSL	4:1b0d80432c79	3928	break;
wolfSSL	4:1b0d80432c79	3929
wolfSSL	4:1b0d80432c79	3930	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	3931	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3932	return 1;
wolfSSL	4:1b0d80432c79	3933	break;
wolfSSL	4:1b0d80432c79	3934
wolfSSL	4:1b0d80432c79	3935	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	3936	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3937	return 1;
wolfSSL	4:1b0d80432c79	3938	break;
wolfSSL	4:1b0d80432c79	3939
wolfSSL	4:1b0d80432c79	3940	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	3941	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3942	return 1;
wolfSSL	4:1b0d80432c79	3943	break;
wolfSSL	4:1b0d80432c79	3944
wolfSSL	4:1b0d80432c79	3945	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	3946	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3947	return 1;
wolfSSL	4:1b0d80432c79	3948	break;
wolfSSL	4:1b0d80432c79	3949
wolfSSL	4:1b0d80432c79	3950	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	3951	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	3952	return 1;
wolfSSL	4:1b0d80432c79	3953	break;
wolfSSL	4:1b0d80432c79	3954
wolfSSL	4:1b0d80432c79	3955	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	3956	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3957	return 1;
wolfSSL	4:1b0d80432c79	3958	break;
wolfSSL	4:1b0d80432c79	3959
wolfSSL	4:1b0d80432c79	3960	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	3961	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3962	return 1;
wolfSSL	4:1b0d80432c79	3963	break;
wolfSSL	4:1b0d80432c79	3964
wolfSSL	4:1b0d80432c79	3965	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	3966	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	3967	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3968	return 1;
wolfSSL	4:1b0d80432c79	3969	break;
wolfSSL	4:1b0d80432c79	3970
wolfSSL	4:1b0d80432c79	3971	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	3972	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3973	return 1;
wolfSSL	4:1b0d80432c79	3974	break;
wolfSSL	4:1b0d80432c79	3975
wolfSSL	4:1b0d80432c79	3976	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	3977	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3978	return 1;
wolfSSL	4:1b0d80432c79	3979	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3980	return 1;
wolfSSL	4:1b0d80432c79	3981	break;
wolfSSL	4:1b0d80432c79	3982
wolfSSL	4:1b0d80432c79	3983	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	3984	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	3985	return 1;
wolfSSL	4:1b0d80432c79	3986	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3987	return 1;
wolfSSL	4:1b0d80432c79	3988	break;
wolfSSL	4:1b0d80432c79	3989
wolfSSL	4:1b0d80432c79	3990	case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL	4:1b0d80432c79	3991	case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL	4:1b0d80432c79	3992	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	3993	return 1;
wolfSSL	4:1b0d80432c79	3994	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	3995	return 1;
wolfSSL	4:1b0d80432c79	3996	break;
wolfSSL	4:1b0d80432c79	3997
wolfSSL	4:1b0d80432c79	3998	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	3999	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4000	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4001	return 1;
wolfSSL	4:1b0d80432c79	4002	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	4003	return 1;
wolfSSL	4:1b0d80432c79	4004	break;
wolfSSL	4:1b0d80432c79	4005
wolfSSL	4:1b0d80432c79	4006	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4007	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4008	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	4009	return 1;
wolfSSL	4:1b0d80432c79	4010	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	4011	return 1;
wolfSSL	4:1b0d80432c79	4012	break;
wolfSSL	4:1b0d80432c79	4013	#endif
wolfSSL	4:1b0d80432c79	4014
wolfSSL	4:1b0d80432c79	4015	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL	4:1b0d80432c79	4016	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL	4:1b0d80432c79	4017	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	4018	return 1;
wolfSSL	4:1b0d80432c79	4019	break;
wolfSSL	4:1b0d80432c79	4020
wolfSSL	4:1b0d80432c79	4021	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4022	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4023	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	4024	return 1;
wolfSSL	4:1b0d80432c79	4025	break;
wolfSSL	4:1b0d80432c79	4026
wolfSSL	4:1b0d80432c79	4027	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4028	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4029	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	4030	return 1;
wolfSSL	4:1b0d80432c79	4031	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	4:1b0d80432c79	4032	return 1;
wolfSSL	4:1b0d80432c79	4033	break;
wolfSSL	4:1b0d80432c79	4034
wolfSSL	4:1b0d80432c79	4035	case TLS_PSK_WITH_AES_128_CCM:
wolfSSL	4:1b0d80432c79	4036	case TLS_PSK_WITH_AES_256_CCM:
wolfSSL	4:1b0d80432c79	4037	case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL	4:1b0d80432c79	4038	case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL	4:1b0d80432c79	4039	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4040	return 1;
wolfSSL	4:1b0d80432c79	4041	break;
wolfSSL	4:1b0d80432c79	4042
wolfSSL	4:1b0d80432c79	4043	case TLS_DHE_PSK_WITH_AES_128_CCM:
wolfSSL	4:1b0d80432c79	4044	case TLS_DHE_PSK_WITH_AES_256_CCM:
wolfSSL	4:1b0d80432c79	4045	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4046	return 1;
wolfSSL	4:1b0d80432c79	4047	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4048	return 1;
wolfSSL	4:1b0d80432c79	4049	break;
wolfSSL	4:1b0d80432c79	4050
wolfSSL	4:1b0d80432c79	4051	case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL	4:1b0d80432c79	4052	if (requirement == REQUIRES_ECC)
wolfSSL	4:1b0d80432c79	4053	return 1;
wolfSSL	4:1b0d80432c79	4054	break;
wolfSSL	4:1b0d80432c79	4055
wolfSSL	4:1b0d80432c79	4056	case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL	4:1b0d80432c79	4057	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4058	return 1;
wolfSSL	4:1b0d80432c79	4059	break;
wolfSSL	4:1b0d80432c79	4060
wolfSSL	4:1b0d80432c79	4061	case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4062	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4063	return 1;
wolfSSL	4:1b0d80432c79	4064	break;
wolfSSL	4:1b0d80432c79	4065
wolfSSL	4:1b0d80432c79	4066	default:
wolfSSL	4:1b0d80432c79	4067	WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL	4:1b0d80432c79	4068	return 0;
wolfSSL	4:1b0d80432c79	4069	} /* switch */
wolfSSL	4:1b0d80432c79	4070	} /* if */
wolfSSL	4:1b0d80432c79	4071	if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */
wolfSSL	4:1b0d80432c79	4072	switch (second) {
wolfSSL	4:1b0d80432c79	4073
wolfSSL	4:1b0d80432c79	4074	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	4075	case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	4076	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4077	return 1;
wolfSSL	4:1b0d80432c79	4078	break;
wolfSSL	4:1b0d80432c79	4079
wolfSSL	4:1b0d80432c79	4080	case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL	4:1b0d80432c79	4081	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4082	return 1;
wolfSSL	4:1b0d80432c79	4083	break;
wolfSSL	4:1b0d80432c79	4084
wolfSSL	4:1b0d80432c79	4085	case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	4086	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4087	return 1;
wolfSSL	4:1b0d80432c79	4088	break;
wolfSSL	4:1b0d80432c79	4089
wolfSSL	4:1b0d80432c79	4090	case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL	4:1b0d80432c79	4091	if (requirement == REQUIRES_NTRU)
wolfSSL	4:1b0d80432c79	4092	return 1;
wolfSSL	4:1b0d80432c79	4093	break;
wolfSSL	4:1b0d80432c79	4094
wolfSSL	4:1b0d80432c79	4095	case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4096	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4097	return 1;
wolfSSL	4:1b0d80432c79	4098	break;
wolfSSL	4:1b0d80432c79	4099
wolfSSL	4:1b0d80432c79	4100	case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4101	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4102	return 1;
wolfSSL	4:1b0d80432c79	4103	break;
wolfSSL	4:1b0d80432c79	4104
wolfSSL	4:1b0d80432c79	4105	case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	4:1b0d80432c79	4106	if (requirement == REQUIRES_NTRU)
wolfSSL	4:1b0d80432c79	4107	return 1;
wolfSSL	4:1b0d80432c79	4108	break;
wolfSSL	4:1b0d80432c79	4109
wolfSSL	4:1b0d80432c79	4110	case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4111	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4112	return 1;
wolfSSL	4:1b0d80432c79	4113	break;
wolfSSL	4:1b0d80432c79	4114
wolfSSL	4:1b0d80432c79	4115	case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4116	if (requirement == REQUIRES_NTRU)
wolfSSL	4:1b0d80432c79	4117	return 1;
wolfSSL	4:1b0d80432c79	4118	break;
wolfSSL	4:1b0d80432c79	4119
wolfSSL	4:1b0d80432c79	4120	case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4121	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4122	return 1;
wolfSSL	4:1b0d80432c79	4123	break;
wolfSSL	4:1b0d80432c79	4124
wolfSSL	4:1b0d80432c79	4125	case TLS_RSA_WITH_NULL_SHA :
wolfSSL	4:1b0d80432c79	4126	case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL	4:1b0d80432c79	4127	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4128	return 1;
wolfSSL	4:1b0d80432c79	4129	break;
wolfSSL	4:1b0d80432c79	4130
wolfSSL	4:1b0d80432c79	4131	case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4132	if (requirement == REQUIRES_NTRU)
wolfSSL	4:1b0d80432c79	4133	return 1;
wolfSSL	4:1b0d80432c79	4134	break;
wolfSSL	4:1b0d80432c79	4135
wolfSSL	4:1b0d80432c79	4136	case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL	4:1b0d80432c79	4137	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4138	return 1;
wolfSSL	4:1b0d80432c79	4139	break;
wolfSSL	4:1b0d80432c79	4140	#endif
wolfSSL	4:1b0d80432c79	4141
wolfSSL	4:1b0d80432c79	4142	case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	4143	case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	4144	case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4145	case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4146	case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4147	case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4148	case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL	4:1b0d80432c79	4149	case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL	4:1b0d80432c79	4150	case TLS_PSK_WITH_NULL_SHA :
wolfSSL	4:1b0d80432c79	4151	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4152	return 1;
wolfSSL	4:1b0d80432c79	4153	break;
wolfSSL	4:1b0d80432c79	4154
wolfSSL	4:1b0d80432c79	4155	case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	4156	case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	4157	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4158	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL	4:1b0d80432c79	4159	case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL	4:1b0d80432c79	4160	case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL	4:1b0d80432c79	4161	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4162	return 1;
wolfSSL	4:1b0d80432c79	4163	if (requirement == REQUIRES_PSK)
wolfSSL	4:1b0d80432c79	4164	return 1;
wolfSSL	4:1b0d80432c79	4165	break;
wolfSSL	4:1b0d80432c79	4166
wolfSSL	4:1b0d80432c79	4167	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	4168	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4169	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4170	return 1;
wolfSSL	4:1b0d80432c79	4171	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4172	return 1;
wolfSSL	4:1b0d80432c79	4173	break;
wolfSSL	4:1b0d80432c79	4174
wolfSSL	4:1b0d80432c79	4175	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4176	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4177	return 1;
wolfSSL	4:1b0d80432c79	4178	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4179	return 1;
wolfSSL	4:1b0d80432c79	4180	break;
wolfSSL	4:1b0d80432c79	4181
wolfSSL	4:1b0d80432c79	4182	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4183	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4184	return 1;
wolfSSL	4:1b0d80432c79	4185	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4186	return 1;
wolfSSL	4:1b0d80432c79	4187	break;
wolfSSL	4:1b0d80432c79	4188
wolfSSL	4:1b0d80432c79	4189	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4190	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4191	return 1;
wolfSSL	4:1b0d80432c79	4192	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4193	return 1;
wolfSSL	4:1b0d80432c79	4194	break;
wolfSSL	4:1b0d80432c79	4195
wolfSSL	4:1b0d80432c79	4196	case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL	4:1b0d80432c79	4197	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4198	return 1;
wolfSSL	4:1b0d80432c79	4199	break;
wolfSSL	4:1b0d80432c79	4200
wolfSSL	4:1b0d80432c79	4201	case TLS_RSA_WITH_HC_128_SHA :
wolfSSL	4:1b0d80432c79	4202	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4203	return 1;
wolfSSL	4:1b0d80432c79	4204	break;
wolfSSL	4:1b0d80432c79	4205
wolfSSL	4:1b0d80432c79	4206	case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL	4:1b0d80432c79	4207	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4208	return 1;
wolfSSL	4:1b0d80432c79	4209	break;
wolfSSL	4:1b0d80432c79	4210
wolfSSL	4:1b0d80432c79	4211	case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL	4:1b0d80432c79	4212	case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL	4:1b0d80432c79	4213	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4214	return 1;
wolfSSL	4:1b0d80432c79	4215	break;
wolfSSL	4:1b0d80432c79	4216
wolfSSL	4:1b0d80432c79	4217	case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL	4:1b0d80432c79	4218	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4219	return 1;
wolfSSL	4:1b0d80432c79	4220	break;
wolfSSL	4:1b0d80432c79	4221
wolfSSL	4:1b0d80432c79	4222	case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	4223	case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	4224	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4225	return 1;
wolfSSL	4:1b0d80432c79	4226	break;
wolfSSL	4:1b0d80432c79	4227
wolfSSL	4:1b0d80432c79	4228	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	4:1b0d80432c79	4229	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	4:1b0d80432c79	4230	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4231	return 1;
wolfSSL	4:1b0d80432c79	4232	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4233	return 1;
wolfSSL	4:1b0d80432c79	4234	break;
wolfSSL	4:1b0d80432c79	4235
wolfSSL	4:1b0d80432c79	4236	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4237	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4238	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4239	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4240	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4241	return 1;
wolfSSL	4:1b0d80432c79	4242	break;
wolfSSL	4:1b0d80432c79	4243
wolfSSL	4:1b0d80432c79	4244	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4245	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	4:1b0d80432c79	4246	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4247	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	4:1b0d80432c79	4248	if (requirement == REQUIRES_RSA)
wolfSSL	4:1b0d80432c79	4249	return 1;
wolfSSL	4:1b0d80432c79	4250	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	4:1b0d80432c79	4251	return 1;
wolfSSL	4:1b0d80432c79	4252	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4253	return 1;
wolfSSL	4:1b0d80432c79	4254	break;
wolfSSL	4:1b0d80432c79	4255	#endif
wolfSSL	4:1b0d80432c79	4256	#ifdef HAVE_ANON
wolfSSL	4:1b0d80432c79	4257	case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL	4:1b0d80432c79	4258	if (requirement == REQUIRES_DHE)
wolfSSL	4:1b0d80432c79	4259	return 1;
wolfSSL	4:1b0d80432c79	4260	break;
wolfSSL	4:1b0d80432c79	4261	#endif
wolfSSL	4:1b0d80432c79	4262
wolfSSL	4:1b0d80432c79	4263	default:
wolfSSL	4:1b0d80432c79	4264	WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL	4:1b0d80432c79	4265	return 0;
wolfSSL	4:1b0d80432c79	4266	} /* switch */
wolfSSL	4:1b0d80432c79	4267	} /* if ECC / Normal suites else */
wolfSSL	4:1b0d80432c79	4268
wolfSSL	4:1b0d80432c79	4269	return 0;
wolfSSL	4:1b0d80432c79	4270	}
wolfSSL	4:1b0d80432c79	4271
wolfSSL	4:1b0d80432c79	4272
wolfSSL	4:1b0d80432c79	4273	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	4274
wolfSSL	4:1b0d80432c79	4275
wolfSSL	4:1b0d80432c79	4276	/* Match names with wildcards, each wildcard can represent a single name
wolfSSL	4:1b0d80432c79	4277	component or fragment but not mulitple names, i.e.,
wolfSSL	4:1b0d80432c79	4278	*.z.com matches y.z.com but not x.y.z.com
wolfSSL	4:1b0d80432c79	4279
wolfSSL	4:1b0d80432c79	4280	return 1 on success */
wolfSSL	4:1b0d80432c79	4281	static int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL	4:1b0d80432c79	4282	{
wolfSSL	4:1b0d80432c79	4283	char p, s;
wolfSSL	4:1b0d80432c79	4284
wolfSSL	4:1b0d80432c79	4285	if (pattern == NULL \|\| str == NULL \|\| len <= 0)
wolfSSL	4:1b0d80432c79	4286	return 0;
wolfSSL	4:1b0d80432c79	4287
wolfSSL	4:1b0d80432c79	4288	while (len > 0) {
wolfSSL	4:1b0d80432c79	4289
wolfSSL	4:1b0d80432c79	4290	p = (char)XTOLOWER((unsigned char)*pattern++);
wolfSSL	4:1b0d80432c79	4291	if (p == 0)
wolfSSL	4:1b0d80432c79	4292	break;
wolfSSL	4:1b0d80432c79	4293
wolfSSL	4:1b0d80432c79	4294	if (p == '*') {
wolfSSL	4:1b0d80432c79	4295	while (--len > 0 &&
wolfSSL	4:1b0d80432c79	4296	(p = (char)XTOLOWER((unsigned char)pattern++)) == '')
wolfSSL	4:1b0d80432c79	4297	;
wolfSSL	4:1b0d80432c79	4298
wolfSSL	4:1b0d80432c79	4299	if (len == 0)
wolfSSL	4:1b0d80432c79	4300	p = '\0';
wolfSSL	4:1b0d80432c79	4301
wolfSSL	4:1b0d80432c79	4302	while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
wolfSSL	4:1b0d80432c79	4303	if (s == p)
wolfSSL	4:1b0d80432c79	4304	break;
wolfSSL	4:1b0d80432c79	4305	if (s == '.')
wolfSSL	4:1b0d80432c79	4306	return 0;
wolfSSL	4:1b0d80432c79	4307	str++;
wolfSSL	4:1b0d80432c79	4308	}
wolfSSL	4:1b0d80432c79	4309	}
wolfSSL	4:1b0d80432c79	4310	else {
wolfSSL	4:1b0d80432c79	4311	if (p != (char)XTOLOWER((unsigned char) *str))
wolfSSL	4:1b0d80432c79	4312	return 0;
wolfSSL	4:1b0d80432c79	4313	}
wolfSSL	4:1b0d80432c79	4314
wolfSSL	4:1b0d80432c79	4315	if (*str != '\0')
wolfSSL	4:1b0d80432c79	4316	str++;
wolfSSL	4:1b0d80432c79	4317
wolfSSL	4:1b0d80432c79	4318	if (len > 0)
wolfSSL	4:1b0d80432c79	4319	len--;
wolfSSL	4:1b0d80432c79	4320	}
wolfSSL	4:1b0d80432c79	4321
wolfSSL	4:1b0d80432c79	4322	return *str == '\0';
wolfSSL	4:1b0d80432c79	4323	}
wolfSSL	4:1b0d80432c79	4324
wolfSSL	4:1b0d80432c79	4325
wolfSSL	4:1b0d80432c79	4326	/* try to find an altName match to domain, return 1 on success */
wolfSSL	4:1b0d80432c79	4327	static int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL	4:1b0d80432c79	4328	{
wolfSSL	4:1b0d80432c79	4329	int match = 0;
wolfSSL	4:1b0d80432c79	4330	DNS_entry* altName = NULL;
wolfSSL	4:1b0d80432c79	4331
wolfSSL	4:1b0d80432c79	4332	WOLFSSL_MSG("Checking AltNames");
wolfSSL	4:1b0d80432c79	4333
wolfSSL	4:1b0d80432c79	4334	if (dCert)
wolfSSL	4:1b0d80432c79	4335	altName = dCert->altNames;
wolfSSL	4:1b0d80432c79	4336
wolfSSL	4:1b0d80432c79	4337	while (altName) {
wolfSSL	4:1b0d80432c79	4338	WOLFSSL_MSG(" individual AltName check");
wolfSSL	4:1b0d80432c79	4339
wolfSSL	4:1b0d80432c79	4340	if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
wolfSSL	4:1b0d80432c79	4341	match = 1;
wolfSSL	4:1b0d80432c79	4342	break;
wolfSSL	4:1b0d80432c79	4343	}
wolfSSL	4:1b0d80432c79	4344
wolfSSL	4:1b0d80432c79	4345	altName = altName->next;
wolfSSL	4:1b0d80432c79	4346	}
wolfSSL	4:1b0d80432c79	4347
wolfSSL	4:1b0d80432c79	4348	return match;
wolfSSL	4:1b0d80432c79	4349	}
wolfSSL	4:1b0d80432c79	4350
wolfSSL	4:1b0d80432c79	4351
wolfSSL	4:1b0d80432c79	4352	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS)
wolfSSL	4:1b0d80432c79	4353
wolfSSL	4:1b0d80432c79	4354	/* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL	4:1b0d80432c79	4355	int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
wolfSSL	4:1b0d80432c79	4356	{
wolfSSL	4:1b0d80432c79	4357	int ret = 0;
wolfSSL	4:1b0d80432c79	4358
wolfSSL	4:1b0d80432c79	4359	if (x509 == NULL \|\| dCert == NULL)
wolfSSL	4:1b0d80432c79	4360	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	4361
wolfSSL	4:1b0d80432c79	4362	x509->version = dCert->version + 1;
wolfSSL	4:1b0d80432c79	4363
wolfSSL	4:1b0d80432c79	4364	XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL	4:1b0d80432c79	4365	x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	4:1b0d80432c79	4366	x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL	4:1b0d80432c79	4367	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	4368	if (dCert->issuerName.fullName != NULL) {
wolfSSL	4:1b0d80432c79	4369	XMEMCPY(&x509->issuer.fullName,
wolfSSL	4:1b0d80432c79	4370	&dCert->issuerName, sizeof(DecodedName));
wolfSSL	4:1b0d80432c79	4371	x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL	4:1b0d80432c79	4372	dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
wolfSSL	4:1b0d80432c79	4373	if (x509->issuer.fullName.fullName != NULL)
wolfSSL	4:1b0d80432c79	4374	XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL	4:1b0d80432c79	4375	dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL	4:1b0d80432c79	4376	}
wolfSSL	4:1b0d80432c79	4377	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	4378
wolfSSL	4:1b0d80432c79	4379	XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL	4:1b0d80432c79	4380	x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	4:1b0d80432c79	4381	x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL	4:1b0d80432c79	4382	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	4383	if (dCert->subjectName.fullName != NULL) {
wolfSSL	4:1b0d80432c79	4384	XMEMCPY(&x509->subject.fullName,
wolfSSL	4:1b0d80432c79	4385	&dCert->subjectName, sizeof(DecodedName));
wolfSSL	4:1b0d80432c79	4386	x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL	4:1b0d80432c79	4387	dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
wolfSSL	4:1b0d80432c79	4388	if (x509->subject.fullName.fullName != NULL)
wolfSSL	4:1b0d80432c79	4389	XMEMCPY(x509->subject.fullName.fullName,
wolfSSL	4:1b0d80432c79	4390	dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL	4:1b0d80432c79	4391	}
wolfSSL	4:1b0d80432c79	4392	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	4393
wolfSSL	4:1b0d80432c79	4394	XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL	4:1b0d80432c79	4395	x509->serialSz = dCert->serialSz;
wolfSSL	4:1b0d80432c79	4396	if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL	4:1b0d80432c79	4397	XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL	4:1b0d80432c79	4398	x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL	4:1b0d80432c79	4399	}
wolfSSL	4:1b0d80432c79	4400	else
wolfSSL	4:1b0d80432c79	4401	x509->subjectCN[0] = '\0';
wolfSSL	4:1b0d80432c79	4402
wolfSSL	4:1b0d80432c79	4403	#ifdef WOLFSSL_SEP
wolfSSL	4:1b0d80432c79	4404	{
wolfSSL	4:1b0d80432c79	4405	int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	4:1b0d80432c79	4406	if (minSz > 0) {
wolfSSL	4:1b0d80432c79	4407	x509->deviceTypeSz = minSz;
wolfSSL	4:1b0d80432c79	4408	XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL	4:1b0d80432c79	4409	}
wolfSSL	4:1b0d80432c79	4410	else
wolfSSL	4:1b0d80432c79	4411	x509->deviceTypeSz = 0;
wolfSSL	4:1b0d80432c79	4412	minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	4:1b0d80432c79	4413	if (minSz != 0) {
wolfSSL	4:1b0d80432c79	4414	x509->hwTypeSz = minSz;
wolfSSL	4:1b0d80432c79	4415	XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL	4:1b0d80432c79	4416	}
wolfSSL	4:1b0d80432c79	4417	else
wolfSSL	4:1b0d80432c79	4418	x509->hwTypeSz = 0;
wolfSSL	4:1b0d80432c79	4419	minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	4:1b0d80432c79	4420	if (minSz != 0) {
wolfSSL	4:1b0d80432c79	4421	x509->hwSerialNumSz = minSz;
wolfSSL	4:1b0d80432c79	4422	XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL	4:1b0d80432c79	4423	}
wolfSSL	4:1b0d80432c79	4424	else
wolfSSL	4:1b0d80432c79	4425	x509->hwSerialNumSz = 0;
wolfSSL	4:1b0d80432c79	4426	}
wolfSSL	4:1b0d80432c79	4427	#endif /* WOLFSSL_SEP */
wolfSSL	4:1b0d80432c79	4428	{
wolfSSL	4:1b0d80432c79	4429	int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
wolfSSL	4:1b0d80432c79	4430	if (minSz != 0) {
wolfSSL	4:1b0d80432c79	4431	x509->notBeforeSz = minSz;
wolfSSL	4:1b0d80432c79	4432	XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
wolfSSL	4:1b0d80432c79	4433	}
wolfSSL	4:1b0d80432c79	4434	else
wolfSSL	4:1b0d80432c79	4435	x509->notBeforeSz = 0;
wolfSSL	4:1b0d80432c79	4436	minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
wolfSSL	4:1b0d80432c79	4437	if (minSz != 0) {
wolfSSL	4:1b0d80432c79	4438	x509->notAfterSz = minSz;
wolfSSL	4:1b0d80432c79	4439	XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
wolfSSL	4:1b0d80432c79	4440	}
wolfSSL	4:1b0d80432c79	4441	else
wolfSSL	4:1b0d80432c79	4442	x509->notAfterSz = 0;
wolfSSL	4:1b0d80432c79	4443	}
wolfSSL	4:1b0d80432c79	4444
wolfSSL	4:1b0d80432c79	4445	if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL	4:1b0d80432c79	4446	x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	4447	dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	4:1b0d80432c79	4448	if (x509->pubKey.buffer != NULL) {
wolfSSL	4:1b0d80432c79	4449	x509->pubKeyOID = dCert->keyOID;
wolfSSL	4:1b0d80432c79	4450	x509->pubKey.length = dCert->pubKeySize;
wolfSSL	4:1b0d80432c79	4451	XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL	4:1b0d80432c79	4452	}
wolfSSL	4:1b0d80432c79	4453	else
wolfSSL	4:1b0d80432c79	4454	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	4455	}
wolfSSL	4:1b0d80432c79	4456
wolfSSL	4:1b0d80432c79	4457	if (dCert->signature != NULL && dCert->sigLength != 0) {
wolfSSL	4:1b0d80432c79	4458	x509->sig.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	4459	dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	4:1b0d80432c79	4460	if (x509->sig.buffer == NULL) {
wolfSSL	4:1b0d80432c79	4461	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	4462	}
wolfSSL	4:1b0d80432c79	4463	else {
wolfSSL	4:1b0d80432c79	4464	XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL	4:1b0d80432c79	4465	x509->sig.length = dCert->sigLength;
wolfSSL	4:1b0d80432c79	4466	x509->sigOID = dCert->signatureOID;
wolfSSL	4:1b0d80432c79	4467	}
wolfSSL	4:1b0d80432c79	4468	}
wolfSSL	4:1b0d80432c79	4469
wolfSSL	4:1b0d80432c79	4470	/* store cert for potential retrieval */
wolfSSL	4:1b0d80432c79	4471	if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, NULL) == 0) {
wolfSSL	4:1b0d80432c79	4472	XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
wolfSSL	4:1b0d80432c79	4473	}
wolfSSL	4:1b0d80432c79	4474	else {
wolfSSL	4:1b0d80432c79	4475	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	4476	}
wolfSSL	4:1b0d80432c79	4477
wolfSSL	4:1b0d80432c79	4478	x509->altNames = dCert->altNames;
wolfSSL	4:1b0d80432c79	4479	dCert->weOwnAltNames = 0;
wolfSSL	4:1b0d80432c79	4480	x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL	4:1b0d80432c79	4481
wolfSSL	4:1b0d80432c79	4482	x509->isCa = dCert->isCA;
wolfSSL	4:1b0d80432c79	4483	#ifdef OPENSSL_EXTRA
wolfSSL	4:1b0d80432c79	4484	x509->pathLength = dCert->pathLength;
wolfSSL	4:1b0d80432c79	4485	x509->keyUsage = dCert->extKeyUsage;
wolfSSL	4:1b0d80432c79	4486
wolfSSL	4:1b0d80432c79	4487	x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL	4:1b0d80432c79	4488	x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL	4:1b0d80432c79	4489	x509->basicConstPlSet = dCert->extBasicConstPlSet;
wolfSSL	4:1b0d80432c79	4490	x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL	4:1b0d80432c79	4491	x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL	4:1b0d80432c79	4492	x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL	4:1b0d80432c79	4493	x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL	4:1b0d80432c79	4494	if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL	4:1b0d80432c79	4495	x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL,
wolfSSL	4:1b0d80432c79	4496	DYNAMIC_TYPE_X509_EXT);
wolfSSL	4:1b0d80432c79	4497	if (x509->authKeyId != NULL) {
wolfSSL	4:1b0d80432c79	4498	XMEMCPY(x509->authKeyId,
wolfSSL	4:1b0d80432c79	4499	dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL	4:1b0d80432c79	4500	x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL	4:1b0d80432c79	4501	}
wolfSSL	4:1b0d80432c79	4502	else
wolfSSL	4:1b0d80432c79	4503	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	4504	}
wolfSSL	4:1b0d80432c79	4505	x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL	4:1b0d80432c79	4506	x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL	4:1b0d80432c79	4507	if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL	4:1b0d80432c79	4508	x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL,
wolfSSL	4:1b0d80432c79	4509	DYNAMIC_TYPE_X509_EXT);
wolfSSL	4:1b0d80432c79	4510	if (x509->subjKeyId != NULL) {
wolfSSL	4:1b0d80432c79	4511	XMEMCPY(x509->subjKeyId,
wolfSSL	4:1b0d80432c79	4512	dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL	4:1b0d80432c79	4513	x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL	4:1b0d80432c79	4514	}
wolfSSL	4:1b0d80432c79	4515	else
wolfSSL	4:1b0d80432c79	4516	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	4517	}
wolfSSL	4:1b0d80432c79	4518	x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL	4:1b0d80432c79	4519	x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL	4:1b0d80432c79	4520	#ifdef WOLFSSL_SEP
wolfSSL	4:1b0d80432c79	4521	x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL	4:1b0d80432c79	4522	x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL	4:1b0d80432c79	4523	#endif /* WOLFSSL_SEP */
wolfSSL	4:1b0d80432c79	4524	#endif /* OPENSSL_EXTRA */
wolfSSL	4:1b0d80432c79	4525	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	4526	x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL	4:1b0d80432c79	4527	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	4528
wolfSSL	4:1b0d80432c79	4529	return ret;
wolfSSL	4:1b0d80432c79	4530	}
wolfSSL	4:1b0d80432c79	4531
wolfSSL	4:1b0d80432c79	4532	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
wolfSSL	4:1b0d80432c79	4533
wolfSSL	4:1b0d80432c79	4534
wolfSSL	4:1b0d80432c79	4535	static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	4536	word32 size)
wolfSSL	4:1b0d80432c79	4537	{
wolfSSL	4:1b0d80432c79	4538	word32 listSz;
wolfSSL	4:1b0d80432c79	4539	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	4540	int ret = 0;
wolfSSL	4:1b0d80432c79	4541	int anyError = 0;
wolfSSL	4:1b0d80432c79	4542	int totalCerts = 0; /* number of certs in certs buffer */
wolfSSL	4:1b0d80432c79	4543	int count;
wolfSSL	4:1b0d80432c79	4544	buffer certs[MAX_CHAIN_DEPTH];
wolfSSL	4:1b0d80432c79	4545
wolfSSL	4:1b0d80432c79	4546	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	4547	char* domain = NULL;
wolfSSL	4:1b0d80432c79	4548	DecodedCert* dCert = NULL;
wolfSSL	4:1b0d80432c79	4549	WOLFSSL_X509_STORE_CTX* store = NULL;
wolfSSL	4:1b0d80432c79	4550	#else
wolfSSL	4:1b0d80432c79	4551	char domain[ASN_NAME_MAX];
wolfSSL	4:1b0d80432c79	4552	DecodedCert dCert[1];
wolfSSL	4:1b0d80432c79	4553	WOLFSSL_X509_STORE_CTX store[1];
wolfSSL	4:1b0d80432c79	4554	#endif
wolfSSL	4:1b0d80432c79	4555
wolfSSL	4:1b0d80432c79	4556	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	4557	byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */
wolfSSL	4:1b0d80432c79	4558	#endif
wolfSSL	4:1b0d80432c79	4559
wolfSSL	4:1b0d80432c79	4560	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	4561	if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	4562	if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	4563	#endif
wolfSSL	4:1b0d80432c79	4564
wolfSSL	4:1b0d80432c79	4565	if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL	4:1b0d80432c79	4566	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4567
wolfSSL	4:1b0d80432c79	4568	c24to32(input + *inOutIdx, &listSz);
wolfSSL	4:1b0d80432c79	4569	*inOutIdx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	4570
wolfSSL	4:1b0d80432c79	4571	if (listSz > MAX_RECORD_SIZE)
wolfSSL	4:1b0d80432c79	4572	return BUFFER_E;
wolfSSL	4:1b0d80432c79	4573
wolfSSL	4:1b0d80432c79	4574	if ((*inOutIdx - begin) + listSz != size)
wolfSSL	4:1b0d80432c79	4575	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4576
wolfSSL	4:1b0d80432c79	4577	WOLFSSL_MSG("Loading peer's cert chain");
wolfSSL	4:1b0d80432c79	4578	/* first put cert chain into buffer so can verify top down
wolfSSL	4:1b0d80432c79	4579	we're sent bottom up */
wolfSSL	4:1b0d80432c79	4580	while (listSz) {
wolfSSL	4:1b0d80432c79	4581	word32 certSz;
wolfSSL	4:1b0d80432c79	4582
wolfSSL	4:1b0d80432c79	4583	if (totalCerts >= MAX_CHAIN_DEPTH)
wolfSSL	4:1b0d80432c79	4584	return MAX_CHAIN_ERROR;
wolfSSL	4:1b0d80432c79	4585
wolfSSL	4:1b0d80432c79	4586	if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL	4:1b0d80432c79	4587	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4588
wolfSSL	4:1b0d80432c79	4589	c24to32(input + *inOutIdx, &certSz);
wolfSSL	4:1b0d80432c79	4590	*inOutIdx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	4591
wolfSSL	4:1b0d80432c79	4592	if ((*inOutIdx - begin) + certSz > size)
wolfSSL	4:1b0d80432c79	4593	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	4594
wolfSSL	4:1b0d80432c79	4595	certs[totalCerts].length = certSz;
wolfSSL	4:1b0d80432c79	4596	certs[totalCerts].buffer = input + *inOutIdx;
wolfSSL	4:1b0d80432c79	4597
wolfSSL	4:1b0d80432c79	4598	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	4599	if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
wolfSSL	4:1b0d80432c79	4600	certSz < MAX_X509_SIZE) {
wolfSSL	4:1b0d80432c79	4601	ssl->session.chain.certs[ssl->session.chain.count].length = certSz;
wolfSSL	4:1b0d80432c79	4602	XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer,
wolfSSL	4:1b0d80432c79	4603	input + *inOutIdx, certSz);
wolfSSL	4:1b0d80432c79	4604	ssl->session.chain.count++;
wolfSSL	4:1b0d80432c79	4605	} else {
wolfSSL	4:1b0d80432c79	4606	WOLFSSL_MSG("Couldn't store chain cert for session");
wolfSSL	4:1b0d80432c79	4607	}
wolfSSL	4:1b0d80432c79	4608	#endif
wolfSSL	4:1b0d80432c79	4609
wolfSSL	4:1b0d80432c79	4610	*inOutIdx += certSz;
wolfSSL	4:1b0d80432c79	4611	listSz -= certSz + CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	4612
wolfSSL	4:1b0d80432c79	4613	totalCerts++;
wolfSSL	4:1b0d80432c79	4614	WOLFSSL_MSG(" Put another cert into chain");
wolfSSL	4:1b0d80432c79	4615	}
wolfSSL	4:1b0d80432c79	4616
wolfSSL	4:1b0d80432c79	4617	count = totalCerts;
wolfSSL	4:1b0d80432c79	4618
wolfSSL	4:1b0d80432c79	4619	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	4620	dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL	4:1b0d80432c79	4621	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	4622	if (dCert == NULL)
wolfSSL	4:1b0d80432c79	4623	return MEMORY_E;
wolfSSL	4:1b0d80432c79	4624	#endif
wolfSSL	4:1b0d80432c79	4625
wolfSSL	4:1b0d80432c79	4626	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	4627	/* if using trusted peer certs check before verify chain and CA test */
wolfSSL	4:1b0d80432c79	4628	if (count > 0) {
wolfSSL	4:1b0d80432c79	4629	TrustedPeerCert* tp = NULL;
wolfSSL	4:1b0d80432c79	4630
wolfSSL	4:1b0d80432c79	4631	InitDecodedCert(dCert, certs[0].buffer, certs[0].length, ssl->heap);
wolfSSL	4:1b0d80432c79	4632	ret = ParseCertRelative(dCert, CERT_TYPE, 0, ssl->ctx->cm);
wolfSSL	4:1b0d80432c79	4633	#ifndef NO_SKID
wolfSSL	4:1b0d80432c79	4634	if (dCert->extAuthKeyIdSet) {
wolfSSL	4:1b0d80432c79	4635	tp = GetTrustedPeer(ssl->ctx->cm, dCert->extSubjKeyId,
wolfSSL	4:1b0d80432c79	4636	WC_MATCH_SKID);
wolfSSL	4:1b0d80432c79	4637	}
wolfSSL	4:1b0d80432c79	4638	else { /* if the cert has no SKID try to match by name */
wolfSSL	4:1b0d80432c79	4639	tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash,
wolfSSL	4:1b0d80432c79	4640	WC_MATCH_NAME);
wolfSSL	4:1b0d80432c79	4641	}
wolfSSL	4:1b0d80432c79	4642	#else /* NO_SKID */
wolfSSL	4:1b0d80432c79	4643	tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash,
wolfSSL	4:1b0d80432c79	4644	WC_MATCH_NAME);
wolfSSL	4:1b0d80432c79	4645	#endif /* NO SKID */
wolfSSL	4:1b0d80432c79	4646	WOLFSSL_MSG("Checking for trusted peer cert");
wolfSSL	4:1b0d80432c79	4647
wolfSSL	4:1b0d80432c79	4648	if (tp == NULL) {
wolfSSL	4:1b0d80432c79	4649	/* no trusted peer cert */
wolfSSL	4:1b0d80432c79	4650	WOLFSSL_MSG("No matching trusted peer cert. Checking CAs");
wolfSSL	4:1b0d80432c79	4651	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	4652	} else if (MatchTrustedPeer(tp, dCert)){
wolfSSL	4:1b0d80432c79	4653	WOLFSSL_MSG("Found matching trusted peer cert");
wolfSSL	4:1b0d80432c79	4654	haveTrustPeer = 1;
wolfSSL	4:1b0d80432c79	4655	} else {
wolfSSL	4:1b0d80432c79	4656	WOLFSSL_MSG("Trusted peer cert did not match!");
wolfSSL	4:1b0d80432c79	4657	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	4658	}
wolfSSL	4:1b0d80432c79	4659	}
wolfSSL	4:1b0d80432c79	4660	if (!haveTrustPeer) { /* do not verify chain if trusted peer cert found */
wolfSSL	4:1b0d80432c79	4661	#endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL	4:1b0d80432c79	4662
wolfSSL	4:1b0d80432c79	4663	/* verify up to peer's first */
wolfSSL	4:1b0d80432c79	4664	while (count > 1) {
wolfSSL	4:1b0d80432c79	4665	buffer myCert = certs[count - 1];
wolfSSL	4:1b0d80432c79	4666	byte* subjectHash;
wolfSSL	4:1b0d80432c79	4667
wolfSSL	4:1b0d80432c79	4668	InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL	4:1b0d80432c79	4669	ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL	4:1b0d80432c79	4670	ssl->ctx->cm);
wolfSSL	4:1b0d80432c79	4671	#ifndef NO_SKID
wolfSSL	4:1b0d80432c79	4672	subjectHash = dCert->extSubjKeyId;
wolfSSL	4:1b0d80432c79	4673	#else
wolfSSL	4:1b0d80432c79	4674	subjectHash = dCert->subjectHash;
wolfSSL	4:1b0d80432c79	4675	#endif
wolfSSL	4:1b0d80432c79	4676
wolfSSL	4:1b0d80432c79	4677	if (ret == 0 && dCert->isCA == 0) {
wolfSSL	4:1b0d80432c79	4678	WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL	4:1b0d80432c79	4679	}
wolfSSL	4:1b0d80432c79	4680	else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL	4:1b0d80432c79	4681	WOLFSSL_MSG("Chain cert not verified by option, not adding as CA");
wolfSSL	4:1b0d80432c79	4682	}
wolfSSL	4:1b0d80432c79	4683	else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
wolfSSL	4:1b0d80432c79	4684	DerBuffer* add = NULL;
wolfSSL	4:1b0d80432c79	4685	ret = AllocDer(&add, myCert.length, CA_TYPE, ssl->heap);
wolfSSL	4:1b0d80432c79	4686	if (ret < 0) {
wolfSSL	4:1b0d80432c79	4687	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	4688	XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	4689	#endif
wolfSSL	4:1b0d80432c79	4690	return ret;
wolfSSL	4:1b0d80432c79	4691	}
wolfSSL	4:1b0d80432c79	4692
wolfSSL	4:1b0d80432c79	4693	WOLFSSL_MSG("Adding CA from chain");
wolfSSL	4:1b0d80432c79	4694
wolfSSL	4:1b0d80432c79	4695	XMEMCPY(add->buffer, myCert.buffer, myCert.length);
wolfSSL	4:1b0d80432c79	4696
wolfSSL	4:1b0d80432c79	4697	/* already verified above */
wolfSSL	4:1b0d80432c79	4698	ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0);
wolfSSL	4:1b0d80432c79	4699	if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
wolfSSL	4:1b0d80432c79	4700	}
wolfSSL	4:1b0d80432c79	4701	else if (ret != 0) {
wolfSSL	4:1b0d80432c79	4702	WOLFSSL_MSG("Failed to verify CA from chain");
wolfSSL	4:1b0d80432c79	4703	}
wolfSSL	4:1b0d80432c79	4704	else {
wolfSSL	4:1b0d80432c79	4705	WOLFSSL_MSG("Verified CA from chain and already had it");
wolfSSL	4:1b0d80432c79	4706	}
wolfSSL	4:1b0d80432c79	4707
wolfSSL	4:1b0d80432c79	4708	#if defined(HAVE_OCSP) \|\| defined(HAVE_CRL)
wolfSSL	4:1b0d80432c79	4709	if (ret == 0) {
wolfSSL	4:1b0d80432c79	4710	int doCrlLookup = 1;
wolfSSL	4:1b0d80432c79	4711
wolfSSL	4:1b0d80432c79	4712	#ifdef HAVE_OCSP
wolfSSL	4:1b0d80432c79	4713	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	4714	if (ssl->status_request_v2)
wolfSSL	4:1b0d80432c79	4715	ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0);
wolfSSL	4:1b0d80432c79	4716	else /* skips OCSP and force CRL check */
wolfSSL	4:1b0d80432c79	4717	#endif
wolfSSL	4:1b0d80432c79	4718	if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) {
wolfSSL	4:1b0d80432c79	4719	WOLFSSL_MSG("Doing Non Leaf OCSP check");
wolfSSL	4:1b0d80432c79	4720	ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL);
wolfSSL	4:1b0d80432c79	4721	doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL	4:1b0d80432c79	4722	if (ret != 0) {
wolfSSL	4:1b0d80432c79	4723	doCrlLookup = 0;
wolfSSL	4:1b0d80432c79	4724	WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL	4:1b0d80432c79	4725	}
wolfSSL	4:1b0d80432c79	4726	}
wolfSSL	4:1b0d80432c79	4727	#endif /* HAVE_OCSP */
wolfSSL	4:1b0d80432c79	4728
wolfSSL	4:1b0d80432c79	4729	#ifdef HAVE_CRL
wolfSSL	4:1b0d80432c79	4730	if (ret == 0 && doCrlLookup && ssl->ctx->cm->crlEnabled
wolfSSL	4:1b0d80432c79	4731	&& ssl->ctx->cm->crlCheckAll) {
wolfSSL	4:1b0d80432c79	4732	WOLFSSL_MSG("Doing Non Leaf CRL check");
wolfSSL	4:1b0d80432c79	4733	ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
wolfSSL	4:1b0d80432c79	4734
wolfSSL	4:1b0d80432c79	4735	if (ret != 0) {
wolfSSL	4:1b0d80432c79	4736	WOLFSSL_MSG("\tCRL check not ok");
wolfSSL	4:1b0d80432c79	4737	}
wolfSSL	4:1b0d80432c79	4738	}
wolfSSL	4:1b0d80432c79	4739	#else
wolfSSL	4:1b0d80432c79	4740	(void)doCrlLookup;
wolfSSL	4:1b0d80432c79	4741	#endif /* HAVE_CRL */
wolfSSL	4:1b0d80432c79	4742	}
wolfSSL	4:1b0d80432c79	4743	#endif /* HAVE_OCSP \|\| HAVE_CRL */
wolfSSL	4:1b0d80432c79	4744
wolfSSL	4:1b0d80432c79	4745	if (ret != 0 && anyError == 0)
wolfSSL	4:1b0d80432c79	4746	anyError = ret; /* save error from last time */
wolfSSL	4:1b0d80432c79	4747
wolfSSL	4:1b0d80432c79	4748	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	4749	count--;
wolfSSL	4:1b0d80432c79	4750	}
wolfSSL	4:1b0d80432c79	4751
wolfSSL	4:1b0d80432c79	4752	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	4753	} /* end of if (haveTrustPeer) -- a check for if already verified */
wolfSSL	4:1b0d80432c79	4754	#endif
wolfSSL	4:1b0d80432c79	4755
wolfSSL	4:1b0d80432c79	4756	/* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL	4:1b0d80432c79	4757	if (count) {
wolfSSL	4:1b0d80432c79	4758	buffer myCert = certs[0];
wolfSSL	4:1b0d80432c79	4759	int fatal = 0;
wolfSSL	4:1b0d80432c79	4760
wolfSSL	4:1b0d80432c79	4761	WOLFSSL_MSG("Verifying Peer's cert");
wolfSSL	4:1b0d80432c79	4762
wolfSSL	4:1b0d80432c79	4763	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	4764	if (!haveTrustPeer) { /* do not parse again if previously verified */
wolfSSL	4:1b0d80432c79	4765	#endif
wolfSSL	4:1b0d80432c79	4766	InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL	4:1b0d80432c79	4767	ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL	4:1b0d80432c79	4768	ssl->ctx->cm);
wolfSSL	4:1b0d80432c79	4769	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	4:1b0d80432c79	4770	}
wolfSSL	4:1b0d80432c79	4771	#endif
wolfSSL	4:1b0d80432c79	4772
wolfSSL	4:1b0d80432c79	4773	if (ret == 0) {
wolfSSL	4:1b0d80432c79	4774	WOLFSSL_MSG("Verified Peer's cert");
wolfSSL	4:1b0d80432c79	4775	fatal = 0;
wolfSSL	4:1b0d80432c79	4776	}
wolfSSL	4:1b0d80432c79	4777	else if (ret == ASN_PARSE_E) {
wolfSSL	4:1b0d80432c79	4778	WOLFSSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
wolfSSL	4:1b0d80432c79	4779	fatal = 1;
wolfSSL	4:1b0d80432c79	4780	}
wolfSSL	4:1b0d80432c79	4781	else {
wolfSSL	4:1b0d80432c79	4782	WOLFSSL_MSG("Failed to verify Peer's cert");
wolfSSL	4:1b0d80432c79	4783	if (ssl->verifyCallback) {
wolfSSL	4:1b0d80432c79	4784	WOLFSSL_MSG("\tCallback override available, will continue");
wolfSSL	4:1b0d80432c79	4785	fatal = 0;
wolfSSL	4:1b0d80432c79	4786	}
wolfSSL	4:1b0d80432c79	4787	else {
wolfSSL	4:1b0d80432c79	4788	WOLFSSL_MSG("\tNo callback override available, fatal");
wolfSSL	4:1b0d80432c79	4789	fatal = 1;
wolfSSL	4:1b0d80432c79	4790	}
wolfSSL	4:1b0d80432c79	4791	}
wolfSSL	4:1b0d80432c79	4792
wolfSSL	4:1b0d80432c79	4793	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	4794	if (fatal == 0 && ssl->secure_renegotiation
wolfSSL	4:1b0d80432c79	4795	&& ssl->secure_renegotiation->enabled) {
wolfSSL	4:1b0d80432c79	4796
wolfSSL	4:1b0d80432c79	4797	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	4798	/* compare against previous time */
wolfSSL	4:1b0d80432c79	4799	if (XMEMCMP(dCert->subjectHash,
wolfSSL	4:1b0d80432c79	4800	ssl->secure_renegotiation->subject_hash,
wolfSSL	4:1b0d80432c79	4801	SHA_DIGEST_SIZE) != 0) {
wolfSSL	4:1b0d80432c79	4802	WOLFSSL_MSG("Peer sent different cert during scr, fatal");
wolfSSL	4:1b0d80432c79	4803	fatal = 1;
wolfSSL	4:1b0d80432c79	4804	ret = SCR_DIFFERENT_CERT_E;
wolfSSL	4:1b0d80432c79	4805	}
wolfSSL	4:1b0d80432c79	4806	}
wolfSSL	4:1b0d80432c79	4807
wolfSSL	4:1b0d80432c79	4808	/* cache peer's hash */
wolfSSL	4:1b0d80432c79	4809	if (fatal == 0) {
wolfSSL	4:1b0d80432c79	4810	XMEMCPY(ssl->secure_renegotiation->subject_hash,
wolfSSL	4:1b0d80432c79	4811	dCert->subjectHash, SHA_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	4812	}
wolfSSL	4:1b0d80432c79	4813	}
wolfSSL	4:1b0d80432c79	4814	#endif
wolfSSL	4:1b0d80432c79	4815
wolfSSL	4:1b0d80432c79	4816	#if defined(HAVE_OCSP) \|\| defined(HAVE_CRL)
wolfSSL	4:1b0d80432c79	4817	if (fatal == 0) {
wolfSSL	4:1b0d80432c79	4818	int doLookup = 1;
wolfSSL	4:1b0d80432c79	4819
wolfSSL	4:1b0d80432c79	4820	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	4821	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	4822	if (ssl->status_request) {
wolfSSL	4:1b0d80432c79	4823	fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert);
wolfSSL	4:1b0d80432c79	4824	doLookup = 0;
wolfSSL	4:1b0d80432c79	4825	}
wolfSSL	4:1b0d80432c79	4826	#endif
wolfSSL	4:1b0d80432c79	4827	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	4828	if (ssl->status_request_v2) {
wolfSSL	4:1b0d80432c79	4829	fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1);
wolfSSL	4:1b0d80432c79	4830	doLookup = 0;
wolfSSL	4:1b0d80432c79	4831	}
wolfSSL	4:1b0d80432c79	4832	#endif
wolfSSL	4:1b0d80432c79	4833	}
wolfSSL	4:1b0d80432c79	4834
wolfSSL	4:1b0d80432c79	4835	#ifdef HAVE_OCSP
wolfSSL	4:1b0d80432c79	4836	if (doLookup && ssl->ctx->cm->ocspEnabled) {
wolfSSL	4:1b0d80432c79	4837	WOLFSSL_MSG("Doing Leaf OCSP check");
wolfSSL	4:1b0d80432c79	4838	ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL);
wolfSSL	4:1b0d80432c79	4839	doLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL	4:1b0d80432c79	4840	if (ret != 0) {
wolfSSL	4:1b0d80432c79	4841	WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL	4:1b0d80432c79	4842	fatal = 0;
wolfSSL	4:1b0d80432c79	4843	}
wolfSSL	4:1b0d80432c79	4844	}
wolfSSL	4:1b0d80432c79	4845	#endif /* HAVE_OCSP */
wolfSSL	4:1b0d80432c79	4846
wolfSSL	4:1b0d80432c79	4847	#ifdef HAVE_CRL
wolfSSL	4:1b0d80432c79	4848	if (doLookup && ssl->ctx->cm->crlEnabled) {
wolfSSL	4:1b0d80432c79	4849	WOLFSSL_MSG("Doing Leaf CRL check");
wolfSSL	4:1b0d80432c79	4850	ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
wolfSSL	4:1b0d80432c79	4851	if (ret != 0) {
wolfSSL	4:1b0d80432c79	4852	WOLFSSL_MSG("\tCRL check not ok");
wolfSSL	4:1b0d80432c79	4853	fatal = 0;
wolfSSL	4:1b0d80432c79	4854	}
wolfSSL	4:1b0d80432c79	4855	}
wolfSSL	4:1b0d80432c79	4856	#endif /* HAVE_CRL */
wolfSSL	4:1b0d80432c79	4857	(void)doLookup;
wolfSSL	4:1b0d80432c79	4858	}
wolfSSL	4:1b0d80432c79	4859	#endif /* HAVE_OCSP \|\| HAVE_CRL */
wolfSSL	4:1b0d80432c79	4860
wolfSSL	4:1b0d80432c79	4861	#ifdef KEEP_PEER_CERT
wolfSSL	4:1b0d80432c79	4862	{
wolfSSL	4:1b0d80432c79	4863	/* set X509 format for peer cert even if fatal */
wolfSSL	4:1b0d80432c79	4864	int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert);
wolfSSL	4:1b0d80432c79	4865	if (copyRet == MEMORY_E)
wolfSSL	4:1b0d80432c79	4866	fatal = 1;
wolfSSL	4:1b0d80432c79	4867	}
wolfSSL	4:1b0d80432c79	4868	#endif
wolfSSL	4:1b0d80432c79	4869
wolfSSL	4:1b0d80432c79	4870	#ifndef IGNORE_KEY_EXTENSIONS
wolfSSL	4:1b0d80432c79	4871	if (dCert->extKeyUsageSet) {
wolfSSL	4:1b0d80432c79	4872	if ((ssl->specs.kea == rsa_kea) &&
wolfSSL	4:1b0d80432c79	4873	(dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL	4:1b0d80432c79	4874	ret = KEYUSE_ENCIPHER_E;
wolfSSL	4:1b0d80432c79	4875	}
wolfSSL	4:1b0d80432c79	4876	if ((ssl->specs.sig_algo == rsa_sa_algo \|\|
wolfSSL	4:1b0d80432c79	4877	(ssl->specs.sig_algo == ecc_dsa_sa_algo &&
wolfSSL	4:1b0d80432c79	4878	!ssl->specs.static_ecdh)) &&
wolfSSL	4:1b0d80432c79	4879	(dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL	4:1b0d80432c79	4880	WOLFSSL_MSG("KeyUse Digital Sig not set");
wolfSSL	4:1b0d80432c79	4881	ret = KEYUSE_SIGNATURE_E;
wolfSSL	4:1b0d80432c79	4882	}
wolfSSL	4:1b0d80432c79	4883	}
wolfSSL	4:1b0d80432c79	4884
wolfSSL	4:1b0d80432c79	4885	if (dCert->extExtKeyUsageSet) {
wolfSSL	4:1b0d80432c79	4886	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	4887	if ((dCert->extExtKeyUsage &
wolfSSL	4:1b0d80432c79	4888	(EXTKEYUSE_ANY \| EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL	4:1b0d80432c79	4889	WOLFSSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL	4:1b0d80432c79	4890	ret = EXTKEYUSE_AUTH_E;
wolfSSL	4:1b0d80432c79	4891	}
wolfSSL	4:1b0d80432c79	4892	}
wolfSSL	4:1b0d80432c79	4893	else {
wolfSSL	4:1b0d80432c79	4894	if ((dCert->extExtKeyUsage &
wolfSSL	4:1b0d80432c79	4895	(EXTKEYUSE_ANY \| EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL	4:1b0d80432c79	4896	WOLFSSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL	4:1b0d80432c79	4897	ret = EXTKEYUSE_AUTH_E;
wolfSSL	4:1b0d80432c79	4898	}
wolfSSL	4:1b0d80432c79	4899	}
wolfSSL	4:1b0d80432c79	4900	}
wolfSSL	4:1b0d80432c79	4901	#endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL	4:1b0d80432c79	4902
wolfSSL	4:1b0d80432c79	4903	if (fatal) {
wolfSSL	4:1b0d80432c79	4904	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	4905	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	4906	XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	4907	#endif
wolfSSL	4:1b0d80432c79	4908	ssl->error = ret;
wolfSSL	4:1b0d80432c79	4909	return ret;
wolfSSL	4:1b0d80432c79	4910	}
wolfSSL	4:1b0d80432c79	4911	ssl->options.havePeerCert = 1;
wolfSSL	4:1b0d80432c79	4912
wolfSSL	4:1b0d80432c79	4913	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	4914	domain = (char*)XMALLOC(ASN_NAME_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	4915	if (domain == NULL) {
wolfSSL	4:1b0d80432c79	4916	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	4917	XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	4918	return MEMORY_E;
wolfSSL	4:1b0d80432c79	4919	}
wolfSSL	4:1b0d80432c79	4920	#endif
wolfSSL	4:1b0d80432c79	4921	/* store for callback use */
wolfSSL	4:1b0d80432c79	4922	if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL	4:1b0d80432c79	4923	XMEMCPY(domain, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL	4:1b0d80432c79	4924	domain[dCert->subjectCNLen] = '\0';
wolfSSL	4:1b0d80432c79	4925	}
wolfSSL	4:1b0d80432c79	4926	else
wolfSSL	4:1b0d80432c79	4927	domain[0] = '\0';
wolfSSL	4:1b0d80432c79	4928
wolfSSL	4:1b0d80432c79	4929	if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL	4:1b0d80432c79	4930	if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
wolfSSL	4:1b0d80432c79	4931	(char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL	4:1b0d80432c79	4932	WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL	4:1b0d80432c79	4933	if (CheckAltNames(dCert,
wolfSSL	4:1b0d80432c79	4934	(char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL	4:1b0d80432c79	4935	WOLFSSL_MSG("DomainName match on alt names failed too");
wolfSSL	4:1b0d80432c79	4936	ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */
wolfSSL	4:1b0d80432c79	4937	}
wolfSSL	4:1b0d80432c79	4938	}
wolfSSL	4:1b0d80432c79	4939	}
wolfSSL	4:1b0d80432c79	4940
wolfSSL	4:1b0d80432c79	4941	/* decode peer key */
wolfSSL	4:1b0d80432c79	4942	switch (dCert->keyOID) {
wolfSSL	4:1b0d80432c79	4943	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	4944	case RSAk:
wolfSSL	4:1b0d80432c79	4945	{
wolfSSL	4:1b0d80432c79	4946	word32 idx = 0;
wolfSSL	4:1b0d80432c79	4947	int keyRet = 0;
wolfSSL	4:1b0d80432c79	4948
wolfSSL	4:1b0d80432c79	4949	if (ssl->peerRsaKey == NULL) {
wolfSSL	4:1b0d80432c79	4950	ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey),
wolfSSL	4:1b0d80432c79	4951	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	4952	if (ssl->peerRsaKey == NULL) {
wolfSSL	4:1b0d80432c79	4953	WOLFSSL_MSG("PeerRsaKey Memory error");
wolfSSL	4:1b0d80432c79	4954	keyRet = MEMORY_E;
wolfSSL	4:1b0d80432c79	4955	} else {
wolfSSL	4:1b0d80432c79	4956	keyRet = wc_InitRsaKey(ssl->peerRsaKey,
wolfSSL	4:1b0d80432c79	4957	ssl->ctx->heap);
wolfSSL	4:1b0d80432c79	4958	}
wolfSSL	4:1b0d80432c79	4959	} else if (ssl->peerRsaKeyPresent) {
wolfSSL	4:1b0d80432c79	4960	/* don't leak on reuse */
wolfSSL	4:1b0d80432c79	4961	wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL	4:1b0d80432c79	4962	ssl->peerRsaKeyPresent = 0;
wolfSSL	4:1b0d80432c79	4963	keyRet = wc_InitRsaKey(ssl->peerRsaKey, ssl->heap);
wolfSSL	4:1b0d80432c79	4964	}
wolfSSL	4:1b0d80432c79	4965
wolfSSL	4:1b0d80432c79	4966	if (keyRet != 0 \|\| wc_RsaPublicKeyDecode(dCert->publicKey,
wolfSSL	4:1b0d80432c79	4967	&idx, ssl->peerRsaKey, dCert->pubKeySize) != 0) {
wolfSSL	4:1b0d80432c79	4968	ret = PEER_KEY_ERROR;
wolfSSL	4:1b0d80432c79	4969	}
wolfSSL	4:1b0d80432c79	4970	else {
wolfSSL	4:1b0d80432c79	4971	ssl->peerRsaKeyPresent = 1;
wolfSSL	4:1b0d80432c79	4972	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	4973	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	4974	ssl->buffers.peerRsaKey.buffer =
wolfSSL	4:1b0d80432c79	4975	(byte*)XMALLOC(dCert->pubKeySize,
wolfSSL	4:1b0d80432c79	4976	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	4:1b0d80432c79	4977	if (ssl->buffers.peerRsaKey.buffer == NULL)
wolfSSL	4:1b0d80432c79	4978	ret = MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	4979	else {
wolfSSL	4:1b0d80432c79	4980	XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL	4:1b0d80432c79	4981	dCert->publicKey, dCert->pubKeySize);
wolfSSL	4:1b0d80432c79	4982	ssl->buffers.peerRsaKey.length =
wolfSSL	4:1b0d80432c79	4983	dCert->pubKeySize;
wolfSSL	4:1b0d80432c79	4984	}
wolfSSL	4:1b0d80432c79	4985	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	4986	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	4987	}
wolfSSL	4:1b0d80432c79	4988	}
wolfSSL	4:1b0d80432c79	4989	break;
wolfSSL	4:1b0d80432c79	4990	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	4991	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	4992	case NTRUk:
wolfSSL	4:1b0d80432c79	4993	{
wolfSSL	4:1b0d80432c79	4994	if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL	4:1b0d80432c79	4995	ret = PEER_KEY_ERROR;
wolfSSL	4:1b0d80432c79	4996	}
wolfSSL	4:1b0d80432c79	4997	else {
wolfSSL	4:1b0d80432c79	4998	XMEMCPY(ssl->peerNtruKey, dCert->publicKey,
wolfSSL	4:1b0d80432c79	4999	dCert->pubKeySize);
wolfSSL	4:1b0d80432c79	5000	ssl->peerNtruKeyLen = (word16)dCert->pubKeySize;
wolfSSL	4:1b0d80432c79	5001	ssl->peerNtruKeyPresent = 1;
wolfSSL	4:1b0d80432c79	5002	}
wolfSSL	4:1b0d80432c79	5003	}
wolfSSL	4:1b0d80432c79	5004	break;
wolfSSL	4:1b0d80432c79	5005	#endif /* HAVE_NTRU */
wolfSSL	4:1b0d80432c79	5006	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	5007	case ECDSAk:
wolfSSL	4:1b0d80432c79	5008	{
wolfSSL	4:1b0d80432c79	5009	if (ssl->peerEccDsaKey == NULL) {
wolfSSL	4:1b0d80432c79	5010	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	5011	ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	5012	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	5013	if (ssl->peerEccDsaKey == NULL) {
wolfSSL	4:1b0d80432c79	5014	WOLFSSL_MSG("PeerEccDsaKey Memory error");
wolfSSL	4:1b0d80432c79	5015	return MEMORY_E;
wolfSSL	4:1b0d80432c79	5016	}
wolfSSL	4:1b0d80432c79	5017	wc_ecc_init(ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	5018	} else if (ssl->peerEccDsaKeyPresent) {
wolfSSL	4:1b0d80432c79	5019	/* don't leak on reuse */
wolfSSL	4:1b0d80432c79	5020	wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	5021	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	4:1b0d80432c79	5022	wc_ecc_init(ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	5023	}
wolfSSL	4:1b0d80432c79	5024	if (wc_ecc_import_x963(dCert->publicKey, dCert->pubKeySize,
wolfSSL	4:1b0d80432c79	5025	ssl->peerEccDsaKey) != 0) {
wolfSSL	4:1b0d80432c79	5026	ret = PEER_KEY_ERROR;
wolfSSL	4:1b0d80432c79	5027	}
wolfSSL	4:1b0d80432c79	5028	else {
wolfSSL	4:1b0d80432c79	5029	ssl->peerEccDsaKeyPresent = 1;
wolfSSL	4:1b0d80432c79	5030	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	5031	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	5032	ssl->buffers.peerEccDsaKey.buffer =
wolfSSL	4:1b0d80432c79	5033	(byte*)XMALLOC(dCert->pubKeySize,
wolfSSL	4:1b0d80432c79	5034	ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	5035	if (ssl->buffers.peerEccDsaKey.buffer == NULL)
wolfSSL	4:1b0d80432c79	5036	ret = MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	5037	else {
wolfSSL	4:1b0d80432c79	5038	XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	4:1b0d80432c79	5039	dCert->publicKey, dCert->pubKeySize);
wolfSSL	4:1b0d80432c79	5040	ssl->buffers.peerEccDsaKey.length =
wolfSSL	4:1b0d80432c79	5041	dCert->pubKeySize;
wolfSSL	4:1b0d80432c79	5042	}
wolfSSL	4:1b0d80432c79	5043	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	5044	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	5045	}
wolfSSL	4:1b0d80432c79	5046	}
wolfSSL	4:1b0d80432c79	5047	break;
wolfSSL	4:1b0d80432c79	5048	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	5049	default:
wolfSSL	4:1b0d80432c79	5050	break;
wolfSSL	4:1b0d80432c79	5051	}
wolfSSL	4:1b0d80432c79	5052
wolfSSL	4:1b0d80432c79	5053	FreeDecodedCert(dCert);
wolfSSL	4:1b0d80432c79	5054	}
wolfSSL	4:1b0d80432c79	5055
wolfSSL	4:1b0d80432c79	5056	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5057	XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5058
wolfSSL	4:1b0d80432c79	5059	store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX),
wolfSSL	4:1b0d80432c79	5060	NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5061	if (store == NULL) {
wolfSSL	4:1b0d80432c79	5062	XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5063	return MEMORY_E;
wolfSSL	4:1b0d80432c79	5064	}
wolfSSL	4:1b0d80432c79	5065	#endif
wolfSSL	4:1b0d80432c79	5066
wolfSSL	4:1b0d80432c79	5067	if (anyError != 0 && ret == 0)
wolfSSL	4:1b0d80432c79	5068	ret = anyError;
wolfSSL	4:1b0d80432c79	5069
wolfSSL	4:1b0d80432c79	5070	if (ret != 0) {
wolfSSL	4:1b0d80432c79	5071	if (!ssl->options.verifyNone) {
wolfSSL	4:1b0d80432c79	5072	int why = bad_certificate;
wolfSSL	4:1b0d80432c79	5073
wolfSSL	4:1b0d80432c79	5074	if (ret == ASN_AFTER_DATE_E \|\| ret == ASN_BEFORE_DATE_E)
wolfSSL	4:1b0d80432c79	5075	why = certificate_expired;
wolfSSL	4:1b0d80432c79	5076	if (ssl->verifyCallback) {
wolfSSL	4:1b0d80432c79	5077	int ok;
wolfSSL	4:1b0d80432c79	5078
wolfSSL	4:1b0d80432c79	5079	store->error = ret;
wolfSSL	4:1b0d80432c79	5080	store->error_depth = totalCerts;
wolfSSL	4:1b0d80432c79	5081	store->discardSessionCerts = 0;
wolfSSL	4:1b0d80432c79	5082	store->domain = domain;
wolfSSL	4:1b0d80432c79	5083	store->userCtx = ssl->verifyCbCtx;
wolfSSL	4:1b0d80432c79	5084	#ifdef KEEP_PEER_CERT
wolfSSL	4:1b0d80432c79	5085	store->current_cert = &ssl->peerCert;
wolfSSL	4:1b0d80432c79	5086	#else
wolfSSL	4:1b0d80432c79	5087	store->current_cert = NULL;
wolfSSL	4:1b0d80432c79	5088	#endif
wolfSSL	4:1b0d80432c79	5089	#if defined(HAVE_FORTRESS) \|\| defined(HAVE_STUNNEL)
wolfSSL	4:1b0d80432c79	5090	store->ex_data = ssl;
wolfSSL	4:1b0d80432c79	5091	#endif
wolfSSL	4:1b0d80432c79	5092	ok = ssl->verifyCallback(0, store);
wolfSSL	4:1b0d80432c79	5093	if (ok) {
wolfSSL	4:1b0d80432c79	5094	WOLFSSL_MSG("Verify callback overriding error!");
wolfSSL	4:1b0d80432c79	5095	ret = 0;
wolfSSL	4:1b0d80432c79	5096	}
wolfSSL	4:1b0d80432c79	5097	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	5098	if (store->discardSessionCerts) {
wolfSSL	4:1b0d80432c79	5099	WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL	4:1b0d80432c79	5100	ssl->session.chain.count = 0;
wolfSSL	4:1b0d80432c79	5101	}
wolfSSL	4:1b0d80432c79	5102	#endif
wolfSSL	4:1b0d80432c79	5103	}
wolfSSL	4:1b0d80432c79	5104	if (ret != 0) {
wolfSSL	4:1b0d80432c79	5105	SendAlert(ssl, alert_fatal, why); /* try to send */
wolfSSL	4:1b0d80432c79	5106	ssl->options.isClosed = 1;
wolfSSL	4:1b0d80432c79	5107	}
wolfSSL	4:1b0d80432c79	5108	}
wolfSSL	4:1b0d80432c79	5109	ssl->error = ret;
wolfSSL	4:1b0d80432c79	5110	}
wolfSSL	4:1b0d80432c79	5111	#ifdef WOLFSSL_ALWAYS_VERIFY_CB
wolfSSL	4:1b0d80432c79	5112	else {
wolfSSL	4:1b0d80432c79	5113	if (ssl->verifyCallback) {
wolfSSL	4:1b0d80432c79	5114	int ok;
wolfSSL	4:1b0d80432c79	5115
wolfSSL	4:1b0d80432c79	5116	store->error = ret;
wolfSSL	4:1b0d80432c79	5117	store->error_depth = totalCerts;
wolfSSL	4:1b0d80432c79	5118	store->discardSessionCerts = 0;
wolfSSL	4:1b0d80432c79	5119	store->domain = domain;
wolfSSL	4:1b0d80432c79	5120	store->userCtx = ssl->verifyCbCtx;
wolfSSL	4:1b0d80432c79	5121	#ifdef KEEP_PEER_CERT
wolfSSL	4:1b0d80432c79	5122	store->current_cert = &ssl->peerCert;
wolfSSL	4:1b0d80432c79	5123	#endif
wolfSSL	4:1b0d80432c79	5124	store->ex_data = ssl;
wolfSSL	4:1b0d80432c79	5125
wolfSSL	4:1b0d80432c79	5126	ok = ssl->verifyCallback(1, store);
wolfSSL	4:1b0d80432c79	5127	if (!ok) {
wolfSSL	4:1b0d80432c79	5128	WOLFSSL_MSG("Verify callback overriding valid certificate!");
wolfSSL	4:1b0d80432c79	5129	ret = -1;
wolfSSL	4:1b0d80432c79	5130	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	4:1b0d80432c79	5131	ssl->options.isClosed = 1;
wolfSSL	4:1b0d80432c79	5132	}
wolfSSL	4:1b0d80432c79	5133	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	5134	if (store->discardSessionCerts) {
wolfSSL	4:1b0d80432c79	5135	WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL	4:1b0d80432c79	5136	ssl->session.chain.count = 0;
wolfSSL	4:1b0d80432c79	5137	}
wolfSSL	4:1b0d80432c79	5138	#endif
wolfSSL	4:1b0d80432c79	5139	}
wolfSSL	4:1b0d80432c79	5140	}
wolfSSL	4:1b0d80432c79	5141	#endif
wolfSSL	4:1b0d80432c79	5142
wolfSSL	4:1b0d80432c79	5143	if (ssl->options.verifyNone &&
wolfSSL	4:1b0d80432c79	5144	(ret == CRL_MISSING \|\| ret == CRL_CERT_REVOKED)) {
wolfSSL	4:1b0d80432c79	5145	WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
wolfSSL	4:1b0d80432c79	5146	ret = ssl->error = 0;
wolfSSL	4:1b0d80432c79	5147	}
wolfSSL	4:1b0d80432c79	5148
wolfSSL	4:1b0d80432c79	5149	if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	4:1b0d80432c79	5150	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	4:1b0d80432c79	5151
wolfSSL	4:1b0d80432c79	5152	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	5153	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	5154	}
wolfSSL	4:1b0d80432c79	5155
wolfSSL	4:1b0d80432c79	5156	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5157	XFREE(store, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5158	XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5159	#endif
wolfSSL	4:1b0d80432c79	5160
wolfSSL	4:1b0d80432c79	5161	return ret;
wolfSSL	4:1b0d80432c79	5162	}
wolfSSL	4:1b0d80432c79	5163
wolfSSL	4:1b0d80432c79	5164
wolfSSL	4:1b0d80432c79	5165	static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	5166	word32 size)
wolfSSL	4:1b0d80432c79	5167	{
wolfSSL	4:1b0d80432c79	5168	int ret = 0;
wolfSSL	4:1b0d80432c79	5169	byte status_type;
wolfSSL	4:1b0d80432c79	5170	word32 status_length;
wolfSSL	4:1b0d80432c79	5171
wolfSSL	4:1b0d80432c79	5172	if (size < ENUM_LEN + OPAQUE24_LEN)
wolfSSL	4:1b0d80432c79	5173	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5174
wolfSSL	4:1b0d80432c79	5175	status_type = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	5176
wolfSSL	4:1b0d80432c79	5177	c24to32(input + *inOutIdx, &status_length);
wolfSSL	4:1b0d80432c79	5178	*inOutIdx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	5179
wolfSSL	4:1b0d80432c79	5180	if (size != ENUM_LEN + OPAQUE24_LEN + status_length)
wolfSSL	4:1b0d80432c79	5181	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5182
wolfSSL	4:1b0d80432c79	5183	switch (status_type) {
wolfSSL	4:1b0d80432c79	5184
wolfSSL	4:1b0d80432c79	5185	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	5186	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	5187
wolfSSL	4:1b0d80432c79	5188	/* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
wolfSSL	4:1b0d80432c79	5189	case WOLFSSL_CSR2_OCSP: {
wolfSSL	4:1b0d80432c79	5190	OcspRequest* request;
wolfSSL	4:1b0d80432c79	5191
wolfSSL	4:1b0d80432c79	5192	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5193	CertStatus* status;
wolfSSL	4:1b0d80432c79	5194	OcspResponse* response;
wolfSSL	4:1b0d80432c79	5195	#else
wolfSSL	4:1b0d80432c79	5196	CertStatus status[1];
wolfSSL	4:1b0d80432c79	5197	OcspResponse response[1];
wolfSSL	4:1b0d80432c79	5198	#endif
wolfSSL	4:1b0d80432c79	5199
wolfSSL	4:1b0d80432c79	5200	do {
wolfSSL	4:1b0d80432c79	5201	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	5202	if (ssl->status_request) {
wolfSSL	4:1b0d80432c79	5203	request = TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL	4:1b0d80432c79	5204	ssl->status_request = 0;
wolfSSL	4:1b0d80432c79	5205	break;
wolfSSL	4:1b0d80432c79	5206	}
wolfSSL	4:1b0d80432c79	5207	#endif
wolfSSL	4:1b0d80432c79	5208
wolfSSL	4:1b0d80432c79	5209	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	5210	if (ssl->status_request_v2) {
wolfSSL	4:1b0d80432c79	5211	request = TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL	4:1b0d80432c79	5212	status_type, 0);
wolfSSL	4:1b0d80432c79	5213	ssl->status_request_v2 = 0;
wolfSSL	4:1b0d80432c79	5214	break;
wolfSSL	4:1b0d80432c79	5215	}
wolfSSL	4:1b0d80432c79	5216	#endif
wolfSSL	4:1b0d80432c79	5217
wolfSSL	4:1b0d80432c79	5218	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5219	} while(0);
wolfSSL	4:1b0d80432c79	5220
wolfSSL	4:1b0d80432c79	5221	if (request == NULL)
wolfSSL	4:1b0d80432c79	5222	return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */
wolfSSL	4:1b0d80432c79	5223
wolfSSL	4:1b0d80432c79	5224	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5225	status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL	4:1b0d80432c79	5226	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5227	response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL	4:1b0d80432c79	5228	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5229
wolfSSL	4:1b0d80432c79	5230	if (status == NULL \|\| response == NULL) {
wolfSSL	4:1b0d80432c79	5231	if (status)
wolfSSL	4:1b0d80432c79	5232	XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5233	if (response)
wolfSSL	4:1b0d80432c79	5234	XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5235
wolfSSL	4:1b0d80432c79	5236	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	5237	}
wolfSSL	4:1b0d80432c79	5238	#endif
wolfSSL	4:1b0d80432c79	5239
wolfSSL	4:1b0d80432c79	5240	InitOcspResponse(response, status, input +*inOutIdx, status_length);
wolfSSL	4:1b0d80432c79	5241
wolfSSL	4:1b0d80432c79	5242	if ((OcspResponseDecode(response, ssl->ctx->cm) != 0)
wolfSSL	4:1b0d80432c79	5243	\|\| (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL	4:1b0d80432c79	5244	\|\| (response->status->status != CERT_GOOD)
wolfSSL	4:1b0d80432c79	5245	\|\| (CompareOcspReqResp(request, response) != 0))
wolfSSL	4:1b0d80432c79	5246	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	4:1b0d80432c79	5247
wolfSSL	4:1b0d80432c79	5248	*inOutIdx += status_length;
wolfSSL	4:1b0d80432c79	5249
wolfSSL	4:1b0d80432c79	5250	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5251	XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5252	XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5253	#endif
wolfSSL	4:1b0d80432c79	5254
wolfSSL	4:1b0d80432c79	5255	}
wolfSSL	4:1b0d80432c79	5256	break;
wolfSSL	4:1b0d80432c79	5257
wolfSSL	4:1b0d80432c79	5258	#endif
wolfSSL	4:1b0d80432c79	5259
wolfSSL	4:1b0d80432c79	5260	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	5261
wolfSSL	4:1b0d80432c79	5262	case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL	4:1b0d80432c79	5263	OcspRequest* request;
wolfSSL	4:1b0d80432c79	5264	word32 list_length = status_length;
wolfSSL	4:1b0d80432c79	5265	byte index = 0;
wolfSSL	4:1b0d80432c79	5266
wolfSSL	4:1b0d80432c79	5267	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5268	CertStatus* status;
wolfSSL	4:1b0d80432c79	5269	OcspResponse* response;
wolfSSL	4:1b0d80432c79	5270	#else
wolfSSL	4:1b0d80432c79	5271	CertStatus status[1];
wolfSSL	4:1b0d80432c79	5272	OcspResponse response[1];
wolfSSL	4:1b0d80432c79	5273	#endif
wolfSSL	4:1b0d80432c79	5274
wolfSSL	4:1b0d80432c79	5275	do {
wolfSSL	4:1b0d80432c79	5276	if (ssl->status_request_v2) {
wolfSSL	4:1b0d80432c79	5277	ssl->status_request_v2 = 0;
wolfSSL	4:1b0d80432c79	5278	break;
wolfSSL	4:1b0d80432c79	5279	}
wolfSSL	4:1b0d80432c79	5280
wolfSSL	4:1b0d80432c79	5281	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5282	} while(0);
wolfSSL	4:1b0d80432c79	5283
wolfSSL	4:1b0d80432c79	5284	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5285	status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL	4:1b0d80432c79	5286	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5287	response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL	4:1b0d80432c79	5288	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5289
wolfSSL	4:1b0d80432c79	5290	if (status == NULL \|\| response == NULL) {
wolfSSL	4:1b0d80432c79	5291	if (status)
wolfSSL	4:1b0d80432c79	5292	XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5293	if (response)
wolfSSL	4:1b0d80432c79	5294	XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5295
wolfSSL	4:1b0d80432c79	5296	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	5297	}
wolfSSL	4:1b0d80432c79	5298	#endif
wolfSSL	4:1b0d80432c79	5299
wolfSSL	4:1b0d80432c79	5300	while (list_length && ret == 0) {
wolfSSL	4:1b0d80432c79	5301	if (OPAQUE24_LEN > list_length) {
wolfSSL	4:1b0d80432c79	5302	ret = BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5303	break;
wolfSSL	4:1b0d80432c79	5304	}
wolfSSL	4:1b0d80432c79	5305
wolfSSL	4:1b0d80432c79	5306	c24to32(input + *inOutIdx, &status_length);
wolfSSL	4:1b0d80432c79	5307	*inOutIdx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	5308	list_length -= OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	5309
wolfSSL	4:1b0d80432c79	5310	if (status_length > list_length) {
wolfSSL	4:1b0d80432c79	5311	ret = BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5312	break;
wolfSSL	4:1b0d80432c79	5313	}
wolfSSL	4:1b0d80432c79	5314
wolfSSL	4:1b0d80432c79	5315	if (status_length) {
wolfSSL	4:1b0d80432c79	5316	InitOcspResponse(response, status, input +*inOutIdx,
wolfSSL	4:1b0d80432c79	5317	status_length);
wolfSSL	4:1b0d80432c79	5318
wolfSSL	4:1b0d80432c79	5319	if ((OcspResponseDecode(response, ssl->ctx->cm) != 0)
wolfSSL	4:1b0d80432c79	5320	\|\| (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL	4:1b0d80432c79	5321	\|\| (response->status->status != CERT_GOOD))
wolfSSL	4:1b0d80432c79	5322	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	4:1b0d80432c79	5323
wolfSSL	4:1b0d80432c79	5324	while (ret == 0) {
wolfSSL	4:1b0d80432c79	5325	request = TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL	4:1b0d80432c79	5326	status_type, index++);
wolfSSL	4:1b0d80432c79	5327
wolfSSL	4:1b0d80432c79	5328	if (request == NULL)
wolfSSL	4:1b0d80432c79	5329	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	4:1b0d80432c79	5330	else if (CompareOcspReqResp(request, response) == 0)
wolfSSL	4:1b0d80432c79	5331	break;
wolfSSL	4:1b0d80432c79	5332	else if (index == 1) /* server cert must be OK */
wolfSSL	4:1b0d80432c79	5333	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	4:1b0d80432c79	5334	}
wolfSSL	4:1b0d80432c79	5335
wolfSSL	4:1b0d80432c79	5336	*inOutIdx += status_length;
wolfSSL	4:1b0d80432c79	5337	list_length -= status_length;
wolfSSL	4:1b0d80432c79	5338	}
wolfSSL	4:1b0d80432c79	5339	}
wolfSSL	4:1b0d80432c79	5340
wolfSSL	4:1b0d80432c79	5341	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	5342	ssl->status_request_v2 = 0;
wolfSSL	4:1b0d80432c79	5343	#endif
wolfSSL	4:1b0d80432c79	5344
wolfSSL	4:1b0d80432c79	5345	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	5346	XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5347	XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	5348	#endif
wolfSSL	4:1b0d80432c79	5349
wolfSSL	4:1b0d80432c79	5350	}
wolfSSL	4:1b0d80432c79	5351	break;
wolfSSL	4:1b0d80432c79	5352
wolfSSL	4:1b0d80432c79	5353	#endif
wolfSSL	4:1b0d80432c79	5354
wolfSSL	4:1b0d80432c79	5355	default:
wolfSSL	4:1b0d80432c79	5356	ret = BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5357	}
wolfSSL	4:1b0d80432c79	5358
wolfSSL	4:1b0d80432c79	5359	if (ret != 0)
wolfSSL	4:1b0d80432c79	5360	SendAlert(ssl, alert_fatal, bad_certificate_status_response);
wolfSSL	4:1b0d80432c79	5361
wolfSSL	4:1b0d80432c79	5362	return ret;
wolfSSL	4:1b0d80432c79	5363	}
wolfSSL	4:1b0d80432c79	5364
wolfSSL	4:1b0d80432c79	5365	#endif /* !NO_CERTS */
wolfSSL	4:1b0d80432c79	5366
wolfSSL	4:1b0d80432c79	5367
wolfSSL	4:1b0d80432c79	5368	static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	5369	word32 size, word32 totalSz)
wolfSSL	4:1b0d80432c79	5370	{
wolfSSL	4:1b0d80432c79	5371	(void)input;
wolfSSL	4:1b0d80432c79	5372
wolfSSL	4:1b0d80432c79	5373	if (size) /* must be 0 */
wolfSSL	4:1b0d80432c79	5374	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5375
wolfSSL	4:1b0d80432c79	5376	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	5377	/* access beyond input + size should be checked against totalSz */
wolfSSL	4:1b0d80432c79	5378	if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL	4:1b0d80432c79	5379	return BUFFER_E;
wolfSSL	4:1b0d80432c79	5380
wolfSSL	4:1b0d80432c79	5381	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	5382	}
wolfSSL	4:1b0d80432c79	5383
wolfSSL	4:1b0d80432c79	5384	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	5385	SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL	4:1b0d80432c79	5386	return FATAL_ERROR;
wolfSSL	4:1b0d80432c79	5387	}
wolfSSL	4:1b0d80432c79	5388	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	5389	else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL	4:1b0d80432c79	5390	ssl->secure_renegotiation->startScr = 1;
wolfSSL	4:1b0d80432c79	5391	return 0;
wolfSSL	4:1b0d80432c79	5392	}
wolfSSL	4:1b0d80432c79	5393	#endif
wolfSSL	4:1b0d80432c79	5394	else {
wolfSSL	4:1b0d80432c79	5395	return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL	4:1b0d80432c79	5396	}
wolfSSL	4:1b0d80432c79	5397	}
wolfSSL	4:1b0d80432c79	5398
wolfSSL	4:1b0d80432c79	5399
wolfSSL	4:1b0d80432c79	5400	int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL	4:1b0d80432c79	5401	word32 totalSz, int sniff)
wolfSSL	4:1b0d80432c79	5402	{
wolfSSL	4:1b0d80432c79	5403	word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL	4:1b0d80432c79	5404
wolfSSL	4:1b0d80432c79	5405	if (finishedSz != size)
wolfSSL	4:1b0d80432c79	5406	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5407
wolfSSL	4:1b0d80432c79	5408	/* check against totalSz */
wolfSSL	4:1b0d80432c79	5409	if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL	4:1b0d80432c79	5410	return BUFFER_E;
wolfSSL	4:1b0d80432c79	5411
wolfSSL	4:1b0d80432c79	5412	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	5413	if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	5414	if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	5415	#endif
wolfSSL	4:1b0d80432c79	5416
wolfSSL	4:1b0d80432c79	5417	if (sniff == NO_SNIFF) {
wolfSSL	4:1b0d80432c79	5418	if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
wolfSSL	4:1b0d80432c79	5419	WOLFSSL_MSG("Verify finished error on hashes");
wolfSSL	4:1b0d80432c79	5420	return VERIFY_FINISHED_ERROR;
wolfSSL	4:1b0d80432c79	5421	}
wolfSSL	4:1b0d80432c79	5422	}
wolfSSL	4:1b0d80432c79	5423
wolfSSL	4:1b0d80432c79	5424	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	5425	if (ssl->secure_renegotiation) {
wolfSSL	4:1b0d80432c79	5426	/* save peer's state */
wolfSSL	4:1b0d80432c79	5427	if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	4:1b0d80432c79	5428	XMEMCPY(ssl->secure_renegotiation->server_verify_data,
wolfSSL	4:1b0d80432c79	5429	input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	5430	else
wolfSSL	4:1b0d80432c79	5431	XMEMCPY(ssl->secure_renegotiation->client_verify_data,
wolfSSL	4:1b0d80432c79	5432	input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	5433	}
wolfSSL	4:1b0d80432c79	5434	#endif
wolfSSL	4:1b0d80432c79	5435
wolfSSL	4:1b0d80432c79	5436	/* force input exhaustion at ProcessReply consuming padSz */
wolfSSL	4:1b0d80432c79	5437	*inOutIdx += size + ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	5438
wolfSSL	4:1b0d80432c79	5439	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	5440	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	4:1b0d80432c79	5441	if (!ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	5442	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	4:1b0d80432c79	5443	ssl->options.handShakeDone = 1;
wolfSSL	4:1b0d80432c79	5444	}
wolfSSL	4:1b0d80432c79	5445	}
wolfSSL	4:1b0d80432c79	5446	else {
wolfSSL	4:1b0d80432c79	5447	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	4:1b0d80432c79	5448	if (ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	5449	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	4:1b0d80432c79	5450	ssl->options.handShakeDone = 1;
wolfSSL	4:1b0d80432c79	5451	}
wolfSSL	4:1b0d80432c79	5452	}
wolfSSL	4:1b0d80432c79	5453
wolfSSL	4:1b0d80432c79	5454	return 0;
wolfSSL	4:1b0d80432c79	5455	}
wolfSSL	4:1b0d80432c79	5456
wolfSSL	4:1b0d80432c79	5457
wolfSSL	4:1b0d80432c79	5458	/* Make sure no duplicates, no fast forward, or other problems; 0 on success */
wolfSSL	4:1b0d80432c79	5459	static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
wolfSSL	4:1b0d80432c79	5460	{
wolfSSL	4:1b0d80432c79	5461	/* verify not a duplicate, mark received, check state */
wolfSSL	4:1b0d80432c79	5462	switch (type) {
wolfSSL	4:1b0d80432c79	5463
wolfSSL	4:1b0d80432c79	5464	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5465	case hello_request:
wolfSSL	4:1b0d80432c79	5466	if (ssl->msgsReceived.got_hello_request) {
wolfSSL	4:1b0d80432c79	5467	WOLFSSL_MSG("Duplicate HelloRequest received");
wolfSSL	4:1b0d80432c79	5468	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5469	}
wolfSSL	4:1b0d80432c79	5470	ssl->msgsReceived.got_hello_request = 1;
wolfSSL	4:1b0d80432c79	5471
wolfSSL	4:1b0d80432c79	5472	break;
wolfSSL	4:1b0d80432c79	5473	#endif
wolfSSL	4:1b0d80432c79	5474
wolfSSL	4:1b0d80432c79	5475	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5476	case client_hello:
wolfSSL	4:1b0d80432c79	5477	if (ssl->msgsReceived.got_client_hello) {
wolfSSL	4:1b0d80432c79	5478	WOLFSSL_MSG("Duplicate ClientHello received");
wolfSSL	4:1b0d80432c79	5479	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5480	}
wolfSSL	4:1b0d80432c79	5481	ssl->msgsReceived.got_client_hello = 1;
wolfSSL	4:1b0d80432c79	5482
wolfSSL	4:1b0d80432c79	5483	break;
wolfSSL	4:1b0d80432c79	5484	#endif
wolfSSL	4:1b0d80432c79	5485
wolfSSL	4:1b0d80432c79	5486	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5487	case server_hello:
wolfSSL	4:1b0d80432c79	5488	if (ssl->msgsReceived.got_server_hello) {
wolfSSL	4:1b0d80432c79	5489	WOLFSSL_MSG("Duplicate ServerHello received");
wolfSSL	4:1b0d80432c79	5490	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5491	}
wolfSSL	4:1b0d80432c79	5492	ssl->msgsReceived.got_server_hello = 1;
wolfSSL	4:1b0d80432c79	5493
wolfSSL	4:1b0d80432c79	5494	break;
wolfSSL	4:1b0d80432c79	5495	#endif
wolfSSL	4:1b0d80432c79	5496
wolfSSL	4:1b0d80432c79	5497	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5498	case hello_verify_request:
wolfSSL	4:1b0d80432c79	5499	if (ssl->msgsReceived.got_hello_verify_request) {
wolfSSL	4:1b0d80432c79	5500	WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
wolfSSL	4:1b0d80432c79	5501	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5502	}
wolfSSL	4:1b0d80432c79	5503	ssl->msgsReceived.got_hello_verify_request = 1;
wolfSSL	4:1b0d80432c79	5504
wolfSSL	4:1b0d80432c79	5505	break;
wolfSSL	4:1b0d80432c79	5506	#endif
wolfSSL	4:1b0d80432c79	5507
wolfSSL	4:1b0d80432c79	5508	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5509	case session_ticket:
wolfSSL	4:1b0d80432c79	5510	if (ssl->msgsReceived.got_session_ticket) {
wolfSSL	4:1b0d80432c79	5511	WOLFSSL_MSG("Duplicate SessionTicket received");
wolfSSL	4:1b0d80432c79	5512	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5513	}
wolfSSL	4:1b0d80432c79	5514	ssl->msgsReceived.got_session_ticket = 1;
wolfSSL	4:1b0d80432c79	5515
wolfSSL	4:1b0d80432c79	5516	break;
wolfSSL	4:1b0d80432c79	5517	#endif
wolfSSL	4:1b0d80432c79	5518
wolfSSL	4:1b0d80432c79	5519	case certificate:
wolfSSL	4:1b0d80432c79	5520	if (ssl->msgsReceived.got_certificate) {
wolfSSL	4:1b0d80432c79	5521	WOLFSSL_MSG("Duplicate Certificate received");
wolfSSL	4:1b0d80432c79	5522	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5523	}
wolfSSL	4:1b0d80432c79	5524	ssl->msgsReceived.got_certificate = 1;
wolfSSL	4:1b0d80432c79	5525
wolfSSL	4:1b0d80432c79	5526	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5527	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	5528	if ( ssl->msgsReceived.got_server_hello == 0) {
wolfSSL	4:1b0d80432c79	5529	WOLFSSL_MSG("No ServerHello before Cert");
wolfSSL	4:1b0d80432c79	5530	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5531	}
wolfSSL	4:1b0d80432c79	5532	}
wolfSSL	4:1b0d80432c79	5533	#endif
wolfSSL	4:1b0d80432c79	5534	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5535	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	5536	if ( ssl->msgsReceived.got_client_hello == 0) {
wolfSSL	4:1b0d80432c79	5537	WOLFSSL_MSG("No ClientHello before Cert");
wolfSSL	4:1b0d80432c79	5538	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5539	}
wolfSSL	4:1b0d80432c79	5540	}
wolfSSL	4:1b0d80432c79	5541	#endif
wolfSSL	4:1b0d80432c79	5542	break;
wolfSSL	4:1b0d80432c79	5543
wolfSSL	4:1b0d80432c79	5544	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5545	case certificate_status:
wolfSSL	4:1b0d80432c79	5546	if (ssl->msgsReceived.got_certificate_status) {
wolfSSL	4:1b0d80432c79	5547	WOLFSSL_MSG("Duplicate CertificateSatatus received");
wolfSSL	4:1b0d80432c79	5548	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5549	}
wolfSSL	4:1b0d80432c79	5550	ssl->msgsReceived.got_certificate_status = 1;
wolfSSL	4:1b0d80432c79	5551
wolfSSL	4:1b0d80432c79	5552	if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL	4:1b0d80432c79	5553	WOLFSSL_MSG("No Certificate before CertificateStatus");
wolfSSL	4:1b0d80432c79	5554	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5555	}
wolfSSL	4:1b0d80432c79	5556	if (ssl->msgsReceived.got_server_key_exchange != 0) {
wolfSSL	4:1b0d80432c79	5557	WOLFSSL_MSG("CertificateStatus after ServerKeyExchange");
wolfSSL	4:1b0d80432c79	5558	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5559	}
wolfSSL	4:1b0d80432c79	5560
wolfSSL	4:1b0d80432c79	5561	break;
wolfSSL	4:1b0d80432c79	5562	#endif
wolfSSL	4:1b0d80432c79	5563
wolfSSL	4:1b0d80432c79	5564	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5565	case server_key_exchange:
wolfSSL	4:1b0d80432c79	5566	if (ssl->msgsReceived.got_server_key_exchange) {
wolfSSL	4:1b0d80432c79	5567	WOLFSSL_MSG("Duplicate ServerKeyExchange received");
wolfSSL	4:1b0d80432c79	5568	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5569	}
wolfSSL	4:1b0d80432c79	5570	ssl->msgsReceived.got_server_key_exchange = 1;
wolfSSL	4:1b0d80432c79	5571
wolfSSL	4:1b0d80432c79	5572	if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL	4:1b0d80432c79	5573	WOLFSSL_MSG("No ServerHello before ServerKeyExchange");
wolfSSL	4:1b0d80432c79	5574	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5575	}
wolfSSL	4:1b0d80432c79	5576	if (ssl->msgsReceived.got_certificate_status == 0) {
wolfSSL	4:1b0d80432c79	5577	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	5578	if (ssl->status_request) {
wolfSSL	4:1b0d80432c79	5579	int ret;
wolfSSL	4:1b0d80432c79	5580
wolfSSL	4:1b0d80432c79	5581	WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL	4:1b0d80432c79	5582	if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0)
wolfSSL	4:1b0d80432c79	5583	return ret;
wolfSSL	4:1b0d80432c79	5584	}
wolfSSL	4:1b0d80432c79	5585	#endif
wolfSSL	4:1b0d80432c79	5586	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	5587	if (ssl->status_request_v2) {
wolfSSL	4:1b0d80432c79	5588	int ret;
wolfSSL	4:1b0d80432c79	5589
wolfSSL	4:1b0d80432c79	5590	WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL	4:1b0d80432c79	5591	if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0)
wolfSSL	4:1b0d80432c79	5592	return ret;
wolfSSL	4:1b0d80432c79	5593	}
wolfSSL	4:1b0d80432c79	5594	#endif
wolfSSL	4:1b0d80432c79	5595	}
wolfSSL	4:1b0d80432c79	5596
wolfSSL	4:1b0d80432c79	5597	break;
wolfSSL	4:1b0d80432c79	5598	#endif
wolfSSL	4:1b0d80432c79	5599
wolfSSL	4:1b0d80432c79	5600	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5601	case certificate_request:
wolfSSL	4:1b0d80432c79	5602	if (ssl->msgsReceived.got_certificate_request) {
wolfSSL	4:1b0d80432c79	5603	WOLFSSL_MSG("Duplicate CertificateRequest received");
wolfSSL	4:1b0d80432c79	5604	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5605	}
wolfSSL	4:1b0d80432c79	5606	ssl->msgsReceived.got_certificate_request = 1;
wolfSSL	4:1b0d80432c79	5607
wolfSSL	4:1b0d80432c79	5608	break;
wolfSSL	4:1b0d80432c79	5609	#endif
wolfSSL	4:1b0d80432c79	5610
wolfSSL	4:1b0d80432c79	5611	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5612	case server_hello_done:
wolfSSL	4:1b0d80432c79	5613	if (ssl->msgsReceived.got_server_hello_done) {
wolfSSL	4:1b0d80432c79	5614	WOLFSSL_MSG("Duplicate ServerHelloDone received");
wolfSSL	4:1b0d80432c79	5615	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5616	}
wolfSSL	4:1b0d80432c79	5617	ssl->msgsReceived.got_server_hello_done = 1;
wolfSSL	4:1b0d80432c79	5618
wolfSSL	4:1b0d80432c79	5619	if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL	4:1b0d80432c79	5620	if (ssl->specs.kea == psk_kea \|\|
wolfSSL	4:1b0d80432c79	5621	ssl->specs.kea == dhe_psk_kea \|\|
wolfSSL	4:1b0d80432c79	5622	ssl->specs.kea == ecdhe_psk_kea \|\|
wolfSSL	4:1b0d80432c79	5623	ssl->options.usingAnon_cipher) {
wolfSSL	4:1b0d80432c79	5624	WOLFSSL_MSG("No Cert required");
wolfSSL	4:1b0d80432c79	5625	} else {
wolfSSL	4:1b0d80432c79	5626	WOLFSSL_MSG("No Certificate before ServerHelloDone");
wolfSSL	4:1b0d80432c79	5627	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5628	}
wolfSSL	4:1b0d80432c79	5629	}
wolfSSL	4:1b0d80432c79	5630	if (ssl->msgsReceived.got_server_key_exchange == 0) {
wolfSSL	4:1b0d80432c79	5631	int pskNoServerHint = 0; /* not required in this case */
wolfSSL	4:1b0d80432c79	5632
wolfSSL	4:1b0d80432c79	5633	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	5634	if (ssl->specs.kea == psk_kea &&
wolfSSL	4:1b0d80432c79	5635	ssl->arrays->server_hint[0] == 0)
wolfSSL	4:1b0d80432c79	5636	pskNoServerHint = 1;
wolfSSL	4:1b0d80432c79	5637	#endif
wolfSSL	4:1b0d80432c79	5638	if (ssl->specs.static_ecdh == 1 \|\|
wolfSSL	4:1b0d80432c79	5639	ssl->specs.kea == rsa_kea \|\|
wolfSSL	4:1b0d80432c79	5640	ssl->specs.kea == ntru_kea \|\|
wolfSSL	4:1b0d80432c79	5641	pskNoServerHint) {
wolfSSL	4:1b0d80432c79	5642	WOLFSSL_MSG("No KeyExchange required");
wolfSSL	4:1b0d80432c79	5643	} else {
wolfSSL	4:1b0d80432c79	5644	WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
wolfSSL	4:1b0d80432c79	5645	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5646	}
wolfSSL	4:1b0d80432c79	5647	}
wolfSSL	4:1b0d80432c79	5648	break;
wolfSSL	4:1b0d80432c79	5649	#endif
wolfSSL	4:1b0d80432c79	5650
wolfSSL	4:1b0d80432c79	5651	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5652	case certificate_verify:
wolfSSL	4:1b0d80432c79	5653	if (ssl->msgsReceived.got_certificate_verify) {
wolfSSL	4:1b0d80432c79	5654	WOLFSSL_MSG("Duplicate CertificateVerify received");
wolfSSL	4:1b0d80432c79	5655	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5656	}
wolfSSL	4:1b0d80432c79	5657	ssl->msgsReceived.got_certificate_verify = 1;
wolfSSL	4:1b0d80432c79	5658
wolfSSL	4:1b0d80432c79	5659	if ( ssl->msgsReceived.got_certificate == 0) {
wolfSSL	4:1b0d80432c79	5660	WOLFSSL_MSG("No Cert before CertVerify");
wolfSSL	4:1b0d80432c79	5661	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5662	}
wolfSSL	4:1b0d80432c79	5663	break;
wolfSSL	4:1b0d80432c79	5664	#endif
wolfSSL	4:1b0d80432c79	5665
wolfSSL	4:1b0d80432c79	5666	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5667	case client_key_exchange:
wolfSSL	4:1b0d80432c79	5668	if (ssl->msgsReceived.got_client_key_exchange) {
wolfSSL	4:1b0d80432c79	5669	WOLFSSL_MSG("Duplicate ClientKeyExchange received");
wolfSSL	4:1b0d80432c79	5670	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5671	}
wolfSSL	4:1b0d80432c79	5672	ssl->msgsReceived.got_client_key_exchange = 1;
wolfSSL	4:1b0d80432c79	5673
wolfSSL	4:1b0d80432c79	5674	if (ssl->msgsReceived.got_client_hello == 0) {
wolfSSL	4:1b0d80432c79	5675	WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
wolfSSL	4:1b0d80432c79	5676	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5677	}
wolfSSL	4:1b0d80432c79	5678	break;
wolfSSL	4:1b0d80432c79	5679	#endif
wolfSSL	4:1b0d80432c79	5680
wolfSSL	4:1b0d80432c79	5681	case finished:
wolfSSL	4:1b0d80432c79	5682	if (ssl->msgsReceived.got_finished) {
wolfSSL	4:1b0d80432c79	5683	WOLFSSL_MSG("Duplicate Finished received");
wolfSSL	4:1b0d80432c79	5684	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5685	}
wolfSSL	4:1b0d80432c79	5686	ssl->msgsReceived.got_finished = 1;
wolfSSL	4:1b0d80432c79	5687
wolfSSL	4:1b0d80432c79	5688	if (ssl->msgsReceived.got_change_cipher == 0) {
wolfSSL	4:1b0d80432c79	5689	WOLFSSL_MSG("Finished received before ChangeCipher");
wolfSSL	4:1b0d80432c79	5690	return NO_CHANGE_CIPHER_E;
wolfSSL	4:1b0d80432c79	5691	}
wolfSSL	4:1b0d80432c79	5692
wolfSSL	4:1b0d80432c79	5693	break;
wolfSSL	4:1b0d80432c79	5694
wolfSSL	4:1b0d80432c79	5695	case change_cipher_hs:
wolfSSL	4:1b0d80432c79	5696	if (ssl->msgsReceived.got_change_cipher) {
wolfSSL	4:1b0d80432c79	5697	WOLFSSL_MSG("Duplicate ChangeCipher received");
wolfSSL	4:1b0d80432c79	5698	return DUPLICATE_MSG_E;
wolfSSL	4:1b0d80432c79	5699	}
wolfSSL	4:1b0d80432c79	5700	ssl->msgsReceived.got_change_cipher = 1;
wolfSSL	4:1b0d80432c79	5701
wolfSSL	4:1b0d80432c79	5702	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5703	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	5704	if (!ssl->options.resuming &&
wolfSSL	4:1b0d80432c79	5705	ssl->msgsReceived.got_server_hello_done == 0) {
wolfSSL	4:1b0d80432c79	5706	WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
wolfSSL	4:1b0d80432c79	5707	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5708	}
wolfSSL	4:1b0d80432c79	5709	}
wolfSSL	4:1b0d80432c79	5710	#endif
wolfSSL	4:1b0d80432c79	5711	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5712	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	5713	if (!ssl->options.resuming &&
wolfSSL	4:1b0d80432c79	5714	ssl->msgsReceived.got_client_key_exchange == 0) {
wolfSSL	4:1b0d80432c79	5715	WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
wolfSSL	4:1b0d80432c79	5716	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5717	}
wolfSSL	4:1b0d80432c79	5718	}
wolfSSL	4:1b0d80432c79	5719	#endif
wolfSSL	4:1b0d80432c79	5720
wolfSSL	4:1b0d80432c79	5721	break;
wolfSSL	4:1b0d80432c79	5722
wolfSSL	4:1b0d80432c79	5723	default:
wolfSSL	4:1b0d80432c79	5724	WOLFSSL_MSG("Unknown message type");
wolfSSL	4:1b0d80432c79	5725	return SANITY_MSG_E;
wolfSSL	4:1b0d80432c79	5726	}
wolfSSL	4:1b0d80432c79	5727
wolfSSL	4:1b0d80432c79	5728	return 0;
wolfSSL	4:1b0d80432c79	5729	}
wolfSSL	4:1b0d80432c79	5730
wolfSSL	4:1b0d80432c79	5731
wolfSSL	4:1b0d80432c79	5732	static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	5733	byte type, word32 size, word32 totalSz)
wolfSSL	4:1b0d80432c79	5734	{
wolfSSL	4:1b0d80432c79	5735	int ret = 0;
wolfSSL	4:1b0d80432c79	5736	(void)totalSz;
wolfSSL	4:1b0d80432c79	5737
wolfSSL	4:1b0d80432c79	5738	WOLFSSL_ENTER("DoHandShakeMsgType");
wolfSSL	4:1b0d80432c79	5739
wolfSSL	4:1b0d80432c79	5740	/* make sure can read the message */
wolfSSL	4:1b0d80432c79	5741	if (*inOutIdx + size > totalSz)
wolfSSL	4:1b0d80432c79	5742	return INCOMPLETE_DATA;
wolfSSL	4:1b0d80432c79	5743
wolfSSL	4:1b0d80432c79	5744	/* sanity check msg received */
wolfSSL	4:1b0d80432c79	5745	if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
wolfSSL	4:1b0d80432c79	5746	WOLFSSL_MSG("Sanity Check on handshake message type received failed");
wolfSSL	4:1b0d80432c79	5747	return ret;
wolfSSL	4:1b0d80432c79	5748	}
wolfSSL	4:1b0d80432c79	5749
wolfSSL	4:1b0d80432c79	5750	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	5751	/* add name later, add on record and handshake header part back on */
wolfSSL	4:1b0d80432c79	5752	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	5753	int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	5754	AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
wolfSSL	4:1b0d80432c79	5755	size + add, ssl->heap);
wolfSSL	4:1b0d80432c79	5756	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	5757	}
wolfSSL	4:1b0d80432c79	5758	#endif
wolfSSL	4:1b0d80432c79	5759
wolfSSL	4:1b0d80432c79	5760	if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL	4:1b0d80432c79	5761	WOLFSSL_MSG("HandShake message after handshake complete");
wolfSSL	4:1b0d80432c79	5762	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	5763	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5764	}
wolfSSL	4:1b0d80432c79	5765
wolfSSL	4:1b0d80432c79	5766	if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL	4:1b0d80432c79	5767	ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL	4:1b0d80432c79	5768	WOLFSSL_MSG("First server message not server hello");
wolfSSL	4:1b0d80432c79	5769	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	5770	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5771	}
wolfSSL	4:1b0d80432c79	5772
wolfSSL	4:1b0d80432c79	5773	if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
wolfSSL	4:1b0d80432c79	5774	type == server_hello_done &&
wolfSSL	4:1b0d80432c79	5775	ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL	4:1b0d80432c79	5776	WOLFSSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL	4:1b0d80432c79	5777	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	5778	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5779	}
wolfSSL	4:1b0d80432c79	5780
wolfSSL	4:1b0d80432c79	5781	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	4:1b0d80432c79	5782	ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL	4:1b0d80432c79	5783	WOLFSSL_MSG("First client message not client hello");
wolfSSL	4:1b0d80432c79	5784	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	5785	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	5786	}
wolfSSL	4:1b0d80432c79	5787
wolfSSL	4:1b0d80432c79	5788	/* above checks handshake state */
wolfSSL	4:1b0d80432c79	5789	/* hello_request not hashed */
wolfSSL	4:1b0d80432c79	5790	/* Also, skip hashing the client_hello message here for DTLS. It will be
wolfSSL	4:1b0d80432c79	5791	* hashed later if the DTLS cookie is correct. */
wolfSSL	4:1b0d80432c79	5792	if (type != hello_request && !(ssl->options.dtls && type == client_hello)) {
wolfSSL	4:1b0d80432c79	5793	ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL	4:1b0d80432c79	5794	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	5795	}
wolfSSL	4:1b0d80432c79	5796
wolfSSL	4:1b0d80432c79	5797	switch (type) {
wolfSSL	4:1b0d80432c79	5798
wolfSSL	4:1b0d80432c79	5799	case hello_request:
wolfSSL	4:1b0d80432c79	5800	WOLFSSL_MSG("processing hello request");
wolfSSL	4:1b0d80432c79	5801	ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL	4:1b0d80432c79	5802	break;
wolfSSL	4:1b0d80432c79	5803
wolfSSL	4:1b0d80432c79	5804	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	5805	case hello_verify_request:
wolfSSL	4:1b0d80432c79	5806	WOLFSSL_MSG("processing hello verify request");
wolfSSL	4:1b0d80432c79	5807	ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL	4:1b0d80432c79	5808	break;
wolfSSL	4:1b0d80432c79	5809
wolfSSL	4:1b0d80432c79	5810	case server_hello:
wolfSSL	4:1b0d80432c79	5811	WOLFSSL_MSG("processing server hello");
wolfSSL	4:1b0d80432c79	5812	ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5813	break;
wolfSSL	4:1b0d80432c79	5814
wolfSSL	4:1b0d80432c79	5815	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	5816	case certificate_request:
wolfSSL	4:1b0d80432c79	5817	WOLFSSL_MSG("processing certificate request");
wolfSSL	4:1b0d80432c79	5818	ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5819	break;
wolfSSL	4:1b0d80432c79	5820	#endif
wolfSSL	4:1b0d80432c79	5821
wolfSSL	4:1b0d80432c79	5822	case server_key_exchange:
wolfSSL	4:1b0d80432c79	5823	WOLFSSL_MSG("processing server key exchange");
wolfSSL	4:1b0d80432c79	5824	ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5825	break;
wolfSSL	4:1b0d80432c79	5826
wolfSSL	4:1b0d80432c79	5827	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	5828	case session_ticket:
wolfSSL	4:1b0d80432c79	5829	WOLFSSL_MSG("processing session ticket");
wolfSSL	4:1b0d80432c79	5830	ret = DoSessionTicket(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5831	break;
wolfSSL	4:1b0d80432c79	5832	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	5833	#endif
wolfSSL	4:1b0d80432c79	5834
wolfSSL	4:1b0d80432c79	5835	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	5836	case certificate:
wolfSSL	4:1b0d80432c79	5837	WOLFSSL_MSG("processing certificate");
wolfSSL	4:1b0d80432c79	5838	ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5839	break;
wolfSSL	4:1b0d80432c79	5840
wolfSSL	4:1b0d80432c79	5841	case certificate_status:
wolfSSL	4:1b0d80432c79	5842	WOLFSSL_MSG("processing certificate status");
wolfSSL	4:1b0d80432c79	5843	ret = DoCertificateStatus(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5844	break;
wolfSSL	4:1b0d80432c79	5845	#endif
wolfSSL	4:1b0d80432c79	5846
wolfSSL	4:1b0d80432c79	5847	case server_hello_done:
wolfSSL	4:1b0d80432c79	5848	WOLFSSL_MSG("processing server hello done");
wolfSSL	4:1b0d80432c79	5849	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	5850	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	5851	AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	5852	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	5853	AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	5854	#endif
wolfSSL	4:1b0d80432c79	5855	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	4:1b0d80432c79	5856	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	5857	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	5858	}
wolfSSL	4:1b0d80432c79	5859	if (ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	5860	WOLFSSL_MSG("Not resuming as thought");
wolfSSL	4:1b0d80432c79	5861	ssl->options.resuming = 0;
wolfSSL	4:1b0d80432c79	5862	}
wolfSSL	4:1b0d80432c79	5863	break;
wolfSSL	4:1b0d80432c79	5864
wolfSSL	4:1b0d80432c79	5865	case finished:
wolfSSL	4:1b0d80432c79	5866	WOLFSSL_MSG("processing finished");
wolfSSL	4:1b0d80432c79	5867	ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL	4:1b0d80432c79	5868	break;
wolfSSL	4:1b0d80432c79	5869
wolfSSL	4:1b0d80432c79	5870	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	5871	case client_hello:
wolfSSL	4:1b0d80432c79	5872	WOLFSSL_MSG("processing client hello");
wolfSSL	4:1b0d80432c79	5873	ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5874	break;
wolfSSL	4:1b0d80432c79	5875
wolfSSL	4:1b0d80432c79	5876	case client_key_exchange:
wolfSSL	4:1b0d80432c79	5877	WOLFSSL_MSG("processing client key exchange");
wolfSSL	4:1b0d80432c79	5878	ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5879	break;
wolfSSL	4:1b0d80432c79	5880
wolfSSL	4:1b0d80432c79	5881	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	5882	case certificate_verify:
wolfSSL	4:1b0d80432c79	5883	WOLFSSL_MSG("processing certificate verify");
wolfSSL	4:1b0d80432c79	5884	ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL	4:1b0d80432c79	5885	break;
wolfSSL	4:1b0d80432c79	5886	#endif /* !NO_RSA \|\| HAVE_ECC */
wolfSSL	4:1b0d80432c79	5887
wolfSSL	4:1b0d80432c79	5888	#endif /* !NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	5889
wolfSSL	4:1b0d80432c79	5890	default:
wolfSSL	4:1b0d80432c79	5891	WOLFSSL_MSG("Unknown handshake message type");
wolfSSL	4:1b0d80432c79	5892	ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL	4:1b0d80432c79	5893	break;
wolfSSL	4:1b0d80432c79	5894	}
wolfSSL	4:1b0d80432c79	5895
wolfSSL	4:1b0d80432c79	5896	WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL	4:1b0d80432c79	5897	return ret;
wolfSSL	4:1b0d80432c79	5898	}
wolfSSL	4:1b0d80432c79	5899
wolfSSL	4:1b0d80432c79	5900
wolfSSL	4:1b0d80432c79	5901	static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	5902	word32 totalSz)
wolfSSL	4:1b0d80432c79	5903	{
wolfSSL	4:1b0d80432c79	5904	int ret = 0;
wolfSSL	4:1b0d80432c79	5905	word32 inputLength;
wolfSSL	4:1b0d80432c79	5906
wolfSSL	4:1b0d80432c79	5907	WOLFSSL_ENTER("DoHandShakeMsg()");
wolfSSL	4:1b0d80432c79	5908
wolfSSL	4:1b0d80432c79	5909	if (ssl->arrays == NULL) {
wolfSSL	4:1b0d80432c79	5910	byte type;
wolfSSL	4:1b0d80432c79	5911	word32 size;
wolfSSL	4:1b0d80432c79	5912
wolfSSL	4:1b0d80432c79	5913	if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0)
wolfSSL	4:1b0d80432c79	5914	return PARSE_ERROR;
wolfSSL	4:1b0d80432c79	5915
wolfSSL	4:1b0d80432c79	5916	return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	4:1b0d80432c79	5917	}
wolfSSL	4:1b0d80432c79	5918
wolfSSL	4:1b0d80432c79	5919	inputLength = ssl->buffers.inputBuffer.length - *inOutIdx;
wolfSSL	4:1b0d80432c79	5920
wolfSSL	4:1b0d80432c79	5921	/* If there is a pending fragmented handshake message,
wolfSSL	4:1b0d80432c79	5922	* pending message size will be non-zero. */
wolfSSL	4:1b0d80432c79	5923	if (ssl->arrays->pendingMsgSz == 0) {
wolfSSL	4:1b0d80432c79	5924	byte type;
wolfSSL	4:1b0d80432c79	5925	word32 size;
wolfSSL	4:1b0d80432c79	5926
wolfSSL	4:1b0d80432c79	5927	if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
wolfSSL	4:1b0d80432c79	5928	return PARSE_ERROR;
wolfSSL	4:1b0d80432c79	5929
wolfSSL	4:1b0d80432c79	5930	/* Cap the maximum size of a handshake message to something reasonable.
wolfSSL	4:1b0d80432c79	5931	* By default is the maximum size of a certificate message assuming
wolfSSL	4:1b0d80432c79	5932	* nine 2048-bit RSA certificates in the chain. */
wolfSSL	4:1b0d80432c79	5933	if (size > MAX_HANDSHAKE_SZ) {
wolfSSL	4:1b0d80432c79	5934	WOLFSSL_MSG("Handshake message too large");
wolfSSL	4:1b0d80432c79	5935	return HANDSHAKE_SIZE_ERROR;
wolfSSL	4:1b0d80432c79	5936	}
wolfSSL	4:1b0d80432c79	5937
wolfSSL	4:1b0d80432c79	5938	/* size is the size of the certificate message payload */
wolfSSL	4:1b0d80432c79	5939	if (inputLength - HANDSHAKE_HEADER_SZ < size) {
wolfSSL	4:1b0d80432c79	5940	ssl->arrays->pendingMsgType = type;
wolfSSL	4:1b0d80432c79	5941	ssl->arrays->pendingMsgSz = size + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	5942	ssl->arrays->pendingMsg = (byte*)XMALLOC(size + HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	5943	ssl->heap,
wolfSSL	4:1b0d80432c79	5944	DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	5945	if (ssl->arrays->pendingMsg == NULL)
wolfSSL	4:1b0d80432c79	5946	return MEMORY_E;
wolfSSL	4:1b0d80432c79	5947	XMEMCPY(ssl->arrays->pendingMsg,
wolfSSL	4:1b0d80432c79	5948	input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	5949	inputLength);
wolfSSL	4:1b0d80432c79	5950	ssl->arrays->pendingMsgOffset = inputLength;
wolfSSL	4:1b0d80432c79	5951	*inOutIdx += inputLength - HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	5952	return 0;
wolfSSL	4:1b0d80432c79	5953	}
wolfSSL	4:1b0d80432c79	5954
wolfSSL	4:1b0d80432c79	5955	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	4:1b0d80432c79	5956	}
wolfSSL	4:1b0d80432c79	5957	else {
wolfSSL	4:1b0d80432c79	5958	if (inputLength + ssl->arrays->pendingMsgOffset
wolfSSL	4:1b0d80432c79	5959	> ssl->arrays->pendingMsgSz) {
wolfSSL	4:1b0d80432c79	5960
wolfSSL	4:1b0d80432c79	5961	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	5962	}
wolfSSL	4:1b0d80432c79	5963	else {
wolfSSL	4:1b0d80432c79	5964	XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
wolfSSL	4:1b0d80432c79	5965	input + *inOutIdx, inputLength);
wolfSSL	4:1b0d80432c79	5966	ssl->arrays->pendingMsgOffset += inputLength;
wolfSSL	4:1b0d80432c79	5967	*inOutIdx += inputLength;
wolfSSL	4:1b0d80432c79	5968	}
wolfSSL	4:1b0d80432c79	5969
wolfSSL	4:1b0d80432c79	5970	if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz)
wolfSSL	4:1b0d80432c79	5971	{
wolfSSL	4:1b0d80432c79	5972	word32 idx = 0;
wolfSSL	4:1b0d80432c79	5973	ret = DoHandShakeMsgType(ssl,
wolfSSL	4:1b0d80432c79	5974	ssl->arrays->pendingMsg
wolfSSL	4:1b0d80432c79	5975	+ HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	5976	&idx, ssl->arrays->pendingMsgType,
wolfSSL	4:1b0d80432c79	5977	ssl->arrays->pendingMsgSz
wolfSSL	4:1b0d80432c79	5978	- HANDSHAKE_HEADER_SZ,
wolfSSL	4:1b0d80432c79	5979	ssl->arrays->pendingMsgSz);
wolfSSL	4:1b0d80432c79	5980	XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	4:1b0d80432c79	5981	ssl->arrays->pendingMsg = NULL;
wolfSSL	4:1b0d80432c79	5982	ssl->arrays->pendingMsgSz = 0;
wolfSSL	4:1b0d80432c79	5983	}
wolfSSL	4:1b0d80432c79	5984	}
wolfSSL	4:1b0d80432c79	5985
wolfSSL	4:1b0d80432c79	5986	WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL	4:1b0d80432c79	5987	return ret;
wolfSSL	4:1b0d80432c79	5988	}
wolfSSL	4:1b0d80432c79	5989
wolfSSL	4:1b0d80432c79	5990
wolfSSL	4:1b0d80432c79	5991	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	5992
wolfSSL	4:1b0d80432c79	5993	static INLINE int DtlsCheckWindow(DtlsState* state)
wolfSSL	4:1b0d80432c79	5994	{
wolfSSL	4:1b0d80432c79	5995	word32 cur;
wolfSSL	4:1b0d80432c79	5996	word32 next;
wolfSSL	4:1b0d80432c79	5997	DtlsSeq window;
wolfSSL	4:1b0d80432c79	5998
wolfSSL	4:1b0d80432c79	5999	if (state->curEpoch == state->nextEpoch) {
wolfSSL	4:1b0d80432c79	6000	next = state->nextSeq;
wolfSSL	4:1b0d80432c79	6001	window = state->window;
wolfSSL	4:1b0d80432c79	6002	}
wolfSSL	4:1b0d80432c79	6003	else if (state->curEpoch < state->nextEpoch) {
wolfSSL	4:1b0d80432c79	6004	next = state->prevSeq;
wolfSSL	4:1b0d80432c79	6005	window = state->prevWindow;
wolfSSL	4:1b0d80432c79	6006	}
wolfSSL	4:1b0d80432c79	6007	else {
wolfSSL	4:1b0d80432c79	6008	return 0;
wolfSSL	4:1b0d80432c79	6009	}
wolfSSL	4:1b0d80432c79	6010
wolfSSL	4:1b0d80432c79	6011	cur = state->curSeq;
wolfSSL	4:1b0d80432c79	6012
wolfSSL	4:1b0d80432c79	6013	if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) {
wolfSSL	4:1b0d80432c79	6014	return 0;
wolfSSL	4:1b0d80432c79	6015	}
wolfSSL	4:1b0d80432c79	6016	else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) {
wolfSSL	4:1b0d80432c79	6017	return 0;
wolfSSL	4:1b0d80432c79	6018	}
wolfSSL	4:1b0d80432c79	6019
wolfSSL	4:1b0d80432c79	6020	return 1;
wolfSSL	4:1b0d80432c79	6021	}
wolfSSL	4:1b0d80432c79	6022
wolfSSL	4:1b0d80432c79	6023
wolfSSL	4:1b0d80432c79	6024	static INLINE int DtlsUpdateWindow(DtlsState* state)
wolfSSL	4:1b0d80432c79	6025	{
wolfSSL	4:1b0d80432c79	6026	word32 cur;
wolfSSL	4:1b0d80432c79	6027	word32* next;
wolfSSL	4:1b0d80432c79	6028	DtlsSeq* window;
wolfSSL	4:1b0d80432c79	6029
wolfSSL	4:1b0d80432c79	6030	if (state->curEpoch == state->nextEpoch) {
wolfSSL	4:1b0d80432c79	6031	next = &state->nextSeq;
wolfSSL	4:1b0d80432c79	6032	window = &state->window;
wolfSSL	4:1b0d80432c79	6033	}
wolfSSL	4:1b0d80432c79	6034	else {
wolfSSL	4:1b0d80432c79	6035	next = &state->prevSeq;
wolfSSL	4:1b0d80432c79	6036	window = &state->prevWindow;
wolfSSL	4:1b0d80432c79	6037	}
wolfSSL	4:1b0d80432c79	6038
wolfSSL	4:1b0d80432c79	6039	cur = state->curSeq;
wolfSSL	4:1b0d80432c79	6040
wolfSSL	4:1b0d80432c79	6041	if (cur < *next) {
wolfSSL	4:1b0d80432c79	6042	window \|= ((DtlsSeq)1 << (next - cur - 1));
wolfSSL	4:1b0d80432c79	6043	}
wolfSSL	4:1b0d80432c79	6044	else {
wolfSSL	4:1b0d80432c79	6045	window <<= (1 + cur - next);
wolfSSL	4:1b0d80432c79	6046	*window \|= 1;
wolfSSL	4:1b0d80432c79	6047	*next = cur + 1;
wolfSSL	4:1b0d80432c79	6048	}
wolfSSL	4:1b0d80432c79	6049
wolfSSL	4:1b0d80432c79	6050	return 1;
wolfSSL	4:1b0d80432c79	6051	}
wolfSSL	4:1b0d80432c79	6052
wolfSSL	4:1b0d80432c79	6053
wolfSSL	4:1b0d80432c79	6054	static int DtlsMsgDrain(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	6055	{
wolfSSL	4:1b0d80432c79	6056	DtlsMsg* item = ssl->dtls_msg_list;
wolfSSL	4:1b0d80432c79	6057	int ret = 0;
wolfSSL	4:1b0d80432c79	6058
wolfSSL	4:1b0d80432c79	6059	/* While there is an item in the store list, and it is the expected
wolfSSL	4:1b0d80432c79	6060	* message, and it is complete, and there hasn't been an error in the
wolfSSL	4:1b0d80432c79	6061	* last messge... */
wolfSSL	4:1b0d80432c79	6062	while (item != NULL &&
wolfSSL	4:1b0d80432c79	6063	ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL	4:1b0d80432c79	6064	item->fragSz == item->sz &&
wolfSSL	4:1b0d80432c79	6065	ret == 0) {
wolfSSL	4:1b0d80432c79	6066	word32 idx = 0;
wolfSSL	4:1b0d80432c79	6067	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	4:1b0d80432c79	6068	ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL	4:1b0d80432c79	6069	&idx, item->type, item->sz, item->sz);
wolfSSL	4:1b0d80432c79	6070	ssl->dtls_msg_list = item->next;
wolfSSL	4:1b0d80432c79	6071	DtlsMsgDelete(item, ssl->heap);
wolfSSL	4:1b0d80432c79	6072	item = ssl->dtls_msg_list;
wolfSSL	4:1b0d80432c79	6073	}
wolfSSL	4:1b0d80432c79	6074
wolfSSL	4:1b0d80432c79	6075	return ret;
wolfSSL	4:1b0d80432c79	6076	}
wolfSSL	4:1b0d80432c79	6077
wolfSSL	4:1b0d80432c79	6078
wolfSSL	4:1b0d80432c79	6079	static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	6080	word32 totalSz)
wolfSSL	4:1b0d80432c79	6081	{
wolfSSL	4:1b0d80432c79	6082	byte type;
wolfSSL	4:1b0d80432c79	6083	word32 size;
wolfSSL	4:1b0d80432c79	6084	word32 fragOffset, fragSz;
wolfSSL	4:1b0d80432c79	6085	int ret = 0;
wolfSSL	4:1b0d80432c79	6086
wolfSSL	4:1b0d80432c79	6087	WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL	4:1b0d80432c79	6088	if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL	4:1b0d80432c79	6089	&size, &fragOffset, &fragSz, totalSz) != 0)
wolfSSL	4:1b0d80432c79	6090	return PARSE_ERROR;
wolfSSL	4:1b0d80432c79	6091
wolfSSL	4:1b0d80432c79	6092	if (*inOutIdx + fragSz > totalSz)
wolfSSL	4:1b0d80432c79	6093	return INCOMPLETE_DATA;
wolfSSL	4:1b0d80432c79	6094
wolfSSL	4:1b0d80432c79	6095	/* Check the handshake sequence number first. If out of order,
wolfSSL	4:1b0d80432c79	6096	* add the current message to the list. If the message is in order,
wolfSSL	4:1b0d80432c79	6097	* but it is a fragment, add the current message to the list, then
wolfSSL	4:1b0d80432c79	6098	* check the head of the list to see if it is complete, if so, pop
wolfSSL	4:1b0d80432c79	6099	* it out as the current message. If the message is complete and in
wolfSSL	4:1b0d80432c79	6100	* order, process it. Check the head of the list to see if it is in
wolfSSL	4:1b0d80432c79	6101	* order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL	4:1b0d80432c79	6102	* head is out of order, return for more processing.
wolfSSL	4:1b0d80432c79	6103	*/
wolfSSL	4:1b0d80432c79	6104	if (ssl->keys.dtls_peer_handshake_number >
wolfSSL	4:1b0d80432c79	6105	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	4:1b0d80432c79	6106	/* Current message is out of order. It will get stored in the list.
wolfSSL	4:1b0d80432c79	6107	* Storing also takes care of defragmentation. If the messages is a
wolfSSL	4:1b0d80432c79	6108	* client hello, we need to process this out of order; the server
wolfSSL	4:1b0d80432c79	6109	* is not supposed to keep state, but the second client hello will
wolfSSL	4:1b0d80432c79	6110	* have a different handshake sequence number than is expected, and
wolfSSL	4:1b0d80432c79	6111	* the server shouldn't be expecting any particular handshake sequence
wolfSSL	4:1b0d80432c79	6112	* number. (If the cookie changes multiple times in quick succession,
wolfSSL	4:1b0d80432c79	6113	* the client could be sending multiple new client hello messages
wolfSSL	4:1b0d80432c79	6114	* with newer and newer cookies.) */
wolfSSL	4:1b0d80432c79	6115	if (type != client_hello) {
wolfSSL	4:1b0d80432c79	6116	ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
wolfSSL	4:1b0d80432c79	6117	ssl->keys.dtls_peer_handshake_number,
wolfSSL	4:1b0d80432c79	6118	input + *inOutIdx, size, type,
wolfSSL	4:1b0d80432c79	6119	fragOffset, fragSz, ssl->heap);
wolfSSL	4:1b0d80432c79	6120	*inOutIdx += fragSz;
wolfSSL	4:1b0d80432c79	6121	ret = 0;
wolfSSL	4:1b0d80432c79	6122	}
wolfSSL	4:1b0d80432c79	6123	else {
wolfSSL	4:1b0d80432c79	6124	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	4:1b0d80432c79	6125	if (ret == 0) {
wolfSSL	4:1b0d80432c79	6126	ssl->keys.dtls_expected_peer_handshake_number =
wolfSSL	4:1b0d80432c79	6127	ssl->keys.dtls_peer_handshake_number + 1;
wolfSSL	4:1b0d80432c79	6128	}
wolfSSL	4:1b0d80432c79	6129	}
wolfSSL	4:1b0d80432c79	6130	}
wolfSSL	4:1b0d80432c79	6131	else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL	4:1b0d80432c79	6132	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	4:1b0d80432c79	6133	/* Already saw this message and processed it. It can be ignored. */
wolfSSL	4:1b0d80432c79	6134	*inOutIdx += fragSz;
wolfSSL	4:1b0d80432c79	6135	if(type == finished )
wolfSSL	4:1b0d80432c79	6136	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	6137	ret = DtlsPoolSend(ssl);
wolfSSL	4:1b0d80432c79	6138	}
wolfSSL	4:1b0d80432c79	6139	else if (fragSz < size) {
wolfSSL	4:1b0d80432c79	6140	/* Since this branch is in order, but fragmented, dtls_msg_list will be
wolfSSL	4:1b0d80432c79	6141	* pointing to the message with this fragment in it. Check it to see
wolfSSL	4:1b0d80432c79	6142	* if it is completed. */
wolfSSL	4:1b0d80432c79	6143	ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
wolfSSL	4:1b0d80432c79	6144	ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	6145	size, type, fragOffset, fragSz, ssl->heap);
wolfSSL	4:1b0d80432c79	6146	*inOutIdx += fragSz;
wolfSSL	4:1b0d80432c79	6147	ret = 0;
wolfSSL	4:1b0d80432c79	6148	if (ssl->dtls_msg_list != NULL &&
wolfSSL	4:1b0d80432c79	6149	ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz)
wolfSSL	4:1b0d80432c79	6150	ret = DtlsMsgDrain(ssl);
wolfSSL	4:1b0d80432c79	6151	}
wolfSSL	4:1b0d80432c79	6152	else {
wolfSSL	4:1b0d80432c79	6153	/* This branch is in order next, and a complete message. */
wolfSSL	4:1b0d80432c79	6154	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	4:1b0d80432c79	6155	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	4:1b0d80432c79	6156	if (ret == 0 && ssl->dtls_msg_list != NULL)
wolfSSL	4:1b0d80432c79	6157	ret = DtlsMsgDrain(ssl);
wolfSSL	4:1b0d80432c79	6158	}
wolfSSL	4:1b0d80432c79	6159
wolfSSL	4:1b0d80432c79	6160	WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL	4:1b0d80432c79	6161	return ret;
wolfSSL	4:1b0d80432c79	6162	}
wolfSSL	4:1b0d80432c79	6163	#endif
wolfSSL	4:1b0d80432c79	6164
wolfSSL	4:1b0d80432c79	6165
wolfSSL	4:1b0d80432c79	6166	#if !defined(NO_OLD_TLS) \|\| defined(HAVE_CHACHA) \|\| defined(HAVE_AESCCM) \
wolfSSL	4:1b0d80432c79	6167	\|\| defined(HAVE_AESGCM)
wolfSSL	4:1b0d80432c79	6168	static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
wolfSSL	4:1b0d80432c79	6169	{
wolfSSL	4:1b0d80432c79	6170	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6171	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	6172	if (verify)
wolfSSL	4:1b0d80432c79	6173	return ssl->keys.dtls_state.curSeq; /* explicit from peer */
wolfSSL	4:1b0d80432c79	6174	else
wolfSSL	4:1b0d80432c79	6175	return ssl->keys.dtls_sequence_number - 1; /* already incremented */
wolfSSL	4:1b0d80432c79	6176	}
wolfSSL	4:1b0d80432c79	6177	#endif
wolfSSL	4:1b0d80432c79	6178	if (verify)
wolfSSL	4:1b0d80432c79	6179	return ssl->keys.peer_sequence_number++;
wolfSSL	4:1b0d80432c79	6180	else
wolfSSL	4:1b0d80432c79	6181	return ssl->keys.sequence_number++;
wolfSSL	4:1b0d80432c79	6182	}
wolfSSL	4:1b0d80432c79	6183	#endif
wolfSSL	4:1b0d80432c79	6184
wolfSSL	4:1b0d80432c79	6185
wolfSSL	4:1b0d80432c79	6186	#ifdef HAVE_AEAD
wolfSSL	4:1b0d80432c79	6187	static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	6188	{
wolfSSL	4:1b0d80432c79	6189	int i;
wolfSSL	4:1b0d80432c79	6190	for (i = AEAD_MAX_EXP_SZ-1; i >= 0; i--) {
wolfSSL	4:1b0d80432c79	6191	if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL	4:1b0d80432c79	6192	}
wolfSSL	4:1b0d80432c79	6193	}
wolfSSL	4:1b0d80432c79	6194
wolfSSL	4:1b0d80432c79	6195
wolfSSL	4:1b0d80432c79	6196	#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
wolfSSL	4:1b0d80432c79	6197	/* Used for the older version of creating AEAD tags with Poly1305 */
wolfSSL	4:1b0d80432c79	6198	static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
wolfSSL	4:1b0d80432c79	6199	byte* cipher, word16 sz, byte* tag)
wolfSSL	4:1b0d80432c79	6200	{
wolfSSL	4:1b0d80432c79	6201	int ret = 0;
wolfSSL	4:1b0d80432c79	6202	int msglen = (sz - ssl->specs.aead_mac_size);
wolfSSL	4:1b0d80432c79	6203	word32 keySz = 32;
wolfSSL	4:1b0d80432c79	6204	byte padding[8]; /* used to temporarily store lengths */
wolfSSL	4:1b0d80432c79	6205
wolfSSL	4:1b0d80432c79	6206	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6207	printf("Using old version of poly1305 input.\n");
wolfSSL	4:1b0d80432c79	6208	#endif
wolfSSL	4:1b0d80432c79	6209
wolfSSL	4:1b0d80432c79	6210	if (msglen < 0)
wolfSSL	4:1b0d80432c79	6211	return INPUT_CASE_ERROR;
wolfSSL	4:1b0d80432c79	6212
wolfSSL	4:1b0d80432c79	6213	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
wolfSSL	4:1b0d80432c79	6214	return ret;
wolfSSL	4:1b0d80432c79	6215
wolfSSL	4:1b0d80432c79	6216	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
wolfSSL	4:1b0d80432c79	6217	AEAD_AUTH_DATA_SZ)) != 0)
wolfSSL	4:1b0d80432c79	6218	return ret;
wolfSSL	4:1b0d80432c79	6219
wolfSSL	4:1b0d80432c79	6220	/* length of additional input plus padding */
wolfSSL	4:1b0d80432c79	6221	XMEMSET(padding, 0, sizeof(padding));
wolfSSL	4:1b0d80432c79	6222	padding[0] = AEAD_AUTH_DATA_SZ;
wolfSSL	4:1b0d80432c79	6223	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
wolfSSL	4:1b0d80432c79	6224	sizeof(padding))) != 0)
wolfSSL	4:1b0d80432c79	6225	return ret;
wolfSSL	4:1b0d80432c79	6226
wolfSSL	4:1b0d80432c79	6227
wolfSSL	4:1b0d80432c79	6228	/* add cipher info and then its length */
wolfSSL	4:1b0d80432c79	6229	XMEMSET(padding, 0, sizeof(padding));
wolfSSL	4:1b0d80432c79	6230	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
wolfSSL	4:1b0d80432c79	6231	return ret;
wolfSSL	4:1b0d80432c79	6232
wolfSSL	4:1b0d80432c79	6233	/* 32 bit size of cipher to 64 bit endian */
wolfSSL	4:1b0d80432c79	6234	padding[0] = msglen & 0xff;
wolfSSL	4:1b0d80432c79	6235	padding[1] = (msglen >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	6236	padding[2] = (msglen >> 16) & 0xff;
wolfSSL	4:1b0d80432c79	6237	padding[3] = (msglen >> 24) & 0xff;
wolfSSL	4:1b0d80432c79	6238	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
wolfSSL	4:1b0d80432c79	6239	!= 0)
wolfSSL	4:1b0d80432c79	6240	return ret;
wolfSSL	4:1b0d80432c79	6241
wolfSSL	4:1b0d80432c79	6242	/* generate tag */
wolfSSL	4:1b0d80432c79	6243	if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
wolfSSL	4:1b0d80432c79	6244	return ret;
wolfSSL	4:1b0d80432c79	6245
wolfSSL	4:1b0d80432c79	6246	return ret;
wolfSSL	4:1b0d80432c79	6247	}
wolfSSL	4:1b0d80432c79	6248
wolfSSL	4:1b0d80432c79	6249
wolfSSL	4:1b0d80432c79	6250	static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL	4:1b0d80432c79	6251	word16 sz)
wolfSSL	4:1b0d80432c79	6252	{
wolfSSL	4:1b0d80432c79	6253	const byte* additionalSrc = input - RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	6254	int ret = 0;
wolfSSL	4:1b0d80432c79	6255	word32 msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL	4:1b0d80432c79	6256	byte tag[POLY1305_AUTH_SZ];
wolfSSL	4:1b0d80432c79	6257	byte add[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6258	byte nonce[CHACHA20_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6259	byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
wolfSSL	4:1b0d80432c79	6260	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6261	int i;
wolfSSL	4:1b0d80432c79	6262	#endif
wolfSSL	4:1b0d80432c79	6263
wolfSSL	4:1b0d80432c79	6264	XMEMSET(tag, 0, sizeof(tag));
wolfSSL	4:1b0d80432c79	6265	XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL	4:1b0d80432c79	6266	XMEMSET(poly, 0, sizeof(poly));
wolfSSL	4:1b0d80432c79	6267	XMEMSET(add, 0, sizeof(add));
wolfSSL	4:1b0d80432c79	6268
wolfSSL	4:1b0d80432c79	6269	if (ssl->options.oldPoly != 0) {
wolfSSL	4:1b0d80432c79	6270	/* get nonce */
wolfSSL	4:1b0d80432c79	6271	c32toa(ssl->keys.sequence_number, nonce + CHACHA20_OLD_OFFSET);
wolfSSL	4:1b0d80432c79	6272	}
wolfSSL	4:1b0d80432c79	6273
wolfSSL	4:1b0d80432c79	6274	/* opaque SEQ number stored for AD */
wolfSSL	4:1b0d80432c79	6275	c32toa(GetSEQIncrement(ssl, 0), add + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6276
wolfSSL	4:1b0d80432c79	6277	/* Store the type, version. Unfortunately, they are in
wolfSSL	4:1b0d80432c79	6278	* the input buffer ahead of the plaintext. */
wolfSSL	4:1b0d80432c79	6279	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6280	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	6281	c16toa(ssl->keys.dtls_epoch, add);
wolfSSL	4:1b0d80432c79	6282	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	6283	}
wolfSSL	4:1b0d80432c79	6284	#endif
wolfSSL	4:1b0d80432c79	6285
wolfSSL	4:1b0d80432c79	6286	/* add TLS message size to additional data */
wolfSSL	4:1b0d80432c79	6287	add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	6288	add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL	4:1b0d80432c79	6289
wolfSSL	4:1b0d80432c79	6290	XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	4:1b0d80432c79	6291
wolfSSL	4:1b0d80432c79	6292	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6293	printf("Encrypt Additional : ");
wolfSSL	4:1b0d80432c79	6294	for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL	4:1b0d80432c79	6295	printf("%02x", add[i]);
wolfSSL	4:1b0d80432c79	6296	}
wolfSSL	4:1b0d80432c79	6297	printf("\n\n");
wolfSSL	4:1b0d80432c79	6298	printf("input before encryption :\n");
wolfSSL	4:1b0d80432c79	6299	for (i = 0; i < sz; i++) {
wolfSSL	4:1b0d80432c79	6300	printf("%02x", input[i]);
wolfSSL	4:1b0d80432c79	6301	if ((i + 1) % 16 == 0)
wolfSSL	4:1b0d80432c79	6302	printf("\n");
wolfSSL	4:1b0d80432c79	6303	}
wolfSSL	4:1b0d80432c79	6304	printf("\n");
wolfSSL	4:1b0d80432c79	6305	#endif
wolfSSL	4:1b0d80432c79	6306
wolfSSL	4:1b0d80432c79	6307	if (ssl->options.oldPoly == 0) {
wolfSSL	4:1b0d80432c79	6308	/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL	4:1b0d80432c79	6309	* record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL	4:1b0d80432c79	6310	XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6311	nonce[4] ^= add[0];
wolfSSL	4:1b0d80432c79	6312	nonce[5] ^= add[1];
wolfSSL	4:1b0d80432c79	6313	nonce[6] ^= add[2];
wolfSSL	4:1b0d80432c79	6314	nonce[7] ^= add[3];
wolfSSL	4:1b0d80432c79	6315	nonce[8] ^= add[4];
wolfSSL	4:1b0d80432c79	6316	nonce[9] ^= add[5];
wolfSSL	4:1b0d80432c79	6317	nonce[10] ^= add[6];
wolfSSL	4:1b0d80432c79	6318	nonce[11] ^= add[7];
wolfSSL	4:1b0d80432c79	6319	}
wolfSSL	4:1b0d80432c79	6320
wolfSSL	4:1b0d80432c79	6321	/* set the nonce for chacha and get poly1305 key */
wolfSSL	4:1b0d80432c79	6322	if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) {
wolfSSL	4:1b0d80432c79	6323	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6324	return ret;
wolfSSL	4:1b0d80432c79	6325	}
wolfSSL	4:1b0d80432c79	6326
wolfSSL	4:1b0d80432c79	6327	ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL	4:1b0d80432c79	6328	/* create Poly1305 key using chacha20 keystream */
wolfSSL	4:1b0d80432c79	6329	if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, poly,
wolfSSL	4:1b0d80432c79	6330	poly, sizeof(poly))) != 0)
wolfSSL	4:1b0d80432c79	6331	return ret;
wolfSSL	4:1b0d80432c79	6332
wolfSSL	4:1b0d80432c79	6333	/* encrypt the plain text */
wolfSSL	4:1b0d80432c79	6334	if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out,
wolfSSL	4:1b0d80432c79	6335	input, msgLen)) != 0) {
wolfSSL	4:1b0d80432c79	6336	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6337	return ret;
wolfSSL	4:1b0d80432c79	6338	}
wolfSSL	4:1b0d80432c79	6339
wolfSSL	4:1b0d80432c79	6340	/* get the poly1305 tag using either old padding scheme or more recent */
wolfSSL	4:1b0d80432c79	6341	if (ssl->options.oldPoly != 0) {
wolfSSL	4:1b0d80432c79	6342	if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
wolfSSL	4:1b0d80432c79	6343	poly, sz, tag)) != 0) {
wolfSSL	4:1b0d80432c79	6344	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6345	return ret;
wolfSSL	4:1b0d80432c79	6346	}
wolfSSL	4:1b0d80432c79	6347	}
wolfSSL	4:1b0d80432c79	6348	else {
wolfSSL	4:1b0d80432c79	6349	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL	4:1b0d80432c79	6350	sizeof(poly))) != 0) {
wolfSSL	4:1b0d80432c79	6351	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6352	return ret;
wolfSSL	4:1b0d80432c79	6353	}
wolfSSL	4:1b0d80432c79	6354	if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL	4:1b0d80432c79	6355	sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL	4:1b0d80432c79	6356	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6357	return ret;
wolfSSL	4:1b0d80432c79	6358	}
wolfSSL	4:1b0d80432c79	6359	}
wolfSSL	4:1b0d80432c79	6360	ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL	4:1b0d80432c79	6361
wolfSSL	4:1b0d80432c79	6362	/* append tag to ciphertext */
wolfSSL	4:1b0d80432c79	6363	XMEMCPY(out + msgLen, tag, sizeof(tag));
wolfSSL	4:1b0d80432c79	6364
wolfSSL	4:1b0d80432c79	6365	AeadIncrementExpIV(ssl);
wolfSSL	4:1b0d80432c79	6366
wolfSSL	4:1b0d80432c79	6367	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6368	printf("mac tag :\n");
wolfSSL	4:1b0d80432c79	6369	for (i = 0; i < 16; i++) {
wolfSSL	4:1b0d80432c79	6370	printf("%02x", tag[i]);
wolfSSL	4:1b0d80432c79	6371	if ((i + 1) % 16 == 0)
wolfSSL	4:1b0d80432c79	6372	printf("\n");
wolfSSL	4:1b0d80432c79	6373	}
wolfSSL	4:1b0d80432c79	6374	printf("\n\noutput after encrypt :\n");
wolfSSL	4:1b0d80432c79	6375	for (i = 0; i < sz; i++) {
wolfSSL	4:1b0d80432c79	6376	printf("%02x", out[i]);
wolfSSL	4:1b0d80432c79	6377	if ((i + 1) % 16 == 0)
wolfSSL	4:1b0d80432c79	6378	printf("\n");
wolfSSL	4:1b0d80432c79	6379	}
wolfSSL	4:1b0d80432c79	6380	printf("\n");
wolfSSL	4:1b0d80432c79	6381	#endif
wolfSSL	4:1b0d80432c79	6382
wolfSSL	4:1b0d80432c79	6383	return ret;
wolfSSL	4:1b0d80432c79	6384	}
wolfSSL	4:1b0d80432c79	6385
wolfSSL	4:1b0d80432c79	6386
wolfSSL	4:1b0d80432c79	6387	static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL	4:1b0d80432c79	6388	word16 sz)
wolfSSL	4:1b0d80432c79	6389	{
wolfSSL	4:1b0d80432c79	6390	byte add[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6391	byte nonce[CHACHA20_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6392	byte tag[POLY1305_AUTH_SZ];
wolfSSL	4:1b0d80432c79	6393	byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
wolfSSL	4:1b0d80432c79	6394	int ret = 0;
wolfSSL	4:1b0d80432c79	6395	int msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL	4:1b0d80432c79	6396
wolfSSL	4:1b0d80432c79	6397	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6398	int i;
wolfSSL	4:1b0d80432c79	6399	printf("input before decrypt :\n");
wolfSSL	4:1b0d80432c79	6400	for (i = 0; i < sz; i++) {
wolfSSL	4:1b0d80432c79	6401	printf("%02x", input[i]);
wolfSSL	4:1b0d80432c79	6402	if ((i + 1) % 16 == 0)
wolfSSL	4:1b0d80432c79	6403	printf("\n");
wolfSSL	4:1b0d80432c79	6404	}
wolfSSL	4:1b0d80432c79	6405	printf("\n");
wolfSSL	4:1b0d80432c79	6406	#endif
wolfSSL	4:1b0d80432c79	6407
wolfSSL	4:1b0d80432c79	6408	XMEMSET(tag, 0, sizeof(tag));
wolfSSL	4:1b0d80432c79	6409	XMEMSET(poly, 0, sizeof(poly));
wolfSSL	4:1b0d80432c79	6410	XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL	4:1b0d80432c79	6411	XMEMSET(add, 0, sizeof(add));
wolfSSL	4:1b0d80432c79	6412
wolfSSL	4:1b0d80432c79	6413	if (ssl->options.oldPoly != 0) {
wolfSSL	4:1b0d80432c79	6414	/* get nonce */
wolfSSL	4:1b0d80432c79	6415	c32toa(ssl->keys.peer_sequence_number, nonce + CHACHA20_OLD_OFFSET);
wolfSSL	4:1b0d80432c79	6416	}
wolfSSL	4:1b0d80432c79	6417
wolfSSL	4:1b0d80432c79	6418	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	4:1b0d80432c79	6419	c32toa(GetSEQIncrement(ssl, 1), add + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6420
wolfSSL	4:1b0d80432c79	6421	/* get AD info */
wolfSSL	4:1b0d80432c79	6422	add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	4:1b0d80432c79	6423	add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	4:1b0d80432c79	6424	add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	4:1b0d80432c79	6425
wolfSSL	4:1b0d80432c79	6426	/* Store the type, version. */
wolfSSL	4:1b0d80432c79	6427	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6428	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	6429	c16toa(ssl->keys.dtls_state.curEpoch, add);
wolfSSL	4:1b0d80432c79	6430	#endif
wolfSSL	4:1b0d80432c79	6431
wolfSSL	4:1b0d80432c79	6432	/* add TLS message size to additional data */
wolfSSL	4:1b0d80432c79	6433	add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL	4:1b0d80432c79	6434	add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL	4:1b0d80432c79	6435
wolfSSL	4:1b0d80432c79	6436	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6437	printf("Decrypt Additional : ");
wolfSSL	4:1b0d80432c79	6438	for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL	4:1b0d80432c79	6439	printf("%02x", add[i]);
wolfSSL	4:1b0d80432c79	6440	}
wolfSSL	4:1b0d80432c79	6441	printf("\n\n");
wolfSSL	4:1b0d80432c79	6442	#endif
wolfSSL	4:1b0d80432c79	6443
wolfSSL	4:1b0d80432c79	6444	if (ssl->options.oldPoly == 0) {
wolfSSL	4:1b0d80432c79	6445	/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL	4:1b0d80432c79	6446	* record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL	4:1b0d80432c79	6447	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6448	nonce[4] ^= add[0];
wolfSSL	4:1b0d80432c79	6449	nonce[5] ^= add[1];
wolfSSL	4:1b0d80432c79	6450	nonce[6] ^= add[2];
wolfSSL	4:1b0d80432c79	6451	nonce[7] ^= add[3];
wolfSSL	4:1b0d80432c79	6452	nonce[8] ^= add[4];
wolfSSL	4:1b0d80432c79	6453	nonce[9] ^= add[5];
wolfSSL	4:1b0d80432c79	6454	nonce[10] ^= add[6];
wolfSSL	4:1b0d80432c79	6455	nonce[11] ^= add[7];
wolfSSL	4:1b0d80432c79	6456	}
wolfSSL	4:1b0d80432c79	6457
wolfSSL	4:1b0d80432c79	6458	/* set nonce and get poly1305 key */
wolfSSL	4:1b0d80432c79	6459	if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) {
wolfSSL	4:1b0d80432c79	6460	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6461	return ret;
wolfSSL	4:1b0d80432c79	6462	}
wolfSSL	4:1b0d80432c79	6463
wolfSSL	4:1b0d80432c79	6464	ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL	4:1b0d80432c79	6465	/* use chacha20 keystream to get poly1305 key for tag */
wolfSSL	4:1b0d80432c79	6466	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, poly,
wolfSSL	4:1b0d80432c79	6467	poly, sizeof(poly))) != 0)
wolfSSL	4:1b0d80432c79	6468	return ret;
wolfSSL	4:1b0d80432c79	6469
wolfSSL	4:1b0d80432c79	6470	/* get the tag using Poly1305 */
wolfSSL	4:1b0d80432c79	6471	if (ssl->options.oldPoly != 0) {
wolfSSL	4:1b0d80432c79	6472	if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
wolfSSL	4:1b0d80432c79	6473	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6474	return ret;
wolfSSL	4:1b0d80432c79	6475	}
wolfSSL	4:1b0d80432c79	6476	}
wolfSSL	4:1b0d80432c79	6477	else {
wolfSSL	4:1b0d80432c79	6478	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL	4:1b0d80432c79	6479	sizeof(poly))) != 0) {
wolfSSL	4:1b0d80432c79	6480	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6481	return ret;
wolfSSL	4:1b0d80432c79	6482	}
wolfSSL	4:1b0d80432c79	6483	if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL	4:1b0d80432c79	6484	sizeof(add), (byte*)input, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL	4:1b0d80432c79	6485	ForceZero(poly, sizeof(poly));
wolfSSL	4:1b0d80432c79	6486	return ret;
wolfSSL	4:1b0d80432c79	6487	}
wolfSSL	4:1b0d80432c79	6488	}
wolfSSL	4:1b0d80432c79	6489	ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL	4:1b0d80432c79	6490
wolfSSL	4:1b0d80432c79	6491	/* check tag sent along with packet */
wolfSSL	4:1b0d80432c79	6492	if (ConstantCompare(input + msgLen, tag, ssl->specs.aead_mac_size) != 0) {
wolfSSL	4:1b0d80432c79	6493	WOLFSSL_MSG("MAC did not match");
wolfSSL	4:1b0d80432c79	6494	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	4:1b0d80432c79	6495	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	6496	}
wolfSSL	4:1b0d80432c79	6497
wolfSSL	4:1b0d80432c79	6498	/* if the tag was good decrypt message */
wolfSSL	4:1b0d80432c79	6499	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
wolfSSL	4:1b0d80432c79	6500	input, msgLen)) != 0)
wolfSSL	4:1b0d80432c79	6501	return ret;
wolfSSL	4:1b0d80432c79	6502
wolfSSL	4:1b0d80432c79	6503	#ifdef CHACHA_AEAD_TEST
wolfSSL	4:1b0d80432c79	6504	printf("plain after decrypt :\n");
wolfSSL	4:1b0d80432c79	6505	for (i = 0; i < sz; i++) {
wolfSSL	4:1b0d80432c79	6506	printf("%02x", plain[i]);
wolfSSL	4:1b0d80432c79	6507	if ((i + 1) % 16 == 0)
wolfSSL	4:1b0d80432c79	6508	printf("\n");
wolfSSL	4:1b0d80432c79	6509	}
wolfSSL	4:1b0d80432c79	6510	printf("\n");
wolfSSL	4:1b0d80432c79	6511	#endif
wolfSSL	4:1b0d80432c79	6512
wolfSSL	4:1b0d80432c79	6513	return ret;
wolfSSL	4:1b0d80432c79	6514	}
wolfSSL	4:1b0d80432c79	6515	#endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL	4:1b0d80432c79	6516	#endif /* HAVE_AEAD */
wolfSSL	4:1b0d80432c79	6517
wolfSSL	4:1b0d80432c79	6518
wolfSSL	4:1b0d80432c79	6519	static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
wolfSSL	4:1b0d80432c79	6520	{
wolfSSL	4:1b0d80432c79	6521	int ret = 0;
wolfSSL	4:1b0d80432c79	6522
wolfSSL	4:1b0d80432c79	6523	(void)out;
wolfSSL	4:1b0d80432c79	6524	(void)input;
wolfSSL	4:1b0d80432c79	6525	(void)sz;
wolfSSL	4:1b0d80432c79	6526
wolfSSL	4:1b0d80432c79	6527	if (ssl->encrypt.setup == 0) {
wolfSSL	4:1b0d80432c79	6528	WOLFSSL_MSG("Encrypt ciphers not setup");
wolfSSL	4:1b0d80432c79	6529	return ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	6530	}
wolfSSL	4:1b0d80432c79	6531
wolfSSL	4:1b0d80432c79	6532	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	6533	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	6534	ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	6535	#endif
wolfSSL	4:1b0d80432c79	6536
wolfSSL	4:1b0d80432c79	6537	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	4:1b0d80432c79	6538	#ifdef BUILD_ARC4
wolfSSL	4:1b0d80432c79	6539	case wolfssl_rc4:
wolfSSL	4:1b0d80432c79	6540	wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL	4:1b0d80432c79	6541	break;
wolfSSL	4:1b0d80432c79	6542	#endif
wolfSSL	4:1b0d80432c79	6543
wolfSSL	4:1b0d80432c79	6544	#ifdef BUILD_DES3
wolfSSL	4:1b0d80432c79	6545	case wolfssl_triple_des:
wolfSSL	4:1b0d80432c79	6546	ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL	4:1b0d80432c79	6547	break;
wolfSSL	4:1b0d80432c79	6548	#endif
wolfSSL	4:1b0d80432c79	6549
wolfSSL	4:1b0d80432c79	6550	#ifdef BUILD_AES
wolfSSL	4:1b0d80432c79	6551	case wolfssl_aes:
wolfSSL	4:1b0d80432c79	6552	ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL	4:1b0d80432c79	6553	break;
wolfSSL	4:1b0d80432c79	6554	#endif
wolfSSL	4:1b0d80432c79	6555
wolfSSL	4:1b0d80432c79	6556	#ifdef BUILD_AESGCM
wolfSSL	4:1b0d80432c79	6557	case wolfssl_aes_gcm:
wolfSSL	4:1b0d80432c79	6558	{
wolfSSL	4:1b0d80432c79	6559	byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6560	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6561	const byte* additionalSrc = input - 5;
wolfSSL	4:1b0d80432c79	6562
wolfSSL	4:1b0d80432c79	6563	XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6564
wolfSSL	4:1b0d80432c79	6565	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	4:1b0d80432c79	6566	c32toa(GetSEQIncrement(ssl, 0),
wolfSSL	4:1b0d80432c79	6567	additional + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6568
wolfSSL	4:1b0d80432c79	6569	/* Store the type, version. Unfortunately, they are in
wolfSSL	4:1b0d80432c79	6570	* the input buffer ahead of the plaintext. */
wolfSSL	4:1b0d80432c79	6571	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6572	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	6573	c16toa(ssl->keys.dtls_epoch, additional);
wolfSSL	4:1b0d80432c79	6574	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	6575	}
wolfSSL	4:1b0d80432c79	6576	#endif
wolfSSL	4:1b0d80432c79	6577	XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	4:1b0d80432c79	6578
wolfSSL	4:1b0d80432c79	6579	/* Store the length of the plain text minus the explicit
wolfSSL	4:1b0d80432c79	6580	* IV length minus the authentication tag size. */
wolfSSL	4:1b0d80432c79	6581	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6582	additional + AEAD_LEN_OFFSET);
wolfSSL	4:1b0d80432c79	6583	XMEMCPY(nonce,
wolfSSL	4:1b0d80432c79	6584	ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6585	XMEMCPY(nonce + AESGCM_IMP_IV_SZ,
wolfSSL	4:1b0d80432c79	6586	ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL	4:1b0d80432c79	6587	ret = wc_AesGcmEncrypt(ssl->encrypt.aes,
wolfSSL	4:1b0d80432c79	6588	out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6589	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6590	nonce, AESGCM_NONCE_SZ,
wolfSSL	4:1b0d80432c79	6591	out + sz - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6592	ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6593	additional, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6594	AeadIncrementExpIV(ssl);
wolfSSL	4:1b0d80432c79	6595	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6596	}
wolfSSL	4:1b0d80432c79	6597	break;
wolfSSL	4:1b0d80432c79	6598	#endif
wolfSSL	4:1b0d80432c79	6599
wolfSSL	4:1b0d80432c79	6600	#ifdef HAVE_AESCCM
wolfSSL	4:1b0d80432c79	6601	/* AEAD CCM uses same size as macros for AESGCM */
wolfSSL	4:1b0d80432c79	6602	case wolfssl_aes_ccm:
wolfSSL	4:1b0d80432c79	6603	{
wolfSSL	4:1b0d80432c79	6604	byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6605	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6606	const byte* additionalSrc = input - 5;
wolfSSL	4:1b0d80432c79	6607
wolfSSL	4:1b0d80432c79	6608	XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6609
wolfSSL	4:1b0d80432c79	6610	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	4:1b0d80432c79	6611	c32toa(GetSEQIncrement(ssl, 0),
wolfSSL	4:1b0d80432c79	6612	additional + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6613
wolfSSL	4:1b0d80432c79	6614	/* Store the type, version. Unfortunately, they are in
wolfSSL	4:1b0d80432c79	6615	* the input buffer ahead of the plaintext. */
wolfSSL	4:1b0d80432c79	6616	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6617	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	6618	c16toa(ssl->keys.dtls_epoch, additional);
wolfSSL	4:1b0d80432c79	6619	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	6620	}
wolfSSL	4:1b0d80432c79	6621	#endif
wolfSSL	4:1b0d80432c79	6622	XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	4:1b0d80432c79	6623
wolfSSL	4:1b0d80432c79	6624	/* Store the length of the plain text minus the explicit
wolfSSL	4:1b0d80432c79	6625	* IV length minus the authentication tag size. */
wolfSSL	4:1b0d80432c79	6626	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6627	additional + AEAD_LEN_OFFSET);
wolfSSL	4:1b0d80432c79	6628	XMEMCPY(nonce,
wolfSSL	4:1b0d80432c79	6629	ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6630	XMEMCPY(nonce + AESGCM_IMP_IV_SZ,
wolfSSL	4:1b0d80432c79	6631	ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL	4:1b0d80432c79	6632	ret = wc_AesCcmEncrypt(ssl->encrypt.aes,
wolfSSL	4:1b0d80432c79	6633	out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6634	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6635	nonce, AESGCM_NONCE_SZ,
wolfSSL	4:1b0d80432c79	6636	out + sz - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6637	ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6638	additional, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6639	AeadIncrementExpIV(ssl);
wolfSSL	4:1b0d80432c79	6640	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6641	}
wolfSSL	4:1b0d80432c79	6642	break;
wolfSSL	4:1b0d80432c79	6643	#endif
wolfSSL	4:1b0d80432c79	6644
wolfSSL	4:1b0d80432c79	6645	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	6646	case wolfssl_camellia:
wolfSSL	4:1b0d80432c79	6647	wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL	4:1b0d80432c79	6648	break;
wolfSSL	4:1b0d80432c79	6649	#endif
wolfSSL	4:1b0d80432c79	6650
wolfSSL	4:1b0d80432c79	6651	#ifdef HAVE_HC128
wolfSSL	4:1b0d80432c79	6652	case wolfssl_hc128:
wolfSSL	4:1b0d80432c79	6653	ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL	4:1b0d80432c79	6654	break;
wolfSSL	4:1b0d80432c79	6655	#endif
wolfSSL	4:1b0d80432c79	6656
wolfSSL	4:1b0d80432c79	6657	#ifdef BUILD_RABBIT
wolfSSL	4:1b0d80432c79	6658	case wolfssl_rabbit:
wolfSSL	4:1b0d80432c79	6659	ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL	4:1b0d80432c79	6660	break;
wolfSSL	4:1b0d80432c79	6661	#endif
wolfSSL	4:1b0d80432c79	6662
wolfSSL	4:1b0d80432c79	6663	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL	4:1b0d80432c79	6664	case wolfssl_chacha:
wolfSSL	4:1b0d80432c79	6665	ret = ChachaAEADEncrypt(ssl, out, input, sz);
wolfSSL	4:1b0d80432c79	6666	break;
wolfSSL	4:1b0d80432c79	6667	#endif
wolfSSL	4:1b0d80432c79	6668
wolfSSL	4:1b0d80432c79	6669	#ifdef HAVE_NULL_CIPHER
wolfSSL	4:1b0d80432c79	6670	case wolfssl_cipher_null:
wolfSSL	4:1b0d80432c79	6671	if (input != out) {
wolfSSL	4:1b0d80432c79	6672	XMEMMOVE(out, input, sz);
wolfSSL	4:1b0d80432c79	6673	}
wolfSSL	4:1b0d80432c79	6674	break;
wolfSSL	4:1b0d80432c79	6675	#endif
wolfSSL	4:1b0d80432c79	6676
wolfSSL	4:1b0d80432c79	6677	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	6678	case wolfssl_idea:
wolfSSL	4:1b0d80432c79	6679	ret = wc_IdeaCbcEncrypt(ssl->encrypt.idea, out, input, sz);
wolfSSL	4:1b0d80432c79	6680	break;
wolfSSL	4:1b0d80432c79	6681	#endif
wolfSSL	4:1b0d80432c79	6682
wolfSSL	4:1b0d80432c79	6683	default:
wolfSSL	4:1b0d80432c79	6684	WOLFSSL_MSG("wolfSSL Encrypt programming error");
wolfSSL	4:1b0d80432c79	6685	ret = ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	6686	}
wolfSSL	4:1b0d80432c79	6687
wolfSSL	4:1b0d80432c79	6688	return ret;
wolfSSL	4:1b0d80432c79	6689	}
wolfSSL	4:1b0d80432c79	6690
wolfSSL	4:1b0d80432c79	6691
wolfSSL	4:1b0d80432c79	6692
wolfSSL	4:1b0d80432c79	6693	static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL	4:1b0d80432c79	6694	word16 sz)
wolfSSL	4:1b0d80432c79	6695	{
wolfSSL	4:1b0d80432c79	6696	int ret = 0;
wolfSSL	4:1b0d80432c79	6697
wolfSSL	4:1b0d80432c79	6698	(void)plain;
wolfSSL	4:1b0d80432c79	6699	(void)input;
wolfSSL	4:1b0d80432c79	6700	(void)sz;
wolfSSL	4:1b0d80432c79	6701
wolfSSL	4:1b0d80432c79	6702	if (ssl->decrypt.setup == 0) {
wolfSSL	4:1b0d80432c79	6703	WOLFSSL_MSG("Decrypt ciphers not setup");
wolfSSL	4:1b0d80432c79	6704	return DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	6705	}
wolfSSL	4:1b0d80432c79	6706
wolfSSL	4:1b0d80432c79	6707	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	4:1b0d80432c79	6708	#ifdef BUILD_ARC4
wolfSSL	4:1b0d80432c79	6709	case wolfssl_rc4:
wolfSSL	4:1b0d80432c79	6710	wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL	4:1b0d80432c79	6711	break;
wolfSSL	4:1b0d80432c79	6712	#endif
wolfSSL	4:1b0d80432c79	6713
wolfSSL	4:1b0d80432c79	6714	#ifdef BUILD_DES3
wolfSSL	4:1b0d80432c79	6715	case wolfssl_triple_des:
wolfSSL	4:1b0d80432c79	6716	ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL	4:1b0d80432c79	6717	break;
wolfSSL	4:1b0d80432c79	6718	#endif
wolfSSL	4:1b0d80432c79	6719
wolfSSL	4:1b0d80432c79	6720	#ifdef BUILD_AES
wolfSSL	4:1b0d80432c79	6721	case wolfssl_aes:
wolfSSL	4:1b0d80432c79	6722	ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL	4:1b0d80432c79	6723	break;
wolfSSL	4:1b0d80432c79	6724	#endif
wolfSSL	4:1b0d80432c79	6725
wolfSSL	4:1b0d80432c79	6726	#ifdef BUILD_AESGCM
wolfSSL	4:1b0d80432c79	6727	case wolfssl_aes_gcm:
wolfSSL	4:1b0d80432c79	6728	{
wolfSSL	4:1b0d80432c79	6729	byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6730	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6731
wolfSSL	4:1b0d80432c79	6732	XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6733
wolfSSL	4:1b0d80432c79	6734	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	4:1b0d80432c79	6735	c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6736
wolfSSL	4:1b0d80432c79	6737	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6738	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	6739	c16toa(ssl->keys.dtls_state.curEpoch, additional);
wolfSSL	4:1b0d80432c79	6740	#endif
wolfSSL	4:1b0d80432c79	6741
wolfSSL	4:1b0d80432c79	6742	additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	4:1b0d80432c79	6743	additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	4:1b0d80432c79	6744	additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	4:1b0d80432c79	6745
wolfSSL	4:1b0d80432c79	6746	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6747	additional + AEAD_LEN_OFFSET);
wolfSSL	4:1b0d80432c79	6748	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6749	XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL	4:1b0d80432c79	6750	if (wc_AesGcmDecrypt(ssl->decrypt.aes,
wolfSSL	4:1b0d80432c79	6751	plain + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6752	input + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6753	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6754	nonce, AESGCM_NONCE_SZ,
wolfSSL	4:1b0d80432c79	6755	input + sz - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6756	ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6757	additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL	4:1b0d80432c79	6758	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	4:1b0d80432c79	6759	ret = VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	6760	}
wolfSSL	4:1b0d80432c79	6761	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6762	}
wolfSSL	4:1b0d80432c79	6763	break;
wolfSSL	4:1b0d80432c79	6764	#endif
wolfSSL	4:1b0d80432c79	6765
wolfSSL	4:1b0d80432c79	6766	#ifdef HAVE_AESCCM
wolfSSL	4:1b0d80432c79	6767	/* AESGCM AEAD macros use same size as AESCCM */
wolfSSL	4:1b0d80432c79	6768	case wolfssl_aes_ccm:
wolfSSL	4:1b0d80432c79	6769	{
wolfSSL	4:1b0d80432c79	6770	byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL	4:1b0d80432c79	6771	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	4:1b0d80432c79	6772
wolfSSL	4:1b0d80432c79	6773	XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	4:1b0d80432c79	6774
wolfSSL	4:1b0d80432c79	6775	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	4:1b0d80432c79	6776	c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
wolfSSL	4:1b0d80432c79	6777
wolfSSL	4:1b0d80432c79	6778	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	6779	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	6780	c16toa(ssl->keys.dtls_state.curEpoch, additional);
wolfSSL	4:1b0d80432c79	6781	#endif
wolfSSL	4:1b0d80432c79	6782
wolfSSL	4:1b0d80432c79	6783	additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	4:1b0d80432c79	6784	additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	4:1b0d80432c79	6785	additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	4:1b0d80432c79	6786
wolfSSL	4:1b0d80432c79	6787	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6788	additional + AEAD_LEN_OFFSET);
wolfSSL	4:1b0d80432c79	6789	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	4:1b0d80432c79	6790	XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL	4:1b0d80432c79	6791	if (wc_AesCcmDecrypt(ssl->decrypt.aes,
wolfSSL	4:1b0d80432c79	6792	plain + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6793	input + AESGCM_EXP_IV_SZ,
wolfSSL	4:1b0d80432c79	6794	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6795	nonce, AESGCM_NONCE_SZ,
wolfSSL	4:1b0d80432c79	6796	input + sz - ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6797	ssl->specs.aead_mac_size,
wolfSSL	4:1b0d80432c79	6798	additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL	4:1b0d80432c79	6799	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	4:1b0d80432c79	6800	ret = VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	6801	}
wolfSSL	4:1b0d80432c79	6802	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	4:1b0d80432c79	6803	}
wolfSSL	4:1b0d80432c79	6804	break;
wolfSSL	4:1b0d80432c79	6805	#endif
wolfSSL	4:1b0d80432c79	6806
wolfSSL	4:1b0d80432c79	6807	#ifdef HAVE_CAMELLIA
wolfSSL	4:1b0d80432c79	6808	case wolfssl_camellia:
wolfSSL	4:1b0d80432c79	6809	wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL	4:1b0d80432c79	6810	break;
wolfSSL	4:1b0d80432c79	6811	#endif
wolfSSL	4:1b0d80432c79	6812
wolfSSL	4:1b0d80432c79	6813	#ifdef HAVE_HC128
wolfSSL	4:1b0d80432c79	6814	case wolfssl_hc128:
wolfSSL	4:1b0d80432c79	6815	ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL	4:1b0d80432c79	6816	break;
wolfSSL	4:1b0d80432c79	6817	#endif
wolfSSL	4:1b0d80432c79	6818
wolfSSL	4:1b0d80432c79	6819	#ifdef BUILD_RABBIT
wolfSSL	4:1b0d80432c79	6820	case wolfssl_rabbit:
wolfSSL	4:1b0d80432c79	6821	ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL	4:1b0d80432c79	6822	break;
wolfSSL	4:1b0d80432c79	6823	#endif
wolfSSL	4:1b0d80432c79	6824
wolfSSL	4:1b0d80432c79	6825	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL	4:1b0d80432c79	6826	case wolfssl_chacha:
wolfSSL	4:1b0d80432c79	6827	ret = ChachaAEADDecrypt(ssl, plain, input, sz);
wolfSSL	4:1b0d80432c79	6828	break;
wolfSSL	4:1b0d80432c79	6829	#endif
wolfSSL	4:1b0d80432c79	6830
wolfSSL	4:1b0d80432c79	6831	#ifdef HAVE_NULL_CIPHER
wolfSSL	4:1b0d80432c79	6832	case wolfssl_cipher_null:
wolfSSL	4:1b0d80432c79	6833	if (input != plain) {
wolfSSL	4:1b0d80432c79	6834	XMEMMOVE(plain, input, sz);
wolfSSL	4:1b0d80432c79	6835	}
wolfSSL	4:1b0d80432c79	6836	break;
wolfSSL	4:1b0d80432c79	6837	#endif
wolfSSL	4:1b0d80432c79	6838
wolfSSL	4:1b0d80432c79	6839	#ifdef HAVE_IDEA
wolfSSL	4:1b0d80432c79	6840	case wolfssl_idea:
wolfSSL	4:1b0d80432c79	6841	ret = wc_IdeaCbcDecrypt(ssl->decrypt.idea, plain, input, sz);
wolfSSL	4:1b0d80432c79	6842	break;
wolfSSL	4:1b0d80432c79	6843	#endif
wolfSSL	4:1b0d80432c79	6844
wolfSSL	4:1b0d80432c79	6845	default:
wolfSSL	4:1b0d80432c79	6846	WOLFSSL_MSG("wolfSSL Decrypt programming error");
wolfSSL	4:1b0d80432c79	6847	ret = DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	6848	}
wolfSSL	4:1b0d80432c79	6849
wolfSSL	4:1b0d80432c79	6850	return ret;
wolfSSL	4:1b0d80432c79	6851	}
wolfSSL	4:1b0d80432c79	6852
wolfSSL	4:1b0d80432c79	6853
wolfSSL	4:1b0d80432c79	6854	/* check cipher text size for sanity */
wolfSSL	4:1b0d80432c79	6855	static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
wolfSSL	4:1b0d80432c79	6856	{
wolfSSL	4:1b0d80432c79	6857	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	6858	word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
wolfSSL	4:1b0d80432c79	6859	: ssl->specs.hash_size;
wolfSSL	4:1b0d80432c79	6860	#else
wolfSSL	4:1b0d80432c79	6861	word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL	4:1b0d80432c79	6862	#endif
wolfSSL	4:1b0d80432c79	6863
wolfSSL	4:1b0d80432c79	6864	if (ssl->specs.cipher_type == block) {
wolfSSL	4:1b0d80432c79	6865	if (encryptSz % ssl->specs.block_size) {
wolfSSL	4:1b0d80432c79	6866	WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL	4:1b0d80432c79	6867	return SANITY_CIPHER_E;
wolfSSL	4:1b0d80432c79	6868	}
wolfSSL	4:1b0d80432c79	6869
wolfSSL	4:1b0d80432c79	6870	minLength++; /* pad byte */
wolfSSL	4:1b0d80432c79	6871
wolfSSL	4:1b0d80432c79	6872	if (ssl->specs.block_size > minLength)
wolfSSL	4:1b0d80432c79	6873	minLength = ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	6874
wolfSSL	4:1b0d80432c79	6875	if (ssl->options.tls1_1)
wolfSSL	4:1b0d80432c79	6876	minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL	4:1b0d80432c79	6877	}
wolfSSL	4:1b0d80432c79	6878	else if (ssl->specs.cipher_type == aead) {
wolfSSL	4:1b0d80432c79	6879	minLength = ssl->specs.aead_mac_size; /* authTag size */
wolfSSL	4:1b0d80432c79	6880	if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	4:1b0d80432c79	6881	minLength += AESGCM_EXP_IV_SZ; /* explicit IV */
wolfSSL	4:1b0d80432c79	6882	}
wolfSSL	4:1b0d80432c79	6883
wolfSSL	4:1b0d80432c79	6884	if (encryptSz < minLength) {
wolfSSL	4:1b0d80432c79	6885	WOLFSSL_MSG("Ciphertext not minimum size");
wolfSSL	4:1b0d80432c79	6886	return SANITY_CIPHER_E;
wolfSSL	4:1b0d80432c79	6887	}
wolfSSL	4:1b0d80432c79	6888
wolfSSL	4:1b0d80432c79	6889	return 0;
wolfSSL	4:1b0d80432c79	6890	}
wolfSSL	4:1b0d80432c79	6891
wolfSSL	4:1b0d80432c79	6892
wolfSSL	4:1b0d80432c79	6893	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	6894
wolfSSL	4:1b0d80432c79	6895	static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6896	{
wolfSSL	4:1b0d80432c79	6897	Md5 md5;
wolfSSL	4:1b0d80432c79	6898	int i;
wolfSSL	4:1b0d80432c79	6899
wolfSSL	4:1b0d80432c79	6900	wc_InitMd5(&md5);
wolfSSL	4:1b0d80432c79	6901
wolfSSL	4:1b0d80432c79	6902	for (i = 0; i < rounds; i++)
wolfSSL	4:1b0d80432c79	6903	wc_Md5Update(&md5, data, sz);
wolfSSL	4:1b0d80432c79	6904	wc_Md5Free(&md5) ; /* in case needed to release resources */
wolfSSL	4:1b0d80432c79	6905	}
wolfSSL	4:1b0d80432c79	6906
wolfSSL	4:1b0d80432c79	6907
wolfSSL	4:1b0d80432c79	6908
wolfSSL	4:1b0d80432c79	6909	/* do a dummy sha round */
wolfSSL	4:1b0d80432c79	6910	static INLINE void ShaRounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6911	{
wolfSSL	4:1b0d80432c79	6912	Sha sha;
wolfSSL	4:1b0d80432c79	6913	int i;
wolfSSL	4:1b0d80432c79	6914
wolfSSL	4:1b0d80432c79	6915	wc_InitSha(&sha); /* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6916
wolfSSL	4:1b0d80432c79	6917	for (i = 0; i < rounds; i++)
wolfSSL	4:1b0d80432c79	6918	wc_ShaUpdate(&sha, data, sz);
wolfSSL	4:1b0d80432c79	6919	wc_ShaFree(&sha) ; /* in case needed to release resources */
wolfSSL	4:1b0d80432c79	6920	}
wolfSSL	4:1b0d80432c79	6921	#endif
wolfSSL	4:1b0d80432c79	6922
wolfSSL	4:1b0d80432c79	6923
wolfSSL	4:1b0d80432c79	6924	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	6925
wolfSSL	4:1b0d80432c79	6926	static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6927	{
wolfSSL	4:1b0d80432c79	6928	Sha256 sha256;
wolfSSL	4:1b0d80432c79	6929	int i;
wolfSSL	4:1b0d80432c79	6930
wolfSSL	4:1b0d80432c79	6931	wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6932
wolfSSL	4:1b0d80432c79	6933	for (i = 0; i < rounds; i++) {
wolfSSL	4:1b0d80432c79	6934	wc_Sha256Update(&sha256, data, sz);
wolfSSL	4:1b0d80432c79	6935	/* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6936	}
wolfSSL	4:1b0d80432c79	6937	wc_Sha256Free(&sha256) ; /* in case needed to release resources */
wolfSSL	4:1b0d80432c79	6938	}
wolfSSL	4:1b0d80432c79	6939
wolfSSL	4:1b0d80432c79	6940	#endif
wolfSSL	4:1b0d80432c79	6941
wolfSSL	4:1b0d80432c79	6942
wolfSSL	4:1b0d80432c79	6943	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	6944
wolfSSL	4:1b0d80432c79	6945	static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6946	{
wolfSSL	4:1b0d80432c79	6947	Sha384 sha384;
wolfSSL	4:1b0d80432c79	6948	int i;
wolfSSL	4:1b0d80432c79	6949
wolfSSL	4:1b0d80432c79	6950	wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6951
wolfSSL	4:1b0d80432c79	6952	for (i = 0; i < rounds; i++) {
wolfSSL	4:1b0d80432c79	6953	wc_Sha384Update(&sha384, data, sz);
wolfSSL	4:1b0d80432c79	6954	/* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6955	}
wolfSSL	4:1b0d80432c79	6956	wc_Sha384Free(&sha384) ; /* in case needed to release resources */
wolfSSL	4:1b0d80432c79	6957	}
wolfSSL	4:1b0d80432c79	6958
wolfSSL	4:1b0d80432c79	6959	#endif
wolfSSL	4:1b0d80432c79	6960
wolfSSL	4:1b0d80432c79	6961
wolfSSL	4:1b0d80432c79	6962	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	6963
wolfSSL	4:1b0d80432c79	6964	static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6965	{
wolfSSL	4:1b0d80432c79	6966	Sha512 sha512;
wolfSSL	4:1b0d80432c79	6967	int i;
wolfSSL	4:1b0d80432c79	6968
wolfSSL	4:1b0d80432c79	6969	wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6970
wolfSSL	4:1b0d80432c79	6971	for (i = 0; i < rounds; i++) {
wolfSSL	4:1b0d80432c79	6972	wc_Sha512Update(&sha512, data, sz);
wolfSSL	4:1b0d80432c79	6973	/* no error check on purpose, dummy round */
wolfSSL	4:1b0d80432c79	6974	}
wolfSSL	4:1b0d80432c79	6975	wc_Sha512Free(&sha512) ; /* in case needed to release resources */
wolfSSL	4:1b0d80432c79	6976	}
wolfSSL	4:1b0d80432c79	6977
wolfSSL	4:1b0d80432c79	6978	#endif
wolfSSL	4:1b0d80432c79	6979
wolfSSL	4:1b0d80432c79	6980
wolfSSL	4:1b0d80432c79	6981	#ifdef WOLFSSL_RIPEMD
wolfSSL	4:1b0d80432c79	6982
wolfSSL	4:1b0d80432c79	6983	static INLINE void RmdRounds(int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6984	{
wolfSSL	4:1b0d80432c79	6985	RipeMd ripemd;
wolfSSL	4:1b0d80432c79	6986	int i;
wolfSSL	4:1b0d80432c79	6987
wolfSSL	4:1b0d80432c79	6988	wc_InitRipeMd(&ripemd);
wolfSSL	4:1b0d80432c79	6989
wolfSSL	4:1b0d80432c79	6990	for (i = 0; i < rounds; i++)
wolfSSL	4:1b0d80432c79	6991	wc_RipeMdUpdate(&ripemd, data, sz);
wolfSSL	4:1b0d80432c79	6992	}
wolfSSL	4:1b0d80432c79	6993
wolfSSL	4:1b0d80432c79	6994	#endif
wolfSSL	4:1b0d80432c79	6995
wolfSSL	4:1b0d80432c79	6996
wolfSSL	4:1b0d80432c79	6997	/* Do dummy rounds */
wolfSSL	4:1b0d80432c79	6998	static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
wolfSSL	4:1b0d80432c79	6999	{
wolfSSL	4:1b0d80432c79	7000	switch (type) {
wolfSSL	4:1b0d80432c79	7001
wolfSSL	4:1b0d80432c79	7002	case no_mac :
wolfSSL	4:1b0d80432c79	7003	break;
wolfSSL	4:1b0d80432c79	7004
wolfSSL	4:1b0d80432c79	7005	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	7006	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	7007	case md5_mac :
wolfSSL	4:1b0d80432c79	7008	Md5Rounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7009	break;
wolfSSL	4:1b0d80432c79	7010	#endif
wolfSSL	4:1b0d80432c79	7011
wolfSSL	4:1b0d80432c79	7012	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	7013	case sha_mac :
wolfSSL	4:1b0d80432c79	7014	ShaRounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7015	break;
wolfSSL	4:1b0d80432c79	7016	#endif
wolfSSL	4:1b0d80432c79	7017	#endif
wolfSSL	4:1b0d80432c79	7018
wolfSSL	4:1b0d80432c79	7019	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	7020	case sha256_mac :
wolfSSL	4:1b0d80432c79	7021	Sha256Rounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7022	break;
wolfSSL	4:1b0d80432c79	7023	#endif
wolfSSL	4:1b0d80432c79	7024
wolfSSL	4:1b0d80432c79	7025	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	7026	case sha384_mac :
wolfSSL	4:1b0d80432c79	7027	Sha384Rounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7028	break;
wolfSSL	4:1b0d80432c79	7029	#endif
wolfSSL	4:1b0d80432c79	7030
wolfSSL	4:1b0d80432c79	7031	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	7032	case sha512_mac :
wolfSSL	4:1b0d80432c79	7033	Sha512Rounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7034	break;
wolfSSL	4:1b0d80432c79	7035	#endif
wolfSSL	4:1b0d80432c79	7036
wolfSSL	4:1b0d80432c79	7037	#ifdef WOLFSSL_RIPEMD
wolfSSL	4:1b0d80432c79	7038	case rmd_mac :
wolfSSL	4:1b0d80432c79	7039	RmdRounds(rounds, data, sz);
wolfSSL	4:1b0d80432c79	7040	break;
wolfSSL	4:1b0d80432c79	7041	#endif
wolfSSL	4:1b0d80432c79	7042
wolfSSL	4:1b0d80432c79	7043	default:
wolfSSL	4:1b0d80432c79	7044	WOLFSSL_MSG("Bad round type");
wolfSSL	4:1b0d80432c79	7045	break;
wolfSSL	4:1b0d80432c79	7046	}
wolfSSL	4:1b0d80432c79	7047	}
wolfSSL	4:1b0d80432c79	7048
wolfSSL	4:1b0d80432c79	7049
wolfSSL	4:1b0d80432c79	7050	/* do number of compression rounds on dummy data */
wolfSSL	4:1b0d80432c79	7051	static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
wolfSSL	4:1b0d80432c79	7052	{
wolfSSL	4:1b0d80432c79	7053	if (rounds)
wolfSSL	4:1b0d80432c79	7054	DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
wolfSSL	4:1b0d80432c79	7055	}
wolfSSL	4:1b0d80432c79	7056
wolfSSL	4:1b0d80432c79	7057
wolfSSL	4:1b0d80432c79	7058	/* check all length bytes for the pad value, return 0 on success */
wolfSSL	4:1b0d80432c79	7059	static int PadCheck(const byte* a, byte pad, int length)
wolfSSL	4:1b0d80432c79	7060	{
wolfSSL	4:1b0d80432c79	7061	int i;
wolfSSL	4:1b0d80432c79	7062	int compareSum = 0;
wolfSSL	4:1b0d80432c79	7063
wolfSSL	4:1b0d80432c79	7064	for (i = 0; i < length; i++) {
wolfSSL	4:1b0d80432c79	7065	compareSum \|= a[i] ^ pad;
wolfSSL	4:1b0d80432c79	7066	}
wolfSSL	4:1b0d80432c79	7067
wolfSSL	4:1b0d80432c79	7068	return compareSum;
wolfSSL	4:1b0d80432c79	7069	}
wolfSSL	4:1b0d80432c79	7070
wolfSSL	4:1b0d80432c79	7071
wolfSSL	4:1b0d80432c79	7072	/* get compression extra rounds */
wolfSSL	4:1b0d80432c79	7073	static INLINE int GetRounds(int pLen, int padLen, int t)
wolfSSL	4:1b0d80432c79	7074	{
wolfSSL	4:1b0d80432c79	7075	int roundL1 = 1; /* round up flags */
wolfSSL	4:1b0d80432c79	7076	int roundL2 = 1;
wolfSSL	4:1b0d80432c79	7077
wolfSSL	4:1b0d80432c79	7078	int L1 = COMPRESS_CONSTANT + pLen - t;
wolfSSL	4:1b0d80432c79	7079	int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
wolfSSL	4:1b0d80432c79	7080
wolfSSL	4:1b0d80432c79	7081	L1 -= COMPRESS_UPPER;
wolfSSL	4:1b0d80432c79	7082	L2 -= COMPRESS_UPPER;
wolfSSL	4:1b0d80432c79	7083
wolfSSL	4:1b0d80432c79	7084	if ( (L1 % COMPRESS_LOWER) == 0)
wolfSSL	4:1b0d80432c79	7085	roundL1 = 0;
wolfSSL	4:1b0d80432c79	7086	if ( (L2 % COMPRESS_LOWER) == 0)
wolfSSL	4:1b0d80432c79	7087	roundL2 = 0;
wolfSSL	4:1b0d80432c79	7088
wolfSSL	4:1b0d80432c79	7089	L1 /= COMPRESS_LOWER;
wolfSSL	4:1b0d80432c79	7090	L2 /= COMPRESS_LOWER;
wolfSSL	4:1b0d80432c79	7091
wolfSSL	4:1b0d80432c79	7092	L1 += roundL1;
wolfSSL	4:1b0d80432c79	7093	L2 += roundL2;
wolfSSL	4:1b0d80432c79	7094
wolfSSL	4:1b0d80432c79	7095	return L1 - L2;
wolfSSL	4:1b0d80432c79	7096	}
wolfSSL	4:1b0d80432c79	7097
wolfSSL	4:1b0d80432c79	7098
wolfSSL	4:1b0d80432c79	7099	/* timing resistant pad/verify check, return 0 on success */
wolfSSL	4:1b0d80432c79	7100	static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL	4:1b0d80432c79	7101	int pLen, int content)
wolfSSL	4:1b0d80432c79	7102	{
wolfSSL	4:1b0d80432c79	7103	byte verify[MAX_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	7104	byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL	4:1b0d80432c79	7105	byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL	4:1b0d80432c79	7106	int ret = 0;
wolfSSL	4:1b0d80432c79	7107
wolfSSL	4:1b0d80432c79	7108	(void)dmy;
wolfSSL	4:1b0d80432c79	7109
wolfSSL	4:1b0d80432c79	7110	if ( (t + padLen + 1) > pLen) {
wolfSSL	4:1b0d80432c79	7111	WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL	4:1b0d80432c79	7112	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
wolfSSL	4:1b0d80432c79	7113	ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL	4:1b0d80432c79	7114	ConstantCompare(verify, input + pLen - t, t);
wolfSSL	4:1b0d80432c79	7115
wolfSSL	4:1b0d80432c79	7116	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7117	}
wolfSSL	4:1b0d80432c79	7118
wolfSSL	4:1b0d80432c79	7119	if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
wolfSSL	4:1b0d80432c79	7120	WOLFSSL_MSG("PadCheck failed");
wolfSSL	4:1b0d80432c79	7121	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL	4:1b0d80432c79	7122	ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL	4:1b0d80432c79	7123	ConstantCompare(verify, input + pLen - t, t);
wolfSSL	4:1b0d80432c79	7124
wolfSSL	4:1b0d80432c79	7125	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7126	}
wolfSSL	4:1b0d80432c79	7127
wolfSSL	4:1b0d80432c79	7128	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL	4:1b0d80432c79	7129	ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
wolfSSL	4:1b0d80432c79	7130
wolfSSL	4:1b0d80432c79	7131	CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
wolfSSL	4:1b0d80432c79	7132
wolfSSL	4:1b0d80432c79	7133	if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
wolfSSL	4:1b0d80432c79	7134	WOLFSSL_MSG("Verify MAC compare failed");
wolfSSL	4:1b0d80432c79	7135	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7136	}
wolfSSL	4:1b0d80432c79	7137
wolfSSL	4:1b0d80432c79	7138	if (ret != 0)
wolfSSL	4:1b0d80432c79	7139	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7140	return 0;
wolfSSL	4:1b0d80432c79	7141	}
wolfSSL	4:1b0d80432c79	7142
wolfSSL	4:1b0d80432c79	7143
wolfSSL	4:1b0d80432c79	7144	int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
wolfSSL	4:1b0d80432c79	7145	{
wolfSSL	4:1b0d80432c79	7146	word32 msgSz = ssl->keys.encryptSz;
wolfSSL	4:1b0d80432c79	7147	word32 idx = *inOutIdx;
wolfSSL	4:1b0d80432c79	7148	int dataSz;
wolfSSL	4:1b0d80432c79	7149	int ivExtra = 0;
wolfSSL	4:1b0d80432c79	7150	byte* rawData = input + idx; /* keep current for hmac */
wolfSSL	4:1b0d80432c79	7151	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	7152	byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	4:1b0d80432c79	7153	#endif
wolfSSL	4:1b0d80432c79	7154
wolfSSL	4:1b0d80432c79	7155	if (ssl->options.handShakeDone == 0) {
wolfSSL	4:1b0d80432c79	7156	WOLFSSL_MSG("Received App data before a handshake completed");
wolfSSL	4:1b0d80432c79	7157	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	7158	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	7159	}
wolfSSL	4:1b0d80432c79	7160
wolfSSL	4:1b0d80432c79	7161	if (ssl->specs.cipher_type == block) {
wolfSSL	4:1b0d80432c79	7162	if (ssl->options.tls1_1)
wolfSSL	4:1b0d80432c79	7163	ivExtra = ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	7164	}
wolfSSL	4:1b0d80432c79	7165	else if (ssl->specs.cipher_type == aead) {
wolfSSL	4:1b0d80432c79	7166	if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	4:1b0d80432c79	7167	ivExtra = AESGCM_EXP_IV_SZ;
wolfSSL	4:1b0d80432c79	7168	}
wolfSSL	4:1b0d80432c79	7169
wolfSSL	4:1b0d80432c79	7170	dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	7171	if (dataSz < 0) {
wolfSSL	4:1b0d80432c79	7172	WOLFSSL_MSG("App data buffer error, malicious input?");
wolfSSL	4:1b0d80432c79	7173	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	7174	}
wolfSSL	4:1b0d80432c79	7175
wolfSSL	4:1b0d80432c79	7176	/* read data */
wolfSSL	4:1b0d80432c79	7177	if (dataSz) {
wolfSSL	4:1b0d80432c79	7178	int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL	4:1b0d80432c79	7179
wolfSSL	4:1b0d80432c79	7180	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	7181	if (ssl->options.usingCompression) {
wolfSSL	4:1b0d80432c79	7182	dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL	4:1b0d80432c79	7183	if (dataSz < 0) return dataSz;
wolfSSL	4:1b0d80432c79	7184	}
wolfSSL	4:1b0d80432c79	7185	#endif
wolfSSL	4:1b0d80432c79	7186	idx += rawSz;
wolfSSL	4:1b0d80432c79	7187
wolfSSL	4:1b0d80432c79	7188	ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL	4:1b0d80432c79	7189	ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL	4:1b0d80432c79	7190	}
wolfSSL	4:1b0d80432c79	7191
wolfSSL	4:1b0d80432c79	7192	idx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	7193
wolfSSL	4:1b0d80432c79	7194	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	7195	/* decompress could be bigger, overwrite after verify */
wolfSSL	4:1b0d80432c79	7196	if (ssl->options.usingCompression)
wolfSSL	4:1b0d80432c79	7197	XMEMMOVE(rawData, decomp, dataSz);
wolfSSL	4:1b0d80432c79	7198	#endif
wolfSSL	4:1b0d80432c79	7199
wolfSSL	4:1b0d80432c79	7200	*inOutIdx = idx;
wolfSSL	4:1b0d80432c79	7201	return 0;
wolfSSL	4:1b0d80432c79	7202	}
wolfSSL	4:1b0d80432c79	7203
wolfSSL	4:1b0d80432c79	7204
wolfSSL	4:1b0d80432c79	7205	/* process alert, return level */
wolfSSL	4:1b0d80432c79	7206	static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL	4:1b0d80432c79	7207	word32 totalSz)
wolfSSL	4:1b0d80432c79	7208	{
wolfSSL	4:1b0d80432c79	7209	byte level;
wolfSSL	4:1b0d80432c79	7210	byte code;
wolfSSL	4:1b0d80432c79	7211
wolfSSL	4:1b0d80432c79	7212	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	7213	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	7214	AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	7215	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	7216	/* add record header back on to info + 2 byte level, data */
wolfSSL	4:1b0d80432c79	7217	AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
wolfSSL	4:1b0d80432c79	7218	RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL	4:1b0d80432c79	7219	#endif
wolfSSL	4:1b0d80432c79	7220
wolfSSL	4:1b0d80432c79	7221	/* make sure can read the message */
wolfSSL	4:1b0d80432c79	7222	if (*inOutIdx + ALERT_SIZE > totalSz)
wolfSSL	4:1b0d80432c79	7223	return BUFFER_E;
wolfSSL	4:1b0d80432c79	7224
wolfSSL	4:1b0d80432c79	7225	level = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	7226	code = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	7227	ssl->alert_history.last_rx.code = code;
wolfSSL	4:1b0d80432c79	7228	ssl->alert_history.last_rx.level = level;
wolfSSL	4:1b0d80432c79	7229	*type = code;
wolfSSL	4:1b0d80432c79	7230	if (level == alert_fatal) {
wolfSSL	4:1b0d80432c79	7231	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	4:1b0d80432c79	7232	}
wolfSSL	4:1b0d80432c79	7233
wolfSSL	4:1b0d80432c79	7234	WOLFSSL_MSG("Got alert");
wolfSSL	4:1b0d80432c79	7235	if (*type == close_notify) {
wolfSSL	4:1b0d80432c79	7236	WOLFSSL_MSG(" close notify");
wolfSSL	4:1b0d80432c79	7237	ssl->options.closeNotify = 1;
wolfSSL	4:1b0d80432c79	7238	}
wolfSSL	4:1b0d80432c79	7239	WOLFSSL_ERROR(*type);
wolfSSL	4:1b0d80432c79	7240	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	7241	if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL	4:1b0d80432c79	7242	return BUFFER_E;
wolfSSL	4:1b0d80432c79	7243	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	7244	}
wolfSSL	4:1b0d80432c79	7245
wolfSSL	4:1b0d80432c79	7246	return level;
wolfSSL	4:1b0d80432c79	7247	}
wolfSSL	4:1b0d80432c79	7248
wolfSSL	4:1b0d80432c79	7249	static int GetInputData(WOLFSSL *ssl, word32 size)
wolfSSL	4:1b0d80432c79	7250	{
wolfSSL	4:1b0d80432c79	7251	int in;
wolfSSL	4:1b0d80432c79	7252	int inSz;
wolfSSL	4:1b0d80432c79	7253	int maxLength;
wolfSSL	4:1b0d80432c79	7254	int usedLength;
wolfSSL	4:1b0d80432c79	7255	int dtlsExtra = 0;
wolfSSL	4:1b0d80432c79	7256
wolfSSL	4:1b0d80432c79	7257
wolfSSL	4:1b0d80432c79	7258	/* check max input length */
wolfSSL	4:1b0d80432c79	7259	usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	7260	maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL	4:1b0d80432c79	7261	inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL	4:1b0d80432c79	7262
wolfSSL	4:1b0d80432c79	7263	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7264	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7265	if (size < ssl->dtls_expected_rx)
wolfSSL	4:1b0d80432c79	7266	dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL	4:1b0d80432c79	7267	inSz = ssl->dtls_expected_rx;
wolfSSL	4:1b0d80432c79	7268	}
wolfSSL	4:1b0d80432c79	7269	#endif
wolfSSL	4:1b0d80432c79	7270
wolfSSL	4:1b0d80432c79	7271	if (inSz > maxLength) {
wolfSSL	4:1b0d80432c79	7272	if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL	4:1b0d80432c79	7273	return MEMORY_E;
wolfSSL	4:1b0d80432c79	7274	}
wolfSSL	4:1b0d80432c79	7275
wolfSSL	4:1b0d80432c79	7276	if (inSz <= 0)
wolfSSL	4:1b0d80432c79	7277	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	7278
wolfSSL	4:1b0d80432c79	7279	/* Put buffer data at start if not there */
wolfSSL	4:1b0d80432c79	7280	if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL	4:1b0d80432c79	7281	XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7282	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7283	usedLength);
wolfSSL	4:1b0d80432c79	7284
wolfSSL	4:1b0d80432c79	7285	/* remove processed data */
wolfSSL	4:1b0d80432c79	7286	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	7287	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	4:1b0d80432c79	7288
wolfSSL	4:1b0d80432c79	7289	/* read data from network */
wolfSSL	4:1b0d80432c79	7290	do {
wolfSSL	4:1b0d80432c79	7291	in = Receive(ssl,
wolfSSL	4:1b0d80432c79	7292	ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7293	ssl->buffers.inputBuffer.length,
wolfSSL	4:1b0d80432c79	7294	inSz);
wolfSSL	4:1b0d80432c79	7295	if (in == -1)
wolfSSL	4:1b0d80432c79	7296	return SOCKET_ERROR_E;
wolfSSL	4:1b0d80432c79	7297
wolfSSL	4:1b0d80432c79	7298	if (in == WANT_READ)
wolfSSL	4:1b0d80432c79	7299	return WANT_READ;
wolfSSL	4:1b0d80432c79	7300
wolfSSL	4:1b0d80432c79	7301	if (in > inSz)
wolfSSL	4:1b0d80432c79	7302	return RECV_OVERFLOW_E;
wolfSSL	4:1b0d80432c79	7303
wolfSSL	4:1b0d80432c79	7304	ssl->buffers.inputBuffer.length += in;
wolfSSL	4:1b0d80432c79	7305	inSz -= in;
wolfSSL	4:1b0d80432c79	7306
wolfSSL	4:1b0d80432c79	7307	} while (ssl->buffers.inputBuffer.length < size);
wolfSSL	4:1b0d80432c79	7308
wolfSSL	4:1b0d80432c79	7309	return 0;
wolfSSL	4:1b0d80432c79	7310	}
wolfSSL	4:1b0d80432c79	7311
wolfSSL	4:1b0d80432c79	7312
wolfSSL	4:1b0d80432c79	7313	static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL	4:1b0d80432c79	7314	int content, word32* padSz)
wolfSSL	4:1b0d80432c79	7315	{
wolfSSL	4:1b0d80432c79	7316	int ivExtra = 0;
wolfSSL	4:1b0d80432c79	7317	int ret;
wolfSSL	4:1b0d80432c79	7318	word32 pad = 0;
wolfSSL	4:1b0d80432c79	7319	word32 padByte = 0;
wolfSSL	4:1b0d80432c79	7320	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	7321	word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
wolfSSL	4:1b0d80432c79	7322	: ssl->specs.hash_size;
wolfSSL	4:1b0d80432c79	7323	#else
wolfSSL	4:1b0d80432c79	7324	word32 digestSz = ssl->specs.hash_size;
wolfSSL	4:1b0d80432c79	7325	#endif
wolfSSL	4:1b0d80432c79	7326	byte verify[MAX_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	7327
wolfSSL	4:1b0d80432c79	7328	if (ssl->specs.cipher_type == block) {
wolfSSL	4:1b0d80432c79	7329	if (ssl->options.tls1_1)
wolfSSL	4:1b0d80432c79	7330	ivExtra = ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	7331	pad = *(input + msgSz - ivExtra - 1);
wolfSSL	4:1b0d80432c79	7332	padByte = 1;
wolfSSL	4:1b0d80432c79	7333
wolfSSL	4:1b0d80432c79	7334	if (ssl->options.tls) {
wolfSSL	4:1b0d80432c79	7335	ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL	4:1b0d80432c79	7336	content);
wolfSSL	4:1b0d80432c79	7337	if (ret != 0)
wolfSSL	4:1b0d80432c79	7338	return ret;
wolfSSL	4:1b0d80432c79	7339	}
wolfSSL	4:1b0d80432c79	7340	else { /* sslv3, some implementations have bad padding, but don't
wolfSSL	4:1b0d80432c79	7341	* allow bad read */
wolfSSL	4:1b0d80432c79	7342	int badPadLen = 0;
wolfSSL	4:1b0d80432c79	7343	byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL	4:1b0d80432c79	7344	byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL	4:1b0d80432c79	7345
wolfSSL	4:1b0d80432c79	7346	(void)dmy;
wolfSSL	4:1b0d80432c79	7347
wolfSSL	4:1b0d80432c79	7348	if (pad > (msgSz - digestSz - 1)) {
wolfSSL	4:1b0d80432c79	7349	WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL	4:1b0d80432c79	7350	pad = 0; /* no bad read */
wolfSSL	4:1b0d80432c79	7351	badPadLen = 1;
wolfSSL	4:1b0d80432c79	7352	}
wolfSSL	4:1b0d80432c79	7353	PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL	4:1b0d80432c79	7354	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
wolfSSL	4:1b0d80432c79	7355	content, 1);
wolfSSL	4:1b0d80432c79	7356	if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL	4:1b0d80432c79	7357	digestSz) != 0)
wolfSSL	4:1b0d80432c79	7358	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7359	if (ret != 0 \|\| badPadLen)
wolfSSL	4:1b0d80432c79	7360	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7361	}
wolfSSL	4:1b0d80432c79	7362	}
wolfSSL	4:1b0d80432c79	7363	else if (ssl->specs.cipher_type == stream) {
wolfSSL	4:1b0d80432c79	7364	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
wolfSSL	4:1b0d80432c79	7365	if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL	4:1b0d80432c79	7366	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7367	}
wolfSSL	4:1b0d80432c79	7368	if (ret != 0)
wolfSSL	4:1b0d80432c79	7369	return VERIFY_MAC_ERROR;
wolfSSL	4:1b0d80432c79	7370	}
wolfSSL	4:1b0d80432c79	7371
wolfSSL	4:1b0d80432c79	7372	if (ssl->specs.cipher_type == aead) {
wolfSSL	4:1b0d80432c79	7373	*padSz = ssl->specs.aead_mac_size;
wolfSSL	4:1b0d80432c79	7374	}
wolfSSL	4:1b0d80432c79	7375	else {
wolfSSL	4:1b0d80432c79	7376	*padSz = digestSz + pad + padByte;
wolfSSL	4:1b0d80432c79	7377	}
wolfSSL	4:1b0d80432c79	7378
wolfSSL	4:1b0d80432c79	7379	return 0;
wolfSSL	4:1b0d80432c79	7380	}
wolfSSL	4:1b0d80432c79	7381
wolfSSL	4:1b0d80432c79	7382
wolfSSL	4:1b0d80432c79	7383	/* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL	4:1b0d80432c79	7384	negative number is error */
wolfSSL	4:1b0d80432c79	7385	int ProcessReply(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	7386	{
wolfSSL	4:1b0d80432c79	7387	int ret = 0, type, readSz;
wolfSSL	4:1b0d80432c79	7388	int atomicUser = 0;
wolfSSL	4:1b0d80432c79	7389	word32 startIdx = 0;
wolfSSL	4:1b0d80432c79	7390	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7391	int used;
wolfSSL	4:1b0d80432c79	7392	#endif
wolfSSL	4:1b0d80432c79	7393
wolfSSL	4:1b0d80432c79	7394	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	7395	if (ssl->ctx->DecryptVerifyCb)
wolfSSL	4:1b0d80432c79	7396	atomicUser = 1;
wolfSSL	4:1b0d80432c79	7397	#endif
wolfSSL	4:1b0d80432c79	7398
wolfSSL	4:1b0d80432c79	7399	if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){
wolfSSL	4:1b0d80432c79	7400	WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL	4:1b0d80432c79	7401	return ssl->error;
wolfSSL	4:1b0d80432c79	7402	}
wolfSSL	4:1b0d80432c79	7403
wolfSSL	4:1b0d80432c79	7404	for (;;) {
wolfSSL	4:1b0d80432c79	7405	switch (ssl->options.processReply) {
wolfSSL	4:1b0d80432c79	7406
wolfSSL	4:1b0d80432c79	7407	/* in the WOLFSSL_SERVER case, get the first byte for detecting
wolfSSL	4:1b0d80432c79	7408	* old client hello */
wolfSSL	4:1b0d80432c79	7409	case doProcessInit:
wolfSSL	4:1b0d80432c79	7410
wolfSSL	4:1b0d80432c79	7411	readSz = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	7412
wolfSSL	4:1b0d80432c79	7413	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7414	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	7415	readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	7416	#endif
wolfSSL	4:1b0d80432c79	7417
wolfSSL	4:1b0d80432c79	7418	/* get header or return error */
wolfSSL	4:1b0d80432c79	7419	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7420	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	4:1b0d80432c79	7421	return ret;
wolfSSL	4:1b0d80432c79	7422	} else {
wolfSSL	4:1b0d80432c79	7423	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7424	/* read ahead may already have header */
wolfSSL	4:1b0d80432c79	7425	used = ssl->buffers.inputBuffer.length -
wolfSSL	4:1b0d80432c79	7426	ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	7427	if (used < readSz)
wolfSSL	4:1b0d80432c79	7428	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	4:1b0d80432c79	7429	return ret;
wolfSSL	4:1b0d80432c79	7430	#endif
wolfSSL	4:1b0d80432c79	7431	}
wolfSSL	4:1b0d80432c79	7432
wolfSSL	4:1b0d80432c79	7433	#ifdef OLD_HELLO_ALLOWED
wolfSSL	4:1b0d80432c79	7434
wolfSSL	4:1b0d80432c79	7435	/* see if sending SSLv2 client hello */
wolfSSL	4:1b0d80432c79	7436	if ( ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	4:1b0d80432c79	7437	ssl->options.clientState == NULL_STATE &&
wolfSSL	4:1b0d80432c79	7438	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL	4:1b0d80432c79	7439	!= handshake) {
wolfSSL	4:1b0d80432c79	7440	byte b0, b1;
wolfSSL	4:1b0d80432c79	7441
wolfSSL	4:1b0d80432c79	7442	ssl->options.processReply = runProcessOldClientHello;
wolfSSL	4:1b0d80432c79	7443
wolfSSL	4:1b0d80432c79	7444	/* sanity checks before getting size at front */
wolfSSL	4:1b0d80432c79	7445	if (ssl->buffers.inputBuffer.buffer[
wolfSSL	4:1b0d80432c79	7446	ssl->buffers.inputBuffer.idx + 2] != OLD_HELLO_ID) {
wolfSSL	4:1b0d80432c79	7447	WOLFSSL_MSG("Not a valid old client hello");
wolfSSL	4:1b0d80432c79	7448	return PARSE_ERROR;
wolfSSL	4:1b0d80432c79	7449	}
wolfSSL	4:1b0d80432c79	7450
wolfSSL	4:1b0d80432c79	7451	if (ssl->buffers.inputBuffer.buffer[
wolfSSL	4:1b0d80432c79	7452	ssl->buffers.inputBuffer.idx + 3] != SSLv3_MAJOR &&
wolfSSL	4:1b0d80432c79	7453	ssl->buffers.inputBuffer.buffer[
wolfSSL	4:1b0d80432c79	7454	ssl->buffers.inputBuffer.idx + 3] != DTLS_MAJOR) {
wolfSSL	4:1b0d80432c79	7455	WOLFSSL_MSG("Not a valid version in old client hello");
wolfSSL	4:1b0d80432c79	7456	return PARSE_ERROR;
wolfSSL	4:1b0d80432c79	7457	}
wolfSSL	4:1b0d80432c79	7458
wolfSSL	4:1b0d80432c79	7459	/* how many bytes need ProcessOldClientHello */
wolfSSL	4:1b0d80432c79	7460	b0 =
wolfSSL	4:1b0d80432c79	7461	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	4:1b0d80432c79	7462	b1 =
wolfSSL	4:1b0d80432c79	7463	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	4:1b0d80432c79	7464	ssl->curSize = (word16)(((b0 & 0x7f) << 8) \| b1);
wolfSSL	4:1b0d80432c79	7465	}
wolfSSL	4:1b0d80432c79	7466	else {
wolfSSL	4:1b0d80432c79	7467	ssl->options.processReply = getRecordLayerHeader;
wolfSSL	4:1b0d80432c79	7468	continue;
wolfSSL	4:1b0d80432c79	7469	}
wolfSSL	4:1b0d80432c79	7470
wolfSSL	4:1b0d80432c79	7471	/* in the WOLFSSL_SERVER case, run the old client hello */
wolfSSL	4:1b0d80432c79	7472	case runProcessOldClientHello:
wolfSSL	4:1b0d80432c79	7473
wolfSSL	4:1b0d80432c79	7474	/* get sz bytes or return error */
wolfSSL	4:1b0d80432c79	7475	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7476	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	4:1b0d80432c79	7477	return ret;
wolfSSL	4:1b0d80432c79	7478	} else {
wolfSSL	4:1b0d80432c79	7479	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7480	/* read ahead may already have */
wolfSSL	4:1b0d80432c79	7481	used = ssl->buffers.inputBuffer.length -
wolfSSL	4:1b0d80432c79	7482	ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	7483	if (used < ssl->curSize)
wolfSSL	4:1b0d80432c79	7484	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	4:1b0d80432c79	7485	return ret;
wolfSSL	4:1b0d80432c79	7486	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	7487	}
wolfSSL	4:1b0d80432c79	7488
wolfSSL	4:1b0d80432c79	7489	ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7490	&ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7491	ssl->buffers.inputBuffer.length -
wolfSSL	4:1b0d80432c79	7492	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7493	ssl->curSize);
wolfSSL	4:1b0d80432c79	7494	if (ret < 0)
wolfSSL	4:1b0d80432c79	7495	return ret;
wolfSSL	4:1b0d80432c79	7496
wolfSSL	4:1b0d80432c79	7497	else if (ssl->buffers.inputBuffer.idx ==
wolfSSL	4:1b0d80432c79	7498	ssl->buffers.inputBuffer.length) {
wolfSSL	4:1b0d80432c79	7499	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	7500	return 0;
wolfSSL	4:1b0d80432c79	7501	}
wolfSSL	4:1b0d80432c79	7502
wolfSSL	4:1b0d80432c79	7503	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	4:1b0d80432c79	7504
wolfSSL	4:1b0d80432c79	7505	/* get the record layer header */
wolfSSL	4:1b0d80432c79	7506	case getRecordLayerHeader:
wolfSSL	4:1b0d80432c79	7507
wolfSSL	4:1b0d80432c79	7508	ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7509	&ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7510	&ssl->curRL, &ssl->curSize);
wolfSSL	4:1b0d80432c79	7511	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7512	if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL	4:1b0d80432c79	7513	WOLFSSL_MSG("Silently dropping out of order DTLS message");
wolfSSL	4:1b0d80432c79	7514	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	7515	ssl->buffers.inputBuffer.length = 0;
wolfSSL	4:1b0d80432c79	7516	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	4:1b0d80432c79	7517	continue;
wolfSSL	4:1b0d80432c79	7518	}
wolfSSL	4:1b0d80432c79	7519	#endif
wolfSSL	4:1b0d80432c79	7520	if (ret != 0)
wolfSSL	4:1b0d80432c79	7521	return ret;
wolfSSL	4:1b0d80432c79	7522
wolfSSL	4:1b0d80432c79	7523	ssl->options.processReply = getData;
wolfSSL	4:1b0d80432c79	7524
wolfSSL	4:1b0d80432c79	7525	/* retrieve record layer data */
wolfSSL	4:1b0d80432c79	7526	case getData:
wolfSSL	4:1b0d80432c79	7527
wolfSSL	4:1b0d80432c79	7528	/* get sz bytes or return error */
wolfSSL	4:1b0d80432c79	7529	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7530	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	4:1b0d80432c79	7531	return ret;
wolfSSL	4:1b0d80432c79	7532	} else {
wolfSSL	4:1b0d80432c79	7533	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7534	/* read ahead may already have */
wolfSSL	4:1b0d80432c79	7535	used = ssl->buffers.inputBuffer.length -
wolfSSL	4:1b0d80432c79	7536	ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	7537	if (used < ssl->curSize)
wolfSSL	4:1b0d80432c79	7538	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	4:1b0d80432c79	7539	return ret;
wolfSSL	4:1b0d80432c79	7540	#endif
wolfSSL	4:1b0d80432c79	7541	}
wolfSSL	4:1b0d80432c79	7542
wolfSSL	4:1b0d80432c79	7543	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	4:1b0d80432c79	7544	startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL	4:1b0d80432c79	7545
wolfSSL	4:1b0d80432c79	7546	/* the record layer is here */
wolfSSL	4:1b0d80432c79	7547	case runProcessingOneMessage:
wolfSSL	4:1b0d80432c79	7548
wolfSSL	4:1b0d80432c79	7549	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0)
wolfSSL	4:1b0d80432c79	7550	{
wolfSSL	4:1b0d80432c79	7551	ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL	4:1b0d80432c79	7552	if (ret < 0)
wolfSSL	4:1b0d80432c79	7553	return ret;
wolfSSL	4:1b0d80432c79	7554
wolfSSL	4:1b0d80432c79	7555	if (atomicUser) {
wolfSSL	4:1b0d80432c79	7556	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	7557	ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL	4:1b0d80432c79	7558	ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7559	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7560	ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7561	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7562	ssl->curSize, ssl->curRL.type, 1,
wolfSSL	4:1b0d80432c79	7563	&ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL	4:1b0d80432c79	7564	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	4:1b0d80432c79	7565	ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	7566	/* go past TLSv1.1 IV */
wolfSSL	4:1b0d80432c79	7567	if (ssl->specs.cipher_type == aead &&
wolfSSL	4:1b0d80432c79	7568	ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	4:1b0d80432c79	7569	ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL	4:1b0d80432c79	7570	#endif /* ATOMIC_USER */
wolfSSL	4:1b0d80432c79	7571	}
wolfSSL	4:1b0d80432c79	7572	else {
wolfSSL	4:1b0d80432c79	7573	ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7574	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7575	ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7576	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7577	ssl->curSize);
wolfSSL	4:1b0d80432c79	7578	if (ret < 0) {
wolfSSL	4:1b0d80432c79	7579	WOLFSSL_MSG("Decrypt failed");
wolfSSL	4:1b0d80432c79	7580	WOLFSSL_ERROR(ret);
wolfSSL	4:1b0d80432c79	7581	return DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	7582	}
wolfSSL	4:1b0d80432c79	7583	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	4:1b0d80432c79	7584	ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	7585	/* go past TLSv1.1 IV */
wolfSSL	4:1b0d80432c79	7586	if (ssl->specs.cipher_type == aead &&
wolfSSL	4:1b0d80432c79	7587	ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	4:1b0d80432c79	7588	ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL	4:1b0d80432c79	7589
wolfSSL	4:1b0d80432c79	7590	ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7591	ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7592	ssl->curSize, ssl->curRL.type,
wolfSSL	4:1b0d80432c79	7593	&ssl->keys.padSz);
wolfSSL	4:1b0d80432c79	7594	}
wolfSSL	4:1b0d80432c79	7595	if (ret < 0) {
wolfSSL	4:1b0d80432c79	7596	WOLFSSL_MSG("VerifyMac failed");
wolfSSL	4:1b0d80432c79	7597	WOLFSSL_ERROR(ret);
wolfSSL	4:1b0d80432c79	7598	return DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	7599	}
wolfSSL	4:1b0d80432c79	7600	ssl->keys.encryptSz = ssl->curSize;
wolfSSL	4:1b0d80432c79	7601	ssl->keys.decryptedCur = 1;
wolfSSL	4:1b0d80432c79	7602	}
wolfSSL	4:1b0d80432c79	7603
wolfSSL	4:1b0d80432c79	7604	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7605	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7606	DtlsUpdateWindow(&ssl->keys.dtls_state);
wolfSSL	4:1b0d80432c79	7607	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	7608	}
wolfSSL	4:1b0d80432c79	7609
wolfSSL	4:1b0d80432c79	7610	WOLFSSL_MSG("received record layer msg");
wolfSSL	4:1b0d80432c79	7611
wolfSSL	4:1b0d80432c79	7612	switch (ssl->curRL.type) {
wolfSSL	4:1b0d80432c79	7613	case handshake :
wolfSSL	4:1b0d80432c79	7614	/* debugging in DoHandShakeMsg */
wolfSSL	4:1b0d80432c79	7615	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7616	ret = DoHandShakeMsg(ssl,
wolfSSL	4:1b0d80432c79	7617	ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7618	&ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7619	ssl->buffers.inputBuffer.length);
wolfSSL	4:1b0d80432c79	7620	}
wolfSSL	4:1b0d80432c79	7621	else {
wolfSSL	4:1b0d80432c79	7622	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7623	ret = DoDtlsHandShakeMsg(ssl,
wolfSSL	4:1b0d80432c79	7624	ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7625	&ssl->buffers.inputBuffer.idx,
wolfSSL	4:1b0d80432c79	7626	ssl->buffers.inputBuffer.length);
wolfSSL	4:1b0d80432c79	7627	#endif
wolfSSL	4:1b0d80432c79	7628	}
wolfSSL	4:1b0d80432c79	7629	if (ret != 0)
wolfSSL	4:1b0d80432c79	7630	return ret;
wolfSSL	4:1b0d80432c79	7631	break;
wolfSSL	4:1b0d80432c79	7632
wolfSSL	4:1b0d80432c79	7633	case change_cipher_spec:
wolfSSL	4:1b0d80432c79	7634	WOLFSSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL	4:1b0d80432c79	7635	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	7636	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	7637	AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	7638	/* add record header back on info */
wolfSSL	4:1b0d80432c79	7639	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	7640	AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
wolfSSL	4:1b0d80432c79	7641	ssl->buffers.inputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7642	ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL	4:1b0d80432c79	7643	1 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL	4:1b0d80432c79	7644	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	7645	}
wolfSSL	4:1b0d80432c79	7646	#endif
wolfSSL	4:1b0d80432c79	7647
wolfSSL	4:1b0d80432c79	7648	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7649	/* Check for duplicate CCS message in DTLS mode.
wolfSSL	4:1b0d80432c79	7650	* DTLS allows for duplicate messages, and it should be
wolfSSL	4:1b0d80432c79	7651	* skipped. */
wolfSSL	4:1b0d80432c79	7652	if (ssl->options.dtls &&
wolfSSL	4:1b0d80432c79	7653	ssl->msgsReceived.got_change_cipher) {
wolfSSL	4:1b0d80432c79	7654
wolfSSL	4:1b0d80432c79	7655	WOLFSSL_MSG("Duplicate ChangeCipher msg");
wolfSSL	4:1b0d80432c79	7656	ret = DtlsPoolSend(ssl);
wolfSSL	4:1b0d80432c79	7657	if (ret != 0)
wolfSSL	4:1b0d80432c79	7658	return ret;
wolfSSL	4:1b0d80432c79	7659
wolfSSL	4:1b0d80432c79	7660	if (ssl->curSize != 1) {
wolfSSL	4:1b0d80432c79	7661	WOLFSSL_MSG("Malicious or corrupted"
wolfSSL	4:1b0d80432c79	7662	" duplicate ChangeCipher msg");
wolfSSL	4:1b0d80432c79	7663	return LENGTH_ERROR;
wolfSSL	4:1b0d80432c79	7664	}
wolfSSL	4:1b0d80432c79	7665	ssl->buffers.inputBuffer.idx++;
wolfSSL	4:1b0d80432c79	7666	break;
wolfSSL	4:1b0d80432c79	7667	}
wolfSSL	4:1b0d80432c79	7668	#endif
wolfSSL	4:1b0d80432c79	7669
wolfSSL	4:1b0d80432c79	7670	ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
wolfSSL	4:1b0d80432c79	7671	if (ret != 0)
wolfSSL	4:1b0d80432c79	7672	return ret;
wolfSSL	4:1b0d80432c79	7673
wolfSSL	4:1b0d80432c79	7674	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	7675	if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL	4:1b0d80432c79	7676	ssl->expect_session_ticket) {
wolfSSL	4:1b0d80432c79	7677	WOLFSSL_MSG("Expected session ticket missing");
wolfSSL	4:1b0d80432c79	7678	return SESSION_TICKET_EXPECT_E;
wolfSSL	4:1b0d80432c79	7679	}
wolfSSL	4:1b0d80432c79	7680	#endif
wolfSSL	4:1b0d80432c79	7681
wolfSSL	4:1b0d80432c79	7682	if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
wolfSSL	4:1b0d80432c79	7683	ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	7684	ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
wolfSSL	4:1b0d80432c79	7685	}
wolfSSL	4:1b0d80432c79	7686
wolfSSL	4:1b0d80432c79	7687	if (ssl->curSize != 1) {
wolfSSL	4:1b0d80432c79	7688	WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL	4:1b0d80432c79	7689	return LENGTH_ERROR;
wolfSSL	4:1b0d80432c79	7690	}
wolfSSL	4:1b0d80432c79	7691	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	7692	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	4:1b0d80432c79	7693	ssl->options.verifyPeer &&
wolfSSL	4:1b0d80432c79	7694	ssl->options.havePeerCert)
wolfSSL	4:1b0d80432c79	7695	if (!ssl->options.havePeerVerify) {
wolfSSL	4:1b0d80432c79	7696	WOLFSSL_MSG("client didn't send cert verify");
wolfSSL	4:1b0d80432c79	7697	return NO_PEER_VERIFY;
wolfSSL	4:1b0d80432c79	7698	}
wolfSSL	4:1b0d80432c79	7699	#endif
wolfSSL	4:1b0d80432c79	7700
wolfSSL	4:1b0d80432c79	7701
wolfSSL	4:1b0d80432c79	7702	ssl->buffers.inputBuffer.idx++;
wolfSSL	4:1b0d80432c79	7703	ssl->keys.encryptionOn = 1;
wolfSSL	4:1b0d80432c79	7704
wolfSSL	4:1b0d80432c79	7705	/* setup decrypt keys for following messages */
wolfSSL	4:1b0d80432c79	7706	if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
wolfSSL	4:1b0d80432c79	7707	return ret;
wolfSSL	4:1b0d80432c79	7708
wolfSSL	4:1b0d80432c79	7709	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7710	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7711	DtlsPoolReset(ssl);
wolfSSL	4:1b0d80432c79	7712	ssl->keys.dtls_state.nextEpoch++;
wolfSSL	4:1b0d80432c79	7713	ssl->keys.dtls_state.nextSeq = 0;
wolfSSL	4:1b0d80432c79	7714	}
wolfSSL	4:1b0d80432c79	7715	#endif
wolfSSL	4:1b0d80432c79	7716
wolfSSL	4:1b0d80432c79	7717	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	7718	if (ssl->options.usingCompression)
wolfSSL	4:1b0d80432c79	7719	if ( (ret = InitStreams(ssl)) != 0)
wolfSSL	4:1b0d80432c79	7720	return ret;
wolfSSL	4:1b0d80432c79	7721	#endif
wolfSSL	4:1b0d80432c79	7722	ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
wolfSSL	4:1b0d80432c79	7723	ssl->options.side == WOLFSSL_CLIENT_END ?
wolfSSL	4:1b0d80432c79	7724	server : client);
wolfSSL	4:1b0d80432c79	7725	if (ret != 0)
wolfSSL	4:1b0d80432c79	7726	return ret;
wolfSSL	4:1b0d80432c79	7727	break;
wolfSSL	4:1b0d80432c79	7728
wolfSSL	4:1b0d80432c79	7729	case application_data:
wolfSSL	4:1b0d80432c79	7730	WOLFSSL_MSG("got app DATA");
wolfSSL	4:1b0d80432c79	7731	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7732	if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
wolfSSL	4:1b0d80432c79	7733	FreeHandshakeResources(ssl);
wolfSSL	4:1b0d80432c79	7734	ssl->options.dtlsHsRetain = 0;
wolfSSL	4:1b0d80432c79	7735	}
wolfSSL	4:1b0d80432c79	7736	#endif
wolfSSL	4:1b0d80432c79	7737	if ((ret = DoApplicationData(ssl,
wolfSSL	4:1b0d80432c79	7738	ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7739	&ssl->buffers.inputBuffer.idx))
wolfSSL	4:1b0d80432c79	7740	!= 0) {
wolfSSL	4:1b0d80432c79	7741	WOLFSSL_ERROR(ret);
wolfSSL	4:1b0d80432c79	7742	return ret;
wolfSSL	4:1b0d80432c79	7743	}
wolfSSL	4:1b0d80432c79	7744	break;
wolfSSL	4:1b0d80432c79	7745
wolfSSL	4:1b0d80432c79	7746	case alert:
wolfSSL	4:1b0d80432c79	7747	WOLFSSL_MSG("got ALERT!");
wolfSSL	4:1b0d80432c79	7748	ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	4:1b0d80432c79	7749	&ssl->buffers.inputBuffer.idx, &type,
wolfSSL	4:1b0d80432c79	7750	ssl->buffers.inputBuffer.length);
wolfSSL	4:1b0d80432c79	7751	if (ret == alert_fatal)
wolfSSL	4:1b0d80432c79	7752	return FATAL_ERROR;
wolfSSL	4:1b0d80432c79	7753	else if (ret < 0)
wolfSSL	4:1b0d80432c79	7754	return ret;
wolfSSL	4:1b0d80432c79	7755
wolfSSL	4:1b0d80432c79	7756	/* catch warnings that are handled as errors */
wolfSSL	4:1b0d80432c79	7757	if (type == close_notify)
wolfSSL	4:1b0d80432c79	7758	return ssl->error = ZERO_RETURN;
wolfSSL	4:1b0d80432c79	7759
wolfSSL	4:1b0d80432c79	7760	if (type == decrypt_error)
wolfSSL	4:1b0d80432c79	7761	return FATAL_ERROR;
wolfSSL	4:1b0d80432c79	7762	break;
wolfSSL	4:1b0d80432c79	7763
wolfSSL	4:1b0d80432c79	7764	default:
wolfSSL	4:1b0d80432c79	7765	WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL	4:1b0d80432c79	7766	return UNKNOWN_RECORD_TYPE;
wolfSSL	4:1b0d80432c79	7767	}
wolfSSL	4:1b0d80432c79	7768
wolfSSL	4:1b0d80432c79	7769	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	7770
wolfSSL	4:1b0d80432c79	7771	/* input exhausted? */
wolfSSL	4:1b0d80432c79	7772	if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
wolfSSL	4:1b0d80432c79	7773	return 0;
wolfSSL	4:1b0d80432c79	7774
wolfSSL	4:1b0d80432c79	7775	/* more messages per record */
wolfSSL	4:1b0d80432c79	7776	else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL	4:1b0d80432c79	7777	WOLFSSL_MSG("More messages in record");
wolfSSL	4:1b0d80432c79	7778	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7779	/* read-ahead but dtls doesn't bundle messages per record */
wolfSSL	4:1b0d80432c79	7780	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7781	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	7782	continue;
wolfSSL	4:1b0d80432c79	7783	}
wolfSSL	4:1b0d80432c79	7784	#endif
wolfSSL	4:1b0d80432c79	7785	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	4:1b0d80432c79	7786
wolfSSL	4:1b0d80432c79	7787	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	7788	WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
wolfSSL	4:1b0d80432c79	7789	ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	7790	}
wolfSSL	4:1b0d80432c79	7791
wolfSSL	4:1b0d80432c79	7792	continue;
wolfSSL	4:1b0d80432c79	7793	}
wolfSSL	4:1b0d80432c79	7794	/* more records */
wolfSSL	4:1b0d80432c79	7795	else {
wolfSSL	4:1b0d80432c79	7796	WOLFSSL_MSG("More records in input");
wolfSSL	4:1b0d80432c79	7797	ssl->options.processReply = doProcessInit;
wolfSSL	4:1b0d80432c79	7798	continue;
wolfSSL	4:1b0d80432c79	7799	}
wolfSSL	4:1b0d80432c79	7800
wolfSSL	4:1b0d80432c79	7801	default:
wolfSSL	4:1b0d80432c79	7802	WOLFSSL_MSG("Bad process input state, programming error");
wolfSSL	4:1b0d80432c79	7803	return INPUT_CASE_ERROR;
wolfSSL	4:1b0d80432c79	7804	}
wolfSSL	4:1b0d80432c79	7805	}
wolfSSL	4:1b0d80432c79	7806	}
wolfSSL	4:1b0d80432c79	7807
wolfSSL	4:1b0d80432c79	7808
wolfSSL	4:1b0d80432c79	7809	int SendChangeCipher(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	7810	{
wolfSSL	4:1b0d80432c79	7811	byte *output;
wolfSSL	4:1b0d80432c79	7812	int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL	4:1b0d80432c79	7813	int idx = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	7814	int ret;
wolfSSL	4:1b0d80432c79	7815
wolfSSL	4:1b0d80432c79	7816	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7817	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7818	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	7819	idx += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	7820	}
wolfSSL	4:1b0d80432c79	7821	#endif
wolfSSL	4:1b0d80432c79	7822
wolfSSL	4:1b0d80432c79	7823	/* are we in scr */
wolfSSL	4:1b0d80432c79	7824	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL	4:1b0d80432c79	7825	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	7826	}
wolfSSL	4:1b0d80432c79	7827
wolfSSL	4:1b0d80432c79	7828	/* check for avalaible size */
wolfSSL	4:1b0d80432c79	7829	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	7830	return ret;
wolfSSL	4:1b0d80432c79	7831
wolfSSL	4:1b0d80432c79	7832	/* get output buffer */
wolfSSL	4:1b0d80432c79	7833	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	7834	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	7835
wolfSSL	4:1b0d80432c79	7836	AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL	4:1b0d80432c79	7837
wolfSSL	4:1b0d80432c79	7838	output[idx] = 1; /* turn it on */
wolfSSL	4:1b0d80432c79	7839
wolfSSL	4:1b0d80432c79	7840	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL	4:1b0d80432c79	7841	byte input[ENUM_LEN];
wolfSSL	4:1b0d80432c79	7842	int inputSz = ENUM_LEN;
wolfSSL	4:1b0d80432c79	7843
wolfSSL	4:1b0d80432c79	7844	input[0] = 1; /* turn it on */
wolfSSL	4:1b0d80432c79	7845	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	4:1b0d80432c79	7846	change_cipher_spec, 0);
wolfSSL	4:1b0d80432c79	7847	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	7848	return sendSz;
wolfSSL	4:1b0d80432c79	7849	}
wolfSSL	4:1b0d80432c79	7850
wolfSSL	4:1b0d80432c79	7851	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	7852	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7853	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	7854	return ret;
wolfSSL	4:1b0d80432c79	7855	}
wolfSSL	4:1b0d80432c79	7856	#endif
wolfSSL	4:1b0d80432c79	7857	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	7858	if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	7859	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	7860	AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	7861	ssl->heap);
wolfSSL	4:1b0d80432c79	7862	#endif
wolfSSL	4:1b0d80432c79	7863	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	7864
wolfSSL	4:1b0d80432c79	7865	if (ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	7866	return 0;
wolfSSL	4:1b0d80432c79	7867	#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
wolfSSL	4:1b0d80432c79	7868	else if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	7869	/* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL	4:1b0d80432c79	7870	* same datagram as the finished message. */
wolfSSL	4:1b0d80432c79	7871	return 0;
wolfSSL	4:1b0d80432c79	7872	}
wolfSSL	4:1b0d80432c79	7873	#endif
wolfSSL	4:1b0d80432c79	7874	else
wolfSSL	4:1b0d80432c79	7875	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	7876	}
wolfSSL	4:1b0d80432c79	7877
wolfSSL	4:1b0d80432c79	7878
wolfSSL	4:1b0d80432c79	7879	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	7880	static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	4:1b0d80432c79	7881	int content, int verify)
wolfSSL	4:1b0d80432c79	7882	{
wolfSSL	4:1b0d80432c79	7883	byte result[MAX_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	7884	word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL	4:1b0d80432c79	7885	word32 padSz = ssl->specs.pad_size;
wolfSSL	4:1b0d80432c79	7886	int ret = 0;
wolfSSL	4:1b0d80432c79	7887
wolfSSL	4:1b0d80432c79	7888	Md5 md5;
wolfSSL	4:1b0d80432c79	7889	Sha sha;
wolfSSL	4:1b0d80432c79	7890
wolfSSL	4:1b0d80432c79	7891	/* data */
wolfSSL	4:1b0d80432c79	7892	byte seq[SEQ_SZ];
wolfSSL	4:1b0d80432c79	7893	byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL	4:1b0d80432c79	7894	const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
wolfSSL	4:1b0d80432c79	7895
wolfSSL	4:1b0d80432c79	7896	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	7897	if (ssl->fuzzerCb)
wolfSSL	4:1b0d80432c79	7898	ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	7899	#endif
wolfSSL	4:1b0d80432c79	7900
wolfSSL	4:1b0d80432c79	7901	XMEMSET(seq, 0, SEQ_SZ);
wolfSSL	4:1b0d80432c79	7902	conLen[0] = (byte)content;
wolfSSL	4:1b0d80432c79	7903	c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL	4:1b0d80432c79	7904	c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
wolfSSL	4:1b0d80432c79	7905
wolfSSL	4:1b0d80432c79	7906	if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL	4:1b0d80432c79	7907	wc_InitMd5(&md5);
wolfSSL	4:1b0d80432c79	7908	/* inner */
wolfSSL	4:1b0d80432c79	7909	wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL	4:1b0d80432c79	7910	wc_Md5Update(&md5, PAD1, padSz);
wolfSSL	4:1b0d80432c79	7911	wc_Md5Update(&md5, seq, SEQ_SZ);
wolfSSL	4:1b0d80432c79	7912	wc_Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL	4:1b0d80432c79	7913	/* in buffer */
wolfSSL	4:1b0d80432c79	7914	wc_Md5Update(&md5, in, sz);
wolfSSL	4:1b0d80432c79	7915	wc_Md5Final(&md5, result);
wolfSSL	4:1b0d80432c79	7916	/* outer */
wolfSSL	4:1b0d80432c79	7917	wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL	4:1b0d80432c79	7918	wc_Md5Update(&md5, PAD2, padSz);
wolfSSL	4:1b0d80432c79	7919	wc_Md5Update(&md5, result, digestSz);
wolfSSL	4:1b0d80432c79	7920	wc_Md5Final(&md5, digest);
wolfSSL	4:1b0d80432c79	7921	}
wolfSSL	4:1b0d80432c79	7922	else {
wolfSSL	4:1b0d80432c79	7923	ret = wc_InitSha(&sha);
wolfSSL	4:1b0d80432c79	7924	if (ret != 0)
wolfSSL	4:1b0d80432c79	7925	return ret;
wolfSSL	4:1b0d80432c79	7926	/* inner */
wolfSSL	4:1b0d80432c79	7927	wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	4:1b0d80432c79	7928	wc_ShaUpdate(&sha, PAD1, padSz);
wolfSSL	4:1b0d80432c79	7929	wc_ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL	4:1b0d80432c79	7930	wc_ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL	4:1b0d80432c79	7931	/* in buffer */
wolfSSL	4:1b0d80432c79	7932	wc_ShaUpdate(&sha, in, sz);
wolfSSL	4:1b0d80432c79	7933	wc_ShaFinal(&sha, result);
wolfSSL	4:1b0d80432c79	7934	/* outer */
wolfSSL	4:1b0d80432c79	7935	wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	4:1b0d80432c79	7936	wc_ShaUpdate(&sha, PAD2, padSz);
wolfSSL	4:1b0d80432c79	7937	wc_ShaUpdate(&sha, result, digestSz);
wolfSSL	4:1b0d80432c79	7938	wc_ShaFinal(&sha, digest);
wolfSSL	4:1b0d80432c79	7939	}
wolfSSL	4:1b0d80432c79	7940	return 0;
wolfSSL	4:1b0d80432c79	7941	}
wolfSSL	4:1b0d80432c79	7942
wolfSSL	4:1b0d80432c79	7943	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	7944	static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL	4:1b0d80432c79	7945	{
wolfSSL	4:1b0d80432c79	7946	byte md5_result[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	7947
wolfSSL	4:1b0d80432c79	7948	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	7949	Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7950	Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7951	#else
wolfSSL	4:1b0d80432c79	7952	Md5 md5[1];
wolfSSL	4:1b0d80432c79	7953	Md5 md5_2[1];
wolfSSL	4:1b0d80432c79	7954	#endif
wolfSSL	4:1b0d80432c79	7955
wolfSSL	4:1b0d80432c79	7956	/* make md5 inner */
wolfSSL	4:1b0d80432c79	7957	md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
wolfSSL	4:1b0d80432c79	7958	wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	7959	wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wolfSSL	4:1b0d80432c79	7960	wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wolfSSL	4:1b0d80432c79	7961	wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
wolfSSL	4:1b0d80432c79	7962
wolfSSL	4:1b0d80432c79	7963	/* make md5 outer */
wolfSSL	4:1b0d80432c79	7964	wc_InitMd5(md5_2) ;
wolfSSL	4:1b0d80432c79	7965	wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	4:1b0d80432c79	7966	wc_Md5Update(md5_2, PAD2, PAD_MD5);
wolfSSL	4:1b0d80432c79	7967	wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	7968
wolfSSL	4:1b0d80432c79	7969	wc_Md5Final(md5_2, digest);
wolfSSL	4:1b0d80432c79	7970
wolfSSL	4:1b0d80432c79	7971	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	7972	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7973	XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7974	#endif
wolfSSL	4:1b0d80432c79	7975	}
wolfSSL	4:1b0d80432c79	7976
wolfSSL	4:1b0d80432c79	7977
wolfSSL	4:1b0d80432c79	7978	static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL	4:1b0d80432c79	7979	{
wolfSSL	4:1b0d80432c79	7980	byte sha_result[SHA_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	7981
wolfSSL	4:1b0d80432c79	7982	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	7983	Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7984	Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	7985	#else
wolfSSL	4:1b0d80432c79	7986	Sha sha[1];
wolfSSL	4:1b0d80432c79	7987	Sha sha2[1];
wolfSSL	4:1b0d80432c79	7988	#endif
wolfSSL	4:1b0d80432c79	7989
wolfSSL	4:1b0d80432c79	7990	/* make sha inner */
wolfSSL	4:1b0d80432c79	7991	sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
wolfSSL	4:1b0d80432c79	7992	wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	7993	wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
wolfSSL	4:1b0d80432c79	7994	wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
wolfSSL	4:1b0d80432c79	7995	wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
wolfSSL	4:1b0d80432c79	7996
wolfSSL	4:1b0d80432c79	7997	/* make sha outer */
wolfSSL	4:1b0d80432c79	7998	wc_InitSha(sha2) ;
wolfSSL	4:1b0d80432c79	7999	wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	4:1b0d80432c79	8000	wc_ShaUpdate(sha2, PAD2, PAD_SHA);
wolfSSL	4:1b0d80432c79	8001	wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	8002
wolfSSL	4:1b0d80432c79	8003	wc_ShaFinal(sha2, digest);
wolfSSL	4:1b0d80432c79	8004
wolfSSL	4:1b0d80432c79	8005	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8006	XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8007	XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8008	#endif
wolfSSL	4:1b0d80432c79	8009
wolfSSL	4:1b0d80432c79	8010	}
wolfSSL	4:1b0d80432c79	8011	#endif /* NO_CERTS */
wolfSSL	4:1b0d80432c79	8012	#endif /* NO_OLD_TLS */
wolfSSL	4:1b0d80432c79	8013
wolfSSL	4:1b0d80432c79	8014
wolfSSL	4:1b0d80432c79	8015	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	8016
wolfSSL	4:1b0d80432c79	8017	static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
wolfSSL	4:1b0d80432c79	8018	{
wolfSSL	4:1b0d80432c79	8019	/* store current states, building requires get_digest which resets state */
wolfSSL	4:1b0d80432c79	8020	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	8021	Sha384 sha384 = ssl->hsHashes->hashSha384;
wolfSSL	4:1b0d80432c79	8022	#endif
wolfSSL	4:1b0d80432c79	8023	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	8024	Sha512 sha512 = ssl->hsHashes->hashSha512;
wolfSSL	4:1b0d80432c79	8025	#endif
wolfSSL	4:1b0d80432c79	8026
wolfSSL	4:1b0d80432c79	8027	if (ssl->options.tls) {
wolfSSL	4:1b0d80432c79	8028	#if ! defined( NO_OLD_TLS )
wolfSSL	4:1b0d80432c79	8029	wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
wolfSSL	4:1b0d80432c79	8030	wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
wolfSSL	4:1b0d80432c79	8031	#endif
wolfSSL	4:1b0d80432c79	8032	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	8033	int ret;
wolfSSL	4:1b0d80432c79	8034
wolfSSL	4:1b0d80432c79	8035	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	8036	ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,hashes->sha256);
wolfSSL	4:1b0d80432c79	8037	if (ret != 0)
wolfSSL	4:1b0d80432c79	8038	return ret;
wolfSSL	4:1b0d80432c79	8039	#endif
wolfSSL	4:1b0d80432c79	8040	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	8041	ret = wc_Sha384Final(&ssl->hsHashes->hashSha384,hashes->sha384);
wolfSSL	4:1b0d80432c79	8042	if (ret != 0)
wolfSSL	4:1b0d80432c79	8043	return ret;
wolfSSL	4:1b0d80432c79	8044	#endif
wolfSSL	4:1b0d80432c79	8045	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	8046	ret = wc_Sha512Final(&ssl->hsHashes->hashSha512,hashes->sha512);
wolfSSL	4:1b0d80432c79	8047	if (ret != 0)
wolfSSL	4:1b0d80432c79	8048	return ret;
wolfSSL	4:1b0d80432c79	8049	#endif
wolfSSL	4:1b0d80432c79	8050	}
wolfSSL	4:1b0d80432c79	8051	}
wolfSSL	4:1b0d80432c79	8052	#if ! defined( NO_OLD_TLS )
wolfSSL	4:1b0d80432c79	8053	else {
wolfSSL	4:1b0d80432c79	8054	BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL	4:1b0d80432c79	8055	BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL	4:1b0d80432c79	8056	}
wolfSSL	4:1b0d80432c79	8057
wolfSSL	4:1b0d80432c79	8058	/* restore */
wolfSSL	4:1b0d80432c79	8059	#endif
wolfSSL	4:1b0d80432c79	8060	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	8061	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	8062	ssl->hsHashes->hashSha384 = sha384;
wolfSSL	4:1b0d80432c79	8063	#endif
wolfSSL	4:1b0d80432c79	8064	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	8065	ssl->hsHashes->hashSha512 = sha512;
wolfSSL	4:1b0d80432c79	8066	#endif
wolfSSL	4:1b0d80432c79	8067	}
wolfSSL	4:1b0d80432c79	8068
wolfSSL	4:1b0d80432c79	8069	return 0;
wolfSSL	4:1b0d80432c79	8070	}
wolfSSL	4:1b0d80432c79	8071
wolfSSL	4:1b0d80432c79	8072	#endif /* WOLFSSL_LEANPSK */
wolfSSL	4:1b0d80432c79	8073
wolfSSL	4:1b0d80432c79	8074	/* Build SSL Message, encrypted */
wolfSSL	4:1b0d80432c79	8075	static int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
wolfSSL	4:1b0d80432c79	8076	const byte* input, int inSz, int type, int hashOutput)
wolfSSL	4:1b0d80432c79	8077	{
wolfSSL	4:1b0d80432c79	8078	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	8079	word32 digestSz = min(ssl->specs.hash_size,
wolfSSL	4:1b0d80432c79	8080	ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size);
wolfSSL	4:1b0d80432c79	8081	#else
wolfSSL	4:1b0d80432c79	8082	word32 digestSz = ssl->specs.hash_size;
wolfSSL	4:1b0d80432c79	8083	#endif
wolfSSL	4:1b0d80432c79	8084	word32 sz = RECORD_HEADER_SZ + inSz + digestSz;
wolfSSL	4:1b0d80432c79	8085	word32 pad = 0, i;
wolfSSL	4:1b0d80432c79	8086	word32 idx = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8087	word32 ivSz = 0; /* TLSv1.1 IV */
wolfSSL	4:1b0d80432c79	8088	word32 headerSz = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8089	word16 size;
wolfSSL	4:1b0d80432c79	8090	byte iv[AES_BLOCK_SIZE]; /* max size */
wolfSSL	4:1b0d80432c79	8091	int ret = 0;
wolfSSL	4:1b0d80432c79	8092	int atomicUser = 0;
wolfSSL	4:1b0d80432c79	8093
wolfSSL	4:1b0d80432c79	8094	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8095	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8096	sz += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	8097	idx += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	8098	headerSz += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	8099	}
wolfSSL	4:1b0d80432c79	8100	#endif
wolfSSL	4:1b0d80432c79	8101
wolfSSL	4:1b0d80432c79	8102	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	8103	if (ssl->ctx->MacEncryptCb)
wolfSSL	4:1b0d80432c79	8104	atomicUser = 1;
wolfSSL	4:1b0d80432c79	8105	#endif
wolfSSL	4:1b0d80432c79	8106
wolfSSL	4:1b0d80432c79	8107	if (ssl->specs.cipher_type == block) {
wolfSSL	4:1b0d80432c79	8108	word32 blockSz = ssl->specs.block_size;
wolfSSL	4:1b0d80432c79	8109	if (ssl->options.tls1_1) {
wolfSSL	4:1b0d80432c79	8110	ivSz = blockSz;
wolfSSL	4:1b0d80432c79	8111	sz += ivSz;
wolfSSL	4:1b0d80432c79	8112
wolfSSL	4:1b0d80432c79	8113	if (ivSz > (word32)sizeof(iv))
wolfSSL	4:1b0d80432c79	8114	return BUFFER_E;
wolfSSL	4:1b0d80432c79	8115
wolfSSL	4:1b0d80432c79	8116	ret = wc_RNG_GenerateBlock(ssl->rng, iv, ivSz);
wolfSSL	4:1b0d80432c79	8117	if (ret != 0)
wolfSSL	4:1b0d80432c79	8118	return ret;
wolfSSL	4:1b0d80432c79	8119
wolfSSL	4:1b0d80432c79	8120	}
wolfSSL	4:1b0d80432c79	8121	sz += 1; /* pad byte */
wolfSSL	4:1b0d80432c79	8122	pad = (sz - headerSz) % blockSz;
wolfSSL	4:1b0d80432c79	8123	pad = blockSz - pad;
wolfSSL	4:1b0d80432c79	8124	sz += pad;
wolfSSL	4:1b0d80432c79	8125	}
wolfSSL	4:1b0d80432c79	8126
wolfSSL	4:1b0d80432c79	8127	#ifdef HAVE_AEAD
wolfSSL	4:1b0d80432c79	8128	if (ssl->specs.cipher_type == aead) {
wolfSSL	4:1b0d80432c79	8129	if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	4:1b0d80432c79	8130	ivSz = AESGCM_EXP_IV_SZ;
wolfSSL	4:1b0d80432c79	8131
wolfSSL	4:1b0d80432c79	8132	sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
wolfSSL	4:1b0d80432c79	8133	XMEMCPY(iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL	4:1b0d80432c79	8134	}
wolfSSL	4:1b0d80432c79	8135	#endif
wolfSSL	4:1b0d80432c79	8136	if (sz > (word32)outSz) {
wolfSSL	4:1b0d80432c79	8137	WOLFSSL_MSG("Oops, want to write past output buffer size");
wolfSSL	4:1b0d80432c79	8138	return BUFFER_E;
wolfSSL	4:1b0d80432c79	8139	}
wolfSSL	4:1b0d80432c79	8140	size = (word16)(sz - headerSz); /* include mac and digest */
wolfSSL	4:1b0d80432c79	8141	AddRecordHeader(output, size, (byte)type, ssl);
wolfSSL	4:1b0d80432c79	8142
wolfSSL	4:1b0d80432c79	8143	/* write to output */
wolfSSL	4:1b0d80432c79	8144	if (ivSz) {
wolfSSL	4:1b0d80432c79	8145	XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
wolfSSL	4:1b0d80432c79	8146	idx += ivSz;
wolfSSL	4:1b0d80432c79	8147	}
wolfSSL	4:1b0d80432c79	8148	XMEMCPY(output + idx, input, inSz);
wolfSSL	4:1b0d80432c79	8149	idx += inSz;
wolfSSL	4:1b0d80432c79	8150
wolfSSL	4:1b0d80432c79	8151	if (type == handshake && hashOutput) {
wolfSSL	4:1b0d80432c79	8152	ret = HashOutput(ssl, output, headerSz + inSz, ivSz);
wolfSSL	4:1b0d80432c79	8153	if (ret != 0)
wolfSSL	4:1b0d80432c79	8154	return ret;
wolfSSL	4:1b0d80432c79	8155	}
wolfSSL	4:1b0d80432c79	8156
wolfSSL	4:1b0d80432c79	8157	if (ssl->specs.cipher_type == block) {
wolfSSL	4:1b0d80432c79	8158	word32 tmpIdx = idx + digestSz;
wolfSSL	4:1b0d80432c79	8159
wolfSSL	4:1b0d80432c79	8160	for (i = 0; i <= pad; i++)
wolfSSL	4:1b0d80432c79	8161	output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */
wolfSSL	4:1b0d80432c79	8162	}
wolfSSL	4:1b0d80432c79	8163
wolfSSL	4:1b0d80432c79	8164	if (atomicUser) { /* User Record Layer Callback handling */
wolfSSL	4:1b0d80432c79	8165	#ifdef ATOMIC_USER
wolfSSL	4:1b0d80432c79	8166	if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx,
wolfSSL	4:1b0d80432c79	8167	output + headerSz + ivSz, inSz, type, 0,
wolfSSL	4:1b0d80432c79	8168	output + headerSz, output + headerSz, size,
wolfSSL	4:1b0d80432c79	8169	ssl->MacEncryptCtx)) != 0)
wolfSSL	4:1b0d80432c79	8170	return ret;
wolfSSL	4:1b0d80432c79	8171	#endif
wolfSSL	4:1b0d80432c79	8172	}
wolfSSL	4:1b0d80432c79	8173	else {
wolfSSL	4:1b0d80432c79	8174	if (ssl->specs.cipher_type != aead) {
wolfSSL	4:1b0d80432c79	8175	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	4:1b0d80432c79	8176	if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
wolfSSL	4:1b0d80432c79	8177	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8178	byte* hmac = NULL;
wolfSSL	4:1b0d80432c79	8179	#else
wolfSSL	4:1b0d80432c79	8180	byte hmac[MAX_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	8181	#endif
wolfSSL	4:1b0d80432c79	8182
wolfSSL	4:1b0d80432c79	8183	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8184	hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	8185	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8186	if (hmac == NULL)
wolfSSL	4:1b0d80432c79	8187	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8188	#endif
wolfSSL	4:1b0d80432c79	8189
wolfSSL	4:1b0d80432c79	8190	ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz,
wolfSSL	4:1b0d80432c79	8191	type, 0);
wolfSSL	4:1b0d80432c79	8192	XMEMCPY(output + idx, hmac, digestSz);
wolfSSL	4:1b0d80432c79	8193
wolfSSL	4:1b0d80432c79	8194	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8195	XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8196	#endif
wolfSSL	4:1b0d80432c79	8197	} else
wolfSSL	4:1b0d80432c79	8198	#endif
wolfSSL	4:1b0d80432c79	8199	ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
wolfSSL	4:1b0d80432c79	8200	type, 0);
wolfSSL	4:1b0d80432c79	8201	}
wolfSSL	4:1b0d80432c79	8202	if (ret != 0)
wolfSSL	4:1b0d80432c79	8203	return ret;
wolfSSL	4:1b0d80432c79	8204
wolfSSL	4:1b0d80432c79	8205	if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
wolfSSL	4:1b0d80432c79	8206	return ret;
wolfSSL	4:1b0d80432c79	8207	}
wolfSSL	4:1b0d80432c79	8208
wolfSSL	4:1b0d80432c79	8209	return sz;
wolfSSL	4:1b0d80432c79	8210	}
wolfSSL	4:1b0d80432c79	8211
wolfSSL	4:1b0d80432c79	8212
wolfSSL	4:1b0d80432c79	8213	int SendFinished(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	8214	{
wolfSSL	4:1b0d80432c79	8215	int sendSz,
wolfSSL	4:1b0d80432c79	8216	finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL	4:1b0d80432c79	8217	FINISHED_SZ;
wolfSSL	4:1b0d80432c79	8218	byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL	4:1b0d80432c79	8219	byte *output;
wolfSSL	4:1b0d80432c79	8220	Hashes* hashes;
wolfSSL	4:1b0d80432c79	8221	int ret;
wolfSSL	4:1b0d80432c79	8222	int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8223	int outputSz;
wolfSSL	4:1b0d80432c79	8224
wolfSSL	4:1b0d80432c79	8225	/* setup encrypt keys */
wolfSSL	4:1b0d80432c79	8226	if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
wolfSSL	4:1b0d80432c79	8227	return ret;
wolfSSL	4:1b0d80432c79	8228
wolfSSL	4:1b0d80432c79	8229	/* check for available size */
wolfSSL	4:1b0d80432c79	8230	outputSz = sizeof(input) + MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	8231	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	4:1b0d80432c79	8232	return ret;
wolfSSL	4:1b0d80432c79	8233
wolfSSL	4:1b0d80432c79	8234	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8235	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8236	headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	8237	ssl->keys.dtls_epoch++;
wolfSSL	4:1b0d80432c79	8238	ssl->keys.dtls_prev_sequence_number =
wolfSSL	4:1b0d80432c79	8239	ssl->keys.dtls_sequence_number;
wolfSSL	4:1b0d80432c79	8240	ssl->keys.dtls_sequence_number = 0;
wolfSSL	4:1b0d80432c79	8241	}
wolfSSL	4:1b0d80432c79	8242	#endif
wolfSSL	4:1b0d80432c79	8243
wolfSSL	4:1b0d80432c79	8244	/* get output buffer */
wolfSSL	4:1b0d80432c79	8245	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	8246	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	8247
wolfSSL	4:1b0d80432c79	8248	AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
wolfSSL	4:1b0d80432c79	8249
wolfSSL	4:1b0d80432c79	8250	/* make finished hashes */
wolfSSL	4:1b0d80432c79	8251	hashes = (Hashes*)&input[headerSz];
wolfSSL	4:1b0d80432c79	8252	ret = BuildFinished(ssl, hashes,
wolfSSL	4:1b0d80432c79	8253	ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
wolfSSL	4:1b0d80432c79	8254	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	8255
wolfSSL	4:1b0d80432c79	8256	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	8257	if (ssl->secure_renegotiation) {
wolfSSL	4:1b0d80432c79	8258	if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	4:1b0d80432c79	8259	XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
wolfSSL	4:1b0d80432c79	8260	TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	8261	else
wolfSSL	4:1b0d80432c79	8262	XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
wolfSSL	4:1b0d80432c79	8263	TLS_FINISHED_SZ);
wolfSSL	4:1b0d80432c79	8264	}
wolfSSL	4:1b0d80432c79	8265	#endif
wolfSSL	4:1b0d80432c79	8266
wolfSSL	4:1b0d80432c79	8267	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8268	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8269	if ((ret = DtlsPoolSave(ssl, input, headerSz + finishedSz)) != 0)
wolfSSL	4:1b0d80432c79	8270	return ret;
wolfSSL	4:1b0d80432c79	8271	}
wolfSSL	4:1b0d80432c79	8272	#endif
wolfSSL	4:1b0d80432c79	8273
wolfSSL	4:1b0d80432c79	8274	sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
wolfSSL	4:1b0d80432c79	8275	handshake, 1);
wolfSSL	4:1b0d80432c79	8276	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	8277	return BUILD_MSG_ERROR;
wolfSSL	4:1b0d80432c79	8278
wolfSSL	4:1b0d80432c79	8279	if (!ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	8280	#ifndef NO_SESSION_CACHE
wolfSSL	4:1b0d80432c79	8281	AddSession(ssl); /* just try */
wolfSSL	4:1b0d80432c79	8282	#endif
wolfSSL	4:1b0d80432c79	8283	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	8284	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	4:1b0d80432c79	8285	ssl->options.handShakeDone = 1;
wolfSSL	4:1b0d80432c79	8286	}
wolfSSL	4:1b0d80432c79	8287	}
wolfSSL	4:1b0d80432c79	8288	else {
wolfSSL	4:1b0d80432c79	8289	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	4:1b0d80432c79	8290	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	4:1b0d80432c79	8291	ssl->options.handShakeDone = 1;
wolfSSL	4:1b0d80432c79	8292	}
wolfSSL	4:1b0d80432c79	8293	}
wolfSSL	4:1b0d80432c79	8294
wolfSSL	4:1b0d80432c79	8295	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	8296	if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	8297	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	8298	AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	8299	ssl->heap);
wolfSSL	4:1b0d80432c79	8300	#endif
wolfSSL	4:1b0d80432c79	8301
wolfSSL	4:1b0d80432c79	8302	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	8303
wolfSSL	4:1b0d80432c79	8304	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	8305	}
wolfSSL	4:1b0d80432c79	8306
wolfSSL	4:1b0d80432c79	8307
wolfSSL	4:1b0d80432c79	8308	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	8309	int SendCertificate(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	8310	{
wolfSSL	4:1b0d80432c79	8311	int ret = 0;
wolfSSL	4:1b0d80432c79	8312	word32 certSz, certChainSz, headerSz, listSz, payloadSz;
wolfSSL	4:1b0d80432c79	8313	word32 length, maxFragment;
wolfSSL	4:1b0d80432c79	8314
wolfSSL	4:1b0d80432c79	8315	if (ssl->options.usingPSK_cipher \|\| ssl->options.usingAnon_cipher)
wolfSSL	4:1b0d80432c79	8316	return 0; /* not needed */
wolfSSL	4:1b0d80432c79	8317
wolfSSL	4:1b0d80432c79	8318	if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL	4:1b0d80432c79	8319	certSz = 0;
wolfSSL	4:1b0d80432c79	8320	certChainSz = 0;
wolfSSL	4:1b0d80432c79	8321	headerSz = CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8322	length = CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8323	listSz = 0;
wolfSSL	4:1b0d80432c79	8324	}
wolfSSL	4:1b0d80432c79	8325	else {
wolfSSL	4:1b0d80432c79	8326	if (!ssl->buffers.certificate) {
wolfSSL	4:1b0d80432c79	8327	WOLFSSL_MSG("Send Cert missing certificate buffer");
wolfSSL	4:1b0d80432c79	8328	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	8329	}
wolfSSL	4:1b0d80432c79	8330	certSz = ssl->buffers.certificate->length;
wolfSSL	4:1b0d80432c79	8331	headerSz = 2 * CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8332	/* list + cert size */
wolfSSL	4:1b0d80432c79	8333	length = certSz + headerSz;
wolfSSL	4:1b0d80432c79	8334	listSz = certSz + CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8335
wolfSSL	4:1b0d80432c79	8336	/* may need to send rest of chain, already has leading size(s) */
wolfSSL	4:1b0d80432c79	8337	if (certSz && ssl->buffers.certChain) {
wolfSSL	4:1b0d80432c79	8338	certChainSz = ssl->buffers.certChain->length;
wolfSSL	4:1b0d80432c79	8339	length += certChainSz;
wolfSSL	4:1b0d80432c79	8340	listSz += certChainSz;
wolfSSL	4:1b0d80432c79	8341	}
wolfSSL	4:1b0d80432c79	8342	else
wolfSSL	4:1b0d80432c79	8343	certChainSz = 0;
wolfSSL	4:1b0d80432c79	8344	}
wolfSSL	4:1b0d80432c79	8345
wolfSSL	4:1b0d80432c79	8346	payloadSz = length;
wolfSSL	4:1b0d80432c79	8347
wolfSSL	4:1b0d80432c79	8348	if (ssl->fragOffset != 0)
wolfSSL	4:1b0d80432c79	8349	length -= (ssl->fragOffset + headerSz);
wolfSSL	4:1b0d80432c79	8350
wolfSSL	4:1b0d80432c79	8351	maxFragment = MAX_RECORD_SIZE;
wolfSSL	4:1b0d80432c79	8352	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8353	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8354	maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
wolfSSL	4:1b0d80432c79	8355	- DTLS_HANDSHAKE_HEADER_SZ - 100;
wolfSSL	4:1b0d80432c79	8356	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	8357	}
wolfSSL	4:1b0d80432c79	8358
wolfSSL	4:1b0d80432c79	8359	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	8360	if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
wolfSSL	4:1b0d80432c79	8361	maxFragment = ssl->max_fragment;
wolfSSL	4:1b0d80432c79	8362	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	4:1b0d80432c79	8363
wolfSSL	4:1b0d80432c79	8364	while (length > 0 && ret == 0) {
wolfSSL	4:1b0d80432c79	8365	byte* output = NULL;
wolfSSL	4:1b0d80432c79	8366	word32 fragSz = 0;
wolfSSL	4:1b0d80432c79	8367	word32 i = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8368	int sendSz = RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8369
wolfSSL	4:1b0d80432c79	8370	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8371	if (ssl->fragOffset == 0) {
wolfSSL	4:1b0d80432c79	8372	if (headerSz + certSz + certChainSz <=
wolfSSL	4:1b0d80432c79	8373	maxFragment - HANDSHAKE_HEADER_SZ) {
wolfSSL	4:1b0d80432c79	8374
wolfSSL	4:1b0d80432c79	8375	fragSz = headerSz + certSz + certChainSz;
wolfSSL	4:1b0d80432c79	8376	}
wolfSSL	4:1b0d80432c79	8377	else {
wolfSSL	4:1b0d80432c79	8378	fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8379	}
wolfSSL	4:1b0d80432c79	8380	sendSz += fragSz + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8381	i += HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8382	}
wolfSSL	4:1b0d80432c79	8383	else {
wolfSSL	4:1b0d80432c79	8384	fragSz = min(length, maxFragment);
wolfSSL	4:1b0d80432c79	8385	sendSz += fragSz;
wolfSSL	4:1b0d80432c79	8386	}
wolfSSL	4:1b0d80432c79	8387
wolfSSL	4:1b0d80432c79	8388	if (IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	8389	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	8390	}
wolfSSL	4:1b0d80432c79	8391	else {
wolfSSL	4:1b0d80432c79	8392	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8393	fragSz = min(length, maxFragment);
wolfSSL	4:1b0d80432c79	8394	sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL	4:1b0d80432c79	8395	+ HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8396	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL	4:1b0d80432c79	8397	+ HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8398	#endif
wolfSSL	4:1b0d80432c79	8399	}
wolfSSL	4:1b0d80432c79	8400
wolfSSL	4:1b0d80432c79	8401	/* check for available size */
wolfSSL	4:1b0d80432c79	8402	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	8403	return ret;
wolfSSL	4:1b0d80432c79	8404
wolfSSL	4:1b0d80432c79	8405	/* get output buffer */
wolfSSL	4:1b0d80432c79	8406	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	8407	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	8408
wolfSSL	4:1b0d80432c79	8409	if (ssl->fragOffset == 0) {
wolfSSL	4:1b0d80432c79	8410	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8411	AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL	4:1b0d80432c79	8412	if (!IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	8413	HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
wolfSSL	4:1b0d80432c79	8414	HANDSHAKE_HEADER_SZ);
wolfSSL	4:1b0d80432c79	8415	}
wolfSSL	4:1b0d80432c79	8416	else {
wolfSSL	4:1b0d80432c79	8417	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8418	AddHeaders(output, payloadSz, certificate, ssl);
wolfSSL	4:1b0d80432c79	8419	if (!IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	8420	HashOutputRaw(ssl,
wolfSSL	4:1b0d80432c79	8421	output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
wolfSSL	4:1b0d80432c79	8422	HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
wolfSSL	4:1b0d80432c79	8423	/* Adding the headers increments these, decrement them for
wolfSSL	4:1b0d80432c79	8424	* actual message header. */
wolfSSL	4:1b0d80432c79	8425	ssl->keys.dtls_sequence_number--;
wolfSSL	4:1b0d80432c79	8426	ssl->keys.dtls_handshake_number--;
wolfSSL	4:1b0d80432c79	8427	AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL	4:1b0d80432c79	8428	ssl->keys.dtls_handshake_number--;
wolfSSL	4:1b0d80432c79	8429	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	8430	}
wolfSSL	4:1b0d80432c79	8431
wolfSSL	4:1b0d80432c79	8432	/* list total */
wolfSSL	4:1b0d80432c79	8433	c32to24(listSz, output + i);
wolfSSL	4:1b0d80432c79	8434	if (!IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	8435	HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL	4:1b0d80432c79	8436	i += CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8437	length -= CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8438	fragSz -= CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8439	if (certSz) {
wolfSSL	4:1b0d80432c79	8440	c32to24(certSz, output + i);
wolfSSL	4:1b0d80432c79	8441	if (!IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	8442	HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL	4:1b0d80432c79	8443	i += CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8444	length -= CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8445	fragSz -= CERT_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8446
wolfSSL	4:1b0d80432c79	8447	if (!IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	8448	HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz);
wolfSSL	4:1b0d80432c79	8449	if (certChainSz)
wolfSSL	4:1b0d80432c79	8450	HashOutputRaw(ssl, ssl->buffers.certChain->buffer,
wolfSSL	4:1b0d80432c79	8451	certChainSz);
wolfSSL	4:1b0d80432c79	8452	}
wolfSSL	4:1b0d80432c79	8453	}
wolfSSL	4:1b0d80432c79	8454	}
wolfSSL	4:1b0d80432c79	8455	else {
wolfSSL	4:1b0d80432c79	8456	if (!ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8457	AddRecordHeader(output, fragSz, handshake, ssl);
wolfSSL	4:1b0d80432c79	8458	}
wolfSSL	4:1b0d80432c79	8459	else {
wolfSSL	4:1b0d80432c79	8460	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8461	AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
wolfSSL	4:1b0d80432c79	8462	payloadSz, certificate, ssl);
wolfSSL	4:1b0d80432c79	8463	ssl->keys.dtls_handshake_number--;
wolfSSL	4:1b0d80432c79	8464	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	8465	}
wolfSSL	4:1b0d80432c79	8466	}
wolfSSL	4:1b0d80432c79	8467
wolfSSL	4:1b0d80432c79	8468	/* member */
wolfSSL	4:1b0d80432c79	8469	if (certSz && ssl->fragOffset < certSz) {
wolfSSL	4:1b0d80432c79	8470	word32 copySz = min(certSz - ssl->fragOffset, fragSz);
wolfSSL	4:1b0d80432c79	8471	XMEMCPY(output + i,
wolfSSL	4:1b0d80432c79	8472	ssl->buffers.certificate->buffer + ssl->fragOffset, copySz);
wolfSSL	4:1b0d80432c79	8473	i += copySz;
wolfSSL	4:1b0d80432c79	8474	ssl->fragOffset += copySz;
wolfSSL	4:1b0d80432c79	8475	length -= copySz;
wolfSSL	4:1b0d80432c79	8476	fragSz -= copySz;
wolfSSL	4:1b0d80432c79	8477	}
wolfSSL	4:1b0d80432c79	8478	if (certChainSz && fragSz) {
wolfSSL	4:1b0d80432c79	8479	word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
wolfSSL	4:1b0d80432c79	8480	XMEMCPY(output + i,
wolfSSL	4:1b0d80432c79	8481	ssl->buffers.certChain->buffer + ssl->fragOffset - certSz,
wolfSSL	4:1b0d80432c79	8482	copySz);
wolfSSL	4:1b0d80432c79	8483	i += copySz;
wolfSSL	4:1b0d80432c79	8484	ssl->fragOffset += copySz;
wolfSSL	4:1b0d80432c79	8485	length -= copySz;
wolfSSL	4:1b0d80432c79	8486	}
wolfSSL	4:1b0d80432c79	8487
wolfSSL	4:1b0d80432c79	8488	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	8489	byte* input = NULL;
wolfSSL	4:1b0d80432c79	8490	int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	4:1b0d80432c79	8491
wolfSSL	4:1b0d80432c79	8492	if (inputSz < 0) {
wolfSSL	4:1b0d80432c79	8493	WOLFSSL_MSG("Send Cert bad inputSz");
wolfSSL	4:1b0d80432c79	8494	return BUFFER_E;
wolfSSL	4:1b0d80432c79	8495	}
wolfSSL	4:1b0d80432c79	8496
wolfSSL	4:1b0d80432c79	8497	if (inputSz > 0) { /* clang thinks could be zero, let's help */
wolfSSL	4:1b0d80432c79	8498	input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL	4:1b0d80432c79	8499	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8500	if (input == NULL)
wolfSSL	4:1b0d80432c79	8501	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8502	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	4:1b0d80432c79	8503	}
wolfSSL	4:1b0d80432c79	8504
wolfSSL	4:1b0d80432c79	8505	sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1);
wolfSSL	4:1b0d80432c79	8506	XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8507
wolfSSL	4:1b0d80432c79	8508	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	8509	return sendSz;
wolfSSL	4:1b0d80432c79	8510	}
wolfSSL	4:1b0d80432c79	8511
wolfSSL	4:1b0d80432c79	8512	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8513	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8514	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	8515	return ret;
wolfSSL	4:1b0d80432c79	8516	}
wolfSSL	4:1b0d80432c79	8517	#endif
wolfSSL	4:1b0d80432c79	8518
wolfSSL	4:1b0d80432c79	8519	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	8520	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	8521	AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	8522	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	8523	AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	8524	ssl->heap);
wolfSSL	4:1b0d80432c79	8525	#endif
wolfSSL	4:1b0d80432c79	8526
wolfSSL	4:1b0d80432c79	8527	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	8528	if (!ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	8529	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	8530	}
wolfSSL	4:1b0d80432c79	8531
wolfSSL	4:1b0d80432c79	8532	if (ret != WANT_WRITE) {
wolfSSL	4:1b0d80432c79	8533	/* Clean up the fragment offset. */
wolfSSL	4:1b0d80432c79	8534	ssl->fragOffset = 0;
wolfSSL	4:1b0d80432c79	8535	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8536	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	8537	ssl->keys.dtls_handshake_number++;
wolfSSL	4:1b0d80432c79	8538	#endif
wolfSSL	4:1b0d80432c79	8539	if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	4:1b0d80432c79	8540	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	4:1b0d80432c79	8541	}
wolfSSL	4:1b0d80432c79	8542
wolfSSL	4:1b0d80432c79	8543	return ret;
wolfSSL	4:1b0d80432c79	8544	}
wolfSSL	4:1b0d80432c79	8545
wolfSSL	4:1b0d80432c79	8546
wolfSSL	4:1b0d80432c79	8547	int SendCertificateRequest(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	8548	{
wolfSSL	4:1b0d80432c79	8549	byte *output;
wolfSSL	4:1b0d80432c79	8550	int ret;
wolfSSL	4:1b0d80432c79	8551	int sendSz;
wolfSSL	4:1b0d80432c79	8552	word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8553
wolfSSL	4:1b0d80432c79	8554	int typeTotal = 1; /* only 1 for now */
wolfSSL	4:1b0d80432c79	8555	int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL	4:1b0d80432c79	8556
wolfSSL	4:1b0d80432c79	8557	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	4:1b0d80432c79	8558	reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL	4:1b0d80432c79	8559
wolfSSL	4:1b0d80432c79	8560	if (ssl->options.usingPSK_cipher \|\| ssl->options.usingAnon_cipher)
wolfSSL	4:1b0d80432c79	8561	return 0; /* not needed */
wolfSSL	4:1b0d80432c79	8562
wolfSSL	4:1b0d80432c79	8563	sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL	4:1b0d80432c79	8564
wolfSSL	4:1b0d80432c79	8565	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8566	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8567	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	8568	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	8569	}
wolfSSL	4:1b0d80432c79	8570	#endif
wolfSSL	4:1b0d80432c79	8571	/* check for available size */
wolfSSL	4:1b0d80432c79	8572	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	8573	return ret;
wolfSSL	4:1b0d80432c79	8574
wolfSSL	4:1b0d80432c79	8575	/* get output buffer */
wolfSSL	4:1b0d80432c79	8576	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	8577	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	8578
wolfSSL	4:1b0d80432c79	8579	AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL	4:1b0d80432c79	8580
wolfSSL	4:1b0d80432c79	8581	/* write to output */
wolfSSL	4:1b0d80432c79	8582	output[i++] = (byte)typeTotal; /* # of types */
wolfSSL	4:1b0d80432c79	8583	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	8584	if (ssl->options.cipherSuite0 == ECC_BYTE &&
wolfSSL	4:1b0d80432c79	8585	ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL	4:1b0d80432c79	8586	output[i++] = ecdsa_sign;
wolfSSL	4:1b0d80432c79	8587	} else
wolfSSL	4:1b0d80432c79	8588	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	8589	{
wolfSSL	4:1b0d80432c79	8590	output[i++] = rsa_sign;
wolfSSL	4:1b0d80432c79	8591	}
wolfSSL	4:1b0d80432c79	8592
wolfSSL	4:1b0d80432c79	8593	/* supported hash/sig */
wolfSSL	4:1b0d80432c79	8594	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	8595	c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL	4:1b0d80432c79	8596	i += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	8597
wolfSSL	4:1b0d80432c79	8598	XMEMCPY(&output[i],
wolfSSL	4:1b0d80432c79	8599	ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL	4:1b0d80432c79	8600	i += ssl->suites->hashSigAlgoSz;
wolfSSL	4:1b0d80432c79	8601	}
wolfSSL	4:1b0d80432c79	8602
wolfSSL	4:1b0d80432c79	8603	c16toa(0, &output[i]); /* auth's */
wolfSSL	4:1b0d80432c79	8604	/* if add more to output, adjust i
wolfSSL	4:1b0d80432c79	8605	i += REQ_HEADER_SZ; */
wolfSSL	4:1b0d80432c79	8606
wolfSSL	4:1b0d80432c79	8607	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8608	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	8609	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	8610	return ret;
wolfSSL	4:1b0d80432c79	8611	}
wolfSSL	4:1b0d80432c79	8612	#endif
wolfSSL	4:1b0d80432c79	8613
wolfSSL	4:1b0d80432c79	8614	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	8615	if (ret != 0)
wolfSSL	4:1b0d80432c79	8616	return ret;
wolfSSL	4:1b0d80432c79	8617
wolfSSL	4:1b0d80432c79	8618	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	8619	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	8620	AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	8621	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	8622	AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	8623	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	8624	#endif
wolfSSL	4:1b0d80432c79	8625	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	8626	if (ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	8627	return 0;
wolfSSL	4:1b0d80432c79	8628	else
wolfSSL	4:1b0d80432c79	8629	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	8630	}
wolfSSL	4:1b0d80432c79	8631
wolfSSL	4:1b0d80432c79	8632
wolfSSL	4:1b0d80432c79	8633	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	8634	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	8635	static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
wolfSSL	4:1b0d80432c79	8636	byte count)
wolfSSL	4:1b0d80432c79	8637	{
wolfSSL	4:1b0d80432c79	8638	byte* output = NULL;
wolfSSL	4:1b0d80432c79	8639	word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8640	word32 length = ENUM_LEN;
wolfSSL	4:1b0d80432c79	8641	int sendSz = 0;
wolfSSL	4:1b0d80432c79	8642	int ret = 0;
wolfSSL	4:1b0d80432c79	8643	int i = 0;
wolfSSL	4:1b0d80432c79	8644
wolfSSL	4:1b0d80432c79	8645	WOLFSSL_ENTER("BuildCertificateStatus");
wolfSSL	4:1b0d80432c79	8646
wolfSSL	4:1b0d80432c79	8647	switch (type) {
wolfSSL	4:1b0d80432c79	8648	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	4:1b0d80432c79	8649	length += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	8650	/* followed by */
wolfSSL	4:1b0d80432c79	8651
wolfSSL	4:1b0d80432c79	8652	case WOLFSSL_CSR2_OCSP:
wolfSSL	4:1b0d80432c79	8653	for (i = 0; i < count; i++)
wolfSSL	4:1b0d80432c79	8654	length += OPAQUE24_LEN + status[i].length;
wolfSSL	4:1b0d80432c79	8655	break;
wolfSSL	4:1b0d80432c79	8656
wolfSSL	4:1b0d80432c79	8657	default:
wolfSSL	4:1b0d80432c79	8658	return 0;
wolfSSL	4:1b0d80432c79	8659	}
wolfSSL	4:1b0d80432c79	8660
wolfSSL	4:1b0d80432c79	8661	sendSz = idx + length;
wolfSSL	4:1b0d80432c79	8662
wolfSSL	4:1b0d80432c79	8663	if (ssl->keys.encryptionOn)
wolfSSL	4:1b0d80432c79	8664	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	8665
wolfSSL	4:1b0d80432c79	8666	if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
wolfSSL	4:1b0d80432c79	8667	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	8668	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	8669
wolfSSL	4:1b0d80432c79	8670	AddHeaders(output, length, certificate_status, ssl);
wolfSSL	4:1b0d80432c79	8671
wolfSSL	4:1b0d80432c79	8672	output[idx++] = type;
wolfSSL	4:1b0d80432c79	8673
wolfSSL	4:1b0d80432c79	8674	if (type == WOLFSSL_CSR2_OCSP_MULTI) {
wolfSSL	4:1b0d80432c79	8675	c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
wolfSSL	4:1b0d80432c79	8676	idx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	8677	}
wolfSSL	4:1b0d80432c79	8678
wolfSSL	4:1b0d80432c79	8679	for (i = 0; i < count; i++) {
wolfSSL	4:1b0d80432c79	8680	c32to24(status[i].length, output + idx);
wolfSSL	4:1b0d80432c79	8681	idx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	8682
wolfSSL	4:1b0d80432c79	8683	XMEMCPY(output + idx, status[i].buffer, status[i].length);
wolfSSL	4:1b0d80432c79	8684	idx += status[i].length;
wolfSSL	4:1b0d80432c79	8685	}
wolfSSL	4:1b0d80432c79	8686
wolfSSL	4:1b0d80432c79	8687	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	8688	byte* input;
wolfSSL	4:1b0d80432c79	8689	int inputSz = idx - RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	8690
wolfSSL	4:1b0d80432c79	8691	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8692	if (input == NULL)
wolfSSL	4:1b0d80432c79	8693	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8694
wolfSSL	4:1b0d80432c79	8695	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	4:1b0d80432c79	8696	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	4:1b0d80432c79	8697	handshake, 1);
wolfSSL	4:1b0d80432c79	8698	XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8699
wolfSSL	4:1b0d80432c79	8700	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	8701	ret = sendSz;
wolfSSL	4:1b0d80432c79	8702	}
wolfSSL	4:1b0d80432c79	8703	else
wolfSSL	4:1b0d80432c79	8704	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	8705
wolfSSL	4:1b0d80432c79	8706	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	8707	if (ret == 0 && ssl->options.dtls)
wolfSSL	4:1b0d80432c79	8708	ret = DtlsPoolSave(ssl, output, sendSz);
wolfSSL	4:1b0d80432c79	8709	#endif
wolfSSL	4:1b0d80432c79	8710
wolfSSL	4:1b0d80432c79	8711	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	8712	if (ret == 0 && ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	8713	AddPacketName("CertificateStatus", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	8714	if (ret == 0 && ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	8715	AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	8716	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	8717	#endif
wolfSSL	4:1b0d80432c79	8718
wolfSSL	4:1b0d80432c79	8719	if (ret == 0) {
wolfSSL	4:1b0d80432c79	8720	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	8721	if (!ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	8722	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	8723	}
wolfSSL	4:1b0d80432c79	8724	}
wolfSSL	4:1b0d80432c79	8725
wolfSSL	4:1b0d80432c79	8726	WOLFSSL_LEAVE("BuildCertificateStatus", ret);
wolfSSL	4:1b0d80432c79	8727	return ret;
wolfSSL	4:1b0d80432c79	8728	}
wolfSSL	4:1b0d80432c79	8729	#endif
wolfSSL	4:1b0d80432c79	8730
wolfSSL	4:1b0d80432c79	8731
wolfSSL	4:1b0d80432c79	8732	int SendCertificateStatus(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	8733	{
wolfSSL	4:1b0d80432c79	8734	int ret = 0;
wolfSSL	4:1b0d80432c79	8735	byte status_type = 0;
wolfSSL	4:1b0d80432c79	8736
wolfSSL	4:1b0d80432c79	8737	WOLFSSL_ENTER("SendCertificateStatus");
wolfSSL	4:1b0d80432c79	8738
wolfSSL	4:1b0d80432c79	8739	(void) ssl;
wolfSSL	4:1b0d80432c79	8740
wolfSSL	4:1b0d80432c79	8741	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	4:1b0d80432c79	8742	status_type = ssl->status_request;
wolfSSL	4:1b0d80432c79	8743	#endif
wolfSSL	4:1b0d80432c79	8744
wolfSSL	4:1b0d80432c79	8745	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	8746	status_type = status_type ? status_type : ssl->status_request_v2;
wolfSSL	4:1b0d80432c79	8747	#endif
wolfSSL	4:1b0d80432c79	8748
wolfSSL	4:1b0d80432c79	8749	switch (status_type) {
wolfSSL	4:1b0d80432c79	8750
wolfSSL	4:1b0d80432c79	8751	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	4:1b0d80432c79	8752	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	4:1b0d80432c79	8753	/* case WOLFSSL_CSR_OCSP: */
wolfSSL	4:1b0d80432c79	8754	case WOLFSSL_CSR2_OCSP: {
wolfSSL	4:1b0d80432c79	8755	OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL	4:1b0d80432c79	8756	buffer response;
wolfSSL	4:1b0d80432c79	8757
wolfSSL	4:1b0d80432c79	8758	XMEMSET(&response, 0, sizeof(response));
wolfSSL	4:1b0d80432c79	8759
wolfSSL	4:1b0d80432c79	8760	/* unable to fetch status. skip. */
wolfSSL	4:1b0d80432c79	8761	if (ssl->ctx->cm == NULL \|\| ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL	4:1b0d80432c79	8762	return 0;
wolfSSL	4:1b0d80432c79	8763
wolfSSL	4:1b0d80432c79	8764	if (!request \|\| ssl->buffers.weOwnCert) {
wolfSSL	4:1b0d80432c79	8765	DerBuffer* der = ssl->buffers.certificate;
wolfSSL	4:1b0d80432c79	8766	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8767	DecodedCert* cert = NULL;
wolfSSL	4:1b0d80432c79	8768	#else
wolfSSL	4:1b0d80432c79	8769	DecodedCert cert[1];
wolfSSL	4:1b0d80432c79	8770	#endif
wolfSSL	4:1b0d80432c79	8771
wolfSSL	4:1b0d80432c79	8772	/* unable to fetch status. skip. */
wolfSSL	4:1b0d80432c79	8773	if (der->buffer == NULL \|\| der->length == 0)
wolfSSL	4:1b0d80432c79	8774	return 0;
wolfSSL	4:1b0d80432c79	8775
wolfSSL	4:1b0d80432c79	8776	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8777	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL	4:1b0d80432c79	8778	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8779	if (cert == NULL)
wolfSSL	4:1b0d80432c79	8780	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8781	#endif
wolfSSL	4:1b0d80432c79	8782
wolfSSL	4:1b0d80432c79	8783	InitDecodedCert(cert, der->buffer, der->length, NULL);
wolfSSL	4:1b0d80432c79	8784
wolfSSL	4:1b0d80432c79	8785	if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL	4:1b0d80432c79	8786	ssl->ctx->cm)) != 0) {
wolfSSL	4:1b0d80432c79	8787	WOLFSSL_MSG("ParseCert failed");
wolfSSL	4:1b0d80432c79	8788	}
wolfSSL	4:1b0d80432c79	8789	else {
wolfSSL	4:1b0d80432c79	8790	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
wolfSSL	4:1b0d80432c79	8791	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8792	if (request == NULL) {
wolfSSL	4:1b0d80432c79	8793	FreeDecodedCert(cert);
wolfSSL	4:1b0d80432c79	8794
wolfSSL	4:1b0d80432c79	8795	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8796	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8797	#endif
wolfSSL	4:1b0d80432c79	8798
wolfSSL	4:1b0d80432c79	8799	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8800	}
wolfSSL	4:1b0d80432c79	8801
wolfSSL	4:1b0d80432c79	8802	ret = InitOcspRequest(request, cert, 0);
wolfSSL	4:1b0d80432c79	8803	if (ret != 0) {
wolfSSL	4:1b0d80432c79	8804	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8805	}
wolfSSL	4:1b0d80432c79	8806	else if (!ssl->buffers.weOwnCert && 0 == LockMutex(
wolfSSL	4:1b0d80432c79	8807	&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL	4:1b0d80432c79	8808	if (!ssl->ctx->certOcspRequest)
wolfSSL	4:1b0d80432c79	8809	ssl->ctx->certOcspRequest = request;
wolfSSL	4:1b0d80432c79	8810	UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL	4:1b0d80432c79	8811	}
wolfSSL	4:1b0d80432c79	8812	}
wolfSSL	4:1b0d80432c79	8813
wolfSSL	4:1b0d80432c79	8814	FreeDecodedCert(cert);
wolfSSL	4:1b0d80432c79	8815
wolfSSL	4:1b0d80432c79	8816	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8817	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8818	#endif
wolfSSL	4:1b0d80432c79	8819	}
wolfSSL	4:1b0d80432c79	8820
wolfSSL	4:1b0d80432c79	8821	if (ret == 0) {
wolfSSL	4:1b0d80432c79	8822	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL	4:1b0d80432c79	8823	&response);
wolfSSL	4:1b0d80432c79	8824
wolfSSL	4:1b0d80432c79	8825	/* Suppressing, not critical */
wolfSSL	4:1b0d80432c79	8826	if (ret == OCSP_CERT_REVOKED
wolfSSL	4:1b0d80432c79	8827	\|\| ret == OCSP_CERT_UNKNOWN
wolfSSL	4:1b0d80432c79	8828	\|\| ret == OCSP_LOOKUP_FAIL)
wolfSSL	4:1b0d80432c79	8829	ret = 0;
wolfSSL	4:1b0d80432c79	8830
wolfSSL	4:1b0d80432c79	8831	if (response.buffer) {
wolfSSL	4:1b0d80432c79	8832	if (ret == 0)
wolfSSL	4:1b0d80432c79	8833	ret = BuildCertificateStatus(ssl, status_type,
wolfSSL	4:1b0d80432c79	8834	&response, 1);
wolfSSL	4:1b0d80432c79	8835
wolfSSL	4:1b0d80432c79	8836	XFREE(response.buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8837	}
wolfSSL	4:1b0d80432c79	8838
wolfSSL	4:1b0d80432c79	8839	}
wolfSSL	4:1b0d80432c79	8840
wolfSSL	4:1b0d80432c79	8841	if (request != ssl->ctx->certOcspRequest)
wolfSSL	4:1b0d80432c79	8842	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8843	}
wolfSSL	4:1b0d80432c79	8844	break;
wolfSSL	4:1b0d80432c79	8845
wolfSSL	4:1b0d80432c79	8846	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL	4:1b0d80432c79	8847	/* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	4:1b0d80432c79	8848
wolfSSL	4:1b0d80432c79	8849	#if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	4:1b0d80432c79	8850	case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL	4:1b0d80432c79	8851	OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL	4:1b0d80432c79	8852	buffer responses[1 + MAX_CHAIN_DEPTH];
wolfSSL	4:1b0d80432c79	8853	int i = 0;
wolfSSL	4:1b0d80432c79	8854
wolfSSL	4:1b0d80432c79	8855	XMEMSET(responses, 0, sizeof(responses));
wolfSSL	4:1b0d80432c79	8856
wolfSSL	4:1b0d80432c79	8857	/* unable to fetch status. skip. */
wolfSSL	4:1b0d80432c79	8858	if (ssl->ctx->cm == NULL \|\| ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL	4:1b0d80432c79	8859	return 0;
wolfSSL	4:1b0d80432c79	8860
wolfSSL	4:1b0d80432c79	8861	if (!request \|\| ssl->buffers.weOwnCert) {
wolfSSL	4:1b0d80432c79	8862	DerBuffer* der = ssl->buffers.certificate;
wolfSSL	4:1b0d80432c79	8863	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8864	DecodedCert* cert = NULL;
wolfSSL	4:1b0d80432c79	8865	#else
wolfSSL	4:1b0d80432c79	8866	DecodedCert cert[1];
wolfSSL	4:1b0d80432c79	8867	#endif
wolfSSL	4:1b0d80432c79	8868
wolfSSL	4:1b0d80432c79	8869	/* unable to fetch status. skip. */
wolfSSL	4:1b0d80432c79	8870	if (der->buffer == NULL \|\| der->length == 0)
wolfSSL	4:1b0d80432c79	8871	return 0;
wolfSSL	4:1b0d80432c79	8872
wolfSSL	4:1b0d80432c79	8873	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8874	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL	4:1b0d80432c79	8875	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8876	if (cert == NULL)
wolfSSL	4:1b0d80432c79	8877	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8878	#endif
wolfSSL	4:1b0d80432c79	8879
wolfSSL	4:1b0d80432c79	8880	InitDecodedCert(cert, der->buffer, der->length, NULL);
wolfSSL	4:1b0d80432c79	8881
wolfSSL	4:1b0d80432c79	8882	if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL	4:1b0d80432c79	8883	ssl->ctx->cm)) != 0) {
wolfSSL	4:1b0d80432c79	8884	WOLFSSL_MSG("ParseCert failed");
wolfSSL	4:1b0d80432c79	8885	}
wolfSSL	4:1b0d80432c79	8886	else {
wolfSSL	4:1b0d80432c79	8887	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
wolfSSL	4:1b0d80432c79	8888	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8889	if (request == NULL) {
wolfSSL	4:1b0d80432c79	8890	FreeDecodedCert(cert);
wolfSSL	4:1b0d80432c79	8891
wolfSSL	4:1b0d80432c79	8892	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8893	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8894	#endif
wolfSSL	4:1b0d80432c79	8895
wolfSSL	4:1b0d80432c79	8896	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8897	}
wolfSSL	4:1b0d80432c79	8898
wolfSSL	4:1b0d80432c79	8899	ret = InitOcspRequest(request, cert, 0);
wolfSSL	4:1b0d80432c79	8900	if (ret != 0) {
wolfSSL	4:1b0d80432c79	8901	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8902	}
wolfSSL	4:1b0d80432c79	8903	else if (!ssl->buffers.weOwnCert && 0 == LockMutex(
wolfSSL	4:1b0d80432c79	8904	&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL	4:1b0d80432c79	8905	if (!ssl->ctx->certOcspRequest)
wolfSSL	4:1b0d80432c79	8906	ssl->ctx->certOcspRequest = request;
wolfSSL	4:1b0d80432c79	8907
wolfSSL	4:1b0d80432c79	8908	UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL	4:1b0d80432c79	8909	}
wolfSSL	4:1b0d80432c79	8910	}
wolfSSL	4:1b0d80432c79	8911
wolfSSL	4:1b0d80432c79	8912	FreeDecodedCert(cert);
wolfSSL	4:1b0d80432c79	8913
wolfSSL	4:1b0d80432c79	8914	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8915	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8916	#endif
wolfSSL	4:1b0d80432c79	8917	}
wolfSSL	4:1b0d80432c79	8918
wolfSSL	4:1b0d80432c79	8919	if (ret == 0) {
wolfSSL	4:1b0d80432c79	8920	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL	4:1b0d80432c79	8921	&responses[0]);
wolfSSL	4:1b0d80432c79	8922
wolfSSL	4:1b0d80432c79	8923	/* Suppressing, not critical */
wolfSSL	4:1b0d80432c79	8924	if (ret == OCSP_CERT_REVOKED
wolfSSL	4:1b0d80432c79	8925	\|\| ret == OCSP_CERT_UNKNOWN
wolfSSL	4:1b0d80432c79	8926	\|\| ret == OCSP_LOOKUP_FAIL)
wolfSSL	4:1b0d80432c79	8927	ret = 0;
wolfSSL	4:1b0d80432c79	8928	}
wolfSSL	4:1b0d80432c79	8929
wolfSSL	4:1b0d80432c79	8930	if (request != ssl->ctx->certOcspRequest)
wolfSSL	4:1b0d80432c79	8931	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8932
wolfSSL	4:1b0d80432c79	8933	if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
wolfSSL	4:1b0d80432c79	8934	\|\| ssl->buffers.weOwnCertChain)) {
wolfSSL	4:1b0d80432c79	8935	buffer der;
wolfSSL	4:1b0d80432c79	8936	word32 idx = 0;
wolfSSL	4:1b0d80432c79	8937	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8938	DecodedCert* cert = NULL;
wolfSSL	4:1b0d80432c79	8939	#else
wolfSSL	4:1b0d80432c79	8940	DecodedCert cert[1];
wolfSSL	4:1b0d80432c79	8941	#endif
wolfSSL	4:1b0d80432c79	8942
wolfSSL	4:1b0d80432c79	8943	XMEMSET(&der, 0, sizeof(buffer));
wolfSSL	4:1b0d80432c79	8944
wolfSSL	4:1b0d80432c79	8945	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	8946	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL	4:1b0d80432c79	8947	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	8948	if (cert == NULL)
wolfSSL	4:1b0d80432c79	8949	return MEMORY_E;
wolfSSL	4:1b0d80432c79	8950	#endif
wolfSSL	4:1b0d80432c79	8951
wolfSSL	4:1b0d80432c79	8952	while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {
wolfSSL	4:1b0d80432c79	8953	c24to32(ssl->buffers.certChain->buffer + idx, &der.length);
wolfSSL	4:1b0d80432c79	8954	idx += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	8955
wolfSSL	4:1b0d80432c79	8956	der.buffer = ssl->buffers.certChain->buffer + idx;
wolfSSL	4:1b0d80432c79	8957	idx += der.length;
wolfSSL	4:1b0d80432c79	8958
wolfSSL	4:1b0d80432c79	8959	if (idx > ssl->buffers.certChain->length)
wolfSSL	4:1b0d80432c79	8960	break;
wolfSSL	4:1b0d80432c79	8961
wolfSSL	4:1b0d80432c79	8962	InitDecodedCert(cert, der.buffer, der.length, NULL);
wolfSSL	4:1b0d80432c79	8963
wolfSSL	4:1b0d80432c79	8964	if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL	4:1b0d80432c79	8965	ssl->ctx->cm)) != 0) {
wolfSSL	4:1b0d80432c79	8966	WOLFSSL_MSG("ParseCert failed");
wolfSSL	4:1b0d80432c79	8967	break;
wolfSSL	4:1b0d80432c79	8968	}
wolfSSL	4:1b0d80432c79	8969	else {
wolfSSL	4:1b0d80432c79	8970	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL	4:1b0d80432c79	8971	NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8972	if (request == NULL) {
wolfSSL	4:1b0d80432c79	8973	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	8974	break;
wolfSSL	4:1b0d80432c79	8975	}
wolfSSL	4:1b0d80432c79	8976
wolfSSL	4:1b0d80432c79	8977	ret = InitOcspRequest(request, cert, 0);
wolfSSL	4:1b0d80432c79	8978	if (ret != 0) {
wolfSSL	4:1b0d80432c79	8979	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	8980	break;
wolfSSL	4:1b0d80432c79	8981	}
wolfSSL	4:1b0d80432c79	8982	else if (!ssl->buffers.weOwnCertChain && 0 ==
wolfSSL	4:1b0d80432c79	8983	LockMutex(
wolfSSL	4:1b0d80432c79	8984	&ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL	4:1b0d80432c79	8985	if (!ssl->ctx->chainOcspRequest[i])
wolfSSL	4:1b0d80432c79	8986	ssl->ctx->chainOcspRequest[i] = request;
wolfSSL	4:1b0d80432c79	8987
wolfSSL	4:1b0d80432c79	8988	UnLockMutex(
wolfSSL	4:1b0d80432c79	8989	&ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL	4:1b0d80432c79	8990	}
wolfSSL	4:1b0d80432c79	8991
wolfSSL	4:1b0d80432c79	8992	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL	4:1b0d80432c79	8993	request, &responses[i + 1]);
wolfSSL	4:1b0d80432c79	8994
wolfSSL	4:1b0d80432c79	8995	/* Suppressing, not critical */
wolfSSL	4:1b0d80432c79	8996	if (ret == OCSP_CERT_REVOKED
wolfSSL	4:1b0d80432c79	8997	\|\| ret == OCSP_CERT_UNKNOWN
wolfSSL	4:1b0d80432c79	8998	\|\| ret == OCSP_LOOKUP_FAIL)
wolfSSL	4:1b0d80432c79	8999	ret = 0;
wolfSSL	4:1b0d80432c79	9000
wolfSSL	4:1b0d80432c79	9001	if (request != ssl->ctx->chainOcspRequest[i])
wolfSSL	4:1b0d80432c79	9002	XFREE(request, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	4:1b0d80432c79	9003
wolfSSL	4:1b0d80432c79	9004	i++;
wolfSSL	4:1b0d80432c79	9005	}
wolfSSL	4:1b0d80432c79	9006
wolfSSL	4:1b0d80432c79	9007	FreeDecodedCert(cert);
wolfSSL	4:1b0d80432c79	9008	}
wolfSSL	4:1b0d80432c79	9009
wolfSSL	4:1b0d80432c79	9010	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	9011	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	9012	#endif
wolfSSL	4:1b0d80432c79	9013	}
wolfSSL	4:1b0d80432c79	9014	else {
wolfSSL	4:1b0d80432c79	9015	while (ret == 0 &&
wolfSSL	4:1b0d80432c79	9016	NULL != (request = ssl->ctx->chainOcspRequest[i])) {
wolfSSL	4:1b0d80432c79	9017	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL	4:1b0d80432c79	9018	request, &responses[++i]);
wolfSSL	4:1b0d80432c79	9019
wolfSSL	4:1b0d80432c79	9020	/* Suppressing, not critical */
wolfSSL	4:1b0d80432c79	9021	if (ret == OCSP_CERT_REVOKED
wolfSSL	4:1b0d80432c79	9022	\|\| ret == OCSP_CERT_UNKNOWN
wolfSSL	4:1b0d80432c79	9023	\|\| ret == OCSP_LOOKUP_FAIL)
wolfSSL	4:1b0d80432c79	9024	ret = 0;
wolfSSL	4:1b0d80432c79	9025	}
wolfSSL	4:1b0d80432c79	9026	}
wolfSSL	4:1b0d80432c79	9027
wolfSSL	4:1b0d80432c79	9028	if (responses[0].buffer) {
wolfSSL	4:1b0d80432c79	9029	if (ret == 0)
wolfSSL	4:1b0d80432c79	9030	ret = BuildCertificateStatus(ssl, status_type,
wolfSSL	4:1b0d80432c79	9031	responses, i + 1);
wolfSSL	4:1b0d80432c79	9032
wolfSSL	4:1b0d80432c79	9033	for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
wolfSSL	4:1b0d80432c79	9034	if (responses[i].buffer)
wolfSSL	4:1b0d80432c79	9035	XFREE(responses[i].buffer, NULL,
wolfSSL	4:1b0d80432c79	9036	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	9037	}
wolfSSL	4:1b0d80432c79	9038	}
wolfSSL	4:1b0d80432c79	9039	break;
wolfSSL	4:1b0d80432c79	9040
wolfSSL	4:1b0d80432c79	9041	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	4:1b0d80432c79	9042
wolfSSL	4:1b0d80432c79	9043	default:
wolfSSL	4:1b0d80432c79	9044	break;
wolfSSL	4:1b0d80432c79	9045	}
wolfSSL	4:1b0d80432c79	9046
wolfSSL	4:1b0d80432c79	9047	return ret;
wolfSSL	4:1b0d80432c79	9048	}
wolfSSL	4:1b0d80432c79	9049
wolfSSL	4:1b0d80432c79	9050	#endif /* !NO_CERTS */
wolfSSL	4:1b0d80432c79	9051
wolfSSL	4:1b0d80432c79	9052
wolfSSL	4:1b0d80432c79	9053	int SendData(WOLFSSL* ssl, const void* data, int sz)
wolfSSL	4:1b0d80432c79	9054	{
wolfSSL	4:1b0d80432c79	9055	int sent = 0, /* plainText size */
wolfSSL	4:1b0d80432c79	9056	sendSz,
wolfSSL	4:1b0d80432c79	9057	ret,
wolfSSL	4:1b0d80432c79	9058	dtlsExtra = 0;
wolfSSL	4:1b0d80432c79	9059
wolfSSL	4:1b0d80432c79	9060	if (ssl->error == WANT_WRITE)
wolfSSL	4:1b0d80432c79	9061	ssl->error = 0;
wolfSSL	4:1b0d80432c79	9062
wolfSSL	4:1b0d80432c79	9063	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	4:1b0d80432c79	9064	int err;
wolfSSL	4:1b0d80432c79	9065	WOLFSSL_MSG("handshake not complete, trying to finish");
wolfSSL	4:1b0d80432c79	9066	if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	9067	return err;
wolfSSL	4:1b0d80432c79	9068	}
wolfSSL	4:1b0d80432c79	9069
wolfSSL	4:1b0d80432c79	9070	/* last time system socket output buffer was full, try again to send */
wolfSSL	4:1b0d80432c79	9071	if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	4:1b0d80432c79	9072	WOLFSSL_MSG("output buffer was full, trying to send again");
wolfSSL	4:1b0d80432c79	9073	if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL	4:1b0d80432c79	9074	WOLFSSL_ERROR(ssl->error);
wolfSSL	4:1b0d80432c79	9075	if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL	4:1b0d80432c79	9076	return 0; /* peer reset */
wolfSSL	4:1b0d80432c79	9077	return ssl->error;
wolfSSL	4:1b0d80432c79	9078	}
wolfSSL	4:1b0d80432c79	9079	else {
wolfSSL	4:1b0d80432c79	9080	/* advance sent to previous sent + plain size just sent */
wolfSSL	4:1b0d80432c79	9081	sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL	4:1b0d80432c79	9082	WOLFSSL_MSG("sent write buffered data");
wolfSSL	4:1b0d80432c79	9083
wolfSSL	4:1b0d80432c79	9084	if (sent > sz) {
wolfSSL	4:1b0d80432c79	9085	WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
wolfSSL	4:1b0d80432c79	9086	return ssl->error = BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	9087	}
wolfSSL	4:1b0d80432c79	9088	}
wolfSSL	4:1b0d80432c79	9089	}
wolfSSL	4:1b0d80432c79	9090
wolfSSL	4:1b0d80432c79	9091	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	9092	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	9093	dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	9094	}
wolfSSL	4:1b0d80432c79	9095	#endif
wolfSSL	4:1b0d80432c79	9096
wolfSSL	4:1b0d80432c79	9097	for (;;) {
wolfSSL	4:1b0d80432c79	9098	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	4:1b0d80432c79	9099	int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE));
wolfSSL	4:1b0d80432c79	9100	#else
wolfSSL	4:1b0d80432c79	9101	int len = min(sz - sent, OUTPUT_RECORD_SIZE);
wolfSSL	4:1b0d80432c79	9102	#endif
wolfSSL	4:1b0d80432c79	9103	byte* out;
wolfSSL	4:1b0d80432c79	9104	byte* sendBuffer = (byte)data + sent; / may switch on comp */
wolfSSL	4:1b0d80432c79	9105	int buffSz = len; /* may switch on comp */
wolfSSL	4:1b0d80432c79	9106	int outputSz;
wolfSSL	4:1b0d80432c79	9107	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	9108	byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	4:1b0d80432c79	9109	#endif
wolfSSL	4:1b0d80432c79	9110
wolfSSL	4:1b0d80432c79	9111	if (sent == sz) break;
wolfSSL	4:1b0d80432c79	9112
wolfSSL	4:1b0d80432c79	9113	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	9114	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	9115	len = min(len, MAX_UDP_SIZE);
wolfSSL	4:1b0d80432c79	9116	buffSz = len;
wolfSSL	4:1b0d80432c79	9117	}
wolfSSL	4:1b0d80432c79	9118	#endif
wolfSSL	4:1b0d80432c79	9119
wolfSSL	4:1b0d80432c79	9120	/* check for available size */
wolfSSL	4:1b0d80432c79	9121	outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	9122	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	4:1b0d80432c79	9123	return ssl->error = ret;
wolfSSL	4:1b0d80432c79	9124
wolfSSL	4:1b0d80432c79	9125	/* get output buffer */
wolfSSL	4:1b0d80432c79	9126	out = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	9127	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	9128
wolfSSL	4:1b0d80432c79	9129	#ifdef HAVE_LIBZ
wolfSSL	4:1b0d80432c79	9130	if (ssl->options.usingCompression) {
wolfSSL	4:1b0d80432c79	9131	buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL	4:1b0d80432c79	9132	if (buffSz < 0) {
wolfSSL	4:1b0d80432c79	9133	return buffSz;
wolfSSL	4:1b0d80432c79	9134	}
wolfSSL	4:1b0d80432c79	9135	sendBuffer = comp;
wolfSSL	4:1b0d80432c79	9136	}
wolfSSL	4:1b0d80432c79	9137	#endif
wolfSSL	4:1b0d80432c79	9138	sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL	4:1b0d80432c79	9139	application_data, 0);
wolfSSL	4:1b0d80432c79	9140	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	9141	return BUILD_MSG_ERROR;
wolfSSL	4:1b0d80432c79	9142
wolfSSL	4:1b0d80432c79	9143	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	9144
wolfSSL	4:1b0d80432c79	9145	if ( (ret = SendBuffered(ssl)) < 0) {
wolfSSL	4:1b0d80432c79	9146	WOLFSSL_ERROR(ret);
wolfSSL	4:1b0d80432c79	9147	/* store for next call if WANT_WRITE or user embedSend() that
wolfSSL	4:1b0d80432c79	9148	doesn't present like WANT_WRITE */
wolfSSL	4:1b0d80432c79	9149	ssl->buffers.plainSz = len;
wolfSSL	4:1b0d80432c79	9150	ssl->buffers.prevSent = sent;
wolfSSL	4:1b0d80432c79	9151	if (ret == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL	4:1b0d80432c79	9152	return 0; /* peer reset */
wolfSSL	4:1b0d80432c79	9153	return ssl->error = ret;
wolfSSL	4:1b0d80432c79	9154	}
wolfSSL	4:1b0d80432c79	9155
wolfSSL	4:1b0d80432c79	9156	sent += len;
wolfSSL	4:1b0d80432c79	9157
wolfSSL	4:1b0d80432c79	9158	/* only one message per attempt */
wolfSSL	4:1b0d80432c79	9159	if (ssl->options.partialWrite == 1) {
wolfSSL	4:1b0d80432c79	9160	WOLFSSL_MSG("Paritial Write on, only sending one record");
wolfSSL	4:1b0d80432c79	9161	break;
wolfSSL	4:1b0d80432c79	9162	}
wolfSSL	4:1b0d80432c79	9163	}
wolfSSL	4:1b0d80432c79	9164
wolfSSL	4:1b0d80432c79	9165	return sent;
wolfSSL	4:1b0d80432c79	9166	}
wolfSSL	4:1b0d80432c79	9167
wolfSSL	4:1b0d80432c79	9168	/* process input data */
wolfSSL	4:1b0d80432c79	9169	int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
wolfSSL	4:1b0d80432c79	9170	{
wolfSSL	4:1b0d80432c79	9171	int size;
wolfSSL	4:1b0d80432c79	9172
wolfSSL	4:1b0d80432c79	9173	WOLFSSL_ENTER("ReceiveData()");
wolfSSL	4:1b0d80432c79	9174
wolfSSL	4:1b0d80432c79	9175	if (ssl->error == WANT_READ)
wolfSSL	4:1b0d80432c79	9176	ssl->error = 0;
wolfSSL	4:1b0d80432c79	9177
wolfSSL	4:1b0d80432c79	9178	if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL	4:1b0d80432c79	9179	WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
wolfSSL	4:1b0d80432c79	9180	return ssl->error;
wolfSSL	4:1b0d80432c79	9181	}
wolfSSL	4:1b0d80432c79	9182
wolfSSL	4:1b0d80432c79	9183	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	4:1b0d80432c79	9184	int err;
wolfSSL	4:1b0d80432c79	9185	WOLFSSL_MSG("Handshake not complete, trying to finish");
wolfSSL	4:1b0d80432c79	9186	if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	9187	return err;
wolfSSL	4:1b0d80432c79	9188	}
wolfSSL	4:1b0d80432c79	9189
wolfSSL	4:1b0d80432c79	9190	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	9191	startScr:
wolfSSL	4:1b0d80432c79	9192	if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
wolfSSL	4:1b0d80432c79	9193	int err;
wolfSSL	4:1b0d80432c79	9194	ssl->secure_renegotiation->startScr = 0; /* only start once */
wolfSSL	4:1b0d80432c79	9195	WOLFSSL_MSG("Need to start scr, server requested");
wolfSSL	4:1b0d80432c79	9196	if ( (err = wolfSSL_Rehandshake(ssl)) != SSL_SUCCESS)
wolfSSL	4:1b0d80432c79	9197	return err;
wolfSSL	4:1b0d80432c79	9198	}
wolfSSL	4:1b0d80432c79	9199	#endif
wolfSSL	4:1b0d80432c79	9200
wolfSSL	4:1b0d80432c79	9201	while (ssl->buffers.clearOutputBuffer.length == 0) {
wolfSSL	4:1b0d80432c79	9202	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	4:1b0d80432c79	9203	WOLFSSL_ERROR(ssl->error);
wolfSSL	4:1b0d80432c79	9204	if (ssl->error == ZERO_RETURN) {
wolfSSL	4:1b0d80432c79	9205	WOLFSSL_MSG("Zero return, no more data coming");
wolfSSL	4:1b0d80432c79	9206	return 0; /* no more data coming */
wolfSSL	4:1b0d80432c79	9207	}
wolfSSL	4:1b0d80432c79	9208	if (ssl->error == SOCKET_ERROR_E) {
wolfSSL	4:1b0d80432c79	9209	if (ssl->options.connReset \|\| ssl->options.isClosed) {
wolfSSL	4:1b0d80432c79	9210	WOLFSSL_MSG("Peer reset or closed, connection done");
wolfSSL	4:1b0d80432c79	9211	ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL	4:1b0d80432c79	9212	WOLFSSL_ERROR(ssl->error);
wolfSSL	4:1b0d80432c79	9213	return 0; /* peer reset or closed */
wolfSSL	4:1b0d80432c79	9214	}
wolfSSL	4:1b0d80432c79	9215	}
wolfSSL	4:1b0d80432c79	9216	return ssl->error;
wolfSSL	4:1b0d80432c79	9217	}
wolfSSL	4:1b0d80432c79	9218	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	9219	if (ssl->secure_renegotiation &&
wolfSSL	4:1b0d80432c79	9220	ssl->secure_renegotiation->startScr) {
wolfSSL	4:1b0d80432c79	9221	goto startScr;
wolfSSL	4:1b0d80432c79	9222	}
wolfSSL	4:1b0d80432c79	9223	#endif
wolfSSL	4:1b0d80432c79	9224	}
wolfSSL	4:1b0d80432c79	9225
wolfSSL	4:1b0d80432c79	9226	if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL	4:1b0d80432c79	9227	size = sz;
wolfSSL	4:1b0d80432c79	9228	else
wolfSSL	4:1b0d80432c79	9229	size = ssl->buffers.clearOutputBuffer.length;
wolfSSL	4:1b0d80432c79	9230
wolfSSL	4:1b0d80432c79	9231	XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL	4:1b0d80432c79	9232
wolfSSL	4:1b0d80432c79	9233	if (peek == 0) {
wolfSSL	4:1b0d80432c79	9234	ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL	4:1b0d80432c79	9235	ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL	4:1b0d80432c79	9236	}
wolfSSL	4:1b0d80432c79	9237
wolfSSL	4:1b0d80432c79	9238	if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL	4:1b0d80432c79	9239	ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	4:1b0d80432c79	9240	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	4:1b0d80432c79	9241
wolfSSL	4:1b0d80432c79	9242	WOLFSSL_LEAVE("ReceiveData()", size);
wolfSSL	4:1b0d80432c79	9243	return size;
wolfSSL	4:1b0d80432c79	9244	}
wolfSSL	4:1b0d80432c79	9245
wolfSSL	4:1b0d80432c79	9246
wolfSSL	4:1b0d80432c79	9247	/* send alert message */
wolfSSL	4:1b0d80432c79	9248	int SendAlert(WOLFSSL* ssl, int severity, int type)
wolfSSL	4:1b0d80432c79	9249	{
wolfSSL	4:1b0d80432c79	9250	byte input[ALERT_SIZE];
wolfSSL	4:1b0d80432c79	9251	byte *output;
wolfSSL	4:1b0d80432c79	9252	int sendSz;
wolfSSL	4:1b0d80432c79	9253	int ret;
wolfSSL	4:1b0d80432c79	9254	int outputSz;
wolfSSL	4:1b0d80432c79	9255	int dtlsExtra = 0;
wolfSSL	4:1b0d80432c79	9256
wolfSSL	4:1b0d80432c79	9257	/* if sendalert is called again for nonblocking */
wolfSSL	4:1b0d80432c79	9258	if (ssl->options.sendAlertState != 0) {
wolfSSL	4:1b0d80432c79	9259	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	9260	if (ret == 0)
wolfSSL	4:1b0d80432c79	9261	ssl->options.sendAlertState = 0;
wolfSSL	4:1b0d80432c79	9262	return ret;
wolfSSL	4:1b0d80432c79	9263	}
wolfSSL	4:1b0d80432c79	9264
wolfSSL	4:1b0d80432c79	9265	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	9266	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	9267	dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	9268	#endif
wolfSSL	4:1b0d80432c79	9269
wolfSSL	4:1b0d80432c79	9270	/* check for available size */
wolfSSL	4:1b0d80432c79	9271	outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
wolfSSL	4:1b0d80432c79	9272	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	4:1b0d80432c79	9273	return ret;
wolfSSL	4:1b0d80432c79	9274
wolfSSL	4:1b0d80432c79	9275	/* get output buffer */
wolfSSL	4:1b0d80432c79	9276	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	9277	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	9278
wolfSSL	4:1b0d80432c79	9279	input[0] = (byte)severity;
wolfSSL	4:1b0d80432c79	9280	input[1] = (byte)type;
wolfSSL	4:1b0d80432c79	9281	ssl->alert_history.last_tx.code = type;
wolfSSL	4:1b0d80432c79	9282	ssl->alert_history.last_tx.level = severity;
wolfSSL	4:1b0d80432c79	9283	if (severity == alert_fatal) {
wolfSSL	4:1b0d80432c79	9284	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	4:1b0d80432c79	9285	}
wolfSSL	4:1b0d80432c79	9286
wolfSSL	4:1b0d80432c79	9287	/* only send encrypted alert if handshake actually complete, otherwise
wolfSSL	4:1b0d80432c79	9288	other side may not be able to handle it */
wolfSSL	4:1b0d80432c79	9289	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
wolfSSL	4:1b0d80432c79	9290	sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,alert,0);
wolfSSL	4:1b0d80432c79	9291	else {
wolfSSL	4:1b0d80432c79	9292
wolfSSL	4:1b0d80432c79	9293	AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL	4:1b0d80432c79	9294	output += RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	9295	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	9296	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	9297	output += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	9298	#endif
wolfSSL	4:1b0d80432c79	9299	XMEMCPY(output, input, ALERT_SIZE);
wolfSSL	4:1b0d80432c79	9300
wolfSSL	4:1b0d80432c79	9301	sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL	4:1b0d80432c79	9302	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	9303	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	9304	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	9305	#endif
wolfSSL	4:1b0d80432c79	9306	}
wolfSSL	4:1b0d80432c79	9307	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	9308	return BUILD_MSG_ERROR;
wolfSSL	4:1b0d80432c79	9309
wolfSSL	4:1b0d80432c79	9310	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	9311	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	9312	AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	9313	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	9314	AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
wolfSSL	4:1b0d80432c79	9315	#endif
wolfSSL	4:1b0d80432c79	9316
wolfSSL	4:1b0d80432c79	9317	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	9318	ssl->options.sendAlertState = 1;
wolfSSL	4:1b0d80432c79	9319
wolfSSL	4:1b0d80432c79	9320	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	9321	}
wolfSSL	4:1b0d80432c79	9322
wolfSSL	4:1b0d80432c79	9323	const char* wolfSSL_ERR_reason_error_string(unsigned long e)
wolfSSL	4:1b0d80432c79	9324	{
wolfSSL	4:1b0d80432c79	9325	#ifdef NO_ERROR_STRINGS
wolfSSL	4:1b0d80432c79	9326
wolfSSL	4:1b0d80432c79	9327	(void)e;
wolfSSL	4:1b0d80432c79	9328	return "no support for error strings built in";
wolfSSL	4:1b0d80432c79	9329
wolfSSL	4:1b0d80432c79	9330	#else
wolfSSL	4:1b0d80432c79	9331
wolfSSL	4:1b0d80432c79	9332	int error = (int)e;
wolfSSL	4:1b0d80432c79	9333
wolfSSL	4:1b0d80432c79	9334	/* pass to wolfCrypt */
wolfSSL	4:1b0d80432c79	9335	if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL	4:1b0d80432c79	9336	return wc_GetErrorString(error);
wolfSSL	4:1b0d80432c79	9337	}
wolfSSL	4:1b0d80432c79	9338
wolfSSL	4:1b0d80432c79	9339	switch (error) {
wolfSSL	4:1b0d80432c79	9340
wolfSSL	4:1b0d80432c79	9341	case UNSUPPORTED_SUITE :
wolfSSL	4:1b0d80432c79	9342	return "unsupported cipher suite";
wolfSSL	4:1b0d80432c79	9343
wolfSSL	4:1b0d80432c79	9344	case INPUT_CASE_ERROR :
wolfSSL	4:1b0d80432c79	9345	return "input state error";
wolfSSL	4:1b0d80432c79	9346
wolfSSL	4:1b0d80432c79	9347	case PREFIX_ERROR :
wolfSSL	4:1b0d80432c79	9348	return "bad index to key rounds";
wolfSSL	4:1b0d80432c79	9349
wolfSSL	4:1b0d80432c79	9350	case MEMORY_ERROR :
wolfSSL	4:1b0d80432c79	9351	return "out of memory";
wolfSSL	4:1b0d80432c79	9352
wolfSSL	4:1b0d80432c79	9353	case VERIFY_FINISHED_ERROR :
wolfSSL	4:1b0d80432c79	9354	return "verify problem on finished";
wolfSSL	4:1b0d80432c79	9355
wolfSSL	4:1b0d80432c79	9356	case VERIFY_MAC_ERROR :
wolfSSL	4:1b0d80432c79	9357	return "verify mac problem";
wolfSSL	4:1b0d80432c79	9358
wolfSSL	4:1b0d80432c79	9359	case PARSE_ERROR :
wolfSSL	4:1b0d80432c79	9360	return "parse error on header";
wolfSSL	4:1b0d80432c79	9361
wolfSSL	4:1b0d80432c79	9362	case SIDE_ERROR :
wolfSSL	4:1b0d80432c79	9363	return "wrong client/server type";
wolfSSL	4:1b0d80432c79	9364
wolfSSL	4:1b0d80432c79	9365	case NO_PEER_CERT :
wolfSSL	4:1b0d80432c79	9366	return "peer didn't send cert";
wolfSSL	4:1b0d80432c79	9367
wolfSSL	4:1b0d80432c79	9368	case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL	4:1b0d80432c79	9369	return "weird handshake type";
wolfSSL	4:1b0d80432c79	9370
wolfSSL	4:1b0d80432c79	9371	case SOCKET_ERROR_E :
wolfSSL	4:1b0d80432c79	9372	return "error state on socket";
wolfSSL	4:1b0d80432c79	9373
wolfSSL	4:1b0d80432c79	9374	case SOCKET_NODATA :
wolfSSL	4:1b0d80432c79	9375	return "expected data, not there";
wolfSSL	4:1b0d80432c79	9376
wolfSSL	4:1b0d80432c79	9377	case INCOMPLETE_DATA :
wolfSSL	4:1b0d80432c79	9378	return "don't have enough data to complete task";
wolfSSL	4:1b0d80432c79	9379
wolfSSL	4:1b0d80432c79	9380	case UNKNOWN_RECORD_TYPE :
wolfSSL	4:1b0d80432c79	9381	return "unknown type in record hdr";
wolfSSL	4:1b0d80432c79	9382
wolfSSL	4:1b0d80432c79	9383	case DECRYPT_ERROR :
wolfSSL	4:1b0d80432c79	9384	return "error during decryption";
wolfSSL	4:1b0d80432c79	9385
wolfSSL	4:1b0d80432c79	9386	case FATAL_ERROR :
wolfSSL	4:1b0d80432c79	9387	return "revcd alert fatal error";
wolfSSL	4:1b0d80432c79	9388
wolfSSL	4:1b0d80432c79	9389	case ENCRYPT_ERROR :
wolfSSL	4:1b0d80432c79	9390	return "error during encryption";
wolfSSL	4:1b0d80432c79	9391
wolfSSL	4:1b0d80432c79	9392	case FREAD_ERROR :
wolfSSL	4:1b0d80432c79	9393	return "fread problem";
wolfSSL	4:1b0d80432c79	9394
wolfSSL	4:1b0d80432c79	9395	case NO_PEER_KEY :
wolfSSL	4:1b0d80432c79	9396	return "need peer's key";
wolfSSL	4:1b0d80432c79	9397
wolfSSL	4:1b0d80432c79	9398	case NO_PRIVATE_KEY :
wolfSSL	4:1b0d80432c79	9399	return "need the private key";
wolfSSL	4:1b0d80432c79	9400
wolfSSL	4:1b0d80432c79	9401	case NO_DH_PARAMS :
wolfSSL	4:1b0d80432c79	9402	return "server missing DH params";
wolfSSL	4:1b0d80432c79	9403
wolfSSL	4:1b0d80432c79	9404	case RSA_PRIVATE_ERROR :
wolfSSL	4:1b0d80432c79	9405	return "error during rsa priv op";
wolfSSL	4:1b0d80432c79	9406
wolfSSL	4:1b0d80432c79	9407	case MATCH_SUITE_ERROR :
wolfSSL	4:1b0d80432c79	9408	return "can't match cipher suite";
wolfSSL	4:1b0d80432c79	9409
wolfSSL	4:1b0d80432c79	9410	case BUILD_MSG_ERROR :
wolfSSL	4:1b0d80432c79	9411	return "build message failure";
wolfSSL	4:1b0d80432c79	9412
wolfSSL	4:1b0d80432c79	9413	case BAD_HELLO :
wolfSSL	4:1b0d80432c79	9414	return "client hello malformed";
wolfSSL	4:1b0d80432c79	9415
wolfSSL	4:1b0d80432c79	9416	case DOMAIN_NAME_MISMATCH :
wolfSSL	4:1b0d80432c79	9417	return "peer subject name mismatch";
wolfSSL	4:1b0d80432c79	9418
wolfSSL	4:1b0d80432c79	9419	case WANT_READ :
wolfSSL	4:1b0d80432c79	9420	case SSL_ERROR_WANT_READ :
wolfSSL	4:1b0d80432c79	9421	return "non-blocking socket wants data to be read";
wolfSSL	4:1b0d80432c79	9422
wolfSSL	4:1b0d80432c79	9423	case NOT_READY_ERROR :
wolfSSL	4:1b0d80432c79	9424	return "handshake layer not ready yet, complete first";
wolfSSL	4:1b0d80432c79	9425
wolfSSL	4:1b0d80432c79	9426	case PMS_VERSION_ERROR :
wolfSSL	4:1b0d80432c79	9427	return "premaster secret version mismatch error";
wolfSSL	4:1b0d80432c79	9428
wolfSSL	4:1b0d80432c79	9429	case VERSION_ERROR :
wolfSSL	4:1b0d80432c79	9430	return "record layer version error";
wolfSSL	4:1b0d80432c79	9431
wolfSSL	4:1b0d80432c79	9432	case WANT_WRITE :
wolfSSL	4:1b0d80432c79	9433	case SSL_ERROR_WANT_WRITE :
wolfSSL	4:1b0d80432c79	9434	return "non-blocking socket write buffer full";
wolfSSL	4:1b0d80432c79	9435
wolfSSL	4:1b0d80432c79	9436	case BUFFER_ERROR :
wolfSSL	4:1b0d80432c79	9437	return "malformed buffer input error";
wolfSSL	4:1b0d80432c79	9438
wolfSSL	4:1b0d80432c79	9439	case VERIFY_CERT_ERROR :
wolfSSL	4:1b0d80432c79	9440	return "verify problem on certificate";
wolfSSL	4:1b0d80432c79	9441
wolfSSL	4:1b0d80432c79	9442	case VERIFY_SIGN_ERROR :
wolfSSL	4:1b0d80432c79	9443	return "verify problem based on signature";
wolfSSL	4:1b0d80432c79	9444
wolfSSL	4:1b0d80432c79	9445	case CLIENT_ID_ERROR :
wolfSSL	4:1b0d80432c79	9446	return "psk client identity error";
wolfSSL	4:1b0d80432c79	9447
wolfSSL	4:1b0d80432c79	9448	case SERVER_HINT_ERROR:
wolfSSL	4:1b0d80432c79	9449	return "psk server hint error";
wolfSSL	4:1b0d80432c79	9450
wolfSSL	4:1b0d80432c79	9451	case PSK_KEY_ERROR:
wolfSSL	4:1b0d80432c79	9452	return "psk key callback error";
wolfSSL	4:1b0d80432c79	9453
wolfSSL	4:1b0d80432c79	9454	case NTRU_KEY_ERROR:
wolfSSL	4:1b0d80432c79	9455	return "NTRU key error";
wolfSSL	4:1b0d80432c79	9456
wolfSSL	4:1b0d80432c79	9457	case NTRU_DRBG_ERROR:
wolfSSL	4:1b0d80432c79	9458	return "NTRU drbg error";
wolfSSL	4:1b0d80432c79	9459
wolfSSL	4:1b0d80432c79	9460	case NTRU_ENCRYPT_ERROR:
wolfSSL	4:1b0d80432c79	9461	return "NTRU encrypt error";
wolfSSL	4:1b0d80432c79	9462
wolfSSL	4:1b0d80432c79	9463	case NTRU_DECRYPT_ERROR:
wolfSSL	4:1b0d80432c79	9464	return "NTRU decrypt error";
wolfSSL	4:1b0d80432c79	9465
wolfSSL	4:1b0d80432c79	9466	case ZLIB_INIT_ERROR:
wolfSSL	4:1b0d80432c79	9467	return "zlib init error";
wolfSSL	4:1b0d80432c79	9468
wolfSSL	4:1b0d80432c79	9469	case ZLIB_COMPRESS_ERROR:
wolfSSL	4:1b0d80432c79	9470	return "zlib compress error";
wolfSSL	4:1b0d80432c79	9471
wolfSSL	4:1b0d80432c79	9472	case ZLIB_DECOMPRESS_ERROR:
wolfSSL	4:1b0d80432c79	9473	return "zlib decompress error";
wolfSSL	4:1b0d80432c79	9474
wolfSSL	4:1b0d80432c79	9475	case GETTIME_ERROR:
wolfSSL	4:1b0d80432c79	9476	return "gettimeofday() error";
wolfSSL	4:1b0d80432c79	9477
wolfSSL	4:1b0d80432c79	9478	case GETITIMER_ERROR:
wolfSSL	4:1b0d80432c79	9479	return "getitimer() error";
wolfSSL	4:1b0d80432c79	9480
wolfSSL	4:1b0d80432c79	9481	case SIGACT_ERROR:
wolfSSL	4:1b0d80432c79	9482	return "sigaction() error";
wolfSSL	4:1b0d80432c79	9483
wolfSSL	4:1b0d80432c79	9484	case SETITIMER_ERROR:
wolfSSL	4:1b0d80432c79	9485	return "setitimer() error";
wolfSSL	4:1b0d80432c79	9486
wolfSSL	4:1b0d80432c79	9487	case LENGTH_ERROR:
wolfSSL	4:1b0d80432c79	9488	return "record layer length error";
wolfSSL	4:1b0d80432c79	9489
wolfSSL	4:1b0d80432c79	9490	case PEER_KEY_ERROR:
wolfSSL	4:1b0d80432c79	9491	return "cant decode peer key";
wolfSSL	4:1b0d80432c79	9492
wolfSSL	4:1b0d80432c79	9493	case ZERO_RETURN:
wolfSSL	4:1b0d80432c79	9494	case SSL_ERROR_ZERO_RETURN:
wolfSSL	4:1b0d80432c79	9495	return "peer sent close notify alert";
wolfSSL	4:1b0d80432c79	9496
wolfSSL	4:1b0d80432c79	9497	case ECC_CURVETYPE_ERROR:
wolfSSL	4:1b0d80432c79	9498	return "Bad ECC Curve Type or unsupported";
wolfSSL	4:1b0d80432c79	9499
wolfSSL	4:1b0d80432c79	9500	case ECC_CURVE_ERROR:
wolfSSL	4:1b0d80432c79	9501	return "Bad ECC Curve or unsupported";
wolfSSL	4:1b0d80432c79	9502
wolfSSL	4:1b0d80432c79	9503	case ECC_PEERKEY_ERROR:
wolfSSL	4:1b0d80432c79	9504	return "Bad ECC Peer Key";
wolfSSL	4:1b0d80432c79	9505
wolfSSL	4:1b0d80432c79	9506	case ECC_MAKEKEY_ERROR:
wolfSSL	4:1b0d80432c79	9507	return "ECC Make Key failure";
wolfSSL	4:1b0d80432c79	9508
wolfSSL	4:1b0d80432c79	9509	case ECC_EXPORT_ERROR:
wolfSSL	4:1b0d80432c79	9510	return "ECC Export Key failure";
wolfSSL	4:1b0d80432c79	9511
wolfSSL	4:1b0d80432c79	9512	case ECC_SHARED_ERROR:
wolfSSL	4:1b0d80432c79	9513	return "ECC DHE shared failure";
wolfSSL	4:1b0d80432c79	9514
wolfSSL	4:1b0d80432c79	9515	case NOT_CA_ERROR:
wolfSSL	4:1b0d80432c79	9516	return "Not a CA by basic constraint error";
wolfSSL	4:1b0d80432c79	9517
wolfSSL	4:1b0d80432c79	9518	case BAD_PATH_ERROR:
wolfSSL	4:1b0d80432c79	9519	return "Bad path for opendir error";
wolfSSL	4:1b0d80432c79	9520
wolfSSL	4:1b0d80432c79	9521	case BAD_CERT_MANAGER_ERROR:
wolfSSL	4:1b0d80432c79	9522	return "Bad Cert Manager error";
wolfSSL	4:1b0d80432c79	9523
wolfSSL	4:1b0d80432c79	9524	case OCSP_CERT_REVOKED:
wolfSSL	4:1b0d80432c79	9525	return "OCSP Cert revoked";
wolfSSL	4:1b0d80432c79	9526
wolfSSL	4:1b0d80432c79	9527	case CRL_CERT_REVOKED:
wolfSSL	4:1b0d80432c79	9528	return "CRL Cert revoked";
wolfSSL	4:1b0d80432c79	9529
wolfSSL	4:1b0d80432c79	9530	case CRL_MISSING:
wolfSSL	4:1b0d80432c79	9531	return "CRL missing, not loaded";
wolfSSL	4:1b0d80432c79	9532
wolfSSL	4:1b0d80432c79	9533	case MONITOR_SETUP_E:
wolfSSL	4:1b0d80432c79	9534	return "CRL monitor setup error";
wolfSSL	4:1b0d80432c79	9535
wolfSSL	4:1b0d80432c79	9536	case THREAD_CREATE_E:
wolfSSL	4:1b0d80432c79	9537	return "Thread creation problem";
wolfSSL	4:1b0d80432c79	9538
wolfSSL	4:1b0d80432c79	9539	case OCSP_NEED_URL:
wolfSSL	4:1b0d80432c79	9540	return "OCSP need URL";
wolfSSL	4:1b0d80432c79	9541
wolfSSL	4:1b0d80432c79	9542	case OCSP_CERT_UNKNOWN:
wolfSSL	4:1b0d80432c79	9543	return "OCSP Cert unknown";
wolfSSL	4:1b0d80432c79	9544
wolfSSL	4:1b0d80432c79	9545	case OCSP_LOOKUP_FAIL:
wolfSSL	4:1b0d80432c79	9546	return "OCSP Responder lookup fail";
wolfSSL	4:1b0d80432c79	9547
wolfSSL	4:1b0d80432c79	9548	case MAX_CHAIN_ERROR:
wolfSSL	4:1b0d80432c79	9549	return "Maximum Chain Depth Exceeded";
wolfSSL	4:1b0d80432c79	9550
wolfSSL	4:1b0d80432c79	9551	case COOKIE_ERROR:
wolfSSL	4:1b0d80432c79	9552	return "DTLS Cookie Error";
wolfSSL	4:1b0d80432c79	9553
wolfSSL	4:1b0d80432c79	9554	case SEQUENCE_ERROR:
wolfSSL	4:1b0d80432c79	9555	return "DTLS Sequence Error";
wolfSSL	4:1b0d80432c79	9556
wolfSSL	4:1b0d80432c79	9557	case SUITES_ERROR:
wolfSSL	4:1b0d80432c79	9558	return "Suites Pointer Error";
wolfSSL	4:1b0d80432c79	9559
wolfSSL	4:1b0d80432c79	9560	case SSL_NO_PEM_HEADER:
wolfSSL	4:1b0d80432c79	9561	return "No PEM Header Error";
wolfSSL	4:1b0d80432c79	9562
wolfSSL	4:1b0d80432c79	9563	case OUT_OF_ORDER_E:
wolfSSL	4:1b0d80432c79	9564	return "Out of order message, fatal";
wolfSSL	4:1b0d80432c79	9565
wolfSSL	4:1b0d80432c79	9566	case BAD_KEA_TYPE_E:
wolfSSL	4:1b0d80432c79	9567	return "Bad KEA type found";
wolfSSL	4:1b0d80432c79	9568
wolfSSL	4:1b0d80432c79	9569	case SANITY_CIPHER_E:
wolfSSL	4:1b0d80432c79	9570	return "Sanity check on ciphertext failed";
wolfSSL	4:1b0d80432c79	9571
wolfSSL	4:1b0d80432c79	9572	case RECV_OVERFLOW_E:
wolfSSL	4:1b0d80432c79	9573	return "Receive callback returned more than requested";
wolfSSL	4:1b0d80432c79	9574
wolfSSL	4:1b0d80432c79	9575	case GEN_COOKIE_E:
wolfSSL	4:1b0d80432c79	9576	return "Generate Cookie Error";
wolfSSL	4:1b0d80432c79	9577
wolfSSL	4:1b0d80432c79	9578	case NO_PEER_VERIFY:
wolfSSL	4:1b0d80432c79	9579	return "Need peer certificate verify Error";
wolfSSL	4:1b0d80432c79	9580
wolfSSL	4:1b0d80432c79	9581	case FWRITE_ERROR:
wolfSSL	4:1b0d80432c79	9582	return "fwrite Error";
wolfSSL	4:1b0d80432c79	9583
wolfSSL	4:1b0d80432c79	9584	case CACHE_MATCH_ERROR:
wolfSSL	4:1b0d80432c79	9585	return "Cache restore header match Error";
wolfSSL	4:1b0d80432c79	9586
wolfSSL	4:1b0d80432c79	9587	case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL	4:1b0d80432c79	9588	return "Unrecognized host name Error";
wolfSSL	4:1b0d80432c79	9589
wolfSSL	4:1b0d80432c79	9590	case UNKNOWN_MAX_FRAG_LEN_E:
wolfSSL	4:1b0d80432c79	9591	return "Unrecognized max frag len Error";
wolfSSL	4:1b0d80432c79	9592
wolfSSL	4:1b0d80432c79	9593	case KEYUSE_SIGNATURE_E:
wolfSSL	4:1b0d80432c79	9594	return "Key Use digitalSignature not set Error";
wolfSSL	4:1b0d80432c79	9595
wolfSSL	4:1b0d80432c79	9596	case KEYUSE_ENCIPHER_E:
wolfSSL	4:1b0d80432c79	9597	return "Key Use keyEncipherment not set Error";
wolfSSL	4:1b0d80432c79	9598
wolfSSL	4:1b0d80432c79	9599	case EXTKEYUSE_AUTH_E:
wolfSSL	4:1b0d80432c79	9600	return "Ext Key Use server/client auth not set Error";
wolfSSL	4:1b0d80432c79	9601
wolfSSL	4:1b0d80432c79	9602	case SEND_OOB_READ_E:
wolfSSL	4:1b0d80432c79	9603	return "Send Callback Out of Bounds Read Error";
wolfSSL	4:1b0d80432c79	9604
wolfSSL	4:1b0d80432c79	9605	case SECURE_RENEGOTIATION_E:
wolfSSL	4:1b0d80432c79	9606	return "Invalid Renegotiation Error";
wolfSSL	4:1b0d80432c79	9607
wolfSSL	4:1b0d80432c79	9608	case SESSION_TICKET_LEN_E:
wolfSSL	4:1b0d80432c79	9609	return "Session Ticket Too Long Error";
wolfSSL	4:1b0d80432c79	9610
wolfSSL	4:1b0d80432c79	9611	case SESSION_TICKET_EXPECT_E:
wolfSSL	4:1b0d80432c79	9612	return "Session Ticket Error";
wolfSSL	4:1b0d80432c79	9613
wolfSSL	4:1b0d80432c79	9614	case SCR_DIFFERENT_CERT_E:
wolfSSL	4:1b0d80432c79	9615	return "Peer sent different cert during SCR";
wolfSSL	4:1b0d80432c79	9616
wolfSSL	4:1b0d80432c79	9617	case SESSION_SECRET_CB_E:
wolfSSL	4:1b0d80432c79	9618	return "Session Secret Callback Error";
wolfSSL	4:1b0d80432c79	9619
wolfSSL	4:1b0d80432c79	9620	case NO_CHANGE_CIPHER_E:
wolfSSL	4:1b0d80432c79	9621	return "Finished received from peer before Change Cipher Error";
wolfSSL	4:1b0d80432c79	9622
wolfSSL	4:1b0d80432c79	9623	case SANITY_MSG_E:
wolfSSL	4:1b0d80432c79	9624	return "Sanity Check on message order Error";
wolfSSL	4:1b0d80432c79	9625
wolfSSL	4:1b0d80432c79	9626	case DUPLICATE_MSG_E:
wolfSSL	4:1b0d80432c79	9627	return "Duplicate HandShake message Error";
wolfSSL	4:1b0d80432c79	9628
wolfSSL	4:1b0d80432c79	9629	case SNI_UNSUPPORTED:
wolfSSL	4:1b0d80432c79	9630	return "Protocol version does not support SNI Error";
wolfSSL	4:1b0d80432c79	9631
wolfSSL	4:1b0d80432c79	9632	case SOCKET_PEER_CLOSED_E:
wolfSSL	4:1b0d80432c79	9633	return "Peer closed underlying transport Error";
wolfSSL	4:1b0d80432c79	9634
wolfSSL	4:1b0d80432c79	9635	case BAD_TICKET_KEY_CB_SZ:
wolfSSL	4:1b0d80432c79	9636	return "Bad user session ticket key callback Size Error";
wolfSSL	4:1b0d80432c79	9637
wolfSSL	4:1b0d80432c79	9638	case BAD_TICKET_MSG_SZ:
wolfSSL	4:1b0d80432c79	9639	return "Bad session ticket message Size Error";
wolfSSL	4:1b0d80432c79	9640
wolfSSL	4:1b0d80432c79	9641	case BAD_TICKET_ENCRYPT:
wolfSSL	4:1b0d80432c79	9642	return "Bad user ticket callback encrypt Error";
wolfSSL	4:1b0d80432c79	9643
wolfSSL	4:1b0d80432c79	9644	case DH_KEY_SIZE_E:
wolfSSL	4:1b0d80432c79	9645	return "DH key too small Error";
wolfSSL	4:1b0d80432c79	9646
wolfSSL	4:1b0d80432c79	9647	case SNI_ABSENT_ERROR:
wolfSSL	4:1b0d80432c79	9648	return "No Server Name Indication extension Error";
wolfSSL	4:1b0d80432c79	9649
wolfSSL	4:1b0d80432c79	9650	case RSA_SIGN_FAULT:
wolfSSL	4:1b0d80432c79	9651	return "RSA Signature Fault Error";
wolfSSL	4:1b0d80432c79	9652
wolfSSL	4:1b0d80432c79	9653	case HANDSHAKE_SIZE_ERROR:
wolfSSL	4:1b0d80432c79	9654	return "Handshake message too large Error";
wolfSSL	4:1b0d80432c79	9655
wolfSSL	4:1b0d80432c79	9656	case UNKNOWN_ALPN_PROTOCOL_NAME_E:
wolfSSL	4:1b0d80432c79	9657	return "Unrecognized protocol name Error";
wolfSSL	4:1b0d80432c79	9658
wolfSSL	4:1b0d80432c79	9659	case BAD_CERTIFICATE_STATUS_ERROR:
wolfSSL	4:1b0d80432c79	9660	return "Bad Certificate Status Message Error";
wolfSSL	4:1b0d80432c79	9661
wolfSSL	4:1b0d80432c79	9662	case OCSP_INVALID_STATUS:
wolfSSL	4:1b0d80432c79	9663	return "Invalid OCSP Status Error";
wolfSSL	4:1b0d80432c79	9664
wolfSSL	4:1b0d80432c79	9665	default :
wolfSSL	4:1b0d80432c79	9666	return "unknown error number";
wolfSSL	4:1b0d80432c79	9667	}
wolfSSL	4:1b0d80432c79	9668
wolfSSL	4:1b0d80432c79	9669	#endif /* NO_ERROR_STRINGS */
wolfSSL	4:1b0d80432c79	9670	}
wolfSSL	4:1b0d80432c79	9671
wolfSSL	4:1b0d80432c79	9672	void SetErrorString(int error, char* str)
wolfSSL	4:1b0d80432c79	9673	{
wolfSSL	4:1b0d80432c79	9674	XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
wolfSSL	4:1b0d80432c79	9675	}
wolfSSL	4:1b0d80432c79	9676
wolfSSL	4:1b0d80432c79	9677
wolfSSL	4:1b0d80432c79	9678	/* be sure to add to cipher_name_idx too !!!! */
wolfSSL	4:1b0d80432c79	9679	static const char* const cipher_names[] =
wolfSSL	4:1b0d80432c79	9680	{
wolfSSL	4:1b0d80432c79	9681	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9682	"RC4-SHA",
wolfSSL	4:1b0d80432c79	9683	#endif
wolfSSL	4:1b0d80432c79	9684
wolfSSL	4:1b0d80432c79	9685	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	4:1b0d80432c79	9686	"RC4-MD5",
wolfSSL	4:1b0d80432c79	9687	#endif
wolfSSL	4:1b0d80432c79	9688
wolfSSL	4:1b0d80432c79	9689	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9690	"DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9691	#endif
wolfSSL	4:1b0d80432c79	9692
wolfSSL	4:1b0d80432c79	9693	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9694	"AES128-SHA",
wolfSSL	4:1b0d80432c79	9695	#endif
wolfSSL	4:1b0d80432c79	9696
wolfSSL	4:1b0d80432c79	9697	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9698	"AES256-SHA",
wolfSSL	4:1b0d80432c79	9699	#endif
wolfSSL	4:1b0d80432c79	9700
wolfSSL	4:1b0d80432c79	9701	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	9702	"NULL-SHA",
wolfSSL	4:1b0d80432c79	9703	#endif
wolfSSL	4:1b0d80432c79	9704
wolfSSL	4:1b0d80432c79	9705	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	9706	"NULL-SHA256",
wolfSSL	4:1b0d80432c79	9707	#endif
wolfSSL	4:1b0d80432c79	9708
wolfSSL	4:1b0d80432c79	9709	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9710	"DHE-RSA-AES128-SHA",
wolfSSL	4:1b0d80432c79	9711	#endif
wolfSSL	4:1b0d80432c79	9712
wolfSSL	4:1b0d80432c79	9713	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9714	"DHE-RSA-AES256-SHA",
wolfSSL	4:1b0d80432c79	9715	#endif
wolfSSL	4:1b0d80432c79	9716
wolfSSL	4:1b0d80432c79	9717	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9718	"DHE-PSK-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9719	#endif
wolfSSL	4:1b0d80432c79	9720
wolfSSL	4:1b0d80432c79	9721	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9722	"DHE-PSK-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9723	#endif
wolfSSL	4:1b0d80432c79	9724
wolfSSL	4:1b0d80432c79	9725	#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9726	"PSK-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9727	#endif
wolfSSL	4:1b0d80432c79	9728
wolfSSL	4:1b0d80432c79	9729	#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9730	"PSK-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9731	#endif
wolfSSL	4:1b0d80432c79	9732
wolfSSL	4:1b0d80432c79	9733	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	9734	"DHE-PSK-AES256-CBC-SHA384",
wolfSSL	4:1b0d80432c79	9735	#endif
wolfSSL	4:1b0d80432c79	9736
wolfSSL	4:1b0d80432c79	9737	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	9738	"DHE-PSK-AES128-CBC-SHA256",
wolfSSL	4:1b0d80432c79	9739	#endif
wolfSSL	4:1b0d80432c79	9740
wolfSSL	4:1b0d80432c79	9741	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	9742	"PSK-AES256-CBC-SHA384",
wolfSSL	4:1b0d80432c79	9743	#endif
wolfSSL	4:1b0d80432c79	9744
wolfSSL	4:1b0d80432c79	9745	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	9746	"PSK-AES128-CBC-SHA256",
wolfSSL	4:1b0d80432c79	9747	#endif
wolfSSL	4:1b0d80432c79	9748
wolfSSL	4:1b0d80432c79	9749	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9750	"PSK-AES128-CBC-SHA",
wolfSSL	4:1b0d80432c79	9751	#endif
wolfSSL	4:1b0d80432c79	9752
wolfSSL	4:1b0d80432c79	9753	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9754	"PSK-AES256-CBC-SHA",
wolfSSL	4:1b0d80432c79	9755	#endif
wolfSSL	4:1b0d80432c79	9756
wolfSSL	4:1b0d80432c79	9757	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	9758	"DHE-PSK-AES128-CCM",
wolfSSL	4:1b0d80432c79	9759	#endif
wolfSSL	4:1b0d80432c79	9760
wolfSSL	4:1b0d80432c79	9761	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	9762	"DHE-PSK-AES256-CCM",
wolfSSL	4:1b0d80432c79	9763	#endif
wolfSSL	4:1b0d80432c79	9764
wolfSSL	4:1b0d80432c79	9765	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	9766	"PSK-AES128-CCM",
wolfSSL	4:1b0d80432c79	9767	#endif
wolfSSL	4:1b0d80432c79	9768
wolfSSL	4:1b0d80432c79	9769	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	9770	"PSK-AES256-CCM",
wolfSSL	4:1b0d80432c79	9771	#endif
wolfSSL	4:1b0d80432c79	9772
wolfSSL	4:1b0d80432c79	9773	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	9774	"PSK-AES128-CCM-8",
wolfSSL	4:1b0d80432c79	9775	#endif
wolfSSL	4:1b0d80432c79	9776
wolfSSL	4:1b0d80432c79	9777	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	9778	"PSK-AES256-CCM-8",
wolfSSL	4:1b0d80432c79	9779	#endif
wolfSSL	4:1b0d80432c79	9780
wolfSSL	4:1b0d80432c79	9781	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	9782	"DHE-PSK-NULL-SHA384",
wolfSSL	4:1b0d80432c79	9783	#endif
wolfSSL	4:1b0d80432c79	9784
wolfSSL	4:1b0d80432c79	9785	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	9786	"DHE-PSK-NULL-SHA256",
wolfSSL	4:1b0d80432c79	9787	#endif
wolfSSL	4:1b0d80432c79	9788
wolfSSL	4:1b0d80432c79	9789	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	9790	"PSK-NULL-SHA384",
wolfSSL	4:1b0d80432c79	9791	#endif
wolfSSL	4:1b0d80432c79	9792
wolfSSL	4:1b0d80432c79	9793	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	9794	"PSK-NULL-SHA256",
wolfSSL	4:1b0d80432c79	9795	#endif
wolfSSL	4:1b0d80432c79	9796
wolfSSL	4:1b0d80432c79	9797	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	9798	"PSK-NULL-SHA",
wolfSSL	4:1b0d80432c79	9799	#endif
wolfSSL	4:1b0d80432c79	9800
wolfSSL	4:1b0d80432c79	9801	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	4:1b0d80432c79	9802	"HC128-MD5",
wolfSSL	4:1b0d80432c79	9803	#endif
wolfSSL	4:1b0d80432c79	9804
wolfSSL	4:1b0d80432c79	9805	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	4:1b0d80432c79	9806	"HC128-SHA",
wolfSSL	4:1b0d80432c79	9807	#endif
wolfSSL	4:1b0d80432c79	9808
wolfSSL	4:1b0d80432c79	9809	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	4:1b0d80432c79	9810	"HC128-B2B256",
wolfSSL	4:1b0d80432c79	9811	#endif
wolfSSL	4:1b0d80432c79	9812
wolfSSL	4:1b0d80432c79	9813	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	4:1b0d80432c79	9814	"AES128-B2B256",
wolfSSL	4:1b0d80432c79	9815	#endif
wolfSSL	4:1b0d80432c79	9816
wolfSSL	4:1b0d80432c79	9817	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	4:1b0d80432c79	9818	"AES256-B2B256",
wolfSSL	4:1b0d80432c79	9819	#endif
wolfSSL	4:1b0d80432c79	9820
wolfSSL	4:1b0d80432c79	9821	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	4:1b0d80432c79	9822	"RABBIT-SHA",
wolfSSL	4:1b0d80432c79	9823	#endif
wolfSSL	4:1b0d80432c79	9824
wolfSSL	4:1b0d80432c79	9825	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9826	"NTRU-RC4-SHA",
wolfSSL	4:1b0d80432c79	9827	#endif
wolfSSL	4:1b0d80432c79	9828
wolfSSL	4:1b0d80432c79	9829	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9830	"NTRU-DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9831	#endif
wolfSSL	4:1b0d80432c79	9832
wolfSSL	4:1b0d80432c79	9833	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9834	"NTRU-AES128-SHA",
wolfSSL	4:1b0d80432c79	9835	#endif
wolfSSL	4:1b0d80432c79	9836
wolfSSL	4:1b0d80432c79	9837	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9838	"NTRU-AES256-SHA",
wolfSSL	4:1b0d80432c79	9839	#endif
wolfSSL	4:1b0d80432c79	9840
wolfSSL	4:1b0d80432c79	9841	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	9842	"AES128-CCM-8",
wolfSSL	4:1b0d80432c79	9843	#endif
wolfSSL	4:1b0d80432c79	9844
wolfSSL	4:1b0d80432c79	9845	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	9846	"AES256-CCM-8",
wolfSSL	4:1b0d80432c79	9847	#endif
wolfSSL	4:1b0d80432c79	9848
wolfSSL	4:1b0d80432c79	9849	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	9850	"ECDHE-ECDSA-AES128-CCM-8",
wolfSSL	4:1b0d80432c79	9851	#endif
wolfSSL	4:1b0d80432c79	9852
wolfSSL	4:1b0d80432c79	9853	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	9854	"ECDHE-ECDSA-AES256-CCM-8",
wolfSSL	4:1b0d80432c79	9855	#endif
wolfSSL	4:1b0d80432c79	9856
wolfSSL	4:1b0d80432c79	9857	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9858	"ECDHE-RSA-AES128-SHA",
wolfSSL	4:1b0d80432c79	9859	#endif
wolfSSL	4:1b0d80432c79	9860
wolfSSL	4:1b0d80432c79	9861	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9862	"ECDHE-RSA-AES256-SHA",
wolfSSL	4:1b0d80432c79	9863	#endif
wolfSSL	4:1b0d80432c79	9864
wolfSSL	4:1b0d80432c79	9865	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9866	"ECDHE-ECDSA-AES128-SHA",
wolfSSL	4:1b0d80432c79	9867	#endif
wolfSSL	4:1b0d80432c79	9868
wolfSSL	4:1b0d80432c79	9869	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9870	"ECDHE-ECDSA-AES256-SHA",
wolfSSL	4:1b0d80432c79	9871	#endif
wolfSSL	4:1b0d80432c79	9872
wolfSSL	4:1b0d80432c79	9873	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9874	"ECDHE-RSA-RC4-SHA",
wolfSSL	4:1b0d80432c79	9875	#endif
wolfSSL	4:1b0d80432c79	9876
wolfSSL	4:1b0d80432c79	9877	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9878	"ECDHE-RSA-DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9879	#endif
wolfSSL	4:1b0d80432c79	9880
wolfSSL	4:1b0d80432c79	9881	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9882	"ECDHE-ECDSA-RC4-SHA",
wolfSSL	4:1b0d80432c79	9883	#endif
wolfSSL	4:1b0d80432c79	9884
wolfSSL	4:1b0d80432c79	9885	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9886	"ECDHE-ECDSA-DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9887	#endif
wolfSSL	4:1b0d80432c79	9888
wolfSSL	4:1b0d80432c79	9889	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	9890	"AES128-SHA256",
wolfSSL	4:1b0d80432c79	9891	#endif
wolfSSL	4:1b0d80432c79	9892
wolfSSL	4:1b0d80432c79	9893	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	9894	"AES256-SHA256",
wolfSSL	4:1b0d80432c79	9895	#endif
wolfSSL	4:1b0d80432c79	9896
wolfSSL	4:1b0d80432c79	9897	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	9898	"DHE-RSA-AES128-SHA256",
wolfSSL	4:1b0d80432c79	9899	#endif
wolfSSL	4:1b0d80432c79	9900
wolfSSL	4:1b0d80432c79	9901	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	9902	"DHE-RSA-AES256-SHA256",
wolfSSL	4:1b0d80432c79	9903	#endif
wolfSSL	4:1b0d80432c79	9904
wolfSSL	4:1b0d80432c79	9905	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9906	"ECDH-RSA-AES128-SHA",
wolfSSL	4:1b0d80432c79	9907	#endif
wolfSSL	4:1b0d80432c79	9908
wolfSSL	4:1b0d80432c79	9909	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9910	"ECDH-RSA-AES256-SHA",
wolfSSL	4:1b0d80432c79	9911	#endif
wolfSSL	4:1b0d80432c79	9912
wolfSSL	4:1b0d80432c79	9913	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9914	"ECDH-ECDSA-AES128-SHA",
wolfSSL	4:1b0d80432c79	9915	#endif
wolfSSL	4:1b0d80432c79	9916
wolfSSL	4:1b0d80432c79	9917	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9918	"ECDH-ECDSA-AES256-SHA",
wolfSSL	4:1b0d80432c79	9919	#endif
wolfSSL	4:1b0d80432c79	9920
wolfSSL	4:1b0d80432c79	9921	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9922	"ECDH-RSA-RC4-SHA",
wolfSSL	4:1b0d80432c79	9923	#endif
wolfSSL	4:1b0d80432c79	9924
wolfSSL	4:1b0d80432c79	9925	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9926	"ECDH-RSA-DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9927	#endif
wolfSSL	4:1b0d80432c79	9928
wolfSSL	4:1b0d80432c79	9929	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	9930	"ECDH-ECDSA-RC4-SHA",
wolfSSL	4:1b0d80432c79	9931	#endif
wolfSSL	4:1b0d80432c79	9932
wolfSSL	4:1b0d80432c79	9933	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	9934	"ECDH-ECDSA-DES-CBC3-SHA",
wolfSSL	4:1b0d80432c79	9935	#endif
wolfSSL	4:1b0d80432c79	9936
wolfSSL	4:1b0d80432c79	9937	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9938	"AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9939	#endif
wolfSSL	4:1b0d80432c79	9940
wolfSSL	4:1b0d80432c79	9941	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9942	"AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9943	#endif
wolfSSL	4:1b0d80432c79	9944
wolfSSL	4:1b0d80432c79	9945	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9946	"DHE-RSA-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9947	#endif
wolfSSL	4:1b0d80432c79	9948
wolfSSL	4:1b0d80432c79	9949	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9950	"DHE-RSA-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9951	#endif
wolfSSL	4:1b0d80432c79	9952
wolfSSL	4:1b0d80432c79	9953	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9954	"ECDHE-RSA-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9955	#endif
wolfSSL	4:1b0d80432c79	9956
wolfSSL	4:1b0d80432c79	9957	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9958	"ECDHE-RSA-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9959	#endif
wolfSSL	4:1b0d80432c79	9960
wolfSSL	4:1b0d80432c79	9961	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9962	"ECDHE-ECDSA-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9963	#endif
wolfSSL	4:1b0d80432c79	9964
wolfSSL	4:1b0d80432c79	9965	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9966	"ECDHE-ECDSA-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9967	#endif
wolfSSL	4:1b0d80432c79	9968
wolfSSL	4:1b0d80432c79	9969	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9970	"ECDH-RSA-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9971	#endif
wolfSSL	4:1b0d80432c79	9972
wolfSSL	4:1b0d80432c79	9973	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9974	"ECDH-RSA-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9975	#endif
wolfSSL	4:1b0d80432c79	9976
wolfSSL	4:1b0d80432c79	9977	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	9978	"ECDH-ECDSA-AES128-GCM-SHA256",
wolfSSL	4:1b0d80432c79	9979	#endif
wolfSSL	4:1b0d80432c79	9980
wolfSSL	4:1b0d80432c79	9981	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	9982	"ECDH-ECDSA-AES256-GCM-SHA384",
wolfSSL	4:1b0d80432c79	9983	#endif
wolfSSL	4:1b0d80432c79	9984
wolfSSL	4:1b0d80432c79	9985	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9986	"CAMELLIA128-SHA",
wolfSSL	4:1b0d80432c79	9987	#endif
wolfSSL	4:1b0d80432c79	9988
wolfSSL	4:1b0d80432c79	9989	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	9990	"DHE-RSA-CAMELLIA128-SHA",
wolfSSL	4:1b0d80432c79	9991	#endif
wolfSSL	4:1b0d80432c79	9992
wolfSSL	4:1b0d80432c79	9993	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9994	"CAMELLIA256-SHA",
wolfSSL	4:1b0d80432c79	9995	#endif
wolfSSL	4:1b0d80432c79	9996
wolfSSL	4:1b0d80432c79	9997	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	9998	"DHE-RSA-CAMELLIA256-SHA",
wolfSSL	4:1b0d80432c79	9999	#endif
wolfSSL	4:1b0d80432c79	10000
wolfSSL	4:1b0d80432c79	10001	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10002	"CAMELLIA128-SHA256",
wolfSSL	4:1b0d80432c79	10003	#endif
wolfSSL	4:1b0d80432c79	10004
wolfSSL	4:1b0d80432c79	10005	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10006	"DHE-RSA-CAMELLIA128-SHA256",
wolfSSL	4:1b0d80432c79	10007	#endif
wolfSSL	4:1b0d80432c79	10008
wolfSSL	4:1b0d80432c79	10009	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10010	"CAMELLIA256-SHA256",
wolfSSL	4:1b0d80432c79	10011	#endif
wolfSSL	4:1b0d80432c79	10012
wolfSSL	4:1b0d80432c79	10013	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10014	"DHE-RSA-CAMELLIA256-SHA256",
wolfSSL	4:1b0d80432c79	10015	#endif
wolfSSL	4:1b0d80432c79	10016
wolfSSL	4:1b0d80432c79	10017	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10018	"ECDHE-RSA-AES128-SHA256",
wolfSSL	4:1b0d80432c79	10019	#endif
wolfSSL	4:1b0d80432c79	10020
wolfSSL	4:1b0d80432c79	10021	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10022	"ECDHE-ECDSA-AES128-SHA256",
wolfSSL	4:1b0d80432c79	10023	#endif
wolfSSL	4:1b0d80432c79	10024
wolfSSL	4:1b0d80432c79	10025	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10026	"ECDH-RSA-AES128-SHA256",
wolfSSL	4:1b0d80432c79	10027	#endif
wolfSSL	4:1b0d80432c79	10028
wolfSSL	4:1b0d80432c79	10029	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10030	"ECDH-ECDSA-AES128-SHA256",
wolfSSL	4:1b0d80432c79	10031	#endif
wolfSSL	4:1b0d80432c79	10032
wolfSSL	4:1b0d80432c79	10033	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10034	"ECDHE-RSA-AES256-SHA384",
wolfSSL	4:1b0d80432c79	10035	#endif
wolfSSL	4:1b0d80432c79	10036
wolfSSL	4:1b0d80432c79	10037	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10038	"ECDHE-ECDSA-AES256-SHA384",
wolfSSL	4:1b0d80432c79	10039	#endif
wolfSSL	4:1b0d80432c79	10040
wolfSSL	4:1b0d80432c79	10041	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10042	"ECDH-RSA-AES256-SHA384",
wolfSSL	4:1b0d80432c79	10043	#endif
wolfSSL	4:1b0d80432c79	10044
wolfSSL	4:1b0d80432c79	10045	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10046	"ECDH-ECDSA-AES256-SHA384",
wolfSSL	4:1b0d80432c79	10047	#endif
wolfSSL	4:1b0d80432c79	10048
wolfSSL	4:1b0d80432c79	10049	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10050	"ECDHE-RSA-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10051	#endif
wolfSSL	4:1b0d80432c79	10052
wolfSSL	4:1b0d80432c79	10053	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10054	"ECDHE-ECDSA-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10055	#endif
wolfSSL	4:1b0d80432c79	10056
wolfSSL	4:1b0d80432c79	10057	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10058	"DHE-RSA-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10059	#endif
wolfSSL	4:1b0d80432c79	10060
wolfSSL	4:1b0d80432c79	10061	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10062	"ECDHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL	4:1b0d80432c79	10063	#endif
wolfSSL	4:1b0d80432c79	10064
wolfSSL	4:1b0d80432c79	10065	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10066	"ECDHE-ECDSA-CHACHA20-POLY1305-OLD",
wolfSSL	4:1b0d80432c79	10067	#endif
wolfSSL	4:1b0d80432c79	10068
wolfSSL	4:1b0d80432c79	10069	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10070	"DHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL	4:1b0d80432c79	10071	#endif
wolfSSL	4:1b0d80432c79	10072
wolfSSL	4:1b0d80432c79	10073	#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10074	"ADH-AES128-SHA",
wolfSSL	4:1b0d80432c79	10075	#endif
wolfSSL	4:1b0d80432c79	10076
wolfSSL	4:1b0d80432c79	10077	#ifdef BUILD_TLS_QSH
wolfSSL	4:1b0d80432c79	10078	"QSH",
wolfSSL	4:1b0d80432c79	10079	#endif
wolfSSL	4:1b0d80432c79	10080
wolfSSL	4:1b0d80432c79	10081	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	4:1b0d80432c79	10082	"RENEGOTIATION-INFO",
wolfSSL	4:1b0d80432c79	10083	#endif
wolfSSL	4:1b0d80432c79	10084
wolfSSL	4:1b0d80432c79	10085	#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	4:1b0d80432c79	10086	"IDEA-CBC-SHA",
wolfSSL	4:1b0d80432c79	10087	#endif
wolfSSL	4:1b0d80432c79	10088
wolfSSL	4:1b0d80432c79	10089	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	10090	"ECDHE-ECDSA-NULL-SHA",
wolfSSL	4:1b0d80432c79	10091	#endif
wolfSSL	4:1b0d80432c79	10092
wolfSSL	4:1b0d80432c79	10093	#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	10094	"ECDHE-PSK-NULL-SHA256",
wolfSSL	4:1b0d80432c79	10095	#endif
wolfSSL	4:1b0d80432c79	10096
wolfSSL	4:1b0d80432c79	10097	#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10098	"ECDHE-PSK-AES128-CBC-SHA256",
wolfSSL	4:1b0d80432c79	10099	#endif
wolfSSL	4:1b0d80432c79	10100
wolfSSL	4:1b0d80432c79	10101	#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10102	"PSK-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10103	#endif
wolfSSL	4:1b0d80432c79	10104
wolfSSL	4:1b0d80432c79	10105	#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10106	"ECDHE-PSK-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10107	#endif
wolfSSL	4:1b0d80432c79	10108
wolfSSL	4:1b0d80432c79	10109	#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10110	"DHE-PSK-CHACHA20-POLY1305",
wolfSSL	4:1b0d80432c79	10111	#endif
wolfSSL	4:1b0d80432c79	10112	};
wolfSSL	4:1b0d80432c79	10113
wolfSSL	4:1b0d80432c79	10114
wolfSSL	4:1b0d80432c79	10115	/* cipher suite number that matches above name table */
wolfSSL	4:1b0d80432c79	10116	static int cipher_name_idx[] =
wolfSSL	4:1b0d80432c79	10117	{
wolfSSL	4:1b0d80432c79	10118
wolfSSL	4:1b0d80432c79	10119	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10120	SSL_RSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10121	#endif
wolfSSL	4:1b0d80432c79	10122
wolfSSL	4:1b0d80432c79	10123	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	4:1b0d80432c79	10124	SSL_RSA_WITH_RC4_128_MD5,
wolfSSL	4:1b0d80432c79	10125	#endif
wolfSSL	4:1b0d80432c79	10126
wolfSSL	4:1b0d80432c79	10127	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10128	SSL_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10129	#endif
wolfSSL	4:1b0d80432c79	10130
wolfSSL	4:1b0d80432c79	10131	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10132	TLS_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10133	#endif
wolfSSL	4:1b0d80432c79	10134
wolfSSL	4:1b0d80432c79	10135	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10136	TLS_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10137	#endif
wolfSSL	4:1b0d80432c79	10138
wolfSSL	4:1b0d80432c79	10139	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	10140	TLS_RSA_WITH_NULL_SHA,
wolfSSL	4:1b0d80432c79	10141	#endif
wolfSSL	4:1b0d80432c79	10142
wolfSSL	4:1b0d80432c79	10143	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	10144	TLS_RSA_WITH_NULL_SHA256,
wolfSSL	4:1b0d80432c79	10145	#endif
wolfSSL	4:1b0d80432c79	10146
wolfSSL	4:1b0d80432c79	10147	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10148	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10149	#endif
wolfSSL	4:1b0d80432c79	10150
wolfSSL	4:1b0d80432c79	10151	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10152	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10153	#endif
wolfSSL	4:1b0d80432c79	10154
wolfSSL	4:1b0d80432c79	10155	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10156	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10157	#endif
wolfSSL	4:1b0d80432c79	10158
wolfSSL	4:1b0d80432c79	10159	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10160	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10161	#endif
wolfSSL	4:1b0d80432c79	10162
wolfSSL	4:1b0d80432c79	10163	#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10164	TLS_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10165	#endif
wolfSSL	4:1b0d80432c79	10166
wolfSSL	4:1b0d80432c79	10167	#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10168	TLS_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10169	#endif
wolfSSL	4:1b0d80432c79	10170
wolfSSL	4:1b0d80432c79	10171	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10172	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10173	#endif
wolfSSL	4:1b0d80432c79	10174
wolfSSL	4:1b0d80432c79	10175	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10176	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10177	#endif
wolfSSL	4:1b0d80432c79	10178
wolfSSL	4:1b0d80432c79	10179	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10180	TLS_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10181	#endif
wolfSSL	4:1b0d80432c79	10182
wolfSSL	4:1b0d80432c79	10183	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10184	TLS_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10185	#endif
wolfSSL	4:1b0d80432c79	10186
wolfSSL	4:1b0d80432c79	10187	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10188	TLS_PSK_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10189	#endif
wolfSSL	4:1b0d80432c79	10190
wolfSSL	4:1b0d80432c79	10191	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10192	TLS_PSK_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10193	#endif
wolfSSL	4:1b0d80432c79	10194
wolfSSL	4:1b0d80432c79	10195	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	10196	TLS_DHE_PSK_WITH_AES_128_CCM,
wolfSSL	4:1b0d80432c79	10197	#endif
wolfSSL	4:1b0d80432c79	10198
wolfSSL	4:1b0d80432c79	10199	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	10200	TLS_DHE_PSK_WITH_AES_256_CCM,
wolfSSL	4:1b0d80432c79	10201	#endif
wolfSSL	4:1b0d80432c79	10202
wolfSSL	4:1b0d80432c79	10203	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	4:1b0d80432c79	10204	TLS_PSK_WITH_AES_128_CCM,
wolfSSL	4:1b0d80432c79	10205	#endif
wolfSSL	4:1b0d80432c79	10206
wolfSSL	4:1b0d80432c79	10207	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	4:1b0d80432c79	10208	TLS_PSK_WITH_AES_256_CCM,
wolfSSL	4:1b0d80432c79	10209	#endif
wolfSSL	4:1b0d80432c79	10210
wolfSSL	4:1b0d80432c79	10211	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	10212	TLS_PSK_WITH_AES_128_CCM_8,
wolfSSL	4:1b0d80432c79	10213	#endif
wolfSSL	4:1b0d80432c79	10214
wolfSSL	4:1b0d80432c79	10215	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	10216	TLS_PSK_WITH_AES_256_CCM_8,
wolfSSL	4:1b0d80432c79	10217	#endif
wolfSSL	4:1b0d80432c79	10218
wolfSSL	4:1b0d80432c79	10219	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	10220	TLS_DHE_PSK_WITH_NULL_SHA384,
wolfSSL	4:1b0d80432c79	10221	#endif
wolfSSL	4:1b0d80432c79	10222
wolfSSL	4:1b0d80432c79	10223	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	10224	TLS_DHE_PSK_WITH_NULL_SHA256,
wolfSSL	4:1b0d80432c79	10225	#endif
wolfSSL	4:1b0d80432c79	10226
wolfSSL	4:1b0d80432c79	10227	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	4:1b0d80432c79	10228	TLS_PSK_WITH_NULL_SHA384,
wolfSSL	4:1b0d80432c79	10229	#endif
wolfSSL	4:1b0d80432c79	10230
wolfSSL	4:1b0d80432c79	10231	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	10232	TLS_PSK_WITH_NULL_SHA256,
wolfSSL	4:1b0d80432c79	10233	#endif
wolfSSL	4:1b0d80432c79	10234
wolfSSL	4:1b0d80432c79	10235	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	10236	TLS_PSK_WITH_NULL_SHA,
wolfSSL	4:1b0d80432c79	10237	#endif
wolfSSL	4:1b0d80432c79	10238
wolfSSL	4:1b0d80432c79	10239	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	4:1b0d80432c79	10240	TLS_RSA_WITH_HC_128_MD5,
wolfSSL	4:1b0d80432c79	10241	#endif
wolfSSL	4:1b0d80432c79	10242
wolfSSL	4:1b0d80432c79	10243	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	4:1b0d80432c79	10244	TLS_RSA_WITH_HC_128_SHA,
wolfSSL	4:1b0d80432c79	10245	#endif
wolfSSL	4:1b0d80432c79	10246
wolfSSL	4:1b0d80432c79	10247	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	4:1b0d80432c79	10248	TLS_RSA_WITH_HC_128_B2B256,
wolfSSL	4:1b0d80432c79	10249	#endif
wolfSSL	4:1b0d80432c79	10250
wolfSSL	4:1b0d80432c79	10251	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	4:1b0d80432c79	10252	TLS_RSA_WITH_AES_128_CBC_B2B256,
wolfSSL	4:1b0d80432c79	10253	#endif
wolfSSL	4:1b0d80432c79	10254
wolfSSL	4:1b0d80432c79	10255	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	4:1b0d80432c79	10256	TLS_RSA_WITH_AES_256_CBC_B2B256,
wolfSSL	4:1b0d80432c79	10257	#endif
wolfSSL	4:1b0d80432c79	10258
wolfSSL	4:1b0d80432c79	10259	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	4:1b0d80432c79	10260	TLS_RSA_WITH_RABBIT_SHA,
wolfSSL	4:1b0d80432c79	10261	#endif
wolfSSL	4:1b0d80432c79	10262
wolfSSL	4:1b0d80432c79	10263	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10264	TLS_NTRU_RSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10265	#endif
wolfSSL	4:1b0d80432c79	10266
wolfSSL	4:1b0d80432c79	10267	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10268	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10269	#endif
wolfSSL	4:1b0d80432c79	10270
wolfSSL	4:1b0d80432c79	10271	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10272	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10273	#endif
wolfSSL	4:1b0d80432c79	10274
wolfSSL	4:1b0d80432c79	10275	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10276	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10277	#endif
wolfSSL	4:1b0d80432c79	10278
wolfSSL	4:1b0d80432c79	10279	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	10280	TLS_RSA_WITH_AES_128_CCM_8,
wolfSSL	4:1b0d80432c79	10281	#endif
wolfSSL	4:1b0d80432c79	10282
wolfSSL	4:1b0d80432c79	10283	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	10284	TLS_RSA_WITH_AES_256_CCM_8,
wolfSSL	4:1b0d80432c79	10285	#endif
wolfSSL	4:1b0d80432c79	10286
wolfSSL	4:1b0d80432c79	10287	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	4:1b0d80432c79	10288	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
wolfSSL	4:1b0d80432c79	10289	#endif
wolfSSL	4:1b0d80432c79	10290
wolfSSL	4:1b0d80432c79	10291	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	4:1b0d80432c79	10292	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
wolfSSL	4:1b0d80432c79	10293	#endif
wolfSSL	4:1b0d80432c79	10294
wolfSSL	4:1b0d80432c79	10295	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10296	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10297	#endif
wolfSSL	4:1b0d80432c79	10298
wolfSSL	4:1b0d80432c79	10299	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10300	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10301	#endif
wolfSSL	4:1b0d80432c79	10302
wolfSSL	4:1b0d80432c79	10303	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10304	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10305	#endif
wolfSSL	4:1b0d80432c79	10306
wolfSSL	4:1b0d80432c79	10307	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10308	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10309	#endif
wolfSSL	4:1b0d80432c79	10310
wolfSSL	4:1b0d80432c79	10311	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10312	TLS_ECDHE_RSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10313	#endif
wolfSSL	4:1b0d80432c79	10314
wolfSSL	4:1b0d80432c79	10315	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10316	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10317	#endif
wolfSSL	4:1b0d80432c79	10318
wolfSSL	4:1b0d80432c79	10319	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10320	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10321	#endif
wolfSSL	4:1b0d80432c79	10322
wolfSSL	4:1b0d80432c79	10323	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10324	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10325	#endif
wolfSSL	4:1b0d80432c79	10326
wolfSSL	4:1b0d80432c79	10327	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10328	TLS_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10329	#endif
wolfSSL	4:1b0d80432c79	10330
wolfSSL	4:1b0d80432c79	10331	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10332	TLS_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10333	#endif
wolfSSL	4:1b0d80432c79	10334
wolfSSL	4:1b0d80432c79	10335	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10336	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10337	#endif
wolfSSL	4:1b0d80432c79	10338
wolfSSL	4:1b0d80432c79	10339	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10340	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10341	#endif
wolfSSL	4:1b0d80432c79	10342
wolfSSL	4:1b0d80432c79	10343	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10344	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10345	#endif
wolfSSL	4:1b0d80432c79	10346
wolfSSL	4:1b0d80432c79	10347	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10348	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10349	#endif
wolfSSL	4:1b0d80432c79	10350
wolfSSL	4:1b0d80432c79	10351	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10352	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10353	#endif
wolfSSL	4:1b0d80432c79	10354
wolfSSL	4:1b0d80432c79	10355	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10356	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10357	#endif
wolfSSL	4:1b0d80432c79	10358
wolfSSL	4:1b0d80432c79	10359	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10360	TLS_ECDH_RSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10361	#endif
wolfSSL	4:1b0d80432c79	10362
wolfSSL	4:1b0d80432c79	10363	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10364	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10365	#endif
wolfSSL	4:1b0d80432c79	10366
wolfSSL	4:1b0d80432c79	10367	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	4:1b0d80432c79	10368	TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
wolfSSL	4:1b0d80432c79	10369	#endif
wolfSSL	4:1b0d80432c79	10370
wolfSSL	4:1b0d80432c79	10371	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	4:1b0d80432c79	10372	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	4:1b0d80432c79	10373	#endif
wolfSSL	4:1b0d80432c79	10374
wolfSSL	4:1b0d80432c79	10375	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10376	TLS_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10377	#endif
wolfSSL	4:1b0d80432c79	10378
wolfSSL	4:1b0d80432c79	10379	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10380	TLS_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10381	#endif
wolfSSL	4:1b0d80432c79	10382
wolfSSL	4:1b0d80432c79	10383	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10384	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10385	#endif
wolfSSL	4:1b0d80432c79	10386
wolfSSL	4:1b0d80432c79	10387	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10388	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10389	#endif
wolfSSL	4:1b0d80432c79	10390
wolfSSL	4:1b0d80432c79	10391	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10392	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10393	#endif
wolfSSL	4:1b0d80432c79	10394
wolfSSL	4:1b0d80432c79	10395	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10396	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10397	#endif
wolfSSL	4:1b0d80432c79	10398
wolfSSL	4:1b0d80432c79	10399	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10400	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10401	#endif
wolfSSL	4:1b0d80432c79	10402
wolfSSL	4:1b0d80432c79	10403	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10404	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10405	#endif
wolfSSL	4:1b0d80432c79	10406
wolfSSL	4:1b0d80432c79	10407	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10408	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10409	#endif
wolfSSL	4:1b0d80432c79	10410
wolfSSL	4:1b0d80432c79	10411	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10412	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10413	#endif
wolfSSL	4:1b0d80432c79	10414
wolfSSL	4:1b0d80432c79	10415	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	4:1b0d80432c79	10416	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL	4:1b0d80432c79	10417	#endif
wolfSSL	4:1b0d80432c79	10418
wolfSSL	4:1b0d80432c79	10419	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	4:1b0d80432c79	10420	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL	4:1b0d80432c79	10421	#endif
wolfSSL	4:1b0d80432c79	10422
wolfSSL	4:1b0d80432c79	10423	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10424	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10425	#endif
wolfSSL	4:1b0d80432c79	10426
wolfSSL	4:1b0d80432c79	10427	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10428	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10429	#endif
wolfSSL	4:1b0d80432c79	10430
wolfSSL	4:1b0d80432c79	10431	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10432	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10433	#endif
wolfSSL	4:1b0d80432c79	10434
wolfSSL	4:1b0d80432c79	10435	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	4:1b0d80432c79	10436	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL	4:1b0d80432c79	10437	#endif
wolfSSL	4:1b0d80432c79	10438
wolfSSL	4:1b0d80432c79	10439	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10440	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10441	#endif
wolfSSL	4:1b0d80432c79	10442
wolfSSL	4:1b0d80432c79	10443	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10444	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10445	#endif
wolfSSL	4:1b0d80432c79	10446
wolfSSL	4:1b0d80432c79	10447	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10448	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10449	#endif
wolfSSL	4:1b0d80432c79	10450
wolfSSL	4:1b0d80432c79	10451	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	4:1b0d80432c79	10452	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10453	#endif
wolfSSL	4:1b0d80432c79	10454
wolfSSL	4:1b0d80432c79	10455	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10456	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10457	#endif
wolfSSL	4:1b0d80432c79	10458
wolfSSL	4:1b0d80432c79	10459	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10460	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10461	#endif
wolfSSL	4:1b0d80432c79	10462
wolfSSL	4:1b0d80432c79	10463	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10464	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10465	#endif
wolfSSL	4:1b0d80432c79	10466
wolfSSL	4:1b0d80432c79	10467	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10468	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10469	#endif
wolfSSL	4:1b0d80432c79	10470
wolfSSL	4:1b0d80432c79	10471	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10472	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10473	#endif
wolfSSL	4:1b0d80432c79	10474
wolfSSL	4:1b0d80432c79	10475	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10476	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10477	#endif
wolfSSL	4:1b0d80432c79	10478
wolfSSL	4:1b0d80432c79	10479	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10480	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10481	#endif
wolfSSL	4:1b0d80432c79	10482
wolfSSL	4:1b0d80432c79	10483	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	4:1b0d80432c79	10484	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL	4:1b0d80432c79	10485	#endif
wolfSSL	4:1b0d80432c79	10486
wolfSSL	4:1b0d80432c79	10487	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10488	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10489	#endif
wolfSSL	4:1b0d80432c79	10490
wolfSSL	4:1b0d80432c79	10491	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10492	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10493	#endif
wolfSSL	4:1b0d80432c79	10494
wolfSSL	4:1b0d80432c79	10495	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10496	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10497	#endif
wolfSSL	4:1b0d80432c79	10498
wolfSSL	4:1b0d80432c79	10499	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10500	TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10501	#endif
wolfSSL	4:1b0d80432c79	10502
wolfSSL	4:1b0d80432c79	10503	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10504	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10505	#endif
wolfSSL	4:1b0d80432c79	10506
wolfSSL	4:1b0d80432c79	10507	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10508	TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10509	#endif
wolfSSL	4:1b0d80432c79	10510
wolfSSL	4:1b0d80432c79	10511	#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	4:1b0d80432c79	10512	TLS_DH_anon_WITH_AES_128_CBC_SHA,
wolfSSL	4:1b0d80432c79	10513	#endif
wolfSSL	4:1b0d80432c79	10514
wolfSSL	4:1b0d80432c79	10515	#ifdef BUILD_TLS_QSH
wolfSSL	4:1b0d80432c79	10516	TLS_QSH,
wolfSSL	4:1b0d80432c79	10517	#endif
wolfSSL	4:1b0d80432c79	10518
wolfSSL	4:1b0d80432c79	10519	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	4:1b0d80432c79	10520	TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
wolfSSL	4:1b0d80432c79	10521	#endif
wolfSSL	4:1b0d80432c79	10522
wolfSSL	4:1b0d80432c79	10523	#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	4:1b0d80432c79	10524	SSL_RSA_WITH_IDEA_CBC_SHA,
wolfSSL	4:1b0d80432c79	10525	#endif
wolfSSL	4:1b0d80432c79	10526
wolfSSL	4:1b0d80432c79	10527	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	4:1b0d80432c79	10528	TLS_ECDHE_ECDSA_WITH_NULL_SHA,
wolfSSL	4:1b0d80432c79	10529	#endif
wolfSSL	4:1b0d80432c79	10530
wolfSSL	4:1b0d80432c79	10531	#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	4:1b0d80432c79	10532	TLS_ECDHE_PSK_WITH_NULL_SHA256,
wolfSSL	4:1b0d80432c79	10533	#endif
wolfSSL	4:1b0d80432c79	10534
wolfSSL	4:1b0d80432c79	10535	#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	4:1b0d80432c79	10536	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL	4:1b0d80432c79	10537	#endif
wolfSSL	4:1b0d80432c79	10538
wolfSSL	4:1b0d80432c79	10539	#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10540	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10541	#endif
wolfSSL	4:1b0d80432c79	10542
wolfSSL	4:1b0d80432c79	10543	#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10544	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10545	#endif
wolfSSL	4:1b0d80432c79	10546
wolfSSL	4:1b0d80432c79	10547	#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	4:1b0d80432c79	10548	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL	4:1b0d80432c79	10549	#endif
wolfSSL	4:1b0d80432c79	10550	};
wolfSSL	4:1b0d80432c79	10551
wolfSSL	4:1b0d80432c79	10552
wolfSSL	4:1b0d80432c79	10553	/* returns the cipher_names array */
wolfSSL	4:1b0d80432c79	10554	const char* const* GetCipherNames(void)
wolfSSL	4:1b0d80432c79	10555	{
wolfSSL	4:1b0d80432c79	10556	return cipher_names;
wolfSSL	4:1b0d80432c79	10557	}
wolfSSL	4:1b0d80432c79	10558
wolfSSL	4:1b0d80432c79	10559
wolfSSL	4:1b0d80432c79	10560	/* returns the size of the cipher_names array */
wolfSSL	4:1b0d80432c79	10561	int GetCipherNamesSize(void)
wolfSSL	4:1b0d80432c79	10562	{
wolfSSL	4:1b0d80432c79	10563	return (int)(sizeof(cipher_names) / sizeof(char*));
wolfSSL	4:1b0d80432c79	10564	}
wolfSSL	4:1b0d80432c79	10565
wolfSSL	4:1b0d80432c79	10566
wolfSSL	4:1b0d80432c79	10567	/**
wolfSSL	4:1b0d80432c79	10568	Set the enabled cipher suites.
wolfSSL	4:1b0d80432c79	10569
wolfSSL	4:1b0d80432c79	10570	@param [out] suites Suites structure.
wolfSSL	4:1b0d80432c79	10571	@param [in] list List of cipher suites, only supports full name from
wolfSSL	4:1b0d80432c79	10572	cipher_name[] delimited by ':'.
wolfSSL	4:1b0d80432c79	10573
wolfSSL	4:1b0d80432c79	10574	@return true on success, else false.
wolfSSL	4:1b0d80432c79	10575	*/
wolfSSL	4:1b0d80432c79	10576	int SetCipherList(Suites* suites, const char* list)
wolfSSL	4:1b0d80432c79	10577	{
wolfSSL	4:1b0d80432c79	10578	int ret = 0;
wolfSSL	4:1b0d80432c79	10579	int idx = 0;
wolfSSL	4:1b0d80432c79	10580	int haveRSAsig = 0;
wolfSSL	4:1b0d80432c79	10581	int haveECDSAsig = 0;
wolfSSL	4:1b0d80432c79	10582	int haveAnon = 0;
wolfSSL	4:1b0d80432c79	10583	const int suiteSz = GetCipherNamesSize();
wolfSSL	4:1b0d80432c79	10584	char* next = (char*)list;
wolfSSL	4:1b0d80432c79	10585
wolfSSL	4:1b0d80432c79	10586	if (suites == NULL \|\| list == NULL) {
wolfSSL	4:1b0d80432c79	10587	WOLFSSL_MSG("SetCipherList parameter error");
wolfSSL	4:1b0d80432c79	10588	return 0;
wolfSSL	4:1b0d80432c79	10589	}
wolfSSL	4:1b0d80432c79	10590
wolfSSL	4:1b0d80432c79	10591	if (next[0] == 0 \|\| XSTRNCMP(next, "ALL", 3) == 0)
wolfSSL	4:1b0d80432c79	10592	return 1; /* wolfSSL defualt */
wolfSSL	4:1b0d80432c79	10593
wolfSSL	4:1b0d80432c79	10594	do {
wolfSSL	4:1b0d80432c79	10595	char* current = next;
wolfSSL	4:1b0d80432c79	10596	char name[MAX_SUITE_NAME + 1];
wolfSSL	4:1b0d80432c79	10597	int i;
wolfSSL	4:1b0d80432c79	10598	word32 length;
wolfSSL	4:1b0d80432c79	10599
wolfSSL	4:1b0d80432c79	10600	next = XSTRSTR(next, ":");
wolfSSL	4:1b0d80432c79	10601	length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL	4:1b0d80432c79	10602	: (word32)(next - current));
wolfSSL	4:1b0d80432c79	10603
wolfSSL	4:1b0d80432c79	10604	XSTRNCPY(name, current, length);
wolfSSL	4:1b0d80432c79	10605	name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL	4:1b0d80432c79	10606
wolfSSL	4:1b0d80432c79	10607	for (i = 0; i < suiteSz; i++) {
wolfSSL	4:1b0d80432c79	10608	if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
wolfSSL	4:1b0d80432c79	10609	suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
wolfSSL	4:1b0d80432c79	10610	: (XSTRSTR(name, "QSH")) ? QSH_BYTE
wolfSSL	4:1b0d80432c79	10611	: (XSTRSTR(name, "EC")) ? ECC_BYTE
wolfSSL	4:1b0d80432c79	10612	: (XSTRSTR(name, "CCM")) ? ECC_BYTE
wolfSSL	4:1b0d80432c79	10613	: 0x00; /* normal */
wolfSSL	4:1b0d80432c79	10614
wolfSSL	4:1b0d80432c79	10615	suites->suites[idx++] = (byte)cipher_name_idx[i];
wolfSSL	4:1b0d80432c79	10616
wolfSSL	4:1b0d80432c79	10617	/* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
wolfSSL	4:1b0d80432c79	10618	* suites don't necessarily have RSA in the name. */
wolfSSL	4:1b0d80432c79	10619	if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
wolfSSL	4:1b0d80432c79	10620	haveECDSAsig = 1;
wolfSSL	4:1b0d80432c79	10621	else if (XSTRSTR(name, "ADH"))
wolfSSL	4:1b0d80432c79	10622	haveAnon = 1;
wolfSSL	4:1b0d80432c79	10623	else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
wolfSSL	4:1b0d80432c79	10624	haveRSAsig = 1;
wolfSSL	4:1b0d80432c79	10625
wolfSSL	4:1b0d80432c79	10626	ret = 1; /* found at least one */
wolfSSL	4:1b0d80432c79	10627	break;
wolfSSL	4:1b0d80432c79	10628	}
wolfSSL	4:1b0d80432c79	10629	}
wolfSSL	4:1b0d80432c79	10630	}
wolfSSL	4:1b0d80432c79	10631	while (next++); /* ++ needed to skip ':' */
wolfSSL	4:1b0d80432c79	10632
wolfSSL	4:1b0d80432c79	10633	if (ret) {
wolfSSL	4:1b0d80432c79	10634	suites->setSuites = 1;
wolfSSL	4:1b0d80432c79	10635	suites->suiteSz = (word16)idx;
wolfSSL	4:1b0d80432c79	10636	InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon);
wolfSSL	4:1b0d80432c79	10637	}
wolfSSL	4:1b0d80432c79	10638
wolfSSL	4:1b0d80432c79	10639	return ret;
wolfSSL	4:1b0d80432c79	10640	}
wolfSSL	4:1b0d80432c79	10641
wolfSSL	4:1b0d80432c79	10642	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_CERTS)
wolfSSL	4:1b0d80432c79	10643	static void PickHashSigAlgo(WOLFSSL* ssl,
wolfSSL	4:1b0d80432c79	10644	const byte* hashSigAlgo, word32 hashSigAlgoSz)
wolfSSL	4:1b0d80432c79	10645	{
wolfSSL	4:1b0d80432c79	10646	word32 i;
wolfSSL	4:1b0d80432c79	10647
wolfSSL	4:1b0d80432c79	10648	ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL	4:1b0d80432c79	10649	ssl->suites->hashAlgo = sha_mac;
wolfSSL	4:1b0d80432c79	10650
wolfSSL	4:1b0d80432c79	10651	/* i+1 since peek a byte ahead for type */
wolfSSL	4:1b0d80432c79	10652	for (i = 0; (i+1) < hashSigAlgoSz; i += 2) {
wolfSSL	4:1b0d80432c79	10653	if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
wolfSSL	4:1b0d80432c79	10654	if (hashSigAlgo[i] == sha_mac) {
wolfSSL	4:1b0d80432c79	10655	break;
wolfSSL	4:1b0d80432c79	10656	}
wolfSSL	4:1b0d80432c79	10657	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	10658	else if (hashSigAlgo[i] == sha256_mac) {
wolfSSL	4:1b0d80432c79	10659	ssl->suites->hashAlgo = sha256_mac;
wolfSSL	4:1b0d80432c79	10660	break;
wolfSSL	4:1b0d80432c79	10661	}
wolfSSL	4:1b0d80432c79	10662	#endif
wolfSSL	4:1b0d80432c79	10663	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	10664	else if (hashSigAlgo[i] == sha384_mac) {
wolfSSL	4:1b0d80432c79	10665	ssl->suites->hashAlgo = sha384_mac;
wolfSSL	4:1b0d80432c79	10666	break;
wolfSSL	4:1b0d80432c79	10667	}
wolfSSL	4:1b0d80432c79	10668	#endif
wolfSSL	4:1b0d80432c79	10669	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	10670	else if (hashSigAlgo[i] == sha512_mac) {
wolfSSL	4:1b0d80432c79	10671	ssl->suites->hashAlgo = sha512_mac;
wolfSSL	4:1b0d80432c79	10672	break;
wolfSSL	4:1b0d80432c79	10673	}
wolfSSL	4:1b0d80432c79	10674	#endif
wolfSSL	4:1b0d80432c79	10675	}
wolfSSL	4:1b0d80432c79	10676	}
wolfSSL	4:1b0d80432c79	10677	}
wolfSSL	4:1b0d80432c79	10678	#endif /* !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_CERTS) */
wolfSSL	4:1b0d80432c79	10679
wolfSSL	4:1b0d80432c79	10680	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	10681
wolfSSL	4:1b0d80432c79	10682	/* Initialisze HandShakeInfo */
wolfSSL	4:1b0d80432c79	10683	void InitHandShakeInfo(HandShakeInfo* info)
wolfSSL	4:1b0d80432c79	10684	{
wolfSSL	4:1b0d80432c79	10685	int i;
wolfSSL	4:1b0d80432c79	10686
wolfSSL	4:1b0d80432c79	10687	info->cipherName[0] = 0;
wolfSSL	4:1b0d80432c79	10688	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	4:1b0d80432c79	10689	info->packetNames[i][0] = 0;
wolfSSL	4:1b0d80432c79	10690	info->numberPackets = 0;
wolfSSL	4:1b0d80432c79	10691	info->negotiationError = 0;
wolfSSL	4:1b0d80432c79	10692	}
wolfSSL	4:1b0d80432c79	10693
wolfSSL	4:1b0d80432c79	10694	/* Set Final HandShakeInfo parameters */
wolfSSL	4:1b0d80432c79	10695	void FinishHandShakeInfo(HandShakeInfo* info, const WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	10696	{
wolfSSL	4:1b0d80432c79	10697	int i;
wolfSSL	4:1b0d80432c79	10698	int sz = sizeof(cipher_name_idx)/sizeof(int);
wolfSSL	4:1b0d80432c79	10699
wolfSSL	4:1b0d80432c79	10700	for (i = 0; i < sz; i++)
wolfSSL	4:1b0d80432c79	10701	if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
wolfSSL	4:1b0d80432c79	10702	if (ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL	4:1b0d80432c79	10703	continue; /* ECC suites at end */
wolfSSL	4:1b0d80432c79	10704	XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
wolfSSL	4:1b0d80432c79	10705	break;
wolfSSL	4:1b0d80432c79	10706	}
wolfSSL	4:1b0d80432c79	10707
wolfSSL	4:1b0d80432c79	10708	/* error max and min are negative numbers */
wolfSSL	4:1b0d80432c79	10709	if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR)
wolfSSL	4:1b0d80432c79	10710	info->negotiationError = ssl->error;
wolfSSL	4:1b0d80432c79	10711	}
wolfSSL	4:1b0d80432c79	10712
wolfSSL	4:1b0d80432c79	10713
wolfSSL	4:1b0d80432c79	10714	/* Add name to info packet names, increase packet name count */
wolfSSL	4:1b0d80432c79	10715	void AddPacketName(const char* name, HandShakeInfo* info)
wolfSSL	4:1b0d80432c79	10716	{
wolfSSL	4:1b0d80432c79	10717	if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL	4:1b0d80432c79	10718	XSTRNCPY(info->packetNames[info->numberPackets++], name,
wolfSSL	4:1b0d80432c79	10719	MAX_PACKETNAME_SZ);
wolfSSL	4:1b0d80432c79	10720	}
wolfSSL	4:1b0d80432c79	10721	}
wolfSSL	4:1b0d80432c79	10722
wolfSSL	4:1b0d80432c79	10723
wolfSSL	4:1b0d80432c79	10724	/* Initialisze TimeoutInfo */
wolfSSL	4:1b0d80432c79	10725	void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL	4:1b0d80432c79	10726	{
wolfSSL	4:1b0d80432c79	10727	int i;
wolfSSL	4:1b0d80432c79	10728
wolfSSL	4:1b0d80432c79	10729	info->timeoutName[0] = 0;
wolfSSL	4:1b0d80432c79	10730	info->flags = 0;
wolfSSL	4:1b0d80432c79	10731
wolfSSL	4:1b0d80432c79	10732	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL	4:1b0d80432c79	10733	info->packets[i].packetName[0] = 0;
wolfSSL	4:1b0d80432c79	10734	info->packets[i].timestamp.tv_sec = 0;
wolfSSL	4:1b0d80432c79	10735	info->packets[i].timestamp.tv_usec = 0;
wolfSSL	4:1b0d80432c79	10736	info->packets[i].bufferValue = 0;
wolfSSL	4:1b0d80432c79	10737	info->packets[i].valueSz = 0;
wolfSSL	4:1b0d80432c79	10738	}
wolfSSL	4:1b0d80432c79	10739	info->numberPackets = 0;
wolfSSL	4:1b0d80432c79	10740	info->timeoutValue.tv_sec = 0;
wolfSSL	4:1b0d80432c79	10741	info->timeoutValue.tv_usec = 0;
wolfSSL	4:1b0d80432c79	10742	}
wolfSSL	4:1b0d80432c79	10743
wolfSSL	4:1b0d80432c79	10744
wolfSSL	4:1b0d80432c79	10745	/* Free TimeoutInfo */
wolfSSL	4:1b0d80432c79	10746	void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL	4:1b0d80432c79	10747	{
wolfSSL	4:1b0d80432c79	10748	int i;
wolfSSL	4:1b0d80432c79	10749	(void)heap;
wolfSSL	4:1b0d80432c79	10750	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	4:1b0d80432c79	10751	if (info->packets[i].bufferValue) {
wolfSSL	4:1b0d80432c79	10752	XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL	4:1b0d80432c79	10753	info->packets[i].bufferValue = 0;
wolfSSL	4:1b0d80432c79	10754	}
wolfSSL	4:1b0d80432c79	10755
wolfSSL	4:1b0d80432c79	10756	}
wolfSSL	4:1b0d80432c79	10757
wolfSSL	4:1b0d80432c79	10758
wolfSSL	4:1b0d80432c79	10759	/* Add PacketInfo to TimeoutInfo */
wolfSSL	4:1b0d80432c79	10760	void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
wolfSSL	4:1b0d80432c79	10761	int sz, void* heap)
wolfSSL	4:1b0d80432c79	10762	{
wolfSSL	4:1b0d80432c79	10763	if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL	4:1b0d80432c79	10764	Timeval currTime;
wolfSSL	4:1b0d80432c79	10765
wolfSSL	4:1b0d80432c79	10766	/* may add name after */
wolfSSL	4:1b0d80432c79	10767	if (name)
wolfSSL	4:1b0d80432c79	10768	XSTRNCPY(info->packets[info->numberPackets].packetName, name,
wolfSSL	4:1b0d80432c79	10769	MAX_PACKETNAME_SZ);
wolfSSL	4:1b0d80432c79	10770
wolfSSL	4:1b0d80432c79	10771	/* add data, put in buffer if bigger than static buffer */
wolfSSL	4:1b0d80432c79	10772	info->packets[info->numberPackets].valueSz = sz;
wolfSSL	4:1b0d80432c79	10773	if (sz < MAX_VALUE_SZ)
wolfSSL	4:1b0d80432c79	10774	XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL	4:1b0d80432c79	10775	else {
wolfSSL	4:1b0d80432c79	10776	info->packets[info->numberPackets].bufferValue =
wolfSSL	4:1b0d80432c79	10777	XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL	4:1b0d80432c79	10778	if (!info->packets[info->numberPackets].bufferValue)
wolfSSL	4:1b0d80432c79	10779	/* let next alloc catch, just don't fill, not fatal here */
wolfSSL	4:1b0d80432c79	10780	info->packets[info->numberPackets].valueSz = 0;
wolfSSL	4:1b0d80432c79	10781	else
wolfSSL	4:1b0d80432c79	10782	XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL	4:1b0d80432c79	10783	data, sz);
wolfSSL	4:1b0d80432c79	10784	}
wolfSSL	4:1b0d80432c79	10785	gettimeofday(&currTime, 0);
wolfSSL	4:1b0d80432c79	10786	info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL	4:1b0d80432c79	10787	currTime.tv_sec;
wolfSSL	4:1b0d80432c79	10788	info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL	4:1b0d80432c79	10789	currTime.tv_usec;
wolfSSL	4:1b0d80432c79	10790	info->numberPackets++;
wolfSSL	4:1b0d80432c79	10791	}
wolfSSL	4:1b0d80432c79	10792	}
wolfSSL	4:1b0d80432c79	10793
wolfSSL	4:1b0d80432c79	10794
wolfSSL	4:1b0d80432c79	10795	/* Add packet name to previsouly added packet info */
wolfSSL	4:1b0d80432c79	10796	void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL	4:1b0d80432c79	10797	{
wolfSSL	4:1b0d80432c79	10798	/* make sure we have a valid previous one */
wolfSSL	4:1b0d80432c79	10799	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	4:1b0d80432c79	10800	MAX_PACKETS_HANDSHAKE) {
wolfSSL	4:1b0d80432c79	10801	XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
wolfSSL	4:1b0d80432c79	10802	MAX_PACKETNAME_SZ);
wolfSSL	4:1b0d80432c79	10803	}
wolfSSL	4:1b0d80432c79	10804	}
wolfSSL	4:1b0d80432c79	10805
wolfSSL	4:1b0d80432c79	10806	/* Add record header to previsouly added packet info */
wolfSSL	4:1b0d80432c79	10807	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL	4:1b0d80432c79	10808	{
wolfSSL	4:1b0d80432c79	10809	/* make sure we have a valid previous one */
wolfSSL	4:1b0d80432c79	10810	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	4:1b0d80432c79	10811	MAX_PACKETS_HANDSHAKE) {
wolfSSL	4:1b0d80432c79	10812	if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL	4:1b0d80432c79	10813	XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL	4:1b0d80432c79	10814	RECORD_HEADER_SZ);
wolfSSL	4:1b0d80432c79	10815	else
wolfSSL	4:1b0d80432c79	10816	XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL	4:1b0d80432c79	10817	RECORD_HEADER_SZ);
wolfSSL	4:1b0d80432c79	10818	}
wolfSSL	4:1b0d80432c79	10819	}
wolfSSL	4:1b0d80432c79	10820
wolfSSL	4:1b0d80432c79	10821	#endif /* WOLFSSL_CALLBACKS */
wolfSSL	4:1b0d80432c79	10822
wolfSSL	4:1b0d80432c79	10823
wolfSSL	4:1b0d80432c79	10824
wolfSSL	4:1b0d80432c79	10825	/* client only parts */
wolfSSL	4:1b0d80432c79	10826	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	4:1b0d80432c79	10827
wolfSSL	4:1b0d80432c79	10828	int SendClientHello(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	10829	{
wolfSSL	4:1b0d80432c79	10830	byte *output;
wolfSSL	4:1b0d80432c79	10831	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	10832	int sendSz;
wolfSSL	4:1b0d80432c79	10833	int idSz = ssl->options.resuming
wolfSSL	4:1b0d80432c79	10834	? ssl->session.sessionIDSz
wolfSSL	4:1b0d80432c79	10835	: 0;
wolfSSL	4:1b0d80432c79	10836	int ret;
wolfSSL	4:1b0d80432c79	10837
wolfSSL	4:1b0d80432c79	10838	if (ssl->suites == NULL) {
wolfSSL	4:1b0d80432c79	10839	WOLFSSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL	4:1b0d80432c79	10840	return SUITES_ERROR;
wolfSSL	4:1b0d80432c79	10841	}
wolfSSL	4:1b0d80432c79	10842
wolfSSL	4:1b0d80432c79	10843	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	10844	if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL	4:1b0d80432c79	10845	SessionTicket* ticket;
wolfSSL	4:1b0d80432c79	10846
wolfSSL	4:1b0d80432c79	10847	ticket = TLSX_SessionTicket_Create(0,
wolfSSL	4:1b0d80432c79	10848	ssl->session.ticket, ssl->session.ticketLen);
wolfSSL	4:1b0d80432c79	10849	if (ticket == NULL) return MEMORY_E;
wolfSSL	4:1b0d80432c79	10850
wolfSSL	4:1b0d80432c79	10851	ret = TLSX_UseSessionTicket(&ssl->extensions, ticket);
wolfSSL	4:1b0d80432c79	10852	if (ret != SSL_SUCCESS) return ret;
wolfSSL	4:1b0d80432c79	10853
wolfSSL	4:1b0d80432c79	10854	idSz = 0;
wolfSSL	4:1b0d80432c79	10855	}
wolfSSL	4:1b0d80432c79	10856	#endif
wolfSSL	4:1b0d80432c79	10857	length = VERSION_SZ + RAN_LEN
wolfSSL	4:1b0d80432c79	10858	+ idSz + ENUM_LEN
wolfSSL	4:1b0d80432c79	10859	+ ssl->suites->suiteSz + SUITE_LEN
wolfSSL	4:1b0d80432c79	10860	+ COMP_LEN + ENUM_LEN;
wolfSSL	4:1b0d80432c79	10861
wolfSSL	4:1b0d80432c79	10862	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	10863	/* auto populate extensions supported unless user defined */
wolfSSL	4:1b0d80432c79	10864	if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
wolfSSL	4:1b0d80432c79	10865	return ret;
wolfSSL	4:1b0d80432c79	10866	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	10867	if (QSH_Init(ssl) != 0)
wolfSSL	4:1b0d80432c79	10868	return MEMORY_E;
wolfSSL	4:1b0d80432c79	10869	#endif
wolfSSL	4:1b0d80432c79	10870	length += TLSX_GetRequestSize(ssl);
wolfSSL	4:1b0d80432c79	10871	#else
wolfSSL	4:1b0d80432c79	10872	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
wolfSSL	4:1b0d80432c79	10873	length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ;
wolfSSL	4:1b0d80432c79	10874	}
wolfSSL	4:1b0d80432c79	10875	#endif
wolfSSL	4:1b0d80432c79	10876	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	10877
wolfSSL	4:1b0d80432c79	10878	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	10879	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	10880	length += ENUM_LEN; /* cookie */
wolfSSL	4:1b0d80432c79	10881	if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL	4:1b0d80432c79	10882	sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	10883	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	10884	}
wolfSSL	4:1b0d80432c79	10885	#endif
wolfSSL	4:1b0d80432c79	10886
wolfSSL	4:1b0d80432c79	10887	if (IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	10888	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	10889
wolfSSL	4:1b0d80432c79	10890	/* check for available size */
wolfSSL	4:1b0d80432c79	10891	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	10892	return ret;
wolfSSL	4:1b0d80432c79	10893
wolfSSL	4:1b0d80432c79	10894	/* get output buffer */
wolfSSL	4:1b0d80432c79	10895	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	10896	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	10897
wolfSSL	4:1b0d80432c79	10898	AddHeaders(output, length, client_hello, ssl);
wolfSSL	4:1b0d80432c79	10899	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	10900	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	10901	DtlsRecordLayerHeader* rh = (DtlsRecordLayerHeader*)output;
wolfSSL	4:1b0d80432c79	10902	rh->pvMajor = DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	10903	rh->pvMinor = DTLS_MINOR;
wolfSSL	4:1b0d80432c79	10904	}
wolfSSL	4:1b0d80432c79	10905	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	10906
wolfSSL	4:1b0d80432c79	10907	/* client hello, first version */
wolfSSL	4:1b0d80432c79	10908	output[idx++] = ssl->version.major;
wolfSSL	4:1b0d80432c79	10909	output[idx++] = ssl->version.minor;
wolfSSL	4:1b0d80432c79	10910	ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL	4:1b0d80432c79	10911
wolfSSL	4:1b0d80432c79	10912	/* then random */
wolfSSL	4:1b0d80432c79	10913	if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL	4:1b0d80432c79	10914	ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL	4:1b0d80432c79	10915	if (ret != 0)
wolfSSL	4:1b0d80432c79	10916	return ret;
wolfSSL	4:1b0d80432c79	10917
wolfSSL	4:1b0d80432c79	10918	/* store random */
wolfSSL	4:1b0d80432c79	10919	XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL	4:1b0d80432c79	10920	} else {
wolfSSL	4:1b0d80432c79	10921	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	10922	/* send same random on hello again */
wolfSSL	4:1b0d80432c79	10923	XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	10924	#endif
wolfSSL	4:1b0d80432c79	10925	}
wolfSSL	4:1b0d80432c79	10926	idx += RAN_LEN;
wolfSSL	4:1b0d80432c79	10927
wolfSSL	4:1b0d80432c79	10928	/* then session id */
wolfSSL	4:1b0d80432c79	10929	output[idx++] = (byte)idSz;
wolfSSL	4:1b0d80432c79	10930	if (idSz) {
wolfSSL	4:1b0d80432c79	10931	XMEMCPY(output + idx, ssl->session.sessionID,
wolfSSL	4:1b0d80432c79	10932	ssl->session.sessionIDSz);
wolfSSL	4:1b0d80432c79	10933	idx += ssl->session.sessionIDSz;
wolfSSL	4:1b0d80432c79	10934	}
wolfSSL	4:1b0d80432c79	10935
wolfSSL	4:1b0d80432c79	10936	/* then DTLS cookie */
wolfSSL	4:1b0d80432c79	10937	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	10938	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	10939	byte cookieSz = ssl->arrays->cookieSz;
wolfSSL	4:1b0d80432c79	10940
wolfSSL	4:1b0d80432c79	10941	output[idx++] = cookieSz;
wolfSSL	4:1b0d80432c79	10942	if (cookieSz) {
wolfSSL	4:1b0d80432c79	10943	XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL	4:1b0d80432c79	10944	idx += cookieSz;
wolfSSL	4:1b0d80432c79	10945	}
wolfSSL	4:1b0d80432c79	10946	}
wolfSSL	4:1b0d80432c79	10947	#endif
wolfSSL	4:1b0d80432c79	10948	/* then cipher suites */
wolfSSL	4:1b0d80432c79	10949	c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL	4:1b0d80432c79	10950	idx += 2;
wolfSSL	4:1b0d80432c79	10951	XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL	4:1b0d80432c79	10952	idx += ssl->suites->suiteSz;
wolfSSL	4:1b0d80432c79	10953
wolfSSL	4:1b0d80432c79	10954	/* last, compression */
wolfSSL	4:1b0d80432c79	10955	output[idx++] = COMP_LEN;
wolfSSL	4:1b0d80432c79	10956	if (ssl->options.usingCompression)
wolfSSL	4:1b0d80432c79	10957	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	4:1b0d80432c79	10958	else
wolfSSL	4:1b0d80432c79	10959	output[idx++] = NO_COMPRESSION;
wolfSSL	4:1b0d80432c79	10960
wolfSSL	4:1b0d80432c79	10961	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	10962	idx += TLSX_WriteRequest(ssl, output + idx);
wolfSSL	4:1b0d80432c79	10963
wolfSSL	4:1b0d80432c79	10964	(void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL	4:1b0d80432c79	10965	#else
wolfSSL	4:1b0d80432c79	10966	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	4:1b0d80432c79	10967	{
wolfSSL	4:1b0d80432c79	10968	int i;
wolfSSL	4:1b0d80432c79	10969	/* add in the extensions length */
wolfSSL	4:1b0d80432c79	10970	c16toa((word16)(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz),
wolfSSL	4:1b0d80432c79	10971	output + idx);
wolfSSL	4:1b0d80432c79	10972	idx += 2;
wolfSSL	4:1b0d80432c79	10973
wolfSSL	4:1b0d80432c79	10974	c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL	4:1b0d80432c79	10975	idx += 2;
wolfSSL	4:1b0d80432c79	10976	c16toa((word16)(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz),
wolfSSL	4:1b0d80432c79	10977	output+idx);
wolfSSL	4:1b0d80432c79	10978	idx += 2;
wolfSSL	4:1b0d80432c79	10979	c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL	4:1b0d80432c79	10980	idx += 2;
wolfSSL	4:1b0d80432c79	10981	for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL	4:1b0d80432c79	10982	output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL	4:1b0d80432c79	10983	}
wolfSSL	4:1b0d80432c79	10984	}
wolfSSL	4:1b0d80432c79	10985	#endif
wolfSSL	4:1b0d80432c79	10986
wolfSSL	4:1b0d80432c79	10987	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	10988	byte* input;
wolfSSL	4:1b0d80432c79	10989	int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	4:1b0d80432c79	10990
wolfSSL	4:1b0d80432c79	10991	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	10992	if (input == NULL)
wolfSSL	4:1b0d80432c79	10993	return MEMORY_E;
wolfSSL	4:1b0d80432c79	10994
wolfSSL	4:1b0d80432c79	10995	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	4:1b0d80432c79	10996	sendSz = BuildMessage(ssl, output,sendSz,input,inputSz,handshake,1);
wolfSSL	4:1b0d80432c79	10997	XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	10998
wolfSSL	4:1b0d80432c79	10999	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	11000	return sendSz;
wolfSSL	4:1b0d80432c79	11001	} else {
wolfSSL	4:1b0d80432c79	11002	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	11003	if (ret != 0)
wolfSSL	4:1b0d80432c79	11004	return ret;
wolfSSL	4:1b0d80432c79	11005	}
wolfSSL	4:1b0d80432c79	11006
wolfSSL	4:1b0d80432c79	11007	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	11008	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	11009	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	11010	return ret;
wolfSSL	4:1b0d80432c79	11011	}
wolfSSL	4:1b0d80432c79	11012	#endif
wolfSSL	4:1b0d80432c79	11013
wolfSSL	4:1b0d80432c79	11014	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	4:1b0d80432c79	11015
wolfSSL	4:1b0d80432c79	11016	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	11017	if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	11018	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	11019	AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	11020	ssl->heap);
wolfSSL	4:1b0d80432c79	11021	#endif
wolfSSL	4:1b0d80432c79	11022
wolfSSL	4:1b0d80432c79	11023	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	11024
wolfSSL	4:1b0d80432c79	11025	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	11026	}
wolfSSL	4:1b0d80432c79	11027
wolfSSL	4:1b0d80432c79	11028
wolfSSL	4:1b0d80432c79	11029	static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
wolfSSL	4:1b0d80432c79	11030	word32* inOutIdx, word32 size)
wolfSSL	4:1b0d80432c79	11031	{
wolfSSL	4:1b0d80432c79	11032	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	11033	byte cookieSz;
wolfSSL	4:1b0d80432c79	11034	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	11035
wolfSSL	4:1b0d80432c79	11036	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	11037	if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
wolfSSL	4:1b0d80432c79	11038	&ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	11039	if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	11040	#endif
wolfSSL	4:1b0d80432c79	11041
wolfSSL	4:1b0d80432c79	11042	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	11043	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	11044	DtlsPoolReset(ssl);
wolfSSL	4:1b0d80432c79	11045	}
wolfSSL	4:1b0d80432c79	11046	#endif
wolfSSL	4:1b0d80432c79	11047
wolfSSL	4:1b0d80432c79	11048	if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL	4:1b0d80432c79	11049	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11050
wolfSSL	4:1b0d80432c79	11051	XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	11052	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11053
wolfSSL	4:1b0d80432c79	11054	if (pv.major != DTLS_MAJOR \|\|
wolfSSL	4:1b0d80432c79	11055	(pv.minor != DTLS_MINOR && pv.minor != DTLSv1_2_MINOR))
wolfSSL	4:1b0d80432c79	11056	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	11057
wolfSSL	4:1b0d80432c79	11058	cookieSz = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11059
wolfSSL	4:1b0d80432c79	11060	if (cookieSz) {
wolfSSL	4:1b0d80432c79	11061	if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL	4:1b0d80432c79	11062	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11063
wolfSSL	4:1b0d80432c79	11064	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	11065	if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL	4:1b0d80432c79	11066	XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL	4:1b0d80432c79	11067	ssl->arrays->cookieSz = cookieSz;
wolfSSL	4:1b0d80432c79	11068	}
wolfSSL	4:1b0d80432c79	11069	#endif
wolfSSL	4:1b0d80432c79	11070	*inOutIdx += cookieSz;
wolfSSL	4:1b0d80432c79	11071	}
wolfSSL	4:1b0d80432c79	11072
wolfSSL	4:1b0d80432c79	11073	ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	4:1b0d80432c79	11074	return 0;
wolfSSL	4:1b0d80432c79	11075	}
wolfSSL	4:1b0d80432c79	11076
wolfSSL	4:1b0d80432c79	11077
wolfSSL	4:1b0d80432c79	11078	static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	11079	{
wolfSSL	4:1b0d80432c79	11080	int ret = 0;
wolfSSL	4:1b0d80432c79	11081
wolfSSL	4:1b0d80432c79	11082	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	4:1b0d80432c79	11083	/* If a session secret callback exists, we are using that
wolfSSL	4:1b0d80432c79	11084	* key instead of the saved session key. */
wolfSSL	4:1b0d80432c79	11085	ret = ret \|\| (ssl->sessionSecretCb != NULL);
wolfSSL	4:1b0d80432c79	11086	#endif
wolfSSL	4:1b0d80432c79	11087
wolfSSL	4:1b0d80432c79	11088	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	11089	/* server may send blank ticket which may not be expected to indicate
wolfSSL	4:1b0d80432c79	11090	* existing one ok but will also be sending a new one */
wolfSSL	4:1b0d80432c79	11091	ret = ret \|\| (ssl->session.ticketLen > 0);
wolfSSL	4:1b0d80432c79	11092	#endif
wolfSSL	4:1b0d80432c79	11093
wolfSSL	4:1b0d80432c79	11094	ret = ret \|\|
wolfSSL	4:1b0d80432c79	11095	(ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL	4:1b0d80432c79	11096	ssl->session.sessionID, ID_LEN) == 0);
wolfSSL	4:1b0d80432c79	11097
wolfSSL	4:1b0d80432c79	11098	return ret;
wolfSSL	4:1b0d80432c79	11099	}
wolfSSL	4:1b0d80432c79	11100
wolfSSL	4:1b0d80432c79	11101	static int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	11102	word32 helloSz)
wolfSSL	4:1b0d80432c79	11103	{
wolfSSL	4:1b0d80432c79	11104	byte cs0; /* cipher suite bytes 0, 1 */
wolfSSL	4:1b0d80432c79	11105	byte cs1;
wolfSSL	4:1b0d80432c79	11106	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	11107	byte compression;
wolfSSL	4:1b0d80432c79	11108	word32 i = *inOutIdx;
wolfSSL	4:1b0d80432c79	11109	word32 begin = i;
wolfSSL	4:1b0d80432c79	11110
wolfSSL	4:1b0d80432c79	11111	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	11112	if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	11113	if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	11114	#endif
wolfSSL	4:1b0d80432c79	11115
wolfSSL	4:1b0d80432c79	11116	/* protocol version, random and session id length check */
wolfSSL	4:1b0d80432c79	11117	if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	4:1b0d80432c79	11118	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11119
wolfSSL	4:1b0d80432c79	11120	/* protocol version */
wolfSSL	4:1b0d80432c79	11121	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	11122	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11123
wolfSSL	4:1b0d80432c79	11124	if (pv.minor > ssl->version.minor) {
wolfSSL	4:1b0d80432c79	11125	WOLFSSL_MSG("Server using higher version, fatal error");
wolfSSL	4:1b0d80432c79	11126	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	11127	}
wolfSSL	4:1b0d80432c79	11128	else if (pv.minor < ssl->version.minor) {
wolfSSL	4:1b0d80432c79	11129	WOLFSSL_MSG("server using lower version");
wolfSSL	4:1b0d80432c79	11130
wolfSSL	4:1b0d80432c79	11131	if (!ssl->options.downgrade) {
wolfSSL	4:1b0d80432c79	11132	WOLFSSL_MSG(" no downgrade allowed, fatal error");
wolfSSL	4:1b0d80432c79	11133	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	11134	}
wolfSSL	4:1b0d80432c79	11135	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	4:1b0d80432c79	11136	WOLFSSL_MSG(" version below minimum allowed, fatal error");
wolfSSL	4:1b0d80432c79	11137	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	11138	}
wolfSSL	4:1b0d80432c79	11139
wolfSSL	4:1b0d80432c79	11140	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	11141	if (ssl->secure_renegotiation &&
wolfSSL	4:1b0d80432c79	11142	ssl->secure_renegotiation->enabled &&
wolfSSL	4:1b0d80432c79	11143	ssl->options.handShakeDone) {
wolfSSL	4:1b0d80432c79	11144	WOLFSSL_MSG("Server changed version during scr");
wolfSSL	4:1b0d80432c79	11145	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	11146	}
wolfSSL	4:1b0d80432c79	11147	#endif
wolfSSL	4:1b0d80432c79	11148
wolfSSL	4:1b0d80432c79	11149	if (pv.minor == SSLv3_MINOR) {
wolfSSL	4:1b0d80432c79	11150	/* turn off tls */
wolfSSL	4:1b0d80432c79	11151	WOLFSSL_MSG(" downgrading to SSLv3");
wolfSSL	4:1b0d80432c79	11152	ssl->options.tls = 0;
wolfSSL	4:1b0d80432c79	11153	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	11154	ssl->version.minor = SSLv3_MINOR;
wolfSSL	4:1b0d80432c79	11155	}
wolfSSL	4:1b0d80432c79	11156	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	4:1b0d80432c79	11157	/* turn off tls 1.1+ */
wolfSSL	4:1b0d80432c79	11158	WOLFSSL_MSG(" downgrading to TLSv1");
wolfSSL	4:1b0d80432c79	11159	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	11160	ssl->version.minor = TLSv1_MINOR;
wolfSSL	4:1b0d80432c79	11161	}
wolfSSL	4:1b0d80432c79	11162	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	4:1b0d80432c79	11163	WOLFSSL_MSG(" downgrading to TLSv1.1");
wolfSSL	4:1b0d80432c79	11164	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	4:1b0d80432c79	11165	}
wolfSSL	4:1b0d80432c79	11166	}
wolfSSL	4:1b0d80432c79	11167
wolfSSL	4:1b0d80432c79	11168	/* random */
wolfSSL	4:1b0d80432c79	11169	XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL	4:1b0d80432c79	11170	i += RAN_LEN;
wolfSSL	4:1b0d80432c79	11171
wolfSSL	4:1b0d80432c79	11172	/* session id */
wolfSSL	4:1b0d80432c79	11173	ssl->arrays->sessionIDSz = input[i++];
wolfSSL	4:1b0d80432c79	11174
wolfSSL	4:1b0d80432c79	11175	if (ssl->arrays->sessionIDSz > ID_LEN) {
wolfSSL	4:1b0d80432c79	11176	WOLFSSL_MSG("Invalid session ID size");
wolfSSL	4:1b0d80432c79	11177	ssl->arrays->sessionIDSz = 0;
wolfSSL	4:1b0d80432c79	11178	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11179	}
wolfSSL	4:1b0d80432c79	11180	else if (ssl->arrays->sessionIDSz) {
wolfSSL	4:1b0d80432c79	11181	if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
wolfSSL	4:1b0d80432c79	11182	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11183
wolfSSL	4:1b0d80432c79	11184	XMEMCPY(ssl->arrays->sessionID, input + i,
wolfSSL	4:1b0d80432c79	11185	ssl->arrays->sessionIDSz);
wolfSSL	4:1b0d80432c79	11186	i += ssl->arrays->sessionIDSz;
wolfSSL	4:1b0d80432c79	11187	ssl->options.haveSessionId = 1;
wolfSSL	4:1b0d80432c79	11188	}
wolfSSL	4:1b0d80432c79	11189
wolfSSL	4:1b0d80432c79	11190
wolfSSL	4:1b0d80432c79	11191	/* suite and compression */
wolfSSL	4:1b0d80432c79	11192	if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	4:1b0d80432c79	11193	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11194
wolfSSL	4:1b0d80432c79	11195	cs0 = input[i++];
wolfSSL	4:1b0d80432c79	11196	cs1 = input[i++];
wolfSSL	4:1b0d80432c79	11197
wolfSSL	4:1b0d80432c79	11198	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	4:1b0d80432c79	11199	if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL	4:1b0d80432c79	11200	ssl->options.handShakeDone) {
wolfSSL	4:1b0d80432c79	11201	if (ssl->options.cipherSuite0 != cs0 \|\|
wolfSSL	4:1b0d80432c79	11202	ssl->options.cipherSuite != cs1) {
wolfSSL	4:1b0d80432c79	11203	WOLFSSL_MSG("Server changed cipher suite during scr");
wolfSSL	4:1b0d80432c79	11204	return MATCH_SUITE_ERROR;
wolfSSL	4:1b0d80432c79	11205	}
wolfSSL	4:1b0d80432c79	11206	}
wolfSSL	4:1b0d80432c79	11207	#endif
wolfSSL	4:1b0d80432c79	11208
wolfSSL	4:1b0d80432c79	11209	ssl->options.cipherSuite0 = cs0;
wolfSSL	4:1b0d80432c79	11210	ssl->options.cipherSuite = cs1;
wolfSSL	4:1b0d80432c79	11211	compression = input[i++];
wolfSSL	4:1b0d80432c79	11212
wolfSSL	4:1b0d80432c79	11213	if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL	4:1b0d80432c79	11214	WOLFSSL_MSG("Server refused compression, turning off");
wolfSSL	4:1b0d80432c79	11215	ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL	4:1b0d80432c79	11216	}
wolfSSL	4:1b0d80432c79	11217
wolfSSL	4:1b0d80432c79	11218	*inOutIdx = i;
wolfSSL	4:1b0d80432c79	11219
wolfSSL	4:1b0d80432c79	11220
wolfSSL	4:1b0d80432c79	11221	if ( (i - begin) < helloSz) {
wolfSSL	4:1b0d80432c79	11222	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	11223	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	4:1b0d80432c79	11224	int ret = 0;
wolfSSL	4:1b0d80432c79	11225	word16 totalExtSz;
wolfSSL	4:1b0d80432c79	11226
wolfSSL	4:1b0d80432c79	11227	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	4:1b0d80432c79	11228	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11229
wolfSSL	4:1b0d80432c79	11230	ato16(&input[i], &totalExtSz);
wolfSSL	4:1b0d80432c79	11231	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11232
wolfSSL	4:1b0d80432c79	11233	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	4:1b0d80432c79	11234	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11235
wolfSSL	4:1b0d80432c79	11236	if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL	4:1b0d80432c79	11237	totalExtSz, 0, NULL)))
wolfSSL	4:1b0d80432c79	11238	return ret;
wolfSSL	4:1b0d80432c79	11239
wolfSSL	4:1b0d80432c79	11240	i += totalExtSz;
wolfSSL	4:1b0d80432c79	11241	*inOutIdx = i;
wolfSSL	4:1b0d80432c79	11242	}
wolfSSL	4:1b0d80432c79	11243	else
wolfSSL	4:1b0d80432c79	11244	#endif
wolfSSL	4:1b0d80432c79	11245	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	4:1b0d80432c79	11246	}
wolfSSL	4:1b0d80432c79	11247
wolfSSL	4:1b0d80432c79	11248	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	4:1b0d80432c79	11249
wolfSSL	4:1b0d80432c79	11250	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	11251	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	11252	}
wolfSSL	4:1b0d80432c79	11253
wolfSSL	4:1b0d80432c79	11254	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	4:1b0d80432c79	11255	if (ssl->sessionSecretCb != NULL) {
wolfSSL	4:1b0d80432c79	11256	int secretSz = SECRET_LEN, ret;
wolfSSL	4:1b0d80432c79	11257	ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
wolfSSL	4:1b0d80432c79	11258	&secretSz, ssl->sessionSecretCtx);
wolfSSL	4:1b0d80432c79	11259	if (ret != 0 \|\| secretSz != SECRET_LEN)
wolfSSL	4:1b0d80432c79	11260	return SESSION_SECRET_CB_E;
wolfSSL	4:1b0d80432c79	11261	}
wolfSSL	4:1b0d80432c79	11262	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	4:1b0d80432c79	11263
wolfSSL	4:1b0d80432c79	11264	if (ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	11265	if (DSH_CheckSessionId(ssl)) {
wolfSSL	4:1b0d80432c79	11266	if (SetCipherSpecs(ssl) == 0) {
wolfSSL	4:1b0d80432c79	11267	int ret = -1;
wolfSSL	4:1b0d80432c79	11268
wolfSSL	4:1b0d80432c79	11269	XMEMCPY(ssl->arrays->masterSecret,
wolfSSL	4:1b0d80432c79	11270	ssl->session.masterSecret, SECRET_LEN);
wolfSSL	4:1b0d80432c79	11271	#ifdef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	11272	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	11273	#else
wolfSSL	4:1b0d80432c79	11274	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	11275	if (ssl->options.tls)
wolfSSL	4:1b0d80432c79	11276	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	11277	#endif
wolfSSL	4:1b0d80432c79	11278	if (!ssl->options.tls)
wolfSSL	4:1b0d80432c79	11279	ret = DeriveKeys(ssl);
wolfSSL	4:1b0d80432c79	11280	#endif
wolfSSL	4:1b0d80432c79	11281	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	4:1b0d80432c79	11282
wolfSSL	4:1b0d80432c79	11283	return ret;
wolfSSL	4:1b0d80432c79	11284	}
wolfSSL	4:1b0d80432c79	11285	else {
wolfSSL	4:1b0d80432c79	11286	WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL	4:1b0d80432c79	11287	return UNSUPPORTED_SUITE;
wolfSSL	4:1b0d80432c79	11288	}
wolfSSL	4:1b0d80432c79	11289	}
wolfSSL	4:1b0d80432c79	11290	else {
wolfSSL	4:1b0d80432c79	11291	WOLFSSL_MSG("Server denied resumption attempt");
wolfSSL	4:1b0d80432c79	11292	ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL	4:1b0d80432c79	11293	}
wolfSSL	4:1b0d80432c79	11294	}
wolfSSL	4:1b0d80432c79	11295	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	11296	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	11297	DtlsPoolReset(ssl);
wolfSSL	4:1b0d80432c79	11298	}
wolfSSL	4:1b0d80432c79	11299	#endif
wolfSSL	4:1b0d80432c79	11300
wolfSSL	4:1b0d80432c79	11301	return SetCipherSpecs(ssl);
wolfSSL	4:1b0d80432c79	11302	}
wolfSSL	4:1b0d80432c79	11303
wolfSSL	4:1b0d80432c79	11304
wolfSSL	4:1b0d80432c79	11305	/* Make sure client setup is valid for this suite, true on success */
wolfSSL	4:1b0d80432c79	11306	int VerifyClientSuite(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	11307	{
wolfSSL	4:1b0d80432c79	11308	int havePSK = 0;
wolfSSL	4:1b0d80432c79	11309	byte first = ssl->options.cipherSuite0;
wolfSSL	4:1b0d80432c79	11310	byte second = ssl->options.cipherSuite;
wolfSSL	4:1b0d80432c79	11311
wolfSSL	4:1b0d80432c79	11312	WOLFSSL_ENTER("VerifyClientSuite");
wolfSSL	4:1b0d80432c79	11313
wolfSSL	4:1b0d80432c79	11314	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	11315	havePSK = ssl->options.havePSK;
wolfSSL	4:1b0d80432c79	11316	#endif
wolfSSL	4:1b0d80432c79	11317
wolfSSL	4:1b0d80432c79	11318	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	4:1b0d80432c79	11319	WOLFSSL_MSG("Requires PSK");
wolfSSL	4:1b0d80432c79	11320	if (havePSK == 0) {
wolfSSL	4:1b0d80432c79	11321	WOLFSSL_MSG("Don't have PSK");
wolfSSL	4:1b0d80432c79	11322	return 0;
wolfSSL	4:1b0d80432c79	11323	}
wolfSSL	4:1b0d80432c79	11324	}
wolfSSL	4:1b0d80432c79	11325
wolfSSL	4:1b0d80432c79	11326	return 1; /* success */
wolfSSL	4:1b0d80432c79	11327	}
wolfSSL	4:1b0d80432c79	11328
wolfSSL	4:1b0d80432c79	11329
wolfSSL	4:1b0d80432c79	11330	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	11331	/* just read in and ignore for now TODO: */
wolfSSL	4:1b0d80432c79	11332	static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
wolfSSL	4:1b0d80432c79	11333	inOutIdx, word32 size)
wolfSSL	4:1b0d80432c79	11334	{
wolfSSL	4:1b0d80432c79	11335	word16 len;
wolfSSL	4:1b0d80432c79	11336	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	11337
wolfSSL	4:1b0d80432c79	11338	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	11339	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	11340	AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	11341	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	11342	AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	11343	#endif
wolfSSL	4:1b0d80432c79	11344
wolfSSL	4:1b0d80432c79	11345	if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL	4:1b0d80432c79	11346	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11347
wolfSSL	4:1b0d80432c79	11348	len = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11349
wolfSSL	4:1b0d80432c79	11350	if ((*inOutIdx - begin) + len > size)
wolfSSL	4:1b0d80432c79	11351	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11352
wolfSSL	4:1b0d80432c79	11353	/* types, read in here */
wolfSSL	4:1b0d80432c79	11354	*inOutIdx += len;
wolfSSL	4:1b0d80432c79	11355
wolfSSL	4:1b0d80432c79	11356	/* signature and hash signature algorithm */
wolfSSL	4:1b0d80432c79	11357	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	11358	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	4:1b0d80432c79	11359	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11360
wolfSSL	4:1b0d80432c79	11361	ato16(input + *inOutIdx, &len);
wolfSSL	4:1b0d80432c79	11362	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11363
wolfSSL	4:1b0d80432c79	11364	if ((*inOutIdx - begin) + len > size)
wolfSSL	4:1b0d80432c79	11365	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11366
wolfSSL	4:1b0d80432c79	11367	PickHashSigAlgo(ssl, input + *inOutIdx, len);
wolfSSL	4:1b0d80432c79	11368	*inOutIdx += len;
wolfSSL	4:1b0d80432c79	11369	}
wolfSSL	4:1b0d80432c79	11370
wolfSSL	4:1b0d80432c79	11371	/* authorities */
wolfSSL	4:1b0d80432c79	11372	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	4:1b0d80432c79	11373	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11374
wolfSSL	4:1b0d80432c79	11375	ato16(input + *inOutIdx, &len);
wolfSSL	4:1b0d80432c79	11376	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11377
wolfSSL	4:1b0d80432c79	11378	if ((*inOutIdx - begin) + len > size)
wolfSSL	4:1b0d80432c79	11379	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11380
wolfSSL	4:1b0d80432c79	11381	while (len) {
wolfSSL	4:1b0d80432c79	11382	word16 dnSz;
wolfSSL	4:1b0d80432c79	11383
wolfSSL	4:1b0d80432c79	11384	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	4:1b0d80432c79	11385	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11386
wolfSSL	4:1b0d80432c79	11387	ato16(input + *inOutIdx, &dnSz);
wolfSSL	4:1b0d80432c79	11388	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11389
wolfSSL	4:1b0d80432c79	11390	if ((*inOutIdx - begin) + dnSz > size)
wolfSSL	4:1b0d80432c79	11391	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11392
wolfSSL	4:1b0d80432c79	11393	*inOutIdx += dnSz;
wolfSSL	4:1b0d80432c79	11394	len -= OPAQUE16_LEN + dnSz;
wolfSSL	4:1b0d80432c79	11395	}
wolfSSL	4:1b0d80432c79	11396
wolfSSL	4:1b0d80432c79	11397	/* don't send client cert or cert verify if user hasn't provided
wolfSSL	4:1b0d80432c79	11398	cert and private key */
wolfSSL	4:1b0d80432c79	11399	if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
wolfSSL	4:1b0d80432c79	11400	ssl->buffers.key && ssl->buffers.key->buffer)
wolfSSL	4:1b0d80432c79	11401	ssl->options.sendVerify = SEND_CERT;
wolfSSL	4:1b0d80432c79	11402	else if (IsTLS(ssl))
wolfSSL	4:1b0d80432c79	11403	ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL	4:1b0d80432c79	11404
wolfSSL	4:1b0d80432c79	11405	if (IsEncryptionOn(ssl, 0))
wolfSSL	4:1b0d80432c79	11406	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	11407
wolfSSL	4:1b0d80432c79	11408	return 0;
wolfSSL	4:1b0d80432c79	11409	}
wolfSSL	4:1b0d80432c79	11410	#endif /* !NO_CERTS */
wolfSSL	4:1b0d80432c79	11411
wolfSSL	4:1b0d80432c79	11412
wolfSSL	4:1b0d80432c79	11413	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	11414
wolfSSL	4:1b0d80432c79	11415	static int CheckCurveId(int oid)
wolfSSL	4:1b0d80432c79	11416	{
wolfSSL	4:1b0d80432c79	11417	int ret = 0;
wolfSSL	4:1b0d80432c79	11418
wolfSSL	4:1b0d80432c79	11419	switch (oid) {
wolfSSL	4:1b0d80432c79	11420	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC160)
wolfSSL	4:1b0d80432c79	11421	case WOLFSSL_ECC_SECP160R1:
wolfSSL	4:1b0d80432c79	11422	#endif
wolfSSL	4:1b0d80432c79	11423	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC192)
wolfSSL	4:1b0d80432c79	11424	case WOLFSSL_ECC_SECP192R1:
wolfSSL	4:1b0d80432c79	11425	#endif
wolfSSL	4:1b0d80432c79	11426	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC224)
wolfSSL	4:1b0d80432c79	11427	case WOLFSSL_ECC_SECP224R1:
wolfSSL	4:1b0d80432c79	11428	#endif
wolfSSL	4:1b0d80432c79	11429	#if defined(HAVE_ALL_CURVES) \|\| !defined(NO_ECC256)
wolfSSL	4:1b0d80432c79	11430	case WOLFSSL_ECC_SECP256R1:
wolfSSL	4:1b0d80432c79	11431	#endif
wolfSSL	4:1b0d80432c79	11432	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC384)
wolfSSL	4:1b0d80432c79	11433	case WOLFSSL_ECC_SECP384R1:
wolfSSL	4:1b0d80432c79	11434	#endif
wolfSSL	4:1b0d80432c79	11435	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC521)
wolfSSL	4:1b0d80432c79	11436	case WOLFSSL_ECC_SECP521R1:
wolfSSL	4:1b0d80432c79	11437	#endif
wolfSSL	4:1b0d80432c79	11438	break;
wolfSSL	4:1b0d80432c79	11439
wolfSSL	4:1b0d80432c79	11440	default:
wolfSSL	4:1b0d80432c79	11441	ret = -1;
wolfSSL	4:1b0d80432c79	11442	}
wolfSSL	4:1b0d80432c79	11443
wolfSSL	4:1b0d80432c79	11444	return ret;
wolfSSL	4:1b0d80432c79	11445	}
wolfSSL	4:1b0d80432c79	11446
wolfSSL	4:1b0d80432c79	11447	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	11448
wolfSSL	4:1b0d80432c79	11449	static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wolfSSL	4:1b0d80432c79	11450	word32* inOutIdx, word32 size)
wolfSSL	4:1b0d80432c79	11451	{
wolfSSL	4:1b0d80432c79	11452	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	11453	word16 name;
wolfSSL	4:1b0d80432c79	11454	int qshSz;
wolfSSL	4:1b0d80432c79	11455	#endif
wolfSSL	4:1b0d80432c79	11456	word16 length = 0;
wolfSSL	4:1b0d80432c79	11457	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	11458	int ret = 0;
wolfSSL	4:1b0d80432c79	11459	#define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
wolfSSL	4:1b0d80432c79	11460
wolfSSL	4:1b0d80432c79	11461	(void)length; /* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	11462	(void)begin;
wolfSSL	4:1b0d80432c79	11463	(void)ssl;
wolfSSL	4:1b0d80432c79	11464	(void)input;
wolfSSL	4:1b0d80432c79	11465	(void)size;
wolfSSL	4:1b0d80432c79	11466	(void)ret;
wolfSSL	4:1b0d80432c79	11467
wolfSSL	4:1b0d80432c79	11468
wolfSSL	4:1b0d80432c79	11469	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	11470	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	11471	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	11472	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	11473	AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	11474	#endif
wolfSSL	4:1b0d80432c79	11475
wolfSSL	4:1b0d80432c79	11476	switch (ssl->specs.kea)
wolfSSL	4:1b0d80432c79	11477	{
wolfSSL	4:1b0d80432c79	11478	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	11479	case psk_kea:
wolfSSL	4:1b0d80432c79	11480	{
wolfSSL	4:1b0d80432c79	11481	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11482	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11483	}
wolfSSL	4:1b0d80432c79	11484
wolfSSL	4:1b0d80432c79	11485	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11486	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11487
wolfSSL	4:1b0d80432c79	11488	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11489	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11490	}
wolfSSL	4:1b0d80432c79	11491
wolfSSL	4:1b0d80432c79	11492	XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	11493	min(length, MAX_PSK_ID_LEN));
wolfSSL	4:1b0d80432c79	11494
wolfSSL	4:1b0d80432c79	11495	ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
wolfSSL	4:1b0d80432c79	11496	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11497
wolfSSL	4:1b0d80432c79	11498	/* QSH extensions */
wolfSSL	4:1b0d80432c79	11499	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	11500	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	11501	/* extension name */
wolfSSL	4:1b0d80432c79	11502	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	11503	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11504
wolfSSL	4:1b0d80432c79	11505	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	11506	/* if qshSz is larger than 0 it is the length of buffer
wolfSSL	4:1b0d80432c79	11507	used */
wolfSSL	4:1b0d80432c79	11508	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	11509	size, 0)) < 0) {
wolfSSL	4:1b0d80432c79	11510	return qshSz;
wolfSSL	4:1b0d80432c79	11511	}
wolfSSL	4:1b0d80432c79	11512	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	11513	}
wolfSSL	4:1b0d80432c79	11514	else {
wolfSSL	4:1b0d80432c79	11515	/* unknown extension sent server ignored
wolfSSL	4:1b0d80432c79	11516	handshake */
wolfSSL	4:1b0d80432c79	11517	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11518	}
wolfSSL	4:1b0d80432c79	11519	}
wolfSSL	4:1b0d80432c79	11520	#endif
wolfSSL	4:1b0d80432c79	11521
wolfSSL	4:1b0d80432c79	11522	return 0;
wolfSSL	4:1b0d80432c79	11523	}
wolfSSL	4:1b0d80432c79	11524	#endif
wolfSSL	4:1b0d80432c79	11525	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	11526	case diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	11527	{
wolfSSL	4:1b0d80432c79	11528	/* p */
wolfSSL	4:1b0d80432c79	11529	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11530	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11531	}
wolfSSL	4:1b0d80432c79	11532
wolfSSL	4:1b0d80432c79	11533	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11534	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11535
wolfSSL	4:1b0d80432c79	11536	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11537	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11538	}
wolfSSL	4:1b0d80432c79	11539
wolfSSL	4:1b0d80432c79	11540	if (length < ssl->options.minDhKeySz) {
wolfSSL	4:1b0d80432c79	11541	WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL	4:1b0d80432c79	11542	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	4:1b0d80432c79	11543	return DH_KEY_SIZE_E;
wolfSSL	4:1b0d80432c79	11544	}
wolfSSL	4:1b0d80432c79	11545
wolfSSL	4:1b0d80432c79	11546	ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	4:1b0d80432c79	11547	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11548
wolfSSL	4:1b0d80432c79	11549	if (ssl->buffers.serverDH_P.buffer) {
wolfSSL	4:1b0d80432c79	11550	ssl->buffers.serverDH_P.length = length;
wolfSSL	4:1b0d80432c79	11551	}
wolfSSL	4:1b0d80432c79	11552	else {
wolfSSL	4:1b0d80432c79	11553	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11554	}
wolfSSL	4:1b0d80432c79	11555
wolfSSL	4:1b0d80432c79	11556	XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	11557	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11558
wolfSSL	4:1b0d80432c79	11559	ssl->options.dhKeySz = length;
wolfSSL	4:1b0d80432c79	11560
wolfSSL	4:1b0d80432c79	11561	/* g */
wolfSSL	4:1b0d80432c79	11562	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11563	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11564	}
wolfSSL	4:1b0d80432c79	11565
wolfSSL	4:1b0d80432c79	11566	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11567	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11568
wolfSSL	4:1b0d80432c79	11569	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11570	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11571	}
wolfSSL	4:1b0d80432c79	11572
wolfSSL	4:1b0d80432c79	11573	ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	4:1b0d80432c79	11574	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11575
wolfSSL	4:1b0d80432c79	11576	if (ssl->buffers.serverDH_G.buffer) {
wolfSSL	4:1b0d80432c79	11577	ssl->buffers.serverDH_G.length = length;
wolfSSL	4:1b0d80432c79	11578	}
wolfSSL	4:1b0d80432c79	11579	else {
wolfSSL	4:1b0d80432c79	11580	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11581	}
wolfSSL	4:1b0d80432c79	11582
wolfSSL	4:1b0d80432c79	11583	XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	11584	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11585
wolfSSL	4:1b0d80432c79	11586	/* pub */
wolfSSL	4:1b0d80432c79	11587	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11588	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11589	}
wolfSSL	4:1b0d80432c79	11590
wolfSSL	4:1b0d80432c79	11591	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11592	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11593
wolfSSL	4:1b0d80432c79	11594	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11595	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11596	}
wolfSSL	4:1b0d80432c79	11597
wolfSSL	4:1b0d80432c79	11598	ssl->buffers.serverDH_Pub.buffer =
wolfSSL	4:1b0d80432c79	11599	(byte*) XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11600
wolfSSL	4:1b0d80432c79	11601	if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL	4:1b0d80432c79	11602	ssl->buffers.serverDH_Pub.length = length;
wolfSSL	4:1b0d80432c79	11603	}
wolfSSL	4:1b0d80432c79	11604	else {
wolfSSL	4:1b0d80432c79	11605	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11606	}
wolfSSL	4:1b0d80432c79	11607
wolfSSL	4:1b0d80432c79	11608	XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	11609	length);
wolfSSL	4:1b0d80432c79	11610	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11611	break;
wolfSSL	4:1b0d80432c79	11612	} /* dh_kea */
wolfSSL	4:1b0d80432c79	11613	#endif /* NO_DH */
wolfSSL	4:1b0d80432c79	11614
wolfSSL	4:1b0d80432c79	11615	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	11616	case ecc_diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	11617	{
wolfSSL	4:1b0d80432c79	11618	byte b;
wolfSSL	4:1b0d80432c79	11619
wolfSSL	4:1b0d80432c79	11620	if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL	4:1b0d80432c79	11621	OPAQUE8_LEN > size) {
wolfSSL	4:1b0d80432c79	11622	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11623	}
wolfSSL	4:1b0d80432c79	11624
wolfSSL	4:1b0d80432c79	11625	b = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11626
wolfSSL	4:1b0d80432c79	11627	if (b != named_curve) {
wolfSSL	4:1b0d80432c79	11628	return ECC_CURVETYPE_ERROR;
wolfSSL	4:1b0d80432c79	11629	}
wolfSSL	4:1b0d80432c79	11630
wolfSSL	4:1b0d80432c79	11631	inOutIdx += 1; / curve type, eat leading 0 */
wolfSSL	4:1b0d80432c79	11632	b = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11633
wolfSSL	4:1b0d80432c79	11634	if (CheckCurveId(b) != 0) {
wolfSSL	4:1b0d80432c79	11635	return ECC_CURVE_ERROR;
wolfSSL	4:1b0d80432c79	11636	}
wolfSSL	4:1b0d80432c79	11637
wolfSSL	4:1b0d80432c79	11638	length = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11639
wolfSSL	4:1b0d80432c79	11640	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11641	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11642	}
wolfSSL	4:1b0d80432c79	11643
wolfSSL	4:1b0d80432c79	11644	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	11645	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	11646	ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	11647	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	11648	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	11649	WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL	4:1b0d80432c79	11650	return MEMORY_E;
wolfSSL	4:1b0d80432c79	11651	}
wolfSSL	4:1b0d80432c79	11652	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11653	} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL	4:1b0d80432c79	11654	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11655	ssl->peerEccKeyPresent = 0;
wolfSSL	4:1b0d80432c79	11656	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11657	}
wolfSSL	4:1b0d80432c79	11658
wolfSSL	4:1b0d80432c79	11659	if (wc_ecc_import_x963(input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	11660	ssl->peerEccKey) != 0) {
wolfSSL	4:1b0d80432c79	11661	return ECC_PEERKEY_ERROR;
wolfSSL	4:1b0d80432c79	11662	}
wolfSSL	4:1b0d80432c79	11663
wolfSSL	4:1b0d80432c79	11664	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11665	ssl->peerEccKeyPresent = 1;
wolfSSL	4:1b0d80432c79	11666
wolfSSL	4:1b0d80432c79	11667	break;
wolfSSL	4:1b0d80432c79	11668	}
wolfSSL	4:1b0d80432c79	11669	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	11670
wolfSSL	4:1b0d80432c79	11671	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	11672	case dhe_psk_kea:
wolfSSL	4:1b0d80432c79	11673	{
wolfSSL	4:1b0d80432c79	11674	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11675	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11676	}
wolfSSL	4:1b0d80432c79	11677
wolfSSL	4:1b0d80432c79	11678	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11679	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11680
wolfSSL	4:1b0d80432c79	11681	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11682	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11683	}
wolfSSL	4:1b0d80432c79	11684
wolfSSL	4:1b0d80432c79	11685	XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	11686	min(length, MAX_PSK_ID_LEN));
wolfSSL	4:1b0d80432c79	11687
wolfSSL	4:1b0d80432c79	11688	ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
wolfSSL	4:1b0d80432c79	11689	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11690
wolfSSL	4:1b0d80432c79	11691	/* p */
wolfSSL	4:1b0d80432c79	11692	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11693	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11694	}
wolfSSL	4:1b0d80432c79	11695
wolfSSL	4:1b0d80432c79	11696	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11697	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11698
wolfSSL	4:1b0d80432c79	11699	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11700	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11701	}
wolfSSL	4:1b0d80432c79	11702
wolfSSL	4:1b0d80432c79	11703	if (length < ssl->options.minDhKeySz) {
wolfSSL	4:1b0d80432c79	11704	WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL	4:1b0d80432c79	11705	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	4:1b0d80432c79	11706	return DH_KEY_SIZE_E;
wolfSSL	4:1b0d80432c79	11707	}
wolfSSL	4:1b0d80432c79	11708
wolfSSL	4:1b0d80432c79	11709	ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	4:1b0d80432c79	11710	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11711
wolfSSL	4:1b0d80432c79	11712	if (ssl->buffers.serverDH_P.buffer) {
wolfSSL	4:1b0d80432c79	11713	ssl->buffers.serverDH_P.length = length;
wolfSSL	4:1b0d80432c79	11714	}
wolfSSL	4:1b0d80432c79	11715	else {
wolfSSL	4:1b0d80432c79	11716	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11717	}
wolfSSL	4:1b0d80432c79	11718
wolfSSL	4:1b0d80432c79	11719	XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	11720	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11721
wolfSSL	4:1b0d80432c79	11722	ssl->options.dhKeySz = length;
wolfSSL	4:1b0d80432c79	11723
wolfSSL	4:1b0d80432c79	11724	/* g */
wolfSSL	4:1b0d80432c79	11725	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11726	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11727	}
wolfSSL	4:1b0d80432c79	11728
wolfSSL	4:1b0d80432c79	11729	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11730	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11731
wolfSSL	4:1b0d80432c79	11732	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11733	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11734	}
wolfSSL	4:1b0d80432c79	11735
wolfSSL	4:1b0d80432c79	11736	ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	4:1b0d80432c79	11737	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11738
wolfSSL	4:1b0d80432c79	11739	if (ssl->buffers.serverDH_G.buffer) {
wolfSSL	4:1b0d80432c79	11740	ssl->buffers.serverDH_G.length = length;
wolfSSL	4:1b0d80432c79	11741	}
wolfSSL	4:1b0d80432c79	11742	else {
wolfSSL	4:1b0d80432c79	11743	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11744	}
wolfSSL	4:1b0d80432c79	11745
wolfSSL	4:1b0d80432c79	11746	XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	11747	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11748
wolfSSL	4:1b0d80432c79	11749	/* pub */
wolfSSL	4:1b0d80432c79	11750	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11751	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11752	}
wolfSSL	4:1b0d80432c79	11753
wolfSSL	4:1b0d80432c79	11754	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11755	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11756
wolfSSL	4:1b0d80432c79	11757	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11758	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11759	}
wolfSSL	4:1b0d80432c79	11760
wolfSSL	4:1b0d80432c79	11761	ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	4:1b0d80432c79	11762	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	11763
wolfSSL	4:1b0d80432c79	11764	if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL	4:1b0d80432c79	11765	ssl->buffers.serverDH_Pub.length = length;
wolfSSL	4:1b0d80432c79	11766	}
wolfSSL	4:1b0d80432c79	11767	else {
wolfSSL	4:1b0d80432c79	11768	return MEMORY_ERROR;
wolfSSL	4:1b0d80432c79	11769	}
wolfSSL	4:1b0d80432c79	11770
wolfSSL	4:1b0d80432c79	11771	XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	11772	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11773
wolfSSL	4:1b0d80432c79	11774	break;
wolfSSL	4:1b0d80432c79	11775	}
wolfSSL	4:1b0d80432c79	11776	#endif /* !NO_DH \|\| !NO_PSK */
wolfSSL	4:1b0d80432c79	11777
wolfSSL	4:1b0d80432c79	11778	#if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	11779	case ecdhe_psk_kea:
wolfSSL	4:1b0d80432c79	11780	{
wolfSSL	4:1b0d80432c79	11781	byte b;
wolfSSL	4:1b0d80432c79	11782
wolfSSL	4:1b0d80432c79	11783	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11784	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11785	}
wolfSSL	4:1b0d80432c79	11786
wolfSSL	4:1b0d80432c79	11787	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	11788	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	11789
wolfSSL	4:1b0d80432c79	11790	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11791	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11792	}
wolfSSL	4:1b0d80432c79	11793
wolfSSL	4:1b0d80432c79	11794	/* get PSK server hint from the wire */
wolfSSL	4:1b0d80432c79	11795	XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	11796	min(length, MAX_PSK_ID_LEN));
wolfSSL	4:1b0d80432c79	11797
wolfSSL	4:1b0d80432c79	11798	ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
wolfSSL	4:1b0d80432c79	11799	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11800
wolfSSL	4:1b0d80432c79	11801
wolfSSL	4:1b0d80432c79	11802	if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL	4:1b0d80432c79	11803	OPAQUE8_LEN > size) {
wolfSSL	4:1b0d80432c79	11804	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11805	}
wolfSSL	4:1b0d80432c79	11806
wolfSSL	4:1b0d80432c79	11807	/* Check curve name and ID */
wolfSSL	4:1b0d80432c79	11808	b = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11809	if (b != named_curve) {
wolfSSL	4:1b0d80432c79	11810	return ECC_CURVETYPE_ERROR;
wolfSSL	4:1b0d80432c79	11811	}
wolfSSL	4:1b0d80432c79	11812
wolfSSL	4:1b0d80432c79	11813	inOutIdx += 1; / curve type, eat leading 0 */
wolfSSL	4:1b0d80432c79	11814	b = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11815	if (CheckCurveId(b) != 0) {
wolfSSL	4:1b0d80432c79	11816	return ECC_CURVE_ERROR;
wolfSSL	4:1b0d80432c79	11817	}
wolfSSL	4:1b0d80432c79	11818
wolfSSL	4:1b0d80432c79	11819	length = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11820
wolfSSL	4:1b0d80432c79	11821	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	11822	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	11823	}
wolfSSL	4:1b0d80432c79	11824
wolfSSL	4:1b0d80432c79	11825	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	11826	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	11827	ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	11828	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	11829	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	11830	WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL	4:1b0d80432c79	11831	return MEMORY_E;
wolfSSL	4:1b0d80432c79	11832	}
wolfSSL	4:1b0d80432c79	11833	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11834	} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL	4:1b0d80432c79	11835	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11836	ssl->peerEccKeyPresent = 0;
wolfSSL	4:1b0d80432c79	11837	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	11838	}
wolfSSL	4:1b0d80432c79	11839
wolfSSL	4:1b0d80432c79	11840	if (wc_ecc_import_x963(input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	11841	ssl->peerEccKey) != 0) {
wolfSSL	4:1b0d80432c79	11842	return ECC_PEERKEY_ERROR;
wolfSSL	4:1b0d80432c79	11843	}
wolfSSL	4:1b0d80432c79	11844
wolfSSL	4:1b0d80432c79	11845	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	11846	ssl->peerEccKeyPresent = 1;
wolfSSL	4:1b0d80432c79	11847
wolfSSL	4:1b0d80432c79	11848	break;
wolfSSL	4:1b0d80432c79	11849	}
wolfSSL	4:1b0d80432c79	11850	#endif /* HAVE_ECC \|\| !NO_PSK */
wolfSSL	4:1b0d80432c79	11851	} /* switch() */
wolfSSL	4:1b0d80432c79	11852
wolfSSL	4:1b0d80432c79	11853	#if !defined(NO_DH) \|\| defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	11854	if (!ssl->options.usingAnon_cipher &&
wolfSSL	4:1b0d80432c79	11855	(ssl->specs.kea == ecc_diffie_hellman_kea \|\|
wolfSSL	4:1b0d80432c79	11856	ssl->specs.kea == diffie_hellman_kea))
wolfSSL	4:1b0d80432c79	11857	{
wolfSSL	4:1b0d80432c79	11858	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	11859	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11860	Md5* md5 = NULL;
wolfSSL	4:1b0d80432c79	11861	Sha* sha = NULL;
wolfSSL	4:1b0d80432c79	11862	#else
wolfSSL	4:1b0d80432c79	11863	Md5 md5[1];
wolfSSL	4:1b0d80432c79	11864	Sha sha[1];
wolfSSL	4:1b0d80432c79	11865	#endif
wolfSSL	4:1b0d80432c79	11866	#endif
wolfSSL	4:1b0d80432c79	11867	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	11868	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11869	Sha256* sha256 = NULL;
wolfSSL	4:1b0d80432c79	11870	byte* hash256 = NULL;
wolfSSL	4:1b0d80432c79	11871	#else
wolfSSL	4:1b0d80432c79	11872	Sha256 sha256[1];
wolfSSL	4:1b0d80432c79	11873	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	11874	#endif
wolfSSL	4:1b0d80432c79	11875	#endif
wolfSSL	4:1b0d80432c79	11876	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	11877	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11878	Sha384* sha384 = NULL;
wolfSSL	4:1b0d80432c79	11879	byte* hash384 = NULL;
wolfSSL	4:1b0d80432c79	11880	#else
wolfSSL	4:1b0d80432c79	11881	Sha384 sha384[1];
wolfSSL	4:1b0d80432c79	11882	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	11883	#endif
wolfSSL	4:1b0d80432c79	11884	#endif
wolfSSL	4:1b0d80432c79	11885	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	11886	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11887	Sha512* sha512 = NULL;
wolfSSL	4:1b0d80432c79	11888	byte* hash512 = NULL;
wolfSSL	4:1b0d80432c79	11889	#else
wolfSSL	4:1b0d80432c79	11890	Sha512 sha512[1];
wolfSSL	4:1b0d80432c79	11891	byte hash512[SHA512_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	11892	#endif
wolfSSL	4:1b0d80432c79	11893	#endif
wolfSSL	4:1b0d80432c79	11894	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11895	byte* hash = NULL;
wolfSSL	4:1b0d80432c79	11896	byte* messageVerify = NULL;
wolfSSL	4:1b0d80432c79	11897	#else
wolfSSL	4:1b0d80432c79	11898	byte hash[FINISHED_SZ];
wolfSSL	4:1b0d80432c79	11899	byte messageVerify[MAX_DH_SZ];
wolfSSL	4:1b0d80432c79	11900	#endif
wolfSSL	4:1b0d80432c79	11901	byte hashAlgo = sha_mac;
wolfSSL	4:1b0d80432c79	11902	byte sigAlgo = ssl->specs.sig_algo;
wolfSSL	4:1b0d80432c79	11903	word16 verifySz = (word16) (*inOutIdx - begin);
wolfSSL	4:1b0d80432c79	11904
wolfSSL	4:1b0d80432c79	11905	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	11906	byte doMd5 = 0;
wolfSSL	4:1b0d80432c79	11907	byte doSha = 0;
wolfSSL	4:1b0d80432c79	11908	#endif
wolfSSL	4:1b0d80432c79	11909	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	11910	byte doSha256 = 0;
wolfSSL	4:1b0d80432c79	11911	#endif
wolfSSL	4:1b0d80432c79	11912	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	11913	byte doSha384 = 0;
wolfSSL	4:1b0d80432c79	11914	#endif
wolfSSL	4:1b0d80432c79	11915	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	11916	byte doSha512 = 0;
wolfSSL	4:1b0d80432c79	11917	#endif
wolfSSL	4:1b0d80432c79	11918
wolfSSL	4:1b0d80432c79	11919	(void)hash;
wolfSSL	4:1b0d80432c79	11920	(void)sigAlgo;
wolfSSL	4:1b0d80432c79	11921	(void)hashAlgo;
wolfSSL	4:1b0d80432c79	11922
wolfSSL	4:1b0d80432c79	11923	/* save message for hash verify */
wolfSSL	4:1b0d80432c79	11924	if (verifySz > MAX_DH_SZ) {
wolfSSL	4:1b0d80432c79	11925	ERROR_OUT(BUFFER_ERROR, done);
wolfSSL	4:1b0d80432c79	11926	}
wolfSSL	4:1b0d80432c79	11927
wolfSSL	4:1b0d80432c79	11928	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	11929	messageVerify = (byte*)XMALLOC(MAX_DH_SZ, NULL,
wolfSSL	4:1b0d80432c79	11930	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	11931	if (messageVerify == NULL) {
wolfSSL	4:1b0d80432c79	11932	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	11933	}
wolfSSL	4:1b0d80432c79	11934	#endif
wolfSSL	4:1b0d80432c79	11935
wolfSSL	4:1b0d80432c79	11936	XMEMCPY(messageVerify, input + begin, verifySz);
wolfSSL	4:1b0d80432c79	11937
wolfSSL	4:1b0d80432c79	11938	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	11939	byte setHash = 0;
wolfSSL	4:1b0d80432c79	11940	if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL	4:1b0d80432c79	11941	ERROR_OUT(BUFFER_ERROR, done);
wolfSSL	4:1b0d80432c79	11942	}
wolfSSL	4:1b0d80432c79	11943
wolfSSL	4:1b0d80432c79	11944	hashAlgo = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11945	sigAlgo = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	11946
wolfSSL	4:1b0d80432c79	11947	switch (hashAlgo) {
wolfSSL	4:1b0d80432c79	11948	case sha512_mac:
wolfSSL	4:1b0d80432c79	11949	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	11950	doSha512 = 1;
wolfSSL	4:1b0d80432c79	11951	setHash = 1;
wolfSSL	4:1b0d80432c79	11952	#endif
wolfSSL	4:1b0d80432c79	11953	break;
wolfSSL	4:1b0d80432c79	11954
wolfSSL	4:1b0d80432c79	11955	case sha384_mac:
wolfSSL	4:1b0d80432c79	11956	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	11957	doSha384 = 1;
wolfSSL	4:1b0d80432c79	11958	setHash = 1;
wolfSSL	4:1b0d80432c79	11959	#endif
wolfSSL	4:1b0d80432c79	11960	break;
wolfSSL	4:1b0d80432c79	11961
wolfSSL	4:1b0d80432c79	11962	case sha256_mac:
wolfSSL	4:1b0d80432c79	11963	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	11964	doSha256 = 1;
wolfSSL	4:1b0d80432c79	11965	setHash = 1;
wolfSSL	4:1b0d80432c79	11966	#endif
wolfSSL	4:1b0d80432c79	11967	break;
wolfSSL	4:1b0d80432c79	11968
wolfSSL	4:1b0d80432c79	11969	case sha_mac:
wolfSSL	4:1b0d80432c79	11970	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	11971	doSha = 1;
wolfSSL	4:1b0d80432c79	11972	setHash = 1;
wolfSSL	4:1b0d80432c79	11973	#endif
wolfSSL	4:1b0d80432c79	11974	break;
wolfSSL	4:1b0d80432c79	11975
wolfSSL	4:1b0d80432c79	11976	default:
wolfSSL	4:1b0d80432c79	11977	ERROR_OUT(ALGO_ID_E, done);
wolfSSL	4:1b0d80432c79	11978	}
wolfSSL	4:1b0d80432c79	11979
wolfSSL	4:1b0d80432c79	11980	if (setHash == 0) {
wolfSSL	4:1b0d80432c79	11981	ERROR_OUT(ALGO_ID_E, done);
wolfSSL	4:1b0d80432c79	11982	}
wolfSSL	4:1b0d80432c79	11983
wolfSSL	4:1b0d80432c79	11984	} else {
wolfSSL	4:1b0d80432c79	11985	/* only using sha and md5 for rsa */
wolfSSL	4:1b0d80432c79	11986	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	11987	doSha = 1;
wolfSSL	4:1b0d80432c79	11988	if (sigAlgo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	11989	doMd5 = 1;
wolfSSL	4:1b0d80432c79	11990	}
wolfSSL	4:1b0d80432c79	11991	#else
wolfSSL	4:1b0d80432c79	11992	ERROR_OUT(ALGO_ID_E, done);
wolfSSL	4:1b0d80432c79	11993	#endif
wolfSSL	4:1b0d80432c79	11994	}
wolfSSL	4:1b0d80432c79	11995
wolfSSL	4:1b0d80432c79	11996	/* signature */
wolfSSL	4:1b0d80432c79	11997	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	11998	ERROR_OUT(BUFFER_ERROR, done);
wolfSSL	4:1b0d80432c79	11999	}
wolfSSL	4:1b0d80432c79	12000
wolfSSL	4:1b0d80432c79	12001	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	12002	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	12003
wolfSSL	4:1b0d80432c79	12004	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	12005	ERROR_OUT(BUFFER_ERROR, done);
wolfSSL	4:1b0d80432c79	12006	}
wolfSSL	4:1b0d80432c79	12007
wolfSSL	4:1b0d80432c79	12008	/* inOutIdx updated at the end of the function */
wolfSSL	4:1b0d80432c79	12009
wolfSSL	4:1b0d80432c79	12010	/* verify signature */
wolfSSL	4:1b0d80432c79	12011	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12012	hash = (byte*)XMALLOC(FINISHED_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12013	if (hash == NULL) {
wolfSSL	4:1b0d80432c79	12014	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12015	}
wolfSSL	4:1b0d80432c79	12016	#endif
wolfSSL	4:1b0d80432c79	12017
wolfSSL	4:1b0d80432c79	12018	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	12019	/* md5 */
wolfSSL	4:1b0d80432c79	12020	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12021	if (doMd5) {
wolfSSL	4:1b0d80432c79	12022	md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12023	if (md5 == NULL) {
wolfSSL	4:1b0d80432c79	12024	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12025	}
wolfSSL	4:1b0d80432c79	12026	}
wolfSSL	4:1b0d80432c79	12027	#endif
wolfSSL	4:1b0d80432c79	12028	if (doMd5) {
wolfSSL	4:1b0d80432c79	12029	wc_InitMd5(md5);
wolfSSL	4:1b0d80432c79	12030	wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	12031	wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	12032	wc_Md5Update(md5, messageVerify, verifySz);
wolfSSL	4:1b0d80432c79	12033	wc_Md5Final(md5, hash);
wolfSSL	4:1b0d80432c79	12034	}
wolfSSL	4:1b0d80432c79	12035	/* sha */
wolfSSL	4:1b0d80432c79	12036	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12037	if (doSha) {
wolfSSL	4:1b0d80432c79	12038	sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12039	if (sha == NULL) {
wolfSSL	4:1b0d80432c79	12040	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12041	}
wolfSSL	4:1b0d80432c79	12042	}
wolfSSL	4:1b0d80432c79	12043	#endif
wolfSSL	4:1b0d80432c79	12044	if (doSha) {
wolfSSL	4:1b0d80432c79	12045	ret = wc_InitSha(sha);
wolfSSL	4:1b0d80432c79	12046	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12047	goto done;
wolfSSL	4:1b0d80432c79	12048	}
wolfSSL	4:1b0d80432c79	12049	wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	12050	wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	12051	wc_ShaUpdate(sha, messageVerify, verifySz);
wolfSSL	4:1b0d80432c79	12052	wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
wolfSSL	4:1b0d80432c79	12053	}
wolfSSL	4:1b0d80432c79	12054	#endif
wolfSSL	4:1b0d80432c79	12055
wolfSSL	4:1b0d80432c79	12056	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	12057	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12058	if (doSha256) {
wolfSSL	4:1b0d80432c79	12059	sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
wolfSSL	4:1b0d80432c79	12060	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12061	hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	12062	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12063	if (sha256 == NULL \|\| hash256 == NULL) {
wolfSSL	4:1b0d80432c79	12064	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12065	}
wolfSSL	4:1b0d80432c79	12066	}
wolfSSL	4:1b0d80432c79	12067	#endif
wolfSSL	4:1b0d80432c79	12068	if (doSha256) {
wolfSSL	4:1b0d80432c79	12069	if (!(ret = wc_InitSha256(sha256))
wolfSSL	4:1b0d80432c79	12070	&& !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
wolfSSL	4:1b0d80432c79	12071	RAN_LEN))
wolfSSL	4:1b0d80432c79	12072	&& !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	12073	RAN_LEN))
wolfSSL	4:1b0d80432c79	12074	&& !(ret = wc_Sha256Update(sha256, messageVerify, verifySz))) {
wolfSSL	4:1b0d80432c79	12075	ret = wc_Sha256Final(sha256, hash256);
wolfSSL	4:1b0d80432c79	12076	}
wolfSSL	4:1b0d80432c79	12077	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12078	goto done;
wolfSSL	4:1b0d80432c79	12079	}
wolfSSL	4:1b0d80432c79	12080	}
wolfSSL	4:1b0d80432c79	12081	#endif
wolfSSL	4:1b0d80432c79	12082
wolfSSL	4:1b0d80432c79	12083	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	12084	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12085	if (doSha384) {
wolfSSL	4:1b0d80432c79	12086	sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
wolfSSL	4:1b0d80432c79	12087	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12088	hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	12089	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12090	if (sha384 == NULL \|\| hash384 == NULL) {
wolfSSL	4:1b0d80432c79	12091	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12092	}
wolfSSL	4:1b0d80432c79	12093	}
wolfSSL	4:1b0d80432c79	12094	#endif
wolfSSL	4:1b0d80432c79	12095	if (doSha384) {
wolfSSL	4:1b0d80432c79	12096	if (!(ret = wc_InitSha384(sha384))
wolfSSL	4:1b0d80432c79	12097	&& !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
wolfSSL	4:1b0d80432c79	12098	RAN_LEN))
wolfSSL	4:1b0d80432c79	12099	&& !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	12100	RAN_LEN))
wolfSSL	4:1b0d80432c79	12101	&& !(ret = wc_Sha384Update(sha384, messageVerify, verifySz))) {
wolfSSL	4:1b0d80432c79	12102	ret = wc_Sha384Final(sha384, hash384);
wolfSSL	4:1b0d80432c79	12103	}
wolfSSL	4:1b0d80432c79	12104	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12105	goto done;
wolfSSL	4:1b0d80432c79	12106	}
wolfSSL	4:1b0d80432c79	12107	}
wolfSSL	4:1b0d80432c79	12108	#endif
wolfSSL	4:1b0d80432c79	12109
wolfSSL	4:1b0d80432c79	12110	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	12111	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12112	if (doSha512) {
wolfSSL	4:1b0d80432c79	12113	sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
wolfSSL	4:1b0d80432c79	12114	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12115	hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	12116	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12117	if (sha512 == NULL \|\| hash512 == NULL) {
wolfSSL	4:1b0d80432c79	12118	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12119	}
wolfSSL	4:1b0d80432c79	12120	}
wolfSSL	4:1b0d80432c79	12121	#endif
wolfSSL	4:1b0d80432c79	12122	if (doSha512) {
wolfSSL	4:1b0d80432c79	12123	if (!(ret = wc_InitSha512(sha512))
wolfSSL	4:1b0d80432c79	12124	&& !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
wolfSSL	4:1b0d80432c79	12125	RAN_LEN))
wolfSSL	4:1b0d80432c79	12126	&& !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	12127	RAN_LEN))
wolfSSL	4:1b0d80432c79	12128	&& !(ret = wc_Sha512Update(sha512, messageVerify, verifySz))) {
wolfSSL	4:1b0d80432c79	12129	ret = wc_Sha512Final(sha512, hash512);
wolfSSL	4:1b0d80432c79	12130	}
wolfSSL	4:1b0d80432c79	12131	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12132	goto done;
wolfSSL	4:1b0d80432c79	12133	}
wolfSSL	4:1b0d80432c79	12134	}
wolfSSL	4:1b0d80432c79	12135	#endif
wolfSSL	4:1b0d80432c79	12136
wolfSSL	4:1b0d80432c79	12137	switch (sigAlgo)
wolfSSL	4:1b0d80432c79	12138	{
wolfSSL	4:1b0d80432c79	12139	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	12140	/* rsa */
wolfSSL	4:1b0d80432c79	12141	case rsa_sa_algo:
wolfSSL	4:1b0d80432c79	12142	{
wolfSSL	4:1b0d80432c79	12143	byte* out = NULL;
wolfSSL	4:1b0d80432c79	12144	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	12145	word32 verifiedSz = 0;
wolfSSL	4:1b0d80432c79	12146
wolfSSL	4:1b0d80432c79	12147	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12148	if (ssl->ctx->RsaVerifyCb)
wolfSSL	4:1b0d80432c79	12149	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	12150	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	12151
wolfSSL	4:1b0d80432c79	12152	if (ssl->peerRsaKey == NULL \|\| !ssl->peerRsaKeyPresent) {
wolfSSL	4:1b0d80432c79	12153	ERROR_OUT(NO_PEER_KEY, done);
wolfSSL	4:1b0d80432c79	12154	}
wolfSSL	4:1b0d80432c79	12155
wolfSSL	4:1b0d80432c79	12156	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	12157	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12158	verifiedSz = ssl->ctx->RsaVerifyCb(ssl,
wolfSSL	4:1b0d80432c79	12159	(byte )input + inOutIdx,
wolfSSL	4:1b0d80432c79	12160	length, &out,
wolfSSL	4:1b0d80432c79	12161	ssl->buffers.peerRsaKey.buffer,
wolfSSL	4:1b0d80432c79	12162	ssl->buffers.peerRsaKey.length,
wolfSSL	4:1b0d80432c79	12163	ssl->RsaVerifyCtx);
wolfSSL	4:1b0d80432c79	12164	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	12165	}
wolfSSL	4:1b0d80432c79	12166	else {
wolfSSL	4:1b0d80432c79	12167	verifiedSz = wc_RsaSSL_VerifyInline((byte )input + inOutIdx,
wolfSSL	4:1b0d80432c79	12168	length, &out, ssl->peerRsaKey);
wolfSSL	4:1b0d80432c79	12169	}
wolfSSL	4:1b0d80432c79	12170
wolfSSL	4:1b0d80432c79	12171	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	12172	word32 encSigSz;
wolfSSL	4:1b0d80432c79	12173	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	12174	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	12175	int typeH = SHAh;
wolfSSL	4:1b0d80432c79	12176	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12177	#else
wolfSSL	4:1b0d80432c79	12178	byte* digest = hash256;
wolfSSL	4:1b0d80432c79	12179	int typeH = SHA256h;
wolfSSL	4:1b0d80432c79	12180	int digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12181	#endif
wolfSSL	4:1b0d80432c79	12182	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12183	byte* encodedSig = NULL;
wolfSSL	4:1b0d80432c79	12184	#else
wolfSSL	4:1b0d80432c79	12185	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	4:1b0d80432c79	12186	#endif
wolfSSL	4:1b0d80432c79	12187
wolfSSL	4:1b0d80432c79	12188	if (hashAlgo == sha_mac) {
wolfSSL	4:1b0d80432c79	12189	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	12190	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	12191	typeH = SHAh;
wolfSSL	4:1b0d80432c79	12192	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12193	#endif
wolfSSL	4:1b0d80432c79	12194	}
wolfSSL	4:1b0d80432c79	12195	else if (hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	12196	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	12197	digest = hash256;
wolfSSL	4:1b0d80432c79	12198	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	12199	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12200	#endif
wolfSSL	4:1b0d80432c79	12201	}
wolfSSL	4:1b0d80432c79	12202	else if (hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	12203	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	12204	digest = hash384;
wolfSSL	4:1b0d80432c79	12205	typeH = SHA384h;
wolfSSL	4:1b0d80432c79	12206	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12207	#endif
wolfSSL	4:1b0d80432c79	12208	}
wolfSSL	4:1b0d80432c79	12209	else if (hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	12210	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	12211	digest = hash512;
wolfSSL	4:1b0d80432c79	12212	typeH = SHA512h;
wolfSSL	4:1b0d80432c79	12213	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12214	#endif
wolfSSL	4:1b0d80432c79	12215	}
wolfSSL	4:1b0d80432c79	12216
wolfSSL	4:1b0d80432c79	12217	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12218	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL	4:1b0d80432c79	12219	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12220	if (encodedSig == NULL) {
wolfSSL	4:1b0d80432c79	12221	ERROR_OUT(MEMORY_E, done);
wolfSSL	4:1b0d80432c79	12222	}
wolfSSL	4:1b0d80432c79	12223	#endif
wolfSSL	4:1b0d80432c79	12224
wolfSSL	4:1b0d80432c79	12225	if (digest == NULL) {
wolfSSL	4:1b0d80432c79	12226	ERROR_OUT(ALGO_ID_E, done);
wolfSSL	4:1b0d80432c79	12227	}
wolfSSL	4:1b0d80432c79	12228	encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz,
wolfSSL	4:1b0d80432c79	12229	typeH);
wolfSSL	4:1b0d80432c79	12230	if (encSigSz != verifiedSz \|\| !out \|\| XMEMCMP(out, encodedSig,
wolfSSL	4:1b0d80432c79	12231	min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL	4:1b0d80432c79	12232	ret = VERIFY_SIGN_ERROR;
wolfSSL	4:1b0d80432c79	12233	}
wolfSSL	4:1b0d80432c79	12234	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12235	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12236	#endif
wolfSSL	4:1b0d80432c79	12237	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12238	goto done;
wolfSSL	4:1b0d80432c79	12239	}
wolfSSL	4:1b0d80432c79	12240	}
wolfSSL	4:1b0d80432c79	12241	else if (verifiedSz != FINISHED_SZ \|\| !out \|\| XMEMCMP(out,
wolfSSL	4:1b0d80432c79	12242	hash, FINISHED_SZ) != 0) {
wolfSSL	4:1b0d80432c79	12243	ERROR_OUT(VERIFY_SIGN_ERROR, done);
wolfSSL	4:1b0d80432c79	12244	}
wolfSSL	4:1b0d80432c79	12245	break;
wolfSSL	4:1b0d80432c79	12246	}
wolfSSL	4:1b0d80432c79	12247	#endif
wolfSSL	4:1b0d80432c79	12248	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	12249	/* ecdsa */
wolfSSL	4:1b0d80432c79	12250	case ecc_dsa_sa_algo:
wolfSSL	4:1b0d80432c79	12251	{
wolfSSL	4:1b0d80432c79	12252	int verify = 0;
wolfSSL	4:1b0d80432c79	12253	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	12254	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	12255	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12256	#else
wolfSSL	4:1b0d80432c79	12257	byte* digest = hash256;
wolfSSL	4:1b0d80432c79	12258	word32 digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12259	#endif
wolfSSL	4:1b0d80432c79	12260	byte doUserEcc = 0;
wolfSSL	4:1b0d80432c79	12261
wolfSSL	4:1b0d80432c79	12262	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12263	if (ssl->ctx->EccVerifyCb) {
wolfSSL	4:1b0d80432c79	12264	doUserEcc = 1;
wolfSSL	4:1b0d80432c79	12265	}
wolfSSL	4:1b0d80432c79	12266	#endif
wolfSSL	4:1b0d80432c79	12267
wolfSSL	4:1b0d80432c79	12268	if (!ssl->peerEccDsaKeyPresent)
wolfSSL	4:1b0d80432c79	12269	ERROR_OUT(NO_PEER_KEY, done);
wolfSSL	4:1b0d80432c79	12270
wolfSSL	4:1b0d80432c79	12271	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	12272	if (hashAlgo == sha_mac) {
wolfSSL	4:1b0d80432c79	12273	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	12274	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	12275	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12276	#endif
wolfSSL	4:1b0d80432c79	12277	}
wolfSSL	4:1b0d80432c79	12278	else if (hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	12279	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	12280	digest = hash256;
wolfSSL	4:1b0d80432c79	12281	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12282	#endif
wolfSSL	4:1b0d80432c79	12283	}
wolfSSL	4:1b0d80432c79	12284	else if (hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	12285	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	12286	digest = hash384;
wolfSSL	4:1b0d80432c79	12287	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12288	#endif
wolfSSL	4:1b0d80432c79	12289	}
wolfSSL	4:1b0d80432c79	12290	else if (hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	12291	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	12292	digest = hash512;
wolfSSL	4:1b0d80432c79	12293	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	12294	#endif
wolfSSL	4:1b0d80432c79	12295	}
wolfSSL	4:1b0d80432c79	12296	}
wolfSSL	4:1b0d80432c79	12297	if (doUserEcc) {
wolfSSL	4:1b0d80432c79	12298	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12299	ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	12300	digest, digestSz,
wolfSSL	4:1b0d80432c79	12301	ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	4:1b0d80432c79	12302	ssl->buffers.peerEccDsaKey.length,
wolfSSL	4:1b0d80432c79	12303	&verify, ssl->EccVerifyCtx);
wolfSSL	4:1b0d80432c79	12304	#endif
wolfSSL	4:1b0d80432c79	12305	}
wolfSSL	4:1b0d80432c79	12306	else {
wolfSSL	4:1b0d80432c79	12307	ret = wc_ecc_verify_hash(input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	12308	digest, digestSz, &verify, ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	12309	}
wolfSSL	4:1b0d80432c79	12310	if (ret != 0 \|\| verify == 0) {
wolfSSL	4:1b0d80432c79	12311	ERROR_OUT(VERIFY_SIGN_ERROR, done);
wolfSSL	4:1b0d80432c79	12312	}
wolfSSL	4:1b0d80432c79	12313	break;
wolfSSL	4:1b0d80432c79	12314	}
wolfSSL	4:1b0d80432c79	12315	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	12316	default:
wolfSSL	4:1b0d80432c79	12317	ERROR_OUT(ALGO_ID_E, done);
wolfSSL	4:1b0d80432c79	12318	} /* switch (sigAlgo) */
wolfSSL	4:1b0d80432c79	12319
wolfSSL	4:1b0d80432c79	12320	/* signature length */
wolfSSL	4:1b0d80432c79	12321	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	12322
wolfSSL	4:1b0d80432c79	12323	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	12324
wolfSSL	4:1b0d80432c79	12325	done:
wolfSSL	4:1b0d80432c79	12326	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12327	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	12328	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12329	XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12330	#endif
wolfSSL	4:1b0d80432c79	12331	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	12332	XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12333	XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12334	#endif
wolfSSL	4:1b0d80432c79	12335	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	12336	XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12337	XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12338	#endif
wolfSSL	4:1b0d80432c79	12339	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	12340	XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12341	XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12342	#endif
wolfSSL	4:1b0d80432c79	12343	XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12344	XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12345	#endif
wolfSSL	4:1b0d80432c79	12346	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12347	return ret;
wolfSSL	4:1b0d80432c79	12348	}
wolfSSL	4:1b0d80432c79	12349	}
wolfSSL	4:1b0d80432c79	12350
wolfSSL	4:1b0d80432c79	12351	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	12352	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	12353	}
wolfSSL	4:1b0d80432c79	12354
wolfSSL	4:1b0d80432c79	12355
wolfSSL	4:1b0d80432c79	12356	/* QSH extensions */
wolfSSL	4:1b0d80432c79	12357	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	12358	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	12359	/* extension name */
wolfSSL	4:1b0d80432c79	12360	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	12361	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	12362
wolfSSL	4:1b0d80432c79	12363	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	12364	/* if qshSz is larger than 0 it is the length of buffer used */
wolfSSL	4:1b0d80432c79	12365	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	12366	size, 0)) < 0) {
wolfSSL	4:1b0d80432c79	12367	return qshSz;
wolfSSL	4:1b0d80432c79	12368	}
wolfSSL	4:1b0d80432c79	12369	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	12370	}
wolfSSL	4:1b0d80432c79	12371	else {
wolfSSL	4:1b0d80432c79	12372	/* unknown extension sent server ignored
wolfSSL	4:1b0d80432c79	12373	handshake */
wolfSSL	4:1b0d80432c79	12374	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	12375	}
wolfSSL	4:1b0d80432c79	12376	}
wolfSSL	4:1b0d80432c79	12377	#endif
wolfSSL	4:1b0d80432c79	12378
wolfSSL	4:1b0d80432c79	12379	return 0;
wolfSSL	4:1b0d80432c79	12380	#else /* !NO_DH or HAVE_ECC */
wolfSSL	4:1b0d80432c79	12381	return NOT_COMPILED_IN; /* not supported by build */
wolfSSL	4:1b0d80432c79	12382	#endif /* !NO_DH or HAVE_ECC */
wolfSSL	4:1b0d80432c79	12383
wolfSSL	4:1b0d80432c79	12384	#undef ERROR_OUT
wolfSSL	4:1b0d80432c79	12385	}
wolfSSL	4:1b0d80432c79	12386
wolfSSL	4:1b0d80432c79	12387
wolfSSL	4:1b0d80432c79	12388	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	12389
wolfSSL	4:1b0d80432c79	12390	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	12391	/* Encrypt a byte array using ntru
wolfSSL	4:1b0d80432c79	12392	key a struct containing the public key to use
wolfSSL	4:1b0d80432c79	12393	bufIn array to be encrypted
wolfSSL	4:1b0d80432c79	12394	inSz size of bufIn array
wolfSSL	4:1b0d80432c79	12395	bufOut cipher text out
wolfSSL	4:1b0d80432c79	12396	outSz will be set to the new size of cipher text
wolfSSL	4:1b0d80432c79	12397	*/
wolfSSL	4:1b0d80432c79	12398	static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL	4:1b0d80432c79	12399	byte* bufOut, word16* outSz)
wolfSSL	4:1b0d80432c79	12400	{
wolfSSL	4:1b0d80432c79	12401	int ret;
wolfSSL	4:1b0d80432c79	12402	DRBG_HANDLE drbg;
wolfSSL	4:1b0d80432c79	12403
wolfSSL	4:1b0d80432c79	12404	/* sanity checks on input arguments */
wolfSSL	4:1b0d80432c79	12405	if (key == NULL \|\| bufIn == NULL \|\| bufOut == NULL \|\| outSz == NULL)
wolfSSL	4:1b0d80432c79	12406	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	12407
wolfSSL	4:1b0d80432c79	12408	if (key->pub.buffer == NULL)
wolfSSL	4:1b0d80432c79	12409	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	12410
wolfSSL	4:1b0d80432c79	12411	switch (key->name) {
wolfSSL	4:1b0d80432c79	12412	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	12413	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	12414	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	12415	break;
wolfSSL	4:1b0d80432c79	12416	default:
wolfSSL	4:1b0d80432c79	12417	WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL	4:1b0d80432c79	12418	return -1;
wolfSSL	4:1b0d80432c79	12419	}
wolfSSL	4:1b0d80432c79	12420
wolfSSL	4:1b0d80432c79	12421	/* set up ntru drbg */
wolfSSL	4:1b0d80432c79	12422	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	4:1b0d80432c79	12423	if (ret != DRBG_OK)
wolfSSL	4:1b0d80432c79	12424	return NTRU_DRBG_ERROR;
wolfSSL	4:1b0d80432c79	12425
wolfSSL	4:1b0d80432c79	12426	/* encrypt the byte array */
wolfSSL	4:1b0d80432c79	12427	ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
wolfSSL	4:1b0d80432c79	12428	inSz, bufIn, outSz, bufOut);
wolfSSL	4:1b0d80432c79	12429	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	4:1b0d80432c79	12430	if (ret != NTRU_OK)
wolfSSL	4:1b0d80432c79	12431	return NTRU_ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	12432
wolfSSL	4:1b0d80432c79	12433	return ret;
wolfSSL	4:1b0d80432c79	12434	}
wolfSSL	4:1b0d80432c79	12435
wolfSSL	4:1b0d80432c79	12436	/* Decrypt a byte array using ntru
wolfSSL	4:1b0d80432c79	12437	key a struct containing the private key to use
wolfSSL	4:1b0d80432c79	12438	bufIn array to be decrypted
wolfSSL	4:1b0d80432c79	12439	inSz size of bufIn array
wolfSSL	4:1b0d80432c79	12440	bufOut plain text out
wolfSSL	4:1b0d80432c79	12441	outSz will be set to the new size of plain text
wolfSSL	4:1b0d80432c79	12442	*/
wolfSSL	4:1b0d80432c79	12443
wolfSSL	4:1b0d80432c79	12444	static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL	4:1b0d80432c79	12445	byte* bufOut, word16* outSz)
wolfSSL	4:1b0d80432c79	12446	{
wolfSSL	4:1b0d80432c79	12447	int ret;
wolfSSL	4:1b0d80432c79	12448	DRBG_HANDLE drbg;
wolfSSL	4:1b0d80432c79	12449
wolfSSL	4:1b0d80432c79	12450	/* sanity checks on input arguments */
wolfSSL	4:1b0d80432c79	12451	if (key == NULL \|\| bufIn == NULL \|\| bufOut == NULL \|\| outSz == NULL)
wolfSSL	4:1b0d80432c79	12452	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	12453
wolfSSL	4:1b0d80432c79	12454	if (key->pri.buffer == NULL)
wolfSSL	4:1b0d80432c79	12455	return BAD_FUNC_ARG;
wolfSSL	4:1b0d80432c79	12456
wolfSSL	4:1b0d80432c79	12457	switch (key->name) {
wolfSSL	4:1b0d80432c79	12458	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	12459	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	12460	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	12461	break;
wolfSSL	4:1b0d80432c79	12462	default:
wolfSSL	4:1b0d80432c79	12463	WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL	4:1b0d80432c79	12464	return -1;
wolfSSL	4:1b0d80432c79	12465	}
wolfSSL	4:1b0d80432c79	12466
wolfSSL	4:1b0d80432c79	12467
wolfSSL	4:1b0d80432c79	12468	/* set up drbg */
wolfSSL	4:1b0d80432c79	12469	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	4:1b0d80432c79	12470	if (ret != DRBG_OK)
wolfSSL	4:1b0d80432c79	12471	return NTRU_DRBG_ERROR;
wolfSSL	4:1b0d80432c79	12472
wolfSSL	4:1b0d80432c79	12473	/* decrypt cipher text */
wolfSSL	4:1b0d80432c79	12474	ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
wolfSSL	4:1b0d80432c79	12475	inSz, bufIn, outSz, bufOut);
wolfSSL	4:1b0d80432c79	12476	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	4:1b0d80432c79	12477	if (ret != NTRU_OK)
wolfSSL	4:1b0d80432c79	12478	return NTRU_ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	12479
wolfSSL	4:1b0d80432c79	12480	return ret;
wolfSSL	4:1b0d80432c79	12481	}
wolfSSL	4:1b0d80432c79	12482	#endif /* HAVE_NTRU */
wolfSSL	4:1b0d80432c79	12483
wolfSSL	4:1b0d80432c79	12484	int QSH_Init(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	12485	{
wolfSSL	4:1b0d80432c79	12486	/* check so not initialising twice when running DTLS */
wolfSSL	4:1b0d80432c79	12487	if (ssl->QSH_secret != NULL)
wolfSSL	4:1b0d80432c79	12488	return 0;
wolfSSL	4:1b0d80432c79	12489
wolfSSL	4:1b0d80432c79	12490	/* malloc memory for holding generated secret information */
wolfSSL	4:1b0d80432c79	12491	if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), NULL,
wolfSSL	4:1b0d80432c79	12492	DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL	4:1b0d80432c79	12493	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12494
wolfSSL	4:1b0d80432c79	12495	ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
wolfSSL	4:1b0d80432c79	12496	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12497	if (ssl->QSH_secret->CliSi == NULL)
wolfSSL	4:1b0d80432c79	12498	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12499
wolfSSL	4:1b0d80432c79	12500	ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
wolfSSL	4:1b0d80432c79	12501	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12502	if (ssl->QSH_secret->SerSi == NULL)
wolfSSL	4:1b0d80432c79	12503	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12504
wolfSSL	4:1b0d80432c79	12505	/* initialize variables */
wolfSSL	4:1b0d80432c79	12506	ssl->QSH_secret->list = NULL;
wolfSSL	4:1b0d80432c79	12507	ssl->QSH_secret->CliSi->length = 0;
wolfSSL	4:1b0d80432c79	12508	ssl->QSH_secret->CliSi->buffer = NULL;
wolfSSL	4:1b0d80432c79	12509	ssl->QSH_secret->SerSi->length = 0;
wolfSSL	4:1b0d80432c79	12510	ssl->QSH_secret->SerSi->buffer = NULL;
wolfSSL	4:1b0d80432c79	12511
wolfSSL	4:1b0d80432c79	12512	return 0;
wolfSSL	4:1b0d80432c79	12513	}
wolfSSL	4:1b0d80432c79	12514
wolfSSL	4:1b0d80432c79	12515
wolfSSL	4:1b0d80432c79	12516	static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	4:1b0d80432c79	12517	byte* out, word32* szOut)
wolfSSL	4:1b0d80432c79	12518	{
wolfSSL	4:1b0d80432c79	12519	int ret = 0;
wolfSSL	4:1b0d80432c79	12520	word16 size = *szOut;
wolfSSL	4:1b0d80432c79	12521
wolfSSL	4:1b0d80432c79	12522	WOLFSSL_MSG("Encrypting QSH key material");
wolfSSL	4:1b0d80432c79	12523
wolfSSL	4:1b0d80432c79	12524	switch (key->name) {
wolfSSL	4:1b0d80432c79	12525	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	12526	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	12527	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	12528	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	12529	ret = NtruSecretEncrypt(key, in, szIn, out, &size);
wolfSSL	4:1b0d80432c79	12530	break;
wolfSSL	4:1b0d80432c79	12531	#endif
wolfSSL	4:1b0d80432c79	12532	default:
wolfSSL	4:1b0d80432c79	12533	WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL	4:1b0d80432c79	12534	return -1;
wolfSSL	4:1b0d80432c79	12535	}
wolfSSL	4:1b0d80432c79	12536
wolfSSL	4:1b0d80432c79	12537	*szOut = size;
wolfSSL	4:1b0d80432c79	12538
wolfSSL	4:1b0d80432c79	12539	return ret;
wolfSSL	4:1b0d80432c79	12540	}
wolfSSL	4:1b0d80432c79	12541
wolfSSL	4:1b0d80432c79	12542
wolfSSL	4:1b0d80432c79	12543	/* Decrypt using Quantum Safe Handshake algorithms */
wolfSSL	4:1b0d80432c79	12544	int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	4:1b0d80432c79	12545	byte* out, word16* szOut)
wolfSSL	4:1b0d80432c79	12546	{
wolfSSL	4:1b0d80432c79	12547	int ret = 0;
wolfSSL	4:1b0d80432c79	12548	word16 size = *szOut;
wolfSSL	4:1b0d80432c79	12549
wolfSSL	4:1b0d80432c79	12550	WOLFSSL_MSG("Decrypting QSH key material");
wolfSSL	4:1b0d80432c79	12551
wolfSSL	4:1b0d80432c79	12552	switch (key->name) {
wolfSSL	4:1b0d80432c79	12553	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	12554	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	12555	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	12556	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	12557	ret = NtruSecretDecrypt(key, in, szIn, out, &size);
wolfSSL	4:1b0d80432c79	12558	break;
wolfSSL	4:1b0d80432c79	12559	#endif
wolfSSL	4:1b0d80432c79	12560	default:
wolfSSL	4:1b0d80432c79	12561	WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL	4:1b0d80432c79	12562	return -1;
wolfSSL	4:1b0d80432c79	12563	}
wolfSSL	4:1b0d80432c79	12564
wolfSSL	4:1b0d80432c79	12565	*szOut = size;
wolfSSL	4:1b0d80432c79	12566
wolfSSL	4:1b0d80432c79	12567	return ret;
wolfSSL	4:1b0d80432c79	12568	}
wolfSSL	4:1b0d80432c79	12569
wolfSSL	4:1b0d80432c79	12570
wolfSSL	4:1b0d80432c79	12571	/* Get the max cipher text for corresponding encryption scheme
wolfSSL	4:1b0d80432c79	12572	(encrypting 48 or max plain text whichever is smaller)
wolfSSL	4:1b0d80432c79	12573	*/
wolfSSL	4:1b0d80432c79	12574	static word32 QSH_MaxSecret(QSHKey* key)
wolfSSL	4:1b0d80432c79	12575	{
wolfSSL	4:1b0d80432c79	12576	byte isNtru = 0;
wolfSSL	4:1b0d80432c79	12577	word16 inSz = 48;
wolfSSL	4:1b0d80432c79	12578	word16 outSz;
wolfSSL	4:1b0d80432c79	12579	DRBG_HANDLE drbg = 0;
wolfSSL	4:1b0d80432c79	12580	byte bufIn[48];
wolfSSL	4:1b0d80432c79	12581	int ret = 0;
wolfSSL	4:1b0d80432c79	12582
wolfSSL	4:1b0d80432c79	12583	if (key == NULL \|\| key->pub.length == 0)
wolfSSL	4:1b0d80432c79	12584	return 0;
wolfSSL	4:1b0d80432c79	12585
wolfSSL	4:1b0d80432c79	12586	switch(key->name) {
wolfSSL	4:1b0d80432c79	12587	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	12588	case WOLFSSL_NTRU_EESS439:
wolfSSL	4:1b0d80432c79	12589	isNtru = 1;
wolfSSL	4:1b0d80432c79	12590	break;
wolfSSL	4:1b0d80432c79	12591	case WOLFSSL_NTRU_EESS593:
wolfSSL	4:1b0d80432c79	12592	isNtru = 1;
wolfSSL	4:1b0d80432c79	12593	break;
wolfSSL	4:1b0d80432c79	12594	case WOLFSSL_NTRU_EESS743:
wolfSSL	4:1b0d80432c79	12595	isNtru = 1;
wolfSSL	4:1b0d80432c79	12596	break;
wolfSSL	4:1b0d80432c79	12597	#endif
wolfSSL	4:1b0d80432c79	12598	default:
wolfSSL	4:1b0d80432c79	12599	WOLFSSL_MSG("Unknown QSH encryption scheme size!");
wolfSSL	4:1b0d80432c79	12600	return 0;
wolfSSL	4:1b0d80432c79	12601	}
wolfSSL	4:1b0d80432c79	12602
wolfSSL	4:1b0d80432c79	12603	if (isNtru) {
wolfSSL	4:1b0d80432c79	12604	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	4:1b0d80432c79	12605	if (ret != DRBG_OK)
wolfSSL	4:1b0d80432c79	12606	return NTRU_DRBG_ERROR;
wolfSSL	4:1b0d80432c79	12607	ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
wolfSSL	4:1b0d80432c79	12608	key->pub.buffer, inSz, bufIn, &outSz, NULL);
wolfSSL	4:1b0d80432c79	12609	if (ret != NTRU_OK) {
wolfSSL	4:1b0d80432c79	12610	return NTRU_ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	12611	}
wolfSSL	4:1b0d80432c79	12612	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	4:1b0d80432c79	12613	return outSz;
wolfSSL	4:1b0d80432c79	12614	}
wolfSSL	4:1b0d80432c79	12615
wolfSSL	4:1b0d80432c79	12616	return 0;
wolfSSL	4:1b0d80432c79	12617	}
wolfSSL	4:1b0d80432c79	12618
wolfSSL	4:1b0d80432c79	12619	/* Generate the secret byte material for pms
wolfSSL	4:1b0d80432c79	12620	returns length on success and -1 on fail
wolfSSL	4:1b0d80432c79	12621	*/
wolfSSL	4:1b0d80432c79	12622	static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
wolfSSL	4:1b0d80432c79	12623	{
wolfSSL	4:1b0d80432c79	12624	int sz = 0;
wolfSSL	4:1b0d80432c79	12625	int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
wolfSSL	4:1b0d80432c79	12626	int offset = 0;
wolfSSL	4:1b0d80432c79	12627	word32 tmpSz = 0;
wolfSSL	4:1b0d80432c79	12628	buffer* buf;
wolfSSL	4:1b0d80432c79	12629	QSHKey* current = ssl->peerQSHKey;
wolfSSL	4:1b0d80432c79	12630	QSHScheme* schmPre = NULL;
wolfSSL	4:1b0d80432c79	12631	QSHScheme* schm = NULL;
wolfSSL	4:1b0d80432c79	12632
wolfSSL	4:1b0d80432c79	12633	if (ssl == NULL)
wolfSSL	4:1b0d80432c79	12634	return -1;
wolfSSL	4:1b0d80432c79	12635
wolfSSL	4:1b0d80432c79	12636	WOLFSSL_MSG("Generating QSH secret key material");
wolfSSL	4:1b0d80432c79	12637
wolfSSL	4:1b0d80432c79	12638	/* get size of buffer needed */
wolfSSL	4:1b0d80432c79	12639	while (current) {
wolfSSL	4:1b0d80432c79	12640	if (current->pub.length != 0) {
wolfSSL	4:1b0d80432c79	12641	sz += plainSz;
wolfSSL	4:1b0d80432c79	12642	}
wolfSSL	4:1b0d80432c79	12643	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	12644	}
wolfSSL	4:1b0d80432c79	12645
wolfSSL	4:1b0d80432c79	12646	/* allocate memory for buffer */
wolfSSL	4:1b0d80432c79	12647	if (isServer) {
wolfSSL	4:1b0d80432c79	12648	buf = ssl->QSH_secret->SerSi;
wolfSSL	4:1b0d80432c79	12649	}
wolfSSL	4:1b0d80432c79	12650	else {
wolfSSL	4:1b0d80432c79	12651	buf = ssl->QSH_secret->CliSi;
wolfSSL	4:1b0d80432c79	12652	}
wolfSSL	4:1b0d80432c79	12653	buf->length = sz;
wolfSSL	4:1b0d80432c79	12654	buf->buffer = (byte*)XMALLOC(sz, buf->buffer, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12655	if (buf->buffer == NULL) {
wolfSSL	4:1b0d80432c79	12656	WOLFSSL_ERROR(MEMORY_E);
wolfSSL	4:1b0d80432c79	12657	}
wolfSSL	4:1b0d80432c79	12658
wolfSSL	4:1b0d80432c79	12659	/* create secret information */
wolfSSL	4:1b0d80432c79	12660	sz = 0;
wolfSSL	4:1b0d80432c79	12661	current = ssl->peerQSHKey;
wolfSSL	4:1b0d80432c79	12662	while (current) {
wolfSSL	4:1b0d80432c79	12663	schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), NULL,
wolfSSL	4:1b0d80432c79	12664	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12665	if (schm == NULL)
wolfSSL	4:1b0d80432c79	12666	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12667
wolfSSL	4:1b0d80432c79	12668	/* initialize variables */
wolfSSL	4:1b0d80432c79	12669	schm->name = 0;
wolfSSL	4:1b0d80432c79	12670	schm->PK = NULL;
wolfSSL	4:1b0d80432c79	12671	schm->PKLen = 0;
wolfSSL	4:1b0d80432c79	12672	schm->next = NULL;
wolfSSL	4:1b0d80432c79	12673	if (ssl->QSH_secret->list == NULL) {
wolfSSL	4:1b0d80432c79	12674	ssl->QSH_secret->list = schm;
wolfSSL	4:1b0d80432c79	12675	}
wolfSSL	4:1b0d80432c79	12676	else {
wolfSSL	4:1b0d80432c79	12677	if (schmPre)
wolfSSL	4:1b0d80432c79	12678	schmPre->next = schm;
wolfSSL	4:1b0d80432c79	12679	}
wolfSSL	4:1b0d80432c79	12680
wolfSSL	4:1b0d80432c79	12681	tmpSz = QSH_MaxSecret(current);
wolfSSL	4:1b0d80432c79	12682
wolfSSL	4:1b0d80432c79	12683	if ((schm->PK = (byte*)XMALLOC(tmpSz, 0,
wolfSSL	4:1b0d80432c79	12684	DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL	4:1b0d80432c79	12685	return -1;
wolfSSL	4:1b0d80432c79	12686
wolfSSL	4:1b0d80432c79	12687	/* store info for writing extension */
wolfSSL	4:1b0d80432c79	12688	schm->name = current->name;
wolfSSL	4:1b0d80432c79	12689
wolfSSL	4:1b0d80432c79	12690	/* no key to use for encryption */
wolfSSL	4:1b0d80432c79	12691	if (tmpSz == 0) {
wolfSSL	4:1b0d80432c79	12692	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	12693	continue;
wolfSSL	4:1b0d80432c79	12694	}
wolfSSL	4:1b0d80432c79	12695
wolfSSL	4:1b0d80432c79	12696	if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
wolfSSL	4:1b0d80432c79	12697	!= 0) {
wolfSSL	4:1b0d80432c79	12698	return -1;
wolfSSL	4:1b0d80432c79	12699	}
wolfSSL	4:1b0d80432c79	12700	if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
wolfSSL	4:1b0d80432c79	12701	&tmpSz) != 0) {
wolfSSL	4:1b0d80432c79	12702	return -1;
wolfSSL	4:1b0d80432c79	12703	}
wolfSSL	4:1b0d80432c79	12704	schm->PKLen = tmpSz;
wolfSSL	4:1b0d80432c79	12705
wolfSSL	4:1b0d80432c79	12706	sz += tmpSz;
wolfSSL	4:1b0d80432c79	12707	offset += plainSz;
wolfSSL	4:1b0d80432c79	12708	schmPre = schm;
wolfSSL	4:1b0d80432c79	12709	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	12710	}
wolfSSL	4:1b0d80432c79	12711
wolfSSL	4:1b0d80432c79	12712	return sz;
wolfSSL	4:1b0d80432c79	12713	}
wolfSSL	4:1b0d80432c79	12714
wolfSSL	4:1b0d80432c79	12715
wolfSSL	4:1b0d80432c79	12716	static word32 QSH_KeyGetSize(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	12717	{
wolfSSL	4:1b0d80432c79	12718	word32 sz = 0;
wolfSSL	4:1b0d80432c79	12719	QSHKey* current = ssl->peerQSHKey;
wolfSSL	4:1b0d80432c79	12720
wolfSSL	4:1b0d80432c79	12721	if (ssl == NULL)
wolfSSL	4:1b0d80432c79	12722	return -1;
wolfSSL	4:1b0d80432c79	12723
wolfSSL	4:1b0d80432c79	12724	sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
wolfSSL	4:1b0d80432c79	12725	sz += OPAQUE24_LEN;
wolfSSL	4:1b0d80432c79	12726	/* get size of buffer needed */
wolfSSL	4:1b0d80432c79	12727	while (current) {
wolfSSL	4:1b0d80432c79	12728	sz += OPAQUE16_LEN; /* scheme id */
wolfSSL	4:1b0d80432c79	12729	sz += OPAQUE16_LEN; /* encrypted key len*/
wolfSSL	4:1b0d80432c79	12730	sz += QSH_MaxSecret(current);
wolfSSL	4:1b0d80432c79	12731	current = (QSHKey*)current->next;
wolfSSL	4:1b0d80432c79	12732	}
wolfSSL	4:1b0d80432c79	12733
wolfSSL	4:1b0d80432c79	12734	return sz;
wolfSSL	4:1b0d80432c79	12735	}
wolfSSL	4:1b0d80432c79	12736
wolfSSL	4:1b0d80432c79	12737
wolfSSL	4:1b0d80432c79	12738	/* handle QSH key Exchange
wolfSSL	4:1b0d80432c79	12739	return 0 on success
wolfSSL	4:1b0d80432c79	12740	*/
wolfSSL	4:1b0d80432c79	12741	static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
wolfSSL	4:1b0d80432c79	12742	{
wolfSSL	4:1b0d80432c79	12743	int ret = 0;
wolfSSL	4:1b0d80432c79	12744
wolfSSL	4:1b0d80432c79	12745	WOLFSSL_ENTER("QSH KeyExchange");
wolfSSL	4:1b0d80432c79	12746
wolfSSL	4:1b0d80432c79	12747	ret = QSH_GenerateSerCliSecret(ssl, isServer);
wolfSSL	4:1b0d80432c79	12748	if (ret < 0)
wolfSSL	4:1b0d80432c79	12749	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12750
wolfSSL	4:1b0d80432c79	12751	return 0;
wolfSSL	4:1b0d80432c79	12752	}
wolfSSL	4:1b0d80432c79	12753
wolfSSL	4:1b0d80432c79	12754	#endif /* HAVE_QSH */
wolfSSL	4:1b0d80432c79	12755
wolfSSL	4:1b0d80432c79	12756
wolfSSL	4:1b0d80432c79	12757	int SendClientKeyExchange(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	12758	{
wolfSSL	4:1b0d80432c79	12759	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12760	byte* encSecret = NULL;
wolfSSL	4:1b0d80432c79	12761	#else
wolfSSL	4:1b0d80432c79	12762	byte encSecret[MAX_ENCRYPT_SZ];
wolfSSL	4:1b0d80432c79	12763	#endif
wolfSSL	4:1b0d80432c79	12764	word32 encSz = 0;
wolfSSL	4:1b0d80432c79	12765	word32 idx = 0;
wolfSSL	4:1b0d80432c79	12766	int ret = 0;
wolfSSL	4:1b0d80432c79	12767	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	12768
wolfSSL	4:1b0d80432c79	12769	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	12770	word32 qshSz = 0;
wolfSSL	4:1b0d80432c79	12771	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	12772	qshSz = QSH_KeyGetSize(ssl);
wolfSSL	4:1b0d80432c79	12773	}
wolfSSL	4:1b0d80432c79	12774	#endif
wolfSSL	4:1b0d80432c79	12775
wolfSSL	4:1b0d80432c79	12776	(void)doUserRsa;
wolfSSL	4:1b0d80432c79	12777
wolfSSL	4:1b0d80432c79	12778	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12779	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	12780	if (ssl->ctx->RsaEncCb)
wolfSSL	4:1b0d80432c79	12781	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	12782	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	12783	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	12784
wolfSSL	4:1b0d80432c79	12785	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12786	encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, NULL,
wolfSSL	4:1b0d80432c79	12787	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12788	if (encSecret == NULL)
wolfSSL	4:1b0d80432c79	12789	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12790	#endif
wolfSSL	4:1b0d80432c79	12791
wolfSSL	4:1b0d80432c79	12792	switch (ssl->specs.kea) {
wolfSSL	4:1b0d80432c79	12793	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	12794	case rsa_kea:
wolfSSL	4:1b0d80432c79	12795	ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	12796	SECRET_LEN);
wolfSSL	4:1b0d80432c79	12797	if (ret != 0) {
wolfSSL	4:1b0d80432c79	12798	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12799	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12800	#endif
wolfSSL	4:1b0d80432c79	12801	return ret;
wolfSSL	4:1b0d80432c79	12802	}
wolfSSL	4:1b0d80432c79	12803
wolfSSL	4:1b0d80432c79	12804	ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL	4:1b0d80432c79	12805	ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL	4:1b0d80432c79	12806	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	4:1b0d80432c79	12807
wolfSSL	4:1b0d80432c79	12808	if (ssl->peerRsaKey == NULL \|\| ssl->peerRsaKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	12809	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12810	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12811	#endif
wolfSSL	4:1b0d80432c79	12812	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	12813	}
wolfSSL	4:1b0d80432c79	12814
wolfSSL	4:1b0d80432c79	12815	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	12816	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	12817	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	12818	encSz = MAX_ENCRYPT_SZ;
wolfSSL	4:1b0d80432c79	12819	ret = ssl->ctx->RsaEncCb(ssl,
wolfSSL	4:1b0d80432c79	12820	ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	12821	SECRET_LEN,
wolfSSL	4:1b0d80432c79	12822	encSecret, &encSz,
wolfSSL	4:1b0d80432c79	12823	ssl->buffers.peerRsaKey.buffer,
wolfSSL	4:1b0d80432c79	12824	ssl->buffers.peerRsaKey.length,
wolfSSL	4:1b0d80432c79	12825	ssl->RsaEncCtx);
wolfSSL	4:1b0d80432c79	12826	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	12827	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	12828	}
wolfSSL	4:1b0d80432c79	12829	else {
wolfSSL	4:1b0d80432c79	12830	ret = wc_RsaPublicEncrypt(ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	12831	SECRET_LEN, encSecret, MAX_ENCRYPT_SZ,
wolfSSL	4:1b0d80432c79	12832	ssl->peerRsaKey, ssl->rng);
wolfSSL	4:1b0d80432c79	12833	if (ret > 0) {
wolfSSL	4:1b0d80432c79	12834	encSz = ret;
wolfSSL	4:1b0d80432c79	12835	ret = 0; /* set success to 0 */
wolfSSL	4:1b0d80432c79	12836	}
wolfSSL	4:1b0d80432c79	12837	}
wolfSSL	4:1b0d80432c79	12838	break;
wolfSSL	4:1b0d80432c79	12839	#endif
wolfSSL	4:1b0d80432c79	12840	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	12841	case diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	12842	{
wolfSSL	4:1b0d80432c79	12843	buffer serverP = ssl->buffers.serverDH_P;
wolfSSL	4:1b0d80432c79	12844	buffer serverG = ssl->buffers.serverDH_G;
wolfSSL	4:1b0d80432c79	12845	buffer serverPub = ssl->buffers.serverDH_Pub;
wolfSSL	4:1b0d80432c79	12846	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12847	byte* priv = NULL;
wolfSSL	4:1b0d80432c79	12848	#else
wolfSSL	4:1b0d80432c79	12849	byte priv[ENCRYPT_LEN];
wolfSSL	4:1b0d80432c79	12850	#endif
wolfSSL	4:1b0d80432c79	12851	word32 privSz = 0;
wolfSSL	4:1b0d80432c79	12852	DhKey key;
wolfSSL	4:1b0d80432c79	12853
wolfSSL	4:1b0d80432c79	12854	if (serverP.buffer == 0 \|\| serverG.buffer == 0 \|\|
wolfSSL	4:1b0d80432c79	12855	serverPub.buffer == 0) {
wolfSSL	4:1b0d80432c79	12856	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12857	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12858	#endif
wolfSSL	4:1b0d80432c79	12859	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	12860	}
wolfSSL	4:1b0d80432c79	12861
wolfSSL	4:1b0d80432c79	12862	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12863	priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL,
wolfSSL	4:1b0d80432c79	12864	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12865	if (priv == NULL) {
wolfSSL	4:1b0d80432c79	12866	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12867	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12868	}
wolfSSL	4:1b0d80432c79	12869	#endif
wolfSSL	4:1b0d80432c79	12870
wolfSSL	4:1b0d80432c79	12871	wc_InitDhKey(&key);
wolfSSL	4:1b0d80432c79	12872	ret = wc_DhSetKey(&key, serverP.buffer, serverP.length,
wolfSSL	4:1b0d80432c79	12873	serverG.buffer, serverG.length);
wolfSSL	4:1b0d80432c79	12874	if (ret == 0)
wolfSSL	4:1b0d80432c79	12875	/* for DH, encSecret is Yc, agree is pre-master */
wolfSSL	4:1b0d80432c79	12876	ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
wolfSSL	4:1b0d80432c79	12877	encSecret, &encSz);
wolfSSL	4:1b0d80432c79	12878	if (ret == 0)
wolfSSL	4:1b0d80432c79	12879	ret = wc_DhAgree(&key, ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	12880	&ssl->arrays->preMasterSz, priv, privSz,
wolfSSL	4:1b0d80432c79	12881	serverPub.buffer, serverPub.length);
wolfSSL	4:1b0d80432c79	12882	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12883	XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12884	#endif
wolfSSL	4:1b0d80432c79	12885	wc_FreeDhKey(&key);
wolfSSL	4:1b0d80432c79	12886	}
wolfSSL	4:1b0d80432c79	12887	break;
wolfSSL	4:1b0d80432c79	12888	#endif /* NO_DH */
wolfSSL	4:1b0d80432c79	12889	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	12890	case psk_kea:
wolfSSL	4:1b0d80432c79	12891	{
wolfSSL	4:1b0d80432c79	12892	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	12893
wolfSSL	4:1b0d80432c79	12894	/* sanity check that PSK client callback has been set */
wolfSSL	4:1b0d80432c79	12895	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	12896	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	4:1b0d80432c79	12897	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	12898	}
wolfSSL	4:1b0d80432c79	12899	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	12900	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	4:1b0d80432c79	12901	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	12902	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	12903	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	12904	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12905	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12906	#endif
wolfSSL	4:1b0d80432c79	12907	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	12908	}
wolfSSL	4:1b0d80432c79	12909	encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	4:1b0d80432c79	12910	if (encSz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	12911	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12912	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12913	#endif
wolfSSL	4:1b0d80432c79	12914	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	12915	}
wolfSSL	4:1b0d80432c79	12916	XMEMCPY(encSecret, ssl->arrays->client_identity, encSz);
wolfSSL	4:1b0d80432c79	12917
wolfSSL	4:1b0d80432c79	12918	/* make psk pre master secret */
wolfSSL	4:1b0d80432c79	12919	/* length of key + length 0s + length of key + key */
wolfSSL	4:1b0d80432c79	12920	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	12921	pms += 2;
wolfSSL	4:1b0d80432c79	12922	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	12923	pms += ssl->arrays->psk_keySz;
wolfSSL	4:1b0d80432c79	12924	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	12925	pms += 2;
wolfSSL	4:1b0d80432c79	12926	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	12927	ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL	4:1b0d80432c79	12928	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	12929	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	4:1b0d80432c79	12930	}
wolfSSL	4:1b0d80432c79	12931	break;
wolfSSL	4:1b0d80432c79	12932	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	12933	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	12934	case dhe_psk_kea:
wolfSSL	4:1b0d80432c79	12935	{
wolfSSL	4:1b0d80432c79	12936	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	12937	byte* es = encSecret;
wolfSSL	4:1b0d80432c79	12938	buffer serverP = ssl->buffers.serverDH_P;
wolfSSL	4:1b0d80432c79	12939	buffer serverG = ssl->buffers.serverDH_G;
wolfSSL	4:1b0d80432c79	12940	buffer serverPub = ssl->buffers.serverDH_Pub;
wolfSSL	4:1b0d80432c79	12941	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12942	byte* priv = NULL;
wolfSSL	4:1b0d80432c79	12943	#else
wolfSSL	4:1b0d80432c79	12944	byte priv[ENCRYPT_LEN];
wolfSSL	4:1b0d80432c79	12945	#endif
wolfSSL	4:1b0d80432c79	12946	word32 privSz = 0;
wolfSSL	4:1b0d80432c79	12947	word32 pubSz = 0;
wolfSSL	4:1b0d80432c79	12948	word32 esSz = 0;
wolfSSL	4:1b0d80432c79	12949	DhKey key;
wolfSSL	4:1b0d80432c79	12950
wolfSSL	4:1b0d80432c79	12951	if (serverP.buffer == 0 \|\| serverG.buffer == 0 \|\|
wolfSSL	4:1b0d80432c79	12952	serverPub.buffer == 0) {
wolfSSL	4:1b0d80432c79	12953	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12954	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12955	#endif
wolfSSL	4:1b0d80432c79	12956	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	12957	}
wolfSSL	4:1b0d80432c79	12958
wolfSSL	4:1b0d80432c79	12959	/* sanity check that PSK client callback has been set */
wolfSSL	4:1b0d80432c79	12960	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	12961	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	4:1b0d80432c79	12962	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	12963	}
wolfSSL	4:1b0d80432c79	12964	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	12965	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	4:1b0d80432c79	12966	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	12967	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	12968	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	12969	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12970	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12971	#endif
wolfSSL	4:1b0d80432c79	12972	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	12973	}
wolfSSL	4:1b0d80432c79	12974	esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	4:1b0d80432c79	12975
wolfSSL	4:1b0d80432c79	12976	if (esSz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	12977	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12978	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12979	#endif
wolfSSL	4:1b0d80432c79	12980	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	12981	}
wolfSSL	4:1b0d80432c79	12982
wolfSSL	4:1b0d80432c79	12983	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	12984	priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL,
wolfSSL	4:1b0d80432c79	12985	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12986	if (priv == NULL) {
wolfSSL	4:1b0d80432c79	12987	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	12988	return MEMORY_E;
wolfSSL	4:1b0d80432c79	12989	}
wolfSSL	4:1b0d80432c79	12990	#endif
wolfSSL	4:1b0d80432c79	12991	c16toa((word16)esSz, es);
wolfSSL	4:1b0d80432c79	12992	es += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	12993	XMEMCPY(es, ssl->arrays->client_identity, esSz);
wolfSSL	4:1b0d80432c79	12994	es += esSz;
wolfSSL	4:1b0d80432c79	12995	encSz = esSz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	12996
wolfSSL	4:1b0d80432c79	12997	wc_InitDhKey(&key);
wolfSSL	4:1b0d80432c79	12998	ret = wc_DhSetKey(&key, serverP.buffer, serverP.length,
wolfSSL	4:1b0d80432c79	12999	serverG.buffer, serverG.length);
wolfSSL	4:1b0d80432c79	13000	if (ret == 0)
wolfSSL	4:1b0d80432c79	13001	/* for DH, encSecret is Yc, agree is pre-master */
wolfSSL	4:1b0d80432c79	13002	ret = wc_DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
wolfSSL	4:1b0d80432c79	13003	es + OPAQUE16_LEN, &pubSz);
wolfSSL	4:1b0d80432c79	13004	if (ret == 0)
wolfSSL	4:1b0d80432c79	13005	ret = wc_DhAgree(&key, pms + OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	13006	&ssl->arrays->preMasterSz, priv, privSz,
wolfSSL	4:1b0d80432c79	13007	serverPub.buffer, serverPub.length);
wolfSSL	4:1b0d80432c79	13008	wc_FreeDhKey(&key);
wolfSSL	4:1b0d80432c79	13009	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13010	XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13011	#endif
wolfSSL	4:1b0d80432c79	13012	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13013	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13014	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13015	#endif
wolfSSL	4:1b0d80432c79	13016	return ret;
wolfSSL	4:1b0d80432c79	13017	}
wolfSSL	4:1b0d80432c79	13018
wolfSSL	4:1b0d80432c79	13019	c16toa((word16)pubSz, es);
wolfSSL	4:1b0d80432c79	13020	encSz += pubSz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13021	c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL	4:1b0d80432c79	13022	ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13023	pms += ssl->arrays->preMasterSz;
wolfSSL	4:1b0d80432c79	13024
wolfSSL	4:1b0d80432c79	13025	/* make psk pre master secret */
wolfSSL	4:1b0d80432c79	13026	/* length of key + length 0s + length of key + key */
wolfSSL	4:1b0d80432c79	13027	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	13028	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13029	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	13030	ssl->arrays->preMasterSz +=
wolfSSL	4:1b0d80432c79	13031	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13032	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	13033	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	4:1b0d80432c79	13034	}
wolfSSL	4:1b0d80432c79	13035	break;
wolfSSL	4:1b0d80432c79	13036	#endif /* !NO_DH && !NO_PSK */
wolfSSL	4:1b0d80432c79	13037	#if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	13038	case ecdhe_psk_kea:
wolfSSL	4:1b0d80432c79	13039	{
wolfSSL	4:1b0d80432c79	13040	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	13041	byte* es = encSecret;
wolfSSL	4:1b0d80432c79	13042	ecc_key myKey;
wolfSSL	4:1b0d80432c79	13043	ecc_key* peerKey = NULL;
wolfSSL	4:1b0d80432c79	13044	word32 size = MAX_ENCRYPT_SZ;
wolfSSL	4:1b0d80432c79	13045	word32 esSz = 0;
wolfSSL	4:1b0d80432c79	13046
wolfSSL	4:1b0d80432c79	13047	/* sanity check that PSK client callback has been set */
wolfSSL	4:1b0d80432c79	13048	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	13049	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	4:1b0d80432c79	13050	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	13051	}
wolfSSL	4:1b0d80432c79	13052
wolfSSL	4:1b0d80432c79	13053	/* Send PSK client identity */
wolfSSL	4:1b0d80432c79	13054	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	13055	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	4:1b0d80432c79	13056	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	13057	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	13058	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	13059	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13060	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13061	#endif
wolfSSL	4:1b0d80432c79	13062	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	13063	}
wolfSSL	4:1b0d80432c79	13064	esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	4:1b0d80432c79	13065
wolfSSL	4:1b0d80432c79	13066	if (esSz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	13067	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13068	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13069	#endif
wolfSSL	4:1b0d80432c79	13070	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	13071	}
wolfSSL	4:1b0d80432c79	13072
wolfSSL	4:1b0d80432c79	13073	/* place size and identity in output buffer sz:identity */
wolfSSL	4:1b0d80432c79	13074	c16toa((word16)esSz, es);
wolfSSL	4:1b0d80432c79	13075	es += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13076	XMEMCPY(es, ssl->arrays->client_identity, esSz);
wolfSSL	4:1b0d80432c79	13077	es += esSz;
wolfSSL	4:1b0d80432c79	13078	encSz = esSz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13079
wolfSSL	4:1b0d80432c79	13080	/* Send Client ECC public key */
wolfSSL	4:1b0d80432c79	13081	if (!ssl->peerEccKey \|\| !ssl->peerEccKeyPresent \|\|
wolfSSL	4:1b0d80432c79	13082	!ssl->peerEccKey->dp) {
wolfSSL	4:1b0d80432c79	13083	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13084	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13085	#endif
wolfSSL	4:1b0d80432c79	13086	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13087	}
wolfSSL	4:1b0d80432c79	13088	peerKey = ssl->peerEccKey;
wolfSSL	4:1b0d80432c79	13089
wolfSSL	4:1b0d80432c79	13090	if (peerKey == NULL) {
wolfSSL	4:1b0d80432c79	13091	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13092	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13093	#endif
wolfSSL	4:1b0d80432c79	13094	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13095	}
wolfSSL	4:1b0d80432c79	13096
wolfSSL	4:1b0d80432c79	13097	wc_ecc_init(&myKey);
wolfSSL	4:1b0d80432c79	13098	ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
wolfSSL	4:1b0d80432c79	13099	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13100	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13101	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13102	#endif
wolfSSL	4:1b0d80432c79	13103	return ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	13104	}
wolfSSL	4:1b0d80432c79	13105
wolfSSL	4:1b0d80432c79	13106	/* Place ECC key in output buffer, leaving room for size */
wolfSSL	4:1b0d80432c79	13107	ret = wc_ecc_export_x963(&myKey, es + 1, &size);
wolfSSL	4:1b0d80432c79	13108	es = (byte)size; / place size of key in output buffer */
wolfSSL	4:1b0d80432c79	13109	encSz += size + 1;
wolfSSL	4:1b0d80432c79	13110
wolfSSL	4:1b0d80432c79	13111	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13112	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13113	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13114	#endif
wolfSSL	4:1b0d80432c79	13115	ret = ECC_EXPORT_ERROR;
wolfSSL	4:1b0d80432c79	13116	}
wolfSSL	4:1b0d80432c79	13117	else {
wolfSSL	4:1b0d80432c79	13118	/* Create shared ECC key leaveing room at the begining
wolfSSL	4:1b0d80432c79	13119	of buffer for size of shared key. Note sizeof
wolfSSL	4:1b0d80432c79	13120	preMasterSecret is ENCRYPT_LEN currently 512 */
wolfSSL	4:1b0d80432c79	13121	size = sizeof(ssl->arrays->preMasterSecret)
wolfSSL	4:1b0d80432c79	13122	- OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13123	ret = wc_ecc_shared_secret(&myKey, peerKey,
wolfSSL	4:1b0d80432c79	13124	ssl->arrays->preMasterSecret + OPAQUE16_LEN, &size);
wolfSSL	4:1b0d80432c79	13125	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13126	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13127	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13128	#endif
wolfSSL	4:1b0d80432c79	13129	ret = ECC_SHARED_ERROR;
wolfSSL	4:1b0d80432c79	13130	}
wolfSSL	4:1b0d80432c79	13131	}
wolfSSL	4:1b0d80432c79	13132
wolfSSL	4:1b0d80432c79	13133	wc_ecc_free(&myKey);
wolfSSL	4:1b0d80432c79	13134	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13135	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13136	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13137	#endif
wolfSSL	4:1b0d80432c79	13138	return ret;
wolfSSL	4:1b0d80432c79	13139	}
wolfSSL	4:1b0d80432c79	13140
wolfSSL	4:1b0d80432c79	13141	/* Create pre master secret is the concatination of
wolfSSL	4:1b0d80432c79	13142	eccSize + eccSharedKey + pskSize + pskKey */
wolfSSL	4:1b0d80432c79	13143	c16toa((word16)size, pms);
wolfSSL	4:1b0d80432c79	13144	ssl->arrays->preMasterSz += OPAQUE16_LEN + size;
wolfSSL	4:1b0d80432c79	13145	pms += ssl->arrays->preMasterSz;
wolfSSL	4:1b0d80432c79	13146
wolfSSL	4:1b0d80432c79	13147	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	13148	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13149	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	13150	ssl->arrays->preMasterSz +=
wolfSSL	4:1b0d80432c79	13151	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13152
wolfSSL	4:1b0d80432c79	13153	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	13154	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	4:1b0d80432c79	13155	}
wolfSSL	4:1b0d80432c79	13156	break;
wolfSSL	4:1b0d80432c79	13157	#endif /* HAVE_ECC && !NO_PSK */
wolfSSL	4:1b0d80432c79	13158	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	13159	case ntru_kea:
wolfSSL	4:1b0d80432c79	13160	{
wolfSSL	4:1b0d80432c79	13161	word32 rc;
wolfSSL	4:1b0d80432c79	13162	word16 cipherLen = MAX_ENCRYPT_SZ;
wolfSSL	4:1b0d80432c79	13163	DRBG_HANDLE drbg;
wolfSSL	4:1b0d80432c79	13164
wolfSSL	4:1b0d80432c79	13165	ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL	4:1b0d80432c79	13166	ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL	4:1b0d80432c79	13167	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13168	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13169	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13170	#endif
wolfSSL	4:1b0d80432c79	13171	return ret;
wolfSSL	4:1b0d80432c79	13172	}
wolfSSL	4:1b0d80432c79	13173
wolfSSL	4:1b0d80432c79	13174	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	4:1b0d80432c79	13175
wolfSSL	4:1b0d80432c79	13176	if (ssl->peerNtruKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	13177	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13178	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13179	#endif
wolfSSL	4:1b0d80432c79	13180	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13181	}
wolfSSL	4:1b0d80432c79	13182
wolfSSL	4:1b0d80432c79	13183	rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	4:1b0d80432c79	13184	if (rc != DRBG_OK) {
wolfSSL	4:1b0d80432c79	13185	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13186	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13187	#endif
wolfSSL	4:1b0d80432c79	13188	return NTRU_DRBG_ERROR;
wolfSSL	4:1b0d80432c79	13189	}
wolfSSL	4:1b0d80432c79	13190
wolfSSL	4:1b0d80432c79	13191	rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL	4:1b0d80432c79	13192	ssl->peerNtruKey,
wolfSSL	4:1b0d80432c79	13193	ssl->arrays->preMasterSz,
wolfSSL	4:1b0d80432c79	13194	ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	13195	&cipherLen, encSecret);
wolfSSL	4:1b0d80432c79	13196	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	4:1b0d80432c79	13197	if (rc != NTRU_OK) {
wolfSSL	4:1b0d80432c79	13198	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13199	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13200	#endif
wolfSSL	4:1b0d80432c79	13201	return NTRU_ENCRYPT_ERROR;
wolfSSL	4:1b0d80432c79	13202	}
wolfSSL	4:1b0d80432c79	13203
wolfSSL	4:1b0d80432c79	13204	encSz = cipherLen;
wolfSSL	4:1b0d80432c79	13205	ret = 0;
wolfSSL	4:1b0d80432c79	13206	}
wolfSSL	4:1b0d80432c79	13207	break;
wolfSSL	4:1b0d80432c79	13208	#endif /* HAVE_NTRU */
wolfSSL	4:1b0d80432c79	13209	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13210	case ecc_diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	13211	{
wolfSSL	4:1b0d80432c79	13212	ecc_key myKey;
wolfSSL	4:1b0d80432c79	13213	ecc_key* peerKey = NULL;
wolfSSL	4:1b0d80432c79	13214	word32 size = MAX_ENCRYPT_SZ;
wolfSSL	4:1b0d80432c79	13215
wolfSSL	4:1b0d80432c79	13216	if (ssl->specs.static_ecdh) {
wolfSSL	4:1b0d80432c79	13217	/* TODO: EccDsa is really fixed Ecc change naming */
wolfSSL	4:1b0d80432c79	13218	if (!ssl->peerEccDsaKey \|\| !ssl->peerEccDsaKeyPresent \|\|
wolfSSL	4:1b0d80432c79	13219	!ssl->peerEccDsaKey->dp) {
wolfSSL	4:1b0d80432c79	13220	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13221	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13222	#endif
wolfSSL	4:1b0d80432c79	13223	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13224	}
wolfSSL	4:1b0d80432c79	13225	peerKey = ssl->peerEccDsaKey;
wolfSSL	4:1b0d80432c79	13226	}
wolfSSL	4:1b0d80432c79	13227	else {
wolfSSL	4:1b0d80432c79	13228	if (!ssl->peerEccKey \|\| !ssl->peerEccKeyPresent \|\|
wolfSSL	4:1b0d80432c79	13229	!ssl->peerEccKey->dp) {
wolfSSL	4:1b0d80432c79	13230	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13231	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13232	#endif
wolfSSL	4:1b0d80432c79	13233	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13234	}
wolfSSL	4:1b0d80432c79	13235	peerKey = ssl->peerEccKey;
wolfSSL	4:1b0d80432c79	13236	}
wolfSSL	4:1b0d80432c79	13237
wolfSSL	4:1b0d80432c79	13238	if (peerKey == NULL) {
wolfSSL	4:1b0d80432c79	13239	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13240	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13241	#endif
wolfSSL	4:1b0d80432c79	13242	return NO_PEER_KEY;
wolfSSL	4:1b0d80432c79	13243	}
wolfSSL	4:1b0d80432c79	13244
wolfSSL	4:1b0d80432c79	13245	wc_ecc_init(&myKey);
wolfSSL	4:1b0d80432c79	13246	ret = wc_ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
wolfSSL	4:1b0d80432c79	13247	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13248	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13249	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13250	#endif
wolfSSL	4:1b0d80432c79	13251	return ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	13252	}
wolfSSL	4:1b0d80432c79	13253
wolfSSL	4:1b0d80432c79	13254	/* precede export with 1 byte length */
wolfSSL	4:1b0d80432c79	13255	ret = wc_ecc_export_x963(&myKey, encSecret + 1, &size);
wolfSSL	4:1b0d80432c79	13256	encSecret[0] = (byte)size;
wolfSSL	4:1b0d80432c79	13257	encSz = size + 1;
wolfSSL	4:1b0d80432c79	13258
wolfSSL	4:1b0d80432c79	13259	if (ret != 0)
wolfSSL	4:1b0d80432c79	13260	ret = ECC_EXPORT_ERROR;
wolfSSL	4:1b0d80432c79	13261	else {
wolfSSL	4:1b0d80432c79	13262	size = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	4:1b0d80432c79	13263	ret = wc_ecc_shared_secret(&myKey, peerKey,
wolfSSL	4:1b0d80432c79	13264	ssl->arrays->preMasterSecret, &size);
wolfSSL	4:1b0d80432c79	13265	if (ret != 0)
wolfSSL	4:1b0d80432c79	13266	ret = ECC_SHARED_ERROR;
wolfSSL	4:1b0d80432c79	13267	}
wolfSSL	4:1b0d80432c79	13268
wolfSSL	4:1b0d80432c79	13269	ssl->arrays->preMasterSz = size;
wolfSSL	4:1b0d80432c79	13270	wc_ecc_free(&myKey);
wolfSSL	4:1b0d80432c79	13271	}
wolfSSL	4:1b0d80432c79	13272	break;
wolfSSL	4:1b0d80432c79	13273	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	13274	default:
wolfSSL	4:1b0d80432c79	13275	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13276	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13277	#endif
wolfSSL	4:1b0d80432c79	13278	return ALGO_ID_E; /* unsupported kea */
wolfSSL	4:1b0d80432c79	13279	}
wolfSSL	4:1b0d80432c79	13280
wolfSSL	4:1b0d80432c79	13281	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13282	byte *output;
wolfSSL	4:1b0d80432c79	13283	int sendSz;
wolfSSL	4:1b0d80432c79	13284	word32 tlsSz = 0;
wolfSSL	4:1b0d80432c79	13285
wolfSSL	4:1b0d80432c79	13286	if (ssl->options.tls \|\| ssl->specs.kea == diffie_hellman_kea)
wolfSSL	4:1b0d80432c79	13287	tlsSz = 2;
wolfSSL	4:1b0d80432c79	13288
wolfSSL	4:1b0d80432c79	13289	if (ssl->specs.kea == ecc_diffie_hellman_kea \|\|
wolfSSL	4:1b0d80432c79	13290	ssl->specs.kea == dhe_psk_kea \|\|
wolfSSL	4:1b0d80432c79	13291	ssl->specs.kea == ecdhe_psk_kea) /* always off */
wolfSSL	4:1b0d80432c79	13292	tlsSz = 0;
wolfSSL	4:1b0d80432c79	13293
wolfSSL	4:1b0d80432c79	13294	sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	13295	idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	13296
wolfSSL	4:1b0d80432c79	13297	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13298	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13299	sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	13300	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	13301	}
wolfSSL	4:1b0d80432c79	13302	#endif
wolfSSL	4:1b0d80432c79	13303
wolfSSL	4:1b0d80432c79	13304	if (IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	13305	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	13306
wolfSSL	4:1b0d80432c79	13307	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	13308	encSz += qshSz;
wolfSSL	4:1b0d80432c79	13309	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	13310	#endif
wolfSSL	4:1b0d80432c79	13311
wolfSSL	4:1b0d80432c79	13312	/* check for available size */
wolfSSL	4:1b0d80432c79	13313	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	13314	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13315	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13316	#endif
wolfSSL	4:1b0d80432c79	13317	return ret;
wolfSSL	4:1b0d80432c79	13318	}
wolfSSL	4:1b0d80432c79	13319
wolfSSL	4:1b0d80432c79	13320	/* get output buffer */
wolfSSL	4:1b0d80432c79	13321	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	13322	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	13323
wolfSSL	4:1b0d80432c79	13324
wolfSSL	4:1b0d80432c79	13325	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	13326	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	13327	byte idxSave = idx;
wolfSSL	4:1b0d80432c79	13328	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	13329
wolfSSL	4:1b0d80432c79	13330	if (QSH_KeyExchangeWrite(ssl, 0) != 0)
wolfSSL	4:1b0d80432c79	13331	return MEMORY_E;
wolfSSL	4:1b0d80432c79	13332
wolfSSL	4:1b0d80432c79	13333	/* extension type */
wolfSSL	4:1b0d80432c79	13334	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	13335	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13336
wolfSSL	4:1b0d80432c79	13337	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	13338	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	13339	> qshSz - OPAQUE16_LEN)
wolfSSL	4:1b0d80432c79	13340	return MEMORY_E;
wolfSSL	4:1b0d80432c79	13341
wolfSSL	4:1b0d80432c79	13342	idx = idxSave;
wolfSSL	4:1b0d80432c79	13343	}
wolfSSL	4:1b0d80432c79	13344	#endif
wolfSSL	4:1b0d80432c79	13345
wolfSSL	4:1b0d80432c79	13346	AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	13347
wolfSSL	4:1b0d80432c79	13348	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	13349	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	13350	encSz -= qshSz;
wolfSSL	4:1b0d80432c79	13351	}
wolfSSL	4:1b0d80432c79	13352	#endif
wolfSSL	4:1b0d80432c79	13353	if (tlsSz) {
wolfSSL	4:1b0d80432c79	13354	c16toa((word16)encSz, &output[idx]);
wolfSSL	4:1b0d80432c79	13355	idx += 2;
wolfSSL	4:1b0d80432c79	13356	}
wolfSSL	4:1b0d80432c79	13357	XMEMCPY(output + idx, encSecret, encSz);
wolfSSL	4:1b0d80432c79	13358	idx += encSz;
wolfSSL	4:1b0d80432c79	13359
wolfSSL	4:1b0d80432c79	13360	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	13361	byte* input;
wolfSSL	4:1b0d80432c79	13362	int inputSz = idx-RECORD_HEADER_SZ; /* buildmsg adds rechdr */
wolfSSL	4:1b0d80432c79	13363
wolfSSL	4:1b0d80432c79	13364	input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL	4:1b0d80432c79	13365	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13366	if (input == NULL) {
wolfSSL	4:1b0d80432c79	13367	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13368	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13369	#endif
wolfSSL	4:1b0d80432c79	13370	return MEMORY_E;
wolfSSL	4:1b0d80432c79	13371	}
wolfSSL	4:1b0d80432c79	13372
wolfSSL	4:1b0d80432c79	13373	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	4:1b0d80432c79	13374	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	4:1b0d80432c79	13375	handshake, 1);
wolfSSL	4:1b0d80432c79	13376	XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13377	if (sendSz < 0) {
wolfSSL	4:1b0d80432c79	13378	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13379	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13380	#endif
wolfSSL	4:1b0d80432c79	13381	return sendSz;
wolfSSL	4:1b0d80432c79	13382	}
wolfSSL	4:1b0d80432c79	13383	} else {
wolfSSL	4:1b0d80432c79	13384	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	13385	if (ret != 0) {
wolfSSL	4:1b0d80432c79	13386	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13387	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13388	#endif
wolfSSL	4:1b0d80432c79	13389	return ret;
wolfSSL	4:1b0d80432c79	13390	}
wolfSSL	4:1b0d80432c79	13391	}
wolfSSL	4:1b0d80432c79	13392
wolfSSL	4:1b0d80432c79	13393	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13394	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13395	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	13396	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13397	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13398	#endif
wolfSSL	4:1b0d80432c79	13399	return ret;
wolfSSL	4:1b0d80432c79	13400	}
wolfSSL	4:1b0d80432c79	13401	}
wolfSSL	4:1b0d80432c79	13402	#endif
wolfSSL	4:1b0d80432c79	13403
wolfSSL	4:1b0d80432c79	13404	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	13405	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	13406	AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	13407	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	13408	AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
wolfSSL	4:1b0d80432c79	13409	output, sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	13410	#endif
wolfSSL	4:1b0d80432c79	13411
wolfSSL	4:1b0d80432c79	13412	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	13413
wolfSSL	4:1b0d80432c79	13414	if (ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	13415	ret = 0;
wolfSSL	4:1b0d80432c79	13416	else
wolfSSL	4:1b0d80432c79	13417	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	13418	}
wolfSSL	4:1b0d80432c79	13419
wolfSSL	4:1b0d80432c79	13420	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13421	XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13422	#endif
wolfSSL	4:1b0d80432c79	13423
wolfSSL	4:1b0d80432c79	13424	if (ret == 0 \|\| ret == WANT_WRITE) {
wolfSSL	4:1b0d80432c79	13425	int tmpRet = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	13426	if (tmpRet != 0)
wolfSSL	4:1b0d80432c79	13427	ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL	4:1b0d80432c79	13428	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	13429	}
wolfSSL	4:1b0d80432c79	13430	/* No further need for PMS */
wolfSSL	4:1b0d80432c79	13431	ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL	4:1b0d80432c79	13432	ssl->arrays->preMasterSz = 0;
wolfSSL	4:1b0d80432c79	13433
wolfSSL	4:1b0d80432c79	13434	return ret;
wolfSSL	4:1b0d80432c79	13435	}
wolfSSL	4:1b0d80432c79	13436
wolfSSL	4:1b0d80432c79	13437	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	13438
wolfSSL	4:1b0d80432c79	13439
wolfSSL	4:1b0d80432c79	13440	int SendCertificateVerify(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	13441	{
wolfSSL	4:1b0d80432c79	13442	byte *output;
wolfSSL	4:1b0d80432c79	13443	int sendSz = MAX_CERT_VERIFY_SZ, length, ret;
wolfSSL	4:1b0d80432c79	13444	word32 idx = 0;
wolfSSL	4:1b0d80432c79	13445	word32 sigOutSz = 0;
wolfSSL	4:1b0d80432c79	13446	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13447	RsaKey key;
wolfSSL	4:1b0d80432c79	13448	int initRsaKey = 0;
wolfSSL	4:1b0d80432c79	13449	#endif
wolfSSL	4:1b0d80432c79	13450	int usingEcc = 0;
wolfSSL	4:1b0d80432c79	13451	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13452	ecc_key eccKey;
wolfSSL	4:1b0d80432c79	13453	#endif
wolfSSL	4:1b0d80432c79	13454
wolfSSL	4:1b0d80432c79	13455	(void)idx;
wolfSSL	4:1b0d80432c79	13456
wolfSSL	4:1b0d80432c79	13457	if (ssl->options.sendVerify == SEND_BLANK_CERT)
wolfSSL	4:1b0d80432c79	13458	return 0; /* sent blank cert, can't verify */
wolfSSL	4:1b0d80432c79	13459
wolfSSL	4:1b0d80432c79	13460	if (IsEncryptionOn(ssl, 1))
wolfSSL	4:1b0d80432c79	13461	sendSz += MAX_MSG_EXTRA;
wolfSSL	4:1b0d80432c79	13462
wolfSSL	4:1b0d80432c79	13463	/* check for available size */
wolfSSL	4:1b0d80432c79	13464	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	13465	return ret;
wolfSSL	4:1b0d80432c79	13466
wolfSSL	4:1b0d80432c79	13467	/* get output buffer */
wolfSSL	4:1b0d80432c79	13468	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	13469	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	13470
wolfSSL	4:1b0d80432c79	13471	ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL	4:1b0d80432c79	13472	if (ret != 0)
wolfSSL	4:1b0d80432c79	13473	return ret;
wolfSSL	4:1b0d80432c79	13474
wolfSSL	4:1b0d80432c79	13475	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13476	wc_ecc_init(&eccKey);
wolfSSL	4:1b0d80432c79	13477	#endif
wolfSSL	4:1b0d80432c79	13478	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13479	ret = wc_InitRsaKey(&key, ssl->heap);
wolfSSL	4:1b0d80432c79	13480	if (ret == 0) initRsaKey = 1;
wolfSSL	4:1b0d80432c79	13481	if (ret == 0)
wolfSSL	4:1b0d80432c79	13482	ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
wolfSSL	4:1b0d80432c79	13483	ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	13484	if (ret == 0)
wolfSSL	4:1b0d80432c79	13485	sigOutSz = wc_RsaEncryptSize(&key);
wolfSSL	4:1b0d80432c79	13486	else
wolfSSL	4:1b0d80432c79	13487	#endif
wolfSSL	4:1b0d80432c79	13488	{
wolfSSL	4:1b0d80432c79	13489	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13490	WOLFSSL_MSG("Trying ECC client cert, RSA didn't work");
wolfSSL	4:1b0d80432c79	13491
wolfSSL	4:1b0d80432c79	13492	if (ssl->buffers.key == NULL) {
wolfSSL	4:1b0d80432c79	13493	WOLFSSL_MSG("ECC Key missing");
wolfSSL	4:1b0d80432c79	13494	return NO_PRIVATE_KEY;
wolfSSL	4:1b0d80432c79	13495	}
wolfSSL	4:1b0d80432c79	13496
wolfSSL	4:1b0d80432c79	13497	idx = 0;
wolfSSL	4:1b0d80432c79	13498	ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &eccKey,
wolfSSL	4:1b0d80432c79	13499	ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	13500	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13501	WOLFSSL_MSG("Using ECC client cert");
wolfSSL	4:1b0d80432c79	13502	usingEcc = 1;
wolfSSL	4:1b0d80432c79	13503	sigOutSz = MAX_ENCODED_SIG_SZ;
wolfSSL	4:1b0d80432c79	13504	}
wolfSSL	4:1b0d80432c79	13505	else {
wolfSSL	4:1b0d80432c79	13506	WOLFSSL_MSG("Bad client cert type");
wolfSSL	4:1b0d80432c79	13507	}
wolfSSL	4:1b0d80432c79	13508	#endif
wolfSSL	4:1b0d80432c79	13509	}
wolfSSL	4:1b0d80432c79	13510	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13511	byte* verify = (byte*)&output[RECORD_HEADER_SZ +
wolfSSL	4:1b0d80432c79	13512	HANDSHAKE_HEADER_SZ];
wolfSSL	4:1b0d80432c79	13513	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	13514	byte* signBuffer = ssl->hsHashes->certHashes.md5;
wolfSSL	4:1b0d80432c79	13515	#else
wolfSSL	4:1b0d80432c79	13516	byte* signBuffer = NULL;
wolfSSL	4:1b0d80432c79	13517	#endif
wolfSSL	4:1b0d80432c79	13518	word32 signSz = FINISHED_SZ;
wolfSSL	4:1b0d80432c79	13519	word32 extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL	4:1b0d80432c79	13520	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13521	byte* encodedSig = NULL;
wolfSSL	4:1b0d80432c79	13522	#else
wolfSSL	4:1b0d80432c79	13523	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	4:1b0d80432c79	13524	#endif
wolfSSL	4:1b0d80432c79	13525
wolfSSL	4:1b0d80432c79	13526	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13527	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL	4:1b0d80432c79	13528	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13529	if (encodedSig == NULL) {
wolfSSL	4:1b0d80432c79	13530	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13531	if (initRsaKey)
wolfSSL	4:1b0d80432c79	13532	wc_FreeRsaKey(&key);
wolfSSL	4:1b0d80432c79	13533	#endif
wolfSSL	4:1b0d80432c79	13534	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13535	wc_ecc_free(&eccKey);
wolfSSL	4:1b0d80432c79	13536	#endif
wolfSSL	4:1b0d80432c79	13537	return MEMORY_E;
wolfSSL	4:1b0d80432c79	13538	}
wolfSSL	4:1b0d80432c79	13539	#endif
wolfSSL	4:1b0d80432c79	13540
wolfSSL	4:1b0d80432c79	13541	(void)encodedSig;
wolfSSL	4:1b0d80432c79	13542	(void)signSz;
wolfSSL	4:1b0d80432c79	13543	(void)signBuffer;
wolfSSL	4:1b0d80432c79	13544
wolfSSL	4:1b0d80432c79	13545	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13546	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	13547	verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	13548	#endif
wolfSSL	4:1b0d80432c79	13549	length = sigOutSz;
wolfSSL	4:1b0d80432c79	13550	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	13551	verify[0] = ssl->suites->hashAlgo;
wolfSSL	4:1b0d80432c79	13552	verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
wolfSSL	4:1b0d80432c79	13553	extraSz = HASH_SIG_SIZE;
wolfSSL	4:1b0d80432c79	13554	}
wolfSSL	4:1b0d80432c79	13555
wolfSSL	4:1b0d80432c79	13556	if (usingEcc) {
wolfSSL	4:1b0d80432c79	13557	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13558	word32 localSz = MAX_ENCODED_SIG_SZ;
wolfSSL	4:1b0d80432c79	13559	word32 digestSz;
wolfSSL	4:1b0d80432c79	13560	byte* digest;
wolfSSL	4:1b0d80432c79	13561	byte doUserEcc = 0;
wolfSSL	4:1b0d80432c79	13562	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	13563	/* old tls default */
wolfSSL	4:1b0d80432c79	13564	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13565	digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	13566	#else
wolfSSL	4:1b0d80432c79	13567	/* new tls default */
wolfSSL	4:1b0d80432c79	13568	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13569	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	13570	#endif
wolfSSL	4:1b0d80432c79	13571
wolfSSL	4:1b0d80432c79	13572	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	13573	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13574	if (ssl->ctx->EccSignCb)
wolfSSL	4:1b0d80432c79	13575	doUserEcc = 1;
wolfSSL	4:1b0d80432c79	13576	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	13577	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	13578
wolfSSL	4:1b0d80432c79	13579	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	13580	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	4:1b0d80432c79	13581	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	13582	digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	13583	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13584	#endif
wolfSSL	4:1b0d80432c79	13585	}
wolfSSL	4:1b0d80432c79	13586	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	13587	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	13588	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	13589	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13590	#endif
wolfSSL	4:1b0d80432c79	13591	}
wolfSSL	4:1b0d80432c79	13592	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	13593	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	13594	digest = ssl->hsHashes->certHashes.sha384;
wolfSSL	4:1b0d80432c79	13595	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13596	#endif
wolfSSL	4:1b0d80432c79	13597	}
wolfSSL	4:1b0d80432c79	13598	else if (ssl->suites->hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	13599	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	13600	digest = ssl->hsHashes->certHashes.sha512;
wolfSSL	4:1b0d80432c79	13601	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13602	#endif
wolfSSL	4:1b0d80432c79	13603	}
wolfSSL	4:1b0d80432c79	13604	}
wolfSSL	4:1b0d80432c79	13605
wolfSSL	4:1b0d80432c79	13606	if (doUserEcc) {
wolfSSL	4:1b0d80432c79	13607	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	13608	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13609	ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
wolfSSL	4:1b0d80432c79	13610	encodedSig, &localSz,
wolfSSL	4:1b0d80432c79	13611	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	13612	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	13613	ssl->EccSignCtx);
wolfSSL	4:1b0d80432c79	13614	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	13615	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	13616	}
wolfSSL	4:1b0d80432c79	13617	else {
wolfSSL	4:1b0d80432c79	13618	ret = wc_ecc_sign_hash(digest, digestSz, encodedSig,
wolfSSL	4:1b0d80432c79	13619	&localSz, ssl->rng, &eccKey);
wolfSSL	4:1b0d80432c79	13620	}
wolfSSL	4:1b0d80432c79	13621	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13622	length = localSz;
wolfSSL	4:1b0d80432c79	13623	c16toa((word16)length, verify + extraSz); /* prepend hdr */
wolfSSL	4:1b0d80432c79	13624	XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length);
wolfSSL	4:1b0d80432c79	13625	}
wolfSSL	4:1b0d80432c79	13626	#endif
wolfSSL	4:1b0d80432c79	13627	}
wolfSSL	4:1b0d80432c79	13628	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13629	else {
wolfSSL	4:1b0d80432c79	13630	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	13631
wolfSSL	4:1b0d80432c79	13632	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	13633	if (ssl->ctx->RsaSignCb)
wolfSSL	4:1b0d80432c79	13634	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	13635	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	13636
wolfSSL	4:1b0d80432c79	13637	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	13638	/*
wolfSSL	4:1b0d80432c79	13639	* MSVC Compiler complains because it can not
wolfSSL	4:1b0d80432c79	13640	* guarantee any of the conditionals will succeed in
wolfSSL	4:1b0d80432c79	13641	* assigning a value before wc_EncodeSignature executes.
wolfSSL	4:1b0d80432c79	13642	*/
wolfSSL	4:1b0d80432c79	13643	byte* digest = NULL;
wolfSSL	4:1b0d80432c79	13644	int digestSz = 0;
wolfSSL	4:1b0d80432c79	13645	int typeH = 0;
wolfSSL	4:1b0d80432c79	13646	int didSet = 0;
wolfSSL	4:1b0d80432c79	13647
wolfSSL	4:1b0d80432c79	13648	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	4:1b0d80432c79	13649	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	13650	digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	13651	typeH = SHAh;
wolfSSL	4:1b0d80432c79	13652	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13653	didSet = 1;
wolfSSL	4:1b0d80432c79	13654	#endif
wolfSSL	4:1b0d80432c79	13655	}
wolfSSL	4:1b0d80432c79	13656	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	13657	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	13658	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	13659	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	13660	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13661	didSet = 1;
wolfSSL	4:1b0d80432c79	13662	#endif
wolfSSL	4:1b0d80432c79	13663	}
wolfSSL	4:1b0d80432c79	13664	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	13665	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	13666	digest = ssl->hsHashes->certHashes.sha384;
wolfSSL	4:1b0d80432c79	13667	typeH = SHA384h;
wolfSSL	4:1b0d80432c79	13668	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13669	didSet = 1;
wolfSSL	4:1b0d80432c79	13670	#endif
wolfSSL	4:1b0d80432c79	13671	}
wolfSSL	4:1b0d80432c79	13672	else if (ssl->suites->hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	13673	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	13674	digest = ssl->hsHashes->certHashes.sha512;
wolfSSL	4:1b0d80432c79	13675	typeH = SHA512h;
wolfSSL	4:1b0d80432c79	13676	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13677	didSet = 1;
wolfSSL	4:1b0d80432c79	13678	#endif
wolfSSL	4:1b0d80432c79	13679	}
wolfSSL	4:1b0d80432c79	13680
wolfSSL	4:1b0d80432c79	13681	if (didSet == 0) {
wolfSSL	4:1b0d80432c79	13682	/* defaults */
wolfSSL	4:1b0d80432c79	13683	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	13684	digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	13685	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13686	typeH = SHAh;
wolfSSL	4:1b0d80432c79	13687	#else
wolfSSL	4:1b0d80432c79	13688	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	13689	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	13690	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	13691	#endif
wolfSSL	4:1b0d80432c79	13692	}
wolfSSL	4:1b0d80432c79	13693
wolfSSL	4:1b0d80432c79	13694	signSz = wc_EncodeSignature(encodedSig, digest,digestSz,typeH);
wolfSSL	4:1b0d80432c79	13695	signBuffer = encodedSig;
wolfSSL	4:1b0d80432c79	13696	}
wolfSSL	4:1b0d80432c79	13697
wolfSSL	4:1b0d80432c79	13698	c16toa((word16)length, verify + extraSz); /* prepend hdr */
wolfSSL	4:1b0d80432c79	13699	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	13700	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	13701	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13702	word32 ioLen = ENCRYPT_LEN;
wolfSSL	4:1b0d80432c79	13703	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	4:1b0d80432c79	13704	verify + extraSz + VERIFY_HEADER,
wolfSSL	4:1b0d80432c79	13705	&ioLen,
wolfSSL	4:1b0d80432c79	13706	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	13707	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	13708	ssl->RsaSignCtx);
wolfSSL	4:1b0d80432c79	13709	#endif /* NO_RSA */
wolfSSL	4:1b0d80432c79	13710	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	13711	}
wolfSSL	4:1b0d80432c79	13712	else {
wolfSSL	4:1b0d80432c79	13713	ret = wc_RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
wolfSSL	4:1b0d80432c79	13714	VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
wolfSSL	4:1b0d80432c79	13715	}
wolfSSL	4:1b0d80432c79	13716
wolfSSL	4:1b0d80432c79	13717	if (ret > 0) {
wolfSSL	4:1b0d80432c79	13718	/* check for signature faults */
wolfSSL	4:1b0d80432c79	13719	ret = VerifyRsaSign(verify + extraSz + VERIFY_HEADER, ret,
wolfSSL	4:1b0d80432c79	13720	signBuffer, signSz, &key);
wolfSSL	4:1b0d80432c79	13721	}
wolfSSL	4:1b0d80432c79	13722	}
wolfSSL	4:1b0d80432c79	13723	#endif
wolfSSL	4:1b0d80432c79	13724	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	13725	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13726	#endif
wolfSSL	4:1b0d80432c79	13727
wolfSSL	4:1b0d80432c79	13728	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13729	AddHeaders(output, length + extraSz + VERIFY_HEADER,
wolfSSL	4:1b0d80432c79	13730	certificate_verify, ssl);
wolfSSL	4:1b0d80432c79	13731
wolfSSL	4:1b0d80432c79	13732	sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
wolfSSL	4:1b0d80432c79	13733	extraSz + VERIFY_HEADER;
wolfSSL	4:1b0d80432c79	13734
wolfSSL	4:1b0d80432c79	13735	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13736	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13737	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	13738	}
wolfSSL	4:1b0d80432c79	13739	#endif
wolfSSL	4:1b0d80432c79	13740
wolfSSL	4:1b0d80432c79	13741	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	4:1b0d80432c79	13742	byte* input;
wolfSSL	4:1b0d80432c79	13743	int inputSz = sendSz - RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	13744	/* build msg adds rec hdr */
wolfSSL	4:1b0d80432c79	13745	input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL	4:1b0d80432c79	13746	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13747	if (input == NULL)
wolfSSL	4:1b0d80432c79	13748	ret = MEMORY_E;
wolfSSL	4:1b0d80432c79	13749	else {
wolfSSL	4:1b0d80432c79	13750	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	4:1b0d80432c79	13751	sendSz = BuildMessage(ssl, output,
wolfSSL	4:1b0d80432c79	13752	MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
wolfSSL	4:1b0d80432c79	13753	input, inputSz, handshake, 1);
wolfSSL	4:1b0d80432c79	13754	XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	13755
wolfSSL	4:1b0d80432c79	13756	if (sendSz < 0)
wolfSSL	4:1b0d80432c79	13757	ret = sendSz;
wolfSSL	4:1b0d80432c79	13758	}
wolfSSL	4:1b0d80432c79	13759	} else {
wolfSSL	4:1b0d80432c79	13760	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	13761	}
wolfSSL	4:1b0d80432c79	13762
wolfSSL	4:1b0d80432c79	13763	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13764	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13765	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	13766	return ret;
wolfSSL	4:1b0d80432c79	13767	}
wolfSSL	4:1b0d80432c79	13768	#endif
wolfSSL	4:1b0d80432c79	13769	}
wolfSSL	4:1b0d80432c79	13770	}
wolfSSL	4:1b0d80432c79	13771	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	13772	if (initRsaKey)
wolfSSL	4:1b0d80432c79	13773	wc_FreeRsaKey(&key);
wolfSSL	4:1b0d80432c79	13774	#endif
wolfSSL	4:1b0d80432c79	13775	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13776	wc_ecc_free(&eccKey);
wolfSSL	4:1b0d80432c79	13777	#endif
wolfSSL	4:1b0d80432c79	13778
wolfSSL	4:1b0d80432c79	13779	if (ret == 0) {
wolfSSL	4:1b0d80432c79	13780	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	13781	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	13782	AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	13783	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	13784	AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
wolfSSL	4:1b0d80432c79	13785	output, sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	13786	#endif
wolfSSL	4:1b0d80432c79	13787	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	13788	if (ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	13789	return 0;
wolfSSL	4:1b0d80432c79	13790	else
wolfSSL	4:1b0d80432c79	13791	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	13792	}
wolfSSL	4:1b0d80432c79	13793	else
wolfSSL	4:1b0d80432c79	13794	return ret;
wolfSSL	4:1b0d80432c79	13795	}
wolfSSL	4:1b0d80432c79	13796	#endif /* NO_CERTS */
wolfSSL	4:1b0d80432c79	13797
wolfSSL	4:1b0d80432c79	13798	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	13799	int DoSessionTicket(WOLFSSL* ssl,
wolfSSL	4:1b0d80432c79	13800	const byte* input, word32* inOutIdx, word32 size)
wolfSSL	4:1b0d80432c79	13801	{
wolfSSL	4:1b0d80432c79	13802	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	13803	word32 lifetime;
wolfSSL	4:1b0d80432c79	13804	word16 length;
wolfSSL	4:1b0d80432c79	13805
wolfSSL	4:1b0d80432c79	13806	if (ssl->expect_session_ticket == 0) {
wolfSSL	4:1b0d80432c79	13807	WOLFSSL_MSG("Unexpected session ticket");
wolfSSL	4:1b0d80432c79	13808	return SESSION_TICKET_EXPECT_E;
wolfSSL	4:1b0d80432c79	13809	}
wolfSSL	4:1b0d80432c79	13810
wolfSSL	4:1b0d80432c79	13811	if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
wolfSSL	4:1b0d80432c79	13812	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	13813
wolfSSL	4:1b0d80432c79	13814	ato32(input + *inOutIdx, &lifetime);
wolfSSL	4:1b0d80432c79	13815	*inOutIdx += OPAQUE32_LEN;
wolfSSL	4:1b0d80432c79	13816
wolfSSL	4:1b0d80432c79	13817	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	4:1b0d80432c79	13818	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	13819
wolfSSL	4:1b0d80432c79	13820	ato16(input + *inOutIdx, &length);
wolfSSL	4:1b0d80432c79	13821	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	13822
wolfSSL	4:1b0d80432c79	13823	if (length > sizeof(ssl->session.ticket))
wolfSSL	4:1b0d80432c79	13824	return SESSION_TICKET_LEN_E;
wolfSSL	4:1b0d80432c79	13825
wolfSSL	4:1b0d80432c79	13826	if ((*inOutIdx - begin) + length > size)
wolfSSL	4:1b0d80432c79	13827	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	13828
wolfSSL	4:1b0d80432c79	13829	/* If the received ticket including its length is greater than
wolfSSL	4:1b0d80432c79	13830	* a length value, the save it. Otherwise, don't save it. */
wolfSSL	4:1b0d80432c79	13831	if (length > 0) {
wolfSSL	4:1b0d80432c79	13832	XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
wolfSSL	4:1b0d80432c79	13833	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	13834	ssl->session.ticketLen = length;
wolfSSL	4:1b0d80432c79	13835	ssl->timeout = lifetime;
wolfSSL	4:1b0d80432c79	13836	if (ssl->session_ticket_cb != NULL) {
wolfSSL	4:1b0d80432c79	13837	ssl->session_ticket_cb(ssl,
wolfSSL	4:1b0d80432c79	13838	ssl->session.ticket, ssl->session.ticketLen,
wolfSSL	4:1b0d80432c79	13839	ssl->session_ticket_ctx);
wolfSSL	4:1b0d80432c79	13840	}
wolfSSL	4:1b0d80432c79	13841	/* Create a fake sessionID based on the ticket, this will
wolfSSL	4:1b0d80432c79	13842	* supercede the existing session cache info. */
wolfSSL	4:1b0d80432c79	13843	ssl->options.haveSessionId = 1;
wolfSSL	4:1b0d80432c79	13844	XMEMCPY(ssl->arrays->sessionID,
wolfSSL	4:1b0d80432c79	13845	ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL	4:1b0d80432c79	13846	#ifndef NO_SESSION_CACHE
wolfSSL	4:1b0d80432c79	13847	AddSession(ssl);
wolfSSL	4:1b0d80432c79	13848	#endif
wolfSSL	4:1b0d80432c79	13849
wolfSSL	4:1b0d80432c79	13850	}
wolfSSL	4:1b0d80432c79	13851	else {
wolfSSL	4:1b0d80432c79	13852	ssl->session.ticketLen = 0;
wolfSSL	4:1b0d80432c79	13853	}
wolfSSL	4:1b0d80432c79	13854
wolfSSL	4:1b0d80432c79	13855	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	4:1b0d80432c79	13856	*inOutIdx += ssl->keys.padSz;
wolfSSL	4:1b0d80432c79	13857	}
wolfSSL	4:1b0d80432c79	13858
wolfSSL	4:1b0d80432c79	13859	ssl->expect_session_ticket = 0;
wolfSSL	4:1b0d80432c79	13860
wolfSSL	4:1b0d80432c79	13861	return 0;
wolfSSL	4:1b0d80432c79	13862	}
wolfSSL	4:1b0d80432c79	13863	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	13864
wolfSSL	4:1b0d80432c79	13865	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	4:1b0d80432c79	13866
wolfSSL	4:1b0d80432c79	13867
wolfSSL	4:1b0d80432c79	13868	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	13869
wolfSSL	4:1b0d80432c79	13870	int SendServerHello(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	13871	{
wolfSSL	4:1b0d80432c79	13872	byte *output;
wolfSSL	4:1b0d80432c79	13873	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	13874	int sendSz;
wolfSSL	4:1b0d80432c79	13875	int ret;
wolfSSL	4:1b0d80432c79	13876	byte sessIdSz = ID_LEN;
wolfSSL	4:1b0d80432c79	13877
wolfSSL	4:1b0d80432c79	13878	length = VERSION_SZ + RAN_LEN
wolfSSL	4:1b0d80432c79	13879	+ ID_LEN + ENUM_LEN
wolfSSL	4:1b0d80432c79	13880	+ SUITE_LEN
wolfSSL	4:1b0d80432c79	13881	+ ENUM_LEN;
wolfSSL	4:1b0d80432c79	13882
wolfSSL	4:1b0d80432c79	13883	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	13884	length += TLSX_GetResponseSize(ssl);
wolfSSL	4:1b0d80432c79	13885	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	13886	if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) {
wolfSSL	4:1b0d80432c79	13887	/* no session id */
wolfSSL	4:1b0d80432c79	13888	length -= ID_LEN;
wolfSSL	4:1b0d80432c79	13889	sessIdSz = 0;
wolfSSL	4:1b0d80432c79	13890	}
wolfSSL	4:1b0d80432c79	13891	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	13892	#endif
wolfSSL	4:1b0d80432c79	13893
wolfSSL	4:1b0d80432c79	13894	/* check for avalaible size */
wolfSSL	4:1b0d80432c79	13895	if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
wolfSSL	4:1b0d80432c79	13896	return ret;
wolfSSL	4:1b0d80432c79	13897
wolfSSL	4:1b0d80432c79	13898	/* get output buffer */
wolfSSL	4:1b0d80432c79	13899	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	13900	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	13901
wolfSSL	4:1b0d80432c79	13902	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	13903	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13904	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13905	/* Server Hello should use the same sequence number as the
wolfSSL	4:1b0d80432c79	13906	* Client Hello. */
wolfSSL	4:1b0d80432c79	13907	ssl->keys.dtls_sequence_number = ssl->keys.dtls_state.curSeq;
wolfSSL	4:1b0d80432c79	13908	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	13909	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	13910	}
wolfSSL	4:1b0d80432c79	13911	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	13912	AddHeaders(output, length, server_hello, ssl);
wolfSSL	4:1b0d80432c79	13913
wolfSSL	4:1b0d80432c79	13914	/* now write to output */
wolfSSL	4:1b0d80432c79	13915	/* first version */
wolfSSL	4:1b0d80432c79	13916	output[idx++] = ssl->version.major;
wolfSSL	4:1b0d80432c79	13917	output[idx++] = ssl->version.minor;
wolfSSL	4:1b0d80432c79	13918
wolfSSL	4:1b0d80432c79	13919	/* then random and session id */
wolfSSL	4:1b0d80432c79	13920	if (!ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	13921	/* generate random part and session id */
wolfSSL	4:1b0d80432c79	13922	ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
wolfSSL	4:1b0d80432c79	13923	RAN_LEN + sizeof(sessIdSz) + sessIdSz);
wolfSSL	4:1b0d80432c79	13924	if (ret != 0)
wolfSSL	4:1b0d80432c79	13925	return ret;
wolfSSL	4:1b0d80432c79	13926
wolfSSL	4:1b0d80432c79	13927	/* store info in SSL for later */
wolfSSL	4:1b0d80432c79	13928	XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
wolfSSL	4:1b0d80432c79	13929	idx += RAN_LEN;
wolfSSL	4:1b0d80432c79	13930	output[idx++] = sessIdSz;
wolfSSL	4:1b0d80432c79	13931	XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
wolfSSL	4:1b0d80432c79	13932	}
wolfSSL	4:1b0d80432c79	13933	else {
wolfSSL	4:1b0d80432c79	13934	/* If resuming, use info from SSL */
wolfSSL	4:1b0d80432c79	13935	XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	13936	idx += RAN_LEN;
wolfSSL	4:1b0d80432c79	13937	output[idx++] = sessIdSz;
wolfSSL	4:1b0d80432c79	13938	XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
wolfSSL	4:1b0d80432c79	13939	}
wolfSSL	4:1b0d80432c79	13940	idx += sessIdSz;
wolfSSL	4:1b0d80432c79	13941
wolfSSL	4:1b0d80432c79	13942	#ifdef SHOW_SECRETS
wolfSSL	4:1b0d80432c79	13943	{
wolfSSL	4:1b0d80432c79	13944	int j;
wolfSSL	4:1b0d80432c79	13945	printf("server random: ");
wolfSSL	4:1b0d80432c79	13946	for (j = 0; j < RAN_LEN; j++)
wolfSSL	4:1b0d80432c79	13947	printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL	4:1b0d80432c79	13948	printf("\n");
wolfSSL	4:1b0d80432c79	13949	}
wolfSSL	4:1b0d80432c79	13950	#endif
wolfSSL	4:1b0d80432c79	13951
wolfSSL	4:1b0d80432c79	13952	/* then cipher suite */
wolfSSL	4:1b0d80432c79	13953	output[idx++] = ssl->options.cipherSuite0;
wolfSSL	4:1b0d80432c79	13954	output[idx++] = ssl->options.cipherSuite;
wolfSSL	4:1b0d80432c79	13955
wolfSSL	4:1b0d80432c79	13956	/* then compression */
wolfSSL	4:1b0d80432c79	13957	if (ssl->options.usingCompression)
wolfSSL	4:1b0d80432c79	13958	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	4:1b0d80432c79	13959	else
wolfSSL	4:1b0d80432c79	13960	output[idx++] = NO_COMPRESSION;
wolfSSL	4:1b0d80432c79	13961
wolfSSL	4:1b0d80432c79	13962	/* last, extensions */
wolfSSL	4:1b0d80432c79	13963	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	13964	TLSX_WriteResponse(ssl, output + idx);
wolfSSL	4:1b0d80432c79	13965	#endif
wolfSSL	4:1b0d80432c79	13966
wolfSSL	4:1b0d80432c79	13967	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	13968	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	13969	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	13970	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	13971	return ret;
wolfSSL	4:1b0d80432c79	13972	}
wolfSSL	4:1b0d80432c79	13973	#endif
wolfSSL	4:1b0d80432c79	13974
wolfSSL	4:1b0d80432c79	13975	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	13976	if (ret != 0)
wolfSSL	4:1b0d80432c79	13977	return ret;
wolfSSL	4:1b0d80432c79	13978
wolfSSL	4:1b0d80432c79	13979	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	13980	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	13981	AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	13982	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	13983	AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	13984	ssl->heap);
wolfSSL	4:1b0d80432c79	13985	#endif
wolfSSL	4:1b0d80432c79	13986
wolfSSL	4:1b0d80432c79	13987	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	4:1b0d80432c79	13988
wolfSSL	4:1b0d80432c79	13989	if (ssl->options.groupMessages)
wolfSSL	4:1b0d80432c79	13990	return 0;
wolfSSL	4:1b0d80432c79	13991	else
wolfSSL	4:1b0d80432c79	13992	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	13993	}
wolfSSL	4:1b0d80432c79	13994
wolfSSL	4:1b0d80432c79	13995
wolfSSL	4:1b0d80432c79	13996	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	13997
wolfSSL	4:1b0d80432c79	13998	static byte SetCurveId(int size)
wolfSSL	4:1b0d80432c79	13999	{
wolfSSL	4:1b0d80432c79	14000	switch(size) {
wolfSSL	4:1b0d80432c79	14001	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC160)
wolfSSL	4:1b0d80432c79	14002	case 20:
wolfSSL	4:1b0d80432c79	14003	return WOLFSSL_ECC_SECP160R1;
wolfSSL	4:1b0d80432c79	14004	#endif
wolfSSL	4:1b0d80432c79	14005	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC192)
wolfSSL	4:1b0d80432c79	14006	case 24:
wolfSSL	4:1b0d80432c79	14007	return WOLFSSL_ECC_SECP192R1;
wolfSSL	4:1b0d80432c79	14008	#endif
wolfSSL	4:1b0d80432c79	14009	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC224)
wolfSSL	4:1b0d80432c79	14010	case 28:
wolfSSL	4:1b0d80432c79	14011	return WOLFSSL_ECC_SECP224R1;
wolfSSL	4:1b0d80432c79	14012	#endif
wolfSSL	4:1b0d80432c79	14013	#if defined(HAVE_ALL_CURVES) \|\| !defined(NO_ECC256)
wolfSSL	4:1b0d80432c79	14014	case 32:
wolfSSL	4:1b0d80432c79	14015	return WOLFSSL_ECC_SECP256R1;
wolfSSL	4:1b0d80432c79	14016	#endif
wolfSSL	4:1b0d80432c79	14017	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC384)
wolfSSL	4:1b0d80432c79	14018	case 48:
wolfSSL	4:1b0d80432c79	14019	return WOLFSSL_ECC_SECP384R1;
wolfSSL	4:1b0d80432c79	14020	#endif
wolfSSL	4:1b0d80432c79	14021	#if defined(HAVE_ALL_CURVES) \|\| defined(HAVE_ECC521)
wolfSSL	4:1b0d80432c79	14022	case 66:
wolfSSL	4:1b0d80432c79	14023	return WOLFSSL_ECC_SECP521R1;
wolfSSL	4:1b0d80432c79	14024	#endif
wolfSSL	4:1b0d80432c79	14025	default:
wolfSSL	4:1b0d80432c79	14026	return 0;
wolfSSL	4:1b0d80432c79	14027	}
wolfSSL	4:1b0d80432c79	14028	}
wolfSSL	4:1b0d80432c79	14029
wolfSSL	4:1b0d80432c79	14030	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	14031
wolfSSL	4:1b0d80432c79	14032
wolfSSL	4:1b0d80432c79	14033	int SendServerKeyExchange(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	14034	{
wolfSSL	4:1b0d80432c79	14035	int ret = 0;
wolfSSL	4:1b0d80432c79	14036	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14037	word32 qshSz = 0;
wolfSSL	4:1b0d80432c79	14038	#endif
wolfSSL	4:1b0d80432c79	14039	(void)ssl;
wolfSSL	4:1b0d80432c79	14040	#define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
wolfSSL	4:1b0d80432c79	14041
wolfSSL	4:1b0d80432c79	14042	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14043	if (ssl->peerQSHKeyPresent && ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	14044	qshSz = QSH_KeyGetSize(ssl);
wolfSSL	4:1b0d80432c79	14045	}
wolfSSL	4:1b0d80432c79	14046	#endif
wolfSSL	4:1b0d80432c79	14047
wolfSSL	4:1b0d80432c79	14048
wolfSSL	4:1b0d80432c79	14049	switch(ssl->specs.kea)
wolfSSL	4:1b0d80432c79	14050	{
wolfSSL	4:1b0d80432c79	14051	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	14052	case psk_kea:
wolfSSL	4:1b0d80432c79	14053	{
wolfSSL	4:1b0d80432c79	14054	byte *output;
wolfSSL	4:1b0d80432c79	14055	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14056	int sendSz;
wolfSSL	4:1b0d80432c79	14057	if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */
wolfSSL	4:1b0d80432c79	14058
wolfSSL	4:1b0d80432c79	14059	/* include size part */
wolfSSL	4:1b0d80432c79	14060	length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	4:1b0d80432c79	14061	if (length > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	14062	return SERVER_HINT_ERROR;
wolfSSL	4:1b0d80432c79	14063	}
wolfSSL	4:1b0d80432c79	14064
wolfSSL	4:1b0d80432c79	14065	length += HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14066	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14067
wolfSSL	4:1b0d80432c79	14068	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14069	length += qshSz;
wolfSSL	4:1b0d80432c79	14070	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	14071	#endif
wolfSSL	4:1b0d80432c79	14072
wolfSSL	4:1b0d80432c79	14073	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14074	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14075	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14076	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14077	}
wolfSSL	4:1b0d80432c79	14078	#endif
wolfSSL	4:1b0d80432c79	14079	/* check for available size */
wolfSSL	4:1b0d80432c79	14080	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14081	return ret;
wolfSSL	4:1b0d80432c79	14082	}
wolfSSL	4:1b0d80432c79	14083
wolfSSL	4:1b0d80432c79	14084	/* get output buffer */
wolfSSL	4:1b0d80432c79	14085	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	14086	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	14087
wolfSSL	4:1b0d80432c79	14088	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	14089
wolfSSL	4:1b0d80432c79	14090	/* key data */
wolfSSL	4:1b0d80432c79	14091	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14092	c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx);
wolfSSL	4:1b0d80432c79	14093	#else
wolfSSL	4:1b0d80432c79	14094	c16toa((word16)(length - HINT_LEN_SZ), output + idx);
wolfSSL	4:1b0d80432c79	14095	#endif
wolfSSL	4:1b0d80432c79	14096	idx += HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14097	XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
wolfSSL	4:1b0d80432c79	14098
wolfSSL	4:1b0d80432c79	14099	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14100	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	14101	if (qshSz > 0) {
wolfSSL	4:1b0d80432c79	14102	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	14103	if (QSH_KeyExchangeWrite(ssl, 1) != 0) {
wolfSSL	4:1b0d80432c79	14104	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14105	}
wolfSSL	4:1b0d80432c79	14106
wolfSSL	4:1b0d80432c79	14107	/* extension type */
wolfSSL	4:1b0d80432c79	14108	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	14109	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	14110
wolfSSL	4:1b0d80432c79	14111	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	14112	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	14113	> qshSz - OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	14114	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14115	}
wolfSSL	4:1b0d80432c79	14116	}
wolfSSL	4:1b0d80432c79	14117	}
wolfSSL	4:1b0d80432c79	14118	#endif
wolfSSL	4:1b0d80432c79	14119
wolfSSL	4:1b0d80432c79	14120	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14121	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14122	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14123	return ret;
wolfSSL	4:1b0d80432c79	14124	}
wolfSSL	4:1b0d80432c79	14125	}
wolfSSL	4:1b0d80432c79	14126	#endif
wolfSSL	4:1b0d80432c79	14127
wolfSSL	4:1b0d80432c79	14128	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	14129	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14130	return ret;
wolfSSL	4:1b0d80432c79	14131	}
wolfSSL	4:1b0d80432c79	14132
wolfSSL	4:1b0d80432c79	14133	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	14134	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	14135	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	14136	}
wolfSSL	4:1b0d80432c79	14137	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	14138	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	14139	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	14140	}
wolfSSL	4:1b0d80432c79	14141	#endif
wolfSSL	4:1b0d80432c79	14142
wolfSSL	4:1b0d80432c79	14143	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	14144	if (ssl->options.groupMessages) {
wolfSSL	4:1b0d80432c79	14145	ret = 0;
wolfSSL	4:1b0d80432c79	14146	}
wolfSSL	4:1b0d80432c79	14147	else {
wolfSSL	4:1b0d80432c79	14148	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	14149	}
wolfSSL	4:1b0d80432c79	14150	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	14151	break;
wolfSSL	4:1b0d80432c79	14152	}
wolfSSL	4:1b0d80432c79	14153	#endif /NO_PSK /
wolfSSL	4:1b0d80432c79	14154
wolfSSL	4:1b0d80432c79	14155	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	14156	case dhe_psk_kea:
wolfSSL	4:1b0d80432c79	14157	{
wolfSSL	4:1b0d80432c79	14158	byte *output;
wolfSSL	4:1b0d80432c79	14159	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14160	word32 hintLen;
wolfSSL	4:1b0d80432c79	14161	int sendSz;
wolfSSL	4:1b0d80432c79	14162	DhKey dhKey;
wolfSSL	4:1b0d80432c79	14163
wolfSSL	4:1b0d80432c79	14164	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	4:1b0d80432c79	14165	ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL	4:1b0d80432c79	14166	return NO_DH_PARAMS;
wolfSSL	4:1b0d80432c79	14167	}
wolfSSL	4:1b0d80432c79	14168
wolfSSL	4:1b0d80432c79	14169	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	4:1b0d80432c79	14170	ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	14171	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	4:1b0d80432c79	14172	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	14173	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	4:1b0d80432c79	14174	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14175	}
wolfSSL	4:1b0d80432c79	14176	}
wolfSSL	4:1b0d80432c79	14177
wolfSSL	4:1b0d80432c79	14178	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	4:1b0d80432c79	14179	ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	14180	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	4:1b0d80432c79	14181	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	14182	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	4:1b0d80432c79	14183	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14184	}
wolfSSL	4:1b0d80432c79	14185	}
wolfSSL	4:1b0d80432c79	14186
wolfSSL	4:1b0d80432c79	14187	wc_InitDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	14188	ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	14189	ssl->buffers.serverDH_P.length,
wolfSSL	4:1b0d80432c79	14190	ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	14191	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	14192	if (ret == 0) {
wolfSSL	4:1b0d80432c79	14193	ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng,
wolfSSL	4:1b0d80432c79	14194	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	14195	&ssl->buffers.serverDH_Priv.length,
wolfSSL	4:1b0d80432c79	14196	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	4:1b0d80432c79	14197	&ssl->buffers.serverDH_Pub.length);
wolfSSL	4:1b0d80432c79	14198	}
wolfSSL	4:1b0d80432c79	14199	wc_FreeDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	14200	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14201	return ret;
wolfSSL	4:1b0d80432c79	14202	}
wolfSSL	4:1b0d80432c79	14203
wolfSSL	4:1b0d80432c79	14204	length = LENGTH_SZ * 3 + /* p, g, pub */
wolfSSL	4:1b0d80432c79	14205	ssl->buffers.serverDH_P.length +
wolfSSL	4:1b0d80432c79	14206	ssl->buffers.serverDH_G.length +
wolfSSL	4:1b0d80432c79	14207	ssl->buffers.serverDH_Pub.length;
wolfSSL	4:1b0d80432c79	14208
wolfSSL	4:1b0d80432c79	14209	/* include size part */
wolfSSL	4:1b0d80432c79	14210	hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	4:1b0d80432c79	14211	if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	14212	return SERVER_HINT_ERROR;
wolfSSL	4:1b0d80432c79	14213	}
wolfSSL	4:1b0d80432c79	14214	length += hintLen + HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14215	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14216
wolfSSL	4:1b0d80432c79	14217	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14218	length += qshSz;
wolfSSL	4:1b0d80432c79	14219	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	14220	#endif
wolfSSL	4:1b0d80432c79	14221	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14222	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14223	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14224	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14225	}
wolfSSL	4:1b0d80432c79	14226	#endif
wolfSSL	4:1b0d80432c79	14227
wolfSSL	4:1b0d80432c79	14228	/* check for available size */
wolfSSL	4:1b0d80432c79	14229	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14230	return ret;
wolfSSL	4:1b0d80432c79	14231	}
wolfSSL	4:1b0d80432c79	14232
wolfSSL	4:1b0d80432c79	14233	/* get output buffer */
wolfSSL	4:1b0d80432c79	14234	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	14235	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	14236
wolfSSL	4:1b0d80432c79	14237	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	14238
wolfSSL	4:1b0d80432c79	14239	/* key data */
wolfSSL	4:1b0d80432c79	14240	c16toa((word16)hintLen, output + idx);
wolfSSL	4:1b0d80432c79	14241	idx += HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14242	XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen);
wolfSSL	4:1b0d80432c79	14243	idx += hintLen;
wolfSSL	4:1b0d80432c79	14244
wolfSSL	4:1b0d80432c79	14245	/* add p, g, pub */
wolfSSL	4:1b0d80432c79	14246	c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
wolfSSL	4:1b0d80432c79	14247	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	14248	XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	14249	ssl->buffers.serverDH_P.length);
wolfSSL	4:1b0d80432c79	14250	idx += ssl->buffers.serverDH_P.length;
wolfSSL	4:1b0d80432c79	14251
wolfSSL	4:1b0d80432c79	14252	/* g */
wolfSSL	4:1b0d80432c79	14253	c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
wolfSSL	4:1b0d80432c79	14254	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	14255	XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	14256	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	14257	idx += ssl->buffers.serverDH_G.length;
wolfSSL	4:1b0d80432c79	14258
wolfSSL	4:1b0d80432c79	14259	/* pub */
wolfSSL	4:1b0d80432c79	14260	c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
wolfSSL	4:1b0d80432c79	14261	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	14262	XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
wolfSSL	4:1b0d80432c79	14263	ssl->buffers.serverDH_Pub.length);
wolfSSL	4:1b0d80432c79	14264	idx += ssl->buffers.serverDH_Pub.length;
wolfSSL	4:1b0d80432c79	14265	(void)idx; /* suppress analyzer warning, and keep idx current */
wolfSSL	4:1b0d80432c79	14266
wolfSSL	4:1b0d80432c79	14267	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14268	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	14269	if (qshSz > 0) {
wolfSSL	4:1b0d80432c79	14270	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	14271	QSH_KeyExchangeWrite(ssl, 1);
wolfSSL	4:1b0d80432c79	14272
wolfSSL	4:1b0d80432c79	14273	/* extension type */
wolfSSL	4:1b0d80432c79	14274	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	14275	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	14276
wolfSSL	4:1b0d80432c79	14277	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	14278	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	14279	> qshSz - OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	14280	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14281	}
wolfSSL	4:1b0d80432c79	14282	}
wolfSSL	4:1b0d80432c79	14283	}
wolfSSL	4:1b0d80432c79	14284	#endif
wolfSSL	4:1b0d80432c79	14285
wolfSSL	4:1b0d80432c79	14286	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14287	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14288	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14289	return ret;
wolfSSL	4:1b0d80432c79	14290	}
wolfSSL	4:1b0d80432c79	14291	}
wolfSSL	4:1b0d80432c79	14292	#endif
wolfSSL	4:1b0d80432c79	14293
wolfSSL	4:1b0d80432c79	14294	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	14295
wolfSSL	4:1b0d80432c79	14296	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14297	return ret;
wolfSSL	4:1b0d80432c79	14298	}
wolfSSL	4:1b0d80432c79	14299
wolfSSL	4:1b0d80432c79	14300	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	14301	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	14302	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	14303	}
wolfSSL	4:1b0d80432c79	14304	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	14305	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	14306	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	14307	}
wolfSSL	4:1b0d80432c79	14308	#endif
wolfSSL	4:1b0d80432c79	14309
wolfSSL	4:1b0d80432c79	14310	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	14311	if (ssl->options.groupMessages) {
wolfSSL	4:1b0d80432c79	14312	ret = 0;
wolfSSL	4:1b0d80432c79	14313	}
wolfSSL	4:1b0d80432c79	14314	else {
wolfSSL	4:1b0d80432c79	14315	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	14316	}
wolfSSL	4:1b0d80432c79	14317	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	14318	break;
wolfSSL	4:1b0d80432c79	14319	}
wolfSSL	4:1b0d80432c79	14320	#endif /* !NO_DH && !NO_PSK */
wolfSSL	4:1b0d80432c79	14321
wolfSSL	4:1b0d80432c79	14322	#if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	14323	case ecdhe_psk_kea:
wolfSSL	4:1b0d80432c79	14324	{
wolfSSL	4:1b0d80432c79	14325	word32 hintLen;
wolfSSL	4:1b0d80432c79	14326	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14327	int sendSz;
wolfSSL	4:1b0d80432c79	14328	byte *output;
wolfSSL	4:1b0d80432c79	14329	ecc_key dsaKey;
wolfSSL	4:1b0d80432c79	14330	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14331	byte* exportBuf = NULL;
wolfSSL	4:1b0d80432c79	14332	#else
wolfSSL	4:1b0d80432c79	14333	byte exportBuf[MAX_EXPORT_ECC_SZ];
wolfSSL	4:1b0d80432c79	14334	#endif
wolfSSL	4:1b0d80432c79	14335	word32 expSz = MAX_EXPORT_ECC_SZ;
wolfSSL	4:1b0d80432c79	14336
wolfSSL	4:1b0d80432c79	14337	/* curve type, named curve, length(1) */
wolfSSL	4:1b0d80432c79	14338	length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL	4:1b0d80432c79	14339	/* pub key size */
wolfSSL	4:1b0d80432c79	14340	WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL	4:1b0d80432c79	14341
wolfSSL	4:1b0d80432c79	14342	/* need ephemeral key now, create it if missing */
wolfSSL	4:1b0d80432c79	14343	if (ssl->eccTempKey == NULL) {
wolfSSL	4:1b0d80432c79	14344	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	14345	ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	14346	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	14347	if (ssl->eccTempKey == NULL) {
wolfSSL	4:1b0d80432c79	14348	WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL	4:1b0d80432c79	14349	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14350	}
wolfSSL	4:1b0d80432c79	14351	wc_ecc_init(ssl->eccTempKey);
wolfSSL	4:1b0d80432c79	14352	}
wolfSSL	4:1b0d80432c79	14353	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	14354	if (wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz,
wolfSSL	4:1b0d80432c79	14355	ssl->eccTempKey) != 0) {
wolfSSL	4:1b0d80432c79	14356	return ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	14357	}
wolfSSL	4:1b0d80432c79	14358	ssl->eccTempKeyPresent = 1;
wolfSSL	4:1b0d80432c79	14359	}
wolfSSL	4:1b0d80432c79	14360
wolfSSL	4:1b0d80432c79	14361	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14362	exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL,
wolfSSL	4:1b0d80432c79	14363	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14364	if (exportBuf == NULL) {
wolfSSL	4:1b0d80432c79	14365	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14366	}
wolfSSL	4:1b0d80432c79	14367	#endif
wolfSSL	4:1b0d80432c79	14368
wolfSSL	4:1b0d80432c79	14369	if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) {
wolfSSL	4:1b0d80432c79	14370	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14371	XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14372	#endif
wolfSSL	4:1b0d80432c79	14373	return ECC_EXPORT_ERROR;
wolfSSL	4:1b0d80432c79	14374	}
wolfSSL	4:1b0d80432c79	14375	length += expSz;
wolfSSL	4:1b0d80432c79	14376
wolfSSL	4:1b0d80432c79	14377	/* include size part */
wolfSSL	4:1b0d80432c79	14378	hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	4:1b0d80432c79	14379	if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	14380	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14381	XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14382	#endif
wolfSSL	4:1b0d80432c79	14383	return SERVER_HINT_ERROR;
wolfSSL	4:1b0d80432c79	14384	}
wolfSSL	4:1b0d80432c79	14385	length += hintLen + HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14386	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14387
wolfSSL	4:1b0d80432c79	14388	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14389	length += qshSz;
wolfSSL	4:1b0d80432c79	14390	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	14391	#endif
wolfSSL	4:1b0d80432c79	14392	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14393	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14394	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14395	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14396	}
wolfSSL	4:1b0d80432c79	14397	#endif
wolfSSL	4:1b0d80432c79	14398	/* check for available size */
wolfSSL	4:1b0d80432c79	14399	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14400	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14401	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14402	XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14403	#endif
wolfSSL	4:1b0d80432c79	14404	return ret;
wolfSSL	4:1b0d80432c79	14405	}
wolfSSL	4:1b0d80432c79	14406
wolfSSL	4:1b0d80432c79	14407	/* get output buffer */
wolfSSL	4:1b0d80432c79	14408	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	14409	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	14410
wolfSSL	4:1b0d80432c79	14411	/* key data */
wolfSSL	4:1b0d80432c79	14412	c16toa((word16)hintLen, output + idx);
wolfSSL	4:1b0d80432c79	14413	idx += HINT_LEN_SZ;
wolfSSL	4:1b0d80432c79	14414	XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen);
wolfSSL	4:1b0d80432c79	14415	idx += hintLen;
wolfSSL	4:1b0d80432c79	14416
wolfSSL	4:1b0d80432c79	14417	/* ECC key exchange data */
wolfSSL	4:1b0d80432c79	14418	output[idx++] = named_curve;
wolfSSL	4:1b0d80432c79	14419	output[idx++] = 0x00; /* leading zero */
wolfSSL	4:1b0d80432c79	14420	output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey));
wolfSSL	4:1b0d80432c79	14421	output[idx++] = (byte)expSz;
wolfSSL	4:1b0d80432c79	14422	XMEMCPY(output + idx, exportBuf, expSz);
wolfSSL	4:1b0d80432c79	14423	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14424	XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14425	#endif
wolfSSL	4:1b0d80432c79	14426
wolfSSL	4:1b0d80432c79	14427	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14428	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	14429	if (qshSz > 0) {
wolfSSL	4:1b0d80432c79	14430	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	14431	QSH_KeyExchangeWrite(ssl, 1);
wolfSSL	4:1b0d80432c79	14432
wolfSSL	4:1b0d80432c79	14433	/* extension type */
wolfSSL	4:1b0d80432c79	14434	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	14435	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	14436
wolfSSL	4:1b0d80432c79	14437	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	14438	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	14439	> qshSz - OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	14440	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14441	}
wolfSSL	4:1b0d80432c79	14442	}
wolfSSL	4:1b0d80432c79	14443	}
wolfSSL	4:1b0d80432c79	14444	#endif
wolfSSL	4:1b0d80432c79	14445
wolfSSL	4:1b0d80432c79	14446
wolfSSL	4:1b0d80432c79	14447	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	14448
wolfSSL	4:1b0d80432c79	14449	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14450	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14451	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14452	return ret;
wolfSSL	4:1b0d80432c79	14453	}
wolfSSL	4:1b0d80432c79	14454	}
wolfSSL	4:1b0d80432c79	14455	#endif
wolfSSL	4:1b0d80432c79	14456
wolfSSL	4:1b0d80432c79	14457	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	14458
wolfSSL	4:1b0d80432c79	14459	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14460	return ret;
wolfSSL	4:1b0d80432c79	14461	}
wolfSSL	4:1b0d80432c79	14462
wolfSSL	4:1b0d80432c79	14463	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	14464	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	14465	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	14466	}
wolfSSL	4:1b0d80432c79	14467	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	14468	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	14469	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	14470	}
wolfSSL	4:1b0d80432c79	14471	#endif
wolfSSL	4:1b0d80432c79	14472
wolfSSL	4:1b0d80432c79	14473	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	14474	if (ssl->options.groupMessages) {
wolfSSL	4:1b0d80432c79	14475	ret = 0;
wolfSSL	4:1b0d80432c79	14476	}
wolfSSL	4:1b0d80432c79	14477	else {
wolfSSL	4:1b0d80432c79	14478	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	14479	}
wolfSSL	4:1b0d80432c79	14480	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	14481	break;
wolfSSL	4:1b0d80432c79	14482	}
wolfSSL	4:1b0d80432c79	14483	#endif /* HAVE_ECC && !NO_PSK */
wolfSSL	4:1b0d80432c79	14484
wolfSSL	4:1b0d80432c79	14485	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	14486	case ecc_diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	14487	{
wolfSSL	4:1b0d80432c79	14488	byte *output;
wolfSSL	4:1b0d80432c79	14489	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14490	int sendSz;
wolfSSL	4:1b0d80432c79	14491	word32 sigSz;
wolfSSL	4:1b0d80432c79	14492	word32 preSigSz, preSigIdx;
wolfSSL	4:1b0d80432c79	14493	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14494	RsaKey rsaKey;
wolfSSL	4:1b0d80432c79	14495	#endif
wolfSSL	4:1b0d80432c79	14496	ecc_key dsaKey;
wolfSSL	4:1b0d80432c79	14497	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14498	byte* exportBuf = NULL;
wolfSSL	4:1b0d80432c79	14499	#else
wolfSSL	4:1b0d80432c79	14500	byte exportBuf[MAX_EXPORT_ECC_SZ];
wolfSSL	4:1b0d80432c79	14501	#endif
wolfSSL	4:1b0d80432c79	14502	word32 expSz = MAX_EXPORT_ECC_SZ;
wolfSSL	4:1b0d80432c79	14503
wolfSSL	4:1b0d80432c79	14504	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	14505	byte doMd5 = 0;
wolfSSL	4:1b0d80432c79	14506	byte doSha = 0;
wolfSSL	4:1b0d80432c79	14507	#endif
wolfSSL	4:1b0d80432c79	14508	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	14509	byte doSha256 = 0;
wolfSSL	4:1b0d80432c79	14510	#endif
wolfSSL	4:1b0d80432c79	14511	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	14512	byte doSha384 = 0;
wolfSSL	4:1b0d80432c79	14513	#endif
wolfSSL	4:1b0d80432c79	14514	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	14515	byte doSha512 = 0;
wolfSSL	4:1b0d80432c79	14516	#endif
wolfSSL	4:1b0d80432c79	14517
wolfSSL	4:1b0d80432c79	14518	if (ssl->specs.static_ecdh) {
wolfSSL	4:1b0d80432c79	14519	WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange");
wolfSSL	4:1b0d80432c79	14520	return 0;
wolfSSL	4:1b0d80432c79	14521	}
wolfSSL	4:1b0d80432c79	14522
wolfSSL	4:1b0d80432c79	14523	/* curve type, named curve, length(1) */
wolfSSL	4:1b0d80432c79	14524	length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL	4:1b0d80432c79	14525	/* pub key size */
wolfSSL	4:1b0d80432c79	14526	WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL	4:1b0d80432c79	14527
wolfSSL	4:1b0d80432c79	14528	/* need ephemeral key now, create it if missing */
wolfSSL	4:1b0d80432c79	14529	if (ssl->eccTempKey == NULL) {
wolfSSL	4:1b0d80432c79	14530	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	14531	ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	14532	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	14533	if (ssl->eccTempKey == NULL) {
wolfSSL	4:1b0d80432c79	14534	WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL	4:1b0d80432c79	14535	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14536	}
wolfSSL	4:1b0d80432c79	14537	wc_ecc_init(ssl->eccTempKey);
wolfSSL	4:1b0d80432c79	14538	}
wolfSSL	4:1b0d80432c79	14539	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	14540	if (wc_ecc_make_key(ssl->rng, ssl->eccTempKeySz,
wolfSSL	4:1b0d80432c79	14541	ssl->eccTempKey) != 0) {
wolfSSL	4:1b0d80432c79	14542	return ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	14543	}
wolfSSL	4:1b0d80432c79	14544	ssl->eccTempKeyPresent = 1;
wolfSSL	4:1b0d80432c79	14545	}
wolfSSL	4:1b0d80432c79	14546
wolfSSL	4:1b0d80432c79	14547	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14548	exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL,
wolfSSL	4:1b0d80432c79	14549	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14550	if (exportBuf == NULL) {
wolfSSL	4:1b0d80432c79	14551	return MEMORY_E;
wolfSSL	4:1b0d80432c79	14552	}
wolfSSL	4:1b0d80432c79	14553	#endif
wolfSSL	4:1b0d80432c79	14554
wolfSSL	4:1b0d80432c79	14555	if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) {
wolfSSL	4:1b0d80432c79	14556	ERROR_OUT(ECC_EXPORT_ERROR, done_a);
wolfSSL	4:1b0d80432c79	14557	}
wolfSSL	4:1b0d80432c79	14558	length += expSz;
wolfSSL	4:1b0d80432c79	14559
wolfSSL	4:1b0d80432c79	14560	preSigSz = length;
wolfSSL	4:1b0d80432c79	14561	preSigIdx = idx;
wolfSSL	4:1b0d80432c79	14562
wolfSSL	4:1b0d80432c79	14563	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14564	ret = wc_InitRsaKey(&rsaKey, ssl->heap);
wolfSSL	4:1b0d80432c79	14565	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14566	goto done_a;
wolfSSL	4:1b0d80432c79	14567	}
wolfSSL	4:1b0d80432c79	14568	#endif
wolfSSL	4:1b0d80432c79	14569
wolfSSL	4:1b0d80432c79	14570	wc_ecc_init(&dsaKey);
wolfSSL	4:1b0d80432c79	14571
wolfSSL	4:1b0d80432c79	14572	/* sig length */
wolfSSL	4:1b0d80432c79	14573	length += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	14574
wolfSSL	4:1b0d80432c79	14575	if (!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	4:1b0d80432c79	14576	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14577	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14578	#endif
wolfSSL	4:1b0d80432c79	14579	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14580	ERROR_OUT(NO_PRIVATE_KEY, done_a);
wolfSSL	4:1b0d80432c79	14581	}
wolfSSL	4:1b0d80432c79	14582
wolfSSL	4:1b0d80432c79	14583	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14584	if (ssl->specs.sig_algo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	14585	/* rsa sig size */
wolfSSL	4:1b0d80432c79	14586	word32 i = 0;
wolfSSL	4:1b0d80432c79	14587	ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i,
wolfSSL	4:1b0d80432c79	14588	&rsaKey, ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	14589	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14590	goto done_a;
wolfSSL	4:1b0d80432c79	14591	}
wolfSSL	4:1b0d80432c79	14592	sigSz = wc_RsaEncryptSize(&rsaKey);
wolfSSL	4:1b0d80432c79	14593	} else
wolfSSL	4:1b0d80432c79	14594	#endif
wolfSSL	4:1b0d80432c79	14595
wolfSSL	4:1b0d80432c79	14596	if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL	4:1b0d80432c79	14597	/* ecdsa sig size */
wolfSSL	4:1b0d80432c79	14598	word32 i = 0;
wolfSSL	4:1b0d80432c79	14599	ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &i,
wolfSSL	4:1b0d80432c79	14600	&dsaKey, ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	14601	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14602	goto done_a;
wolfSSL	4:1b0d80432c79	14603	}
wolfSSL	4:1b0d80432c79	14604	sigSz = wc_ecc_sig_size(&dsaKey); /* worst case estimate */
wolfSSL	4:1b0d80432c79	14605	}
wolfSSL	4:1b0d80432c79	14606	else {
wolfSSL	4:1b0d80432c79	14607	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14608	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14609	#endif
wolfSSL	4:1b0d80432c79	14610	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14611	ERROR_OUT(ALGO_ID_E, done_a); /* unsupported type */
wolfSSL	4:1b0d80432c79	14612	}
wolfSSL	4:1b0d80432c79	14613	length += sigSz;
wolfSSL	4:1b0d80432c79	14614
wolfSSL	4:1b0d80432c79	14615	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	14616	length += HASH_SIG_SIZE;
wolfSSL	4:1b0d80432c79	14617	}
wolfSSL	4:1b0d80432c79	14618
wolfSSL	4:1b0d80432c79	14619	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	14620
wolfSSL	4:1b0d80432c79	14621	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	14622	length += qshSz;
wolfSSL	4:1b0d80432c79	14623	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	14624	#endif
wolfSSL	4:1b0d80432c79	14625	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	14626	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	14627	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14628	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	14629	preSigIdx = idx;
wolfSSL	4:1b0d80432c79	14630	}
wolfSSL	4:1b0d80432c79	14631	#endif
wolfSSL	4:1b0d80432c79	14632	/* check for available size */
wolfSSL	4:1b0d80432c79	14633	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	14634	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14635	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14636	#endif
wolfSSL	4:1b0d80432c79	14637	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14638	goto done_a;
wolfSSL	4:1b0d80432c79	14639	}
wolfSSL	4:1b0d80432c79	14640
wolfSSL	4:1b0d80432c79	14641	/* get output buffer */
wolfSSL	4:1b0d80432c79	14642	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	14643	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	14644
wolfSSL	4:1b0d80432c79	14645	/* record and message headers will be added below, when we're sure
wolfSSL	4:1b0d80432c79	14646	of the sig length */
wolfSSL	4:1b0d80432c79	14647
wolfSSL	4:1b0d80432c79	14648	/* key exchange data */
wolfSSL	4:1b0d80432c79	14649	output[idx++] = named_curve;
wolfSSL	4:1b0d80432c79	14650	output[idx++] = 0x00; /* leading zero */
wolfSSL	4:1b0d80432c79	14651	output[idx++] = SetCurveId(wc_ecc_size(ssl->eccTempKey));
wolfSSL	4:1b0d80432c79	14652	output[idx++] = (byte)expSz;
wolfSSL	4:1b0d80432c79	14653	XMEMCPY(output + idx, exportBuf, expSz);
wolfSSL	4:1b0d80432c79	14654	idx += expSz;
wolfSSL	4:1b0d80432c79	14655	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	14656	byte setHash = 0;
wolfSSL	4:1b0d80432c79	14657
wolfSSL	4:1b0d80432c79	14658	output[idx++] = ssl->suites->hashAlgo;
wolfSSL	4:1b0d80432c79	14659	output[idx++] = ssl->suites->sigAlgo;
wolfSSL	4:1b0d80432c79	14660
wolfSSL	4:1b0d80432c79	14661	switch (ssl->suites->hashAlgo) {
wolfSSL	4:1b0d80432c79	14662	case sha512_mac:
wolfSSL	4:1b0d80432c79	14663	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	14664	doSha512 = 1;
wolfSSL	4:1b0d80432c79	14665	setHash = 1;
wolfSSL	4:1b0d80432c79	14666	#endif
wolfSSL	4:1b0d80432c79	14667	break;
wolfSSL	4:1b0d80432c79	14668
wolfSSL	4:1b0d80432c79	14669	case sha384_mac:
wolfSSL	4:1b0d80432c79	14670	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	14671	doSha384 = 1;
wolfSSL	4:1b0d80432c79	14672	setHash = 1;
wolfSSL	4:1b0d80432c79	14673	#endif
wolfSSL	4:1b0d80432c79	14674	break;
wolfSSL	4:1b0d80432c79	14675
wolfSSL	4:1b0d80432c79	14676	case sha256_mac:
wolfSSL	4:1b0d80432c79	14677	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	14678	doSha256 = 1;
wolfSSL	4:1b0d80432c79	14679	setHash = 1;
wolfSSL	4:1b0d80432c79	14680	#endif
wolfSSL	4:1b0d80432c79	14681	break;
wolfSSL	4:1b0d80432c79	14682
wolfSSL	4:1b0d80432c79	14683	case sha_mac:
wolfSSL	4:1b0d80432c79	14684	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	14685	doSha = 1;
wolfSSL	4:1b0d80432c79	14686	setHash = 1;
wolfSSL	4:1b0d80432c79	14687	#endif
wolfSSL	4:1b0d80432c79	14688	break;
wolfSSL	4:1b0d80432c79	14689
wolfSSL	4:1b0d80432c79	14690	default:
wolfSSL	4:1b0d80432c79	14691	WOLFSSL_MSG("Bad hash sig algo");
wolfSSL	4:1b0d80432c79	14692	break;
wolfSSL	4:1b0d80432c79	14693	}
wolfSSL	4:1b0d80432c79	14694
wolfSSL	4:1b0d80432c79	14695	if (setHash == 0) {
wolfSSL	4:1b0d80432c79	14696	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14697	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14698	#endif
wolfSSL	4:1b0d80432c79	14699	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14700	ERROR_OUT(ALGO_ID_E, done_a);
wolfSSL	4:1b0d80432c79	14701	}
wolfSSL	4:1b0d80432c79	14702	} else {
wolfSSL	4:1b0d80432c79	14703	/* only using sha and md5 for rsa */
wolfSSL	4:1b0d80432c79	14704	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	14705	doSha = 1;
wolfSSL	4:1b0d80432c79	14706	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	14707	doMd5 = 1;
wolfSSL	4:1b0d80432c79	14708	}
wolfSSL	4:1b0d80432c79	14709	#else
wolfSSL	4:1b0d80432c79	14710	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14711	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14712	#endif
wolfSSL	4:1b0d80432c79	14713	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14714	ERROR_OUT(ALGO_ID_E, done_a);
wolfSSL	4:1b0d80432c79	14715	#endif
wolfSSL	4:1b0d80432c79	14716	}
wolfSSL	4:1b0d80432c79	14717
wolfSSL	4:1b0d80432c79	14718	/* Signtaure length will be written later, when we're sure what it
wolfSSL	4:1b0d80432c79	14719	is */
wolfSSL	4:1b0d80432c79	14720
wolfSSL	4:1b0d80432c79	14721	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	14722	if (ssl->fuzzerCb) {
wolfSSL	4:1b0d80432c79	14723	ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz,
wolfSSL	4:1b0d80432c79	14724	FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	14725	}
wolfSSL	4:1b0d80432c79	14726	#endif
wolfSSL	4:1b0d80432c79	14727
wolfSSL	4:1b0d80432c79	14728	/* do signature */
wolfSSL	4:1b0d80432c79	14729	{
wolfSSL	4:1b0d80432c79	14730	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	14731	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14732	Md5* md5 = NULL;
wolfSSL	4:1b0d80432c79	14733	Sha* sha = NULL;
wolfSSL	4:1b0d80432c79	14734	#else
wolfSSL	4:1b0d80432c79	14735	Md5 md5[1];
wolfSSL	4:1b0d80432c79	14736	Sha sha[1];
wolfSSL	4:1b0d80432c79	14737	#endif
wolfSSL	4:1b0d80432c79	14738	#endif
wolfSSL	4:1b0d80432c79	14739	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14740	byte* hash = NULL;
wolfSSL	4:1b0d80432c79	14741	#else
wolfSSL	4:1b0d80432c79	14742	byte hash[FINISHED_SZ];
wolfSSL	4:1b0d80432c79	14743	#endif
wolfSSL	4:1b0d80432c79	14744	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	14745	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14746	Sha256* sha256 = NULL;
wolfSSL	4:1b0d80432c79	14747	byte* hash256 = NULL;
wolfSSL	4:1b0d80432c79	14748	#else
wolfSSL	4:1b0d80432c79	14749	Sha256 sha256[1];
wolfSSL	4:1b0d80432c79	14750	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	14751	#endif
wolfSSL	4:1b0d80432c79	14752	#endif
wolfSSL	4:1b0d80432c79	14753	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	14754	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14755	Sha384* sha384 = NULL;
wolfSSL	4:1b0d80432c79	14756	byte* hash384 = NULL;
wolfSSL	4:1b0d80432c79	14757	#else
wolfSSL	4:1b0d80432c79	14758	Sha384 sha384[1];
wolfSSL	4:1b0d80432c79	14759	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	14760	#endif
wolfSSL	4:1b0d80432c79	14761	#endif
wolfSSL	4:1b0d80432c79	14762	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	14763	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14764	Sha512* sha512 = NULL;
wolfSSL	4:1b0d80432c79	14765	byte* hash512 = NULL;
wolfSSL	4:1b0d80432c79	14766	#else
wolfSSL	4:1b0d80432c79	14767	Sha512 sha512[1];
wolfSSL	4:1b0d80432c79	14768	byte hash512[SHA512_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	14769	#endif
wolfSSL	4:1b0d80432c79	14770	#endif
wolfSSL	4:1b0d80432c79	14771
wolfSSL	4:1b0d80432c79	14772	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14773	hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
wolfSSL	4:1b0d80432c79	14774	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14775	if (hash == NULL) {
wolfSSL	4:1b0d80432c79	14776	ERROR_OUT(MEMORY_E, done_a);
wolfSSL	4:1b0d80432c79	14777	}
wolfSSL	4:1b0d80432c79	14778	#endif
wolfSSL	4:1b0d80432c79	14779
wolfSSL	4:1b0d80432c79	14780	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	14781	/* md5 */
wolfSSL	4:1b0d80432c79	14782	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14783	if (doMd5) {
wolfSSL	4:1b0d80432c79	14784	md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
wolfSSL	4:1b0d80432c79	14785	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14786	if (md5 == NULL) {
wolfSSL	4:1b0d80432c79	14787	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14788	}
wolfSSL	4:1b0d80432c79	14789	}
wolfSSL	4:1b0d80432c79	14790	#endif
wolfSSL	4:1b0d80432c79	14791	if (doMd5) {
wolfSSL	4:1b0d80432c79	14792	wc_InitMd5(md5);
wolfSSL	4:1b0d80432c79	14793	wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	14794	wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	14795	wc_Md5Update(md5, output + preSigIdx, preSigSz);
wolfSSL	4:1b0d80432c79	14796	wc_Md5Final(md5, hash);
wolfSSL	4:1b0d80432c79	14797	}
wolfSSL	4:1b0d80432c79	14798	/* sha */
wolfSSL	4:1b0d80432c79	14799	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14800	if (doSha) {
wolfSSL	4:1b0d80432c79	14801	sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
wolfSSL	4:1b0d80432c79	14802	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14803	if (sha == NULL) {
wolfSSL	4:1b0d80432c79	14804	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14805	}
wolfSSL	4:1b0d80432c79	14806	}
wolfSSL	4:1b0d80432c79	14807	#endif
wolfSSL	4:1b0d80432c79	14808	if (doSha) {
wolfSSL	4:1b0d80432c79	14809	ret = wc_InitSha(sha);
wolfSSL	4:1b0d80432c79	14810	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14811	goto done_a2;
wolfSSL	4:1b0d80432c79	14812	}
wolfSSL	4:1b0d80432c79	14813	wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	14814	wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	14815	wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
wolfSSL	4:1b0d80432c79	14816	wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
wolfSSL	4:1b0d80432c79	14817	}
wolfSSL	4:1b0d80432c79	14818	#endif
wolfSSL	4:1b0d80432c79	14819
wolfSSL	4:1b0d80432c79	14820	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	14821	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14822	if (doSha256) {
wolfSSL	4:1b0d80432c79	14823	sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
wolfSSL	4:1b0d80432c79	14824	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14825	hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	14826	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14827	if (sha256 == NULL \|\| hash256 == NULL) {
wolfSSL	4:1b0d80432c79	14828	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14829	}
wolfSSL	4:1b0d80432c79	14830	}
wolfSSL	4:1b0d80432c79	14831	#endif
wolfSSL	4:1b0d80432c79	14832
wolfSSL	4:1b0d80432c79	14833	if (doSha256) {
wolfSSL	4:1b0d80432c79	14834	if (!(ret = wc_InitSha256(sha256))
wolfSSL	4:1b0d80432c79	14835	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	14836	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14837	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	14838	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14839	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	14840	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	14841	ret = wc_Sha256Final(sha256, hash256);
wolfSSL	4:1b0d80432c79	14842	}
wolfSSL	4:1b0d80432c79	14843	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14844	goto done_a2;
wolfSSL	4:1b0d80432c79	14845	}
wolfSSL	4:1b0d80432c79	14846	}
wolfSSL	4:1b0d80432c79	14847	#endif
wolfSSL	4:1b0d80432c79	14848
wolfSSL	4:1b0d80432c79	14849	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	14850	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14851	if (doSha384) {
wolfSSL	4:1b0d80432c79	14852	sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
wolfSSL	4:1b0d80432c79	14853	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14854	hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	14855	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14856	if (sha384 == NULL \|\| hash384 == NULL) {
wolfSSL	4:1b0d80432c79	14857	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14858	}
wolfSSL	4:1b0d80432c79	14859	}
wolfSSL	4:1b0d80432c79	14860	#endif
wolfSSL	4:1b0d80432c79	14861
wolfSSL	4:1b0d80432c79	14862	if (doSha384) {
wolfSSL	4:1b0d80432c79	14863	if (!(ret = wc_InitSha384(sha384))
wolfSSL	4:1b0d80432c79	14864	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	14865	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14866	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	14867	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14868	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	14869	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	14870	ret = wc_Sha384Final(sha384, hash384);
wolfSSL	4:1b0d80432c79	14871	}
wolfSSL	4:1b0d80432c79	14872	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14873	goto done_a2;
wolfSSL	4:1b0d80432c79	14874	}
wolfSSL	4:1b0d80432c79	14875	}
wolfSSL	4:1b0d80432c79	14876	#endif
wolfSSL	4:1b0d80432c79	14877
wolfSSL	4:1b0d80432c79	14878	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	14879	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14880	if (doSha512) {
wolfSSL	4:1b0d80432c79	14881	sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
wolfSSL	4:1b0d80432c79	14882	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14883	hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	14884	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14885	if (sha512 == NULL \|\| hash512 == NULL) {
wolfSSL	4:1b0d80432c79	14886	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14887	}
wolfSSL	4:1b0d80432c79	14888	}
wolfSSL	4:1b0d80432c79	14889	#endif
wolfSSL	4:1b0d80432c79	14890
wolfSSL	4:1b0d80432c79	14891	if (doSha512) {
wolfSSL	4:1b0d80432c79	14892	if (!(ret = wc_InitSha512(sha512))
wolfSSL	4:1b0d80432c79	14893	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	14894	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14895	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	14896	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	14897	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	14898	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	14899	ret = wc_Sha512Final(sha512, hash512);
wolfSSL	4:1b0d80432c79	14900	}
wolfSSL	4:1b0d80432c79	14901	if (ret != 0) {
wolfSSL	4:1b0d80432c79	14902	goto done_a2;
wolfSSL	4:1b0d80432c79	14903	}
wolfSSL	4:1b0d80432c79	14904	}
wolfSSL	4:1b0d80432c79	14905	#endif
wolfSSL	4:1b0d80432c79	14906
wolfSSL	4:1b0d80432c79	14907	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14908	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	14909	byte* signBuffer = hash;
wolfSSL	4:1b0d80432c79	14910	word32 signSz = FINISHED_SZ;
wolfSSL	4:1b0d80432c79	14911	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	14912	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14913	byte* encodedSig = NULL;
wolfSSL	4:1b0d80432c79	14914	#else
wolfSSL	4:1b0d80432c79	14915	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	4:1b0d80432c79	14916	#endif
wolfSSL	4:1b0d80432c79	14917
wolfSSL	4:1b0d80432c79	14918	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	14919	if (ssl->ctx->RsaSignCb)
wolfSSL	4:1b0d80432c79	14920	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	14921	#endif
wolfSSL	4:1b0d80432c79	14922
wolfSSL	4:1b0d80432c79	14923	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14924	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL	4:1b0d80432c79	14925	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14926	if (encodedSig == NULL) {
wolfSSL	4:1b0d80432c79	14927	ERROR_OUT(MEMORY_E, done_a2);
wolfSSL	4:1b0d80432c79	14928	}
wolfSSL	4:1b0d80432c79	14929	#endif
wolfSSL	4:1b0d80432c79	14930
wolfSSL	4:1b0d80432c79	14931	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	14932	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	14933	int typeH = SHAh;
wolfSSL	4:1b0d80432c79	14934	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	14935
wolfSSL	4:1b0d80432c79	14936	if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	14937	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	14938	digest = hash256;
wolfSSL	4:1b0d80432c79	14939	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	14940	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	14941	#endif
wolfSSL	4:1b0d80432c79	14942	}
wolfSSL	4:1b0d80432c79	14943	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	14944	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	14945	digest = hash384;
wolfSSL	4:1b0d80432c79	14946	typeH = SHA384h;
wolfSSL	4:1b0d80432c79	14947	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	14948	#endif
wolfSSL	4:1b0d80432c79	14949	}
wolfSSL	4:1b0d80432c79	14950	else if (ssl->suites->hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	14951	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	14952	digest = hash512;
wolfSSL	4:1b0d80432c79	14953	typeH = SHA512h;
wolfSSL	4:1b0d80432c79	14954	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	14955	#endif
wolfSSL	4:1b0d80432c79	14956	}
wolfSSL	4:1b0d80432c79	14957
wolfSSL	4:1b0d80432c79	14958	if (digest == NULL) {
wolfSSL	4:1b0d80432c79	14959	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	14960	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14961	#endif
wolfSSL	4:1b0d80432c79	14962	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14963	ERROR_OUT(ALGO_ID_E, done_a2);
wolfSSL	4:1b0d80432c79	14964	}
wolfSSL	4:1b0d80432c79	14965	signSz = wc_EncodeSignature(encodedSig, digest,
wolfSSL	4:1b0d80432c79	14966	digestSz, typeH);
wolfSSL	4:1b0d80432c79	14967	signBuffer = encodedSig;
wolfSSL	4:1b0d80432c79	14968	}
wolfSSL	4:1b0d80432c79	14969	/* write sig size here */
wolfSSL	4:1b0d80432c79	14970	c16toa((word16)sigSz, output + idx);
wolfSSL	4:1b0d80432c79	14971	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	14972
wolfSSL	4:1b0d80432c79	14973	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	14974	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	14975	word32 ioLen = sigSz;
wolfSSL	4:1b0d80432c79	14976	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	4:1b0d80432c79	14977	output + idx, &ioLen,
wolfSSL	4:1b0d80432c79	14978	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	14979	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	14980	ssl->RsaSignCtx);
wolfSSL	4:1b0d80432c79	14981	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	14982	}
wolfSSL	4:1b0d80432c79	14983	else {
wolfSSL	4:1b0d80432c79	14984	ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
wolfSSL	4:1b0d80432c79	14985	sigSz, &rsaKey, ssl->rng);
wolfSSL	4:1b0d80432c79	14986	}
wolfSSL	4:1b0d80432c79	14987
wolfSSL	4:1b0d80432c79	14988	if (ret > 0) {
wolfSSL	4:1b0d80432c79	14989	/* check for signature faults */
wolfSSL	4:1b0d80432c79	14990	ret = VerifyRsaSign(output + idx, ret,
wolfSSL	4:1b0d80432c79	14991	signBuffer, signSz, &rsaKey);
wolfSSL	4:1b0d80432c79	14992	}
wolfSSL	4:1b0d80432c79	14993	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	14994	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	14995
wolfSSL	4:1b0d80432c79	14996	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	14997	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	14998	#endif
wolfSSL	4:1b0d80432c79	14999
wolfSSL	4:1b0d80432c79	15000	if (ret < 0) {
wolfSSL	4:1b0d80432c79	15001	goto done_a2;
wolfSSL	4:1b0d80432c79	15002	}
wolfSSL	4:1b0d80432c79	15003	} else
wolfSSL	4:1b0d80432c79	15004	#endif
wolfSSL	4:1b0d80432c79	15005
wolfSSL	4:1b0d80432c79	15006	if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	4:1b0d80432c79	15007	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15008	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15009	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15010	#else
wolfSSL	4:1b0d80432c79	15011	byte* digest = hash256;
wolfSSL	4:1b0d80432c79	15012	word32 digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15013	#endif
wolfSSL	4:1b0d80432c79	15014	word32 sz = sigSz;
wolfSSL	4:1b0d80432c79	15015	byte doUserEcc = 0;
wolfSSL	4:1b0d80432c79	15016
wolfSSL	4:1b0d80432c79	15017	#if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	15018	if (ssl->ctx->EccSignCb) {
wolfSSL	4:1b0d80432c79	15019	doUserEcc = 1;
wolfSSL	4:1b0d80432c79	15020	}
wolfSSL	4:1b0d80432c79	15021	#endif
wolfSSL	4:1b0d80432c79	15022
wolfSSL	4:1b0d80432c79	15023	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	15024	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	4:1b0d80432c79	15025	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	15026	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15027	digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15028	#endif
wolfSSL	4:1b0d80432c79	15029	}
wolfSSL	4:1b0d80432c79	15030	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	15031	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15032	digest = hash256;
wolfSSL	4:1b0d80432c79	15033	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15034	#endif
wolfSSL	4:1b0d80432c79	15035	}
wolfSSL	4:1b0d80432c79	15036	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	15037	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15038	digest = hash384;
wolfSSL	4:1b0d80432c79	15039	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15040	#endif
wolfSSL	4:1b0d80432c79	15041	}
wolfSSL	4:1b0d80432c79	15042	else if (ssl->suites->hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	15043	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15044	digest = hash512;
wolfSSL	4:1b0d80432c79	15045	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15046	#endif
wolfSSL	4:1b0d80432c79	15047	}
wolfSSL	4:1b0d80432c79	15048	}
wolfSSL	4:1b0d80432c79	15049
wolfSSL	4:1b0d80432c79	15050	if (doUserEcc) {
wolfSSL	4:1b0d80432c79	15051	#if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	15052	ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
wolfSSL	4:1b0d80432c79	15053	output + LENGTH_SZ + idx,
wolfSSL	4:1b0d80432c79	15054	&sz,
wolfSSL	4:1b0d80432c79	15055	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	15056	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	15057	ssl->EccSignCtx);
wolfSSL	4:1b0d80432c79	15058	#endif
wolfSSL	4:1b0d80432c79	15059	}
wolfSSL	4:1b0d80432c79	15060	else {
wolfSSL	4:1b0d80432c79	15061	ret = wc_ecc_sign_hash(digest, digestSz,
wolfSSL	4:1b0d80432c79	15062	output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
wolfSSL	4:1b0d80432c79	15063	}
wolfSSL	4:1b0d80432c79	15064	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	15065	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15066	#endif
wolfSSL	4:1b0d80432c79	15067	wc_ecc_free(&dsaKey);
wolfSSL	4:1b0d80432c79	15068
wolfSSL	4:1b0d80432c79	15069	if (ret < 0) {
wolfSSL	4:1b0d80432c79	15070	goto done_a2;
wolfSSL	4:1b0d80432c79	15071	}
wolfSSL	4:1b0d80432c79	15072
wolfSSL	4:1b0d80432c79	15073	/* Now that we know the real sig size, write it. */
wolfSSL	4:1b0d80432c79	15074	c16toa((word16)sz, output + idx);
wolfSSL	4:1b0d80432c79	15075
wolfSSL	4:1b0d80432c79	15076	/* And adjust length and sendSz from estimates */
wolfSSL	4:1b0d80432c79	15077	length += sz - sigSz;
wolfSSL	4:1b0d80432c79	15078	sendSz += sz - sigSz;
wolfSSL	4:1b0d80432c79	15079	}
wolfSSL	4:1b0d80432c79	15080
wolfSSL	4:1b0d80432c79	15081	done_a2:
wolfSSL	4:1b0d80432c79	15082	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15083	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15084	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15085	XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15086	#endif
wolfSSL	4:1b0d80432c79	15087	XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15088	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15089	XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15090	XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15091	#endif
wolfSSL	4:1b0d80432c79	15092	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15093	XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15094	XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15095	#endif
wolfSSL	4:1b0d80432c79	15096	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15097	XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15098	XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15099	#endif
wolfSSL	4:1b0d80432c79	15100	#endif
wolfSSL	4:1b0d80432c79	15101
wolfSSL	4:1b0d80432c79	15102	if (ret < 0)
wolfSSL	4:1b0d80432c79	15103	goto done_a;
wolfSSL	4:1b0d80432c79	15104	}
wolfSSL	4:1b0d80432c79	15105
wolfSSL	4:1b0d80432c79	15106	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	15107	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	15108	if (qshSz > 0) {
wolfSSL	4:1b0d80432c79	15109	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	15110	QSH_KeyExchangeWrite(ssl, 1);
wolfSSL	4:1b0d80432c79	15111
wolfSSL	4:1b0d80432c79	15112	/* extension type */
wolfSSL	4:1b0d80432c79	15113	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	15114	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	15115
wolfSSL	4:1b0d80432c79	15116	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	15117	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	15118	> qshSz - OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	15119	return MEMORY_E;
wolfSSL	4:1b0d80432c79	15120	}
wolfSSL	4:1b0d80432c79	15121	}
wolfSSL	4:1b0d80432c79	15122	}
wolfSSL	4:1b0d80432c79	15123	#endif
wolfSSL	4:1b0d80432c79	15124
wolfSSL	4:1b0d80432c79	15125
wolfSSL	4:1b0d80432c79	15126	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	15127
wolfSSL	4:1b0d80432c79	15128	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	15129	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	15130	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	15131	goto done_a;
wolfSSL	4:1b0d80432c79	15132	}
wolfSSL	4:1b0d80432c79	15133	}
wolfSSL	4:1b0d80432c79	15134	#endif
wolfSSL	4:1b0d80432c79	15135
wolfSSL	4:1b0d80432c79	15136	if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) {
wolfSSL	4:1b0d80432c79	15137	goto done_a;
wolfSSL	4:1b0d80432c79	15138	}
wolfSSL	4:1b0d80432c79	15139
wolfSSL	4:1b0d80432c79	15140	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	15141	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	15142	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	15143	}
wolfSSL	4:1b0d80432c79	15144	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	15145	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL	4:1b0d80432c79	15146	output, sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	15147	}
wolfSSL	4:1b0d80432c79	15148	#endif
wolfSSL	4:1b0d80432c79	15149
wolfSSL	4:1b0d80432c79	15150	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	15151	if (ssl->options.groupMessages) {
wolfSSL	4:1b0d80432c79	15152	ret = 0;
wolfSSL	4:1b0d80432c79	15153	}
wolfSSL	4:1b0d80432c79	15154	else {
wolfSSL	4:1b0d80432c79	15155	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	15156	}
wolfSSL	4:1b0d80432c79	15157	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	15158
wolfSSL	4:1b0d80432c79	15159	done_a:
wolfSSL	4:1b0d80432c79	15160	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15161	XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15162	#endif
wolfSSL	4:1b0d80432c79	15163
wolfSSL	4:1b0d80432c79	15164	return ret;
wolfSSL	4:1b0d80432c79	15165	}
wolfSSL	4:1b0d80432c79	15166	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	15167
wolfSSL	4:1b0d80432c79	15168	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	4:1b0d80432c79	15169	case diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	15170	{
wolfSSL	4:1b0d80432c79	15171	byte *output;
wolfSSL	4:1b0d80432c79	15172	word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	15173	int sendSz;
wolfSSL	4:1b0d80432c79	15174	word32 sigSz = 0, i = 0;
wolfSSL	4:1b0d80432c79	15175	word32 preSigSz = 0, preSigIdx = 0;
wolfSSL	4:1b0d80432c79	15176	RsaKey rsaKey;
wolfSSL	4:1b0d80432c79	15177	DhKey dhKey;
wolfSSL	4:1b0d80432c79	15178
wolfSSL	4:1b0d80432c79	15179	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	4:1b0d80432c79	15180	ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL	4:1b0d80432c79	15181	return NO_DH_PARAMS;
wolfSSL	4:1b0d80432c79	15182	}
wolfSSL	4:1b0d80432c79	15183
wolfSSL	4:1b0d80432c79	15184	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	4:1b0d80432c79	15185	ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	15186	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	4:1b0d80432c79	15187	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	15188	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	4:1b0d80432c79	15189	return MEMORY_E;
wolfSSL	4:1b0d80432c79	15190	}
wolfSSL	4:1b0d80432c79	15191	}
wolfSSL	4:1b0d80432c79	15192
wolfSSL	4:1b0d80432c79	15193	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	4:1b0d80432c79	15194	ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL	4:1b0d80432c79	15195	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	4:1b0d80432c79	15196	DYNAMIC_TYPE_DH);
wolfSSL	4:1b0d80432c79	15197	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	4:1b0d80432c79	15198	return MEMORY_E;
wolfSSL	4:1b0d80432c79	15199	}
wolfSSL	4:1b0d80432c79	15200	}
wolfSSL	4:1b0d80432c79	15201
wolfSSL	4:1b0d80432c79	15202	wc_InitDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	15203	ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	15204	ssl->buffers.serverDH_P.length,
wolfSSL	4:1b0d80432c79	15205	ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	15206	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	15207	if (ret == 0) {
wolfSSL	4:1b0d80432c79	15208	ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng,
wolfSSL	4:1b0d80432c79	15209	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	15210	&ssl->buffers.serverDH_Priv.length,
wolfSSL	4:1b0d80432c79	15211	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	4:1b0d80432c79	15212	&ssl->buffers.serverDH_Pub.length);
wolfSSL	4:1b0d80432c79	15213	}
wolfSSL	4:1b0d80432c79	15214	wc_FreeDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	15215
wolfSSL	4:1b0d80432c79	15216	if (ret != 0) {
wolfSSL	4:1b0d80432c79	15217	return ret;
wolfSSL	4:1b0d80432c79	15218	}
wolfSSL	4:1b0d80432c79	15219
wolfSSL	4:1b0d80432c79	15220	length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL	4:1b0d80432c79	15221	length += ssl->buffers.serverDH_P.length +
wolfSSL	4:1b0d80432c79	15222	ssl->buffers.serverDH_G.length +
wolfSSL	4:1b0d80432c79	15223	ssl->buffers.serverDH_Pub.length;
wolfSSL	4:1b0d80432c79	15224
wolfSSL	4:1b0d80432c79	15225	preSigIdx = idx;
wolfSSL	4:1b0d80432c79	15226	preSigSz = length;
wolfSSL	4:1b0d80432c79	15227
wolfSSL	4:1b0d80432c79	15228	if (!ssl->options.usingAnon_cipher) {
wolfSSL	4:1b0d80432c79	15229	ret = wc_InitRsaKey(&rsaKey, ssl->heap);
wolfSSL	4:1b0d80432c79	15230	if (ret != 0) {
wolfSSL	4:1b0d80432c79	15231	return ret;
wolfSSL	4:1b0d80432c79	15232	}
wolfSSL	4:1b0d80432c79	15233
wolfSSL	4:1b0d80432c79	15234	/* sig length */
wolfSSL	4:1b0d80432c79	15235	length += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	15236
wolfSSL	4:1b0d80432c79	15237	if (!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	4:1b0d80432c79	15238	return NO_PRIVATE_KEY;
wolfSSL	4:1b0d80432c79	15239	}
wolfSSL	4:1b0d80432c79	15240
wolfSSL	4:1b0d80432c79	15241	ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i,
wolfSSL	4:1b0d80432c79	15242	&rsaKey, ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	15243	if (ret == 0) {
wolfSSL	4:1b0d80432c79	15244	sigSz = wc_RsaEncryptSize(&rsaKey);
wolfSSL	4:1b0d80432c79	15245	length += sigSz;
wolfSSL	4:1b0d80432c79	15246	}
wolfSSL	4:1b0d80432c79	15247	else {
wolfSSL	4:1b0d80432c79	15248	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15249	return ret;
wolfSSL	4:1b0d80432c79	15250	}
wolfSSL	4:1b0d80432c79	15251
wolfSSL	4:1b0d80432c79	15252	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	15253	length += HASH_SIG_SIZE;
wolfSSL	4:1b0d80432c79	15254	}
wolfSSL	4:1b0d80432c79	15255	}
wolfSSL	4:1b0d80432c79	15256
wolfSSL	4:1b0d80432c79	15257	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	15258
wolfSSL	4:1b0d80432c79	15259	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	15260	length += qshSz;
wolfSSL	4:1b0d80432c79	15261	sendSz += qshSz;
wolfSSL	4:1b0d80432c79	15262	#endif
wolfSSL	4:1b0d80432c79	15263	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	15264	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	15265	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	15266	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	15267	preSigIdx = idx;
wolfSSL	4:1b0d80432c79	15268	}
wolfSSL	4:1b0d80432c79	15269	#endif
wolfSSL	4:1b0d80432c79	15270
wolfSSL	4:1b0d80432c79	15271	/* check for available size */
wolfSSL	4:1b0d80432c79	15272	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	15273	if (!ssl->options.usingAnon_cipher) {
wolfSSL	4:1b0d80432c79	15274	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15275	}
wolfSSL	4:1b0d80432c79	15276	return ret;
wolfSSL	4:1b0d80432c79	15277	}
wolfSSL	4:1b0d80432c79	15278
wolfSSL	4:1b0d80432c79	15279	/* get output buffer */
wolfSSL	4:1b0d80432c79	15280	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	15281	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	15282
wolfSSL	4:1b0d80432c79	15283	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	4:1b0d80432c79	15284
wolfSSL	4:1b0d80432c79	15285	/* add p, g, pub */
wolfSSL	4:1b0d80432c79	15286	c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
wolfSSL	4:1b0d80432c79	15287	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	15288	XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	15289	ssl->buffers.serverDH_P.length);
wolfSSL	4:1b0d80432c79	15290	idx += ssl->buffers.serverDH_P.length;
wolfSSL	4:1b0d80432c79	15291
wolfSSL	4:1b0d80432c79	15292	/* g */
wolfSSL	4:1b0d80432c79	15293	c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
wolfSSL	4:1b0d80432c79	15294	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	15295	XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	15296	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	15297	idx += ssl->buffers.serverDH_G.length;
wolfSSL	4:1b0d80432c79	15298
wolfSSL	4:1b0d80432c79	15299	/* pub */
wolfSSL	4:1b0d80432c79	15300	c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
wolfSSL	4:1b0d80432c79	15301	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	15302	XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
wolfSSL	4:1b0d80432c79	15303	ssl->buffers.serverDH_Pub.length);
wolfSSL	4:1b0d80432c79	15304	idx += ssl->buffers.serverDH_Pub.length;
wolfSSL	4:1b0d80432c79	15305
wolfSSL	4:1b0d80432c79	15306	#ifdef HAVE_FUZZER
wolfSSL	4:1b0d80432c79	15307	if (ssl->fuzzerCb) {
wolfSSL	4:1b0d80432c79	15308	ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz,
wolfSSL	4:1b0d80432c79	15309	FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL	4:1b0d80432c79	15310	}
wolfSSL	4:1b0d80432c79	15311	#endif
wolfSSL	4:1b0d80432c79	15312
wolfSSL	4:1b0d80432c79	15313	/* Add signature */
wolfSSL	4:1b0d80432c79	15314	if (!ssl->options.usingAnon_cipher) {
wolfSSL	4:1b0d80432c79	15315	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15316	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15317	Md5* md5 = NULL;
wolfSSL	4:1b0d80432c79	15318	Sha* sha = NULL;
wolfSSL	4:1b0d80432c79	15319	#else
wolfSSL	4:1b0d80432c79	15320	Md5 md5[1];
wolfSSL	4:1b0d80432c79	15321	Sha sha[1];
wolfSSL	4:1b0d80432c79	15322	#endif
wolfSSL	4:1b0d80432c79	15323	#endif
wolfSSL	4:1b0d80432c79	15324	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15325	byte* hash = NULL;
wolfSSL	4:1b0d80432c79	15326	#else
wolfSSL	4:1b0d80432c79	15327	byte hash[FINISHED_SZ];
wolfSSL	4:1b0d80432c79	15328	#endif
wolfSSL	4:1b0d80432c79	15329	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15330	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15331	Sha256* sha256 = NULL;
wolfSSL	4:1b0d80432c79	15332	byte* hash256 = NULL;
wolfSSL	4:1b0d80432c79	15333	#else
wolfSSL	4:1b0d80432c79	15334	Sha256 sha256[1];
wolfSSL	4:1b0d80432c79	15335	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15336	#endif
wolfSSL	4:1b0d80432c79	15337	#endif
wolfSSL	4:1b0d80432c79	15338	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15339	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15340	Sha384* sha384 = NULL;
wolfSSL	4:1b0d80432c79	15341	byte* hash384 = NULL;
wolfSSL	4:1b0d80432c79	15342	#else
wolfSSL	4:1b0d80432c79	15343	Sha384 sha384[1];
wolfSSL	4:1b0d80432c79	15344	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15345	#endif
wolfSSL	4:1b0d80432c79	15346	#endif
wolfSSL	4:1b0d80432c79	15347	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15348	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15349	Sha512* sha512 = NULL;
wolfSSL	4:1b0d80432c79	15350	byte* hash512 = NULL;
wolfSSL	4:1b0d80432c79	15351	#else
wolfSSL	4:1b0d80432c79	15352	Sha512 sha512[1];
wolfSSL	4:1b0d80432c79	15353	byte hash512[SHA512_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15354	#endif
wolfSSL	4:1b0d80432c79	15355	#endif
wolfSSL	4:1b0d80432c79	15356
wolfSSL	4:1b0d80432c79	15357	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15358	byte doMd5 = 0;
wolfSSL	4:1b0d80432c79	15359	byte doSha = 0;
wolfSSL	4:1b0d80432c79	15360	#endif
wolfSSL	4:1b0d80432c79	15361	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15362	byte doSha256 = 0;
wolfSSL	4:1b0d80432c79	15363	#endif
wolfSSL	4:1b0d80432c79	15364	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15365	byte doSha384 = 0;
wolfSSL	4:1b0d80432c79	15366	#endif
wolfSSL	4:1b0d80432c79	15367	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15368	byte doSha512 = 0;
wolfSSL	4:1b0d80432c79	15369	#endif
wolfSSL	4:1b0d80432c79	15370
wolfSSL	4:1b0d80432c79	15371	/* Add hash/signature algo ID */
wolfSSL	4:1b0d80432c79	15372	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	15373	byte setHash = 0;
wolfSSL	4:1b0d80432c79	15374
wolfSSL	4:1b0d80432c79	15375	output[idx++] = ssl->suites->hashAlgo;
wolfSSL	4:1b0d80432c79	15376	output[idx++] = ssl->suites->sigAlgo;
wolfSSL	4:1b0d80432c79	15377
wolfSSL	4:1b0d80432c79	15378	switch (ssl->suites->hashAlgo) {
wolfSSL	4:1b0d80432c79	15379	case sha512_mac:
wolfSSL	4:1b0d80432c79	15380	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15381	doSha512 = 1;
wolfSSL	4:1b0d80432c79	15382	setHash = 1;
wolfSSL	4:1b0d80432c79	15383	#endif
wolfSSL	4:1b0d80432c79	15384	break;
wolfSSL	4:1b0d80432c79	15385
wolfSSL	4:1b0d80432c79	15386	case sha384_mac:
wolfSSL	4:1b0d80432c79	15387	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15388	doSha384 = 1;
wolfSSL	4:1b0d80432c79	15389	setHash = 1;
wolfSSL	4:1b0d80432c79	15390	#endif
wolfSSL	4:1b0d80432c79	15391	break;
wolfSSL	4:1b0d80432c79	15392
wolfSSL	4:1b0d80432c79	15393	case sha256_mac:
wolfSSL	4:1b0d80432c79	15394	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15395	doSha256 = 1;
wolfSSL	4:1b0d80432c79	15396	setHash = 1;
wolfSSL	4:1b0d80432c79	15397	#endif
wolfSSL	4:1b0d80432c79	15398	break;
wolfSSL	4:1b0d80432c79	15399
wolfSSL	4:1b0d80432c79	15400	case sha_mac:
wolfSSL	4:1b0d80432c79	15401	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15402	doSha = 1;
wolfSSL	4:1b0d80432c79	15403	setHash = 1;
wolfSSL	4:1b0d80432c79	15404	#endif
wolfSSL	4:1b0d80432c79	15405	break;
wolfSSL	4:1b0d80432c79	15406
wolfSSL	4:1b0d80432c79	15407	default:
wolfSSL	4:1b0d80432c79	15408	WOLFSSL_MSG("Bad hash sig algo");
wolfSSL	4:1b0d80432c79	15409	break;
wolfSSL	4:1b0d80432c79	15410	}
wolfSSL	4:1b0d80432c79	15411
wolfSSL	4:1b0d80432c79	15412	if (setHash == 0) {
wolfSSL	4:1b0d80432c79	15413	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15414	return ALGO_ID_E;
wolfSSL	4:1b0d80432c79	15415	}
wolfSSL	4:1b0d80432c79	15416	} else {
wolfSSL	4:1b0d80432c79	15417	/* only using sha and md5 for rsa */
wolfSSL	4:1b0d80432c79	15418	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15419	doSha = 1;
wolfSSL	4:1b0d80432c79	15420	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	15421	doMd5 = 1;
wolfSSL	4:1b0d80432c79	15422	}
wolfSSL	4:1b0d80432c79	15423	#else
wolfSSL	4:1b0d80432c79	15424	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15425	return ALGO_ID_E;
wolfSSL	4:1b0d80432c79	15426	#endif
wolfSSL	4:1b0d80432c79	15427	}
wolfSSL	4:1b0d80432c79	15428
wolfSSL	4:1b0d80432c79	15429	/* signature size */
wolfSSL	4:1b0d80432c79	15430	c16toa((word16)sigSz, output + idx);
wolfSSL	4:1b0d80432c79	15431	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	15432
wolfSSL	4:1b0d80432c79	15433	/* do signature */
wolfSSL	4:1b0d80432c79	15434	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15435	hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
wolfSSL	4:1b0d80432c79	15436	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15437	if (hash == NULL) {
wolfSSL	4:1b0d80432c79	15438	return MEMORY_E; /* No heap commitment before this point,
wolfSSL	4:1b0d80432c79	15439	from now on, the resources are freed
wolfSSL	4:1b0d80432c79	15440	at done_b. */
wolfSSL	4:1b0d80432c79	15441	}
wolfSSL	4:1b0d80432c79	15442	#endif
wolfSSL	4:1b0d80432c79	15443
wolfSSL	4:1b0d80432c79	15444	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15445	/* md5 */
wolfSSL	4:1b0d80432c79	15446	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15447	if (doMd5) {
wolfSSL	4:1b0d80432c79	15448	md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
wolfSSL	4:1b0d80432c79	15449	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15450	if (md5 == NULL) {
wolfSSL	4:1b0d80432c79	15451	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15452	}
wolfSSL	4:1b0d80432c79	15453	}
wolfSSL	4:1b0d80432c79	15454	#endif
wolfSSL	4:1b0d80432c79	15455	if (doMd5) {
wolfSSL	4:1b0d80432c79	15456	wc_InitMd5(md5);
wolfSSL	4:1b0d80432c79	15457	wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	15458	wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	15459	wc_Md5Update(md5, output + preSigIdx, preSigSz);
wolfSSL	4:1b0d80432c79	15460	wc_Md5Final(md5, hash);
wolfSSL	4:1b0d80432c79	15461	}
wolfSSL	4:1b0d80432c79	15462
wolfSSL	4:1b0d80432c79	15463	/* sha */
wolfSSL	4:1b0d80432c79	15464	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15465	if (doSha) {
wolfSSL	4:1b0d80432c79	15466	sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
wolfSSL	4:1b0d80432c79	15467	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15468	if (sha == NULL) {
wolfSSL	4:1b0d80432c79	15469	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15470	}
wolfSSL	4:1b0d80432c79	15471	}
wolfSSL	4:1b0d80432c79	15472	#endif
wolfSSL	4:1b0d80432c79	15473
wolfSSL	4:1b0d80432c79	15474	if (doSha) {
wolfSSL	4:1b0d80432c79	15475	if ((ret = wc_InitSha(sha)) != 0) {
wolfSSL	4:1b0d80432c79	15476	goto done_b;
wolfSSL	4:1b0d80432c79	15477	}
wolfSSL	4:1b0d80432c79	15478	wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	15479	wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	4:1b0d80432c79	15480	wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
wolfSSL	4:1b0d80432c79	15481	wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
wolfSSL	4:1b0d80432c79	15482	}
wolfSSL	4:1b0d80432c79	15483	#endif
wolfSSL	4:1b0d80432c79	15484
wolfSSL	4:1b0d80432c79	15485	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15486	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15487	if (doSha256) {
wolfSSL	4:1b0d80432c79	15488	sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
wolfSSL	4:1b0d80432c79	15489	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15490	hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	15491	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15492	if (sha256 == NULL \|\| hash256 == NULL) {
wolfSSL	4:1b0d80432c79	15493	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15494	}
wolfSSL	4:1b0d80432c79	15495	}
wolfSSL	4:1b0d80432c79	15496	#endif
wolfSSL	4:1b0d80432c79	15497
wolfSSL	4:1b0d80432c79	15498	if (doSha256) {
wolfSSL	4:1b0d80432c79	15499	if (!(ret = wc_InitSha256(sha256))
wolfSSL	4:1b0d80432c79	15500	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	15501	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15502	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	15503	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15504	&& !(ret = wc_Sha256Update(sha256,
wolfSSL	4:1b0d80432c79	15505	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	15506	ret = wc_Sha256Final(sha256, hash256);
wolfSSL	4:1b0d80432c79	15507	}
wolfSSL	4:1b0d80432c79	15508	if (ret != 0) {
wolfSSL	4:1b0d80432c79	15509	goto done_b;
wolfSSL	4:1b0d80432c79	15510	}
wolfSSL	4:1b0d80432c79	15511	}
wolfSSL	4:1b0d80432c79	15512	#endif
wolfSSL	4:1b0d80432c79	15513
wolfSSL	4:1b0d80432c79	15514	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15515	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15516	if (doSha384) {
wolfSSL	4:1b0d80432c79	15517	sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
wolfSSL	4:1b0d80432c79	15518	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15519	hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	15520	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15521	if (sha384 == NULL \|\| hash384 == NULL) {
wolfSSL	4:1b0d80432c79	15522	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15523	}
wolfSSL	4:1b0d80432c79	15524	}
wolfSSL	4:1b0d80432c79	15525	#endif
wolfSSL	4:1b0d80432c79	15526
wolfSSL	4:1b0d80432c79	15527	if (doSha384) {
wolfSSL	4:1b0d80432c79	15528	if (!(ret = wc_InitSha384(sha384))
wolfSSL	4:1b0d80432c79	15529	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	15530	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15531	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	15532	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15533	&& !(ret = wc_Sha384Update(sha384,
wolfSSL	4:1b0d80432c79	15534	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	15535	ret = wc_Sha384Final(sha384, hash384);
wolfSSL	4:1b0d80432c79	15536	}
wolfSSL	4:1b0d80432c79	15537	if (ret != 0) {
wolfSSL	4:1b0d80432c79	15538	goto done_b;
wolfSSL	4:1b0d80432c79	15539	}
wolfSSL	4:1b0d80432c79	15540	}
wolfSSL	4:1b0d80432c79	15541	#endif
wolfSSL	4:1b0d80432c79	15542
wolfSSL	4:1b0d80432c79	15543	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15544	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15545	if (doSha512) {
wolfSSL	4:1b0d80432c79	15546	sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
wolfSSL	4:1b0d80432c79	15547	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15548	hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
wolfSSL	4:1b0d80432c79	15549	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15550	if (sha512 == NULL \|\| hash512 == NULL) {
wolfSSL	4:1b0d80432c79	15551	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15552	}
wolfSSL	4:1b0d80432c79	15553	}
wolfSSL	4:1b0d80432c79	15554	#endif
wolfSSL	4:1b0d80432c79	15555
wolfSSL	4:1b0d80432c79	15556	if (doSha512) {
wolfSSL	4:1b0d80432c79	15557	if (!(ret = wc_InitSha512(sha512))
wolfSSL	4:1b0d80432c79	15558	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	15559	ssl->arrays->clientRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15560	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	15561	ssl->arrays->serverRandom, RAN_LEN))
wolfSSL	4:1b0d80432c79	15562	&& !(ret = wc_Sha512Update(sha512,
wolfSSL	4:1b0d80432c79	15563	output + preSigIdx, preSigSz))) {
wolfSSL	4:1b0d80432c79	15564	ret = wc_Sha512Final(sha512, hash512);
wolfSSL	4:1b0d80432c79	15565	}
wolfSSL	4:1b0d80432c79	15566	if (ret != 0) {
wolfSSL	4:1b0d80432c79	15567	goto done_b;
wolfSSL	4:1b0d80432c79	15568	}
wolfSSL	4:1b0d80432c79	15569	}
wolfSSL	4:1b0d80432c79	15570	#endif
wolfSSL	4:1b0d80432c79	15571
wolfSSL	4:1b0d80432c79	15572	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	15573	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	15574	byte* signBuffer = hash;
wolfSSL	4:1b0d80432c79	15575	word32 signSz = FINISHED_SZ;
wolfSSL	4:1b0d80432c79	15576	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15577	byte* encodedSig = NULL;
wolfSSL	4:1b0d80432c79	15578	#else
wolfSSL	4:1b0d80432c79	15579	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	4:1b0d80432c79	15580	#endif
wolfSSL	4:1b0d80432c79	15581	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	15582
wolfSSL	4:1b0d80432c79	15583	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	15584	if (ssl->ctx->RsaSignCb) {
wolfSSL	4:1b0d80432c79	15585	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	15586	}
wolfSSL	4:1b0d80432c79	15587	#endif
wolfSSL	4:1b0d80432c79	15588
wolfSSL	4:1b0d80432c79	15589	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	15590	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	4:1b0d80432c79	15591	int typeH = SHAh;
wolfSSL	4:1b0d80432c79	15592	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15593
wolfSSL	4:1b0d80432c79	15594	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15595	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL	4:1b0d80432c79	15596	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15597	if (encodedSig == NULL)
wolfSSL	4:1b0d80432c79	15598	ERROR_OUT(MEMORY_E, done_b);
wolfSSL	4:1b0d80432c79	15599	#endif
wolfSSL	4:1b0d80432c79	15600
wolfSSL	4:1b0d80432c79	15601	if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	15602	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15603	digest = hash256;
wolfSSL	4:1b0d80432c79	15604	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	15605	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15606	#endif
wolfSSL	4:1b0d80432c79	15607	}
wolfSSL	4:1b0d80432c79	15608	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	15609	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15610	digest = hash384;
wolfSSL	4:1b0d80432c79	15611	typeH = SHA384h;
wolfSSL	4:1b0d80432c79	15612	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15613	#endif
wolfSSL	4:1b0d80432c79	15614	}
wolfSSL	4:1b0d80432c79	15615	else if (ssl->suites->hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	15616	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15617	digest = hash512;
wolfSSL	4:1b0d80432c79	15618	typeH = SHA512h;
wolfSSL	4:1b0d80432c79	15619	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	15620	#endif
wolfSSL	4:1b0d80432c79	15621	}
wolfSSL	4:1b0d80432c79	15622
wolfSSL	4:1b0d80432c79	15623	if (digest == NULL) {
wolfSSL	4:1b0d80432c79	15624	ret = ALGO_ID_E;
wolfSSL	4:1b0d80432c79	15625	} else {
wolfSSL	4:1b0d80432c79	15626	signSz = wc_EncodeSignature(encodedSig, digest,
wolfSSL	4:1b0d80432c79	15627	digestSz, typeH);
wolfSSL	4:1b0d80432c79	15628	signBuffer = encodedSig;
wolfSSL	4:1b0d80432c79	15629	}
wolfSSL	4:1b0d80432c79	15630	}
wolfSSL	4:1b0d80432c79	15631	if (doUserRsa && ret == 0) {
wolfSSL	4:1b0d80432c79	15632	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	15633	word32 ioLen = sigSz;
wolfSSL	4:1b0d80432c79	15634	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	4:1b0d80432c79	15635	output + idx, &ioLen,
wolfSSL	4:1b0d80432c79	15636	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	15637	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	15638	ssl->RsaSignCtx);
wolfSSL	4:1b0d80432c79	15639	#endif
wolfSSL	4:1b0d80432c79	15640	} else if (ret == 0) {
wolfSSL	4:1b0d80432c79	15641	ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
wolfSSL	4:1b0d80432c79	15642	sigSz, &rsaKey, ssl->rng);
wolfSSL	4:1b0d80432c79	15643	}
wolfSSL	4:1b0d80432c79	15644
wolfSSL	4:1b0d80432c79	15645	if (ret > 0) {
wolfSSL	4:1b0d80432c79	15646	/* check for signature faults */
wolfSSL	4:1b0d80432c79	15647	ret = VerifyRsaSign(output + idx, ret,
wolfSSL	4:1b0d80432c79	15648	signBuffer, signSz, &rsaKey);
wolfSSL	4:1b0d80432c79	15649	}
wolfSSL	4:1b0d80432c79	15650
wolfSSL	4:1b0d80432c79	15651	wc_FreeRsaKey(&rsaKey);
wolfSSL	4:1b0d80432c79	15652
wolfSSL	4:1b0d80432c79	15653	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15654	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15655	#endif
wolfSSL	4:1b0d80432c79	15656	}
wolfSSL	4:1b0d80432c79	15657	#endif
wolfSSL	4:1b0d80432c79	15658
wolfSSL	4:1b0d80432c79	15659	done_b:
wolfSSL	4:1b0d80432c79	15660	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	15661	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15662	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15663	XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15664	#endif
wolfSSL	4:1b0d80432c79	15665	XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15666	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15667	XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15668	XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15669	#endif
wolfSSL	4:1b0d80432c79	15670	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	15671	XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15672	XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15673	#endif
wolfSSL	4:1b0d80432c79	15674	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	15675	XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15676	XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	15677	#endif
wolfSSL	4:1b0d80432c79	15678	#endif
wolfSSL	4:1b0d80432c79	15679
wolfSSL	4:1b0d80432c79	15680	if (ret < 0) {
wolfSSL	4:1b0d80432c79	15681	return ret;
wolfSSL	4:1b0d80432c79	15682	}
wolfSSL	4:1b0d80432c79	15683	}
wolfSSL	4:1b0d80432c79	15684
wolfSSL	4:1b0d80432c79	15685	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	15686	if (ssl->peerQSHKeyPresent) {
wolfSSL	4:1b0d80432c79	15687	if (qshSz > 0) {
wolfSSL	4:1b0d80432c79	15688	idx = sendSz - qshSz;
wolfSSL	4:1b0d80432c79	15689	QSH_KeyExchangeWrite(ssl, 1);
wolfSSL	4:1b0d80432c79	15690
wolfSSL	4:1b0d80432c79	15691	/* extension type */
wolfSSL	4:1b0d80432c79	15692	c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL	4:1b0d80432c79	15693	idx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	15694
wolfSSL	4:1b0d80432c79	15695	/* write to output and check amount written */
wolfSSL	4:1b0d80432c79	15696	if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL	4:1b0d80432c79	15697	> qshSz - OPAQUE16_LEN) {
wolfSSL	4:1b0d80432c79	15698	return MEMORY_E;
wolfSSL	4:1b0d80432c79	15699	}
wolfSSL	4:1b0d80432c79	15700	}
wolfSSL	4:1b0d80432c79	15701	}
wolfSSL	4:1b0d80432c79	15702	#endif
wolfSSL	4:1b0d80432c79	15703
wolfSSL	4:1b0d80432c79	15704	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	15705	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	15706	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL	4:1b0d80432c79	15707	return ret;
wolfSSL	4:1b0d80432c79	15708	}
wolfSSL	4:1b0d80432c79	15709	}
wolfSSL	4:1b0d80432c79	15710	#endif
wolfSSL	4:1b0d80432c79	15711
wolfSSL	4:1b0d80432c79	15712	if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) {
wolfSSL	4:1b0d80432c79	15713	return ret;
wolfSSL	4:1b0d80432c79	15714	}
wolfSSL	4:1b0d80432c79	15715
wolfSSL	4:1b0d80432c79	15716	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	15717	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	15718	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	15719	}
wolfSSL	4:1b0d80432c79	15720	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	15721	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL	4:1b0d80432c79	15722	output, sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	15723	}
wolfSSL	4:1b0d80432c79	15724	#endif
wolfSSL	4:1b0d80432c79	15725
wolfSSL	4:1b0d80432c79	15726	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	15727	if (ssl->options.groupMessages) {
wolfSSL	4:1b0d80432c79	15728	ret = 0;
wolfSSL	4:1b0d80432c79	15729	}
wolfSSL	4:1b0d80432c79	15730	else {
wolfSSL	4:1b0d80432c79	15731	ret = SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	15732	}
wolfSSL	4:1b0d80432c79	15733	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	15734	break;
wolfSSL	4:1b0d80432c79	15735	}
wolfSSL	4:1b0d80432c79	15736	#endif /* NO_DH */
wolfSSL	4:1b0d80432c79	15737	default:
wolfSSL	4:1b0d80432c79	15738	break;
wolfSSL	4:1b0d80432c79	15739	} /* switch(ssl->specs.kea) */
wolfSSL	4:1b0d80432c79	15740
wolfSSL	4:1b0d80432c79	15741	return ret;
wolfSSL	4:1b0d80432c79	15742	#undef ERROR_OUT
wolfSSL	4:1b0d80432c79	15743	}
wolfSSL	4:1b0d80432c79	15744
wolfSSL	4:1b0d80432c79	15745
wolfSSL	4:1b0d80432c79	15746	/* Make sure server cert/key are valid for this suite, true on success */
wolfSSL	4:1b0d80432c79	15747	static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
wolfSSL	4:1b0d80432c79	15748	{
wolfSSL	4:1b0d80432c79	15749	int haveRSA = !ssl->options.haveStaticECC;
wolfSSL	4:1b0d80432c79	15750	int havePSK = 0;
wolfSSL	4:1b0d80432c79	15751	byte first;
wolfSSL	4:1b0d80432c79	15752	byte second;
wolfSSL	4:1b0d80432c79	15753
wolfSSL	4:1b0d80432c79	15754	WOLFSSL_ENTER("VerifyServerSuite");
wolfSSL	4:1b0d80432c79	15755
wolfSSL	4:1b0d80432c79	15756	if (ssl->suites == NULL) {
wolfSSL	4:1b0d80432c79	15757	WOLFSSL_MSG("Suites pointer error");
wolfSSL	4:1b0d80432c79	15758	return 0;
wolfSSL	4:1b0d80432c79	15759	}
wolfSSL	4:1b0d80432c79	15760
wolfSSL	4:1b0d80432c79	15761	first = ssl->suites->suites[idx];
wolfSSL	4:1b0d80432c79	15762	second = ssl->suites->suites[idx+1];
wolfSSL	4:1b0d80432c79	15763
wolfSSL	4:1b0d80432c79	15764	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	15765	havePSK = ssl->options.havePSK;
wolfSSL	4:1b0d80432c79	15766	#endif
wolfSSL	4:1b0d80432c79	15767
wolfSSL	4:1b0d80432c79	15768	if (ssl->options.haveNTRU)
wolfSSL	4:1b0d80432c79	15769	haveRSA = 0;
wolfSSL	4:1b0d80432c79	15770
wolfSSL	4:1b0d80432c79	15771	if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL	4:1b0d80432c79	15772	WOLFSSL_MSG("Requires RSA");
wolfSSL	4:1b0d80432c79	15773	if (haveRSA == 0) {
wolfSSL	4:1b0d80432c79	15774	WOLFSSL_MSG("Don't have RSA");
wolfSSL	4:1b0d80432c79	15775	return 0;
wolfSSL	4:1b0d80432c79	15776	}
wolfSSL	4:1b0d80432c79	15777	}
wolfSSL	4:1b0d80432c79	15778
wolfSSL	4:1b0d80432c79	15779	if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL	4:1b0d80432c79	15780	WOLFSSL_MSG("Requires DHE");
wolfSSL	4:1b0d80432c79	15781	if (ssl->options.haveDH == 0) {
wolfSSL	4:1b0d80432c79	15782	WOLFSSL_MSG("Don't have DHE");
wolfSSL	4:1b0d80432c79	15783	return 0;
wolfSSL	4:1b0d80432c79	15784	}
wolfSSL	4:1b0d80432c79	15785	}
wolfSSL	4:1b0d80432c79	15786
wolfSSL	4:1b0d80432c79	15787	if (CipherRequires(first, second, REQUIRES_ECC)) {
wolfSSL	4:1b0d80432c79	15788	WOLFSSL_MSG("Requires ECC");
wolfSSL	4:1b0d80432c79	15789	if (ssl->options.haveECC == 0) {
wolfSSL	4:1b0d80432c79	15790	WOLFSSL_MSG("Don't have ECC");
wolfSSL	4:1b0d80432c79	15791	return 0;
wolfSSL	4:1b0d80432c79	15792	}
wolfSSL	4:1b0d80432c79	15793	}
wolfSSL	4:1b0d80432c79	15794
wolfSSL	4:1b0d80432c79	15795	if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL	4:1b0d80432c79	15796	WOLFSSL_MSG("Requires static ECC");
wolfSSL	4:1b0d80432c79	15797	if (ssl->options.haveStaticECC == 0) {
wolfSSL	4:1b0d80432c79	15798	WOLFSSL_MSG("Don't have static ECC");
wolfSSL	4:1b0d80432c79	15799	return 0;
wolfSSL	4:1b0d80432c79	15800	}
wolfSSL	4:1b0d80432c79	15801	}
wolfSSL	4:1b0d80432c79	15802
wolfSSL	4:1b0d80432c79	15803	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	4:1b0d80432c79	15804	WOLFSSL_MSG("Requires PSK");
wolfSSL	4:1b0d80432c79	15805	if (havePSK == 0) {
wolfSSL	4:1b0d80432c79	15806	WOLFSSL_MSG("Don't have PSK");
wolfSSL	4:1b0d80432c79	15807	return 0;
wolfSSL	4:1b0d80432c79	15808	}
wolfSSL	4:1b0d80432c79	15809	}
wolfSSL	4:1b0d80432c79	15810
wolfSSL	4:1b0d80432c79	15811	if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL	4:1b0d80432c79	15812	WOLFSSL_MSG("Requires NTRU");
wolfSSL	4:1b0d80432c79	15813	if (ssl->options.haveNTRU == 0) {
wolfSSL	4:1b0d80432c79	15814	WOLFSSL_MSG("Don't have NTRU");
wolfSSL	4:1b0d80432c79	15815	return 0;
wolfSSL	4:1b0d80432c79	15816	}
wolfSSL	4:1b0d80432c79	15817	}
wolfSSL	4:1b0d80432c79	15818
wolfSSL	4:1b0d80432c79	15819	if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL	4:1b0d80432c79	15820	WOLFSSL_MSG("Requires RSA Signature");
wolfSSL	4:1b0d80432c79	15821	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	4:1b0d80432c79	15822	ssl->options.haveECDSAsig == 1) {
wolfSSL	4:1b0d80432c79	15823	WOLFSSL_MSG("Don't have RSA Signature");
wolfSSL	4:1b0d80432c79	15824	return 0;
wolfSSL	4:1b0d80432c79	15825	}
wolfSSL	4:1b0d80432c79	15826	}
wolfSSL	4:1b0d80432c79	15827
wolfSSL	4:1b0d80432c79	15828	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	4:1b0d80432c79	15829	if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
wolfSSL	4:1b0d80432c79	15830	WOLFSSL_MSG("Don't have matching curves");
wolfSSL	4:1b0d80432c79	15831	return 0;
wolfSSL	4:1b0d80432c79	15832	}
wolfSSL	4:1b0d80432c79	15833	#endif
wolfSSL	4:1b0d80432c79	15834
wolfSSL	4:1b0d80432c79	15835	/* ECCDHE is always supported if ECC on */
wolfSSL	4:1b0d80432c79	15836
wolfSSL	4:1b0d80432c79	15837	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	15838	/* need to negotiate a classic suite in addition to TLS_QSH */
wolfSSL	4:1b0d80432c79	15839	if (first == QSH_BYTE && second == TLS_QSH) {
wolfSSL	4:1b0d80432c79	15840	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	4:1b0d80432c79	15841	ssl->options.haveQSH = 1; /* matched TLS_QSH */
wolfSSL	4:1b0d80432c79	15842	}
wolfSSL	4:1b0d80432c79	15843	else {
wolfSSL	4:1b0d80432c79	15844	WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
wolfSSL	4:1b0d80432c79	15845	}
wolfSSL	4:1b0d80432c79	15846	return 0;
wolfSSL	4:1b0d80432c79	15847	}
wolfSSL	4:1b0d80432c79	15848	#endif
wolfSSL	4:1b0d80432c79	15849
wolfSSL	4:1b0d80432c79	15850	return 1;
wolfSSL	4:1b0d80432c79	15851	}
wolfSSL	4:1b0d80432c79	15852
wolfSSL	4:1b0d80432c79	15853	#ifndef NO_WOLFSSL_SERVER
wolfSSL	4:1b0d80432c79	15854	static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
wolfSSL	4:1b0d80432c79	15855	{
wolfSSL	4:1b0d80432c79	15856	word16 i, j;
wolfSSL	4:1b0d80432c79	15857
wolfSSL	4:1b0d80432c79	15858	WOLFSSL_ENTER("MatchSuite");
wolfSSL	4:1b0d80432c79	15859
wolfSSL	4:1b0d80432c79	15860	/* & 0x1 equivalent % 2 */
wolfSSL	4:1b0d80432c79	15861	if (peerSuites->suiteSz == 0 \|\| peerSuites->suiteSz & 0x1)
wolfSSL	4:1b0d80432c79	15862	return MATCH_SUITE_ERROR;
wolfSSL	4:1b0d80432c79	15863
wolfSSL	4:1b0d80432c79	15864	if (ssl->suites == NULL)
wolfSSL	4:1b0d80432c79	15865	return SUITES_ERROR;
wolfSSL	4:1b0d80432c79	15866	/* start with best, if a match we are good */
wolfSSL	4:1b0d80432c79	15867	for (i = 0; i < ssl->suites->suiteSz; i += 2)
wolfSSL	4:1b0d80432c79	15868	for (j = 0; j < peerSuites->suiteSz; j += 2)
wolfSSL	4:1b0d80432c79	15869	if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL	4:1b0d80432c79	15870	ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL	4:1b0d80432c79	15871
wolfSSL	4:1b0d80432c79	15872	if (VerifyServerSuite(ssl, i)) {
wolfSSL	4:1b0d80432c79	15873	int result;
wolfSSL	4:1b0d80432c79	15874	WOLFSSL_MSG("Verified suite validity");
wolfSSL	4:1b0d80432c79	15875	ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL	4:1b0d80432c79	15876	ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL	4:1b0d80432c79	15877	result = SetCipherSpecs(ssl);
wolfSSL	4:1b0d80432c79	15878	if (result == 0)
wolfSSL	4:1b0d80432c79	15879	PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL	4:1b0d80432c79	15880	peerSuites->hashSigAlgoSz);
wolfSSL	4:1b0d80432c79	15881	return result;
wolfSSL	4:1b0d80432c79	15882	}
wolfSSL	4:1b0d80432c79	15883	else {
wolfSSL	4:1b0d80432c79	15884	WOLFSSL_MSG("Could not verify suite validity, continue");
wolfSSL	4:1b0d80432c79	15885	}
wolfSSL	4:1b0d80432c79	15886	}
wolfSSL	4:1b0d80432c79	15887
wolfSSL	4:1b0d80432c79	15888	return MATCH_SUITE_ERROR;
wolfSSL	4:1b0d80432c79	15889	}
wolfSSL	4:1b0d80432c79	15890	#endif
wolfSSL	4:1b0d80432c79	15891
wolfSSL	4:1b0d80432c79	15892	#ifdef OLD_HELLO_ALLOWED
wolfSSL	4:1b0d80432c79	15893
wolfSSL	4:1b0d80432c79	15894	/* process old style client hello, deprecate? */
wolfSSL	4:1b0d80432c79	15895	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	15896	word32 inSz, word16 sz)
wolfSSL	4:1b0d80432c79	15897	{
wolfSSL	4:1b0d80432c79	15898	word32 idx = *inOutIdx;
wolfSSL	4:1b0d80432c79	15899	word16 sessionSz;
wolfSSL	4:1b0d80432c79	15900	word16 randomSz;
wolfSSL	4:1b0d80432c79	15901	word16 i, j;
wolfSSL	4:1b0d80432c79	15902	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	15903	Suites clSuites;
wolfSSL	4:1b0d80432c79	15904
wolfSSL	4:1b0d80432c79	15905	(void)inSz;
wolfSSL	4:1b0d80432c79	15906	WOLFSSL_MSG("Got old format client hello");
wolfSSL	4:1b0d80432c79	15907	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	15908	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	15909	AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	15910	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	15911	AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	15912	#endif
wolfSSL	4:1b0d80432c79	15913
wolfSSL	4:1b0d80432c79	15914	/* manually hash input since different format */
wolfSSL	4:1b0d80432c79	15915	#ifndef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	15916	#ifndef NO_MD5
wolfSSL	4:1b0d80432c79	15917	wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
wolfSSL	4:1b0d80432c79	15918	#endif
wolfSSL	4:1b0d80432c79	15919	#ifndef NO_SHA
wolfSSL	4:1b0d80432c79	15920	wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
wolfSSL	4:1b0d80432c79	15921	#endif
wolfSSL	4:1b0d80432c79	15922	#endif
wolfSSL	4:1b0d80432c79	15923	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	15924	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	15925	int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
wolfSSL	4:1b0d80432c79	15926	input + idx, sz);
wolfSSL	4:1b0d80432c79	15927	if (shaRet != 0)
wolfSSL	4:1b0d80432c79	15928	return shaRet;
wolfSSL	4:1b0d80432c79	15929	}
wolfSSL	4:1b0d80432c79	15930	#endif
wolfSSL	4:1b0d80432c79	15931
wolfSSL	4:1b0d80432c79	15932	/* does this value mean client_hello? */
wolfSSL	4:1b0d80432c79	15933	idx++;
wolfSSL	4:1b0d80432c79	15934
wolfSSL	4:1b0d80432c79	15935	/* version */
wolfSSL	4:1b0d80432c79	15936	pv.major = input[idx++];
wolfSSL	4:1b0d80432c79	15937	pv.minor = input[idx++];
wolfSSL	4:1b0d80432c79	15938	ssl->chVersion = pv; /* store */
wolfSSL	4:1b0d80432c79	15939
wolfSSL	4:1b0d80432c79	15940	if (ssl->version.minor > pv.minor) {
wolfSSL	4:1b0d80432c79	15941	byte haveRSA = 0;
wolfSSL	4:1b0d80432c79	15942	byte havePSK = 0;
wolfSSL	4:1b0d80432c79	15943	if (!ssl->options.downgrade) {
wolfSSL	4:1b0d80432c79	15944	WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL	4:1b0d80432c79	15945	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	15946	}
wolfSSL	4:1b0d80432c79	15947	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	4:1b0d80432c79	15948	WOLFSSL_MSG(" version below minimum allowed, fatal error");
wolfSSL	4:1b0d80432c79	15949	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	15950	}
wolfSSL	4:1b0d80432c79	15951	if (pv.minor == SSLv3_MINOR) {
wolfSSL	4:1b0d80432c79	15952	/* turn off tls */
wolfSSL	4:1b0d80432c79	15953	WOLFSSL_MSG(" downgrading to SSLv3");
wolfSSL	4:1b0d80432c79	15954	ssl->options.tls = 0;
wolfSSL	4:1b0d80432c79	15955	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	15956	ssl->version.minor = SSLv3_MINOR;
wolfSSL	4:1b0d80432c79	15957	}
wolfSSL	4:1b0d80432c79	15958	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	4:1b0d80432c79	15959	WOLFSSL_MSG(" downgrading to TLSv1");
wolfSSL	4:1b0d80432c79	15960	/* turn off tls 1.1+ */
wolfSSL	4:1b0d80432c79	15961	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	15962	ssl->version.minor = TLSv1_MINOR;
wolfSSL	4:1b0d80432c79	15963	}
wolfSSL	4:1b0d80432c79	15964	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	4:1b0d80432c79	15965	WOLFSSL_MSG(" downgrading to TLSv1.1");
wolfSSL	4:1b0d80432c79	15966	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	4:1b0d80432c79	15967	}
wolfSSL	4:1b0d80432c79	15968	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	15969	haveRSA = 1;
wolfSSL	4:1b0d80432c79	15970	#endif
wolfSSL	4:1b0d80432c79	15971	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	15972	havePSK = ssl->options.havePSK;
wolfSSL	4:1b0d80432c79	15973	#endif
wolfSSL	4:1b0d80432c79	15974
wolfSSL	4:1b0d80432c79	15975	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	4:1b0d80432c79	15976	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	4:1b0d80432c79	15977	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	4:1b0d80432c79	15978	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	4:1b0d80432c79	15979	}
wolfSSL	4:1b0d80432c79	15980
wolfSSL	4:1b0d80432c79	15981	/* suite size */
wolfSSL	4:1b0d80432c79	15982	ato16(&input[idx], &clSuites.suiteSz);
wolfSSL	4:1b0d80432c79	15983	idx += 2;
wolfSSL	4:1b0d80432c79	15984
wolfSSL	4:1b0d80432c79	15985	if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL	4:1b0d80432c79	15986	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	15987	clSuites.hashSigAlgoSz = 0;
wolfSSL	4:1b0d80432c79	15988
wolfSSL	4:1b0d80432c79	15989	/* session size */
wolfSSL	4:1b0d80432c79	15990	ato16(&input[idx], &sessionSz);
wolfSSL	4:1b0d80432c79	15991	idx += 2;
wolfSSL	4:1b0d80432c79	15992
wolfSSL	4:1b0d80432c79	15993	if (sessionSz > ID_LEN)
wolfSSL	4:1b0d80432c79	15994	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	15995
wolfSSL	4:1b0d80432c79	15996	/* random size */
wolfSSL	4:1b0d80432c79	15997	ato16(&input[idx], &randomSz);
wolfSSL	4:1b0d80432c79	15998	idx += 2;
wolfSSL	4:1b0d80432c79	15999
wolfSSL	4:1b0d80432c79	16000	if (randomSz > RAN_LEN)
wolfSSL	4:1b0d80432c79	16001	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16002
wolfSSL	4:1b0d80432c79	16003	/* suites */
wolfSSL	4:1b0d80432c79	16004	for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL	4:1b0d80432c79	16005	byte first = input[idx++];
wolfSSL	4:1b0d80432c79	16006	if (!first) { /* implicit: skip sslv2 type */
wolfSSL	4:1b0d80432c79	16007	XMEMCPY(&clSuites.suites[j], &input[idx], 2);
wolfSSL	4:1b0d80432c79	16008	j += 2;
wolfSSL	4:1b0d80432c79	16009	}
wolfSSL	4:1b0d80432c79	16010	idx += 2;
wolfSSL	4:1b0d80432c79	16011	}
wolfSSL	4:1b0d80432c79	16012	clSuites.suiteSz = j;
wolfSSL	4:1b0d80432c79	16013
wolfSSL	4:1b0d80432c79	16014	/* session id */
wolfSSL	4:1b0d80432c79	16015	if (sessionSz) {
wolfSSL	4:1b0d80432c79	16016	XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL	4:1b0d80432c79	16017	ssl->arrays->sessionIDSz = (byte)sessionSz;
wolfSSL	4:1b0d80432c79	16018	idx += sessionSz;
wolfSSL	4:1b0d80432c79	16019	ssl->options.resuming = 1;
wolfSSL	4:1b0d80432c79	16020	}
wolfSSL	4:1b0d80432c79	16021
wolfSSL	4:1b0d80432c79	16022	/* random */
wolfSSL	4:1b0d80432c79	16023	if (randomSz < RAN_LEN)
wolfSSL	4:1b0d80432c79	16024	XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL	4:1b0d80432c79	16025	XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL	4:1b0d80432c79	16026	randomSz);
wolfSSL	4:1b0d80432c79	16027	idx += randomSz;
wolfSSL	4:1b0d80432c79	16028
wolfSSL	4:1b0d80432c79	16029	if (ssl->options.usingCompression)
wolfSSL	4:1b0d80432c79	16030	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	4:1b0d80432c79	16031
wolfSSL	4:1b0d80432c79	16032	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	4:1b0d80432c79	16033	*inOutIdx = idx;
wolfSSL	4:1b0d80432c79	16034
wolfSSL	4:1b0d80432c79	16035	ssl->options.haveSessionId = 1;
wolfSSL	4:1b0d80432c79	16036	/* DoClientHello uses same resume code */
wolfSSL	4:1b0d80432c79	16037	if (ssl->options.resuming) { /* let's try */
wolfSSL	4:1b0d80432c79	16038	int ret = -1;
wolfSSL	4:1b0d80432c79	16039	WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL	4:1b0d80432c79	16040	ssl->arrays->masterSecret);
wolfSSL	4:1b0d80432c79	16041	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	16042	if (ssl->options.useTicket == 1) {
wolfSSL	4:1b0d80432c79	16043	session = &ssl->session;
wolfSSL	4:1b0d80432c79	16044	}
wolfSSL	4:1b0d80432c79	16045	#endif
wolfSSL	4:1b0d80432c79	16046
wolfSSL	4:1b0d80432c79	16047	if (!session) {
wolfSSL	4:1b0d80432c79	16048	WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL	4:1b0d80432c79	16049	ssl->options.resuming = 0;
wolfSSL	4:1b0d80432c79	16050	} else {
wolfSSL	4:1b0d80432c79	16051	if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL	4:1b0d80432c79	16052	WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL	4:1b0d80432c79	16053	return UNSUPPORTED_SUITE;
wolfSSL	4:1b0d80432c79	16054	}
wolfSSL	4:1b0d80432c79	16055	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	16056	ssl->session = session; / restore session certs. */
wolfSSL	4:1b0d80432c79	16057	#endif
wolfSSL	4:1b0d80432c79	16058
wolfSSL	4:1b0d80432c79	16059	ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	16060	RAN_LEN);
wolfSSL	4:1b0d80432c79	16061	if (ret != 0)
wolfSSL	4:1b0d80432c79	16062	return ret;
wolfSSL	4:1b0d80432c79	16063
wolfSSL	4:1b0d80432c79	16064	#ifdef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	16065	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	16066	#else
wolfSSL	4:1b0d80432c79	16067	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	16068	if (ssl->options.tls)
wolfSSL	4:1b0d80432c79	16069	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	16070	#endif
wolfSSL	4:1b0d80432c79	16071	if (!ssl->options.tls)
wolfSSL	4:1b0d80432c79	16072	ret = DeriveKeys(ssl);
wolfSSL	4:1b0d80432c79	16073	#endif
wolfSSL	4:1b0d80432c79	16074	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	16075
wolfSSL	4:1b0d80432c79	16076	return ret;
wolfSSL	4:1b0d80432c79	16077	}
wolfSSL	4:1b0d80432c79	16078	}
wolfSSL	4:1b0d80432c79	16079
wolfSSL	4:1b0d80432c79	16080	return MatchSuite(ssl, &clSuites);
wolfSSL	4:1b0d80432c79	16081	}
wolfSSL	4:1b0d80432c79	16082
wolfSSL	4:1b0d80432c79	16083	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	4:1b0d80432c79	16084
wolfSSL	4:1b0d80432c79	16085
wolfSSL	4:1b0d80432c79	16086	static int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	16087	word32 helloSz)
wolfSSL	4:1b0d80432c79	16088	{
wolfSSL	4:1b0d80432c79	16089	byte b;
wolfSSL	4:1b0d80432c79	16090	ProtocolVersion pv;
wolfSSL	4:1b0d80432c79	16091	Suites clSuites;
wolfSSL	4:1b0d80432c79	16092	word32 i = *inOutIdx;
wolfSSL	4:1b0d80432c79	16093	word32 begin = i;
wolfSSL	4:1b0d80432c79	16094	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16095	Hmac cookieHmac;
wolfSSL	4:1b0d80432c79	16096	byte peerCookie[MAX_COOKIE_LEN];
wolfSSL	4:1b0d80432c79	16097	byte peerCookieSz = 0;
wolfSSL	4:1b0d80432c79	16098	byte cookieType;
wolfSSL	4:1b0d80432c79	16099	byte cookieSz;
wolfSSL	4:1b0d80432c79	16100	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16101
wolfSSL	4:1b0d80432c79	16102	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	16103	if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	16104	if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	16105	#endif
wolfSSL	4:1b0d80432c79	16106
wolfSSL	4:1b0d80432c79	16107	/* protocol version, random and session id length check */
wolfSSL	4:1b0d80432c79	16108	if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16109	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16110
wolfSSL	4:1b0d80432c79	16111	/* protocol version */
wolfSSL	4:1b0d80432c79	16112	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	16113	ssl->chVersion = pv; /* store */
wolfSSL	4:1b0d80432c79	16114	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16115	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16116	int ret;
wolfSSL	4:1b0d80432c79	16117	#if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	16118	#error "DTLS needs either SHA or SHA-256"
wolfSSL	4:1b0d80432c79	16119	#endif /* NO_SHA && NO_SHA256 */
wolfSSL	4:1b0d80432c79	16120
wolfSSL	4:1b0d80432c79	16121	#if !defined(NO_SHA) && defined(NO_SHA256)
wolfSSL	4:1b0d80432c79	16122	cookieType = SHA;
wolfSSL	4:1b0d80432c79	16123	cookieSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16124	#endif /* NO_SHA */
wolfSSL	4:1b0d80432c79	16125	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	16126	cookieType = SHA256;
wolfSSL	4:1b0d80432c79	16127	cookieSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16128	#endif /* NO_SHA256 */
wolfSSL	4:1b0d80432c79	16129	ret = wc_HmacSetKey(&cookieHmac, cookieType,
wolfSSL	4:1b0d80432c79	16130	ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL	4:1b0d80432c79	16131	ssl->buffers.dtlsCookieSecret.length);
wolfSSL	4:1b0d80432c79	16132	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16133	ret = wc_HmacUpdate(&cookieHmac,
wolfSSL	4:1b0d80432c79	16134	ssl->buffers.dtlsCtx.peer.sa,
wolfSSL	4:1b0d80432c79	16135	ssl->buffers.dtlsCtx.peer.sz);
wolfSSL	4:1b0d80432c79	16136	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16137	ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	16138	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16139	}
wolfSSL	4:1b0d80432c79	16140	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16141	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16142
wolfSSL	4:1b0d80432c79	16143	if ((!ssl->options.dtls && ssl->version.minor > pv.minor) \|\|
wolfSSL	4:1b0d80432c79	16144	(ssl->options.dtls && ssl->version.minor != DTLS_MINOR
wolfSSL	4:1b0d80432c79	16145	&& ssl->version.minor != DTLSv1_2_MINOR && pv.minor != DTLS_MINOR
wolfSSL	4:1b0d80432c79	16146	&& pv.minor != DTLSv1_2_MINOR)) {
wolfSSL	4:1b0d80432c79	16147
wolfSSL	4:1b0d80432c79	16148	word16 haveRSA = 0;
wolfSSL	4:1b0d80432c79	16149	word16 havePSK = 0;
wolfSSL	4:1b0d80432c79	16150
wolfSSL	4:1b0d80432c79	16151	if (!ssl->options.downgrade) {
wolfSSL	4:1b0d80432c79	16152	WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL	4:1b0d80432c79	16153	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	16154	}
wolfSSL	4:1b0d80432c79	16155	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	4:1b0d80432c79	16156	WOLFSSL_MSG(" version below minimum allowed, fatal error");
wolfSSL	4:1b0d80432c79	16157	return VERSION_ERROR;
wolfSSL	4:1b0d80432c79	16158	}
wolfSSL	4:1b0d80432c79	16159
wolfSSL	4:1b0d80432c79	16160	if (pv.minor == SSLv3_MINOR) {
wolfSSL	4:1b0d80432c79	16161	/* turn off tls */
wolfSSL	4:1b0d80432c79	16162	WOLFSSL_MSG(" downgrading to SSLv3");
wolfSSL	4:1b0d80432c79	16163	ssl->options.tls = 0;
wolfSSL	4:1b0d80432c79	16164	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	16165	ssl->version.minor = SSLv3_MINOR;
wolfSSL	4:1b0d80432c79	16166	}
wolfSSL	4:1b0d80432c79	16167	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	4:1b0d80432c79	16168	/* turn off tls 1.1+ */
wolfSSL	4:1b0d80432c79	16169	WOLFSSL_MSG(" downgrading to TLSv1");
wolfSSL	4:1b0d80432c79	16170	ssl->options.tls1_1 = 0;
wolfSSL	4:1b0d80432c79	16171	ssl->version.minor = TLSv1_MINOR;
wolfSSL	4:1b0d80432c79	16172	}
wolfSSL	4:1b0d80432c79	16173	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	4:1b0d80432c79	16174	WOLFSSL_MSG(" downgrading to TLSv1.1");
wolfSSL	4:1b0d80432c79	16175	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	4:1b0d80432c79	16176	}
wolfSSL	4:1b0d80432c79	16177	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	16178	haveRSA = 1;
wolfSSL	4:1b0d80432c79	16179	#endif
wolfSSL	4:1b0d80432c79	16180	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	16181	havePSK = ssl->options.havePSK;
wolfSSL	4:1b0d80432c79	16182	#endif
wolfSSL	4:1b0d80432c79	16183	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	4:1b0d80432c79	16184	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	4:1b0d80432c79	16185	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	4:1b0d80432c79	16186	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	4:1b0d80432c79	16187	}
wolfSSL	4:1b0d80432c79	16188
wolfSSL	4:1b0d80432c79	16189	/* random */
wolfSSL	4:1b0d80432c79	16190	XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL	4:1b0d80432c79	16191	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16192	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16193	int ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
wolfSSL	4:1b0d80432c79	16194	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16195	}
wolfSSL	4:1b0d80432c79	16196	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16197	i += RAN_LEN;
wolfSSL	4:1b0d80432c79	16198
wolfSSL	4:1b0d80432c79	16199	#ifdef SHOW_SECRETS
wolfSSL	4:1b0d80432c79	16200	{
wolfSSL	4:1b0d80432c79	16201	int j;
wolfSSL	4:1b0d80432c79	16202	printf("client random: ");
wolfSSL	4:1b0d80432c79	16203	for (j = 0; j < RAN_LEN; j++)
wolfSSL	4:1b0d80432c79	16204	printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL	4:1b0d80432c79	16205	printf("\n");
wolfSSL	4:1b0d80432c79	16206	}
wolfSSL	4:1b0d80432c79	16207	#endif
wolfSSL	4:1b0d80432c79	16208
wolfSSL	4:1b0d80432c79	16209	/* session id */
wolfSSL	4:1b0d80432c79	16210	b = input[i++];
wolfSSL	4:1b0d80432c79	16211
wolfSSL	4:1b0d80432c79	16212	if (b == ID_LEN) {
wolfSSL	4:1b0d80432c79	16213	if ((i - begin) + ID_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16214	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16215
wolfSSL	4:1b0d80432c79	16216	XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
wolfSSL	4:1b0d80432c79	16217	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16218	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16219	int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, ID_LEN + 1);
wolfSSL	4:1b0d80432c79	16220	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16221	}
wolfSSL	4:1b0d80432c79	16222	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16223	ssl->arrays->sessionIDSz = ID_LEN;
wolfSSL	4:1b0d80432c79	16224	i += ID_LEN;
wolfSSL	4:1b0d80432c79	16225	ssl->options.resuming = 1; /* client wants to resume */
wolfSSL	4:1b0d80432c79	16226	WOLFSSL_MSG("Client wants to resume session");
wolfSSL	4:1b0d80432c79	16227	}
wolfSSL	4:1b0d80432c79	16228	else if (b) {
wolfSSL	4:1b0d80432c79	16229	WOLFSSL_MSG("Invalid session ID size");
wolfSSL	4:1b0d80432c79	16230	return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL	4:1b0d80432c79	16231	}
wolfSSL	4:1b0d80432c79	16232
wolfSSL	4:1b0d80432c79	16233	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16234	/* cookie */
wolfSSL	4:1b0d80432c79	16235	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16236
wolfSSL	4:1b0d80432c79	16237	if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16238	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16239
wolfSSL	4:1b0d80432c79	16240	peerCookieSz = input[i++];
wolfSSL	4:1b0d80432c79	16241
wolfSSL	4:1b0d80432c79	16242	if (peerCookieSz) {
wolfSSL	4:1b0d80432c79	16243	if (peerCookieSz > MAX_COOKIE_LEN)
wolfSSL	4:1b0d80432c79	16244	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16245
wolfSSL	4:1b0d80432c79	16246	if ((i - begin) + peerCookieSz > helloSz)
wolfSSL	4:1b0d80432c79	16247	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16248
wolfSSL	4:1b0d80432c79	16249	XMEMCPY(peerCookie, input + i, peerCookieSz);
wolfSSL	4:1b0d80432c79	16250
wolfSSL	4:1b0d80432c79	16251	i += peerCookieSz;
wolfSSL	4:1b0d80432c79	16252	}
wolfSSL	4:1b0d80432c79	16253	}
wolfSSL	4:1b0d80432c79	16254	#endif
wolfSSL	4:1b0d80432c79	16255
wolfSSL	4:1b0d80432c79	16256	/* suites */
wolfSSL	4:1b0d80432c79	16257	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16258	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16259
wolfSSL	4:1b0d80432c79	16260	ato16(&input[i], &clSuites.suiteSz);
wolfSSL	4:1b0d80432c79	16261	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16262
wolfSSL	4:1b0d80432c79	16263	/* suites and compression length check */
wolfSSL	4:1b0d80432c79	16264	if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16265	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16266
wolfSSL	4:1b0d80432c79	16267	if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL	4:1b0d80432c79	16268	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16269
wolfSSL	4:1b0d80432c79	16270	XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL	4:1b0d80432c79	16271	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16272	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16273	int ret = wc_HmacUpdate(&cookieHmac,
wolfSSL	4:1b0d80432c79	16274	input + i - OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	16275	clSuites.suiteSz + OPAQUE16_LEN);
wolfSSL	4:1b0d80432c79	16276	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16277	}
wolfSSL	4:1b0d80432c79	16278	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16279	i += clSuites.suiteSz;
wolfSSL	4:1b0d80432c79	16280	clSuites.hashSigAlgoSz = 0;
wolfSSL	4:1b0d80432c79	16281
wolfSSL	4:1b0d80432c79	16282	/* compression length */
wolfSSL	4:1b0d80432c79	16283	b = input[i++];
wolfSSL	4:1b0d80432c79	16284
wolfSSL	4:1b0d80432c79	16285	if ((i - begin) + b > helloSz)
wolfSSL	4:1b0d80432c79	16286	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16287
wolfSSL	4:1b0d80432c79	16288	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16289	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16290	byte newCookie[MAX_COOKIE_LEN];
wolfSSL	4:1b0d80432c79	16291	int ret;
wolfSSL	4:1b0d80432c79	16292
wolfSSL	4:1b0d80432c79	16293	ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL	4:1b0d80432c79	16294	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16295	ret = wc_HmacFinal(&cookieHmac, newCookie);
wolfSSL	4:1b0d80432c79	16296	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16297
wolfSSL	4:1b0d80432c79	16298	/* If a cookie callback is set, call it to overwrite the cookie.
wolfSSL	4:1b0d80432c79	16299	* This should be deprecated. The code now calculates the cookie
wolfSSL	4:1b0d80432c79	16300	* using an HMAC as expected. */
wolfSSL	4:1b0d80432c79	16301	if (ssl->ctx->CBIOCookie != NULL &&
wolfSSL	4:1b0d80432c79	16302	ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
wolfSSL	4:1b0d80432c79	16303	ssl->IOCB_CookieCtx) != cookieSz) {
wolfSSL	4:1b0d80432c79	16304	return COOKIE_ERROR;
wolfSSL	4:1b0d80432c79	16305	}
wolfSSL	4:1b0d80432c79	16306
wolfSSL	4:1b0d80432c79	16307	/* Check the cookie, see if we progress the state machine. */
wolfSSL	4:1b0d80432c79	16308	if (peerCookieSz != cookieSz \|\|
wolfSSL	4:1b0d80432c79	16309	XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
wolfSSL	4:1b0d80432c79	16310
wolfSSL	4:1b0d80432c79	16311	/* Send newCookie to client in a HelloVerifyRequest message
wolfSSL	4:1b0d80432c79	16312	* and let the state machine alone. */
wolfSSL	4:1b0d80432c79	16313	ssl->msgsReceived.got_client_hello = 0;
wolfSSL	4:1b0d80432c79	16314	ssl->keys.dtls_handshake_number = 0;
wolfSSL	4:1b0d80432c79	16315	ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL	4:1b0d80432c79	16316	*inOutIdx += helloSz;
wolfSSL	4:1b0d80432c79	16317	return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
wolfSSL	4:1b0d80432c79	16318	}
wolfSSL	4:1b0d80432c79	16319
wolfSSL	4:1b0d80432c79	16320	/* This was skipped in the DTLS case so we could handle the hello
wolfSSL	4:1b0d80432c79	16321	* verify request. */
wolfSSL	4:1b0d80432c79	16322	ret = HashInput(ssl, input + *inOutIdx, helloSz);
wolfSSL	4:1b0d80432c79	16323	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16324	}
wolfSSL	4:1b0d80432c79	16325	#endif /* WOLFSSL_DTLS */
wolfSSL	4:1b0d80432c79	16326
wolfSSL	4:1b0d80432c79	16327	if (ssl->options.usingCompression) {
wolfSSL	4:1b0d80432c79	16328	int match = 0;
wolfSSL	4:1b0d80432c79	16329
wolfSSL	4:1b0d80432c79	16330	while (b--) {
wolfSSL	4:1b0d80432c79	16331	byte comp = input[i++];
wolfSSL	4:1b0d80432c79	16332
wolfSSL	4:1b0d80432c79	16333	if (comp == ZLIB_COMPRESSION)
wolfSSL	4:1b0d80432c79	16334	match = 1;
wolfSSL	4:1b0d80432c79	16335	}
wolfSSL	4:1b0d80432c79	16336
wolfSSL	4:1b0d80432c79	16337	if (!match) {
wolfSSL	4:1b0d80432c79	16338	WOLFSSL_MSG("Not matching compression, turning off");
wolfSSL	4:1b0d80432c79	16339	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	4:1b0d80432c79	16340	}
wolfSSL	4:1b0d80432c79	16341	}
wolfSSL	4:1b0d80432c79	16342	else
wolfSSL	4:1b0d80432c79	16343	i += b; /* ignore, since we're not on */
wolfSSL	4:1b0d80432c79	16344
wolfSSL	4:1b0d80432c79	16345	*inOutIdx = i;
wolfSSL	4:1b0d80432c79	16346
wolfSSL	4:1b0d80432c79	16347	/* tls extensions */
wolfSSL	4:1b0d80432c79	16348	if ((i - begin) < helloSz) {
wolfSSL	4:1b0d80432c79	16349	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	16350	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	16351	QSH_Init(ssl);
wolfSSL	4:1b0d80432c79	16352	#endif
wolfSSL	4:1b0d80432c79	16353	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	4:1b0d80432c79	16354	int ret = 0;
wolfSSL	4:1b0d80432c79	16355	#else
wolfSSL	4:1b0d80432c79	16356	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	16357	#endif
wolfSSL	4:1b0d80432c79	16358	/* Process the hello extension. Skip unsupported. */
wolfSSL	4:1b0d80432c79	16359	word16 totalExtSz;
wolfSSL	4:1b0d80432c79	16360
wolfSSL	4:1b0d80432c79	16361	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	16362	/* auto populate extensions supported unless user defined */
wolfSSL	4:1b0d80432c79	16363	if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
wolfSSL	4:1b0d80432c79	16364	return ret;
wolfSSL	4:1b0d80432c79	16365	#endif
wolfSSL	4:1b0d80432c79	16366
wolfSSL	4:1b0d80432c79	16367	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	4:1b0d80432c79	16368	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16369
wolfSSL	4:1b0d80432c79	16370	ato16(&input[i], &totalExtSz);
wolfSSL	4:1b0d80432c79	16371	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16372
wolfSSL	4:1b0d80432c79	16373	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	4:1b0d80432c79	16374	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16375
wolfSSL	4:1b0d80432c79	16376	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	4:1b0d80432c79	16377	/* tls extensions */
wolfSSL	4:1b0d80432c79	16378	if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL	4:1b0d80432c79	16379	totalExtSz, 1, &clSuites)))
wolfSSL	4:1b0d80432c79	16380	return ret;
wolfSSL	4:1b0d80432c79	16381	#ifdef HAVE_STUNNEL
wolfSSL	4:1b0d80432c79	16382	if((ret=SNI_Callback(ssl)))
wolfSSL	4:1b0d80432c79	16383	return ret;
wolfSSL	4:1b0d80432c79	16384	#endif /HAVE_STUNNEL/
wolfSSL	4:1b0d80432c79	16385
wolfSSL	4:1b0d80432c79	16386	i += totalExtSz;
wolfSSL	4:1b0d80432c79	16387	#else
wolfSSL	4:1b0d80432c79	16388	while (totalExtSz) {
wolfSSL	4:1b0d80432c79	16389	word16 extId, extSz;
wolfSSL	4:1b0d80432c79	16390
wolfSSL	4:1b0d80432c79	16391	if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL	4:1b0d80432c79	16392	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16393
wolfSSL	4:1b0d80432c79	16394	ato16(&input[i], &extId);
wolfSSL	4:1b0d80432c79	16395	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16396	ato16(&input[i], &extSz);
wolfSSL	4:1b0d80432c79	16397	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16398
wolfSSL	4:1b0d80432c79	16399	if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL	4:1b0d80432c79	16400	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16401
wolfSSL	4:1b0d80432c79	16402	if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL	4:1b0d80432c79	16403	ato16(&input[i], &clSuites.hashSigAlgoSz);
wolfSSL	4:1b0d80432c79	16404	i += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16405
wolfSSL	4:1b0d80432c79	16406	if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
wolfSSL	4:1b0d80432c79	16407	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16408
wolfSSL	4:1b0d80432c79	16409	XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL	4:1b0d80432c79	16410	min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
wolfSSL	4:1b0d80432c79	16411	i += clSuites.hashSigAlgoSz;
wolfSSL	4:1b0d80432c79	16412
wolfSSL	4:1b0d80432c79	16413	if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
wolfSSL	4:1b0d80432c79	16414	clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
wolfSSL	4:1b0d80432c79	16415	}
wolfSSL	4:1b0d80432c79	16416	else
wolfSSL	4:1b0d80432c79	16417	i += extSz;
wolfSSL	4:1b0d80432c79	16418
wolfSSL	4:1b0d80432c79	16419	totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL	4:1b0d80432c79	16420	}
wolfSSL	4:1b0d80432c79	16421	#endif
wolfSSL	4:1b0d80432c79	16422	*inOutIdx = i;
wolfSSL	4:1b0d80432c79	16423	}
wolfSSL	4:1b0d80432c79	16424	else
wolfSSL	4:1b0d80432c79	16425	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	4:1b0d80432c79	16426	}
wolfSSL	4:1b0d80432c79	16427
wolfSSL	4:1b0d80432c79	16428	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	4:1b0d80432c79	16429	ssl->options.haveSessionId = 1;
wolfSSL	4:1b0d80432c79	16430
wolfSSL	4:1b0d80432c79	16431	/* ProcessOld uses same resume code */
wolfSSL	4:1b0d80432c79	16432	if (ssl->options.resuming) {
wolfSSL	4:1b0d80432c79	16433	int ret = -1;
wolfSSL	4:1b0d80432c79	16434	WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL	4:1b0d80432c79	16435	ssl->arrays->masterSecret);
wolfSSL	4:1b0d80432c79	16436	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	16437	if (ssl->options.useTicket == 1) {
wolfSSL	4:1b0d80432c79	16438	session = &ssl->session;
wolfSSL	4:1b0d80432c79	16439	}
wolfSSL	4:1b0d80432c79	16440	#endif
wolfSSL	4:1b0d80432c79	16441
wolfSSL	4:1b0d80432c79	16442	if (!session) {
wolfSSL	4:1b0d80432c79	16443	WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL	4:1b0d80432c79	16444	ssl->options.resuming = 0;
wolfSSL	4:1b0d80432c79	16445	}
wolfSSL	4:1b0d80432c79	16446	else {
wolfSSL	4:1b0d80432c79	16447	if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL	4:1b0d80432c79	16448	WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL	4:1b0d80432c79	16449	return UNSUPPORTED_SUITE;
wolfSSL	4:1b0d80432c79	16450	}
wolfSSL	4:1b0d80432c79	16451	#ifdef SESSION_CERTS
wolfSSL	4:1b0d80432c79	16452	ssl->session = session; / restore session certs. */
wolfSSL	4:1b0d80432c79	16453	#endif
wolfSSL	4:1b0d80432c79	16454
wolfSSL	4:1b0d80432c79	16455	ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	4:1b0d80432c79	16456	RAN_LEN);
wolfSSL	4:1b0d80432c79	16457	if (ret != 0)
wolfSSL	4:1b0d80432c79	16458	return ret;
wolfSSL	4:1b0d80432c79	16459
wolfSSL	4:1b0d80432c79	16460	#ifdef NO_OLD_TLS
wolfSSL	4:1b0d80432c79	16461	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	16462	#else
wolfSSL	4:1b0d80432c79	16463	#ifndef NO_TLS
wolfSSL	4:1b0d80432c79	16464	if (ssl->options.tls)
wolfSSL	4:1b0d80432c79	16465	ret = DeriveTlsKeys(ssl);
wolfSSL	4:1b0d80432c79	16466	#endif
wolfSSL	4:1b0d80432c79	16467	if (!ssl->options.tls)
wolfSSL	4:1b0d80432c79	16468	ret = DeriveKeys(ssl);
wolfSSL	4:1b0d80432c79	16469	#endif
wolfSSL	4:1b0d80432c79	16470	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	16471
wolfSSL	4:1b0d80432c79	16472	return ret;
wolfSSL	4:1b0d80432c79	16473	}
wolfSSL	4:1b0d80432c79	16474	}
wolfSSL	4:1b0d80432c79	16475	return MatchSuite(ssl, &clSuites);
wolfSSL	4:1b0d80432c79	16476	}
wolfSSL	4:1b0d80432c79	16477
wolfSSL	4:1b0d80432c79	16478	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	4:1b0d80432c79	16479	static int DoCertificateVerify(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	16480	word32 size)
wolfSSL	4:1b0d80432c79	16481	{
wolfSSL	4:1b0d80432c79	16482	word16 sz = 0;
wolfSSL	4:1b0d80432c79	16483	int ret = VERIFY_CERT_ERROR; /* start in error state */
wolfSSL	4:1b0d80432c79	16484	byte hashAlgo = sha_mac;
wolfSSL	4:1b0d80432c79	16485	byte sigAlgo = anonymous_sa_algo;
wolfSSL	4:1b0d80432c79	16486	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	16487
wolfSSL	4:1b0d80432c79	16488	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	16489	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	16490	AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	16491	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	16492	AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	16493	#endif
wolfSSL	4:1b0d80432c79	16494
wolfSSL	4:1b0d80432c79	16495
wolfSSL	4:1b0d80432c79	16496	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	16497	if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
wolfSSL	4:1b0d80432c79	16498	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16499
wolfSSL	4:1b0d80432c79	16500	hashAlgo = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	16501	sigAlgo = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	16502	}
wolfSSL	4:1b0d80432c79	16503
wolfSSL	4:1b0d80432c79	16504	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	4:1b0d80432c79	16505	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16506
wolfSSL	4:1b0d80432c79	16507	ato16(input + *inOutIdx, &sz);
wolfSSL	4:1b0d80432c79	16508	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	16509
wolfSSL	4:1b0d80432c79	16510	if ((*inOutIdx - begin) + sz > size \|\| sz > ENCRYPT_LEN)
wolfSSL	4:1b0d80432c79	16511	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	16512
wolfSSL	4:1b0d80432c79	16513	/* RSA */
wolfSSL	4:1b0d80432c79	16514	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	16515	if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL	4:1b0d80432c79	16516	byte* out = NULL;
wolfSSL	4:1b0d80432c79	16517	int outLen = 0;
wolfSSL	4:1b0d80432c79	16518	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	16519
wolfSSL	4:1b0d80432c79	16520	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	16521	if (ssl->ctx->RsaVerifyCb)
wolfSSL	4:1b0d80432c79	16522	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	16523	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	16524
wolfSSL	4:1b0d80432c79	16525	WOLFSSL_MSG("Doing RSA peer cert verify");
wolfSSL	4:1b0d80432c79	16526
wolfSSL	4:1b0d80432c79	16527	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	16528	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	16529	outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz,
wolfSSL	4:1b0d80432c79	16530	&out,
wolfSSL	4:1b0d80432c79	16531	ssl->buffers.peerRsaKey.buffer,
wolfSSL	4:1b0d80432c79	16532	ssl->buffers.peerRsaKey.length,
wolfSSL	4:1b0d80432c79	16533	ssl->RsaVerifyCtx);
wolfSSL	4:1b0d80432c79	16534	#endif /HAVE_PK_CALLBACKS /
wolfSSL	4:1b0d80432c79	16535	}
wolfSSL	4:1b0d80432c79	16536	else {
wolfSSL	4:1b0d80432c79	16537	outLen = wc_RsaSSL_VerifyInline(input + *inOutIdx, sz, &out,
wolfSSL	4:1b0d80432c79	16538	ssl->peerRsaKey);
wolfSSL	4:1b0d80432c79	16539	}
wolfSSL	4:1b0d80432c79	16540
wolfSSL	4:1b0d80432c79	16541	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	16542	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	16543	byte* encodedSig = NULL;
wolfSSL	4:1b0d80432c79	16544	#else
wolfSSL	4:1b0d80432c79	16545	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	4:1b0d80432c79	16546	#endif
wolfSSL	4:1b0d80432c79	16547	word32 sigSz;
wolfSSL	4:1b0d80432c79	16548	byte* digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	16549	int typeH = SHAh;
wolfSSL	4:1b0d80432c79	16550	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16551
wolfSSL	4:1b0d80432c79	16552	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	16553	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL	4:1b0d80432c79	16554	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	16555	if (encodedSig == NULL)
wolfSSL	4:1b0d80432c79	16556	return MEMORY_E;
wolfSSL	4:1b0d80432c79	16557	#endif
wolfSSL	4:1b0d80432c79	16558
wolfSSL	4:1b0d80432c79	16559	if (sigAlgo != rsa_sa_algo) {
wolfSSL	4:1b0d80432c79	16560	WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
wolfSSL	4:1b0d80432c79	16561	}
wolfSSL	4:1b0d80432c79	16562
wolfSSL	4:1b0d80432c79	16563	if (hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	16564	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	16565	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	16566	typeH = SHA256h;
wolfSSL	4:1b0d80432c79	16567	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16568	#endif
wolfSSL	4:1b0d80432c79	16569	}
wolfSSL	4:1b0d80432c79	16570	else if (hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	16571	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	16572	digest = ssl->hsHashes->certHashes.sha384;
wolfSSL	4:1b0d80432c79	16573	typeH = SHA384h;
wolfSSL	4:1b0d80432c79	16574	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16575	#endif
wolfSSL	4:1b0d80432c79	16576	}
wolfSSL	4:1b0d80432c79	16577	else if (hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	16578	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	16579	digest = ssl->hsHashes->certHashes.sha512;
wolfSSL	4:1b0d80432c79	16580	typeH = SHA512h;
wolfSSL	4:1b0d80432c79	16581	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16582	#endif
wolfSSL	4:1b0d80432c79	16583	}
wolfSSL	4:1b0d80432c79	16584
wolfSSL	4:1b0d80432c79	16585	sigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
wolfSSL	4:1b0d80432c79	16586
wolfSSL	4:1b0d80432c79	16587	if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
wolfSSL	4:1b0d80432c79	16588	min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
wolfSSL	4:1b0d80432c79	16589	ret = 0; /* verified */
wolfSSL	4:1b0d80432c79	16590
wolfSSL	4:1b0d80432c79	16591	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	4:1b0d80432c79	16592	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	4:1b0d80432c79	16593	#endif
wolfSSL	4:1b0d80432c79	16594	}
wolfSSL	4:1b0d80432c79	16595	else {
wolfSSL	4:1b0d80432c79	16596	if (outLen == FINISHED_SZ && out && XMEMCMP(out,
wolfSSL	4:1b0d80432c79	16597	&ssl->hsHashes->certHashes,
wolfSSL	4:1b0d80432c79	16598	FINISHED_SZ) == 0) {
wolfSSL	4:1b0d80432c79	16599	ret = 0; /* verified */
wolfSSL	4:1b0d80432c79	16600	}
wolfSSL	4:1b0d80432c79	16601	}
wolfSSL	4:1b0d80432c79	16602	}
wolfSSL	4:1b0d80432c79	16603	#endif
wolfSSL	4:1b0d80432c79	16604	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	16605	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	4:1b0d80432c79	16606	int verify = 0;
wolfSSL	4:1b0d80432c79	16607	int err = -1;
wolfSSL	4:1b0d80432c79	16608	byte* digest = ssl->hsHashes->certHashes.sha;
wolfSSL	4:1b0d80432c79	16609	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16610	byte doUserEcc = 0;
wolfSSL	4:1b0d80432c79	16611
wolfSSL	4:1b0d80432c79	16612	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	16613	if (ssl->ctx->EccVerifyCb)
wolfSSL	4:1b0d80432c79	16614	doUserEcc = 1;
wolfSSL	4:1b0d80432c79	16615	#endif
wolfSSL	4:1b0d80432c79	16616
wolfSSL	4:1b0d80432c79	16617	WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL	4:1b0d80432c79	16618
wolfSSL	4:1b0d80432c79	16619	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	4:1b0d80432c79	16620	if (sigAlgo != ecc_dsa_sa_algo) {
wolfSSL	4:1b0d80432c79	16621	WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL	4:1b0d80432c79	16622	}
wolfSSL	4:1b0d80432c79	16623
wolfSSL	4:1b0d80432c79	16624	if (hashAlgo == sha256_mac) {
wolfSSL	4:1b0d80432c79	16625	#ifndef NO_SHA256
wolfSSL	4:1b0d80432c79	16626	digest = ssl->hsHashes->certHashes.sha256;
wolfSSL	4:1b0d80432c79	16627	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16628	#endif
wolfSSL	4:1b0d80432c79	16629	}
wolfSSL	4:1b0d80432c79	16630	else if (hashAlgo == sha384_mac) {
wolfSSL	4:1b0d80432c79	16631	#ifdef WOLFSSL_SHA384
wolfSSL	4:1b0d80432c79	16632	digest = ssl->hsHashes->certHashes.sha384;
wolfSSL	4:1b0d80432c79	16633	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16634	#endif
wolfSSL	4:1b0d80432c79	16635	}
wolfSSL	4:1b0d80432c79	16636	else if (hashAlgo == sha512_mac) {
wolfSSL	4:1b0d80432c79	16637	#ifdef WOLFSSL_SHA512
wolfSSL	4:1b0d80432c79	16638	digest = ssl->hsHashes->certHashes.sha512;
wolfSSL	4:1b0d80432c79	16639	digestSz = SHA512_DIGEST_SIZE;
wolfSSL	4:1b0d80432c79	16640	#endif
wolfSSL	4:1b0d80432c79	16641	}
wolfSSL	4:1b0d80432c79	16642	}
wolfSSL	4:1b0d80432c79	16643
wolfSSL	4:1b0d80432c79	16644	if (doUserEcc) {
wolfSSL	4:1b0d80432c79	16645	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	16646	ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest,
wolfSSL	4:1b0d80432c79	16647	digestSz,
wolfSSL	4:1b0d80432c79	16648	ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	4:1b0d80432c79	16649	ssl->buffers.peerEccDsaKey.length,
wolfSSL	4:1b0d80432c79	16650	&verify, ssl->EccVerifyCtx);
wolfSSL	4:1b0d80432c79	16651	#endif
wolfSSL	4:1b0d80432c79	16652	}
wolfSSL	4:1b0d80432c79	16653	else {
wolfSSL	4:1b0d80432c79	16654	err = wc_ecc_verify_hash(input + *inOutIdx, sz, digest,
wolfSSL	4:1b0d80432c79	16655	digestSz, &verify, ssl->peerEccDsaKey);
wolfSSL	4:1b0d80432c79	16656	}
wolfSSL	4:1b0d80432c79	16657
wolfSSL	4:1b0d80432c79	16658	if (err == 0 && verify == 1)
wolfSSL	4:1b0d80432c79	16659	ret = 0; /* verified */
wolfSSL	4:1b0d80432c79	16660	}
wolfSSL	4:1b0d80432c79	16661	#endif
wolfSSL	4:1b0d80432c79	16662	*inOutIdx += sz;
wolfSSL	4:1b0d80432c79	16663
wolfSSL	4:1b0d80432c79	16664	if (ret == 0)
wolfSSL	4:1b0d80432c79	16665	ssl->options.havePeerVerify = 1;
wolfSSL	4:1b0d80432c79	16666
wolfSSL	4:1b0d80432c79	16667	return ret;
wolfSSL	4:1b0d80432c79	16668	}
wolfSSL	4:1b0d80432c79	16669	#endif /* !NO_RSA \|\| HAVE_ECC */
wolfSSL	4:1b0d80432c79	16670
wolfSSL	4:1b0d80432c79	16671	int SendServerHelloDone(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	16672	{
wolfSSL	4:1b0d80432c79	16673	byte *output;
wolfSSL	4:1b0d80432c79	16674	int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	16675	int ret;
wolfSSL	4:1b0d80432c79	16676
wolfSSL	4:1b0d80432c79	16677	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16678	if (ssl->options.dtls)
wolfSSL	4:1b0d80432c79	16679	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	4:1b0d80432c79	16680	#endif
wolfSSL	4:1b0d80432c79	16681	/* check for available size */
wolfSSL	4:1b0d80432c79	16682	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	16683	return ret;
wolfSSL	4:1b0d80432c79	16684
wolfSSL	4:1b0d80432c79	16685	/* get output buffer */
wolfSSL	4:1b0d80432c79	16686	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	16687	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	16688
wolfSSL	4:1b0d80432c79	16689	AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL	4:1b0d80432c79	16690
wolfSSL	4:1b0d80432c79	16691	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16692	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16693	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	16694	return 0;
wolfSSL	4:1b0d80432c79	16695	}
wolfSSL	4:1b0d80432c79	16696	#endif
wolfSSL	4:1b0d80432c79	16697
wolfSSL	4:1b0d80432c79	16698	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	16699	if (ret != 0)
wolfSSL	4:1b0d80432c79	16700	return ret;
wolfSSL	4:1b0d80432c79	16701
wolfSSL	4:1b0d80432c79	16702	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	16703	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	16704	AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	16705	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	16706	AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
wolfSSL	4:1b0d80432c79	16707	ssl->heap);
wolfSSL	4:1b0d80432c79	16708	#endif
wolfSSL	4:1b0d80432c79	16709	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	4:1b0d80432c79	16710
wolfSSL	4:1b0d80432c79	16711	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	16712
wolfSSL	4:1b0d80432c79	16713	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	16714	}
wolfSSL	4:1b0d80432c79	16715
wolfSSL	4:1b0d80432c79	16716
wolfSSL	4:1b0d80432c79	16717	#ifdef HAVE_SESSION_TICKET
wolfSSL	4:1b0d80432c79	16718
wolfSSL	4:1b0d80432c79	16719	#define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
wolfSSL	4:1b0d80432c79	16720	WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
wolfSSL	4:1b0d80432c79	16721	#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
wolfSSL	4:1b0d80432c79	16722
wolfSSL	4:1b0d80432c79	16723	/* our ticket format */
wolfSSL	4:1b0d80432c79	16724	typedef struct InternalTicket {
wolfSSL	4:1b0d80432c79	16725	ProtocolVersion pv; /* version when ticket created */
wolfSSL	4:1b0d80432c79	16726	byte suite[SUITE_LEN]; /* cipher suite when created */
wolfSSL	4:1b0d80432c79	16727	byte msecret[SECRET_LEN]; /* master secret */
wolfSSL	4:1b0d80432c79	16728	word32 timestamp; /* born on */
wolfSSL	4:1b0d80432c79	16729	} InternalTicket;
wolfSSL	4:1b0d80432c79	16730
wolfSSL	4:1b0d80432c79	16731	/* fit within SESSION_TICKET_LEN */
wolfSSL	4:1b0d80432c79	16732	typedef struct ExternalTicket {
wolfSSL	4:1b0d80432c79	16733	byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
wolfSSL	4:1b0d80432c79	16734	byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
wolfSSL	4:1b0d80432c79	16735	byte enc_len[LENGTH_SZ]; /* encrypted length */
wolfSSL	4:1b0d80432c79	16736	byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
wolfSSL	4:1b0d80432c79	16737	byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
wolfSSL	4:1b0d80432c79	16738	/* !! if add to structure, add to TICKET_FIXED_SZ !! */
wolfSSL	4:1b0d80432c79	16739	} ExternalTicket;
wolfSSL	4:1b0d80432c79	16740
wolfSSL	4:1b0d80432c79	16741	/* create a new session ticket, 0 on success */
wolfSSL	4:1b0d80432c79	16742	static int CreateTicket(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	16743	{
wolfSSL	4:1b0d80432c79	16744	InternalTicket it;
wolfSSL	4:1b0d80432c79	16745	ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
wolfSSL	4:1b0d80432c79	16746	int encLen;
wolfSSL	4:1b0d80432c79	16747	int ret;
wolfSSL	4:1b0d80432c79	16748	byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
wolfSSL	4:1b0d80432c79	16749
wolfSSL	4:1b0d80432c79	16750	/* build internal */
wolfSSL	4:1b0d80432c79	16751	it.pv.major = ssl->version.major;
wolfSSL	4:1b0d80432c79	16752	it.pv.minor = ssl->version.minor;
wolfSSL	4:1b0d80432c79	16753
wolfSSL	4:1b0d80432c79	16754	it.suite[0] = ssl->options.cipherSuite0;
wolfSSL	4:1b0d80432c79	16755	it.suite[1] = ssl->options.cipherSuite;
wolfSSL	4:1b0d80432c79	16756
wolfSSL	4:1b0d80432c79	16757	XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	4:1b0d80432c79	16758	c32toa(LowResTimer(), (byte*)&it.timestamp);
wolfSSL	4:1b0d80432c79	16759
wolfSSL	4:1b0d80432c79	16760	/* build external */
wolfSSL	4:1b0d80432c79	16761	XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
wolfSSL	4:1b0d80432c79	16762
wolfSSL	4:1b0d80432c79	16763	/* encrypt */
wolfSSL	4:1b0d80432c79	16764	encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
wolfSSL	4:1b0d80432c79	16765	ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
wolfSSL	4:1b0d80432c79	16766	et->enc_ticket, sizeof(InternalTicket),
wolfSSL	4:1b0d80432c79	16767	&encLen, ssl->ctx->ticketEncCtx);
wolfSSL	4:1b0d80432c79	16768	if (ret == WOLFSSL_TICKET_RET_OK) {
wolfSSL	4:1b0d80432c79	16769	if (encLen < (int)sizeof(InternalTicket) \|\|
wolfSSL	4:1b0d80432c79	16770	encLen > WOLFSSL_TICKET_ENC_SZ) {
wolfSSL	4:1b0d80432c79	16771	WOLFSSL_MSG("Bad user ticket encrypt size");
wolfSSL	4:1b0d80432c79	16772	return BAD_TICKET_KEY_CB_SZ;
wolfSSL	4:1b0d80432c79	16773	}
wolfSSL	4:1b0d80432c79	16774
wolfSSL	4:1b0d80432c79	16775	/* sanity checks on encrypt callback */
wolfSSL	4:1b0d80432c79	16776
wolfSSL	4:1b0d80432c79	16777	/* internal ticket can't be the same if encrypted */
wolfSSL	4:1b0d80432c79	16778	if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
wolfSSL	4:1b0d80432c79	16779	WOLFSSL_MSG("User ticket encrypt didn't encrypt");
wolfSSL	4:1b0d80432c79	16780	return BAD_TICKET_ENCRYPT;
wolfSSL	4:1b0d80432c79	16781	}
wolfSSL	4:1b0d80432c79	16782
wolfSSL	4:1b0d80432c79	16783	XMEMSET(zeros, 0, sizeof(zeros));
wolfSSL	4:1b0d80432c79	16784
wolfSSL	4:1b0d80432c79	16785	/* name */
wolfSSL	4:1b0d80432c79	16786	if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
wolfSSL	4:1b0d80432c79	16787	WOLFSSL_MSG("User ticket encrypt didn't set name");
wolfSSL	4:1b0d80432c79	16788	return BAD_TICKET_ENCRYPT;
wolfSSL	4:1b0d80432c79	16789	}
wolfSSL	4:1b0d80432c79	16790
wolfSSL	4:1b0d80432c79	16791	/* iv */
wolfSSL	4:1b0d80432c79	16792	if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
wolfSSL	4:1b0d80432c79	16793	WOLFSSL_MSG("User ticket encrypt didn't set iv");
wolfSSL	4:1b0d80432c79	16794	return BAD_TICKET_ENCRYPT;
wolfSSL	4:1b0d80432c79	16795	}
wolfSSL	4:1b0d80432c79	16796
wolfSSL	4:1b0d80432c79	16797	/* mac */
wolfSSL	4:1b0d80432c79	16798	if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
wolfSSL	4:1b0d80432c79	16799	WOLFSSL_MSG("User ticket encrypt didn't set mac");
wolfSSL	4:1b0d80432c79	16800	return BAD_TICKET_ENCRYPT;
wolfSSL	4:1b0d80432c79	16801	}
wolfSSL	4:1b0d80432c79	16802
wolfSSL	4:1b0d80432c79	16803	/* set size */
wolfSSL	4:1b0d80432c79	16804	c16toa((word16)encLen, et->enc_len);
wolfSSL	4:1b0d80432c79	16805	ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
wolfSSL	4:1b0d80432c79	16806	if (encLen < WOLFSSL_TICKET_ENC_SZ) {
wolfSSL	4:1b0d80432c79	16807	/* move mac up since whole enc buffer not used */
wolfSSL	4:1b0d80432c79	16808	XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
wolfSSL	4:1b0d80432c79	16809	}
wolfSSL	4:1b0d80432c79	16810	}
wolfSSL	4:1b0d80432c79	16811
wolfSSL	4:1b0d80432c79	16812	return ret;
wolfSSL	4:1b0d80432c79	16813	}
wolfSSL	4:1b0d80432c79	16814
wolfSSL	4:1b0d80432c79	16815
wolfSSL	4:1b0d80432c79	16816	/* Parse ticket sent by client, returns callback return value */
wolfSSL	4:1b0d80432c79	16817	int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
wolfSSL	4:1b0d80432c79	16818	{
wolfSSL	4:1b0d80432c79	16819	ExternalTicket* et;
wolfSSL	4:1b0d80432c79	16820	InternalTicket* it;
wolfSSL	4:1b0d80432c79	16821	int ret;
wolfSSL	4:1b0d80432c79	16822	int outLen;
wolfSSL	4:1b0d80432c79	16823	word16 inLen;
wolfSSL	4:1b0d80432c79	16824
wolfSSL	4:1b0d80432c79	16825	if (len > SESSION_TICKET_LEN \|\|
wolfSSL	4:1b0d80432c79	16826	len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL	4:1b0d80432c79	16827	return BAD_TICKET_MSG_SZ;
wolfSSL	4:1b0d80432c79	16828	}
wolfSSL	4:1b0d80432c79	16829
wolfSSL	4:1b0d80432c79	16830	et = (ExternalTicket*)input;
wolfSSL	4:1b0d80432c79	16831	it = (InternalTicket*)et->enc_ticket;
wolfSSL	4:1b0d80432c79	16832
wolfSSL	4:1b0d80432c79	16833	/* decrypt */
wolfSSL	4:1b0d80432c79	16834	ato16(et->enc_len, &inLen);
wolfSSL	4:1b0d80432c79	16835	if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL	4:1b0d80432c79	16836	return BAD_TICKET_MSG_SZ;
wolfSSL	4:1b0d80432c79	16837	}
wolfSSL	4:1b0d80432c79	16838	outLen = inLen; /* may be reduced by user padding */
wolfSSL	4:1b0d80432c79	16839	ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
wolfSSL	4:1b0d80432c79	16840	et->enc_ticket + inLen, 0,
wolfSSL	4:1b0d80432c79	16841	et->enc_ticket, inLen, &outLen,
wolfSSL	4:1b0d80432c79	16842	ssl->ctx->ticketEncCtx);
wolfSSL	4:1b0d80432c79	16843	if (ret == WOLFSSL_TICKET_RET_FATAL \|\| ret < 0) return ret;
wolfSSL	4:1b0d80432c79	16844	if (outLen > inLen \|\| outLen < (int)sizeof(InternalTicket)) {
wolfSSL	4:1b0d80432c79	16845	WOLFSSL_MSG("Bad user ticket decrypt len");
wolfSSL	4:1b0d80432c79	16846	return BAD_TICKET_KEY_CB_SZ;
wolfSSL	4:1b0d80432c79	16847	}
wolfSSL	4:1b0d80432c79	16848
wolfSSL	4:1b0d80432c79	16849	/* get master secret */
wolfSSL	4:1b0d80432c79	16850	if (ret == WOLFSSL_TICKET_RET_OK \|\| ret == WOLFSSL_TICKET_RET_CREATE)
wolfSSL	4:1b0d80432c79	16851	XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
wolfSSL	4:1b0d80432c79	16852
wolfSSL	4:1b0d80432c79	16853	return ret;
wolfSSL	4:1b0d80432c79	16854	}
wolfSSL	4:1b0d80432c79	16855
wolfSSL	4:1b0d80432c79	16856
wolfSSL	4:1b0d80432c79	16857	/* send Session Ticket */
wolfSSL	4:1b0d80432c79	16858	int SendTicket(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	16859	{
wolfSSL	4:1b0d80432c79	16860	byte* output;
wolfSSL	4:1b0d80432c79	16861	int ret;
wolfSSL	4:1b0d80432c79	16862	int sendSz;
wolfSSL	4:1b0d80432c79	16863	word32 length = SESSION_HINT_SZ + LENGTH_SZ;
wolfSSL	4:1b0d80432c79	16864	word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	16865
wolfSSL	4:1b0d80432c79	16866	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16867	if (ssl->options.dtls) {
wolfSSL	4:1b0d80432c79	16868	length += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	16869	idx += DTLS_RECORD_EXTRA;
wolfSSL	4:1b0d80432c79	16870	}
wolfSSL	4:1b0d80432c79	16871	#endif
wolfSSL	4:1b0d80432c79	16872
wolfSSL	4:1b0d80432c79	16873	if (ssl->options.createTicket) {
wolfSSL	4:1b0d80432c79	16874	ret = CreateTicket(ssl);
wolfSSL	4:1b0d80432c79	16875	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16876	}
wolfSSL	4:1b0d80432c79	16877
wolfSSL	4:1b0d80432c79	16878	length += ssl->session.ticketLen;
wolfSSL	4:1b0d80432c79	16879	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	4:1b0d80432c79	16880
wolfSSL	4:1b0d80432c79	16881	/* check for available size */
wolfSSL	4:1b0d80432c79	16882	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	16883	return ret;
wolfSSL	4:1b0d80432c79	16884
wolfSSL	4:1b0d80432c79	16885	/* get output buffer */
wolfSSL	4:1b0d80432c79	16886	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	16887	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	16888
wolfSSL	4:1b0d80432c79	16889	AddHeaders(output, length, session_ticket, ssl);
wolfSSL	4:1b0d80432c79	16890
wolfSSL	4:1b0d80432c79	16891	/* hint */
wolfSSL	4:1b0d80432c79	16892	c32toa(ssl->ctx->ticketHint, output + idx);
wolfSSL	4:1b0d80432c79	16893	idx += SESSION_HINT_SZ;
wolfSSL	4:1b0d80432c79	16894
wolfSSL	4:1b0d80432c79	16895	/* length */
wolfSSL	4:1b0d80432c79	16896	c16toa(ssl->session.ticketLen, output + idx);
wolfSSL	4:1b0d80432c79	16897	idx += LENGTH_SZ;
wolfSSL	4:1b0d80432c79	16898
wolfSSL	4:1b0d80432c79	16899	/* ticket */
wolfSSL	4:1b0d80432c79	16900	XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL	4:1b0d80432c79	16901	/* idx += ssl->session.ticketLen; */
wolfSSL	4:1b0d80432c79	16902
wolfSSL	4:1b0d80432c79	16903	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	4:1b0d80432c79	16904	if (ret != 0) return ret;
wolfSSL	4:1b0d80432c79	16905	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	16906
wolfSSL	4:1b0d80432c79	16907	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	16908	}
wolfSSL	4:1b0d80432c79	16909
wolfSSL	4:1b0d80432c79	16910	#endif /* HAVE_SESSION_TICKET */
wolfSSL	4:1b0d80432c79	16911
wolfSSL	4:1b0d80432c79	16912
wolfSSL	4:1b0d80432c79	16913	#ifdef WOLFSSL_DTLS
wolfSSL	4:1b0d80432c79	16914	static int SendHelloVerifyRequest(WOLFSSL* ssl,
wolfSSL	4:1b0d80432c79	16915	const byte* cookie, byte cookieSz)
wolfSSL	4:1b0d80432c79	16916	{
wolfSSL	4:1b0d80432c79	16917	byte* output;
wolfSSL	4:1b0d80432c79	16918	int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL	4:1b0d80432c79	16919	int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	4:1b0d80432c79	16920	int sendSz = length + idx;
wolfSSL	4:1b0d80432c79	16921	int ret;
wolfSSL	4:1b0d80432c79	16922
wolfSSL	4:1b0d80432c79	16923	/* check for available size */
wolfSSL	4:1b0d80432c79	16924	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	4:1b0d80432c79	16925	return ret;
wolfSSL	4:1b0d80432c79	16926
wolfSSL	4:1b0d80432c79	16927	/* get output buffer */
wolfSSL	4:1b0d80432c79	16928	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	4:1b0d80432c79	16929	ssl->buffers.outputBuffer.length;
wolfSSL	4:1b0d80432c79	16930
wolfSSL	4:1b0d80432c79	16931	/* Hello Verify Request should use the same sequence number as the
wolfSSL	4:1b0d80432c79	16932	* Client Hello. */
wolfSSL	4:1b0d80432c79	16933	ssl->keys.dtls_sequence_number = ssl->keys.dtls_state.curSeq;
wolfSSL	4:1b0d80432c79	16934	AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL	4:1b0d80432c79	16935	{
wolfSSL	4:1b0d80432c79	16936	DtlsRecordLayerHeader* rh = (DtlsRecordLayerHeader*)output;
wolfSSL	4:1b0d80432c79	16937	rh->pvMajor = DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	16938	rh->pvMinor = DTLS_MINOR;
wolfSSL	4:1b0d80432c79	16939	}
wolfSSL	4:1b0d80432c79	16940
wolfSSL	4:1b0d80432c79	16941	output[idx++] = DTLS_MAJOR;
wolfSSL	4:1b0d80432c79	16942	output[idx++] = DTLS_MINOR;
wolfSSL	4:1b0d80432c79	16943
wolfSSL	4:1b0d80432c79	16944	output[idx++] = cookieSz;
wolfSSL	4:1b0d80432c79	16945	if (cookie == NULL \|\| cookieSz == 0)
wolfSSL	4:1b0d80432c79	16946	return COOKIE_ERROR;
wolfSSL	4:1b0d80432c79	16947
wolfSSL	4:1b0d80432c79	16948	XMEMCPY(output + idx, cookie, cookieSz);
wolfSSL	4:1b0d80432c79	16949
wolfSSL	4:1b0d80432c79	16950	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	16951	if (ssl->hsInfoOn)
wolfSSL	4:1b0d80432c79	16952	AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	16953	if (ssl->toInfoOn)
wolfSSL	4:1b0d80432c79	16954	AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
wolfSSL	4:1b0d80432c79	16955	sendSz, ssl->heap);
wolfSSL	4:1b0d80432c79	16956	#endif
wolfSSL	4:1b0d80432c79	16957
wolfSSL	4:1b0d80432c79	16958	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	4:1b0d80432c79	16959
wolfSSL	4:1b0d80432c79	16960	return SendBuffered(ssl);
wolfSSL	4:1b0d80432c79	16961	}
wolfSSL	4:1b0d80432c79	16962	#endif
wolfSSL	4:1b0d80432c79	16963
wolfSSL	4:1b0d80432c79	16964	static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	4:1b0d80432c79	16965	word32 size)
wolfSSL	4:1b0d80432c79	16966	{
wolfSSL	4:1b0d80432c79	16967	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	16968	word16 name;
wolfSSL	4:1b0d80432c79	16969	int qshSz;
wolfSSL	4:1b0d80432c79	16970	#endif
wolfSSL	4:1b0d80432c79	16971	int ret = 0;
wolfSSL	4:1b0d80432c79	16972	word32 length = 0;
wolfSSL	4:1b0d80432c79	16973	byte* out = NULL;
wolfSSL	4:1b0d80432c79	16974	word32 begin = *inOutIdx;
wolfSSL	4:1b0d80432c79	16975
wolfSSL	4:1b0d80432c79	16976	(void)length; /* shut up compiler warnings */
wolfSSL	4:1b0d80432c79	16977	(void)out;
wolfSSL	4:1b0d80432c79	16978	(void)input;
wolfSSL	4:1b0d80432c79	16979	(void)size;
wolfSSL	4:1b0d80432c79	16980	(void)begin;
wolfSSL	4:1b0d80432c79	16981
wolfSSL	4:1b0d80432c79	16982	if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL	4:1b0d80432c79	16983	WOLFSSL_MSG("Client received client keyexchange, attack?");
wolfSSL	4:1b0d80432c79	16984	WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL	4:1b0d80432c79	16985	return SSL_FATAL_ERROR;
wolfSSL	4:1b0d80432c79	16986	}
wolfSSL	4:1b0d80432c79	16987
wolfSSL	4:1b0d80432c79	16988	if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL	4:1b0d80432c79	16989	WOLFSSL_MSG("Client sending keyexchange at wrong time");
wolfSSL	4:1b0d80432c79	16990	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	4:1b0d80432c79	16991	return OUT_OF_ORDER_E;
wolfSSL	4:1b0d80432c79	16992	}
wolfSSL	4:1b0d80432c79	16993
wolfSSL	4:1b0d80432c79	16994	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	16995	if (ssl->options.verifyPeer && ssl->options.failNoCert) {
wolfSSL	4:1b0d80432c79	16996	if (!ssl->options.havePeerCert) {
wolfSSL	4:1b0d80432c79	16997	WOLFSSL_MSG("client didn't present peer cert");
wolfSSL	4:1b0d80432c79	16998	return NO_PEER_CERT;
wolfSSL	4:1b0d80432c79	16999	}
wolfSSL	4:1b0d80432c79	17000	}
wolfSSL	4:1b0d80432c79	17001
wolfSSL	4:1b0d80432c79	17002	if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) {
wolfSSL	4:1b0d80432c79	17003	if (!ssl->options.havePeerCert &&
wolfSSL	4:1b0d80432c79	17004	!ssl->options.usingPSK_cipher){
wolfSSL	4:1b0d80432c79	17005	WOLFSSL_MSG("client didn't present peer cert");
wolfSSL	4:1b0d80432c79	17006	return NO_PEER_CERT;
wolfSSL	4:1b0d80432c79	17007	}
wolfSSL	4:1b0d80432c79	17008	}
wolfSSL	4:1b0d80432c79	17009	#endif
wolfSSL	4:1b0d80432c79	17010
wolfSSL	4:1b0d80432c79	17011	#ifdef WOLFSSL_CALLBACKS
wolfSSL	4:1b0d80432c79	17012	if (ssl->hsInfoOn) {
wolfSSL	4:1b0d80432c79	17013	AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL	4:1b0d80432c79	17014	}
wolfSSL	4:1b0d80432c79	17015	if (ssl->toInfoOn) {
wolfSSL	4:1b0d80432c79	17016	AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL	4:1b0d80432c79	17017	}
wolfSSL	4:1b0d80432c79	17018	#endif
wolfSSL	4:1b0d80432c79	17019
wolfSSL	4:1b0d80432c79	17020	switch (ssl->specs.kea) {
wolfSSL	4:1b0d80432c79	17021	#ifndef NO_RSA
wolfSSL	4:1b0d80432c79	17022	case rsa_kea:
wolfSSL	4:1b0d80432c79	17023	{
wolfSSL	4:1b0d80432c79	17024	word32 idx = 0;
wolfSSL	4:1b0d80432c79	17025	RsaKey key;
wolfSSL	4:1b0d80432c79	17026	byte doUserRsa = 0;
wolfSSL	4:1b0d80432c79	17027
wolfSSL	4:1b0d80432c79	17028	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	17029	if (ssl->ctx->RsaDecCb) {
wolfSSL	4:1b0d80432c79	17030	doUserRsa = 1;
wolfSSL	4:1b0d80432c79	17031	}
wolfSSL	4:1b0d80432c79	17032	#endif
wolfSSL	4:1b0d80432c79	17033
wolfSSL	4:1b0d80432c79	17034	ret = wc_InitRsaKey(&key, ssl->heap);
wolfSSL	4:1b0d80432c79	17035	if (ret != 0) {
wolfSSL	4:1b0d80432c79	17036	return ret;
wolfSSL	4:1b0d80432c79	17037	}
wolfSSL	4:1b0d80432c79	17038
wolfSSL	4:1b0d80432c79	17039	if (!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	4:1b0d80432c79	17040	return NO_PRIVATE_KEY;
wolfSSL	4:1b0d80432c79	17041	}
wolfSSL	4:1b0d80432c79	17042
wolfSSL	4:1b0d80432c79	17043	ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL	4:1b0d80432c79	17044	&key, ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	17045
wolfSSL	4:1b0d80432c79	17046	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17047	length = wc_RsaEncryptSize(&key);
wolfSSL	4:1b0d80432c79	17048	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	4:1b0d80432c79	17049
wolfSSL	4:1b0d80432c79	17050	if (ssl->options.tls) {
wolfSSL	4:1b0d80432c79	17051	word16 check;
wolfSSL	4:1b0d80432c79	17052
wolfSSL	4:1b0d80432c79	17053	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17054	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17055	}
wolfSSL	4:1b0d80432c79	17056
wolfSSL	4:1b0d80432c79	17057	ato16(input + *inOutIdx, &check);
wolfSSL	4:1b0d80432c79	17058	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17059
wolfSSL	4:1b0d80432c79	17060	if ((word32) check != length) {
wolfSSL	4:1b0d80432c79	17061	WOLFSSL_MSG("RSA explicit size doesn't match");
wolfSSL	4:1b0d80432c79	17062	wc_FreeRsaKey(&key);
wolfSSL	4:1b0d80432c79	17063	return RSA_PRIVATE_ERROR;
wolfSSL	4:1b0d80432c79	17064	}
wolfSSL	4:1b0d80432c79	17065	}
wolfSSL	4:1b0d80432c79	17066
wolfSSL	4:1b0d80432c79	17067	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	17068	WOLFSSL_MSG("RSA message too big");
wolfSSL	4:1b0d80432c79	17069	wc_FreeRsaKey(&key);
wolfSSL	4:1b0d80432c79	17070	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17071	}
wolfSSL	4:1b0d80432c79	17072
wolfSSL	4:1b0d80432c79	17073	if (doUserRsa) {
wolfSSL	4:1b0d80432c79	17074	#ifdef HAVE_PK_CALLBACKS
wolfSSL	4:1b0d80432c79	17075	ret = ssl->ctx->RsaDecCb(ssl,
wolfSSL	4:1b0d80432c79	17076	input + *inOutIdx, length, &out,
wolfSSL	4:1b0d80432c79	17077	ssl->buffers.key->buffer,
wolfSSL	4:1b0d80432c79	17078	ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	17079	ssl->RsaDecCtx);
wolfSSL	4:1b0d80432c79	17080	#endif
wolfSSL	4:1b0d80432c79	17081	}
wolfSSL	4:1b0d80432c79	17082	else {
wolfSSL	4:1b0d80432c79	17083	ret = wc_RsaPrivateDecryptInline(input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	17084	&out, &key);
wolfSSL	4:1b0d80432c79	17085	}
wolfSSL	4:1b0d80432c79	17086
wolfSSL	4:1b0d80432c79	17087	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	17088
wolfSSL	4:1b0d80432c79	17089	if (ret == SECRET_LEN) {
wolfSSL	4:1b0d80432c79	17090	XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
wolfSSL	4:1b0d80432c79	17091	if (ssl->arrays->preMasterSecret[0] !=
wolfSSL	4:1b0d80432c79	17092	ssl->chVersion.major
wolfSSL	4:1b0d80432c79	17093	\|\| ssl->arrays->preMasterSecret[1] !=
wolfSSL	4:1b0d80432c79	17094	ssl->chVersion.minor) {
wolfSSL	4:1b0d80432c79	17095	ret = PMS_VERSION_ERROR;
wolfSSL	4:1b0d80432c79	17096	}
wolfSSL	4:1b0d80432c79	17097	else
wolfSSL	4:1b0d80432c79	17098	{
wolfSSL	4:1b0d80432c79	17099	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17100	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17101	/* extension name */
wolfSSL	4:1b0d80432c79	17102	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17103	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17104
wolfSSL	4:1b0d80432c79	17105	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17106	/* if qshSz is larger than 0 it is the
wolfSSL	4:1b0d80432c79	17107	length of buffer used */
wolfSSL	4:1b0d80432c79	17108	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input
wolfSSL	4:1b0d80432c79	17109	+ inOutIdx, size - inOutIdx
wolfSSL	4:1b0d80432c79	17110	+ begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17111	return qshSz;
wolfSSL	4:1b0d80432c79	17112	}
wolfSSL	4:1b0d80432c79	17113	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17114	}
wolfSSL	4:1b0d80432c79	17115	else {
wolfSSL	4:1b0d80432c79	17116	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17117	handshake */
wolfSSL	4:1b0d80432c79	17118	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17119	}
wolfSSL	4:1b0d80432c79	17120	}
wolfSSL	4:1b0d80432c79	17121	#endif
wolfSSL	4:1b0d80432c79	17122	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17123	}
wolfSSL	4:1b0d80432c79	17124	}
wolfSSL	4:1b0d80432c79	17125	else {
wolfSSL	4:1b0d80432c79	17126	ret = RSA_PRIVATE_ERROR;
wolfSSL	4:1b0d80432c79	17127	}
wolfSSL	4:1b0d80432c79	17128	}
wolfSSL	4:1b0d80432c79	17129
wolfSSL	4:1b0d80432c79	17130	wc_FreeRsaKey(&key);
wolfSSL	4:1b0d80432c79	17131	}
wolfSSL	4:1b0d80432c79	17132	break;
wolfSSL	4:1b0d80432c79	17133	#endif
wolfSSL	4:1b0d80432c79	17134	#ifndef NO_PSK
wolfSSL	4:1b0d80432c79	17135	case psk_kea:
wolfSSL	4:1b0d80432c79	17136	{
wolfSSL	4:1b0d80432c79	17137	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	17138	word16 ci_sz;
wolfSSL	4:1b0d80432c79	17139
wolfSSL	4:1b0d80432c79	17140	/* sanity check that PSK server callback has been set */
wolfSSL	4:1b0d80432c79	17141	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	17142	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	4:1b0d80432c79	17143	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17144	}
wolfSSL	4:1b0d80432c79	17145
wolfSSL	4:1b0d80432c79	17146	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17147	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17148	}
wolfSSL	4:1b0d80432c79	17149
wolfSSL	4:1b0d80432c79	17150	ato16(input + *inOutIdx, &ci_sz);
wolfSSL	4:1b0d80432c79	17151	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17152
wolfSSL	4:1b0d80432c79	17153	if (ci_sz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	17154	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	17155	}
wolfSSL	4:1b0d80432c79	17156
wolfSSL	4:1b0d80432c79	17157	if ((*inOutIdx - begin) + ci_sz > size) {
wolfSSL	4:1b0d80432c79	17158	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17159	}
wolfSSL	4:1b0d80432c79	17160
wolfSSL	4:1b0d80432c79	17161	XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
wolfSSL	4:1b0d80432c79	17162	*inOutIdx += ci_sz;
wolfSSL	4:1b0d80432c79	17163
wolfSSL	4:1b0d80432c79	17164	ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
wolfSSL	4:1b0d80432c79	17165	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	17166	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	4:1b0d80432c79	17167	MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	17168
wolfSSL	4:1b0d80432c79	17169	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	17170	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	17171	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17172	}
wolfSSL	4:1b0d80432c79	17173
wolfSSL	4:1b0d80432c79	17174	/* make psk pre master secret */
wolfSSL	4:1b0d80432c79	17175	/* length of key + length 0s + length of key + key */
wolfSSL	4:1b0d80432c79	17176	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	17177	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17178
wolfSSL	4:1b0d80432c79	17179	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17180	pms += ssl->arrays->psk_keySz;
wolfSSL	4:1b0d80432c79	17181
wolfSSL	4:1b0d80432c79	17182	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	17183	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17184
wolfSSL	4:1b0d80432c79	17185	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17186	ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL	4:1b0d80432c79	17187
wolfSSL	4:1b0d80432c79	17188	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17189	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17190	/* extension name */
wolfSSL	4:1b0d80432c79	17191	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17192	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17193
wolfSSL	4:1b0d80432c79	17194	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17195	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17196	buffer used */
wolfSSL	4:1b0d80432c79	17197	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17198	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17199	return qshSz;
wolfSSL	4:1b0d80432c79	17200	}
wolfSSL	4:1b0d80432c79	17201	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17202	}
wolfSSL	4:1b0d80432c79	17203	else {
wolfSSL	4:1b0d80432c79	17204	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17205	handshake */
wolfSSL	4:1b0d80432c79	17206	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17207	}
wolfSSL	4:1b0d80432c79	17208	}
wolfSSL	4:1b0d80432c79	17209	#endif
wolfSSL	4:1b0d80432c79	17210	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17211
wolfSSL	4:1b0d80432c79	17212	/* No further need for PSK */
wolfSSL	4:1b0d80432c79	17213	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17214	ssl->arrays->psk_keySz = 0;
wolfSSL	4:1b0d80432c79	17215	}
wolfSSL	4:1b0d80432c79	17216	break;
wolfSSL	4:1b0d80432c79	17217	#endif /* NO_PSK */
wolfSSL	4:1b0d80432c79	17218	#ifdef HAVE_NTRU
wolfSSL	4:1b0d80432c79	17219	case ntru_kea:
wolfSSL	4:1b0d80432c79	17220	{
wolfSSL	4:1b0d80432c79	17221	word16 cipherLen;
wolfSSL	4:1b0d80432c79	17222	word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	4:1b0d80432c79	17223
wolfSSL	4:1b0d80432c79	17224	if (!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	4:1b0d80432c79	17225	return NO_PRIVATE_KEY;
wolfSSL	4:1b0d80432c79	17226	}
wolfSSL	4:1b0d80432c79	17227
wolfSSL	4:1b0d80432c79	17228	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17229	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17230	}
wolfSSL	4:1b0d80432c79	17231
wolfSSL	4:1b0d80432c79	17232	ato16(input + *inOutIdx, &cipherLen);
wolfSSL	4:1b0d80432c79	17233	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17234
wolfSSL	4:1b0d80432c79	17235	if (cipherLen > MAX_NTRU_ENCRYPT_SZ) {
wolfSSL	4:1b0d80432c79	17236	return NTRU_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17237	}
wolfSSL	4:1b0d80432c79	17238
wolfSSL	4:1b0d80432c79	17239	if ((*inOutIdx - begin) + cipherLen > size) {
wolfSSL	4:1b0d80432c79	17240	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17241	}
wolfSSL	4:1b0d80432c79	17242
wolfSSL	4:1b0d80432c79	17243	if (NTRU_OK != ntru_crypto_ntru_decrypt(
wolfSSL	4:1b0d80432c79	17244	(word16) ssl->buffers.key->length,
wolfSSL	4:1b0d80432c79	17245	ssl->buffers.key->buffer, cipherLen,
wolfSSL	4:1b0d80432c79	17246	input + *inOutIdx, &plainLen,
wolfSSL	4:1b0d80432c79	17247	ssl->arrays->preMasterSecret)) {
wolfSSL	4:1b0d80432c79	17248	return NTRU_DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	17249	}
wolfSSL	4:1b0d80432c79	17250
wolfSSL	4:1b0d80432c79	17251	if (plainLen != SECRET_LEN) {
wolfSSL	4:1b0d80432c79	17252	return NTRU_DECRYPT_ERROR;
wolfSSL	4:1b0d80432c79	17253	}
wolfSSL	4:1b0d80432c79	17254
wolfSSL	4:1b0d80432c79	17255	*inOutIdx += cipherLen;
wolfSSL	4:1b0d80432c79	17256
wolfSSL	4:1b0d80432c79	17257	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17258	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17259	/* extension name */
wolfSSL	4:1b0d80432c79	17260	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17261	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17262
wolfSSL	4:1b0d80432c79	17263	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17264	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17265	buffer used */
wolfSSL	4:1b0d80432c79	17266	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17267	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17268	return qshSz;
wolfSSL	4:1b0d80432c79	17269	}
wolfSSL	4:1b0d80432c79	17270	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17271	}
wolfSSL	4:1b0d80432c79	17272	else {
wolfSSL	4:1b0d80432c79	17273	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17274	handshake */
wolfSSL	4:1b0d80432c79	17275	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17276	}
wolfSSL	4:1b0d80432c79	17277	}
wolfSSL	4:1b0d80432c79	17278	#endif
wolfSSL	4:1b0d80432c79	17279	ssl->arrays->preMasterSz = plainLen;
wolfSSL	4:1b0d80432c79	17280	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17281	}
wolfSSL	4:1b0d80432c79	17282	break;
wolfSSL	4:1b0d80432c79	17283	#endif /* HAVE_NTRU */
wolfSSL	4:1b0d80432c79	17284	#ifdef HAVE_ECC
wolfSSL	4:1b0d80432c79	17285	case ecc_diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	17286	{
wolfSSL	4:1b0d80432c79	17287	if ((*inOutIdx - begin) + OPAQUE8_LEN > size) {
wolfSSL	4:1b0d80432c79	17288	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17289	}
wolfSSL	4:1b0d80432c79	17290
wolfSSL	4:1b0d80432c79	17291	length = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	17292
wolfSSL	4:1b0d80432c79	17293	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	17294	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17295	}
wolfSSL	4:1b0d80432c79	17296
wolfSSL	4:1b0d80432c79	17297	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	17298	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	17299	ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	17300	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	17301	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	17302	WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL	4:1b0d80432c79	17303	return MEMORY_E;
wolfSSL	4:1b0d80432c79	17304	}
wolfSSL	4:1b0d80432c79	17305	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17306	} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL	4:1b0d80432c79	17307	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17308	ssl->peerEccKeyPresent = 0;
wolfSSL	4:1b0d80432c79	17309	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17310	}
wolfSSL	4:1b0d80432c79	17311
wolfSSL	4:1b0d80432c79	17312	if (wc_ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) {
wolfSSL	4:1b0d80432c79	17313	return ECC_PEERKEY_ERROR;
wolfSSL	4:1b0d80432c79	17314	}
wolfSSL	4:1b0d80432c79	17315
wolfSSL	4:1b0d80432c79	17316	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	17317	ssl->peerEccKeyPresent = 1;
wolfSSL	4:1b0d80432c79	17318
wolfSSL	4:1b0d80432c79	17319	length = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	4:1b0d80432c79	17320
wolfSSL	4:1b0d80432c79	17321	if (ssl->specs.static_ecdh) {
wolfSSL	4:1b0d80432c79	17322	ecc_key staticKey;
wolfSSL	4:1b0d80432c79	17323	word32 i = 0;
wolfSSL	4:1b0d80432c79	17324
wolfSSL	4:1b0d80432c79	17325	wc_ecc_init(&staticKey);
wolfSSL	4:1b0d80432c79	17326	ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &i,
wolfSSL	4:1b0d80432c79	17327	&staticKey, ssl->buffers.key->length);
wolfSSL	4:1b0d80432c79	17328
wolfSSL	4:1b0d80432c79	17329	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17330	ret = wc_ecc_shared_secret(&staticKey, ssl->peerEccKey,
wolfSSL	4:1b0d80432c79	17331	ssl->arrays->preMasterSecret, &length);
wolfSSL	4:1b0d80432c79	17332	}
wolfSSL	4:1b0d80432c79	17333
wolfSSL	4:1b0d80432c79	17334	wc_ecc_free(&staticKey);
wolfSSL	4:1b0d80432c79	17335	}
wolfSSL	4:1b0d80432c79	17336	else {
wolfSSL	4:1b0d80432c79	17337	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	17338	WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL	4:1b0d80432c79	17339	ret = ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	17340	} else {
wolfSSL	4:1b0d80432c79	17341	ret = wc_ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey,
wolfSSL	4:1b0d80432c79	17342	ssl->arrays->preMasterSecret, &length);
wolfSSL	4:1b0d80432c79	17343	}
wolfSSL	4:1b0d80432c79	17344	}
wolfSSL	4:1b0d80432c79	17345
wolfSSL	4:1b0d80432c79	17346	if (ret != 0) {
wolfSSL	4:1b0d80432c79	17347	return ECC_SHARED_ERROR;
wolfSSL	4:1b0d80432c79	17348	}
wolfSSL	4:1b0d80432c79	17349
wolfSSL	4:1b0d80432c79	17350	ssl->arrays->preMasterSz = length;
wolfSSL	4:1b0d80432c79	17351	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17352	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17353	/* extension name */
wolfSSL	4:1b0d80432c79	17354	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17355	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17356
wolfSSL	4:1b0d80432c79	17357	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17358	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17359	buffer used */
wolfSSL	4:1b0d80432c79	17360	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17361	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17362	return qshSz;
wolfSSL	4:1b0d80432c79	17363	}
wolfSSL	4:1b0d80432c79	17364	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17365	}
wolfSSL	4:1b0d80432c79	17366	else {
wolfSSL	4:1b0d80432c79	17367	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17368	handshake */
wolfSSL	4:1b0d80432c79	17369	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17370	}
wolfSSL	4:1b0d80432c79	17371	}
wolfSSL	4:1b0d80432c79	17372	#endif
wolfSSL	4:1b0d80432c79	17373	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17374	}
wolfSSL	4:1b0d80432c79	17375	break;
wolfSSL	4:1b0d80432c79	17376	#endif /* HAVE_ECC */
wolfSSL	4:1b0d80432c79	17377	#ifndef NO_DH
wolfSSL	4:1b0d80432c79	17378	case diffie_hellman_kea:
wolfSSL	4:1b0d80432c79	17379	{
wolfSSL	4:1b0d80432c79	17380	word16 clientPubSz;
wolfSSL	4:1b0d80432c79	17381	DhKey dhKey;
wolfSSL	4:1b0d80432c79	17382
wolfSSL	4:1b0d80432c79	17383	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17384	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17385	}
wolfSSL	4:1b0d80432c79	17386
wolfSSL	4:1b0d80432c79	17387	ato16(input + *inOutIdx, &clientPubSz);
wolfSSL	4:1b0d80432c79	17388	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17389
wolfSSL	4:1b0d80432c79	17390	if ((*inOutIdx - begin) + clientPubSz > size) {
wolfSSL	4:1b0d80432c79	17391	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17392	}
wolfSSL	4:1b0d80432c79	17393
wolfSSL	4:1b0d80432c79	17394	wc_InitDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	17395	ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	17396	ssl->buffers.serverDH_P.length,
wolfSSL	4:1b0d80432c79	17397	ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	17398	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	17399	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17400	ret = wc_DhAgree(&dhKey, ssl->arrays->preMasterSecret,
wolfSSL	4:1b0d80432c79	17401	&ssl->arrays->preMasterSz,
wolfSSL	4:1b0d80432c79	17402	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	17403	ssl->buffers.serverDH_Priv.length,
wolfSSL	4:1b0d80432c79	17404	input + *inOutIdx, clientPubSz);
wolfSSL	4:1b0d80432c79	17405	}
wolfSSL	4:1b0d80432c79	17406	wc_FreeDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	17407
wolfSSL	4:1b0d80432c79	17408	*inOutIdx += clientPubSz;
wolfSSL	4:1b0d80432c79	17409
wolfSSL	4:1b0d80432c79	17410	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17411	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17412	/* extension name */
wolfSSL	4:1b0d80432c79	17413	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17414	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17415
wolfSSL	4:1b0d80432c79	17416	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17417	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17418	buffer used */
wolfSSL	4:1b0d80432c79	17419	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17420	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17421	return qshSz;
wolfSSL	4:1b0d80432c79	17422	}
wolfSSL	4:1b0d80432c79	17423	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17424	}
wolfSSL	4:1b0d80432c79	17425	else {
wolfSSL	4:1b0d80432c79	17426	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17427	handshake */
wolfSSL	4:1b0d80432c79	17428	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17429	}
wolfSSL	4:1b0d80432c79	17430	}
wolfSSL	4:1b0d80432c79	17431	#endif
wolfSSL	4:1b0d80432c79	17432	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17433	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17434	}
wolfSSL	4:1b0d80432c79	17435	}
wolfSSL	4:1b0d80432c79	17436	break;
wolfSSL	4:1b0d80432c79	17437	#endif /* NO_DH */
wolfSSL	4:1b0d80432c79	17438	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	17439	case dhe_psk_kea:
wolfSSL	4:1b0d80432c79	17440	{
wolfSSL	4:1b0d80432c79	17441	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	17442	word16 clientSz;
wolfSSL	4:1b0d80432c79	17443	DhKey dhKey;
wolfSSL	4:1b0d80432c79	17444
wolfSSL	4:1b0d80432c79	17445	/* sanity check that PSK server callback has been set */
wolfSSL	4:1b0d80432c79	17446	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	17447	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	4:1b0d80432c79	17448	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17449	}
wolfSSL	4:1b0d80432c79	17450
wolfSSL	4:1b0d80432c79	17451	/* Read in the PSK hint */
wolfSSL	4:1b0d80432c79	17452	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17453	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17454	}
wolfSSL	4:1b0d80432c79	17455
wolfSSL	4:1b0d80432c79	17456	ato16(input + *inOutIdx, &clientSz);
wolfSSL	4:1b0d80432c79	17457	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17458	if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	17459	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	17460	}
wolfSSL	4:1b0d80432c79	17461
wolfSSL	4:1b0d80432c79	17462	if ((*inOutIdx - begin) + clientSz > size) {
wolfSSL	4:1b0d80432c79	17463	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17464	}
wolfSSL	4:1b0d80432c79	17465
wolfSSL	4:1b0d80432c79	17466	XMEMCPY(ssl->arrays->client_identity,
wolfSSL	4:1b0d80432c79	17467	input + *inOutIdx, clientSz);
wolfSSL	4:1b0d80432c79	17468	*inOutIdx += clientSz;
wolfSSL	4:1b0d80432c79	17469	ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] =
wolfSSL	4:1b0d80432c79	17470	0;
wolfSSL	4:1b0d80432c79	17471
wolfSSL	4:1b0d80432c79	17472	/* Read in the DHE business */
wolfSSL	4:1b0d80432c79	17473	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17474	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17475	}
wolfSSL	4:1b0d80432c79	17476
wolfSSL	4:1b0d80432c79	17477	ato16(input + *inOutIdx, &clientSz);
wolfSSL	4:1b0d80432c79	17478	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17479
wolfSSL	4:1b0d80432c79	17480	if ((*inOutIdx - begin) + clientSz > size) {
wolfSSL	4:1b0d80432c79	17481	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17482	}
wolfSSL	4:1b0d80432c79	17483
wolfSSL	4:1b0d80432c79	17484	wc_InitDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	17485	ret = wc_DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	4:1b0d80432c79	17486	ssl->buffers.serverDH_P.length,
wolfSSL	4:1b0d80432c79	17487	ssl->buffers.serverDH_G.buffer,
wolfSSL	4:1b0d80432c79	17488	ssl->buffers.serverDH_G.length);
wolfSSL	4:1b0d80432c79	17489	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17490	ret = wc_DhAgree(&dhKey, pms + OPAQUE16_LEN,
wolfSSL	4:1b0d80432c79	17491	&ssl->arrays->preMasterSz,
wolfSSL	4:1b0d80432c79	17492	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	4:1b0d80432c79	17493	ssl->buffers.serverDH_Priv.length,
wolfSSL	4:1b0d80432c79	17494	input + *inOutIdx, clientSz);
wolfSSL	4:1b0d80432c79	17495	}
wolfSSL	4:1b0d80432c79	17496	wc_FreeDhKey(&dhKey);
wolfSSL	4:1b0d80432c79	17497
wolfSSL	4:1b0d80432c79	17498	*inOutIdx += clientSz;
wolfSSL	4:1b0d80432c79	17499	c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL	4:1b0d80432c79	17500	ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17501	pms += ssl->arrays->preMasterSz;
wolfSSL	4:1b0d80432c79	17502
wolfSSL	4:1b0d80432c79	17503	/* Use the PSK hint to look up the PSK and add it to the
wolfSSL	4:1b0d80432c79	17504	* preMasterSecret here. */
wolfSSL	4:1b0d80432c79	17505	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	17506	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	4:1b0d80432c79	17507	MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	17508
wolfSSL	4:1b0d80432c79	17509	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	17510	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	17511	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17512	}
wolfSSL	4:1b0d80432c79	17513
wolfSSL	4:1b0d80432c79	17514	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	17515	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17516
wolfSSL	4:1b0d80432c79	17517	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17518	ssl->arrays->preMasterSz +=
wolfSSL	4:1b0d80432c79	17519	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17520	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17521	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17522	/* extension name */
wolfSSL	4:1b0d80432c79	17523	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17524	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17525
wolfSSL	4:1b0d80432c79	17526	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17527	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17528	buffer used */
wolfSSL	4:1b0d80432c79	17529	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17530	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17531	return qshSz;
wolfSSL	4:1b0d80432c79	17532	}
wolfSSL	4:1b0d80432c79	17533	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17534	}
wolfSSL	4:1b0d80432c79	17535	else {
wolfSSL	4:1b0d80432c79	17536	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17537	handshake */
wolfSSL	4:1b0d80432c79	17538	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17539	}
wolfSSL	4:1b0d80432c79	17540	}
wolfSSL	4:1b0d80432c79	17541	#endif
wolfSSL	4:1b0d80432c79	17542	if (ret == 0)
wolfSSL	4:1b0d80432c79	17543	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17544
wolfSSL	4:1b0d80432c79	17545	/* No further need for PSK */
wolfSSL	4:1b0d80432c79	17546	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17547	ssl->arrays->psk_keySz = 0;
wolfSSL	4:1b0d80432c79	17548	}
wolfSSL	4:1b0d80432c79	17549	break;
wolfSSL	4:1b0d80432c79	17550	#endif /* !NO_DH && !NO_PSK */
wolfSSL	4:1b0d80432c79	17551	#if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL	4:1b0d80432c79	17552	case ecdhe_psk_kea:
wolfSSL	4:1b0d80432c79	17553	{
wolfSSL	4:1b0d80432c79	17554	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	4:1b0d80432c79	17555	word16 clientSz;
wolfSSL	4:1b0d80432c79	17556
wolfSSL	4:1b0d80432c79	17557	/* sanity check that PSK server callback has been set */
wolfSSL	4:1b0d80432c79	17558	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	4:1b0d80432c79	17559	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	4:1b0d80432c79	17560	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17561	}
wolfSSL	4:1b0d80432c79	17562
wolfSSL	4:1b0d80432c79	17563	/* Read in the PSK hint */
wolfSSL	4:1b0d80432c79	17564	if ((*inOutIdx - begin) + OPAQUE16_LEN > size) {
wolfSSL	4:1b0d80432c79	17565	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17566	}
wolfSSL	4:1b0d80432c79	17567
wolfSSL	4:1b0d80432c79	17568	ato16(input + *inOutIdx, &clientSz);
wolfSSL	4:1b0d80432c79	17569	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17570	if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL	4:1b0d80432c79	17571	return CLIENT_ID_ERROR;
wolfSSL	4:1b0d80432c79	17572	}
wolfSSL	4:1b0d80432c79	17573
wolfSSL	4:1b0d80432c79	17574	if ((*inOutIdx - begin) + clientSz > size) {
wolfSSL	4:1b0d80432c79	17575	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17576	}
wolfSSL	4:1b0d80432c79	17577
wolfSSL	4:1b0d80432c79	17578	XMEMCPY(ssl->arrays->client_identity,
wolfSSL	4:1b0d80432c79	17579	input + *inOutIdx, clientSz);
wolfSSL	4:1b0d80432c79	17580	*inOutIdx += clientSz;
wolfSSL	4:1b0d80432c79	17581	ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] =
wolfSSL	4:1b0d80432c79	17582	0;
wolfSSL	4:1b0d80432c79	17583
wolfSSL	4:1b0d80432c79	17584	/* ECC key */
wolfSSL	4:1b0d80432c79	17585	if ((*inOutIdx - begin) + OPAQUE8_LEN > size) {
wolfSSL	4:1b0d80432c79	17586	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17587	}
wolfSSL	4:1b0d80432c79	17588
wolfSSL	4:1b0d80432c79	17589	length = input[(*inOutIdx)++];
wolfSSL	4:1b0d80432c79	17590
wolfSSL	4:1b0d80432c79	17591	if ((*inOutIdx - begin) + length > size) {
wolfSSL	4:1b0d80432c79	17592	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17593	}
wolfSSL	4:1b0d80432c79	17594
wolfSSL	4:1b0d80432c79	17595	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	17596	/* alloc/init on demand */
wolfSSL	4:1b0d80432c79	17597	ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	4:1b0d80432c79	17598	ssl->ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	4:1b0d80432c79	17599	if (ssl->peerEccKey == NULL) {
wolfSSL	4:1b0d80432c79	17600	WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL	4:1b0d80432c79	17601	return MEMORY_E;
wolfSSL	4:1b0d80432c79	17602	}
wolfSSL	4:1b0d80432c79	17603	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17604	} else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL	4:1b0d80432c79	17605	wc_ecc_free(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17606	ssl->peerEccKeyPresent = 0;
wolfSSL	4:1b0d80432c79	17607	wc_ecc_init(ssl->peerEccKey);
wolfSSL	4:1b0d80432c79	17608	}
wolfSSL	4:1b0d80432c79	17609
wolfSSL	4:1b0d80432c79	17610	if (wc_ecc_import_x963(input + *inOutIdx, length,
wolfSSL	4:1b0d80432c79	17611	ssl->peerEccKey)) {
wolfSSL	4:1b0d80432c79	17612	return ECC_PEERKEY_ERROR;
wolfSSL	4:1b0d80432c79	17613	}
wolfSSL	4:1b0d80432c79	17614
wolfSSL	4:1b0d80432c79	17615	*inOutIdx += length;
wolfSSL	4:1b0d80432c79	17616	ssl->peerEccKeyPresent = 1;
wolfSSL	4:1b0d80432c79	17617
wolfSSL	4:1b0d80432c79	17618	/* Note sizeof preMasterSecret is ENCRYPT_LEN currently 512 */
wolfSSL	4:1b0d80432c79	17619	length = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	4:1b0d80432c79	17620
wolfSSL	4:1b0d80432c79	17621	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	4:1b0d80432c79	17622	WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL	4:1b0d80432c79	17623	ret = ECC_MAKEKEY_ERROR;
wolfSSL	4:1b0d80432c79	17624	} else {
wolfSSL	4:1b0d80432c79	17625	ret = wc_ecc_shared_secret(ssl->eccTempKey,
wolfSSL	4:1b0d80432c79	17626	ssl->peerEccKey, ssl->arrays->preMasterSecret +
wolfSSL	4:1b0d80432c79	17627	OPAQUE16_LEN, &length);
wolfSSL	4:1b0d80432c79	17628	}
wolfSSL	4:1b0d80432c79	17629
wolfSSL	4:1b0d80432c79	17630	if (ret != 0) {
wolfSSL	4:1b0d80432c79	17631	return ECC_SHARED_ERROR;
wolfSSL	4:1b0d80432c79	17632	}
wolfSSL	4:1b0d80432c79	17633
wolfSSL	4:1b0d80432c79	17634	c16toa((word16)length, pms);
wolfSSL	4:1b0d80432c79	17635	ssl->arrays->preMasterSz += OPAQUE16_LEN + length;
wolfSSL	4:1b0d80432c79	17636	pms += ssl->arrays->preMasterSz;
wolfSSL	4:1b0d80432c79	17637
wolfSSL	4:1b0d80432c79	17638	/* Use the PSK hint to look up the PSK and add it to the
wolfSSL	4:1b0d80432c79	17639	* preMasterSecret here. */
wolfSSL	4:1b0d80432c79	17640	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	4:1b0d80432c79	17641	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	4:1b0d80432c79	17642	MAX_PSK_KEY_LEN);
wolfSSL	4:1b0d80432c79	17643
wolfSSL	4:1b0d80432c79	17644	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	4:1b0d80432c79	17645	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	4:1b0d80432c79	17646	return PSK_KEY_ERROR;
wolfSSL	4:1b0d80432c79	17647	}
wolfSSL	4:1b0d80432c79	17648
wolfSSL	4:1b0d80432c79	17649	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	4:1b0d80432c79	17650	pms += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17651
wolfSSL	4:1b0d80432c79	17652	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17653	ssl->arrays->preMasterSz +=
wolfSSL	4:1b0d80432c79	17654	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17655
wolfSSL	4:1b0d80432c79	17656	#ifdef HAVE_QSH
wolfSSL	4:1b0d80432c79	17657	if (ssl->options.haveQSH) {
wolfSSL	4:1b0d80432c79	17658	/* extension name */
wolfSSL	4:1b0d80432c79	17659	ato16(input + *inOutIdx, &name);
wolfSSL	4:1b0d80432c79	17660	*inOutIdx += OPAQUE16_LEN;
wolfSSL	4:1b0d80432c79	17661
wolfSSL	4:1b0d80432c79	17662	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	4:1b0d80432c79	17663	/* if qshSz is larger than 0 it is the length of
wolfSSL	4:1b0d80432c79	17664	buffer used */
wolfSSL	4:1b0d80432c79	17665	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
wolfSSL	4:1b0d80432c79	17666	size - *inOutIdx + begin, 1)) < 0) {
wolfSSL	4:1b0d80432c79	17667	return qshSz;
wolfSSL	4:1b0d80432c79	17668	}
wolfSSL	4:1b0d80432c79	17669	*inOutIdx += qshSz;
wolfSSL	4:1b0d80432c79	17670	}
wolfSSL	4:1b0d80432c79	17671	else {
wolfSSL	4:1b0d80432c79	17672	/* unknown extension sent client ignored
wolfSSL	4:1b0d80432c79	17673	handshake */
wolfSSL	4:1b0d80432c79	17674	return BUFFER_ERROR;
wolfSSL	4:1b0d80432c79	17675	}
wolfSSL	4:1b0d80432c79	17676	}
wolfSSL	4:1b0d80432c79	17677	#endif
wolfSSL	4:1b0d80432c79	17678	if (ret == 0)
wolfSSL	4:1b0d80432c79	17679	ret = MakeMasterSecret(ssl);
wolfSSL	4:1b0d80432c79	17680
wolfSSL	4:1b0d80432c79	17681	/* No further need for PSK */
wolfSSL	4:1b0d80432c79	17682	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	4:1b0d80432c79	17683	ssl->arrays->psk_keySz = 0;
wolfSSL	4:1b0d80432c79	17684	}
wolfSSL	4:1b0d80432c79	17685	break;
wolfSSL	4:1b0d80432c79	17686	#endif /* HAVE_ECC && !NO_PSK */
wolfSSL	4:1b0d80432c79	17687	default:
wolfSSL	4:1b0d80432c79	17688	{
wolfSSL	4:1b0d80432c79	17689	WOLFSSL_MSG("Bad kea type");
wolfSSL	4:1b0d80432c79	17690	ret = BAD_KEA_TYPE_E;
wolfSSL	4:1b0d80432c79	17691	}
wolfSSL	4:1b0d80432c79	17692	break;
wolfSSL	4:1b0d80432c79	17693	}
wolfSSL	4:1b0d80432c79	17694
wolfSSL	4:1b0d80432c79	17695	/* No further need for PMS */
wolfSSL	4:1b0d80432c79	17696	ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL	4:1b0d80432c79	17697	ssl->arrays->preMasterSz = 0;
wolfSSL	4:1b0d80432c79	17698
wolfSSL	4:1b0d80432c79	17699	if (ret == 0) {
wolfSSL	4:1b0d80432c79	17700	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	4:1b0d80432c79	17701	#ifndef NO_CERTS
wolfSSL	4:1b0d80432c79	17702	if (ssl->options.verifyPeer) {
wolfSSL	4:1b0d80432c79	17703	ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL	4:1b0d80432c79	17704	}
wolfSSL	4:1b0d80432c79	17705	#endif
wolfSSL	4:1b0d80432c79	17706	}
wolfSSL	4:1b0d80432c79	17707
wolfSSL	4:1b0d80432c79	17708	return ret;
wolfSSL	4:1b0d80432c79	17709	}
wolfSSL	4:1b0d80432c79	17710
wolfSSL	4:1b0d80432c79	17711	#ifdef HAVE_STUNNEL
wolfSSL	4:1b0d80432c79	17712	static int SNI_Callback(WOLFSSL* ssl)
wolfSSL	4:1b0d80432c79	17713	{
wolfSSL	4:1b0d80432c79	17714	/* Stunnel supports a custom sni callback to switch an SSL's ctx
wolfSSL	4:1b0d80432c79	17715	* when SNI is received. Call it now if exists */
wolfSSL	4:1b0d80432c79	17716	if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
wolfSSL	4:1b0d80432c79	17717	WOLFSSL_MSG("Calling custom sni callback");
wolfSSL	4:1b0d80432c79	17718	if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
wolfSSL	4:1b0d80432c79	17719	== alert_fatal) {
wolfSSL	4:1b0d80432c79	17720	WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
wolfSSL	4:1b0d80432c79	17721	SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL	4:1b0d80432c79	17722	return FATAL_ERROR;
wolfSSL	4:1b0d80432c79	17723	}
wolfSSL	4:1b0d80432c79	17724	}
wolfSSL	4:1b0d80432c79	17725	return 0;
wolfSSL	4:1b0d80432c79	17726	}
wolfSSL	4:1b0d80432c79	17727	#endif /* HAVE_STUNNEL */
wolfSSL	4:1b0d80432c79	17728	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	4:1b0d80432c79	17729	#endif /* WOLFCRYPT_ONLY */
wolfSSL	4:1b0d80432c79	17730

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 May 2017
Imports:	0
Forks:	0
Commits:	14
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

src/internal.c@4:1b0d80432c79, 2016-04-28 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning