wolf SSL / wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

Fork of wolfSSL by wolf SSL

src/internal.c@7:481bce714567, 2017-05-02 (annotated)

Committer:
wolfSSL
Date:
Tue May 02 08:44:47 2017 +0000
Revision:
7:481bce714567
wolfSSL3.10.2

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 7:481bce714567 1 /* internal.c
wolfSSL 7:481bce714567 2 *
wolfSSL 7:481bce714567 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 7:481bce714567 4 *
wolfSSL 7:481bce714567 5 * This file is part of wolfSSL.
wolfSSL 7:481bce714567 6 *
wolfSSL 7:481bce714567 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 7:481bce714567 8 * it under the terms of the GNU General Public License as published by
wolfSSL 7:481bce714567 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 7:481bce714567 10 * (at your option) any later version.
wolfSSL 7:481bce714567 11 *
wolfSSL 7:481bce714567 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 7:481bce714567 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 7:481bce714567 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 7:481bce714567 15 * GNU General Public License for more details.
wolfSSL 7:481bce714567 16 *
wolfSSL 7:481bce714567 17 * You should have received a copy of the GNU General Public License
wolfSSL 7:481bce714567 18 * along with this program; if not, write to the Free Software
wolfSSL 7:481bce714567 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 7:481bce714567 20 */
wolfSSL 7:481bce714567 21
wolfSSL 7:481bce714567 22
wolfSSL 7:481bce714567 23
wolfSSL 7:481bce714567 24 #ifdef HAVE_CONFIG_H
wolfSSL 7:481bce714567 25 #include <config.h>
wolfSSL 7:481bce714567 26 #endif
wolfSSL 7:481bce714567 27
wolfSSL 7:481bce714567 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 7:481bce714567 29
wolfSSL 7:481bce714567 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 7:481bce714567 31
wolfSSL 7:481bce714567 32 #include <wolfssl/internal.h>
wolfSSL 7:481bce714567 33 #include <wolfssl/error-ssl.h>
wolfSSL 7:481bce714567 34 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 7:481bce714567 35 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 7:481bce714567 36 #ifdef NO_INLINE
wolfSSL 7:481bce714567 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 7:481bce714567 38 #else
wolfSSL 7:481bce714567 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 7:481bce714567 40 #include <wolfcrypt/src/misc.c>
wolfSSL 7:481bce714567 41 #endif
wolfSSL 7:481bce714567 42
wolfSSL 7:481bce714567 43 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 44 #include "zlib.h"
wolfSSL 7:481bce714567 45 #endif
wolfSSL 7:481bce714567 46
wolfSSL 7:481bce714567 47 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 48 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 7:481bce714567 49 #endif
wolfSSL 7:481bce714567 50
wolfSSL 7:481bce714567 51 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || \
wolfSSL 7:481bce714567 52 defined(CHACHA_AEAD_TEST) || defined(WOLFSSL_SESSION_EXPORT_DEBUG)
wolfSSL 7:481bce714567 53 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 7:481bce714567 54 #if MQX_USE_IO_OLD
wolfSSL 7:481bce714567 55 #include <fio.h>
wolfSSL 7:481bce714567 56 #else
wolfSSL 7:481bce714567 57 #include <nio.h>
wolfSSL 7:481bce714567 58 #endif
wolfSSL 7:481bce714567 59 #else
wolfSSL 7:481bce714567 60 #include <stdio.h>
wolfSSL 7:481bce714567 61 #endif
wolfSSL 7:481bce714567 62 #endif
wolfSSL 7:481bce714567 63
wolfSSL 7:481bce714567 64 #ifdef __sun
wolfSSL 7:481bce714567 65 #include <sys/filio.h>
wolfSSL 7:481bce714567 66 #endif
wolfSSL 7:481bce714567 67
wolfSSL 7:481bce714567 68
wolfSSL 7:481bce714567 69 #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
wolfSSL 7:481bce714567 70
wolfSSL 7:481bce714567 71 #ifdef _MSC_VER
wolfSSL 7:481bce714567 72 /* disable for while(0) cases at the .c level for now */
wolfSSL 7:481bce714567 73 #pragma warning(disable:4127)
wolfSSL 7:481bce714567 74 #endif
wolfSSL 7:481bce714567 75
wolfSSL 7:481bce714567 76 #if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL 7:481bce714567 77 #error \
wolfSSL 7:481bce714567 78 WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL 7:481bce714567 79 #endif
wolfSSL 7:481bce714567 80
wolfSSL 7:481bce714567 81 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
wolfSSL 7:481bce714567 82 #error Cannot use both secure-renegotiation and renegotiation-indication
wolfSSL 7:481bce714567 83 #endif
wolfSSL 7:481bce714567 84
wolfSSL 7:481bce714567 85 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 86 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 7:481bce714567 87 word32);
wolfSSL 7:481bce714567 88 static int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL 7:481bce714567 89 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 7:481bce714567 90 word32);
wolfSSL 7:481bce714567 91 #ifndef NO_CERTS
wolfSSL 7:481bce714567 92 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 7:481bce714567 93 word32);
wolfSSL 7:481bce714567 94 #endif
wolfSSL 7:481bce714567 95 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 96 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 7:481bce714567 97 word32);
wolfSSL 7:481bce714567 98 #endif
wolfSSL 7:481bce714567 99 #endif
wolfSSL 7:481bce714567 100
wolfSSL 7:481bce714567 101
wolfSSL 7:481bce714567 102 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 103 static int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL 7:481bce714567 104 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
wolfSSL 7:481bce714567 105 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 106 static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
wolfSSL 7:481bce714567 107 #endif
wolfSSL 7:481bce714567 108 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 109 static int SNI_Callback(WOLFSSL* ssl);
wolfSSL 7:481bce714567 110 #endif
wolfSSL 7:481bce714567 111 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 112 static int SendHelloVerifyRequest(WOLFSSL*, const byte*, byte);
wolfSSL 7:481bce714567 113 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 114 #endif
wolfSSL 7:481bce714567 115
wolfSSL 7:481bce714567 116
wolfSSL 7:481bce714567 117 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 118 static INLINE int DtlsCheckWindow(WOLFSSL* ssl);
wolfSSL 7:481bce714567 119 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl);
wolfSSL 7:481bce714567 120 #endif
wolfSSL 7:481bce714567 121
wolfSSL 7:481bce714567 122
wolfSSL 7:481bce714567 123 typedef enum {
wolfSSL 7:481bce714567 124 doProcessInit = 0,
wolfSSL 7:481bce714567 125 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 126 runProcessOldClientHello,
wolfSSL 7:481bce714567 127 #endif
wolfSSL 7:481bce714567 128 getRecordLayerHeader,
wolfSSL 7:481bce714567 129 getData,
wolfSSL 7:481bce714567 130 runProcessingOneMessage
wolfSSL 7:481bce714567 131 } processReply;
wolfSSL 7:481bce714567 132
wolfSSL 7:481bce714567 133 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 134 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 7:481bce714567 135 int content, int verify);
wolfSSL 7:481bce714567 136
wolfSSL 7:481bce714567 137 #endif
wolfSSL 7:481bce714567 138
wolfSSL 7:481bce714567 139 #ifndef NO_CERTS
wolfSSL 7:481bce714567 140 static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL 7:481bce714567 141 #endif
wolfSSL 7:481bce714567 142
wolfSSL 7:481bce714567 143 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 144 int QSH_Init(WOLFSSL* ssl);
wolfSSL 7:481bce714567 145 #endif
wolfSSL 7:481bce714567 146
wolfSSL 7:481bce714567 147
wolfSSL 7:481bce714567 148 int IsTLS(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 149 {
wolfSSL 7:481bce714567 150 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL 7:481bce714567 151 return 1;
wolfSSL 7:481bce714567 152
wolfSSL 7:481bce714567 153 return 0;
wolfSSL 7:481bce714567 154 }
wolfSSL 7:481bce714567 155
wolfSSL 7:481bce714567 156
wolfSSL 7:481bce714567 157 int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
wolfSSL 7:481bce714567 158 {
wolfSSL 7:481bce714567 159 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL 7:481bce714567 160 return 1;
wolfSSL 7:481bce714567 161 if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL 7:481bce714567 162 return 1;
wolfSSL 7:481bce714567 163
wolfSSL 7:481bce714567 164 return 0;
wolfSSL 7:481bce714567 165 }
wolfSSL 7:481bce714567 166
wolfSSL 7:481bce714567 167
wolfSSL 7:481bce714567 168 static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
wolfSSL 7:481bce714567 169 {
wolfSSL 7:481bce714567 170 (void)isSend;
wolfSSL 7:481bce714567 171
wolfSSL 7:481bce714567 172 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 173 /* For DTLS, epoch 0 is always not encrypted. */
wolfSSL 7:481bce714567 174 if (ssl->options.dtls && !isSend && ssl->keys.curEpoch == 0)
wolfSSL 7:481bce714567 175 return 0;
wolfSSL 7:481bce714567 176 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 177
wolfSSL 7:481bce714567 178 return ssl->keys.encryptionOn;
wolfSSL 7:481bce714567 179 }
wolfSSL 7:481bce714567 180
wolfSSL 7:481bce714567 181
wolfSSL 7:481bce714567 182 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 7:481bce714567 183 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 7:481bce714567 184 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 7:481bce714567 185 {
wolfSSL 7:481bce714567 186 int result = ssl->options.dtls;
wolfSSL 7:481bce714567 187
wolfSSL 7:481bce714567 188 if (result) {
wolfSSL 7:481bce714567 189 #ifdef WOLFSSL_SCTP
wolfSSL 7:481bce714567 190 result = !ssl->options.dtlsSctp;
wolfSSL 7:481bce714567 191 #endif
wolfSSL 7:481bce714567 192 }
wolfSSL 7:481bce714567 193
wolfSSL 7:481bce714567 194 return result;
wolfSSL 7:481bce714567 195 }
wolfSSL 7:481bce714567 196
wolfSSL 7:481bce714567 197
wolfSSL 7:481bce714567 198 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 199 /* free all structs that where used with QSH */
wolfSSL 7:481bce714567 200 static int QSH_FreeAll(WOLFSSL* ssl)
wolfSSL 7:481bce714567 201 {
wolfSSL 7:481bce714567 202 QSHKey* key = ssl->QSH_Key;
wolfSSL 7:481bce714567 203 QSHKey* preKey = NULL;
wolfSSL 7:481bce714567 204 QSHSecret* secret = ssl->QSH_secret;
wolfSSL 7:481bce714567 205 QSHScheme* list = NULL;
wolfSSL 7:481bce714567 206 QSHScheme* preList = NULL;
wolfSSL 7:481bce714567 207
wolfSSL 7:481bce714567 208 /* free elements in struct */
wolfSSL 7:481bce714567 209 while (key) {
wolfSSL 7:481bce714567 210 preKey = key;
wolfSSL 7:481bce714567 211 if (key->pri.buffer) {
wolfSSL 7:481bce714567 212 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 7:481bce714567 213 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 214 }
wolfSSL 7:481bce714567 215 if (key->pub.buffer)
wolfSSL 7:481bce714567 216 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 217 key = (QSHKey*)key->next;
wolfSSL 7:481bce714567 218
wolfSSL 7:481bce714567 219 /* free struct */
wolfSSL 7:481bce714567 220 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 221 }
wolfSSL 7:481bce714567 222 key = NULL;
wolfSSL 7:481bce714567 223
wolfSSL 7:481bce714567 224
wolfSSL 7:481bce714567 225 /* free all of peers QSH keys */
wolfSSL 7:481bce714567 226 key = ssl->peerQSHKey;
wolfSSL 7:481bce714567 227 while (key) {
wolfSSL 7:481bce714567 228 preKey = key;
wolfSSL 7:481bce714567 229 if (key->pri.buffer) {
wolfSSL 7:481bce714567 230 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 7:481bce714567 231 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 232 }
wolfSSL 7:481bce714567 233 if (key->pub.buffer)
wolfSSL 7:481bce714567 234 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 235 key = (QSHKey*)key->next;
wolfSSL 7:481bce714567 236
wolfSSL 7:481bce714567 237 /* free struct */
wolfSSL 7:481bce714567 238 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 239 }
wolfSSL 7:481bce714567 240 key = NULL;
wolfSSL 7:481bce714567 241
wolfSSL 7:481bce714567 242 /* free secret information */
wolfSSL 7:481bce714567 243 if (secret) {
wolfSSL 7:481bce714567 244 /* free up the QSHScheme list in QSHSecret */
wolfSSL 7:481bce714567 245 if (secret->list)
wolfSSL 7:481bce714567 246 list = secret->list;
wolfSSL 7:481bce714567 247 while (list) {
wolfSSL 7:481bce714567 248 preList = list;
wolfSSL 7:481bce714567 249 if (list->PK)
wolfSSL 7:481bce714567 250 XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 251 list = (QSHScheme*)list->next;
wolfSSL 7:481bce714567 252 XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 253 }
wolfSSL 7:481bce714567 254
wolfSSL 7:481bce714567 255 /* free secret buffers */
wolfSSL 7:481bce714567 256 if (secret->SerSi) {
wolfSSL 7:481bce714567 257 if (secret->SerSi->buffer) {
wolfSSL 7:481bce714567 258 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 7:481bce714567 259 ForceZero(secret->SerSi->buffer, secret->SerSi->length);
wolfSSL 7:481bce714567 260 XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 261 }
wolfSSL 7:481bce714567 262 XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 263 }
wolfSSL 7:481bce714567 264 if (secret->CliSi) {
wolfSSL 7:481bce714567 265 if (secret->CliSi->buffer) {
wolfSSL 7:481bce714567 266 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 7:481bce714567 267 ForceZero(secret->CliSi->buffer, secret->CliSi->length);
wolfSSL 7:481bce714567 268 XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 269 }
wolfSSL 7:481bce714567 270 XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 271 }
wolfSSL 7:481bce714567 272 }
wolfSSL 7:481bce714567 273 XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 274 secret = NULL;
wolfSSL 7:481bce714567 275
wolfSSL 7:481bce714567 276 return 0;
wolfSSL 7:481bce714567 277 }
wolfSSL 7:481bce714567 278 #endif
wolfSSL 7:481bce714567 279
wolfSSL 7:481bce714567 280
wolfSSL 7:481bce714567 281 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 282 static WC_RNG* rng;
wolfSSL 7:481bce714567 283 static wolfSSL_Mutex* rngMutex;
wolfSSL 7:481bce714567 284
wolfSSL 7:481bce714567 285 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 7:481bce714567 286 {
wolfSSL 7:481bce714567 287 int ret = 0;
wolfSSL 7:481bce714567 288
wolfSSL 7:481bce714567 289 if (rng == NULL) {
wolfSSL 7:481bce714567 290 if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
wolfSSL 7:481bce714567 291 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 7:481bce714567 292 return DRBG_OUT_OF_MEMORY;
wolfSSL 7:481bce714567 293 wc_InitRng(rng);
wolfSSL 7:481bce714567 294 }
wolfSSL 7:481bce714567 295
wolfSSL 7:481bce714567 296 if (rngMutex == NULL) {
wolfSSL 7:481bce714567 297 if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
wolfSSL 7:481bce714567 298 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 7:481bce714567 299 return DRBG_OUT_OF_MEMORY;
wolfSSL 7:481bce714567 300 wc_InitMutex(rngMutex);
wolfSSL 7:481bce714567 301 }
wolfSSL 7:481bce714567 302
wolfSSL 7:481bce714567 303 ret |= wc_LockMutex(rngMutex);
wolfSSL 7:481bce714567 304 ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL 7:481bce714567 305 ret |= wc_UnLockMutex(rngMutex);
wolfSSL 7:481bce714567 306
wolfSSL 7:481bce714567 307 if (ret != 0)
wolfSSL 7:481bce714567 308 return DRBG_ENTROPY_FAIL;
wolfSSL 7:481bce714567 309
wolfSSL 7:481bce714567 310 return DRBG_OK;
wolfSSL 7:481bce714567 311 }
wolfSSL 7:481bce714567 312 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 313
wolfSSL 7:481bce714567 314 /* used by ssl.c too */
wolfSSL 7:481bce714567 315 void c32to24(word32 in, word24 out)
wolfSSL 7:481bce714567 316 {
wolfSSL 7:481bce714567 317 out[0] = (in >> 16) & 0xff;
wolfSSL 7:481bce714567 318 out[1] = (in >> 8) & 0xff;
wolfSSL 7:481bce714567 319 out[2] = in & 0xff;
wolfSSL 7:481bce714567 320 }
wolfSSL 7:481bce714567 321
wolfSSL 7:481bce714567 322
wolfSSL 7:481bce714567 323 /* convert 16 bit integer to opaque */
wolfSSL 7:481bce714567 324 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 7:481bce714567 325 {
wolfSSL 7:481bce714567 326 c[0] = (u16 >> 8) & 0xff;
wolfSSL 7:481bce714567 327 c[1] = u16 & 0xff;
wolfSSL 7:481bce714567 328 }
wolfSSL 7:481bce714567 329
wolfSSL 7:481bce714567 330
wolfSSL 7:481bce714567 331 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 7:481bce714567 332 || defined(HAVE_AESGCM) || defined(WOLFSSL_SESSION_EXPORT) \
wolfSSL 7:481bce714567 333 || defined(WOLFSSL_DTLS)
wolfSSL 7:481bce714567 334 /* convert 32 bit integer to opaque */
wolfSSL 7:481bce714567 335 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 7:481bce714567 336 {
wolfSSL 7:481bce714567 337 c[0] = (u32 >> 24) & 0xff;
wolfSSL 7:481bce714567 338 c[1] = (u32 >> 16) & 0xff;
wolfSSL 7:481bce714567 339 c[2] = (u32 >> 8) & 0xff;
wolfSSL 7:481bce714567 340 c[3] = u32 & 0xff;
wolfSSL 7:481bce714567 341 }
wolfSSL 7:481bce714567 342
wolfSSL 7:481bce714567 343 #endif
wolfSSL 7:481bce714567 344
wolfSSL 7:481bce714567 345
wolfSSL 7:481bce714567 346 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 7:481bce714567 347 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 7:481bce714567 348 {
wolfSSL 7:481bce714567 349 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 7:481bce714567 350 }
wolfSSL 7:481bce714567 351
wolfSSL 7:481bce714567 352
wolfSSL 7:481bce714567 353 /* convert opaque to 16 bit integer */
wolfSSL 7:481bce714567 354 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 7:481bce714567 355 {
wolfSSL 7:481bce714567 356 *u16 = (word16) ((c[0] << 8) | (c[1]));
wolfSSL 7:481bce714567 357 }
wolfSSL 7:481bce714567 358
wolfSSL 7:481bce714567 359
wolfSSL 7:481bce714567 360 #if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET) || \
wolfSSL 7:481bce714567 361 defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 7:481bce714567 362
wolfSSL 7:481bce714567 363 /* convert opaque to 32 bit integer */
wolfSSL 7:481bce714567 364 static INLINE void ato32(const byte* c, word32* u32)
wolfSSL 7:481bce714567 365 {
wolfSSL 7:481bce714567 366 *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
wolfSSL 7:481bce714567 367 }
wolfSSL 7:481bce714567 368
wolfSSL 7:481bce714567 369 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 370
wolfSSL 7:481bce714567 371
wolfSSL 7:481bce714567 372 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 373
wolfSSL 7:481bce714567 374 /* alloc user allocs to work with zlib */
wolfSSL 7:481bce714567 375 static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL 7:481bce714567 376 {
wolfSSL 7:481bce714567 377 (void)opaque;
wolfSSL 7:481bce714567 378 return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 7:481bce714567 379 }
wolfSSL 7:481bce714567 380
wolfSSL 7:481bce714567 381
wolfSSL 7:481bce714567 382 static void myFree(void* opaque, void* memory)
wolfSSL 7:481bce714567 383 {
wolfSSL 7:481bce714567 384 (void)opaque;
wolfSSL 7:481bce714567 385 XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 7:481bce714567 386 }
wolfSSL 7:481bce714567 387
wolfSSL 7:481bce714567 388
wolfSSL 7:481bce714567 389 /* init zlib comp/decomp streams, 0 on success */
wolfSSL 7:481bce714567 390 static int InitStreams(WOLFSSL* ssl)
wolfSSL 7:481bce714567 391 {
wolfSSL 7:481bce714567 392 ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 7:481bce714567 393 ssl->c_stream.zfree = (free_func)myFree;
wolfSSL 7:481bce714567 394 ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL 7:481bce714567 395
wolfSSL 7:481bce714567 396 if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL 7:481bce714567 397 return ZLIB_INIT_ERROR;
wolfSSL 7:481bce714567 398
wolfSSL 7:481bce714567 399 ssl->didStreamInit = 1;
wolfSSL 7:481bce714567 400
wolfSSL 7:481bce714567 401 ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 7:481bce714567 402 ssl->d_stream.zfree = (free_func)myFree;
wolfSSL 7:481bce714567 403 ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL 7:481bce714567 404
wolfSSL 7:481bce714567 405 if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL 7:481bce714567 406
wolfSSL 7:481bce714567 407 return 0;
wolfSSL 7:481bce714567 408 }
wolfSSL 7:481bce714567 409
wolfSSL 7:481bce714567 410
wolfSSL 7:481bce714567 411 static void FreeStreams(WOLFSSL* ssl)
wolfSSL 7:481bce714567 412 {
wolfSSL 7:481bce714567 413 if (ssl->didStreamInit) {
wolfSSL 7:481bce714567 414 deflateEnd(&ssl->c_stream);
wolfSSL 7:481bce714567 415 inflateEnd(&ssl->d_stream);
wolfSSL 7:481bce714567 416 }
wolfSSL 7:481bce714567 417 }
wolfSSL 7:481bce714567 418
wolfSSL 7:481bce714567 419
wolfSSL 7:481bce714567 420 /* compress in to out, return out size or error */
wolfSSL 7:481bce714567 421 static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL 7:481bce714567 422 {
wolfSSL 7:481bce714567 423 int err;
wolfSSL 7:481bce714567 424 int currTotal = (int)ssl->c_stream.total_out;
wolfSSL 7:481bce714567 425
wolfSSL 7:481bce714567 426 ssl->c_stream.next_in = in;
wolfSSL 7:481bce714567 427 ssl->c_stream.avail_in = inSz;
wolfSSL 7:481bce714567 428 ssl->c_stream.next_out = out;
wolfSSL 7:481bce714567 429 ssl->c_stream.avail_out = outSz;
wolfSSL 7:481bce714567 430
wolfSSL 7:481bce714567 431 err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL 7:481bce714567 432 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL 7:481bce714567 433
wolfSSL 7:481bce714567 434 return (int)ssl->c_stream.total_out - currTotal;
wolfSSL 7:481bce714567 435 }
wolfSSL 7:481bce714567 436
wolfSSL 7:481bce714567 437
wolfSSL 7:481bce714567 438 /* decompress in to out, return out size or error */
wolfSSL 7:481bce714567 439 static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL 7:481bce714567 440 {
wolfSSL 7:481bce714567 441 int err;
wolfSSL 7:481bce714567 442 int currTotal = (int)ssl->d_stream.total_out;
wolfSSL 7:481bce714567 443
wolfSSL 7:481bce714567 444 ssl->d_stream.next_in = in;
wolfSSL 7:481bce714567 445 ssl->d_stream.avail_in = inSz;
wolfSSL 7:481bce714567 446 ssl->d_stream.next_out = out;
wolfSSL 7:481bce714567 447 ssl->d_stream.avail_out = outSz;
wolfSSL 7:481bce714567 448
wolfSSL 7:481bce714567 449 err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL 7:481bce714567 450 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL 7:481bce714567 451
wolfSSL 7:481bce714567 452 return (int)ssl->d_stream.total_out - currTotal;
wolfSSL 7:481bce714567 453 }
wolfSSL 7:481bce714567 454
wolfSSL 7:481bce714567 455 #endif /* HAVE_LIBZ */
wolfSSL 7:481bce714567 456
wolfSSL 7:481bce714567 457
wolfSSL 7:481bce714567 458 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 7:481bce714567 459 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 460 /* serializes the cipher specs struct for exporting */
wolfSSL 7:481bce714567 461 static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 462 {
wolfSSL 7:481bce714567 463 word32 idx = 0;
wolfSSL 7:481bce714567 464 CipherSpecs* specs;
wolfSSL 7:481bce714567 465
wolfSSL 7:481bce714567 466 WOLFSSL_ENTER("ExportCipherSpecState");
wolfSSL 7:481bce714567 467
wolfSSL 7:481bce714567 468 if (exp == NULL || ssl == NULL) {
wolfSSL 7:481bce714567 469 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 470 }
wolfSSL 7:481bce714567 471
wolfSSL 7:481bce714567 472 specs= &(ssl->specs);
wolfSSL 7:481bce714567 473
wolfSSL 7:481bce714567 474 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 7:481bce714567 475 return BUFFER_E;
wolfSSL 7:481bce714567 476 }
wolfSSL 7:481bce714567 477
wolfSSL 7:481bce714567 478 XMEMSET(exp, 0, DTLS_EXPORT_SPC_SZ);
wolfSSL 7:481bce714567 479
wolfSSL 7:481bce714567 480 c16toa(specs->key_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 481 c16toa(specs->iv_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 482 c16toa(specs->block_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 483 c16toa(specs->aead_mac_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 484 exp[idx++] = specs->bulk_cipher_algorithm;
wolfSSL 7:481bce714567 485 exp[idx++] = specs->cipher_type;
wolfSSL 7:481bce714567 486 exp[idx++] = specs->mac_algorithm;
wolfSSL 7:481bce714567 487 exp[idx++] = specs->kea;
wolfSSL 7:481bce714567 488 exp[idx++] = specs->sig_algo;
wolfSSL 7:481bce714567 489 exp[idx++] = specs->hash_size;
wolfSSL 7:481bce714567 490 exp[idx++] = specs->pad_size;
wolfSSL 7:481bce714567 491 exp[idx++] = specs->static_ecdh;
wolfSSL 7:481bce714567 492
wolfSSL 7:481bce714567 493 if (idx != DTLS_EXPORT_SPC_SZ) {
wolfSSL 7:481bce714567 494 WOLFSSL_MSG("DTLS_EXPORT_SPC_SZ needs updated and export version");
wolfSSL 7:481bce714567 495 return DTLS_EXPORT_VER_E;
wolfSSL 7:481bce714567 496 }
wolfSSL 7:481bce714567 497
wolfSSL 7:481bce714567 498 WOLFSSL_LEAVE("ExportCipherSpecState", idx);
wolfSSL 7:481bce714567 499 (void)ver;
wolfSSL 7:481bce714567 500 return idx;
wolfSSL 7:481bce714567 501 }
wolfSSL 7:481bce714567 502
wolfSSL 7:481bce714567 503
wolfSSL 7:481bce714567 504 /* serializes the key struct for exporting */
wolfSSL 7:481bce714567 505 static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 506 {
wolfSSL 7:481bce714567 507 word32 idx = 0;
wolfSSL 7:481bce714567 508 byte sz;
wolfSSL 7:481bce714567 509 Keys* keys;
wolfSSL 7:481bce714567 510
wolfSSL 7:481bce714567 511 WOLFSSL_ENTER("ExportKeyState");
wolfSSL 7:481bce714567 512
wolfSSL 7:481bce714567 513 if (exp == NULL || ssl == NULL) {
wolfSSL 7:481bce714567 514 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 515 }
wolfSSL 7:481bce714567 516
wolfSSL 7:481bce714567 517 keys = &(ssl->keys);
wolfSSL 7:481bce714567 518
wolfSSL 7:481bce714567 519 if (DTLS_EXPORT_KEY_SZ > len) {
wolfSSL 7:481bce714567 520 WOLFSSL_MSG("Buffer not large enough for max key struct size");
wolfSSL 7:481bce714567 521 return BUFFER_E;
wolfSSL 7:481bce714567 522 }
wolfSSL 7:481bce714567 523
wolfSSL 7:481bce714567 524 XMEMSET(exp, 0, DTLS_EXPORT_KEY_SZ);
wolfSSL 7:481bce714567 525
wolfSSL 7:481bce714567 526 c32toa(keys->peer_sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 527 c32toa(keys->peer_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 528 c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 529 c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 530
wolfSSL 7:481bce714567 531 c16toa(keys->nextEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 532 c16toa(keys->nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 533 c32toa(keys->nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 534 c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 535 c16toa(keys->curSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 536 c32toa(keys->curSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 537 c16toa(keys->prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 538 c32toa(keys->prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 539
wolfSSL 7:481bce714567 540 c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 541 c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
wolfSSL 7:481bce714567 542 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 543
wolfSSL 7:481bce714567 544 c16toa(keys->dtls_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 545 c32toa(keys->dtls_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 546 c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 547 c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 548 c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 549 c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 550 c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 551 c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 552 exp[idx++] = keys->encryptionOn;
wolfSSL 7:481bce714567 553 exp[idx++] = keys->decryptedCur;
wolfSSL 7:481bce714567 554
wolfSSL 7:481bce714567 555 {
wolfSSL 7:481bce714567 556 word32 i;
wolfSSL 7:481bce714567 557
wolfSSL 7:481bce714567 558 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 559 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 7:481bce714567 560 c32toa(keys->window[i], exp + idx);
wolfSSL 7:481bce714567 561 idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 562 }
wolfSSL 7:481bce714567 563 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 564 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 7:481bce714567 565 c32toa(keys->prevWindow[i], exp + idx);
wolfSSL 7:481bce714567 566 idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 567 }
wolfSSL 7:481bce714567 568 }
wolfSSL 7:481bce714567 569
wolfSSL 7:481bce714567 570 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 571 sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
wolfSSL 7:481bce714567 572 exp[idx++] = ssl->truncated_hmac;
wolfSSL 7:481bce714567 573 #else
wolfSSL 7:481bce714567 574 sz = ssl->specs.hash_size;
wolfSSL 7:481bce714567 575 exp[idx++] = 0; /* no truncated hmac */
wolfSSL 7:481bce714567 576 #endif
wolfSSL 7:481bce714567 577 exp[idx++] = sz;
wolfSSL 7:481bce714567 578 XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz;
wolfSSL 7:481bce714567 579 XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz;
wolfSSL 7:481bce714567 580
wolfSSL 7:481bce714567 581 sz = ssl->specs.key_size;
wolfSSL 7:481bce714567 582 exp[idx++] = sz;
wolfSSL 7:481bce714567 583 XMEMCPY(exp + idx, keys->client_write_key, sz); idx += sz;
wolfSSL 7:481bce714567 584 XMEMCPY(exp + idx, keys->server_write_key, sz); idx += sz;
wolfSSL 7:481bce714567 585
wolfSSL 7:481bce714567 586 sz = ssl->specs.iv_size;
wolfSSL 7:481bce714567 587 exp[idx++] = sz;
wolfSSL 7:481bce714567 588 XMEMCPY(exp + idx, keys->client_write_IV, sz); idx += sz;
wolfSSL 7:481bce714567 589 XMEMCPY(exp + idx, keys->server_write_IV, sz); idx += sz;
wolfSSL 7:481bce714567 590 XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
wolfSSL 7:481bce714567 591 idx += AEAD_MAX_EXP_SZ;
wolfSSL 7:481bce714567 592
wolfSSL 7:481bce714567 593 sz = AEAD_MAX_IMP_SZ;
wolfSSL 7:481bce714567 594 exp[idx++] = sz;
wolfSSL 7:481bce714567 595 XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz;
wolfSSL 7:481bce714567 596 XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz;
wolfSSL 7:481bce714567 597
wolfSSL 7:481bce714567 598 /* DTLS_EXPORT_KEY_SZ is max value. idx size can vary */
wolfSSL 7:481bce714567 599 if (idx > DTLS_EXPORT_KEY_SZ) {
wolfSSL 7:481bce714567 600 WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version");
wolfSSL 7:481bce714567 601 return DTLS_EXPORT_VER_E;
wolfSSL 7:481bce714567 602 }
wolfSSL 7:481bce714567 603
wolfSSL 7:481bce714567 604 WOLFSSL_LEAVE("ExportKeyState", idx);
wolfSSL 7:481bce714567 605 (void)ver;
wolfSSL 7:481bce714567 606 return idx;
wolfSSL 7:481bce714567 607 }
wolfSSL 7:481bce714567 608
wolfSSL 7:481bce714567 609 static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 610 {
wolfSSL 7:481bce714567 611 word32 idx = 0;
wolfSSL 7:481bce714567 612 CipherSpecs* specs;
wolfSSL 7:481bce714567 613
wolfSSL 7:481bce714567 614 WOLFSSL_ENTER("ImportCipherSpecState");
wolfSSL 7:481bce714567 615
wolfSSL 7:481bce714567 616 if (exp == NULL || ssl == NULL) {
wolfSSL 7:481bce714567 617 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 618 }
wolfSSL 7:481bce714567 619
wolfSSL 7:481bce714567 620 specs= &(ssl->specs);
wolfSSL 7:481bce714567 621
wolfSSL 7:481bce714567 622 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 7:481bce714567 623 WOLFSSL_MSG("Buffer not large enough for max spec struct size");
wolfSSL 7:481bce714567 624 return BUFFER_E;
wolfSSL 7:481bce714567 625 }
wolfSSL 7:481bce714567 626
wolfSSL 7:481bce714567 627 ato16(exp + idx, &specs->key_size); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 628 ato16(exp + idx, &specs->iv_size); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 629 ato16(exp + idx, &specs->block_size); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 630 ato16(exp + idx, &specs->aead_mac_size); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 631 specs->bulk_cipher_algorithm = exp[idx++];
wolfSSL 7:481bce714567 632 specs->cipher_type = exp[idx++];
wolfSSL 7:481bce714567 633 specs->mac_algorithm = exp[idx++];
wolfSSL 7:481bce714567 634 specs->kea = exp[idx++];
wolfSSL 7:481bce714567 635 specs->sig_algo = exp[idx++];
wolfSSL 7:481bce714567 636 specs->hash_size = exp[idx++];
wolfSSL 7:481bce714567 637 specs->pad_size = exp[idx++];
wolfSSL 7:481bce714567 638 specs->static_ecdh = exp[idx++];
wolfSSL 7:481bce714567 639
wolfSSL 7:481bce714567 640 WOLFSSL_LEAVE("ImportCipherSpecState", idx);
wolfSSL 7:481bce714567 641 (void)ver;
wolfSSL 7:481bce714567 642 return idx;
wolfSSL 7:481bce714567 643 }
wolfSSL 7:481bce714567 644
wolfSSL 7:481bce714567 645
wolfSSL 7:481bce714567 646 static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 647 {
wolfSSL 7:481bce714567 648 word32 idx = 0;
wolfSSL 7:481bce714567 649 byte sz;
wolfSSL 7:481bce714567 650 Keys* keys;
wolfSSL 7:481bce714567 651
wolfSSL 7:481bce714567 652 WOLFSSL_ENTER("ImportKeyState");
wolfSSL 7:481bce714567 653
wolfSSL 7:481bce714567 654 if (exp == NULL || ssl == NULL) {
wolfSSL 7:481bce714567 655 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 656 }
wolfSSL 7:481bce714567 657
wolfSSL 7:481bce714567 658 keys = &(ssl->keys);
wolfSSL 7:481bce714567 659
wolfSSL 7:481bce714567 660 /* check minimum length -- includes byte used for size indicators */
wolfSSL 7:481bce714567 661 if (len < DTLS_EXPORT_MIN_KEY_SZ) {
wolfSSL 7:481bce714567 662 return BUFFER_E;
wolfSSL 7:481bce714567 663 }
wolfSSL 7:481bce714567 664 ato32(exp + idx, &keys->peer_sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 665 ato32(exp + idx, &keys->peer_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 666 ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 667 ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 668
wolfSSL 7:481bce714567 669 ato16(exp + idx, &keys->nextEpoch); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 670 ato16(exp + idx, &keys->nextSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 671 ato32(exp + idx, &keys->nextSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 672 ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 673 ato16(exp + idx, &keys->curSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 674 ato32(exp + idx, &keys->curSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 675 ato16(exp + idx, &keys->prevSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 676 ato32(exp + idx, &keys->prevSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 677
wolfSSL 7:481bce714567 678 ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 679 ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
wolfSSL 7:481bce714567 680 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 681
wolfSSL 7:481bce714567 682 ato16(exp + idx, &keys->dtls_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 683 ato32(exp + idx, &keys->dtls_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 684 ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 685 ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 686 ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 687 ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 688 ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 689 ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 690 keys->encryptionOn = exp[idx++];
wolfSSL 7:481bce714567 691 keys->decryptedCur = exp[idx++];
wolfSSL 7:481bce714567 692
wolfSSL 7:481bce714567 693 {
wolfSSL 7:481bce714567 694 word16 i, wordCount, wordAdj = 0;
wolfSSL 7:481bce714567 695
wolfSSL 7:481bce714567 696 /* do window */
wolfSSL 7:481bce714567 697 ato16(exp + idx, &wordCount);
wolfSSL 7:481bce714567 698 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 699
wolfSSL 7:481bce714567 700 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 7:481bce714567 701 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 7:481bce714567 702 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 7:481bce714567 703 }
wolfSSL 7:481bce714567 704
wolfSSL 7:481bce714567 705 XMEMSET(keys->window, 0xFF, DTLS_SEQ_SZ);
wolfSSL 7:481bce714567 706 for (i = 0; i < wordCount; i++) {
wolfSSL 7:481bce714567 707 ato32(exp + idx, &keys->window[i]);
wolfSSL 7:481bce714567 708 idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 709 }
wolfSSL 7:481bce714567 710 idx += wordAdj;
wolfSSL 7:481bce714567 711
wolfSSL 7:481bce714567 712 /* do prevWindow */
wolfSSL 7:481bce714567 713 ato16(exp + idx, &wordCount);
wolfSSL 7:481bce714567 714 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 715
wolfSSL 7:481bce714567 716 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 7:481bce714567 717 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 7:481bce714567 718 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 7:481bce714567 719 }
wolfSSL 7:481bce714567 720
wolfSSL 7:481bce714567 721 XMEMSET(keys->prevWindow, 0xFF, DTLS_SEQ_SZ);
wolfSSL 7:481bce714567 722 for (i = 0; i < wordCount; i++) {
wolfSSL 7:481bce714567 723 ato32(exp + idx, &keys->prevWindow[i]);
wolfSSL 7:481bce714567 724 idx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 725 }
wolfSSL 7:481bce714567 726 idx += wordAdj;
wolfSSL 7:481bce714567 727
wolfSSL 7:481bce714567 728 }
wolfSSL 7:481bce714567 729
wolfSSL 7:481bce714567 730 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 731 ssl->truncated_hmac = exp[idx++];
wolfSSL 7:481bce714567 732 #else
wolfSSL 7:481bce714567 733 idx++; /* no truncated hmac */
wolfSSL 7:481bce714567 734 #endif
wolfSSL 7:481bce714567 735 sz = exp[idx++];
wolfSSL 7:481bce714567 736 if (sz > MAX_DIGEST_SIZE || sz + idx > len) {
wolfSSL 7:481bce714567 737 return BUFFER_E;
wolfSSL 7:481bce714567 738 }
wolfSSL 7:481bce714567 739 XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 740 XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 741
wolfSSL 7:481bce714567 742 sz = exp[idx++];
wolfSSL 7:481bce714567 743 if (sz > AES_256_KEY_SIZE || sz + idx > len) {
wolfSSL 7:481bce714567 744 return BUFFER_E;
wolfSSL 7:481bce714567 745 }
wolfSSL 7:481bce714567 746 XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 747 XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 748
wolfSSL 7:481bce714567 749 sz = exp[idx++];
wolfSSL 7:481bce714567 750 if (sz > MAX_WRITE_IV_SZ || sz + idx > len) {
wolfSSL 7:481bce714567 751 return BUFFER_E;
wolfSSL 7:481bce714567 752 }
wolfSSL 7:481bce714567 753 XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 754 XMEMCPY(keys->server_write_IV, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 755 XMEMCPY(keys->aead_exp_IV, exp + idx, AEAD_MAX_EXP_SZ);
wolfSSL 7:481bce714567 756 idx += AEAD_MAX_EXP_SZ;
wolfSSL 7:481bce714567 757
wolfSSL 7:481bce714567 758 sz = exp[idx++];
wolfSSL 7:481bce714567 759 if (sz > AEAD_MAX_IMP_SZ || sz + idx > len) {
wolfSSL 7:481bce714567 760 return BUFFER_E;
wolfSSL 7:481bce714567 761 }
wolfSSL 7:481bce714567 762 XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 763 XMEMCPY(keys->aead_dec_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 7:481bce714567 764
wolfSSL 7:481bce714567 765 WOLFSSL_LEAVE("ImportKeyState", idx);
wolfSSL 7:481bce714567 766 (void)ver;
wolfSSL 7:481bce714567 767 return idx;
wolfSSL 7:481bce714567 768 }
wolfSSL 7:481bce714567 769
wolfSSL 7:481bce714567 770
wolfSSL 7:481bce714567 771 /* copy over necessary information from Options struct to buffer
wolfSSL 7:481bce714567 772 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 7:481bce714567 773 static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 774 {
wolfSSL 7:481bce714567 775 int idx = 0;
wolfSSL 7:481bce714567 776 word16 zero = 0;
wolfSSL 7:481bce714567 777 Options* options = &ssl->options;
wolfSSL 7:481bce714567 778
wolfSSL 7:481bce714567 779 WOLFSSL_ENTER("dtls_export_new");
wolfSSL 7:481bce714567 780
wolfSSL 7:481bce714567 781 if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 7:481bce714567 782 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 783 }
wolfSSL 7:481bce714567 784
wolfSSL 7:481bce714567 785 XMEMSET(exp, 0, DTLS_EXPORT_OPT_SZ);
wolfSSL 7:481bce714567 786
wolfSSL 7:481bce714567 787 /* these options are kept and sent to indicate verify status and strength
wolfSSL 7:481bce714567 788 * of handshake */
wolfSSL 7:481bce714567 789 exp[idx++] = options->sendVerify;
wolfSSL 7:481bce714567 790 exp[idx++] = options->verifyPeer;
wolfSSL 7:481bce714567 791 exp[idx++] = options->verifyNone;
wolfSSL 7:481bce714567 792 exp[idx++] = options->downgrade;
wolfSSL 7:481bce714567 793 #ifndef NO_DH
wolfSSL 7:481bce714567 794 c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 795 c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 796 #else
wolfSSL 7:481bce714567 797 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 798 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 799 #endif
wolfSSL 7:481bce714567 800 #ifndef NO_RSA
wolfSSL 7:481bce714567 801 c16toa((word16)(options->minRsaKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 802 #else
wolfSSL 7:481bce714567 803 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 804 #endif
wolfSSL 7:481bce714567 805 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 806 c16toa((word16)(options->minEccKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 807 #else
wolfSSL 7:481bce714567 808 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 809 #endif
wolfSSL 7:481bce714567 810
wolfSSL 7:481bce714567 811 /* these options are kept to indicate state and behavior */
wolfSSL 7:481bce714567 812 #ifndef NO_PSK
wolfSSL 7:481bce714567 813 exp[idx++] = options->havePSK;
wolfSSL 7:481bce714567 814 #else
wolfSSL 7:481bce714567 815 exp[idx++] = 0;
wolfSSL 7:481bce714567 816 #endif
wolfSSL 7:481bce714567 817 exp[idx++] = options->sessionCacheOff;
wolfSSL 7:481bce714567 818 exp[idx++] = options->sessionCacheFlushOff;
wolfSSL 7:481bce714567 819 exp[idx++] = options->side;
wolfSSL 7:481bce714567 820 exp[idx++] = options->resuming;
wolfSSL 7:481bce714567 821 exp[idx++] = options->haveSessionId;
wolfSSL 7:481bce714567 822 exp[idx++] = options->tls;
wolfSSL 7:481bce714567 823 exp[idx++] = options->tls1_1;
wolfSSL 7:481bce714567 824 exp[idx++] = options->dtls;
wolfSSL 7:481bce714567 825 exp[idx++] = options->connReset;
wolfSSL 7:481bce714567 826 exp[idx++] = options->isClosed;
wolfSSL 7:481bce714567 827 exp[idx++] = options->closeNotify;
wolfSSL 7:481bce714567 828 exp[idx++] = options->sentNotify;
wolfSSL 7:481bce714567 829 exp[idx++] = options->usingCompression;
wolfSSL 7:481bce714567 830 exp[idx++] = options->haveRSA;
wolfSSL 7:481bce714567 831 exp[idx++] = options->haveECC;
wolfSSL 7:481bce714567 832 exp[idx++] = options->haveDH;
wolfSSL 7:481bce714567 833 exp[idx++] = options->haveNTRU;
wolfSSL 7:481bce714567 834 exp[idx++] = options->haveQSH;
wolfSSL 7:481bce714567 835 exp[idx++] = options->haveECDSAsig;
wolfSSL 7:481bce714567 836 exp[idx++] = options->haveStaticECC;
wolfSSL 7:481bce714567 837 exp[idx++] = options->havePeerVerify;
wolfSSL 7:481bce714567 838 exp[idx++] = options->usingPSK_cipher;
wolfSSL 7:481bce714567 839 exp[idx++] = options->usingAnon_cipher;
wolfSSL 7:481bce714567 840 exp[idx++] = options->sendAlertState;
wolfSSL 7:481bce714567 841 exp[idx++] = options->partialWrite;
wolfSSL 7:481bce714567 842 exp[idx++] = options->quietShutdown;
wolfSSL 7:481bce714567 843 exp[idx++] = options->groupMessages;
wolfSSL 7:481bce714567 844 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 845 exp[idx++] = options->oldPoly;
wolfSSL 7:481bce714567 846 #else
wolfSSL 7:481bce714567 847 exp[idx++] = 0;
wolfSSL 7:481bce714567 848 #endif
wolfSSL 7:481bce714567 849 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 850 exp[idx++] = options->haveAnon;
wolfSSL 7:481bce714567 851 #else
wolfSSL 7:481bce714567 852 exp[idx++] = 0;
wolfSSL 7:481bce714567 853 #endif
wolfSSL 7:481bce714567 854 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 855 exp[idx++] = options->createTicket;
wolfSSL 7:481bce714567 856 exp[idx++] = options->useTicket;
wolfSSL 7:481bce714567 857 #else
wolfSSL 7:481bce714567 858 exp[idx++] = 0;
wolfSSL 7:481bce714567 859 exp[idx++] = 0;
wolfSSL 7:481bce714567 860 #endif
wolfSSL 7:481bce714567 861 exp[idx++] = options->processReply;
wolfSSL 7:481bce714567 862 exp[idx++] = options->cipherSuite0;
wolfSSL 7:481bce714567 863 exp[idx++] = options->cipherSuite;
wolfSSL 7:481bce714567 864 exp[idx++] = options->serverState;
wolfSSL 7:481bce714567 865 exp[idx++] = options->clientState;
wolfSSL 7:481bce714567 866 exp[idx++] = options->handShakeState;
wolfSSL 7:481bce714567 867 exp[idx++] = options->handShakeDone;
wolfSSL 7:481bce714567 868 exp[idx++] = options->minDowngrade;
wolfSSL 7:481bce714567 869 exp[idx++] = options->connectState;
wolfSSL 7:481bce714567 870 exp[idx++] = options->acceptState;
wolfSSL 7:481bce714567 871 exp[idx++] = options->keyShareState;
wolfSSL 7:481bce714567 872
wolfSSL 7:481bce714567 873 /* version of connection */
wolfSSL 7:481bce714567 874 exp[idx++] = ssl->version.major;
wolfSSL 7:481bce714567 875 exp[idx++] = ssl->version.minor;
wolfSSL 7:481bce714567 876
wolfSSL 7:481bce714567 877 (void)zero;
wolfSSL 7:481bce714567 878 (void)ver;
wolfSSL 7:481bce714567 879
wolfSSL 7:481bce714567 880 /* check if changes were made and notify of need to update export version */
wolfSSL 7:481bce714567 881 if (idx != DTLS_EXPORT_OPT_SZ) {
wolfSSL 7:481bce714567 882 WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of wolfSSL export");
wolfSSL 7:481bce714567 883 return DTLS_EXPORT_VER_E;
wolfSSL 7:481bce714567 884 }
wolfSSL 7:481bce714567 885
wolfSSL 7:481bce714567 886 WOLFSSL_LEAVE("dtls_export_new", idx);
wolfSSL 7:481bce714567 887
wolfSSL 7:481bce714567 888 return idx;
wolfSSL 7:481bce714567 889 }
wolfSSL 7:481bce714567 890
wolfSSL 7:481bce714567 891
wolfSSL 7:481bce714567 892 /* copy items from Export struct to Options struct
wolfSSL 7:481bce714567 893 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 7:481bce714567 894 static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 895 {
wolfSSL 7:481bce714567 896 int idx = 0;
wolfSSL 7:481bce714567 897 Options* options = &ssl->options;
wolfSSL 7:481bce714567 898
wolfSSL 7:481bce714567 899 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 7:481bce714567 900 WOLFSSL_MSG("Export version not supported");
wolfSSL 7:481bce714567 901 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 902 }
wolfSSL 7:481bce714567 903
wolfSSL 7:481bce714567 904 if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 7:481bce714567 905 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 906 }
wolfSSL 7:481bce714567 907
wolfSSL 7:481bce714567 908 /* these options are kept and sent to indicate verify status and strength
wolfSSL 7:481bce714567 909 * of handshake */
wolfSSL 7:481bce714567 910 options->sendVerify = exp[idx++];
wolfSSL 7:481bce714567 911 options->verifyPeer = exp[idx++];
wolfSSL 7:481bce714567 912 options->verifyNone = exp[idx++];
wolfSSL 7:481bce714567 913 options->downgrade = exp[idx++];
wolfSSL 7:481bce714567 914 #ifndef NO_DH
wolfSSL 7:481bce714567 915 ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 916 ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 917 #else
wolfSSL 7:481bce714567 918 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 919 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 920 #endif
wolfSSL 7:481bce714567 921 #ifndef NO_RSA
wolfSSL 7:481bce714567 922 ato16(exp + idx, (word16*)&(options->minRsaKeySz)); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 923 #else
wolfSSL 7:481bce714567 924 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 925 #endif
wolfSSL 7:481bce714567 926 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 927 ato16(exp + idx, (word16*)&(options->minEccKeySz)); idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 928 #else
wolfSSL 7:481bce714567 929 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 930 #endif
wolfSSL 7:481bce714567 931
wolfSSL 7:481bce714567 932 /* these options are kept to indicate state and behavior */
wolfSSL 7:481bce714567 933 #ifndef NO_PSK
wolfSSL 7:481bce714567 934 options->havePSK = exp[idx++];
wolfSSL 7:481bce714567 935 #else
wolfSSL 7:481bce714567 936 idx++;
wolfSSL 7:481bce714567 937 #endif
wolfSSL 7:481bce714567 938 options->sessionCacheOff = exp[idx++];
wolfSSL 7:481bce714567 939 options->sessionCacheFlushOff = exp[idx++];
wolfSSL 7:481bce714567 940 options->side = exp[idx++];
wolfSSL 7:481bce714567 941 options->resuming = exp[idx++];
wolfSSL 7:481bce714567 942 options->haveSessionId = exp[idx++];
wolfSSL 7:481bce714567 943 options->tls = exp[idx++];
wolfSSL 7:481bce714567 944 options->tls1_1 = exp[idx++];
wolfSSL 7:481bce714567 945 options->dtls = exp[idx++];
wolfSSL 7:481bce714567 946 options->connReset = exp[idx++];
wolfSSL 7:481bce714567 947 options->isClosed = exp[idx++];
wolfSSL 7:481bce714567 948 options->closeNotify = exp[idx++];
wolfSSL 7:481bce714567 949 options->sentNotify = exp[idx++];
wolfSSL 7:481bce714567 950 options->usingCompression = exp[idx++];
wolfSSL 7:481bce714567 951 options->haveRSA = exp[idx++];
wolfSSL 7:481bce714567 952 options->haveECC = exp[idx++];
wolfSSL 7:481bce714567 953 options->haveDH = exp[idx++];
wolfSSL 7:481bce714567 954 options->haveNTRU = exp[idx++];
wolfSSL 7:481bce714567 955 options->haveQSH = exp[idx++];
wolfSSL 7:481bce714567 956 options->haveECDSAsig = exp[idx++];
wolfSSL 7:481bce714567 957 options->haveStaticECC = exp[idx++];
wolfSSL 7:481bce714567 958 options->havePeerVerify = exp[idx++];
wolfSSL 7:481bce714567 959 options->usingPSK_cipher = exp[idx++];
wolfSSL 7:481bce714567 960 options->usingAnon_cipher = exp[idx++];
wolfSSL 7:481bce714567 961 options->sendAlertState = exp[idx++];
wolfSSL 7:481bce714567 962 options->partialWrite = exp[idx++];
wolfSSL 7:481bce714567 963 options->quietShutdown = exp[idx++];
wolfSSL 7:481bce714567 964 options->groupMessages = exp[idx++];
wolfSSL 7:481bce714567 965 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 966 options->oldPoly = exp[idx++]; /* set when to use old rfc way of poly*/
wolfSSL 7:481bce714567 967 #else
wolfSSL 7:481bce714567 968 idx++;
wolfSSL 7:481bce714567 969 #endif
wolfSSL 7:481bce714567 970 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 971 options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */
wolfSSL 7:481bce714567 972 #else
wolfSSL 7:481bce714567 973 idx++;
wolfSSL 7:481bce714567 974 #endif
wolfSSL 7:481bce714567 975 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 976 options->createTicket = exp[idx++]; /* Server to create new Ticket */
wolfSSL 7:481bce714567 977 options->useTicket = exp[idx++]; /* Use Ticket not session cache */
wolfSSL 7:481bce714567 978 #else
wolfSSL 7:481bce714567 979 idx++;
wolfSSL 7:481bce714567 980 idx++;
wolfSSL 7:481bce714567 981 #endif
wolfSSL 7:481bce714567 982 options->processReply = exp[idx++];
wolfSSL 7:481bce714567 983 options->cipherSuite0 = exp[idx++];
wolfSSL 7:481bce714567 984 options->cipherSuite = exp[idx++];
wolfSSL 7:481bce714567 985 options->serverState = exp[idx++];
wolfSSL 7:481bce714567 986 options->clientState = exp[idx++];
wolfSSL 7:481bce714567 987 options->handShakeState = exp[idx++];
wolfSSL 7:481bce714567 988 options->handShakeDone = exp[idx++];
wolfSSL 7:481bce714567 989 options->minDowngrade = exp[idx++];
wolfSSL 7:481bce714567 990 options->connectState = exp[idx++];
wolfSSL 7:481bce714567 991 options->acceptState = exp[idx++];
wolfSSL 7:481bce714567 992 options->keyShareState = exp[idx++];
wolfSSL 7:481bce714567 993
wolfSSL 7:481bce714567 994 /* version of connection */
wolfSSL 7:481bce714567 995 if (ssl->version.major != exp[idx++] || ssl->version.minor != exp[idx++]) {
wolfSSL 7:481bce714567 996 WOLFSSL_MSG("Version mismatch ie DTLS v1 vs v1.2");
wolfSSL 7:481bce714567 997 return VERSION_ERROR;
wolfSSL 7:481bce714567 998 }
wolfSSL 7:481bce714567 999
wolfSSL 7:481bce714567 1000 return idx;
wolfSSL 7:481bce714567 1001 }
wolfSSL 7:481bce714567 1002
wolfSSL 7:481bce714567 1003 static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 7:481bce714567 1004 {
wolfSSL 7:481bce714567 1005 int idx = 0;
wolfSSL 7:481bce714567 1006 int ipSz = DTLS_EXPORT_IP; /* start as max size */
wolfSSL 7:481bce714567 1007 int fam = 0;
wolfSSL 7:481bce714567 1008 word16 port = 0;
wolfSSL 7:481bce714567 1009 char ip[DTLS_EXPORT_IP];
wolfSSL 7:481bce714567 1010
wolfSSL 7:481bce714567 1011 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 7:481bce714567 1012 WOLFSSL_MSG("Export version not supported");
wolfSSL 7:481bce714567 1013 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1014 }
wolfSSL 7:481bce714567 1015
wolfSSL 7:481bce714567 1016 if (ssl == NULL || exp == NULL || len < sizeof(ip) + 3 * DTLS_EXPORT_LEN) {
wolfSSL 7:481bce714567 1017 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1018 }
wolfSSL 7:481bce714567 1019
wolfSSL 7:481bce714567 1020 if (ssl->ctx->CBGetPeer == NULL) {
wolfSSL 7:481bce714567 1021 WOLFSSL_MSG("No get peer call back set");
wolfSSL 7:481bce714567 1022 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1023 }
wolfSSL 7:481bce714567 1024 if (ssl->ctx->CBGetPeer(ssl, ip, &ipSz, &port, &fam) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 1025 WOLFSSL_MSG("Get peer callback error");
wolfSSL 7:481bce714567 1026 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 1027 }
wolfSSL 7:481bce714567 1028
wolfSSL 7:481bce714567 1029 /* check that ipSz/fam is not negative or too large since user can set cb */
wolfSSL 7:481bce714567 1030 if (ipSz < 0 || ipSz > DTLS_EXPORT_IP || fam < 0) {
wolfSSL 7:481bce714567 1031 WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback");
wolfSSL 7:481bce714567 1032 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 1033 }
wolfSSL 7:481bce714567 1034
wolfSSL 7:481bce714567 1035 c16toa((word16)fam, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1036 c16toa((word16)ipSz, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1037 XMEMCPY(exp + idx, ip, ipSz); idx += ipSz;
wolfSSL 7:481bce714567 1038 c16toa(port, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1039
wolfSSL 7:481bce714567 1040 return idx;
wolfSSL 7:481bce714567 1041 }
wolfSSL 7:481bce714567 1042
wolfSSL 7:481bce714567 1043
wolfSSL 7:481bce714567 1044 static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
wolfSSL 7:481bce714567 1045 {
wolfSSL 7:481bce714567 1046 word16 idx = 0;
wolfSSL 7:481bce714567 1047 word16 ipSz;
wolfSSL 7:481bce714567 1048 word16 fam;
wolfSSL 7:481bce714567 1049 word16 port;
wolfSSL 7:481bce714567 1050 char ip[DTLS_EXPORT_IP];
wolfSSL 7:481bce714567 1051
wolfSSL 7:481bce714567 1052 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 7:481bce714567 1053 WOLFSSL_MSG("Export version not supported");
wolfSSL 7:481bce714567 1054 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1055 }
wolfSSL 7:481bce714567 1056
wolfSSL 7:481bce714567 1057 if (ssl == NULL || buf == NULL || len < 3 * DTLS_EXPORT_LEN) {
wolfSSL 7:481bce714567 1058 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1059 }
wolfSSL 7:481bce714567 1060
wolfSSL 7:481bce714567 1061 /* import sin family */
wolfSSL 7:481bce714567 1062 ato16(buf + idx, &fam); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1063
wolfSSL 7:481bce714567 1064 /* import ip address idx, and ipSz are unsigned but cast for enum */
wolfSSL 7:481bce714567 1065 ato16(buf + idx, &ipSz); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1066 if (ipSz > sizeof(ip) || (word16)(idx + ipSz + DTLS_EXPORT_LEN) > len) {
wolfSSL 7:481bce714567 1067 return BUFFER_E;
wolfSSL 7:481bce714567 1068 }
wolfSSL 7:481bce714567 1069 XMEMSET(ip, 0, sizeof(ip));
wolfSSL 7:481bce714567 1070 XMEMCPY(ip, buf + idx, ipSz); idx += ipSz;
wolfSSL 7:481bce714567 1071 ip[ipSz] = '\0';
wolfSSL 7:481bce714567 1072 ato16(buf + idx, &port); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1073
wolfSSL 7:481bce714567 1074 /* sanity check for a function to call, then use it to import peer info */
wolfSSL 7:481bce714567 1075 if (ssl->ctx->CBSetPeer == NULL) {
wolfSSL 7:481bce714567 1076 WOLFSSL_MSG("No set peer function");
wolfSSL 7:481bce714567 1077 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1078 }
wolfSSL 7:481bce714567 1079 if (ssl->ctx->CBSetPeer(ssl, ip, ipSz, port, fam) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 1080 WOLFSSL_MSG("Error setting peer info");
wolfSSL 7:481bce714567 1081 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 1082 }
wolfSSL 7:481bce714567 1083
wolfSSL 7:481bce714567 1084 return idx;
wolfSSL 7:481bce714567 1085 }
wolfSSL 7:481bce714567 1086
wolfSSL 7:481bce714567 1087
wolfSSL 7:481bce714567 1088 /* WOLFSSL_LOCAL function that serializes the current WOLFSSL session
wolfSSL 7:481bce714567 1089 * buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
wolfSSL 7:481bce714567 1090 * passed in.
wolfSSL 7:481bce714567 1091 * On success returns the size of serialized session.*/
wolfSSL 7:481bce714567 1092 int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 7:481bce714567 1093 {
wolfSSL 7:481bce714567 1094 int ret;
wolfSSL 7:481bce714567 1095 word32 idx = 0;
wolfSSL 7:481bce714567 1096 word32 totalLen = 0;
wolfSSL 7:481bce714567 1097
wolfSSL 7:481bce714567 1098 WOLFSSL_ENTER("wolfSSL_dtls_export_internal");
wolfSSL 7:481bce714567 1099
wolfSSL 7:481bce714567 1100 if (buf == NULL || ssl == NULL) {
wolfSSL 7:481bce714567 1101 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BAD_FUNC_ARG);
wolfSSL 7:481bce714567 1102 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1103 }
wolfSSL 7:481bce714567 1104
wolfSSL 7:481bce714567 1105 totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */
wolfSSL 7:481bce714567 1106 /* each of the following have a 2 byte length before data */
wolfSSL 7:481bce714567 1107 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ;
wolfSSL 7:481bce714567 1108 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_KEY_SZ;
wolfSSL 7:481bce714567 1109 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ;
wolfSSL 7:481bce714567 1110 totalLen += DTLS_EXPORT_LEN + ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 7:481bce714567 1111
wolfSSL 7:481bce714567 1112 if (totalLen > sz) {
wolfSSL 7:481bce714567 1113 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BUFFER_E);
wolfSSL 7:481bce714567 1114 return BUFFER_E;
wolfSSL 7:481bce714567 1115 }
wolfSSL 7:481bce714567 1116
wolfSSL 7:481bce714567 1117 buf[idx++] = (byte)DTLS_EXPORT_PRO;
wolfSSL 7:481bce714567 1118 buf[idx++] = ((byte)DTLS_EXPORT_PRO & 0xF0) |
wolfSSL 7:481bce714567 1119 ((byte)DTLS_EXPORT_VERSION & 0X0F);
wolfSSL 7:481bce714567 1120
wolfSSL 7:481bce714567 1121 idx += DTLS_EXPORT_LEN; /* leave spot for length */
wolfSSL 7:481bce714567 1122
wolfSSL 7:481bce714567 1123 c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1124 if ((ret = dtls_export_new(ssl, buf + idx, sz - idx,
wolfSSL 7:481bce714567 1125 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 7:481bce714567 1126 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 7:481bce714567 1127 return ret;
wolfSSL 7:481bce714567 1128 }
wolfSSL 7:481bce714567 1129 idx += ret;
wolfSSL 7:481bce714567 1130
wolfSSL 7:481bce714567 1131 /* export keys struct and dtls state -- variable length stored in ret */
wolfSSL 7:481bce714567 1132 idx += DTLS_EXPORT_LEN; /* leave room for length */
wolfSSL 7:481bce714567 1133 if ((ret = ExportKeyState(ssl, buf + idx, sz - idx,
wolfSSL 7:481bce714567 1134 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 7:481bce714567 1135 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 7:481bce714567 1136 return ret;
wolfSSL 7:481bce714567 1137 }
wolfSSL 7:481bce714567 1138 c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret;
wolfSSL 7:481bce714567 1139
wolfSSL 7:481bce714567 1140 /* export of cipher specs struct */
wolfSSL 7:481bce714567 1141 c16toa((word16)DTLS_EXPORT_SPC_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1142 if ((ret = ExportCipherSpecState(ssl, buf + idx, sz - idx,
wolfSSL 7:481bce714567 1143 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 7:481bce714567 1144 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 7:481bce714567 1145 return ret;
wolfSSL 7:481bce714567 1146 }
wolfSSL 7:481bce714567 1147 idx += ret;
wolfSSL 7:481bce714567 1148
wolfSSL 7:481bce714567 1149 /* export of dtls peer information */
wolfSSL 7:481bce714567 1150 idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1151 if ((ret = ExportPeerInfo(ssl, buf + idx, sz - idx,
wolfSSL 7:481bce714567 1152 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 7:481bce714567 1153 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 7:481bce714567 1154 return ret;
wolfSSL 7:481bce714567 1155 }
wolfSSL 7:481bce714567 1156 c16toa(ret, buf + idx - DTLS_EXPORT_LEN);
wolfSSL 7:481bce714567 1157 idx += ret;
wolfSSL 7:481bce714567 1158
wolfSSL 7:481bce714567 1159 /* place total length of exported buffer minus 2 bytes protocol/version */
wolfSSL 7:481bce714567 1160 c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN);
wolfSSL 7:481bce714567 1161
wolfSSL 7:481bce714567 1162 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 7:481bce714567 1163 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 7:481bce714567 1164 {
wolfSSL 7:481bce714567 1165 char debug[256];
wolfSSL 7:481bce714567 1166 snprintf(debug, sizeof(debug), "Exporting DTLS session\n"
wolfSSL 7:481bce714567 1167 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 7:481bce714567 1168 , (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2);
wolfSSL 7:481bce714567 1169 WOLFSSL_MSG(debug);
wolfSSL 7:481bce714567 1170 }
wolfSSL 7:481bce714567 1171 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 7:481bce714567 1172
wolfSSL 7:481bce714567 1173 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", idx);
wolfSSL 7:481bce714567 1174 return idx;
wolfSSL 7:481bce714567 1175 }
wolfSSL 7:481bce714567 1176
wolfSSL 7:481bce714567 1177
wolfSSL 7:481bce714567 1178 /* On success return amount of buffer consumed */
wolfSSL 7:481bce714567 1179 int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 7:481bce714567 1180 {
wolfSSL 7:481bce714567 1181 word32 idx = 0;
wolfSSL 7:481bce714567 1182 word16 length = 0;
wolfSSL 7:481bce714567 1183 int version;
wolfSSL 7:481bce714567 1184 int ret;
wolfSSL 7:481bce714567 1185
wolfSSL 7:481bce714567 1186 WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
wolfSSL 7:481bce714567 1187 /* check at least enough room for protocol and length */
wolfSSL 7:481bce714567 1188 if (sz < DTLS_EXPORT_LEN * 2 || ssl == NULL) {
wolfSSL 7:481bce714567 1189 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1190 }
wolfSSL 7:481bce714567 1191
wolfSSL 7:481bce714567 1192 /* sanity check on protocol ID and size of buffer */
wolfSSL 7:481bce714567 1193 if (buf[idx++] != (byte)DTLS_EXPORT_PRO ||
wolfSSL 7:481bce714567 1194 (buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) {
wolfSSL 7:481bce714567 1195 /* don't increment on second idx to next get version */
wolfSSL 7:481bce714567 1196 WOLFSSL_MSG("Incorrect protocol");
wolfSSL 7:481bce714567 1197 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 1198 }
wolfSSL 7:481bce714567 1199 version = buf[idx++] & 0x0F;
wolfSSL 7:481bce714567 1200
wolfSSL 7:481bce714567 1201 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1202 if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */
wolfSSL 7:481bce714567 1203 return BUFFER_E;
wolfSSL 7:481bce714567 1204 }
wolfSSL 7:481bce714567 1205
wolfSSL 7:481bce714567 1206 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 7:481bce714567 1207 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 7:481bce714567 1208 {
wolfSSL 7:481bce714567 1209 char debug[256];
wolfSSL 7:481bce714567 1210 snprintf(debug, sizeof(debug), "Importing DTLS session\n"
wolfSSL 7:481bce714567 1211 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 7:481bce714567 1212 , (int)version, buf[0], (buf[1] >> 4), length);
wolfSSL 7:481bce714567 1213 WOLFSSL_MSG(debug);
wolfSSL 7:481bce714567 1214 }
wolfSSL 7:481bce714567 1215 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 7:481bce714567 1216
wolfSSL 7:481bce714567 1217 /* perform sanity checks and extract Options information used */
wolfSSL 7:481bce714567 1218 if (DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ + idx > sz) {
wolfSSL 7:481bce714567 1219 WOLFSSL_MSG("Import Options struct error");
wolfSSL 7:481bce714567 1220 return BUFFER_E;
wolfSSL 7:481bce714567 1221 }
wolfSSL 7:481bce714567 1222 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1223 if (length != DTLS_EXPORT_OPT_SZ) {
wolfSSL 7:481bce714567 1224 WOLFSSL_MSG("Import Options struct error");
wolfSSL 7:481bce714567 1225 return BUFFER_E;
wolfSSL 7:481bce714567 1226 }
wolfSSL 7:481bce714567 1227 if ((ret = dtls_export_load(ssl, buf + idx, length, version)) < 0) {
wolfSSL 7:481bce714567 1228 WOLFSSL_MSG("Import Options struct error");
wolfSSL 7:481bce714567 1229 return ret;
wolfSSL 7:481bce714567 1230 }
wolfSSL 7:481bce714567 1231 idx += length;
wolfSSL 7:481bce714567 1232
wolfSSL 7:481bce714567 1233 /* perform sanity checks and extract Keys struct */
wolfSSL 7:481bce714567 1234 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 7:481bce714567 1235 WOLFSSL_MSG("Import Key struct error");
wolfSSL 7:481bce714567 1236 return BUFFER_E;
wolfSSL 7:481bce714567 1237 }
wolfSSL 7:481bce714567 1238 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1239 if (length > DTLS_EXPORT_KEY_SZ || length + idx > sz) {
wolfSSL 7:481bce714567 1240 WOLFSSL_MSG("Import Key struct error");
wolfSSL 7:481bce714567 1241 return BUFFER_E;
wolfSSL 7:481bce714567 1242 }
wolfSSL 7:481bce714567 1243 if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 7:481bce714567 1244 WOLFSSL_MSG("Import Key struct error");
wolfSSL 7:481bce714567 1245 return ret;
wolfSSL 7:481bce714567 1246 }
wolfSSL 7:481bce714567 1247 idx += ret;
wolfSSL 7:481bce714567 1248
wolfSSL 7:481bce714567 1249 /* perform sanity checks and extract CipherSpecs struct */
wolfSSL 7:481bce714567 1250 if (DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ + idx > sz) {
wolfSSL 7:481bce714567 1251 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 7:481bce714567 1252 return BUFFER_E;
wolfSSL 7:481bce714567 1253 }
wolfSSL 7:481bce714567 1254 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1255 if ( length != DTLS_EXPORT_SPC_SZ) {
wolfSSL 7:481bce714567 1256 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 7:481bce714567 1257 return BUFFER_E;
wolfSSL 7:481bce714567 1258 }
wolfSSL 7:481bce714567 1259 if ((ret = ImportCipherSpecState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 7:481bce714567 1260 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 7:481bce714567 1261 return ret;
wolfSSL 7:481bce714567 1262 }
wolfSSL 7:481bce714567 1263 idx += ret;
wolfSSL 7:481bce714567 1264
wolfSSL 7:481bce714567 1265 /* perform sanity checks and extract DTLS peer info */
wolfSSL 7:481bce714567 1266 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 7:481bce714567 1267 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 7:481bce714567 1268 return BUFFER_E;
wolfSSL 7:481bce714567 1269 }
wolfSSL 7:481bce714567 1270 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 7:481bce714567 1271 if (idx + length > sz) {
wolfSSL 7:481bce714567 1272 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 7:481bce714567 1273 return BUFFER_E;
wolfSSL 7:481bce714567 1274 }
wolfSSL 7:481bce714567 1275 if ((ret = ImportPeerInfo(ssl, buf + idx, length, version)) < 0) {
wolfSSL 7:481bce714567 1276 WOLFSSL_MSG("Import Peer Addr error");
wolfSSL 7:481bce714567 1277 return ret;
wolfSSL 7:481bce714567 1278 }
wolfSSL 7:481bce714567 1279 idx += ret;
wolfSSL 7:481bce714567 1280
wolfSSL 7:481bce714567 1281 SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL 7:481bce714567 1282
wolfSSL 7:481bce714567 1283 /* set hmac function to use when verifying */
wolfSSL 7:481bce714567 1284 if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
wolfSSL 7:481bce714567 1285 ssl->options.dtls == 1) {
wolfSSL 7:481bce714567 1286 ssl->hmac = TLS_hmac;
wolfSSL 7:481bce714567 1287 }
wolfSSL 7:481bce714567 1288
wolfSSL 7:481bce714567 1289 /* make sure is a valid suite used */
wolfSSL 7:481bce714567 1290 if (wolfSSL_get_cipher(ssl) == NULL) {
wolfSSL 7:481bce714567 1291 WOLFSSL_MSG("Can not match cipher suite imported");
wolfSSL 7:481bce714567 1292 return MATCH_SUITE_ERROR;
wolfSSL 7:481bce714567 1293 }
wolfSSL 7:481bce714567 1294
wolfSSL 7:481bce714567 1295 /* do not allow stream ciphers with DTLS */
wolfSSL 7:481bce714567 1296 if (ssl->specs.cipher_type == stream) {
wolfSSL 7:481bce714567 1297 WOLFSSL_MSG("Can not import stream ciphers for DTLS");
wolfSSL 7:481bce714567 1298 return SANITY_CIPHER_E;
wolfSSL 7:481bce714567 1299 }
wolfSSL 7:481bce714567 1300
wolfSSL 7:481bce714567 1301 return idx;
wolfSSL 7:481bce714567 1302 }
wolfSSL 7:481bce714567 1303 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 1304 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 7:481bce714567 1305
wolfSSL 7:481bce714567 1306
wolfSSL 7:481bce714567 1307 void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
wolfSSL 7:481bce714567 1308 {
wolfSSL 7:481bce714567 1309 method->version = pv;
wolfSSL 7:481bce714567 1310 method->side = WOLFSSL_CLIENT_END;
wolfSSL 7:481bce714567 1311 method->downgrade = 0;
wolfSSL 7:481bce714567 1312 }
wolfSSL 7:481bce714567 1313
wolfSSL 7:481bce714567 1314
wolfSSL 7:481bce714567 1315 /* Initialize SSL context, return 0 on success */
wolfSSL 7:481bce714567 1316 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
wolfSSL 7:481bce714567 1317 {
wolfSSL 7:481bce714567 1318 int ret = 0;
wolfSSL 7:481bce714567 1319
wolfSSL 7:481bce714567 1320 XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
wolfSSL 7:481bce714567 1321
wolfSSL 7:481bce714567 1322 ctx->method = method;
wolfSSL 7:481bce714567 1323 ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL 7:481bce714567 1324 ctx->heap = ctx; /* defaults to self */
wolfSSL 7:481bce714567 1325 ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 7:481bce714567 1326 ctx->minDowngrade = TLSv1_MINOR; /* current default */
wolfSSL 7:481bce714567 1327
wolfSSL 7:481bce714567 1328 if (wc_InitMutex(&ctx->countMutex) < 0) {
wolfSSL 7:481bce714567 1329 WOLFSSL_MSG("Mutex error on CTX init");
wolfSSL 7:481bce714567 1330 ctx->err = CTX_INIT_MUTEX_E;
wolfSSL 7:481bce714567 1331 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 1332 }
wolfSSL 7:481bce714567 1333
wolfSSL 7:481bce714567 1334 #ifndef NO_DH
wolfSSL 7:481bce714567 1335 ctx->minDhKeySz = MIN_DHKEY_SZ;
wolfSSL 7:481bce714567 1336 #endif
wolfSSL 7:481bce714567 1337 #ifndef NO_RSA
wolfSSL 7:481bce714567 1338 ctx->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 7:481bce714567 1339 #endif
wolfSSL 7:481bce714567 1340 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 1341 ctx->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 7:481bce714567 1342 ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL 7:481bce714567 1343 #endif
wolfSSL 7:481bce714567 1344
wolfSSL 7:481bce714567 1345 #ifndef WOLFSSL_USER_IO
wolfSSL 7:481bce714567 1346 ctx->CBIORecv = EmbedReceive;
wolfSSL 7:481bce714567 1347 ctx->CBIOSend = EmbedSend;
wolfSSL 7:481bce714567 1348 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 1349 if (method->version.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 1350 ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL 7:481bce714567 1351 ctx->CBIOSend = EmbedSendTo;
wolfSSL 7:481bce714567 1352 }
wolfSSL 7:481bce714567 1353 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 7:481bce714567 1354 ctx->CBGetPeer = EmbedGetPeer;
wolfSSL 7:481bce714567 1355 ctx->CBSetPeer = EmbedSetPeer;
wolfSSL 7:481bce714567 1356 #endif
wolfSSL 7:481bce714567 1357 #endif
wolfSSL 7:481bce714567 1358 #endif /* WOLFSSL_USER_IO */
wolfSSL 7:481bce714567 1359
wolfSSL 7:481bce714567 1360 #ifdef HAVE_NETX
wolfSSL 7:481bce714567 1361 ctx->CBIORecv = NetX_Receive;
wolfSSL 7:481bce714567 1362 ctx->CBIOSend = NetX_Send;
wolfSSL 7:481bce714567 1363 #endif
wolfSSL 7:481bce714567 1364
wolfSSL 7:481bce714567 1365 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 1366 if (method->side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 1367 ctx->haveNTRU = 1; /* always on cliet side */
wolfSSL 7:481bce714567 1368 /* server can turn on by loading key */
wolfSSL 7:481bce714567 1369 #endif
wolfSSL 7:481bce714567 1370 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 1371 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 1372 ctx->haveECDSAsig = 1; /* always on cliet side */
wolfSSL 7:481bce714567 1373 ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL 7:481bce714567 1374 ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL 7:481bce714567 1375 }
wolfSSL 7:481bce714567 1376 #endif
wolfSSL 7:481bce714567 1377
wolfSSL 7:481bce714567 1378 ctx->devId = INVALID_DEVID;
wolfSSL 7:481bce714567 1379
wolfSSL 7:481bce714567 1380 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
wolfSSL 7:481bce714567 1381 ctx->dtlsMtuSz = MAX_RECORD_SIZE;
wolfSSL 7:481bce714567 1382 #endif
wolfSSL 7:481bce714567 1383
wolfSSL 7:481bce714567 1384 #ifndef NO_CERTS
wolfSSL 7:481bce714567 1385 ctx->cm = wolfSSL_CertManagerNew_ex(heap);
wolfSSL 7:481bce714567 1386 if (ctx->cm == NULL) {
wolfSSL 7:481bce714567 1387 WOLFSSL_MSG("Bad Cert Manager New");
wolfSSL 7:481bce714567 1388 return BAD_CERT_MANAGER_ERROR;
wolfSSL 7:481bce714567 1389 }
wolfSSL 7:481bce714567 1390 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 1391 /* setup WOLFSSL_X509_STORE */
wolfSSL 7:481bce714567 1392 ctx->x509_store.cm = ctx->cm;
wolfSSL 7:481bce714567 1393 #endif
wolfSSL 7:481bce714567 1394 #endif
wolfSSL 7:481bce714567 1395
wolfSSL 7:481bce714567 1396 #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL 7:481bce714567 1397 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 1398 if ((method->version.major == SSLv3_MAJOR) &&
wolfSSL 7:481bce714567 1399 (method->version.minor >= TLSv1_MINOR)) {
wolfSSL 7:481bce714567 1400
wolfSSL 7:481bce714567 1401 ctx->haveEMS = 1;
wolfSSL 7:481bce714567 1402 }
wolfSSL 7:481bce714567 1403 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 1404 if (method->version.major == DTLS_MAJOR)
wolfSSL 7:481bce714567 1405 ctx->haveEMS = 1;
wolfSSL 7:481bce714567 1406 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 1407 }
wolfSSL 7:481bce714567 1408 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 1409
wolfSSL 7:481bce714567 1410 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 7:481bce714567 1411 ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
wolfSSL 7:481bce714567 1412 #endif
wolfSSL 7:481bce714567 1413
wolfSSL 7:481bce714567 1414 #ifdef HAVE_WOLF_EVENT
wolfSSL 7:481bce714567 1415 ret = wolfEventQueue_Init(&ctx->event_queue);
wolfSSL 7:481bce714567 1416 #endif /* HAVE_WOLF_EVENT */
wolfSSL 7:481bce714567 1417
wolfSSL 7:481bce714567 1418 ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
wolfSSL 7:481bce714567 1419
wolfSSL 7:481bce714567 1420 return ret;
wolfSSL 7:481bce714567 1421 }
wolfSSL 7:481bce714567 1422
wolfSSL 7:481bce714567 1423
wolfSSL 7:481bce714567 1424 /* In case contexts are held in array and don't want to free actual ctx */
wolfSSL 7:481bce714567 1425 void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 1426 {
wolfSSL 7:481bce714567 1427 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 1428 int i;
wolfSSL 7:481bce714567 1429 #endif
wolfSSL 7:481bce714567 1430
wolfSSL 7:481bce714567 1431 #ifdef HAVE_WOLF_EVENT
wolfSSL 7:481bce714567 1432 wolfEventQueue_Free(&ctx->event_queue);
wolfSSL 7:481bce714567 1433 #endif /* HAVE_WOLF_EVENT */
wolfSSL 7:481bce714567 1434
wolfSSL 7:481bce714567 1435 XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL 7:481bce714567 1436 if (ctx->suites)
wolfSSL 7:481bce714567 1437 XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 7:481bce714567 1438
wolfSSL 7:481bce714567 1439 #ifndef NO_DH
wolfSSL 7:481bce714567 1440 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1441 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 1442 #endif /* !NO_DH */
wolfSSL 7:481bce714567 1443
wolfSSL 7:481bce714567 1444 #ifdef SINGLE_THREADED
wolfSSL 7:481bce714567 1445 if (ctx->rng) {
wolfSSL 7:481bce714567 1446 wc_FreeRng(ctx->rng);
wolfSSL 7:481bce714567 1447 XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 1448 }
wolfSSL 7:481bce714567 1449 #endif /* SINGLE_THREADED */
wolfSSL 7:481bce714567 1450
wolfSSL 7:481bce714567 1451 #ifndef NO_CERTS
wolfSSL 7:481bce714567 1452 FreeDer(&ctx->privateKey);
wolfSSL 7:481bce714567 1453 FreeDer(&ctx->certificate);
wolfSSL 7:481bce714567 1454 #ifdef KEEP_OUR_CERT
wolfSSL 7:481bce714567 1455 FreeX509(ctx->ourCert);
wolfSSL 7:481bce714567 1456 if (ctx->ourCert) {
wolfSSL 7:481bce714567 1457 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 1458 }
wolfSSL 7:481bce714567 1459 #endif /* KEEP_OUR_CERT */
wolfSSL 7:481bce714567 1460 FreeDer(&ctx->certChain);
wolfSSL 7:481bce714567 1461 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 7:481bce714567 1462 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 1463
wolfSSL 7:481bce714567 1464 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 1465 TLSX_FreeAll(ctx->extensions, ctx->heap);
wolfSSL 7:481bce714567 1466
wolfSSL 7:481bce714567 1467 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 1468 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 1469 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 1470 if (ctx->certOcspRequest) {
wolfSSL 7:481bce714567 1471 FreeOcspRequest(ctx->certOcspRequest);
wolfSSL 7:481bce714567 1472 XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 1473 }
wolfSSL 7:481bce714567 1474 #endif
wolfSSL 7:481bce714567 1475
wolfSSL 7:481bce714567 1476 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 1477 for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
wolfSSL 7:481bce714567 1478 if (ctx->chainOcspRequest[i]) {
wolfSSL 7:481bce714567 1479 FreeOcspRequest(ctx->chainOcspRequest[i]);
wolfSSL 7:481bce714567 1480 XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 1481 }
wolfSSL 7:481bce714567 1482 }
wolfSSL 7:481bce714567 1483 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 7:481bce714567 1484 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 1485
wolfSSL 7:481bce714567 1486 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 7:481bce714567 1487
wolfSSL 7:481bce714567 1488 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 1489 if (ctx->heap != NULL) {
wolfSSL 7:481bce714567 1490 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 1491 /* avoid derefrencing a test value */
wolfSSL 7:481bce714567 1492 if (ctx->heap != (void*)WOLFSSL_HEAP_TEST)
wolfSSL 7:481bce714567 1493 #endif
wolfSSL 7:481bce714567 1494 {
wolfSSL 7:481bce714567 1495 WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap);
wolfSSL 7:481bce714567 1496 wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex);
wolfSSL 7:481bce714567 1497 }
wolfSSL 7:481bce714567 1498 }
wolfSSL 7:481bce714567 1499 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 7:481bce714567 1500 }
wolfSSL 7:481bce714567 1501
wolfSSL 7:481bce714567 1502
wolfSSL 7:481bce714567 1503 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 1504 {
wolfSSL 7:481bce714567 1505 int doFree = 0;
wolfSSL 7:481bce714567 1506
wolfSSL 7:481bce714567 1507 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 7:481bce714567 1508 WOLFSSL_MSG("Couldn't lock count mutex");
wolfSSL 7:481bce714567 1509
wolfSSL 7:481bce714567 1510 /* check error state, if mutex error code then mutex init failed but
wolfSSL 7:481bce714567 1511 * CTX was still malloc'd */
wolfSSL 7:481bce714567 1512 if (ctx->err == CTX_INIT_MUTEX_E) {
wolfSSL 7:481bce714567 1513 SSL_CtxResourceFree(ctx);
wolfSSL 7:481bce714567 1514 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 7:481bce714567 1515 }
wolfSSL 7:481bce714567 1516 return;
wolfSSL 7:481bce714567 1517 }
wolfSSL 7:481bce714567 1518 ctx->refCount--;
wolfSSL 7:481bce714567 1519 if (ctx->refCount == 0)
wolfSSL 7:481bce714567 1520 doFree = 1;
wolfSSL 7:481bce714567 1521 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 7:481bce714567 1522
wolfSSL 7:481bce714567 1523 if (doFree) {
wolfSSL 7:481bce714567 1524 WOLFSSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL 7:481bce714567 1525 SSL_CtxResourceFree(ctx);
wolfSSL 7:481bce714567 1526 wc_FreeMutex(&ctx->countMutex);
wolfSSL 7:481bce714567 1527 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 7:481bce714567 1528 }
wolfSSL 7:481bce714567 1529 else {
wolfSSL 7:481bce714567 1530 (void)ctx;
wolfSSL 7:481bce714567 1531 WOLFSSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL 7:481bce714567 1532 }
wolfSSL 7:481bce714567 1533 }
wolfSSL 7:481bce714567 1534
wolfSSL 7:481bce714567 1535
wolfSSL 7:481bce714567 1536 /* Set cipher pointers to null */
wolfSSL 7:481bce714567 1537 void InitCiphers(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1538 {
wolfSSL 7:481bce714567 1539 #ifdef BUILD_ARC4
wolfSSL 7:481bce714567 1540 ssl->encrypt.arc4 = NULL;
wolfSSL 7:481bce714567 1541 ssl->decrypt.arc4 = NULL;
wolfSSL 7:481bce714567 1542 #endif
wolfSSL 7:481bce714567 1543 #ifdef BUILD_DES3
wolfSSL 7:481bce714567 1544 ssl->encrypt.des3 = NULL;
wolfSSL 7:481bce714567 1545 ssl->decrypt.des3 = NULL;
wolfSSL 7:481bce714567 1546 #endif
wolfSSL 7:481bce714567 1547 #ifdef BUILD_AES
wolfSSL 7:481bce714567 1548 ssl->encrypt.aes = NULL;
wolfSSL 7:481bce714567 1549 ssl->decrypt.aes = NULL;
wolfSSL 7:481bce714567 1550 #endif
wolfSSL 7:481bce714567 1551 #ifdef HAVE_CAMELLIA
wolfSSL 7:481bce714567 1552 ssl->encrypt.cam = NULL;
wolfSSL 7:481bce714567 1553 ssl->decrypt.cam = NULL;
wolfSSL 7:481bce714567 1554 #endif
wolfSSL 7:481bce714567 1555 #ifdef HAVE_HC128
wolfSSL 7:481bce714567 1556 ssl->encrypt.hc128 = NULL;
wolfSSL 7:481bce714567 1557 ssl->decrypt.hc128 = NULL;
wolfSSL 7:481bce714567 1558 #endif
wolfSSL 7:481bce714567 1559 #ifdef BUILD_RABBIT
wolfSSL 7:481bce714567 1560 ssl->encrypt.rabbit = NULL;
wolfSSL 7:481bce714567 1561 ssl->decrypt.rabbit = NULL;
wolfSSL 7:481bce714567 1562 #endif
wolfSSL 7:481bce714567 1563 #ifdef HAVE_CHACHA
wolfSSL 7:481bce714567 1564 ssl->encrypt.chacha = NULL;
wolfSSL 7:481bce714567 1565 ssl->decrypt.chacha = NULL;
wolfSSL 7:481bce714567 1566 #endif
wolfSSL 7:481bce714567 1567 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 1568 ssl->auth.poly1305 = NULL;
wolfSSL 7:481bce714567 1569 #endif
wolfSSL 7:481bce714567 1570 ssl->encrypt.setup = 0;
wolfSSL 7:481bce714567 1571 ssl->decrypt.setup = 0;
wolfSSL 7:481bce714567 1572 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 7:481bce714567 1573 ssl->auth.setup = 0;
wolfSSL 7:481bce714567 1574 #endif
wolfSSL 7:481bce714567 1575 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 1576 ssl->encrypt.idea = NULL;
wolfSSL 7:481bce714567 1577 ssl->decrypt.idea = NULL;
wolfSSL 7:481bce714567 1578 #endif
wolfSSL 7:481bce714567 1579 }
wolfSSL 7:481bce714567 1580
wolfSSL 7:481bce714567 1581
wolfSSL 7:481bce714567 1582 /* Free ciphers */
wolfSSL 7:481bce714567 1583 void FreeCiphers(WOLFSSL* ssl)
wolfSSL 7:481bce714567 1584 {
wolfSSL 7:481bce714567 1585 (void)ssl;
wolfSSL 7:481bce714567 1586 #ifdef BUILD_ARC4
wolfSSL 7:481bce714567 1587 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 1588 if (ssl->devId != INVALID_DEVID) {
wolfSSL 7:481bce714567 1589 wc_Arc4AsyncFree(ssl->encrypt.arc4);
wolfSSL 7:481bce714567 1590 wc_Arc4AsyncFree(ssl->decrypt.arc4);
wolfSSL 7:481bce714567 1591 }
wolfSSL 7:481bce714567 1592 #endif
wolfSSL 7:481bce714567 1593 XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1594 XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1595 #endif
wolfSSL 7:481bce714567 1596 #ifdef BUILD_DES3
wolfSSL 7:481bce714567 1597 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 1598 if (ssl->devId != INVALID_DEVID) {
wolfSSL 7:481bce714567 1599 wc_Des3AsyncFree(ssl->encrypt.des3);
wolfSSL 7:481bce714567 1600 wc_Des3AsyncFree(ssl->decrypt.des3);
wolfSSL 7:481bce714567 1601 }
wolfSSL 7:481bce714567 1602 #endif
wolfSSL 7:481bce714567 1603 XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1604 XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1605 #endif
wolfSSL 7:481bce714567 1606 #ifdef BUILD_AES
wolfSSL 7:481bce714567 1607 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 1608 if (ssl->devId != INVALID_DEVID) {
wolfSSL 7:481bce714567 1609 wc_AesAsyncFree(ssl->encrypt.aes);
wolfSSL 7:481bce714567 1610 wc_AesAsyncFree(ssl->decrypt.aes);
wolfSSL 7:481bce714567 1611 }
wolfSSL 7:481bce714567 1612 #endif
wolfSSL 7:481bce714567 1613 XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1614 XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1615 #endif
wolfSSL 7:481bce714567 1616 #ifdef HAVE_CAMELLIA
wolfSSL 7:481bce714567 1617 XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1618 XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1619 #endif
wolfSSL 7:481bce714567 1620 #ifdef HAVE_HC128
wolfSSL 7:481bce714567 1621 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1622 XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1623 #endif
wolfSSL 7:481bce714567 1624 #ifdef BUILD_RABBIT
wolfSSL 7:481bce714567 1625 XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1626 XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1627 #endif
wolfSSL 7:481bce714567 1628 #ifdef HAVE_CHACHA
wolfSSL 7:481bce714567 1629 XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1630 XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1631 #endif
wolfSSL 7:481bce714567 1632 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 1633 XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1634 #endif
wolfSSL 7:481bce714567 1635 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 1636 XFREE(ssl->encrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1637 XFREE(ssl->decrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 7:481bce714567 1638 #endif
wolfSSL 7:481bce714567 1639 }
wolfSSL 7:481bce714567 1640
wolfSSL 7:481bce714567 1641
wolfSSL 7:481bce714567 1642 void InitCipherSpecs(CipherSpecs* cs)
wolfSSL 7:481bce714567 1643 {
wolfSSL 7:481bce714567 1644 cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL 7:481bce714567 1645 cs->cipher_type = INVALID_BYTE;
wolfSSL 7:481bce714567 1646 cs->mac_algorithm = INVALID_BYTE;
wolfSSL 7:481bce714567 1647 cs->kea = INVALID_BYTE;
wolfSSL 7:481bce714567 1648 cs->sig_algo = INVALID_BYTE;
wolfSSL 7:481bce714567 1649
wolfSSL 7:481bce714567 1650 cs->hash_size = 0;
wolfSSL 7:481bce714567 1651 cs->static_ecdh = 0;
wolfSSL 7:481bce714567 1652 cs->key_size = 0;
wolfSSL 7:481bce714567 1653 cs->iv_size = 0;
wolfSSL 7:481bce714567 1654 cs->block_size = 0;
wolfSSL 7:481bce714567 1655 }
wolfSSL 7:481bce714567 1656
wolfSSL 7:481bce714567 1657 static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
wolfSSL 7:481bce714567 1658 int haveRSAsig, int haveAnon)
wolfSSL 7:481bce714567 1659 {
wolfSSL 7:481bce714567 1660 int idx = 0;
wolfSSL 7:481bce714567 1661
wolfSSL 7:481bce714567 1662 if (haveECDSAsig) {
wolfSSL 7:481bce714567 1663 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 1664 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 7:481bce714567 1665 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 7:481bce714567 1666 #endif
wolfSSL 7:481bce714567 1667 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 1668 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 7:481bce714567 1669 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 7:481bce714567 1670 #endif
wolfSSL 7:481bce714567 1671 #ifndef NO_SHA256
wolfSSL 7:481bce714567 1672 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 7:481bce714567 1673 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 7:481bce714567 1674 #endif
wolfSSL 7:481bce714567 1675 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 1676 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 1677 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 7:481bce714567 1678 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 7:481bce714567 1679 #endif
wolfSSL 7:481bce714567 1680 }
wolfSSL 7:481bce714567 1681
wolfSSL 7:481bce714567 1682 if (haveRSAsig) {
wolfSSL 7:481bce714567 1683 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 1684 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 7:481bce714567 1685 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 7:481bce714567 1686 #endif
wolfSSL 7:481bce714567 1687 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 1688 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 7:481bce714567 1689 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 7:481bce714567 1690 #endif
wolfSSL 7:481bce714567 1691 #ifndef NO_SHA256
wolfSSL 7:481bce714567 1692 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 7:481bce714567 1693 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 7:481bce714567 1694 #endif
wolfSSL 7:481bce714567 1695 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 1696 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 1697 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 7:481bce714567 1698 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 7:481bce714567 1699 #endif
wolfSSL 7:481bce714567 1700 }
wolfSSL 7:481bce714567 1701
wolfSSL 7:481bce714567 1702 if (haveAnon) {
wolfSSL 7:481bce714567 1703 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 1704 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 7:481bce714567 1705 suites->hashSigAlgo[idx++] = anonymous_sa_algo;
wolfSSL 7:481bce714567 1706 #endif
wolfSSL 7:481bce714567 1707 }
wolfSSL 7:481bce714567 1708
wolfSSL 7:481bce714567 1709 suites->hashSigAlgoSz = (word16)idx;
wolfSSL 7:481bce714567 1710 }
wolfSSL 7:481bce714567 1711
wolfSSL 7:481bce714567 1712 void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
wolfSSL 7:481bce714567 1713 word16 havePSK, word16 haveDH, word16 haveNTRU,
wolfSSL 7:481bce714567 1714 word16 haveECDSAsig, word16 haveECC,
wolfSSL 7:481bce714567 1715 word16 haveStaticECC, int side)
wolfSSL 7:481bce714567 1716 {
wolfSSL 7:481bce714567 1717 word16 idx = 0;
wolfSSL 7:481bce714567 1718 int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL 7:481bce714567 1719 int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL 7:481bce714567 1720 int dtls = 0;
wolfSSL 7:481bce714567 1721 int haveRSAsig = 1;
wolfSSL 7:481bce714567 1722
wolfSSL 7:481bce714567 1723 (void)tls; /* shut up compiler */
wolfSSL 7:481bce714567 1724 (void)tls1_2;
wolfSSL 7:481bce714567 1725 (void)dtls;
wolfSSL 7:481bce714567 1726 (void)haveDH;
wolfSSL 7:481bce714567 1727 (void)havePSK;
wolfSSL 7:481bce714567 1728 (void)haveNTRU;
wolfSSL 7:481bce714567 1729 (void)haveStaticECC;
wolfSSL 7:481bce714567 1730 (void)haveECC;
wolfSSL 7:481bce714567 1731
wolfSSL 7:481bce714567 1732 if (suites == NULL) {
wolfSSL 7:481bce714567 1733 WOLFSSL_MSG("InitSuites pointer error");
wolfSSL 7:481bce714567 1734 return;
wolfSSL 7:481bce714567 1735 }
wolfSSL 7:481bce714567 1736
wolfSSL 7:481bce714567 1737 if (suites->setSuites)
wolfSSL 7:481bce714567 1738 return; /* trust user settings, don't override */
wolfSSL 7:481bce714567 1739
wolfSSL 7:481bce714567 1740 if (side == WOLFSSL_SERVER_END && haveStaticECC) {
wolfSSL 7:481bce714567 1741 haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL 7:481bce714567 1742 (void)haveRSA; /* some builds won't read */
wolfSSL 7:481bce714567 1743 }
wolfSSL 7:481bce714567 1744
wolfSSL 7:481bce714567 1745 if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
wolfSSL 7:481bce714567 1746 haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL 7:481bce714567 1747 (void)haveRSAsig; /* non ecc builds won't read */
wolfSSL 7:481bce714567 1748 }
wolfSSL 7:481bce714567 1749
wolfSSL 7:481bce714567 1750 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 1751 if (pv.major == DTLS_MAJOR) {
wolfSSL 7:481bce714567 1752 dtls = 1;
wolfSSL 7:481bce714567 1753 tls = 1;
wolfSSL 7:481bce714567 1754 /* May be dead assignments dependant upon configuration */
wolfSSL 7:481bce714567 1755 (void) dtls;
wolfSSL 7:481bce714567 1756 (void) tls;
wolfSSL 7:481bce714567 1757 tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL 7:481bce714567 1758 }
wolfSSL 7:481bce714567 1759 #endif
wolfSSL 7:481bce714567 1760
wolfSSL 7:481bce714567 1761 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 7:481bce714567 1762 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 1763 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1764 suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL 7:481bce714567 1765 }
wolfSSL 7:481bce714567 1766 #endif
wolfSSL 7:481bce714567 1767
wolfSSL 7:481bce714567 1768 #ifdef BUILD_TLS_QSH
wolfSSL 7:481bce714567 1769 if (tls) {
wolfSSL 7:481bce714567 1770 suites->suites[idx++] = QSH_BYTE;
wolfSSL 7:481bce714567 1771 suites->suites[idx++] = TLS_QSH;
wolfSSL 7:481bce714567 1772 }
wolfSSL 7:481bce714567 1773 #endif
wolfSSL 7:481bce714567 1774
wolfSSL 7:481bce714567 1775 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 1776 if (tls && haveNTRU && haveRSA) {
wolfSSL 7:481bce714567 1777 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1778 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 1779 }
wolfSSL 7:481bce714567 1780 #endif
wolfSSL 7:481bce714567 1781
wolfSSL 7:481bce714567 1782 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 1783 if (tls && haveNTRU && haveRSA) {
wolfSSL 7:481bce714567 1784 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1785 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 1786 }
wolfSSL 7:481bce714567 1787 #endif
wolfSSL 7:481bce714567 1788
wolfSSL 7:481bce714567 1789 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 1790 if (!dtls && tls && haveNTRU && haveRSA) {
wolfSSL 7:481bce714567 1791 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1792 suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 1793 }
wolfSSL 7:481bce714567 1794 #endif
wolfSSL 7:481bce714567 1795
wolfSSL 7:481bce714567 1796 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 1797 if (tls && haveNTRU && haveRSA) {
wolfSSL 7:481bce714567 1798 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1799 suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 1800 }
wolfSSL 7:481bce714567 1801 #endif
wolfSSL 7:481bce714567 1802
wolfSSL 7:481bce714567 1803 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1804 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 1805 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1806 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1807 }
wolfSSL 7:481bce714567 1808 #endif
wolfSSL 7:481bce714567 1809
wolfSSL 7:481bce714567 1810 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1811 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 1812 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1813 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1814 }
wolfSSL 7:481bce714567 1815 #endif
wolfSSL 7:481bce714567 1816
wolfSSL 7:481bce714567 1817 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1818 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1819 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1820 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1821 }
wolfSSL 7:481bce714567 1822 #endif
wolfSSL 7:481bce714567 1823
wolfSSL 7:481bce714567 1824 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1825 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1826 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1827 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1828 }
wolfSSL 7:481bce714567 1829 #endif
wolfSSL 7:481bce714567 1830
wolfSSL 7:481bce714567 1831 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1832 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 7:481bce714567 1833 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1834 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1835 }
wolfSSL 7:481bce714567 1836 #endif
wolfSSL 7:481bce714567 1837
wolfSSL 7:481bce714567 1838 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1839 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 7:481bce714567 1840 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1841 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1842 }
wolfSSL 7:481bce714567 1843 #endif
wolfSSL 7:481bce714567 1844
wolfSSL 7:481bce714567 1845 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1846 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1847 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1848 suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1849 }
wolfSSL 7:481bce714567 1850 #endif
wolfSSL 7:481bce714567 1851
wolfSSL 7:481bce714567 1852 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1853 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1854 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1855 suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1856 }
wolfSSL 7:481bce714567 1857 #endif
wolfSSL 7:481bce714567 1858
wolfSSL 7:481bce714567 1859 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1860 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 1861 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1862 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1863 }
wolfSSL 7:481bce714567 1864 #endif
wolfSSL 7:481bce714567 1865
wolfSSL 7:481bce714567 1866 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1867 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 1868 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1869 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1870 }
wolfSSL 7:481bce714567 1871 #endif
wolfSSL 7:481bce714567 1872
wolfSSL 7:481bce714567 1873 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1874 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 1875 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1876 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1877 }
wolfSSL 7:481bce714567 1878 #endif
wolfSSL 7:481bce714567 1879
wolfSSL 7:481bce714567 1880 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1881 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 1882 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1883 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1884 }
wolfSSL 7:481bce714567 1885 #endif
wolfSSL 7:481bce714567 1886
wolfSSL 7:481bce714567 1887 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1888 if (tls1_2 && haveDH && havePSK) {
wolfSSL 7:481bce714567 1889 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1890 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1891 }
wolfSSL 7:481bce714567 1892 #endif
wolfSSL 7:481bce714567 1893
wolfSSL 7:481bce714567 1894 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1895 if (tls1_2 && haveDH && havePSK) {
wolfSSL 7:481bce714567 1896 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1897 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1898 }
wolfSSL 7:481bce714567 1899 #endif
wolfSSL 7:481bce714567 1900
wolfSSL 7:481bce714567 1901 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 1902 if (tls1_2 && havePSK) {
wolfSSL 7:481bce714567 1903 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1904 suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 7:481bce714567 1905 }
wolfSSL 7:481bce714567 1906 #endif
wolfSSL 7:481bce714567 1907
wolfSSL 7:481bce714567 1908 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 1909 if (tls1_2 && havePSK) {
wolfSSL 7:481bce714567 1910 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1911 suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 7:481bce714567 1912 }
wolfSSL 7:481bce714567 1913 #endif
wolfSSL 7:481bce714567 1914
wolfSSL 7:481bce714567 1915 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 1916 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 1917 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 1918 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 1919 }
wolfSSL 7:481bce714567 1920 #endif
wolfSSL 7:481bce714567 1921
wolfSSL 7:481bce714567 1922 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 1923 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1924 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 1925 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 1926 }
wolfSSL 7:481bce714567 1927 #endif
wolfSSL 7:481bce714567 1928
wolfSSL 7:481bce714567 1929 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 1930 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 1931 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 1932 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 1933 }
wolfSSL 7:481bce714567 1934 #endif
wolfSSL 7:481bce714567 1935
wolfSSL 7:481bce714567 1936 /* Place as higher priority for MYSQL */
wolfSSL 7:481bce714567 1937 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 7:481bce714567 1938 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 1939 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 1940 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 1941 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 1942 }
wolfSSL 7:481bce714567 1943 #endif
wolfSSL 7:481bce714567 1944 #endif
wolfSSL 7:481bce714567 1945
wolfSSL 7:481bce714567 1946 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 1947 if (tls1_2 && haveRSAsig) {
wolfSSL 7:481bce714567 1948 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1949 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 1950 }
wolfSSL 7:481bce714567 1951 #endif
wolfSSL 7:481bce714567 1952
wolfSSL 7:481bce714567 1953 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 1954 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 1955 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1956 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 1957 }
wolfSSL 7:481bce714567 1958 #endif
wolfSSL 7:481bce714567 1959
wolfSSL 7:481bce714567 1960 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 1961 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 1962 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1963 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 1964 }
wolfSSL 7:481bce714567 1965 #endif
wolfSSL 7:481bce714567 1966
wolfSSL 7:481bce714567 1967 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 1968 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 1969 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1970 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 1971 }
wolfSSL 7:481bce714567 1972 #endif
wolfSSL 7:481bce714567 1973
wolfSSL 7:481bce714567 1974 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 1975 if (tls1_2 && haveRSAsig) {
wolfSSL 7:481bce714567 1976 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1977 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 1978 }
wolfSSL 7:481bce714567 1979 #endif
wolfSSL 7:481bce714567 1980
wolfSSL 7:481bce714567 1981 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 1982 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 1983 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1984 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 1985 }
wolfSSL 7:481bce714567 1986 #endif
wolfSSL 7:481bce714567 1987
wolfSSL 7:481bce714567 1988 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 1989 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 1990 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1991 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 1992 }
wolfSSL 7:481bce714567 1993 #endif
wolfSSL 7:481bce714567 1994
wolfSSL 7:481bce714567 1995 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 1996 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 1997 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 1998 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 1999 }
wolfSSL 7:481bce714567 2000 #endif
wolfSSL 7:481bce714567 2001
wolfSSL 7:481bce714567 2002 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2003 if (tls && haveECC) {
wolfSSL 7:481bce714567 2004 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2005 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2006 }
wolfSSL 7:481bce714567 2007 #endif
wolfSSL 7:481bce714567 2008
wolfSSL 7:481bce714567 2009 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2010 if (tls && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 2011 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2012 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2013 }
wolfSSL 7:481bce714567 2014 #endif
wolfSSL 7:481bce714567 2015
wolfSSL 7:481bce714567 2016 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2017 if (tls && haveECC) {
wolfSSL 7:481bce714567 2018 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2019 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2020 }
wolfSSL 7:481bce714567 2021 #endif
wolfSSL 7:481bce714567 2022
wolfSSL 7:481bce714567 2023 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2024 if (tls && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 2025 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2026 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2027 }
wolfSSL 7:481bce714567 2028 #endif
wolfSSL 7:481bce714567 2029
wolfSSL 7:481bce714567 2030 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 2031 if (!dtls && tls && haveECC) {
wolfSSL 7:481bce714567 2032 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2033 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 2034 }
wolfSSL 7:481bce714567 2035 #endif
wolfSSL 7:481bce714567 2036
wolfSSL 7:481bce714567 2037 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 2038 if (!dtls && tls && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 2039 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2040 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 2041 }
wolfSSL 7:481bce714567 2042 #endif
wolfSSL 7:481bce714567 2043
wolfSSL 7:481bce714567 2044 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2045 if (tls && haveECC) {
wolfSSL 7:481bce714567 2046 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2047 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2048 }
wolfSSL 7:481bce714567 2049 #endif
wolfSSL 7:481bce714567 2050
wolfSSL 7:481bce714567 2051 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2052 if (tls && haveECC && haveStaticECC) {
wolfSSL 7:481bce714567 2053 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2054 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2055 }
wolfSSL 7:481bce714567 2056 #endif
wolfSSL 7:481bce714567 2057
wolfSSL 7:481bce714567 2058 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2059 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2060 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2061 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2062 }
wolfSSL 7:481bce714567 2063 #endif
wolfSSL 7:481bce714567 2064
wolfSSL 7:481bce714567 2065 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2066 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 2067 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2068 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2069 }
wolfSSL 7:481bce714567 2070 #endif
wolfSSL 7:481bce714567 2071
wolfSSL 7:481bce714567 2072 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2073 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2074 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2075 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2076 }
wolfSSL 7:481bce714567 2077 #endif
wolfSSL 7:481bce714567 2078
wolfSSL 7:481bce714567 2079 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2080 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 2081 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2082 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2083 }
wolfSSL 7:481bce714567 2084 #endif
wolfSSL 7:481bce714567 2085
wolfSSL 7:481bce714567 2086 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 2087 if (!dtls && tls && haveRSA) {
wolfSSL 7:481bce714567 2088 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2089 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 2090 }
wolfSSL 7:481bce714567 2091 #endif
wolfSSL 7:481bce714567 2092
wolfSSL 7:481bce714567 2093 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 2094 if (!dtls && tls && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 2095 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2096 suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 2097 }
wolfSSL 7:481bce714567 2098 #endif
wolfSSL 7:481bce714567 2099
wolfSSL 7:481bce714567 2100 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2101 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2102 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2103 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2104 }
wolfSSL 7:481bce714567 2105 #endif
wolfSSL 7:481bce714567 2106
wolfSSL 7:481bce714567 2107 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2108 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 7:481bce714567 2109 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2110 suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2111 }
wolfSSL 7:481bce714567 2112 #endif
wolfSSL 7:481bce714567 2113
wolfSSL 7:481bce714567 2114 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 7:481bce714567 2115 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 2116 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2117 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
wolfSSL 7:481bce714567 2118 }
wolfSSL 7:481bce714567 2119 #endif
wolfSSL 7:481bce714567 2120
wolfSSL 7:481bce714567 2121 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 2122 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 2123 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2124 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL 7:481bce714567 2125 }
wolfSSL 7:481bce714567 2126 #endif
wolfSSL 7:481bce714567 2127
wolfSSL 7:481bce714567 2128 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 2129 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 2130 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2131 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL 7:481bce714567 2132 }
wolfSSL 7:481bce714567 2133 #endif
wolfSSL 7:481bce714567 2134
wolfSSL 7:481bce714567 2135 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 2136 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2137 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2138 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL 7:481bce714567 2139 }
wolfSSL 7:481bce714567 2140 #endif
wolfSSL 7:481bce714567 2141
wolfSSL 7:481bce714567 2142 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 2143 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2144 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2145 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL 7:481bce714567 2146 }
wolfSSL 7:481bce714567 2147 #endif
wolfSSL 7:481bce714567 2148
wolfSSL 7:481bce714567 2149 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 2150 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2151 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2152 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 7:481bce714567 2153 }
wolfSSL 7:481bce714567 2154 #endif
wolfSSL 7:481bce714567 2155
wolfSSL 7:481bce714567 2156 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 2157 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2158 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2159 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 2160 }
wolfSSL 7:481bce714567 2161 #endif
wolfSSL 7:481bce714567 2162
wolfSSL 7:481bce714567 2163 /* Place as higher priority for MYSQL testing */
wolfSSL 7:481bce714567 2164 #if !defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 7:481bce714567 2165 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2166 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2167 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2168 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2169 }
wolfSSL 7:481bce714567 2170 #endif
wolfSSL 7:481bce714567 2171 #endif
wolfSSL 7:481bce714567 2172
wolfSSL 7:481bce714567 2173 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2174 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2175 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2176 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2177 }
wolfSSL 7:481bce714567 2178 #endif
wolfSSL 7:481bce714567 2179
wolfSSL 7:481bce714567 2180 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2181 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2182 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2183 suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2184 }
wolfSSL 7:481bce714567 2185 #endif
wolfSSL 7:481bce714567 2186
wolfSSL 7:481bce714567 2187 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 2188 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2189 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2190 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 7:481bce714567 2191 }
wolfSSL 7:481bce714567 2192 #endif
wolfSSL 7:481bce714567 2193
wolfSSL 7:481bce714567 2194 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 2195 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2196 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2197 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 2198 }
wolfSSL 7:481bce714567 2199 #endif
wolfSSL 7:481bce714567 2200
wolfSSL 7:481bce714567 2201 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2202 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2203 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2204 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2205 }
wolfSSL 7:481bce714567 2206 #endif
wolfSSL 7:481bce714567 2207
wolfSSL 7:481bce714567 2208 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2209 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2210 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2211 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2212 }
wolfSSL 7:481bce714567 2213 #endif
wolfSSL 7:481bce714567 2214
wolfSSL 7:481bce714567 2215 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 2216 if (tls1_2 && haveECC) {
wolfSSL 7:481bce714567 2217 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2218 suites->suites[idx++] =
wolfSSL 7:481bce714567 2219 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 7:481bce714567 2220 }
wolfSSL 7:481bce714567 2221 #endif
wolfSSL 7:481bce714567 2222
wolfSSL 7:481bce714567 2223 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 2224 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2225 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2226 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 7:481bce714567 2227 }
wolfSSL 7:481bce714567 2228 #endif
wolfSSL 7:481bce714567 2229
wolfSSL 7:481bce714567 2230 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 2231 if (tls1_2 && haveRSA) {
wolfSSL 7:481bce714567 2232 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2233 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 7:481bce714567 2234 }
wolfSSL 7:481bce714567 2235 #endif
wolfSSL 7:481bce714567 2236
wolfSSL 7:481bce714567 2237 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 2238 if (tls && haveECC) {
wolfSSL 7:481bce714567 2239 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2240 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
wolfSSL 7:481bce714567 2241 }
wolfSSL 7:481bce714567 2242 #endif
wolfSSL 7:481bce714567 2243
wolfSSL 7:481bce714567 2244 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 2245 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2246 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2247 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL 7:481bce714567 2248 }
wolfSSL 7:481bce714567 2249 #endif
wolfSSL 7:481bce714567 2250
wolfSSL 7:481bce714567 2251 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 7:481bce714567 2252 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2253 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2254 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL 7:481bce714567 2255 }
wolfSSL 7:481bce714567 2256 #endif
wolfSSL 7:481bce714567 2257
wolfSSL 7:481bce714567 2258 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 2259 if (tls && havePSK) {
wolfSSL 7:481bce714567 2260 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2261 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL 7:481bce714567 2262 }
wolfSSL 7:481bce714567 2263 #endif
wolfSSL 7:481bce714567 2264
wolfSSL 7:481bce714567 2265 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 2266 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2267 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2268 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 2269 }
wolfSSL 7:481bce714567 2270 #endif
wolfSSL 7:481bce714567 2271
wolfSSL 7:481bce714567 2272 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 2273 if (tls && havePSK) {
wolfSSL 7:481bce714567 2274 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2275 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 7:481bce714567 2276 }
wolfSSL 7:481bce714567 2277 #endif
wolfSSL 7:481bce714567 2278
wolfSSL 7:481bce714567 2279 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 2280 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2281 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2282 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 2283 }
wolfSSL 7:481bce714567 2284 #endif
wolfSSL 7:481bce714567 2285
wolfSSL 7:481bce714567 2286 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 2287 if (tls && havePSK) {
wolfSSL 7:481bce714567 2288 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2289 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 2290 }
wolfSSL 7:481bce714567 2291 #endif
wolfSSL 7:481bce714567 2292
wolfSSL 7:481bce714567 2293 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 2294 if (tls && havePSK) {
wolfSSL 7:481bce714567 2295 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2296 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL 7:481bce714567 2297 }
wolfSSL 7:481bce714567 2298 #endif
wolfSSL 7:481bce714567 2299
wolfSSL 7:481bce714567 2300 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 2301 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2302 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2303 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
wolfSSL 7:481bce714567 2304 }
wolfSSL 7:481bce714567 2305 #endif
wolfSSL 7:481bce714567 2306
wolfSSL 7:481bce714567 2307 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 2308 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2309 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2310 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
wolfSSL 7:481bce714567 2311 }
wolfSSL 7:481bce714567 2312 #endif
wolfSSL 7:481bce714567 2313
wolfSSL 7:481bce714567 2314 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 2315 if (tls && havePSK) {
wolfSSL 7:481bce714567 2316 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2317 suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 2318 }
wolfSSL 7:481bce714567 2319 #endif
wolfSSL 7:481bce714567 2320
wolfSSL 7:481bce714567 2321 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 2322 if (tls && havePSK) {
wolfSSL 7:481bce714567 2323 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2324 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 2325 }
wolfSSL 7:481bce714567 2326 #endif
wolfSSL 7:481bce714567 2327
wolfSSL 7:481bce714567 2328 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 2329 if (tls && havePSK) {
wolfSSL 7:481bce714567 2330 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 7:481bce714567 2331 suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 7:481bce714567 2332 }
wolfSSL 7:481bce714567 2333 #endif
wolfSSL 7:481bce714567 2334
wolfSSL 7:481bce714567 2335 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 2336 if (tls && havePSK) {
wolfSSL 7:481bce714567 2337 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2338 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 7:481bce714567 2339 }
wolfSSL 7:481bce714567 2340 #endif
wolfSSL 7:481bce714567 2341
wolfSSL 7:481bce714567 2342 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 2343 if (tls && havePSK) {
wolfSSL 7:481bce714567 2344 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2345 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
wolfSSL 7:481bce714567 2346 }
wolfSSL 7:481bce714567 2347 #endif
wolfSSL 7:481bce714567 2348
wolfSSL 7:481bce714567 2349 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 2350 if (tls && havePSK) {
wolfSSL 7:481bce714567 2351 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2352 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
wolfSSL 7:481bce714567 2353 }
wolfSSL 7:481bce714567 2354 #endif
wolfSSL 7:481bce714567 2355
wolfSSL 7:481bce714567 2356 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 2357 if (tls && havePSK) {
wolfSSL 7:481bce714567 2358 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2359 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL 7:481bce714567 2360 }
wolfSSL 7:481bce714567 2361 #endif
wolfSSL 7:481bce714567 2362
wolfSSL 7:481bce714567 2363 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 2364 if (tls && havePSK) {
wolfSSL 7:481bce714567 2365 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2366 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL 7:481bce714567 2367 }
wolfSSL 7:481bce714567 2368 #endif
wolfSSL 7:481bce714567 2369
wolfSSL 7:481bce714567 2370 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 2371 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2372 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2373 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
wolfSSL 7:481bce714567 2374 }
wolfSSL 7:481bce714567 2375 #endif
wolfSSL 7:481bce714567 2376
wolfSSL 7:481bce714567 2377 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 2378 if (tls && havePSK) {
wolfSSL 7:481bce714567 2379 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2380 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
wolfSSL 7:481bce714567 2381 }
wolfSSL 7:481bce714567 2382 #endif
wolfSSL 7:481bce714567 2383
wolfSSL 7:481bce714567 2384 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 2385 if (tls && havePSK) {
wolfSSL 7:481bce714567 2386 suites->suites[idx++] = ECC_BYTE;
wolfSSL 7:481bce714567 2387 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
wolfSSL 7:481bce714567 2388 }
wolfSSL 7:481bce714567 2389 #endif
wolfSSL 7:481bce714567 2390
wolfSSL 7:481bce714567 2391 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 2392 if (tls && haveDH && havePSK) {
wolfSSL 7:481bce714567 2393 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2394 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
wolfSSL 7:481bce714567 2395 }
wolfSSL 7:481bce714567 2396 #endif
wolfSSL 7:481bce714567 2397
wolfSSL 7:481bce714567 2398 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 2399 if (tls && havePSK) {
wolfSSL 7:481bce714567 2400 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2401 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL 7:481bce714567 2402 }
wolfSSL 7:481bce714567 2403 #endif
wolfSSL 7:481bce714567 2404
wolfSSL 7:481bce714567 2405 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 7:481bce714567 2406 if (tls && havePSK) {
wolfSSL 7:481bce714567 2407 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2408 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL 7:481bce714567 2409 }
wolfSSL 7:481bce714567 2410 #endif
wolfSSL 7:481bce714567 2411
wolfSSL 7:481bce714567 2412 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 2413 if (!dtls && haveRSA) {
wolfSSL 7:481bce714567 2414 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2415 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL 7:481bce714567 2416 }
wolfSSL 7:481bce714567 2417 #endif
wolfSSL 7:481bce714567 2418
wolfSSL 7:481bce714567 2419 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 7:481bce714567 2420 if (!dtls && haveRSA) {
wolfSSL 7:481bce714567 2421 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2422 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL 7:481bce714567 2423 }
wolfSSL 7:481bce714567 2424 #endif
wolfSSL 7:481bce714567 2425
wolfSSL 7:481bce714567 2426 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 2427 if (haveRSA ) {
wolfSSL 7:481bce714567 2428 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2429 suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 7:481bce714567 2430 }
wolfSSL 7:481bce714567 2431 #endif
wolfSSL 7:481bce714567 2432
wolfSSL 7:481bce714567 2433 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 7:481bce714567 2434 if (!dtls && tls && haveRSA) {
wolfSSL 7:481bce714567 2435 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2436 suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL 7:481bce714567 2437 }
wolfSSL 7:481bce714567 2438 #endif
wolfSSL 7:481bce714567 2439
wolfSSL 7:481bce714567 2440 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 7:481bce714567 2441 if (!dtls && tls && haveRSA) {
wolfSSL 7:481bce714567 2442 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2443 suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL 7:481bce714567 2444 }
wolfSSL 7:481bce714567 2445 #endif
wolfSSL 7:481bce714567 2446
wolfSSL 7:481bce714567 2447 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 7:481bce714567 2448 if (!dtls && tls && haveRSA) {
wolfSSL 7:481bce714567 2449 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2450 suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
wolfSSL 7:481bce714567 2451 }
wolfSSL 7:481bce714567 2452 #endif
wolfSSL 7:481bce714567 2453
wolfSSL 7:481bce714567 2454 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 7:481bce714567 2455 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2456 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2457 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
wolfSSL 7:481bce714567 2458 }
wolfSSL 7:481bce714567 2459 #endif
wolfSSL 7:481bce714567 2460
wolfSSL 7:481bce714567 2461 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 7:481bce714567 2462 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2463 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2464 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
wolfSSL 7:481bce714567 2465 }
wolfSSL 7:481bce714567 2466 #endif
wolfSSL 7:481bce714567 2467
wolfSSL 7:481bce714567 2468 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 7:481bce714567 2469 if (!dtls && tls && haveRSA) {
wolfSSL 7:481bce714567 2470 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2471 suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL 7:481bce714567 2472 }
wolfSSL 7:481bce714567 2473 #endif
wolfSSL 7:481bce714567 2474
wolfSSL 7:481bce714567 2475 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 2476 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2477 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2478 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 7:481bce714567 2479 }
wolfSSL 7:481bce714567 2480 #endif
wolfSSL 7:481bce714567 2481
wolfSSL 7:481bce714567 2482 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 2483 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2484 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2485 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 7:481bce714567 2486 }
wolfSSL 7:481bce714567 2487 #endif
wolfSSL 7:481bce714567 2488
wolfSSL 7:481bce714567 2489 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 2490 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2491 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2492 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 7:481bce714567 2493 }
wolfSSL 7:481bce714567 2494 #endif
wolfSSL 7:481bce714567 2495
wolfSSL 7:481bce714567 2496 #ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 2497 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2498 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2499 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 7:481bce714567 2500 }
wolfSSL 7:481bce714567 2501 #endif
wolfSSL 7:481bce714567 2502
wolfSSL 7:481bce714567 2503 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 2504 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2505 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2506 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 7:481bce714567 2507 }
wolfSSL 7:481bce714567 2508 #endif
wolfSSL 7:481bce714567 2509
wolfSSL 7:481bce714567 2510 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 2511 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2512 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2513 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 7:481bce714567 2514 }
wolfSSL 7:481bce714567 2515 #endif
wolfSSL 7:481bce714567 2516
wolfSSL 7:481bce714567 2517 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 2518 if (tls && haveRSA) {
wolfSSL 7:481bce714567 2519 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2520 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 7:481bce714567 2521 }
wolfSSL 7:481bce714567 2522 #endif
wolfSSL 7:481bce714567 2523
wolfSSL 7:481bce714567 2524 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 2525 if (tls && haveDH && haveRSA) {
wolfSSL 7:481bce714567 2526 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2527 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 7:481bce714567 2528 }
wolfSSL 7:481bce714567 2529 #endif
wolfSSL 7:481bce714567 2530
wolfSSL 7:481bce714567 2531 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 7:481bce714567 2532 if (haveRSA) {
wolfSSL 7:481bce714567 2533 suites->suites[idx++] = 0;
wolfSSL 7:481bce714567 2534 suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA;
wolfSSL 7:481bce714567 2535 }
wolfSSL 7:481bce714567 2536 #endif
wolfSSL 7:481bce714567 2537
wolfSSL 7:481bce714567 2538 suites->suiteSz = idx;
wolfSSL 7:481bce714567 2539
wolfSSL 7:481bce714567 2540 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0);
wolfSSL 7:481bce714567 2541 }
wolfSSL 7:481bce714567 2542
wolfSSL 7:481bce714567 2543
wolfSSL 7:481bce714567 2544 #ifndef NO_CERTS
wolfSSL 7:481bce714567 2545
wolfSSL 7:481bce714567 2546
wolfSSL 7:481bce714567 2547 void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
wolfSSL 7:481bce714567 2548 {
wolfSSL 7:481bce714567 2549 (void)dynamicFlag;
wolfSSL 7:481bce714567 2550
wolfSSL 7:481bce714567 2551 if (name != NULL) {
wolfSSL 7:481bce714567 2552 name->name = name->staticName;
wolfSSL 7:481bce714567 2553 name->dynamicName = 0;
wolfSSL 7:481bce714567 2554 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 2555 XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL 7:481bce714567 2556 XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL 7:481bce714567 2557 name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
wolfSSL 7:481bce714567 2558 name->x509 = NULL;
wolfSSL 7:481bce714567 2559 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 2560 }
wolfSSL 7:481bce714567 2561 }
wolfSSL 7:481bce714567 2562
wolfSSL 7:481bce714567 2563
wolfSSL 7:481bce714567 2564 void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
wolfSSL 7:481bce714567 2565 {
wolfSSL 7:481bce714567 2566 if (name != NULL) {
wolfSSL 7:481bce714567 2567 if (name->dynamicName)
wolfSSL 7:481bce714567 2568 XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 7:481bce714567 2569 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 2570 if (name->fullName.fullName != NULL)
wolfSSL 7:481bce714567 2571 XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 2572 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 2573 }
wolfSSL 7:481bce714567 2574 (void)heap;
wolfSSL 7:481bce714567 2575 }
wolfSSL 7:481bce714567 2576
wolfSSL 7:481bce714567 2577
wolfSSL 7:481bce714567 2578 /* Initialize wolfSSL X509 type */
wolfSSL 7:481bce714567 2579 void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
wolfSSL 7:481bce714567 2580 {
wolfSSL 7:481bce714567 2581 if (x509 == NULL) {
wolfSSL 7:481bce714567 2582 WOLFSSL_MSG("Null parameter passed in!");
wolfSSL 7:481bce714567 2583 return;
wolfSSL 7:481bce714567 2584 }
wolfSSL 7:481bce714567 2585
wolfSSL 7:481bce714567 2586 XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
wolfSSL 7:481bce714567 2587
wolfSSL 7:481bce714567 2588 x509->heap = heap;
wolfSSL 7:481bce714567 2589 InitX509Name(&x509->issuer, 0);
wolfSSL 7:481bce714567 2590 InitX509Name(&x509->subject, 0);
wolfSSL 7:481bce714567 2591 x509->version = 0;
wolfSSL 7:481bce714567 2592 x509->pubKey.buffer = NULL;
wolfSSL 7:481bce714567 2593 x509->sig.buffer = NULL;
wolfSSL 7:481bce714567 2594 x509->derCert = NULL;
wolfSSL 7:481bce714567 2595 x509->altNames = NULL;
wolfSSL 7:481bce714567 2596 x509->altNamesNext = NULL;
wolfSSL 7:481bce714567 2597 x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL 7:481bce714567 2598 x509->isCa = 0;
wolfSSL 7:481bce714567 2599 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 2600 x509->pkCurveOID = 0;
wolfSSL 7:481bce714567 2601 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 2602 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 2603 x509->pathLength = 0;
wolfSSL 7:481bce714567 2604 x509->basicConstSet = 0;
wolfSSL 7:481bce714567 2605 x509->basicConstCrit = 0;
wolfSSL 7:481bce714567 2606 x509->basicConstPlSet = 0;
wolfSSL 7:481bce714567 2607 x509->subjAltNameSet = 0;
wolfSSL 7:481bce714567 2608 x509->subjAltNameCrit = 0;
wolfSSL 7:481bce714567 2609 x509->authKeyIdSet = 0;
wolfSSL 7:481bce714567 2610 x509->authKeyIdCrit = 0;
wolfSSL 7:481bce714567 2611 x509->authKeyId = NULL;
wolfSSL 7:481bce714567 2612 x509->authKeyIdSz = 0;
wolfSSL 7:481bce714567 2613 x509->subjKeyIdSet = 0;
wolfSSL 7:481bce714567 2614 x509->subjKeyIdCrit = 0;
wolfSSL 7:481bce714567 2615 x509->subjKeyId = NULL;
wolfSSL 7:481bce714567 2616 x509->subjKeyIdSz = 0;
wolfSSL 7:481bce714567 2617 x509->keyUsageSet = 0;
wolfSSL 7:481bce714567 2618 x509->keyUsageCrit = 0;
wolfSSL 7:481bce714567 2619 x509->keyUsage = 0;
wolfSSL 7:481bce714567 2620 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 2621 x509->certPolicySet = 0;
wolfSSL 7:481bce714567 2622 x509->certPolicyCrit = 0;
wolfSSL 7:481bce714567 2623 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 2624 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 2625 }
wolfSSL 7:481bce714567 2626
wolfSSL 7:481bce714567 2627
wolfSSL 7:481bce714567 2628 /* Free wolfSSL X509 type */
wolfSSL 7:481bce714567 2629 void FreeX509(WOLFSSL_X509* x509)
wolfSSL 7:481bce714567 2630 {
wolfSSL 7:481bce714567 2631 if (x509 == NULL)
wolfSSL 7:481bce714567 2632 return;
wolfSSL 7:481bce714567 2633
wolfSSL 7:481bce714567 2634 FreeX509Name(&x509->issuer, x509->heap);
wolfSSL 7:481bce714567 2635 FreeX509Name(&x509->subject, x509->heap);
wolfSSL 7:481bce714567 2636 if (x509->pubKey.buffer)
wolfSSL 7:481bce714567 2637 XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 2638 FreeDer(&x509->derCert);
wolfSSL 7:481bce714567 2639 XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 7:481bce714567 2640 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 2641 XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 2642 XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 2643 if (x509->authInfo != NULL) {
wolfSSL 7:481bce714567 2644 XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 2645 }
wolfSSL 7:481bce714567 2646 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 7:481bce714567 2647 XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 2648 }
wolfSSL 7:481bce714567 2649 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 2650 if (x509->altNames)
wolfSSL 7:481bce714567 2651 FreeAltNames(x509->altNames, NULL);
wolfSSL 7:481bce714567 2652 }
wolfSSL 7:481bce714567 2653
wolfSSL 7:481bce714567 2654
wolfSSL 7:481bce714567 2655 #ifndef NO_RSA
wolfSSL 7:481bce714567 2656
wolfSSL 7:481bce714567 2657 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 7:481bce714567 2658 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 7:481bce714567 2659 {
wolfSSL 7:481bce714567 2660 int ret;
wolfSSL 7:481bce714567 2661
wolfSSL 7:481bce714567 2662 (void)ssl;
wolfSSL 7:481bce714567 2663 (void)keyBuf;
wolfSSL 7:481bce714567 2664 (void)keySz;
wolfSSL 7:481bce714567 2665 (void)ctx;
wolfSSL 7:481bce714567 2666
wolfSSL 7:481bce714567 2667 WOLFSSL_ENTER("RsaSign");
wolfSSL 7:481bce714567 2668
wolfSSL 7:481bce714567 2669 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 2670 if (ssl->ctx->RsaSignCb) {
wolfSSL 7:481bce714567 2671 ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 7:481bce714567 2672 ctx);
wolfSSL 7:481bce714567 2673 }
wolfSSL 7:481bce714567 2674 else
wolfSSL 7:481bce714567 2675 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2676 {
wolfSSL 7:481bce714567 2677 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 7:481bce714567 2678 }
wolfSSL 7:481bce714567 2679
wolfSSL 7:481bce714567 2680 /* Handle async pending response */
wolfSSL 7:481bce714567 2681 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2682 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2683 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2684 WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL 7:481bce714567 2685 if (ret == 0) {
wolfSSL 7:481bce714567 2686 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2687 }
wolfSSL 7:481bce714567 2688 }
wolfSSL 7:481bce714567 2689 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2690
wolfSSL 7:481bce714567 2691 /* For positive response return in outSz */
wolfSSL 7:481bce714567 2692 if (ret > 0) {
wolfSSL 7:481bce714567 2693 *outSz = ret;
wolfSSL 7:481bce714567 2694 ret = 0;
wolfSSL 7:481bce714567 2695 }
wolfSSL 7:481bce714567 2696
wolfSSL 7:481bce714567 2697 WOLFSSL_LEAVE("RsaSign", ret);
wolfSSL 7:481bce714567 2698
wolfSSL 7:481bce714567 2699 return ret;
wolfSSL 7:481bce714567 2700 }
wolfSSL 7:481bce714567 2701
wolfSSL 7:481bce714567 2702 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL 7:481bce714567 2703 byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 7:481bce714567 2704 {
wolfSSL 7:481bce714567 2705 int ret;
wolfSSL 7:481bce714567 2706
wolfSSL 7:481bce714567 2707 (void)ssl;
wolfSSL 7:481bce714567 2708 (void)keyBuf;
wolfSSL 7:481bce714567 2709 (void)keySz;
wolfSSL 7:481bce714567 2710 (void)ctx;
wolfSSL 7:481bce714567 2711
wolfSSL 7:481bce714567 2712 WOLFSSL_ENTER("RsaVerify");
wolfSSL 7:481bce714567 2713
wolfSSL 7:481bce714567 2714 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 2715 if (ssl->ctx->RsaVerifyCb) {
wolfSSL 7:481bce714567 2716 ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
wolfSSL 7:481bce714567 2717 }
wolfSSL 7:481bce714567 2718 else
wolfSSL 7:481bce714567 2719 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2720 {
wolfSSL 7:481bce714567 2721 ret = wc_RsaSSL_VerifyInline(in, inSz, out, key);
wolfSSL 7:481bce714567 2722 }
wolfSSL 7:481bce714567 2723
wolfSSL 7:481bce714567 2724 /* Handle async pending response */
wolfSSL 7:481bce714567 2725 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2726 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2727 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2728 WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL 7:481bce714567 2729 if (ret == 0) {
wolfSSL 7:481bce714567 2730 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2731 }
wolfSSL 7:481bce714567 2732 }
wolfSSL 7:481bce714567 2733 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2734
wolfSSL 7:481bce714567 2735 WOLFSSL_LEAVE("RsaVerify", ret);
wolfSSL 7:481bce714567 2736
wolfSSL 7:481bce714567 2737 return ret;
wolfSSL 7:481bce714567 2738 }
wolfSSL 7:481bce714567 2739
wolfSSL 7:481bce714567 2740 /* Verify RSA signature, 0 on success */
wolfSSL 7:481bce714567 2741 int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
wolfSSL 7:481bce714567 2742 const byte* plain, word32 plainSz, RsaKey* key)
wolfSSL 7:481bce714567 2743 {
wolfSSL 7:481bce714567 2744 byte* out = NULL; /* inline result */
wolfSSL 7:481bce714567 2745 int ret;
wolfSSL 7:481bce714567 2746
wolfSSL 7:481bce714567 2747 (void)ssl;
wolfSSL 7:481bce714567 2748
wolfSSL 7:481bce714567 2749 WOLFSSL_ENTER("VerifyRsaSign");
wolfSSL 7:481bce714567 2750
wolfSSL 7:481bce714567 2751 if (verifySig == NULL || plain == NULL || key == NULL) {
wolfSSL 7:481bce714567 2752 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2753 }
wolfSSL 7:481bce714567 2754
wolfSSL 7:481bce714567 2755 if (sigSz > ENCRYPT_LEN) {
wolfSSL 7:481bce714567 2756 WOLFSSL_MSG("Signature buffer too big");
wolfSSL 7:481bce714567 2757 return BUFFER_E;
wolfSSL 7:481bce714567 2758 }
wolfSSL 7:481bce714567 2759
wolfSSL 7:481bce714567 2760 ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
wolfSSL 7:481bce714567 2761
wolfSSL 7:481bce714567 2762 if (ret > 0) {
wolfSSL 7:481bce714567 2763 if (ret != (int)plainSz || !out ||
wolfSSL 7:481bce714567 2764 XMEMCMP(plain, out, plainSz) != 0) {
wolfSSL 7:481bce714567 2765 WOLFSSL_MSG("RSA Signature verification failed");
wolfSSL 7:481bce714567 2766 ret = RSA_SIGN_FAULT;
wolfSSL 7:481bce714567 2767 } else {
wolfSSL 7:481bce714567 2768 ret = 0; /* RSA reset */
wolfSSL 7:481bce714567 2769 }
wolfSSL 7:481bce714567 2770 }
wolfSSL 7:481bce714567 2771
wolfSSL 7:481bce714567 2772 /* Handle async pending response */
wolfSSL 7:481bce714567 2773 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2774 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2775 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2776 WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL 7:481bce714567 2777 if (ret == 0) {
wolfSSL 7:481bce714567 2778 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2779 }
wolfSSL 7:481bce714567 2780 }
wolfSSL 7:481bce714567 2781 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2782
wolfSSL 7:481bce714567 2783 WOLFSSL_LEAVE("VerifyRsaSign", ret);
wolfSSL 7:481bce714567 2784
wolfSSL 7:481bce714567 2785 return ret;
wolfSSL 7:481bce714567 2786 }
wolfSSL 7:481bce714567 2787
wolfSSL 7:481bce714567 2788 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
wolfSSL 7:481bce714567 2789 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 7:481bce714567 2790 {
wolfSSL 7:481bce714567 2791 int ret;
wolfSSL 7:481bce714567 2792
wolfSSL 7:481bce714567 2793 (void)ssl;
wolfSSL 7:481bce714567 2794 (void)keyBuf;
wolfSSL 7:481bce714567 2795 (void)keySz;
wolfSSL 7:481bce714567 2796 (void)ctx;
wolfSSL 7:481bce714567 2797
wolfSSL 7:481bce714567 2798 WOLFSSL_ENTER("RsaDec");
wolfSSL 7:481bce714567 2799
wolfSSL 7:481bce714567 2800 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 2801 if (ssl->ctx->RsaDecCb) {
wolfSSL 7:481bce714567 2802 ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz,
wolfSSL 7:481bce714567 2803 ctx);
wolfSSL 7:481bce714567 2804 }
wolfSSL 7:481bce714567 2805 else
wolfSSL 7:481bce714567 2806 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2807 {
wolfSSL 7:481bce714567 2808 #ifdef WC_RSA_BLINDING
wolfSSL 7:481bce714567 2809 ret = wc_RsaSetRNG(key, ssl->rng);
wolfSSL 7:481bce714567 2810 if (ret != 0)
wolfSSL 7:481bce714567 2811 return ret;
wolfSSL 7:481bce714567 2812 #endif
wolfSSL 7:481bce714567 2813 ret = wc_RsaPrivateDecryptInline(in, inSz, out, key);
wolfSSL 7:481bce714567 2814 }
wolfSSL 7:481bce714567 2815
wolfSSL 7:481bce714567 2816 /* Handle async pending response */
wolfSSL 7:481bce714567 2817 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2818 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2819 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2820 WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL 7:481bce714567 2821 if (ret == 0) {
wolfSSL 7:481bce714567 2822 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2823 }
wolfSSL 7:481bce714567 2824 }
wolfSSL 7:481bce714567 2825 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2826
wolfSSL 7:481bce714567 2827 /* For positive response return in outSz */
wolfSSL 7:481bce714567 2828 if (ret > 0) {
wolfSSL 7:481bce714567 2829 *outSz = ret;
wolfSSL 7:481bce714567 2830 ret = 0;
wolfSSL 7:481bce714567 2831 }
wolfSSL 7:481bce714567 2832
wolfSSL 7:481bce714567 2833 WOLFSSL_LEAVE("RsaDec", ret);
wolfSSL 7:481bce714567 2834
wolfSSL 7:481bce714567 2835 return ret;
wolfSSL 7:481bce714567 2836 }
wolfSSL 7:481bce714567 2837
wolfSSL 7:481bce714567 2838 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
wolfSSL 7:481bce714567 2839 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 7:481bce714567 2840 {
wolfSSL 7:481bce714567 2841 int ret;
wolfSSL 7:481bce714567 2842
wolfSSL 7:481bce714567 2843 (void)ssl;
wolfSSL 7:481bce714567 2844 (void)keyBuf;
wolfSSL 7:481bce714567 2845 (void)keySz;
wolfSSL 7:481bce714567 2846 (void)ctx;
wolfSSL 7:481bce714567 2847
wolfSSL 7:481bce714567 2848 WOLFSSL_ENTER("RsaEnc");
wolfSSL 7:481bce714567 2849
wolfSSL 7:481bce714567 2850 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 2851 if (ssl->ctx->RsaEncCb) {
wolfSSL 7:481bce714567 2852 ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 7:481bce714567 2853 ctx);
wolfSSL 7:481bce714567 2854 }
wolfSSL 7:481bce714567 2855 else
wolfSSL 7:481bce714567 2856 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2857 {
wolfSSL 7:481bce714567 2858 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 7:481bce714567 2859 }
wolfSSL 7:481bce714567 2860
wolfSSL 7:481bce714567 2861 /* Handle async pending response */
wolfSSL 7:481bce714567 2862 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2863 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2864 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2865 WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL 7:481bce714567 2866 if (ret == 0) {
wolfSSL 7:481bce714567 2867 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2868 }
wolfSSL 7:481bce714567 2869 }
wolfSSL 7:481bce714567 2870 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2871
wolfSSL 7:481bce714567 2872 /* For positive response return in outSz */
wolfSSL 7:481bce714567 2873 if (ret > 0) {
wolfSSL 7:481bce714567 2874 *outSz = ret;
wolfSSL 7:481bce714567 2875 ret = 0;
wolfSSL 7:481bce714567 2876 }
wolfSSL 7:481bce714567 2877
wolfSSL 7:481bce714567 2878 WOLFSSL_LEAVE("RsaEnc", ret);
wolfSSL 7:481bce714567 2879
wolfSSL 7:481bce714567 2880 return ret;
wolfSSL 7:481bce714567 2881 }
wolfSSL 7:481bce714567 2882
wolfSSL 7:481bce714567 2883 #endif /* NO_RSA */
wolfSSL 7:481bce714567 2884
wolfSSL 7:481bce714567 2885 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 2886
wolfSSL 7:481bce714567 2887 int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 7:481bce714567 2888 word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 7:481bce714567 2889 {
wolfSSL 7:481bce714567 2890 int ret;
wolfSSL 7:481bce714567 2891
wolfSSL 7:481bce714567 2892 (void)ssl;
wolfSSL 7:481bce714567 2893 (void)keyBuf;
wolfSSL 7:481bce714567 2894 (void)keySz;
wolfSSL 7:481bce714567 2895 (void)ctx;
wolfSSL 7:481bce714567 2896
wolfSSL 7:481bce714567 2897 WOLFSSL_ENTER("EccSign");
wolfSSL 7:481bce714567 2898
wolfSSL 7:481bce714567 2899 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 2900 if (ssl->ctx->EccSignCb) {
wolfSSL 7:481bce714567 2901 ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL 7:481bce714567 2902 keySz, ctx);
wolfSSL 7:481bce714567 2903 }
wolfSSL 7:481bce714567 2904 else
wolfSSL 7:481bce714567 2905 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2906 {
wolfSSL 7:481bce714567 2907 ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key);
wolfSSL 7:481bce714567 2908 }
wolfSSL 7:481bce714567 2909
wolfSSL 7:481bce714567 2910 /* Handle async pending response */
wolfSSL 7:481bce714567 2911 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2912 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2913 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2914 WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
wolfSSL 7:481bce714567 2915 if (ret == 0) {
wolfSSL 7:481bce714567 2916 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2917 }
wolfSSL 7:481bce714567 2918 }
wolfSSL 7:481bce714567 2919 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2920
wolfSSL 7:481bce714567 2921 WOLFSSL_LEAVE("EccSign", ret);
wolfSSL 7:481bce714567 2922
wolfSSL 7:481bce714567 2923 return ret;
wolfSSL 7:481bce714567 2924 }
wolfSSL 7:481bce714567 2925
wolfSSL 7:481bce714567 2926 int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
wolfSSL 7:481bce714567 2927 word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL 7:481bce714567 2928 void* ctx)
wolfSSL 7:481bce714567 2929 {
wolfSSL 7:481bce714567 2930 int ret, verify;
wolfSSL 7:481bce714567 2931
wolfSSL 7:481bce714567 2932 (void)ssl;
wolfSSL 7:481bce714567 2933 (void)keyBuf;
wolfSSL 7:481bce714567 2934 (void)keySz;
wolfSSL 7:481bce714567 2935 (void)ctx;
wolfSSL 7:481bce714567 2936
wolfSSL 7:481bce714567 2937 WOLFSSL_ENTER("EccVerify");
wolfSSL 7:481bce714567 2938
wolfSSL 7:481bce714567 2939 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 2940 if (ssl->ctx->EccVerifyCb) {
wolfSSL 7:481bce714567 2941 ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 7:481bce714567 2942 &verify, ctx);
wolfSSL 7:481bce714567 2943 }
wolfSSL 7:481bce714567 2944 else
wolfSSL 7:481bce714567 2945 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 2946 {
wolfSSL 7:481bce714567 2947 ret = wc_ecc_verify_hash(in, inSz, out, outSz, &verify, key);
wolfSSL 7:481bce714567 2948 }
wolfSSL 7:481bce714567 2949
wolfSSL 7:481bce714567 2950 /* Handle async pending response */
wolfSSL 7:481bce714567 2951 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 2952 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 2953 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 2954 WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
wolfSSL 7:481bce714567 2955 if (ret == 0) {
wolfSSL 7:481bce714567 2956 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 2957 }
wolfSSL 7:481bce714567 2958 }
wolfSSL 7:481bce714567 2959 else
wolfSSL 7:481bce714567 2960 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 2961 {
wolfSSL 7:481bce714567 2962 ret = (ret != 0 || verify == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL 7:481bce714567 2963 }
wolfSSL 7:481bce714567 2964
wolfSSL 7:481bce714567 2965 WOLFSSL_LEAVE("EccVerify", ret);
wolfSSL 7:481bce714567 2966
wolfSSL 7:481bce714567 2967 return ret;
wolfSSL 7:481bce714567 2968 }
wolfSSL 7:481bce714567 2969
wolfSSL 7:481bce714567 2970 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 2971 /* Gets ECC key for shared secret callback testing
wolfSSL 7:481bce714567 2972 * Client side: returns peer key
wolfSSL 7:481bce714567 2973 * Server side: returns private key
wolfSSL 7:481bce714567 2974 */
wolfSSL 7:481bce714567 2975 static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
wolfSSL 7:481bce714567 2976 {
wolfSSL 7:481bce714567 2977 int ret = NO_PEER_KEY;
wolfSSL 7:481bce714567 2978 ecc_key* tmpKey = NULL;
wolfSSL 7:481bce714567 2979
wolfSSL 7:481bce714567 2980 if (ssl == NULL || otherKey == NULL) {
wolfSSL 7:481bce714567 2981 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 2982 }
wolfSSL 7:481bce714567 2983
wolfSSL 7:481bce714567 2984 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 2985 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 2986 if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent ||
wolfSSL 7:481bce714567 2987 !ssl->peerEccDsaKey->dp) {
wolfSSL 7:481bce714567 2988 return NO_PEER_KEY;
wolfSSL 7:481bce714567 2989 }
wolfSSL 7:481bce714567 2990 tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
wolfSSL 7:481bce714567 2991 }
wolfSSL 7:481bce714567 2992 else {
wolfSSL 7:481bce714567 2993 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 7:481bce714567 2994 !ssl->peerEccKey->dp) {
wolfSSL 7:481bce714567 2995 return NO_PEER_KEY;
wolfSSL 7:481bce714567 2996 }
wolfSSL 7:481bce714567 2997 tmpKey = (struct ecc_key*)ssl->peerEccKey;
wolfSSL 7:481bce714567 2998 }
wolfSSL 7:481bce714567 2999 }
wolfSSL 7:481bce714567 3000 else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 3001 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 3002 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 3003 return NO_PRIVATE_KEY;
wolfSSL 7:481bce714567 3004 }
wolfSSL 7:481bce714567 3005 tmpKey = (struct ecc_key*)ssl->sigKey;
wolfSSL 7:481bce714567 3006 }
wolfSSL 7:481bce714567 3007 else {
wolfSSL 7:481bce714567 3008 if (!ssl->eccTempKeyPresent) {
wolfSSL 7:481bce714567 3009 return NO_PRIVATE_KEY;
wolfSSL 7:481bce714567 3010 }
wolfSSL 7:481bce714567 3011 tmpKey = (struct ecc_key*)ssl->eccTempKey;
wolfSSL 7:481bce714567 3012 }
wolfSSL 7:481bce714567 3013 }
wolfSSL 7:481bce714567 3014
wolfSSL 7:481bce714567 3015 if (tmpKey) {
wolfSSL 7:481bce714567 3016 *otherKey = tmpKey;
wolfSSL 7:481bce714567 3017 ret = 0;
wolfSSL 7:481bce714567 3018 }
wolfSSL 7:481bce714567 3019
wolfSSL 7:481bce714567 3020 return ret;
wolfSSL 7:481bce714567 3021 }
wolfSSL 7:481bce714567 3022 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 3023
wolfSSL 7:481bce714567 3024 int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
wolfSSL 7:481bce714567 3025 byte* pubKeyDer, word32* pubKeySz, byte* out, word32* outlen,
wolfSSL 7:481bce714567 3026 int side, void* ctx)
wolfSSL 7:481bce714567 3027 {
wolfSSL 7:481bce714567 3028 int ret;
wolfSSL 7:481bce714567 3029
wolfSSL 7:481bce714567 3030 (void)ssl;
wolfSSL 7:481bce714567 3031 (void)pubKeyDer;
wolfSSL 7:481bce714567 3032 (void)pubKeySz;
wolfSSL 7:481bce714567 3033 (void)side;
wolfSSL 7:481bce714567 3034 (void)ctx;
wolfSSL 7:481bce714567 3035
wolfSSL 7:481bce714567 3036 WOLFSSL_ENTER("EccSharedSecret");
wolfSSL 7:481bce714567 3037
wolfSSL 7:481bce714567 3038 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 3039 if (ssl->ctx->EccSharedSecretCb) {
wolfSSL 7:481bce714567 3040 ecc_key* otherKey = NULL;
wolfSSL 7:481bce714567 3041
wolfSSL 7:481bce714567 3042 ret = EccGetKey(ssl, &otherKey);
wolfSSL 7:481bce714567 3043 if (ret == 0) {
wolfSSL 7:481bce714567 3044 ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL 7:481bce714567 3045 pubKeySz, out, outlen, side, ctx);
wolfSSL 7:481bce714567 3046 }
wolfSSL 7:481bce714567 3047 }
wolfSSL 7:481bce714567 3048 else
wolfSSL 7:481bce714567 3049 #endif
wolfSSL 7:481bce714567 3050 {
wolfSSL 7:481bce714567 3051 ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
wolfSSL 7:481bce714567 3052 }
wolfSSL 7:481bce714567 3053
wolfSSL 7:481bce714567 3054 /* Handle async pending response */
wolfSSL 7:481bce714567 3055 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 3056 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 3057 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 3058 WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &priv_key->asyncDev);
wolfSSL 7:481bce714567 3059 if (ret == 0) {
wolfSSL 7:481bce714567 3060 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 3061 }
wolfSSL 7:481bce714567 3062 }
wolfSSL 7:481bce714567 3063 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 3064
wolfSSL 7:481bce714567 3065 WOLFSSL_LEAVE("EccSharedSecret", ret);
wolfSSL 7:481bce714567 3066
wolfSSL 7:481bce714567 3067 return ret;
wolfSSL 7:481bce714567 3068 }
wolfSSL 7:481bce714567 3069
wolfSSL 7:481bce714567 3070 int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
wolfSSL 7:481bce714567 3071 {
wolfSSL 7:481bce714567 3072 int ret = 0;
wolfSSL 7:481bce714567 3073 int keySz = 0;
wolfSSL 7:481bce714567 3074
wolfSSL 7:481bce714567 3075 WOLFSSL_ENTER("EccMakeKey");
wolfSSL 7:481bce714567 3076
wolfSSL 7:481bce714567 3077 if (peer == NULL) {
wolfSSL 7:481bce714567 3078 keySz = ssl->eccTempKeySz;
wolfSSL 7:481bce714567 3079 }
wolfSSL 7:481bce714567 3080 else {
wolfSSL 7:481bce714567 3081 keySz = peer->dp->size;
wolfSSL 7:481bce714567 3082 }
wolfSSL 7:481bce714567 3083
wolfSSL 7:481bce714567 3084 /* TODO: Implement _ex version here */
wolfSSL 7:481bce714567 3085 ret = wc_ecc_make_key(ssl->rng, keySz, key);
wolfSSL 7:481bce714567 3086
wolfSSL 7:481bce714567 3087 /* Handle async pending response */
wolfSSL 7:481bce714567 3088 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 7:481bce714567 3089 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 3090 ret = wolfAsync_EventInit(&ssl->event,
wolfSSL 7:481bce714567 3091 WOLF_EVENT_TYPE_ASYNC_WOLFSSL, &key->asyncDev);
wolfSSL 7:481bce714567 3092 if (ret == 0) {
wolfSSL 7:481bce714567 3093 ret = WC_PENDING_E;
wolfSSL 7:481bce714567 3094 }
wolfSSL 7:481bce714567 3095 }
wolfSSL 7:481bce714567 3096 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 3097
wolfSSL 7:481bce714567 3098 WOLFSSL_LEAVE("EccMakeKey", ret);
wolfSSL 7:481bce714567 3099
wolfSSL 7:481bce714567 3100 return ret;
wolfSSL 7:481bce714567 3101 }
wolfSSL 7:481bce714567 3102
wolfSSL 7:481bce714567 3103 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3104
wolfSSL 7:481bce714567 3105 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 3106
wolfSSL 7:481bce714567 3107 #if !defined(NO_CERTS) || !defined(NO_PSK)
wolfSSL 7:481bce714567 3108 #if !defined(NO_DH)
wolfSSL 7:481bce714567 3109
wolfSSL 7:481bce714567 3110 int DhGenKeyPair(WOLFSSL* ssl,
wolfSSL 7:481bce714567 3111 byte* p, word32 pSz,
wolfSSL 7:481bce714567 3112 byte* g, word32 gSz,
wolfSSL 7:481bce714567 3113 byte* priv, word32* privSz,
wolfSSL 7:481bce714567 3114 byte* pub, word32* pubSz)
wolfSSL 7:481bce714567 3115 {
wolfSSL 7:481bce714567 3116 int ret;
wolfSSL 7:481bce714567 3117 DhKey dhKey;
wolfSSL 7:481bce714567 3118
wolfSSL 7:481bce714567 3119 ret = wc_InitDhKey(&dhKey);
wolfSSL 7:481bce714567 3120 if (ret == 0) {
wolfSSL 7:481bce714567 3121 ret = wc_DhSetKey(&dhKey, p, pSz, g, gSz);
wolfSSL 7:481bce714567 3122 if (ret == 0) {
wolfSSL 7:481bce714567 3123 ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, priv, privSz, pub, pubSz);
wolfSSL 7:481bce714567 3124 }
wolfSSL 7:481bce714567 3125 wc_FreeDhKey(&dhKey);
wolfSSL 7:481bce714567 3126 }
wolfSSL 7:481bce714567 3127
wolfSSL 7:481bce714567 3128 return ret;
wolfSSL 7:481bce714567 3129 }
wolfSSL 7:481bce714567 3130
wolfSSL 7:481bce714567 3131 int DhAgree(WOLFSSL* ssl,
wolfSSL 7:481bce714567 3132 byte* p, word32 pSz,
wolfSSL 7:481bce714567 3133 byte* g, word32 gSz,
wolfSSL 7:481bce714567 3134 byte* priv, word32* privSz,
wolfSSL 7:481bce714567 3135 byte* pub, word32* pubSz,
wolfSSL 7:481bce714567 3136 const byte* otherPub, word32 otherPubSz,
wolfSSL 7:481bce714567 3137 byte* agree, word32* agreeSz)
wolfSSL 7:481bce714567 3138 {
wolfSSL 7:481bce714567 3139 int ret;
wolfSSL 7:481bce714567 3140 DhKey dhKey;
wolfSSL 7:481bce714567 3141
wolfSSL 7:481bce714567 3142 ret = wc_InitDhKey(&dhKey);
wolfSSL 7:481bce714567 3143 if (ret == 0) {
wolfSSL 7:481bce714567 3144 ret = wc_DhSetKey(&dhKey, p, pSz, g, gSz);
wolfSSL 7:481bce714567 3145 if (ret == 0 && pub) {
wolfSSL 7:481bce714567 3146 /* for DH, encSecret is Yc, agree is pre-master */
wolfSSL 7:481bce714567 3147 ret = wc_DhGenerateKeyPair(&dhKey, ssl->rng, priv, privSz, pub, pubSz);
wolfSSL 7:481bce714567 3148 }
wolfSSL 7:481bce714567 3149 if (ret == 0) {
wolfSSL 7:481bce714567 3150 ret = wc_DhAgree(&dhKey, agree, agreeSz, priv, *privSz, otherPub, otherPubSz);
wolfSSL 7:481bce714567 3151 }
wolfSSL 7:481bce714567 3152 wc_FreeDhKey(&dhKey);
wolfSSL 7:481bce714567 3153 }
wolfSSL 7:481bce714567 3154
wolfSSL 7:481bce714567 3155 return ret;
wolfSSL 7:481bce714567 3156 }
wolfSSL 7:481bce714567 3157
wolfSSL 7:481bce714567 3158 #endif /* !NO_DH */
wolfSSL 7:481bce714567 3159 #endif /* !NO_CERTS || !NO_PSK */
wolfSSL 7:481bce714567 3160
wolfSSL 7:481bce714567 3161
wolfSSL 7:481bce714567 3162
wolfSSL 7:481bce714567 3163 /* This function inherits a WOLFSSL_CTX's fields into an SSL object.
wolfSSL 7:481bce714567 3164 It is used during initialization and to switch an ssl's CTX with
wolfSSL 7:481bce714567 3165 wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK
wolfSSL 7:481bce714567 3166 SSL_SUCCESS return value on success */
wolfSSL 7:481bce714567 3167 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 3168 {
wolfSSL 7:481bce714567 3169 byte havePSK = 0;
wolfSSL 7:481bce714567 3170 byte haveAnon = 0;
wolfSSL 7:481bce714567 3171 byte newSSL;
wolfSSL 7:481bce714567 3172 byte haveRSA = 0;
wolfSSL 7:481bce714567 3173 (void) haveAnon; /* Squash unused var warnings */
wolfSSL 7:481bce714567 3174
wolfSSL 7:481bce714567 3175 if(!ssl || !ctx || ssl->suites == NULL)
wolfSSL 7:481bce714567 3176 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 3177
wolfSSL 7:481bce714567 3178 newSSL = ssl->ctx == NULL; /* Assign after null check */
wolfSSL 7:481bce714567 3179
wolfSSL 7:481bce714567 3180 #ifndef NO_PSK
wolfSSL 7:481bce714567 3181 if (ctx->server_hint[0] && ssl->arrays == NULL) {
wolfSSL 7:481bce714567 3182 return BAD_FUNC_ARG; /* needed for copy below */
wolfSSL 7:481bce714567 3183 }
wolfSSL 7:481bce714567 3184 #endif
wolfSSL 7:481bce714567 3185
wolfSSL 7:481bce714567 3186
wolfSSL 7:481bce714567 3187 #ifndef NO_RSA
wolfSSL 7:481bce714567 3188 haveRSA = 1;
wolfSSL 7:481bce714567 3189 #endif
wolfSSL 7:481bce714567 3190 #ifndef NO_PSK
wolfSSL 7:481bce714567 3191 havePSK = ctx->havePSK;
wolfSSL 7:481bce714567 3192 #endif /* NO_PSK */
wolfSSL 7:481bce714567 3193 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 3194 haveAnon = ctx->haveAnon;
wolfSSL 7:481bce714567 3195 #endif /* HAVE_ANON*/
wolfSSL 7:481bce714567 3196
wolfSSL 7:481bce714567 3197 /* decrement previous CTX reference count if exists.
wolfSSL 7:481bce714567 3198 * This should only happen if switching ctxs!*/
wolfSSL 7:481bce714567 3199 if (!newSSL) {
wolfSSL 7:481bce714567 3200 WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL 7:481bce714567 3201 wolfSSL_CTX_free(ssl->ctx);
wolfSSL 7:481bce714567 3202 }
wolfSSL 7:481bce714567 3203
wolfSSL 7:481bce714567 3204 /* increment CTX reference count */
wolfSSL 7:481bce714567 3205 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 7:481bce714567 3206 WOLFSSL_MSG("Couldn't lock CTX count mutex");
wolfSSL 7:481bce714567 3207 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3208 }
wolfSSL 7:481bce714567 3209 ctx->refCount++;
wolfSSL 7:481bce714567 3210 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 7:481bce714567 3211 ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL 7:481bce714567 3212 ssl->version = ctx->method->version;
wolfSSL 7:481bce714567 3213
wolfSSL 7:481bce714567 3214 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3215 ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL 7:481bce714567 3216 ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL 7:481bce714567 3217 #endif
wolfSSL 7:481bce714567 3218
wolfSSL 7:481bce714567 3219 ssl->timeout = ctx->timeout;
wolfSSL 7:481bce714567 3220 ssl->verifyCallback = ctx->verifyCallback;
wolfSSL 7:481bce714567 3221 ssl->options.side = ctx->method->side;
wolfSSL 7:481bce714567 3222 ssl->options.downgrade = ctx->method->downgrade;
wolfSSL 7:481bce714567 3223 ssl->options.minDowngrade = ctx->minDowngrade;
wolfSSL 7:481bce714567 3224
wolfSSL 7:481bce714567 3225 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 3226 ssl->options.haveDH = ctx->haveDH;
wolfSSL 7:481bce714567 3227
wolfSSL 7:481bce714567 3228 ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL 7:481bce714567 3229 ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL 7:481bce714567 3230 ssl->options.haveECC = ctx->haveECC;
wolfSSL 7:481bce714567 3231 ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL 7:481bce714567 3232
wolfSSL 7:481bce714567 3233 #ifndef NO_PSK
wolfSSL 7:481bce714567 3234 ssl->options.havePSK = ctx->havePSK;
wolfSSL 7:481bce714567 3235 ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL 7:481bce714567 3236 ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL 7:481bce714567 3237 #endif /* NO_PSK */
wolfSSL 7:481bce714567 3238
wolfSSL 7:481bce714567 3239 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 3240 ssl->options.haveAnon = ctx->haveAnon;
wolfSSL 7:481bce714567 3241 #endif
wolfSSL 7:481bce714567 3242 #ifndef NO_DH
wolfSSL 7:481bce714567 3243 ssl->options.minDhKeySz = ctx->minDhKeySz;
wolfSSL 7:481bce714567 3244 #endif
wolfSSL 7:481bce714567 3245 #ifndef NO_RSA
wolfSSL 7:481bce714567 3246 ssl->options.minRsaKeySz = ctx->minRsaKeySz;
wolfSSL 7:481bce714567 3247 #endif
wolfSSL 7:481bce714567 3248 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3249 ssl->options.minEccKeySz = ctx->minEccKeySz;
wolfSSL 7:481bce714567 3250 #endif
wolfSSL 7:481bce714567 3251
wolfSSL 7:481bce714567 3252 ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL 7:481bce714567 3253 ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL 7:481bce714567 3254
wolfSSL 7:481bce714567 3255 ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL 7:481bce714567 3256 ssl->options.verifyNone = ctx->verifyNone;
wolfSSL 7:481bce714567 3257 ssl->options.failNoCert = ctx->failNoCert;
wolfSSL 7:481bce714567 3258 ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
wolfSSL 7:481bce714567 3259 ssl->options.sendVerify = ctx->sendVerify;
wolfSSL 7:481bce714567 3260
wolfSSL 7:481bce714567 3261 ssl->options.partialWrite = ctx->partialWrite;
wolfSSL 7:481bce714567 3262 ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL 7:481bce714567 3263 ssl->options.groupMessages = ctx->groupMessages;
wolfSSL 7:481bce714567 3264
wolfSSL 7:481bce714567 3265 #ifndef NO_DH
wolfSSL 7:481bce714567 3266 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 3267 ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL 7:481bce714567 3268 ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL 7:481bce714567 3269 }
wolfSSL 7:481bce714567 3270 #endif
wolfSSL 7:481bce714567 3271
wolfSSL 7:481bce714567 3272 #ifndef NO_CERTS
wolfSSL 7:481bce714567 3273 /* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL 7:481bce714567 3274 ssl->buffers.certificate = ctx->certificate;
wolfSSL 7:481bce714567 3275 ssl->buffers.certChain = ctx->certChain;
wolfSSL 7:481bce714567 3276 ssl->buffers.key = ctx->privateKey;
wolfSSL 7:481bce714567 3277 #endif
wolfSSL 7:481bce714567 3278
wolfSSL 7:481bce714567 3279 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 3280 ssl->devId = ctx->devId;
wolfSSL 7:481bce714567 3281 #endif
wolfSSL 7:481bce714567 3282
wolfSSL 7:481bce714567 3283 #ifndef NO_PSK
wolfSSL 7:481bce714567 3284 if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL 7:481bce714567 3285 XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
wolfSSL 7:481bce714567 3286 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 7:481bce714567 3287 }
wolfSSL 7:481bce714567 3288 #endif /* NO_PSK */
wolfSSL 7:481bce714567 3289
wolfSSL 7:481bce714567 3290 if (ctx->suites)
wolfSSL 7:481bce714567 3291 *ssl->suites = *ctx->suites;
wolfSSL 7:481bce714567 3292 else
wolfSSL 7:481bce714567 3293 XMEMSET(ssl->suites, 0, sizeof(Suites));
wolfSSL 7:481bce714567 3294
wolfSSL 7:481bce714567 3295 /* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL 7:481bce714567 3296 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 3297 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 7:481bce714567 3298 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 3299 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 3300 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 3301 else
wolfSSL 7:481bce714567 3302 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
wolfSSL 7:481bce714567 3303 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 7:481bce714567 3304 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 7:481bce714567 3305 ssl->options.side);
wolfSSL 7:481bce714567 3306
wolfSSL 7:481bce714567 3307 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 7:481bce714567 3308 /* make sure server has cert and key unless using PSK or Anon
wolfSSL 7:481bce714567 3309 * This should be true even if just switching ssl ctx */
wolfSSL 7:481bce714567 3310 if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
wolfSSL 7:481bce714567 3311 if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer ||
wolfSSL 7:481bce714567 3312 !ssl->buffers.key || !ssl->buffers.key->buffer) {
wolfSSL 7:481bce714567 3313 WOLFSSL_MSG("Server missing certificate and/or private key");
wolfSSL 7:481bce714567 3314 return NO_PRIVATE_KEY;
wolfSSL 7:481bce714567 3315 }
wolfSSL 7:481bce714567 3316 #endif
wolfSSL 7:481bce714567 3317
wolfSSL 7:481bce714567 3318 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 7:481bce714567 3319 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 3320 ssl->dtls_export = ctx->dtls_export; /* export function for session */
wolfSSL 7:481bce714567 3321 #endif
wolfSSL 7:481bce714567 3322 #endif
wolfSSL 7:481bce714567 3323
wolfSSL 7:481bce714567 3324 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 3325 ssl->readAhead = ctx->readAhead;
wolfSSL 7:481bce714567 3326 #endif
wolfSSL 7:481bce714567 3327
wolfSSL 7:481bce714567 3328 return SSL_SUCCESS;
wolfSSL 7:481bce714567 3329 }
wolfSSL 7:481bce714567 3330
wolfSSL 7:481bce714567 3331
wolfSSL 7:481bce714567 3332 /* init everything to 0, NULL, default values before calling anything that may
wolfSSL 7:481bce714567 3333 fail so that destructor has a "good" state to cleanup
wolfSSL 7:481bce714567 3334 0 on success */
wolfSSL 7:481bce714567 3335 int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL 7:481bce714567 3336 {
wolfSSL 7:481bce714567 3337 int ret;
wolfSSL 7:481bce714567 3338
wolfSSL 7:481bce714567 3339 XMEMSET(ssl, 0, sizeof(WOLFSSL));
wolfSSL 7:481bce714567 3340
wolfSSL 7:481bce714567 3341 #if defined(WOLFSSL_STATIC_MEMORY)
wolfSSL 7:481bce714567 3342 if (ctx->heap != NULL) {
wolfSSL 7:481bce714567 3343 WOLFSSL_HEAP_HINT* ssl_hint;
wolfSSL 7:481bce714567 3344 WOLFSSL_HEAP_HINT* ctx_hint;
wolfSSL 7:481bce714567 3345
wolfSSL 7:481bce714567 3346 /* avoid derefrencing a test value */
wolfSSL 7:481bce714567 3347 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 3348 if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 7:481bce714567 3349 ssl->heap = ctx->heap;
wolfSSL 7:481bce714567 3350 }
wolfSSL 7:481bce714567 3351 else {
wolfSSL 7:481bce714567 3352 #endif
wolfSSL 7:481bce714567 3353 ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT),
wolfSSL 7:481bce714567 3354 ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3355 if (ssl->heap == NULL) {
wolfSSL 7:481bce714567 3356 return MEMORY_E;
wolfSSL 7:481bce714567 3357 }
wolfSSL 7:481bce714567 3358 XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 7:481bce714567 3359 ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 7:481bce714567 3360 ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
wolfSSL 7:481bce714567 3361
wolfSSL 7:481bce714567 3362 /* lock and check IO count / handshake count */
wolfSSL 7:481bce714567 3363 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 7:481bce714567 3364 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 7:481bce714567 3365 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3366 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 7:481bce714567 3367 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3368 }
wolfSSL 7:481bce714567 3369 if (ctx_hint->memory->maxHa > 0 &&
wolfSSL 7:481bce714567 3370 ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
wolfSSL 7:481bce714567 3371 WOLFSSL_MSG("At max number of handshakes for static memory");
wolfSSL 7:481bce714567 3372 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3373 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3374 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 7:481bce714567 3375 return MEMORY_E;
wolfSSL 7:481bce714567 3376 }
wolfSSL 7:481bce714567 3377
wolfSSL 7:481bce714567 3378 if (ctx_hint->memory->maxIO > 0 &&
wolfSSL 7:481bce714567 3379 ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
wolfSSL 7:481bce714567 3380 WOLFSSL_MSG("At max number of IO allowed for static memory");
wolfSSL 7:481bce714567 3381 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3382 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3383 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 7:481bce714567 3384 return MEMORY_E;
wolfSSL 7:481bce714567 3385 }
wolfSSL 7:481bce714567 3386 ctx_hint->memory->curIO++;
wolfSSL 7:481bce714567 3387 ctx_hint->memory->curHa++;
wolfSSL 7:481bce714567 3388 ssl_hint->memory = ctx_hint->memory;
wolfSSL 7:481bce714567 3389 ssl_hint->haFlag = 1;
wolfSSL 7:481bce714567 3390 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3391
wolfSSL 7:481bce714567 3392 /* check if tracking stats */
wolfSSL 7:481bce714567 3393 if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 7:481bce714567 3394 ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC(
wolfSSL 7:481bce714567 3395 sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3396 if (ssl_hint->stats == NULL) {
wolfSSL 7:481bce714567 3397 return MEMORY_E;
wolfSSL 7:481bce714567 3398 }
wolfSSL 7:481bce714567 3399 XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 7:481bce714567 3400 }
wolfSSL 7:481bce714567 3401
wolfSSL 7:481bce714567 3402 /* check if using fixed IO buffers */
wolfSSL 7:481bce714567 3403 if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 7:481bce714567 3404 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 7:481bce714567 3405 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 7:481bce714567 3406 return BAD_MUTEX_E;
wolfSSL 7:481bce714567 3407 }
wolfSSL 7:481bce714567 3408 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
wolfSSL 7:481bce714567 3409 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3410 return MEMORY_E;
wolfSSL 7:481bce714567 3411 }
wolfSSL 7:481bce714567 3412 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
wolfSSL 7:481bce714567 3413 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3414 return MEMORY_E;
wolfSSL 7:481bce714567 3415 }
wolfSSL 7:481bce714567 3416 if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) {
wolfSSL 7:481bce714567 3417 WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
wolfSSL 7:481bce714567 3418 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3419 return MEMORY_E;
wolfSSL 7:481bce714567 3420 }
wolfSSL 7:481bce714567 3421 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 7:481bce714567 3422 }
wolfSSL 7:481bce714567 3423 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 3424 }
wolfSSL 7:481bce714567 3425 #endif
wolfSSL 7:481bce714567 3426 }
wolfSSL 7:481bce714567 3427 else {
wolfSSL 7:481bce714567 3428 ssl->heap = ctx->heap;
wolfSSL 7:481bce714567 3429 }
wolfSSL 7:481bce714567 3430 #else
wolfSSL 7:481bce714567 3431 ssl->heap = ctx->heap; /* carry over user heap without static memory */
wolfSSL 7:481bce714567 3432 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 7:481bce714567 3433
wolfSSL 7:481bce714567 3434 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 7:481bce714567 3435 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 7:481bce714567 3436
wolfSSL 7:481bce714567 3437 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 7:481bce714567 3438 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 7:481bce714567 3439
wolfSSL 7:481bce714567 3440 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 7:481bce714567 3441 InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL 7:481bce714567 3442 #endif
wolfSSL 7:481bce714567 3443
wolfSSL 7:481bce714567 3444 ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL 7:481bce714567 3445 ssl->wfd = -1;
wolfSSL 7:481bce714567 3446
wolfSSL 7:481bce714567 3447 ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL 7:481bce714567 3448 ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL 7:481bce714567 3449
wolfSSL 7:481bce714567 3450 #ifdef HAVE_NETX
wolfSSL 7:481bce714567 3451 ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL 7:481bce714567 3452 ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL 7:481bce714567 3453 #endif
wolfSSL 7:481bce714567 3454
wolfSSL 7:481bce714567 3455 ssl->options.serverState = NULL_STATE;
wolfSSL 7:481bce714567 3456 ssl->options.clientState = NULL_STATE;
wolfSSL 7:481bce714567 3457 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 7:481bce714567 3458 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 7:481bce714567 3459 ssl->options.handShakeState = NULL_STATE;
wolfSSL 7:481bce714567 3460 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 3461
wolfSSL 7:481bce714567 3462 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 3463 #ifdef WOLFSSL_SCTP
wolfSSL 7:481bce714567 3464 ssl->options.dtlsSctp = ctx->dtlsSctp;
wolfSSL 7:481bce714567 3465 ssl->dtlsMtuSz = ctx->dtlsMtuSz;
wolfSSL 7:481bce714567 3466 ssl->dtls_expected_rx = ssl->dtlsMtuSz;
wolfSSL 7:481bce714567 3467 #else
wolfSSL 7:481bce714567 3468 ssl->dtls_expected_rx = MAX_MTU;
wolfSSL 7:481bce714567 3469 #endif
wolfSSL 7:481bce714567 3470 ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL 7:481bce714567 3471 ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL 7:481bce714567 3472 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 7:481bce714567 3473 ssl->buffers.dtlsCtx.rfd = -1;
wolfSSL 7:481bce714567 3474 ssl->buffers.dtlsCtx.wfd = -1;
wolfSSL 7:481bce714567 3475 #endif
wolfSSL 7:481bce714567 3476
wolfSSL 7:481bce714567 3477 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 3478 ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL 7:481bce714567 3479 #else
wolfSSL 7:481bce714567 3480 ssl->hmac = TLS_hmac;
wolfSSL 7:481bce714567 3481 #endif
wolfSSL 7:481bce714567 3482
wolfSSL 7:481bce714567 3483
wolfSSL 7:481bce714567 3484 ssl->cipher.ssl = ssl;
wolfSSL 7:481bce714567 3485
wolfSSL 7:481bce714567 3486 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 3487 ssl->options.haveEMS = ctx->haveEMS;
wolfSSL 7:481bce714567 3488 #endif
wolfSSL 7:481bce714567 3489
wolfSSL 7:481bce714567 3490 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 3491 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 3492 ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL 7:481bce714567 3493 #endif
wolfSSL 7:481bce714567 3494 #ifdef HAVE_ALPN
wolfSSL 7:481bce714567 3495 ssl->alpn_client_list = NULL;
wolfSSL 7:481bce714567 3496 #endif
wolfSSL 7:481bce714567 3497 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 7:481bce714567 3498 ssl->options.userCurves = ctx->userCurves;
wolfSSL 7:481bce714567 3499 #endif
wolfSSL 7:481bce714567 3500 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 7:481bce714567 3501
wolfSSL 7:481bce714567 3502 /* default alert state (none) */
wolfSSL 7:481bce714567 3503 ssl->alert_history.last_rx.code = -1;
wolfSSL 7:481bce714567 3504 ssl->alert_history.last_rx.level = -1;
wolfSSL 7:481bce714567 3505 ssl->alert_history.last_tx.code = -1;
wolfSSL 7:481bce714567 3506 ssl->alert_history.last_tx.level = -1;
wolfSSL 7:481bce714567 3507
wolfSSL 7:481bce714567 3508 InitCiphers(ssl);
wolfSSL 7:481bce714567 3509 InitCipherSpecs(&ssl->specs);
wolfSSL 7:481bce714567 3510
wolfSSL 7:481bce714567 3511 /* all done with init, now can return errors, call other stuff */
wolfSSL 7:481bce714567 3512
wolfSSL 7:481bce714567 3513 /* arrays */
wolfSSL 7:481bce714567 3514 ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL 7:481bce714567 3515 DYNAMIC_TYPE_ARRAYS);
wolfSSL 7:481bce714567 3516 if (ssl->arrays == NULL) {
wolfSSL 7:481bce714567 3517 WOLFSSL_MSG("Arrays Memory error");
wolfSSL 7:481bce714567 3518 return MEMORY_E;
wolfSSL 7:481bce714567 3519 }
wolfSSL 7:481bce714567 3520 XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL 7:481bce714567 3521
wolfSSL 7:481bce714567 3522 /* suites */
wolfSSL 7:481bce714567 3523 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL 7:481bce714567 3524 DYNAMIC_TYPE_SUITES);
wolfSSL 7:481bce714567 3525 if (ssl->suites == NULL) {
wolfSSL 7:481bce714567 3526 WOLFSSL_MSG("Suites Memory error");
wolfSSL 7:481bce714567 3527 return MEMORY_E;
wolfSSL 7:481bce714567 3528 }
wolfSSL 7:481bce714567 3529
wolfSSL 7:481bce714567 3530 /* Initialize SSL with the appropriate fields from it's ctx */
wolfSSL 7:481bce714567 3531 /* requires valid arrays and suites */
wolfSSL 7:481bce714567 3532 if((ret = SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
wolfSSL 7:481bce714567 3533 return ret;
wolfSSL 7:481bce714567 3534
wolfSSL 7:481bce714567 3535 ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL 7:481bce714567 3536
wolfSSL 7:481bce714567 3537 /* hsHashes */
wolfSSL 7:481bce714567 3538 ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
wolfSSL 7:481bce714567 3539 DYNAMIC_TYPE_HASHES);
wolfSSL 7:481bce714567 3540 if (ssl->hsHashes == NULL) {
wolfSSL 7:481bce714567 3541 WOLFSSL_MSG("HS_Hashes Memory error");
wolfSSL 7:481bce714567 3542 return MEMORY_E;
wolfSSL 7:481bce714567 3543 }
wolfSSL 7:481bce714567 3544
wolfSSL 7:481bce714567 3545 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 3546 #ifndef NO_MD5
wolfSSL 7:481bce714567 3547 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 7:481bce714567 3548 #endif
wolfSSL 7:481bce714567 3549 #ifndef NO_SHA
wolfSSL 7:481bce714567 3550 ret = wc_InitSha(&ssl->hsHashes->hashSha);
wolfSSL 7:481bce714567 3551 if (ret != 0) {
wolfSSL 7:481bce714567 3552 return ret;
wolfSSL 7:481bce714567 3553 }
wolfSSL 7:481bce714567 3554 #endif
wolfSSL 7:481bce714567 3555 #endif
wolfSSL 7:481bce714567 3556 #ifndef NO_SHA256
wolfSSL 7:481bce714567 3557 ret = wc_InitSha256(&ssl->hsHashes->hashSha256);
wolfSSL 7:481bce714567 3558 if (ret != 0) {
wolfSSL 7:481bce714567 3559 return ret;
wolfSSL 7:481bce714567 3560 }
wolfSSL 7:481bce714567 3561 #endif
wolfSSL 7:481bce714567 3562 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 3563 ret = wc_InitSha384(&ssl->hsHashes->hashSha384);
wolfSSL 7:481bce714567 3564 if (ret != 0) {
wolfSSL 7:481bce714567 3565 return ret;
wolfSSL 7:481bce714567 3566 }
wolfSSL 7:481bce714567 3567 #endif
wolfSSL 7:481bce714567 3568 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 3569 ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
wolfSSL 7:481bce714567 3570 if (ret != 0) {
wolfSSL 7:481bce714567 3571 return ret;
wolfSSL 7:481bce714567 3572 }
wolfSSL 7:481bce714567 3573 #endif
wolfSSL 7:481bce714567 3574
wolfSSL 7:481bce714567 3575 #ifdef SINGLE_THREADED
wolfSSL 7:481bce714567 3576 ssl->rng = ctx->rng; /* CTX may have one, if so use it */
wolfSSL 7:481bce714567 3577 #endif
wolfSSL 7:481bce714567 3578
wolfSSL 7:481bce714567 3579 if (ssl->rng == NULL) {
wolfSSL 7:481bce714567 3580 /* RNG */
wolfSSL 7:481bce714567 3581 ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap,DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 3582 if (ssl->rng == NULL) {
wolfSSL 7:481bce714567 3583 WOLFSSL_MSG("RNG Memory error");
wolfSSL 7:481bce714567 3584 return MEMORY_E;
wolfSSL 7:481bce714567 3585 }
wolfSSL 7:481bce714567 3586 XMEMSET(ssl->rng, 0, sizeof(WC_RNG));
wolfSSL 7:481bce714567 3587 ssl->options.weOwnRng = 1;
wolfSSL 7:481bce714567 3588
wolfSSL 7:481bce714567 3589 /* FIPS RNG API does not accept a heap hint */
wolfSSL 7:481bce714567 3590 #ifndef HAVE_FIPS
wolfSSL 7:481bce714567 3591 if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap)) != 0) {
wolfSSL 7:481bce714567 3592 WOLFSSL_MSG("RNG Init error");
wolfSSL 7:481bce714567 3593 return ret;
wolfSSL 7:481bce714567 3594 }
wolfSSL 7:481bce714567 3595 #else
wolfSSL 7:481bce714567 3596 if ( (ret = wc_InitRng(ssl->rng)) != 0) {
wolfSSL 7:481bce714567 3597 WOLFSSL_MSG("RNG Init error");
wolfSSL 7:481bce714567 3598 return ret;
wolfSSL 7:481bce714567 3599 }
wolfSSL 7:481bce714567 3600 #endif
wolfSSL 7:481bce714567 3601 }
wolfSSL 7:481bce714567 3602
wolfSSL 7:481bce714567 3603 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 7:481bce714567 3604 if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 3605 ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL 7:481bce714567 3606 if (ret != 0) {
wolfSSL 7:481bce714567 3607 WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL 7:481bce714567 3608 return ret;
wolfSSL 7:481bce714567 3609 }
wolfSSL 7:481bce714567 3610 }
wolfSSL 7:481bce714567 3611 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 3612
wolfSSL 7:481bce714567 3613 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 7:481bce714567 3614 ssl->sessionSecretCb = NULL;
wolfSSL 7:481bce714567 3615 ssl->sessionSecretCtx = NULL;
wolfSSL 7:481bce714567 3616 #endif
wolfSSL 7:481bce714567 3617
wolfSSL 7:481bce714567 3618 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 3619 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 3620 #endif
wolfSSL 7:481bce714567 3621 return 0;
wolfSSL 7:481bce714567 3622 }
wolfSSL 7:481bce714567 3623
wolfSSL 7:481bce714567 3624
wolfSSL 7:481bce714567 3625 /* free use of temporary arrays */
wolfSSL 7:481bce714567 3626 void FreeArrays(WOLFSSL* ssl, int keep)
wolfSSL 7:481bce714567 3627 {
wolfSSL 7:481bce714567 3628 if (ssl->arrays && keep) {
wolfSSL 7:481bce714567 3629 /* keeps session id for user retrieval */
wolfSSL 7:481bce714567 3630 XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL 7:481bce714567 3631 ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 7:481bce714567 3632 }
wolfSSL 7:481bce714567 3633 if (ssl->arrays) {
wolfSSL 7:481bce714567 3634 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 7:481bce714567 3635 ssl->arrays->pendingMsg = NULL;
wolfSSL 7:481bce714567 3636 ForceZero(ssl->arrays, sizeof(Arrays)); /* clear arrays struct */
wolfSSL 7:481bce714567 3637 }
wolfSSL 7:481bce714567 3638 XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 7:481bce714567 3639 ssl->arrays = NULL;
wolfSSL 7:481bce714567 3640 }
wolfSSL 7:481bce714567 3641
wolfSSL 7:481bce714567 3642 static void FreeKeyExchange(WOLFSSL* ssl)
wolfSSL 7:481bce714567 3643 {
wolfSSL 7:481bce714567 3644 /* Cleanup signature buffer */
wolfSSL 7:481bce714567 3645 if (ssl->buffers.sig.buffer) {
wolfSSL 7:481bce714567 3646 XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3647 ssl->buffers.sig.buffer = NULL;
wolfSSL 7:481bce714567 3648 ssl->buffers.sig.length = 0;
wolfSSL 7:481bce714567 3649 }
wolfSSL 7:481bce714567 3650
wolfSSL 7:481bce714567 3651 /* Cleanup digest buffer */
wolfSSL 7:481bce714567 3652 if (ssl->buffers.digest.buffer) {
wolfSSL 7:481bce714567 3653 XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3654 ssl->buffers.digest.buffer = NULL;
wolfSSL 7:481bce714567 3655 ssl->buffers.digest.length = 0;
wolfSSL 7:481bce714567 3656 }
wolfSSL 7:481bce714567 3657
wolfSSL 7:481bce714567 3658 /* Free sigKey */
wolfSSL 7:481bce714567 3659 if (ssl->sigKey) {
wolfSSL 7:481bce714567 3660 switch (ssl->sigType)
wolfSSL 7:481bce714567 3661 {
wolfSSL 7:481bce714567 3662 #ifndef NO_RSA
wolfSSL 7:481bce714567 3663 case DYNAMIC_TYPE_RSA:
wolfSSL 7:481bce714567 3664 {
wolfSSL 7:481bce714567 3665 wc_FreeRsaKey((RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 3666 XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 3667 break;
wolfSSL 7:481bce714567 3668 }
wolfSSL 7:481bce714567 3669 #endif /* ! NO_RSA */
wolfSSL 7:481bce714567 3670 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3671 case DYNAMIC_TYPE_ECC:
wolfSSL 7:481bce714567 3672 {
wolfSSL 7:481bce714567 3673 wc_ecc_free((ecc_key*)ssl->sigKey);
wolfSSL 7:481bce714567 3674 XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3675 break;
wolfSSL 7:481bce714567 3676 }
wolfSSL 7:481bce714567 3677 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3678 default:
wolfSSL 7:481bce714567 3679 break;
wolfSSL 7:481bce714567 3680 }
wolfSSL 7:481bce714567 3681 /* Reset type and pointer */
wolfSSL 7:481bce714567 3682 ssl->sigType = 0;
wolfSSL 7:481bce714567 3683 ssl->sigKey = NULL;
wolfSSL 7:481bce714567 3684 }
wolfSSL 7:481bce714567 3685 }
wolfSSL 7:481bce714567 3686
wolfSSL 7:481bce714567 3687 /* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL 7:481bce714567 3688 void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL 7:481bce714567 3689 {
wolfSSL 7:481bce714567 3690 /* Note: any resources used during the handshake should be released in the
wolfSSL 7:481bce714567 3691 * function FreeHandshakeResources(). Be careful with the special cases
wolfSSL 7:481bce714567 3692 * like the RNG which may optionally be kept for the whole session. (For
wolfSSL 7:481bce714567 3693 * example with the RNG, it isn't used beyond the handshake except when
wolfSSL 7:481bce714567 3694 * using stream ciphers where it is retained. */
wolfSSL 7:481bce714567 3695
wolfSSL 7:481bce714567 3696 FreeCiphers(ssl);
wolfSSL 7:481bce714567 3697 FreeArrays(ssl, 0);
wolfSSL 7:481bce714567 3698 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 3699 if (ssl->options.weOwnRng) {
wolfSSL 7:481bce714567 3700 wc_FreeRng(ssl->rng);
wolfSSL 7:481bce714567 3701 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 3702 }
wolfSSL 7:481bce714567 3703 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 7:481bce714567 3704 XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL 7:481bce714567 3705 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 7:481bce714567 3706
wolfSSL 7:481bce714567 3707 /* clear keys struct after session */
wolfSSL 7:481bce714567 3708 ForceZero(&(ssl->keys), sizeof(Keys));
wolfSSL 7:481bce714567 3709
wolfSSL 7:481bce714567 3710 #ifndef NO_DH
wolfSSL 7:481bce714567 3711 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 7:481bce714567 3712 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 7:481bce714567 3713 ssl->buffers.serverDH_Priv.length);
wolfSSL 7:481bce714567 3714 }
wolfSSL 7:481bce714567 3715 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3716 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3717 /* parameters (p,g) may be owned by ctx */
wolfSSL 7:481bce714567 3718 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 3719 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3720 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3721 }
wolfSSL 7:481bce714567 3722 #endif /* !NO_DH */
wolfSSL 7:481bce714567 3723 #ifndef NO_CERTS
wolfSSL 7:481bce714567 3724 ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL 7:481bce714567 3725 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 7:481bce714567 3726 #endif
wolfSSL 7:481bce714567 3727 #ifndef NO_RSA
wolfSSL 7:481bce714567 3728 if (ssl->peerRsaKey) {
wolfSSL 7:481bce714567 3729 wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL 7:481bce714567 3730 XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 3731 }
wolfSSL 7:481bce714567 3732 #endif
wolfSSL 7:481bce714567 3733 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 3734 ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL 7:481bce714567 3735 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 3736 ShrinkOutputBuffer(ssl);
wolfSSL 7:481bce714567 3737 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 3738 DtlsMsgPoolReset(ssl);
wolfSSL 7:481bce714567 3739 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 7:481bce714567 3740 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 7:481bce714567 3741 ssl->dtls_rx_msg_list = NULL;
wolfSSL 7:481bce714567 3742 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 7:481bce714567 3743 }
wolfSSL 7:481bce714567 3744 XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 7:481bce714567 3745 ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL 7:481bce714567 3746 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 3747 XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
wolfSSL 7:481bce714567 3748 DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 7:481bce714567 3749 #endif
wolfSSL 7:481bce714567 3750 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 3751 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 7:481bce714567 3752 if (ssl->biord != ssl->biowr) /* only free write if different */
wolfSSL 7:481bce714567 3753 wolfSSL_BIO_free(ssl->biowr);
wolfSSL 7:481bce714567 3754 wolfSSL_BIO_free(ssl->biord); /* always free read bio */
wolfSSL 7:481bce714567 3755 #endif
wolfSSL 7:481bce714567 3756 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 3757 FreeStreams(ssl);
wolfSSL 7:481bce714567 3758 #endif
wolfSSL 7:481bce714567 3759 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3760 if (ssl->peerEccKey) {
wolfSSL 7:481bce714567 3761 if (ssl->peerEccKeyPresent)
wolfSSL 7:481bce714567 3762 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 3763 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3764 }
wolfSSL 7:481bce714567 3765 if (ssl->peerEccDsaKey) {
wolfSSL 7:481bce714567 3766 if (ssl->peerEccDsaKeyPresent)
wolfSSL 7:481bce714567 3767 wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL 7:481bce714567 3768 XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3769 }
wolfSSL 7:481bce714567 3770 if (ssl->eccTempKey) {
wolfSSL 7:481bce714567 3771 if (ssl->eccTempKeyPresent)
wolfSSL 7:481bce714567 3772 wc_ecc_free(ssl->eccTempKey);
wolfSSL 7:481bce714567 3773 XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3774 }
wolfSSL 7:481bce714567 3775 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3776 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 3777 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3778 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3779 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3780 #ifndef NO_RSA
wolfSSL 7:481bce714567 3781 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 3782 #endif /* NO_RSA */
wolfSSL 7:481bce714567 3783 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 3784 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 3785 TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL 7:481bce714567 3786
wolfSSL 7:481bce714567 3787 #ifdef HAVE_ALPN
wolfSSL 7:481bce714567 3788 if (ssl->alpn_client_list != NULL) {
wolfSSL 7:481bce714567 3789 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 3790 ssl->alpn_client_list = NULL;
wolfSSL 7:481bce714567 3791 }
wolfSSL 7:481bce714567 3792 #endif
wolfSSL 7:481bce714567 3793 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 7:481bce714567 3794 #ifdef HAVE_NETX
wolfSSL 7:481bce714567 3795 if (ssl->nxCtx.nxPacket)
wolfSSL 7:481bce714567 3796 nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL 7:481bce714567 3797 #endif
wolfSSL 7:481bce714567 3798 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 7:481bce714567 3799 FreeX509(&ssl->peerCert);
wolfSSL 7:481bce714567 3800 #endif
wolfSSL 7:481bce714567 3801
wolfSSL 7:481bce714567 3802 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 3803 if (ssl->session.isDynamic) {
wolfSSL 7:481bce714567 3804 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 3805 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 3806 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 3807 ssl->session.ticketLen = 0;
wolfSSL 7:481bce714567 3808 }
wolfSSL 7:481bce714567 3809 #endif
wolfSSL 7:481bce714567 3810
wolfSSL 7:481bce714567 3811 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 3812 /* check if using fixed io buffers and free them */
wolfSSL 7:481bce714567 3813 if (ssl->heap != NULL) {
wolfSSL 7:481bce714567 3814 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 3815 /* avoid dereferencing a test value */
wolfSSL 7:481bce714567 3816 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 7:481bce714567 3817 #endif
wolfSSL 7:481bce714567 3818 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 7:481bce714567 3819 WOLFSSL_HEAP* ctx_heap;
wolfSSL 7:481bce714567 3820
wolfSSL 7:481bce714567 3821 ctx_heap = ssl_hint->memory;
wolfSSL 7:481bce714567 3822 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 7:481bce714567 3823 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 7:481bce714567 3824 }
wolfSSL 7:481bce714567 3825 ctx_heap->curIO--;
wolfSSL 7:481bce714567 3826 if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
wolfSSL 7:481bce714567 3827 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 7:481bce714567 3828 }
wolfSSL 7:481bce714567 3829 if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
wolfSSL 7:481bce714567 3830 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 7:481bce714567 3831 }
wolfSSL 7:481bce714567 3832 if (ssl_hint->haFlag) { /* check if handshake count has been decreased*/
wolfSSL 7:481bce714567 3833 ctx_heap->curHa--;
wolfSSL 7:481bce714567 3834 }
wolfSSL 7:481bce714567 3835 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 7:481bce714567 3836
wolfSSL 7:481bce714567 3837 /* check if tracking stats */
wolfSSL 7:481bce714567 3838 if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 7:481bce714567 3839 XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3840 }
wolfSSL 7:481bce714567 3841 XFREE(ssl->heap, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 3842 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 3843 }
wolfSSL 7:481bce714567 3844 #endif
wolfSSL 7:481bce714567 3845 }
wolfSSL 7:481bce714567 3846 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 7:481bce714567 3847 }
wolfSSL 7:481bce714567 3848
wolfSSL 7:481bce714567 3849 /* Free any handshake resources no longer needed */
wolfSSL 7:481bce714567 3850 void FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL 7:481bce714567 3851 {
wolfSSL 7:481bce714567 3852 #ifndef NO_MD5
wolfSSL 7:481bce714567 3853 wc_Md5Free(&ssl->hsHashes->hashMd5);
wolfSSL 7:481bce714567 3854 #endif
wolfSSL 7:481bce714567 3855 #ifndef NO_SHA
wolfSSL 7:481bce714567 3856 wc_ShaFree(&ssl->hsHashes->hashSha);
wolfSSL 7:481bce714567 3857 #endif
wolfSSL 7:481bce714567 3858 #ifndef NO_SHA256
wolfSSL 7:481bce714567 3859 wc_Sha256Free(&ssl->hsHashes->hashSha256);
wolfSSL 7:481bce714567 3860 #endif
wolfSSL 7:481bce714567 3861
wolfSSL 7:481bce714567 3862 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 3863 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 7:481bce714567 3864 WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
wolfSSL 7:481bce714567 3865 return;
wolfSSL 7:481bce714567 3866 }
wolfSSL 7:481bce714567 3867 #endif
wolfSSL 7:481bce714567 3868
wolfSSL 7:481bce714567 3869 /* input buffer */
wolfSSL 7:481bce714567 3870 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 3871 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 7:481bce714567 3872
wolfSSL 7:481bce714567 3873 /* suites */
wolfSSL 7:481bce714567 3874 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 7:481bce714567 3875 ssl->suites = NULL;
wolfSSL 7:481bce714567 3876
wolfSSL 7:481bce714567 3877 /* hsHashes */
wolfSSL 7:481bce714567 3878 XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL 7:481bce714567 3879 ssl->hsHashes = NULL;
wolfSSL 7:481bce714567 3880
wolfSSL 7:481bce714567 3881 /* RNG */
wolfSSL 7:481bce714567 3882 if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
wolfSSL 7:481bce714567 3883 if (ssl->options.weOwnRng) {
wolfSSL 7:481bce714567 3884 wc_FreeRng(ssl->rng);
wolfSSL 7:481bce714567 3885 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 7:481bce714567 3886 ssl->rng = NULL;
wolfSSL 7:481bce714567 3887 ssl->options.weOwnRng = 0;
wolfSSL 7:481bce714567 3888 }
wolfSSL 7:481bce714567 3889 }
wolfSSL 7:481bce714567 3890
wolfSSL 7:481bce714567 3891 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 3892 /* DTLS_POOL */
wolfSSL 7:481bce714567 3893 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 3894 DtlsMsgPoolReset(ssl);
wolfSSL 7:481bce714567 3895 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 7:481bce714567 3896 ssl->dtls_rx_msg_list = NULL;
wolfSSL 7:481bce714567 3897 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 7:481bce714567 3898 }
wolfSSL 7:481bce714567 3899 #endif
wolfSSL 7:481bce714567 3900
wolfSSL 7:481bce714567 3901 /* arrays */
wolfSSL 7:481bce714567 3902 if (ssl->options.saveArrays == 0)
wolfSSL 7:481bce714567 3903 FreeArrays(ssl, 1);
wolfSSL 7:481bce714567 3904
wolfSSL 7:481bce714567 3905 #ifndef NO_RSA
wolfSSL 7:481bce714567 3906 /* peerRsaKey */
wolfSSL 7:481bce714567 3907 if (ssl->peerRsaKey) {
wolfSSL 7:481bce714567 3908 wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL 7:481bce714567 3909 XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 3910 ssl->peerRsaKey = NULL;
wolfSSL 7:481bce714567 3911 }
wolfSSL 7:481bce714567 3912 #endif
wolfSSL 7:481bce714567 3913
wolfSSL 7:481bce714567 3914 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3915 if (ssl->peerEccKey)
wolfSSL 7:481bce714567 3916 {
wolfSSL 7:481bce714567 3917 if (ssl->peerEccKeyPresent) {
wolfSSL 7:481bce714567 3918 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 3919 ssl->peerEccKeyPresent = 0;
wolfSSL 7:481bce714567 3920 }
wolfSSL 7:481bce714567 3921 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3922 ssl->peerEccKey = NULL;
wolfSSL 7:481bce714567 3923 }
wolfSSL 7:481bce714567 3924 if (ssl->peerEccDsaKey)
wolfSSL 7:481bce714567 3925 {
wolfSSL 7:481bce714567 3926 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 7:481bce714567 3927 wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL 7:481bce714567 3928 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 7:481bce714567 3929 }
wolfSSL 7:481bce714567 3930 XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3931 ssl->peerEccDsaKey = NULL;
wolfSSL 7:481bce714567 3932 }
wolfSSL 7:481bce714567 3933 if (ssl->eccTempKey)
wolfSSL 7:481bce714567 3934 {
wolfSSL 7:481bce714567 3935 if (ssl->eccTempKeyPresent) {
wolfSSL 7:481bce714567 3936 wc_ecc_free(ssl->eccTempKey);
wolfSSL 7:481bce714567 3937 ssl->eccTempKeyPresent = 0;
wolfSSL 7:481bce714567 3938 }
wolfSSL 7:481bce714567 3939 XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3940 ssl->eccTempKey = NULL;
wolfSSL 7:481bce714567 3941 }
wolfSSL 7:481bce714567 3942 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3943 #ifndef NO_DH
wolfSSL 7:481bce714567 3944 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 7:481bce714567 3945 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 7:481bce714567 3946 ssl->buffers.serverDH_Priv.length);
wolfSSL 7:481bce714567 3947 }
wolfSSL 7:481bce714567 3948 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3949 ssl->buffers.serverDH_Priv.buffer = NULL;
wolfSSL 7:481bce714567 3950 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3951 ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL 7:481bce714567 3952 /* parameters (p,g) may be owned by ctx */
wolfSSL 7:481bce714567 3953 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 3954 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3955 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 7:481bce714567 3956 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 3957 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 7:481bce714567 3958 }
wolfSSL 7:481bce714567 3959 #endif /* !NO_DH */
wolfSSL 7:481bce714567 3960 #ifndef NO_CERTS
wolfSSL 7:481bce714567 3961 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 7:481bce714567 3962 #endif
wolfSSL 7:481bce714567 3963 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 3964 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 3965 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 3966 ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL 7:481bce714567 3967 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 3968 #ifndef NO_RSA
wolfSSL 7:481bce714567 3969 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 3970 ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL 7:481bce714567 3971 #endif /* NO_RSA */
wolfSSL 7:481bce714567 3972 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 3973
wolfSSL 7:481bce714567 3974 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 3975 QSH_FreeAll(ssl);
wolfSSL 7:481bce714567 3976 #endif
wolfSSL 7:481bce714567 3977
wolfSSL 7:481bce714567 3978 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 3979 if (ssl->session.isDynamic) {
wolfSSL 7:481bce714567 3980 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 3981 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 3982 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 3983 ssl->session.ticketLen = 0;
wolfSSL 7:481bce714567 3984 }
wolfSSL 7:481bce714567 3985 #endif
wolfSSL 7:481bce714567 3986
wolfSSL 7:481bce714567 3987 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 7:481bce714567 3988 /* when done with handshake decrement current handshake count */
wolfSSL 7:481bce714567 3989 if (ssl->heap != NULL) {
wolfSSL 7:481bce714567 3990 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 3991 /* avoid dereferencing a test value */
wolfSSL 7:481bce714567 3992 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 7:481bce714567 3993 #endif
wolfSSL 7:481bce714567 3994 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 7:481bce714567 3995 WOLFSSL_HEAP* ctx_heap;
wolfSSL 7:481bce714567 3996
wolfSSL 7:481bce714567 3997 ctx_heap = ssl_hint->memory;
wolfSSL 7:481bce714567 3998 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 7:481bce714567 3999 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 7:481bce714567 4000 }
wolfSSL 7:481bce714567 4001 ctx_heap->curHa--;
wolfSSL 7:481bce714567 4002 ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */
wolfSSL 7:481bce714567 4003 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 7:481bce714567 4004 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 7:481bce714567 4005 }
wolfSSL 7:481bce714567 4006 #endif
wolfSSL 7:481bce714567 4007 }
wolfSSL 7:481bce714567 4008 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 7:481bce714567 4009 }
wolfSSL 7:481bce714567 4010
wolfSSL 7:481bce714567 4011
wolfSSL 7:481bce714567 4012 /* heap argument is the heap hint used when creating SSL */
wolfSSL 7:481bce714567 4013 void FreeSSL(WOLFSSL* ssl, void* heap)
wolfSSL 7:481bce714567 4014 {
wolfSSL 7:481bce714567 4015 if (ssl->ctx) {
wolfSSL 7:481bce714567 4016 FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
wolfSSL 7:481bce714567 4017 }
wolfSSL 7:481bce714567 4018 SSL_ResourceFree(ssl);
wolfSSL 7:481bce714567 4019 XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
wolfSSL 7:481bce714567 4020 (void)heap;
wolfSSL 7:481bce714567 4021 }
wolfSSL 7:481bce714567 4022
wolfSSL 7:481bce714567 4023
wolfSSL 7:481bce714567 4024 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 7:481bce714567 4025 || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS)
wolfSSL 7:481bce714567 4026 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 7:481bce714567 4027 {
wolfSSL 7:481bce714567 4028 if (verify) {
wolfSSL 7:481bce714567 4029 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 7:481bce714567 4030 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 7:481bce714567 4031 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 7:481bce714567 4032 /* handle rollover */
wolfSSL 7:481bce714567 4033 ssl->keys.peer_sequence_number_hi++;
wolfSSL 7:481bce714567 4034 }
wolfSSL 7:481bce714567 4035 }
wolfSSL 7:481bce714567 4036 else {
wolfSSL 7:481bce714567 4037 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 7:481bce714567 4038 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 7:481bce714567 4039 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 7:481bce714567 4040 /* handle rollover */
wolfSSL 7:481bce714567 4041 ssl->keys.sequence_number_hi++;
wolfSSL 7:481bce714567 4042 }
wolfSSL 7:481bce714567 4043 }
wolfSSL 7:481bce714567 4044 }
wolfSSL 7:481bce714567 4045
wolfSSL 7:481bce714567 4046
wolfSSL 7:481bce714567 4047 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4048 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 7:481bce714567 4049 {
wolfSSL 7:481bce714567 4050 if (order == PREV_ORDER) {
wolfSSL 7:481bce714567 4051 /* Previous epoch case */
wolfSSL 7:481bce714567 4052 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 7:481bce714567 4053 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 7:481bce714567 4054 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 7:481bce714567 4055 }
wolfSSL 7:481bce714567 4056 else if (order == PEER_ORDER) {
wolfSSL 7:481bce714567 4057 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 7:481bce714567 4058 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 7:481bce714567 4059 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 7:481bce714567 4060 }
wolfSSL 7:481bce714567 4061 else {
wolfSSL 7:481bce714567 4062 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 7:481bce714567 4063 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 7:481bce714567 4064 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 7:481bce714567 4065 }
wolfSSL 7:481bce714567 4066 }
wolfSSL 7:481bce714567 4067
wolfSSL 7:481bce714567 4068 static INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order)
wolfSSL 7:481bce714567 4069 {
wolfSSL 7:481bce714567 4070 word32 seq;
wolfSSL 7:481bce714567 4071
wolfSSL 7:481bce714567 4072 if (order == PREV_ORDER) {
wolfSSL 7:481bce714567 4073 seq = ssl->keys.dtls_prev_sequence_number_lo++;
wolfSSL 7:481bce714567 4074 if (seq > ssl->keys.dtls_prev_sequence_number_lo) {
wolfSSL 7:481bce714567 4075 /* handle rollover */
wolfSSL 7:481bce714567 4076 ssl->keys.dtls_prev_sequence_number_hi++;
wolfSSL 7:481bce714567 4077 }
wolfSSL 7:481bce714567 4078 }
wolfSSL 7:481bce714567 4079 else if (order == PEER_ORDER) {
wolfSSL 7:481bce714567 4080 seq = ssl->keys.peer_sequence_number_lo++;
wolfSSL 7:481bce714567 4081 if (seq > ssl->keys.peer_sequence_number_lo) {
wolfSSL 7:481bce714567 4082 /* handle rollover */
wolfSSL 7:481bce714567 4083 ssl->keys.peer_sequence_number_hi++;
wolfSSL 7:481bce714567 4084 }
wolfSSL 7:481bce714567 4085 }
wolfSSL 7:481bce714567 4086 else {
wolfSSL 7:481bce714567 4087 seq = ssl->keys.dtls_sequence_number_lo++;
wolfSSL 7:481bce714567 4088 if (seq > ssl->keys.dtls_sequence_number_lo) {
wolfSSL 7:481bce714567 4089 /* handle rollover */
wolfSSL 7:481bce714567 4090 ssl->keys.dtls_sequence_number_hi++;
wolfSSL 7:481bce714567 4091 }
wolfSSL 7:481bce714567 4092 }
wolfSSL 7:481bce714567 4093 }
wolfSSL 7:481bce714567 4094 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 4095
wolfSSL 7:481bce714567 4096
wolfSSL 7:481bce714567 4097 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 7:481bce714567 4098 {
wolfSSL 7:481bce714567 4099 word32 seq[2] = {0, 0};
wolfSSL 7:481bce714567 4100
wolfSSL 7:481bce714567 4101 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 4102 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 7:481bce714567 4103 }
wolfSSL 7:481bce714567 4104 else {
wolfSSL 7:481bce714567 4105 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4106 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 7:481bce714567 4107 #endif
wolfSSL 7:481bce714567 4108 }
wolfSSL 7:481bce714567 4109
wolfSSL 7:481bce714567 4110 c32toa(seq[0], out);
wolfSSL 7:481bce714567 4111 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 7:481bce714567 4112 }
wolfSSL 7:481bce714567 4113 #endif
wolfSSL 7:481bce714567 4114
wolfSSL 7:481bce714567 4115
wolfSSL 7:481bce714567 4116 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4117
wolfSSL 7:481bce714567 4118 /* functions for managing DTLS datagram reordering */
wolfSSL 7:481bce714567 4119
wolfSSL 7:481bce714567 4120 /* Need to allocate space for the handshake message header. The hashing
wolfSSL 7:481bce714567 4121 * routines assume the message pointer is still within the buffer that
wolfSSL 7:481bce714567 4122 * has the headers, and will include those headers in the hash. The store
wolfSSL 7:481bce714567 4123 * routines need to take that into account as well. New will allocate
wolfSSL 7:481bce714567 4124 * extra space for the headers. */
wolfSSL 7:481bce714567 4125 DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL 7:481bce714567 4126 {
wolfSSL 7:481bce714567 4127 DtlsMsg* msg = NULL;
wolfSSL 7:481bce714567 4128
wolfSSL 7:481bce714567 4129 (void)heap;
wolfSSL 7:481bce714567 4130 msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 7:481bce714567 4131
wolfSSL 7:481bce714567 4132 if (msg != NULL) {
wolfSSL 7:481bce714567 4133 XMEMSET(msg, 0, sizeof(DtlsMsg));
wolfSSL 7:481bce714567 4134 msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 4135 heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 7:481bce714567 4136 if (msg->buf != NULL) {
wolfSSL 7:481bce714567 4137 msg->sz = sz;
wolfSSL 7:481bce714567 4138 msg->type = no_shake;
wolfSSL 7:481bce714567 4139 msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 4140 }
wolfSSL 7:481bce714567 4141 else {
wolfSSL 7:481bce714567 4142 XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 7:481bce714567 4143 msg = NULL;
wolfSSL 7:481bce714567 4144 }
wolfSSL 7:481bce714567 4145 }
wolfSSL 7:481bce714567 4146
wolfSSL 7:481bce714567 4147 return msg;
wolfSSL 7:481bce714567 4148 }
wolfSSL 7:481bce714567 4149
wolfSSL 7:481bce714567 4150 void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL 7:481bce714567 4151 {
wolfSSL 7:481bce714567 4152 (void)heap;
wolfSSL 7:481bce714567 4153
wolfSSL 7:481bce714567 4154 if (item != NULL) {
wolfSSL 7:481bce714567 4155 DtlsFrag* cur = item->fragList;
wolfSSL 7:481bce714567 4156 while (cur != NULL) {
wolfSSL 7:481bce714567 4157 DtlsFrag* next = cur->next;
wolfSSL 7:481bce714567 4158 XFREE(cur, heap, DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 7:481bce714567 4159 cur = next;
wolfSSL 7:481bce714567 4160 }
wolfSSL 7:481bce714567 4161 if (item->buf != NULL)
wolfSSL 7:481bce714567 4162 XFREE(item->buf, heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 7:481bce714567 4163 XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 7:481bce714567 4164 }
wolfSSL 7:481bce714567 4165 }
wolfSSL 7:481bce714567 4166
wolfSSL 7:481bce714567 4167
wolfSSL 7:481bce714567 4168 void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL 7:481bce714567 4169 {
wolfSSL 7:481bce714567 4170 DtlsMsg* next;
wolfSSL 7:481bce714567 4171 while (head) {
wolfSSL 7:481bce714567 4172 next = head->next;
wolfSSL 7:481bce714567 4173 DtlsMsgDelete(head, heap);
wolfSSL 7:481bce714567 4174 head = next;
wolfSSL 7:481bce714567 4175 }
wolfSSL 7:481bce714567 4176 }
wolfSSL 7:481bce714567 4177
wolfSSL 7:481bce714567 4178
wolfSSL 7:481bce714567 4179 /* Create a DTLS Fragment from *begin - end, adjust new *begin and bytesLeft */
wolfSSL 7:481bce714567 4180 static DtlsFrag* CreateFragment(word32* begin, word32 end, const byte* data,
wolfSSL 7:481bce714567 4181 byte* buf, word32* bytesLeft, void* heap)
wolfSSL 7:481bce714567 4182 {
wolfSSL 7:481bce714567 4183 DtlsFrag* newFrag;
wolfSSL 7:481bce714567 4184 word32 added = end - *begin + 1;
wolfSSL 7:481bce714567 4185
wolfSSL 7:481bce714567 4186 (void)heap;
wolfSSL 7:481bce714567 4187 newFrag = (DtlsFrag*)XMALLOC(sizeof(DtlsFrag), heap,
wolfSSL 7:481bce714567 4188 DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 7:481bce714567 4189 if (newFrag != NULL) {
wolfSSL 7:481bce714567 4190 newFrag->next = NULL;
wolfSSL 7:481bce714567 4191 newFrag->begin = *begin;
wolfSSL 7:481bce714567 4192 newFrag->end = end;
wolfSSL 7:481bce714567 4193
wolfSSL 7:481bce714567 4194 XMEMCPY(buf + *begin, data, added);
wolfSSL 7:481bce714567 4195 *bytesLeft -= added;
wolfSSL 7:481bce714567 4196 *begin = newFrag->end + 1;
wolfSSL 7:481bce714567 4197 }
wolfSSL 7:481bce714567 4198
wolfSSL 7:481bce714567 4199 return newFrag;
wolfSSL 7:481bce714567 4200 }
wolfSSL 7:481bce714567 4201
wolfSSL 7:481bce714567 4202
wolfSSL 7:481bce714567 4203 int DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL 7:481bce714567 4204 word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 7:481bce714567 4205 {
wolfSSL 7:481bce714567 4206 if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
wolfSSL 7:481bce714567 4207 (fragOffset + fragSz) <= msg->sz) {
wolfSSL 7:481bce714567 4208 DtlsFrag* cur = msg->fragList;
wolfSSL 7:481bce714567 4209 DtlsFrag* prev = cur;
wolfSSL 7:481bce714567 4210 DtlsFrag* newFrag;
wolfSSL 7:481bce714567 4211 word32 bytesLeft = fragSz; /* could be overlapping fragment */
wolfSSL 7:481bce714567 4212 word32 startOffset = fragOffset;
wolfSSL 7:481bce714567 4213 word32 added;
wolfSSL 7:481bce714567 4214
wolfSSL 7:481bce714567 4215 msg->seq = seq;
wolfSSL 7:481bce714567 4216 msg->type = type;
wolfSSL 7:481bce714567 4217
wolfSSL 7:481bce714567 4218 if (fragOffset == 0) {
wolfSSL 7:481bce714567 4219 XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 4220 DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL 7:481bce714567 4221 c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL 7:481bce714567 4222 }
wolfSSL 7:481bce714567 4223
wolfSSL 7:481bce714567 4224 /* if no mesage data, just return */
wolfSSL 7:481bce714567 4225 if (fragSz == 0)
wolfSSL 7:481bce714567 4226 return 0;
wolfSSL 7:481bce714567 4227
wolfSSL 7:481bce714567 4228 /* if list is empty add full fragment to front */
wolfSSL 7:481bce714567 4229 if (cur == NULL) {
wolfSSL 7:481bce714567 4230 newFrag = CreateFragment(&fragOffset, fragOffset + fragSz - 1, data,
wolfSSL 7:481bce714567 4231 msg->msg, &bytesLeft, heap);
wolfSSL 7:481bce714567 4232 if (newFrag == NULL)
wolfSSL 7:481bce714567 4233 return MEMORY_E;
wolfSSL 7:481bce714567 4234
wolfSSL 7:481bce714567 4235 msg->fragSz = fragSz;
wolfSSL 7:481bce714567 4236 msg->fragList = newFrag;
wolfSSL 7:481bce714567 4237
wolfSSL 7:481bce714567 4238 return 0;
wolfSSL 7:481bce714567 4239 }
wolfSSL 7:481bce714567 4240
wolfSSL 7:481bce714567 4241 /* add to front if before current front, up to next->begin */
wolfSSL 7:481bce714567 4242 if (fragOffset < cur->begin) {
wolfSSL 7:481bce714567 4243 word32 end = fragOffset + fragSz - 1;
wolfSSL 7:481bce714567 4244
wolfSSL 7:481bce714567 4245 if (end >= cur->begin)
wolfSSL 7:481bce714567 4246 end = cur->begin - 1;
wolfSSL 7:481bce714567 4247
wolfSSL 7:481bce714567 4248 added = end - fragOffset + 1;
wolfSSL 7:481bce714567 4249 newFrag = CreateFragment(&fragOffset, end, data, msg->msg,
wolfSSL 7:481bce714567 4250 &bytesLeft, heap);
wolfSSL 7:481bce714567 4251 if (newFrag == NULL)
wolfSSL 7:481bce714567 4252 return MEMORY_E;
wolfSSL 7:481bce714567 4253
wolfSSL 7:481bce714567 4254 msg->fragSz += added;
wolfSSL 7:481bce714567 4255
wolfSSL 7:481bce714567 4256 newFrag->next = cur;
wolfSSL 7:481bce714567 4257 msg->fragList = newFrag;
wolfSSL 7:481bce714567 4258 }
wolfSSL 7:481bce714567 4259
wolfSSL 7:481bce714567 4260 /* while we have bytes left, try to find a gap to fill */
wolfSSL 7:481bce714567 4261 while (bytesLeft > 0) {
wolfSSL 7:481bce714567 4262 /* get previous packet in list */
wolfSSL 7:481bce714567 4263 while (cur && (fragOffset >= cur->begin)) {
wolfSSL 7:481bce714567 4264 prev = cur;
wolfSSL 7:481bce714567 4265 cur = cur->next;
wolfSSL 7:481bce714567 4266 }
wolfSSL 7:481bce714567 4267
wolfSSL 7:481bce714567 4268 /* don't add duplicate data */
wolfSSL 7:481bce714567 4269 if (prev->end >= fragOffset) {
wolfSSL 7:481bce714567 4270 if ( (fragOffset + bytesLeft - 1) <= prev->end)
wolfSSL 7:481bce714567 4271 return 0;
wolfSSL 7:481bce714567 4272 fragOffset = prev->end + 1;
wolfSSL 7:481bce714567 4273 bytesLeft = startOffset + fragSz - fragOffset;
wolfSSL 7:481bce714567 4274 }
wolfSSL 7:481bce714567 4275
wolfSSL 7:481bce714567 4276 if (cur == NULL)
wolfSSL 7:481bce714567 4277 /* we're at the end */
wolfSSL 7:481bce714567 4278 added = bytesLeft;
wolfSSL 7:481bce714567 4279 else
wolfSSL 7:481bce714567 4280 /* we're in between two frames */
wolfSSL 7:481bce714567 4281 added = min(bytesLeft, cur->begin - fragOffset);
wolfSSL 7:481bce714567 4282
wolfSSL 7:481bce714567 4283 /* data already there */
wolfSSL 7:481bce714567 4284 if (added == 0)
wolfSSL 7:481bce714567 4285 continue;
wolfSSL 7:481bce714567 4286
wolfSSL 7:481bce714567 4287 newFrag = CreateFragment(&fragOffset, fragOffset + added - 1,
wolfSSL 7:481bce714567 4288 data + fragOffset - startOffset,
wolfSSL 7:481bce714567 4289 msg->msg, &bytesLeft, heap);
wolfSSL 7:481bce714567 4290 if (newFrag == NULL)
wolfSSL 7:481bce714567 4291 return MEMORY_E;
wolfSSL 7:481bce714567 4292
wolfSSL 7:481bce714567 4293 msg->fragSz += added;
wolfSSL 7:481bce714567 4294
wolfSSL 7:481bce714567 4295 newFrag->next = prev->next;
wolfSSL 7:481bce714567 4296 prev->next = newFrag;
wolfSSL 7:481bce714567 4297 }
wolfSSL 7:481bce714567 4298 }
wolfSSL 7:481bce714567 4299
wolfSSL 7:481bce714567 4300 return 0;
wolfSSL 7:481bce714567 4301 }
wolfSSL 7:481bce714567 4302
wolfSSL 7:481bce714567 4303
wolfSSL 7:481bce714567 4304 DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL 7:481bce714567 4305 {
wolfSSL 7:481bce714567 4306 while (head != NULL && head->seq != seq) {
wolfSSL 7:481bce714567 4307 head = head->next;
wolfSSL 7:481bce714567 4308 }
wolfSSL 7:481bce714567 4309 return head;
wolfSSL 7:481bce714567 4310 }
wolfSSL 7:481bce714567 4311
wolfSSL 7:481bce714567 4312
wolfSSL 7:481bce714567 4313 void DtlsMsgStore(WOLFSSL* ssl, word32 seq, const byte* data,
wolfSSL 7:481bce714567 4314 word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 7:481bce714567 4315 {
wolfSSL 7:481bce714567 4316 /* See if seq exists in the list. If it isn't in the list, make
wolfSSL 7:481bce714567 4317 * a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL 7:481bce714567 4318 * starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL 7:481bce714567 4319 * the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL 7:481bce714567 4320 * data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL 7:481bce714567 4321 * msg->fragSz. Insertions take into account data already in the list
wolfSSL 7:481bce714567 4322 * in case there are overlaps in the handshake message due to retransmit
wolfSSL 7:481bce714567 4323 * messages. The new item should be inserted into the list in its
wolfSSL 7:481bce714567 4324 * proper position.
wolfSSL 7:481bce714567 4325 *
wolfSSL 7:481bce714567 4326 * 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL 7:481bce714567 4327 * list, create new item and insert into list. Either case, keep
wolfSSL 7:481bce714567 4328 * pointer to item.
wolfSSL 7:481bce714567 4329 * 2. Copy the data from the message to the stored message where it
wolfSSL 7:481bce714567 4330 * belongs without overlaps.
wolfSSL 7:481bce714567 4331 */
wolfSSL 7:481bce714567 4332
wolfSSL 7:481bce714567 4333 DtlsMsg* head = ssl->dtls_rx_msg_list;
wolfSSL 7:481bce714567 4334
wolfSSL 7:481bce714567 4335 if (head != NULL) {
wolfSSL 7:481bce714567 4336 DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL 7:481bce714567 4337 if (cur == NULL) {
wolfSSL 7:481bce714567 4338 cur = DtlsMsgNew(dataSz, heap);
wolfSSL 7:481bce714567 4339 if (cur != NULL) {
wolfSSL 7:481bce714567 4340 if (DtlsMsgSet(cur, seq, data, type,
wolfSSL 7:481bce714567 4341 fragOffset, fragSz, heap) < 0) {
wolfSSL 7:481bce714567 4342 DtlsMsgDelete(cur, heap);
wolfSSL 7:481bce714567 4343 }
wolfSSL 7:481bce714567 4344 else {
wolfSSL 7:481bce714567 4345 ssl->dtls_rx_msg_list_sz++;
wolfSSL 7:481bce714567 4346 head = DtlsMsgInsert(head, cur);
wolfSSL 7:481bce714567 4347 }
wolfSSL 7:481bce714567 4348 }
wolfSSL 7:481bce714567 4349 }
wolfSSL 7:481bce714567 4350 else {
wolfSSL 7:481bce714567 4351 /* If this fails, the data is just dropped. */
wolfSSL 7:481bce714567 4352 DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
wolfSSL 7:481bce714567 4353 }
wolfSSL 7:481bce714567 4354 }
wolfSSL 7:481bce714567 4355 else {
wolfSSL 7:481bce714567 4356 head = DtlsMsgNew(dataSz, heap);
wolfSSL 7:481bce714567 4357 if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
wolfSSL 7:481bce714567 4358 DtlsMsgDelete(head, heap);
wolfSSL 7:481bce714567 4359 head = NULL;
wolfSSL 7:481bce714567 4360 }
wolfSSL 7:481bce714567 4361 else {
wolfSSL 7:481bce714567 4362 ssl->dtls_rx_msg_list_sz++;
wolfSSL 7:481bce714567 4363 }
wolfSSL 7:481bce714567 4364 }
wolfSSL 7:481bce714567 4365
wolfSSL 7:481bce714567 4366 ssl->dtls_rx_msg_list = head;
wolfSSL 7:481bce714567 4367 }
wolfSSL 7:481bce714567 4368
wolfSSL 7:481bce714567 4369
wolfSSL 7:481bce714567 4370 /* DtlsMsgInsert() is an in-order insert. */
wolfSSL 7:481bce714567 4371 DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL 7:481bce714567 4372 {
wolfSSL 7:481bce714567 4373 if (head == NULL || item->seq < head->seq) {
wolfSSL 7:481bce714567 4374 item->next = head;
wolfSSL 7:481bce714567 4375 head = item;
wolfSSL 7:481bce714567 4376 }
wolfSSL 7:481bce714567 4377 else if (head->next == NULL) {
wolfSSL 7:481bce714567 4378 head->next = item;
wolfSSL 7:481bce714567 4379 }
wolfSSL 7:481bce714567 4380 else {
wolfSSL 7:481bce714567 4381 DtlsMsg* cur = head->next;
wolfSSL 7:481bce714567 4382 DtlsMsg* prev = head;
wolfSSL 7:481bce714567 4383 while (cur) {
wolfSSL 7:481bce714567 4384 if (item->seq < cur->seq) {
wolfSSL 7:481bce714567 4385 item->next = cur;
wolfSSL 7:481bce714567 4386 prev->next = item;
wolfSSL 7:481bce714567 4387 break;
wolfSSL 7:481bce714567 4388 }
wolfSSL 7:481bce714567 4389 prev = cur;
wolfSSL 7:481bce714567 4390 cur = cur->next;
wolfSSL 7:481bce714567 4391 }
wolfSSL 7:481bce714567 4392 if (cur == NULL) {
wolfSSL 7:481bce714567 4393 prev->next = item;
wolfSSL 7:481bce714567 4394 }
wolfSSL 7:481bce714567 4395 }
wolfSSL 7:481bce714567 4396
wolfSSL 7:481bce714567 4397 return head;
wolfSSL 7:481bce714567 4398 }
wolfSSL 7:481bce714567 4399
wolfSSL 7:481bce714567 4400
wolfSSL 7:481bce714567 4401 /* DtlsMsgPoolSave() adds the message to the end of the stored transmit list. */
wolfSSL 7:481bce714567 4402 int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz)
wolfSSL 7:481bce714567 4403 {
wolfSSL 7:481bce714567 4404 DtlsMsg* item;
wolfSSL 7:481bce714567 4405 int ret = 0;
wolfSSL 7:481bce714567 4406
wolfSSL 7:481bce714567 4407 if (ssl->dtls_tx_msg_list_sz > DTLS_POOL_SZ)
wolfSSL 7:481bce714567 4408 return DTLS_POOL_SZ_E;
wolfSSL 7:481bce714567 4409
wolfSSL 7:481bce714567 4410 item = DtlsMsgNew(dataSz, ssl->heap);
wolfSSL 7:481bce714567 4411
wolfSSL 7:481bce714567 4412 if (item != NULL) {
wolfSSL 7:481bce714567 4413 DtlsMsg* cur = ssl->dtls_tx_msg_list;
wolfSSL 7:481bce714567 4414
wolfSSL 7:481bce714567 4415 XMEMCPY(item->buf, data, dataSz);
wolfSSL 7:481bce714567 4416 item->sz = dataSz;
wolfSSL 7:481bce714567 4417 item->seq = ssl->keys.dtls_epoch;
wolfSSL 7:481bce714567 4418
wolfSSL 7:481bce714567 4419 if (cur == NULL)
wolfSSL 7:481bce714567 4420 ssl->dtls_tx_msg_list = item;
wolfSSL 7:481bce714567 4421 else {
wolfSSL 7:481bce714567 4422 while (cur->next)
wolfSSL 7:481bce714567 4423 cur = cur->next;
wolfSSL 7:481bce714567 4424 cur->next = item;
wolfSSL 7:481bce714567 4425 }
wolfSSL 7:481bce714567 4426 ssl->dtls_tx_msg_list_sz++;
wolfSSL 7:481bce714567 4427 }
wolfSSL 7:481bce714567 4428 else
wolfSSL 7:481bce714567 4429 ret = MEMORY_E;
wolfSSL 7:481bce714567 4430
wolfSSL 7:481bce714567 4431 return ret;
wolfSSL 7:481bce714567 4432 }
wolfSSL 7:481bce714567 4433
wolfSSL 7:481bce714567 4434
wolfSSL 7:481bce714567 4435 /* DtlsMsgPoolTimeout() updates the timeout time. */
wolfSSL 7:481bce714567 4436 int DtlsMsgPoolTimeout(WOLFSSL* ssl)
wolfSSL 7:481bce714567 4437 {
wolfSSL 7:481bce714567 4438 int result = -1;
wolfSSL 7:481bce714567 4439 if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL 7:481bce714567 4440 ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL 7:481bce714567 4441 result = 0;
wolfSSL 7:481bce714567 4442 }
wolfSSL 7:481bce714567 4443 return result;
wolfSSL 7:481bce714567 4444 }
wolfSSL 7:481bce714567 4445
wolfSSL 7:481bce714567 4446
wolfSSL 7:481bce714567 4447 /* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
wolfSSL 7:481bce714567 4448 * value. */
wolfSSL 7:481bce714567 4449 void DtlsMsgPoolReset(WOLFSSL* ssl)
wolfSSL 7:481bce714567 4450 {
wolfSSL 7:481bce714567 4451 if (ssl->dtls_tx_msg_list) {
wolfSSL 7:481bce714567 4452 DtlsMsgListDelete(ssl->dtls_tx_msg_list, ssl->heap);
wolfSSL 7:481bce714567 4453 ssl->dtls_tx_msg_list = NULL;
wolfSSL 7:481bce714567 4454 ssl->dtls_tx_msg_list_sz = 0;
wolfSSL 7:481bce714567 4455 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 7:481bce714567 4456 }
wolfSSL 7:481bce714567 4457 }
wolfSSL 7:481bce714567 4458
wolfSSL 7:481bce714567 4459
wolfSSL 7:481bce714567 4460 int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
wolfSSL 7:481bce714567 4461 {
wolfSSL 7:481bce714567 4462 /**
wolfSSL 7:481bce714567 4463 * only the first message from previous flight should be valid
wolfSSL 7:481bce714567 4464 * to be used for triggering retransmission of whole DtlsMsgPool.
wolfSSL 7:481bce714567 4465 * change cipher suite type is not verified here
wolfSSL 7:481bce714567 4466 */
wolfSSL 7:481bce714567 4467 return ((fragOffset == 0) &&
wolfSSL 7:481bce714567 4468 (((ssl->options.side == WOLFSSL_SERVER_END) &&
wolfSSL 7:481bce714567 4469 ((type == client_hello) ||
wolfSSL 7:481bce714567 4470 ((ssl->options.verifyPeer) && (type == certificate)) ||
wolfSSL 7:481bce714567 4471 ((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
wolfSSL 7:481bce714567 4472 ((ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 7:481bce714567 4473 (type == server_hello))));
wolfSSL 7:481bce714567 4474 }
wolfSSL 7:481bce714567 4475
wolfSSL 7:481bce714567 4476
wolfSSL 7:481bce714567 4477 /* DtlsMsgPoolSend() will send the stored transmit list. The stored list is
wolfSSL 7:481bce714567 4478 * updated with new sequence numbers, and will be re-encrypted if needed. */
wolfSSL 7:481bce714567 4479 int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
wolfSSL 7:481bce714567 4480 {
wolfSSL 7:481bce714567 4481 int ret = 0;
wolfSSL 7:481bce714567 4482 DtlsMsg* pool = ssl->dtls_tx_msg_list;
wolfSSL 7:481bce714567 4483
wolfSSL 7:481bce714567 4484 if (pool != NULL) {
wolfSSL 7:481bce714567 4485
wolfSSL 7:481bce714567 4486 while (pool != NULL) {
wolfSSL 7:481bce714567 4487 if (pool->seq == 0) {
wolfSSL 7:481bce714567 4488 DtlsRecordLayerHeader* dtls;
wolfSSL 7:481bce714567 4489 int epochOrder;
wolfSSL 7:481bce714567 4490
wolfSSL 7:481bce714567 4491 dtls = (DtlsRecordLayerHeader*)pool->buf;
wolfSSL 7:481bce714567 4492 /* If the stored record's epoch is 0, and the currently set
wolfSSL 7:481bce714567 4493 * epoch is 0, use the "current order" sequence number.
wolfSSL 7:481bce714567 4494 * If the stored record's epoch is 0 and the currently set
wolfSSL 7:481bce714567 4495 * epoch is not 0, the stored record is considered a "previous
wolfSSL 7:481bce714567 4496 * order" sequence number. */
wolfSSL 7:481bce714567 4497 epochOrder = (ssl->keys.dtls_epoch == 0) ?
wolfSSL 7:481bce714567 4498 CUR_ORDER : PREV_ORDER;
wolfSSL 7:481bce714567 4499
wolfSSL 7:481bce714567 4500 WriteSEQ(ssl, epochOrder, dtls->sequence_number);
wolfSSL 7:481bce714567 4501 DtlsSEQIncrement(ssl, epochOrder);
wolfSSL 7:481bce714567 4502 if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0)
wolfSSL 7:481bce714567 4503 return ret;
wolfSSL 7:481bce714567 4504
wolfSSL 7:481bce714567 4505 XMEMCPY(ssl->buffers.outputBuffer.buffer,
wolfSSL 7:481bce714567 4506 pool->buf, pool->sz);
wolfSSL 7:481bce714567 4507 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 7:481bce714567 4508 ssl->buffers.outputBuffer.length = pool->sz;
wolfSSL 7:481bce714567 4509 }
wolfSSL 7:481bce714567 4510 else if (pool->seq == ssl->keys.dtls_epoch) {
wolfSSL 7:481bce714567 4511 byte* input;
wolfSSL 7:481bce714567 4512 byte* output;
wolfSSL 7:481bce714567 4513 int inputSz, sendSz;
wolfSSL 7:481bce714567 4514
wolfSSL 7:481bce714567 4515 input = pool->buf;
wolfSSL 7:481bce714567 4516 inputSz = pool->sz;
wolfSSL 7:481bce714567 4517 sendSz = inputSz + MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 4518
wolfSSL 7:481bce714567 4519 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 4520 return ret;
wolfSSL 7:481bce714567 4521
wolfSSL 7:481bce714567 4522 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 4523 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 4524 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 4525 handshake, 0, 0);
wolfSSL 7:481bce714567 4526 if (sendSz < 0)
wolfSSL 7:481bce714567 4527 return BUILD_MSG_ERROR;
wolfSSL 7:481bce714567 4528
wolfSSL 7:481bce714567 4529 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 4530 }
wolfSSL 7:481bce714567 4531
wolfSSL 7:481bce714567 4532 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 4533 if (ret < 0) {
wolfSSL 7:481bce714567 4534 return ret;
wolfSSL 7:481bce714567 4535 }
wolfSSL 7:481bce714567 4536
wolfSSL 7:481bce714567 4537 /**
wolfSSL 7:481bce714567 4538 * on server side, retranmission is being triggered only by sending
wolfSSL 7:481bce714567 4539 * first message of given flight, in order to trigger client
wolfSSL 7:481bce714567 4540 * to retransmit its whole flight. Sending the whole previous flight
wolfSSL 7:481bce714567 4541 * could lead to retranmission of previous client flight for each
wolfSSL 7:481bce714567 4542 * server message from previous flight. Therefore one message should
wolfSSL 7:481bce714567 4543 * be enough to do the trick.
wolfSSL 7:481bce714567 4544 */
wolfSSL 7:481bce714567 4545 if (sendOnlyFirstPacket &&
wolfSSL 7:481bce714567 4546 ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 4547
wolfSSL 7:481bce714567 4548 pool = NULL;
wolfSSL 7:481bce714567 4549 }
wolfSSL 7:481bce714567 4550 else
wolfSSL 7:481bce714567 4551 pool = pool->next;
wolfSSL 7:481bce714567 4552 }
wolfSSL 7:481bce714567 4553 }
wolfSSL 7:481bce714567 4554
wolfSSL 7:481bce714567 4555 return ret;
wolfSSL 7:481bce714567 4556 }
wolfSSL 7:481bce714567 4557
wolfSSL 7:481bce714567 4558 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 4559
wolfSSL 7:481bce714567 4560 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 7:481bce714567 4561
wolfSSL 7:481bce714567 4562 ProtocolVersion MakeSSLv3(void)
wolfSSL 7:481bce714567 4563 {
wolfSSL 7:481bce714567 4564 ProtocolVersion pv;
wolfSSL 7:481bce714567 4565 pv.major = SSLv3_MAJOR;
wolfSSL 7:481bce714567 4566 pv.minor = SSLv3_MINOR;
wolfSSL 7:481bce714567 4567
wolfSSL 7:481bce714567 4568 return pv;
wolfSSL 7:481bce714567 4569 }
wolfSSL 7:481bce714567 4570
wolfSSL 7:481bce714567 4571 #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
wolfSSL 7:481bce714567 4572
wolfSSL 7:481bce714567 4573
wolfSSL 7:481bce714567 4574 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4575
wolfSSL 7:481bce714567 4576 ProtocolVersion MakeDTLSv1(void)
wolfSSL 7:481bce714567 4577 {
wolfSSL 7:481bce714567 4578 ProtocolVersion pv;
wolfSSL 7:481bce714567 4579 pv.major = DTLS_MAJOR;
wolfSSL 7:481bce714567 4580 pv.minor = DTLS_MINOR;
wolfSSL 7:481bce714567 4581
wolfSSL 7:481bce714567 4582 return pv;
wolfSSL 7:481bce714567 4583 }
wolfSSL 7:481bce714567 4584
wolfSSL 7:481bce714567 4585 ProtocolVersion MakeDTLSv1_2(void)
wolfSSL 7:481bce714567 4586 {
wolfSSL 7:481bce714567 4587 ProtocolVersion pv;
wolfSSL 7:481bce714567 4588 pv.major = DTLS_MAJOR;
wolfSSL 7:481bce714567 4589 pv.minor = DTLSv1_2_MINOR;
wolfSSL 7:481bce714567 4590
wolfSSL 7:481bce714567 4591 return pv;
wolfSSL 7:481bce714567 4592 }
wolfSSL 7:481bce714567 4593
wolfSSL 7:481bce714567 4594 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 4595
wolfSSL 7:481bce714567 4596
wolfSSL 7:481bce714567 4597
wolfSSL 7:481bce714567 4598
wolfSSL 7:481bce714567 4599 #if defined(USER_TICKS)
wolfSSL 7:481bce714567 4600 #if 0
wolfSSL 7:481bce714567 4601 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4602 {
wolfSSL 7:481bce714567 4603 /*
wolfSSL 7:481bce714567 4604 write your own clock tick function if don't want time(0)
wolfSSL 7:481bce714567 4605 needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL 7:481bce714567 4606 */
wolfSSL 7:481bce714567 4607 }
wolfSSL 7:481bce714567 4608 #endif
wolfSSL 7:481bce714567 4609
wolfSSL 7:481bce714567 4610 #elif defined(TIME_OVERRIDES)
wolfSSL 7:481bce714567 4611
wolfSSL 7:481bce714567 4612 /* use same asn time overrides unless user wants tick override above */
wolfSSL 7:481bce714567 4613
wolfSSL 7:481bce714567 4614 #ifndef HAVE_TIME_T_TYPE
wolfSSL 7:481bce714567 4615 typedef long time_t;
wolfSSL 7:481bce714567 4616 #endif
wolfSSL 7:481bce714567 4617 extern time_t XTIME(time_t * timer);
wolfSSL 7:481bce714567 4618
wolfSSL 7:481bce714567 4619 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4620 {
wolfSSL 7:481bce714567 4621 return (word32) XTIME(0);
wolfSSL 7:481bce714567 4622 }
wolfSSL 7:481bce714567 4623
wolfSSL 7:481bce714567 4624 #elif defined(USE_WINDOWS_API)
wolfSSL 7:481bce714567 4625
wolfSSL 7:481bce714567 4626 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4627 {
wolfSSL 7:481bce714567 4628 static int init = 0;
wolfSSL 7:481bce714567 4629 static LARGE_INTEGER freq;
wolfSSL 7:481bce714567 4630 LARGE_INTEGER count;
wolfSSL 7:481bce714567 4631
wolfSSL 7:481bce714567 4632 if (!init) {
wolfSSL 7:481bce714567 4633 QueryPerformanceFrequency(&freq);
wolfSSL 7:481bce714567 4634 init = 1;
wolfSSL 7:481bce714567 4635 }
wolfSSL 7:481bce714567 4636
wolfSSL 7:481bce714567 4637 QueryPerformanceCounter(&count);
wolfSSL 7:481bce714567 4638
wolfSSL 7:481bce714567 4639 return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL 7:481bce714567 4640 }
wolfSSL 7:481bce714567 4641
wolfSSL 7:481bce714567 4642 #elif defined(HAVE_RTP_SYS)
wolfSSL 7:481bce714567 4643
wolfSSL 7:481bce714567 4644 #include "rtptime.h"
wolfSSL 7:481bce714567 4645
wolfSSL 7:481bce714567 4646 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4647 {
wolfSSL 7:481bce714567 4648 return (word32)rtp_get_system_sec();
wolfSSL 7:481bce714567 4649 }
wolfSSL 7:481bce714567 4650
wolfSSL 7:481bce714567 4651
wolfSSL 7:481bce714567 4652 #elif defined(MICRIUM)
wolfSSL 7:481bce714567 4653
wolfSSL 7:481bce714567 4654 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4655 {
wolfSSL 7:481bce714567 4656 NET_SECURE_OS_TICK clk = 0;
wolfSSL 7:481bce714567 4657
wolfSSL 7:481bce714567 4658 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL 7:481bce714567 4659 clk = NetSecure_OS_TimeGet();
wolfSSL 7:481bce714567 4660 #endif
wolfSSL 7:481bce714567 4661 return (word32)clk;
wolfSSL 7:481bce714567 4662 }
wolfSSL 7:481bce714567 4663
wolfSSL 7:481bce714567 4664
wolfSSL 7:481bce714567 4665 #elif defined(MICROCHIP_TCPIP_V5)
wolfSSL 7:481bce714567 4666
wolfSSL 7:481bce714567 4667 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4668 {
wolfSSL 7:481bce714567 4669 return (word32) (TickGet() / TICKS_PER_SECOND);
wolfSSL 7:481bce714567 4670 }
wolfSSL 7:481bce714567 4671
wolfSSL 7:481bce714567 4672
wolfSSL 7:481bce714567 4673 #elif defined(MICROCHIP_TCPIP)
wolfSSL 7:481bce714567 4674
wolfSSL 7:481bce714567 4675 #if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL 7:481bce714567 4676
wolfSSL 7:481bce714567 4677 #include <system/tmr/sys_tmr.h>
wolfSSL 7:481bce714567 4678
wolfSSL 7:481bce714567 4679 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4680 {
wolfSSL 7:481bce714567 4681 return (word32) (SYS_TMR_TickCountGet() /
wolfSSL 7:481bce714567 4682 SYS_TMR_TickCounterFrequencyGet());
wolfSSL 7:481bce714567 4683 }
wolfSSL 7:481bce714567 4684
wolfSSL 7:481bce714567 4685 #else
wolfSSL 7:481bce714567 4686
wolfSSL 7:481bce714567 4687 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4688 {
wolfSSL 7:481bce714567 4689 return (word32) (SYS_TICK_Get() / SYS_TICK_TicksPerSecondGet());
wolfSSL 7:481bce714567 4690 }
wolfSSL 7:481bce714567 4691
wolfSSL 7:481bce714567 4692 #endif
wolfSSL 7:481bce714567 4693
wolfSSL 7:481bce714567 4694 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 7:481bce714567 4695
wolfSSL 7:481bce714567 4696 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4697 {
wolfSSL 7:481bce714567 4698 TIME_STRUCT mqxTime;
wolfSSL 7:481bce714567 4699
wolfSSL 7:481bce714567 4700 _time_get_elapsed(&mqxTime);
wolfSSL 7:481bce714567 4701
wolfSSL 7:481bce714567 4702 return (word32) mqxTime.SECONDS;
wolfSSL 7:481bce714567 4703 }
wolfSSL 7:481bce714567 4704 #elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
wolfSSL 7:481bce714567 4705
wolfSSL 7:481bce714567 4706 #include "include/task.h"
wolfSSL 7:481bce714567 4707
wolfSSL 7:481bce714567 4708 unsigned int LowResTimer(void)
wolfSSL 7:481bce714567 4709 {
wolfSSL 7:481bce714567 4710 return (unsigned int)(((float)xTaskGetTickCount())/configTICK_RATE_HZ);
wolfSSL 7:481bce714567 4711 }
wolfSSL 7:481bce714567 4712
wolfSSL 7:481bce714567 4713 #elif defined(FREESCALE_KSDK_BM)
wolfSSL 7:481bce714567 4714
wolfSSL 7:481bce714567 4715 #include "lwip/sys.h" /* lwIP */
wolfSSL 7:481bce714567 4716 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4717 {
wolfSSL 7:481bce714567 4718 return sys_now()/1000;
wolfSSL 7:481bce714567 4719 }
wolfSSL 7:481bce714567 4720
wolfSSL 7:481bce714567 4721 #elif defined(WOLFSSL_TIRTOS)
wolfSSL 7:481bce714567 4722
wolfSSL 7:481bce714567 4723 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4724 {
wolfSSL 7:481bce714567 4725 return (word32) Seconds_get();
wolfSSL 7:481bce714567 4726 }
wolfSSL 7:481bce714567 4727
wolfSSL 7:481bce714567 4728 #elif defined(WOLFSSL_UTASKER)
wolfSSL 7:481bce714567 4729
wolfSSL 7:481bce714567 4730 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4731 {
wolfSSL 7:481bce714567 4732 return (word32)(uTaskerSystemTick / TICK_RESOLUTION);
wolfSSL 7:481bce714567 4733 }
wolfSSL 7:481bce714567 4734
wolfSSL 7:481bce714567 4735 #else
wolfSSL 7:481bce714567 4736 /* Posix style time */
wolfSSL 7:481bce714567 4737 #include <time.h>
wolfSSL 7:481bce714567 4738
wolfSSL 7:481bce714567 4739 word32 LowResTimer(void)
wolfSSL 7:481bce714567 4740 {
wolfSSL 7:481bce714567 4741 return (word32)time(0);
wolfSSL 7:481bce714567 4742 }
wolfSSL 7:481bce714567 4743
wolfSSL 7:481bce714567 4744
wolfSSL 7:481bce714567 4745 #endif
wolfSSL 7:481bce714567 4746
wolfSSL 7:481bce714567 4747
wolfSSL 7:481bce714567 4748 #ifndef NO_CERTS
wolfSSL 7:481bce714567 4749 static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wolfSSL 7:481bce714567 4750 {
wolfSSL 7:481bce714567 4751 int ret = 0;
wolfSSL 7:481bce714567 4752
wolfSSL 7:481bce714567 4753 (void)output;
wolfSSL 7:481bce714567 4754 (void)sz;
wolfSSL 7:481bce714567 4755
wolfSSL 7:481bce714567 4756 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 4757 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 4758 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 4759 #endif
wolfSSL 7:481bce714567 4760 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 4761 #ifndef NO_SHA
wolfSSL 7:481bce714567 4762 wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
wolfSSL 7:481bce714567 4763 #endif
wolfSSL 7:481bce714567 4764 #ifndef NO_MD5
wolfSSL 7:481bce714567 4765 wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
wolfSSL 7:481bce714567 4766 #endif
wolfSSL 7:481bce714567 4767 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 4768
wolfSSL 7:481bce714567 4769 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 4770 #ifndef NO_SHA256
wolfSSL 7:481bce714567 4771 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
wolfSSL 7:481bce714567 4772 if (ret != 0)
wolfSSL 7:481bce714567 4773 return ret;
wolfSSL 7:481bce714567 4774 #endif
wolfSSL 7:481bce714567 4775 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 4776 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
wolfSSL 7:481bce714567 4777 if (ret != 0)
wolfSSL 7:481bce714567 4778 return ret;
wolfSSL 7:481bce714567 4779 #endif
wolfSSL 7:481bce714567 4780 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 4781 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
wolfSSL 7:481bce714567 4782 if (ret != 0)
wolfSSL 7:481bce714567 4783 return ret;
wolfSSL 7:481bce714567 4784 #endif
wolfSSL 7:481bce714567 4785 }
wolfSSL 7:481bce714567 4786
wolfSSL 7:481bce714567 4787 return ret;
wolfSSL 7:481bce714567 4788 }
wolfSSL 7:481bce714567 4789 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 4790
wolfSSL 7:481bce714567 4791
wolfSSL 7:481bce714567 4792 /* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL 7:481bce714567 4793 static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL 7:481bce714567 4794 {
wolfSSL 7:481bce714567 4795 int ret = 0;
wolfSSL 7:481bce714567 4796 const byte* adj;
wolfSSL 7:481bce714567 4797
wolfSSL 7:481bce714567 4798 adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL 7:481bce714567 4799 sz -= RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 4800
wolfSSL 7:481bce714567 4801 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 4802 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 4803 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 4804 #endif
wolfSSL 7:481bce714567 4805 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4806 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 4807 adj += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 4808 sz -= DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 4809 }
wolfSSL 7:481bce714567 4810 #endif
wolfSSL 7:481bce714567 4811 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 4812 #ifndef NO_SHA
wolfSSL 7:481bce714567 4813 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 7:481bce714567 4814 #endif
wolfSSL 7:481bce714567 4815 #ifndef NO_MD5
wolfSSL 7:481bce714567 4816 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 7:481bce714567 4817 #endif
wolfSSL 7:481bce714567 4818 #endif
wolfSSL 7:481bce714567 4819
wolfSSL 7:481bce714567 4820 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 4821 #ifndef NO_SHA256
wolfSSL 7:481bce714567 4822 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 7:481bce714567 4823 if (ret != 0)
wolfSSL 7:481bce714567 4824 return ret;
wolfSSL 7:481bce714567 4825 #endif
wolfSSL 7:481bce714567 4826 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 4827 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 7:481bce714567 4828 if (ret != 0)
wolfSSL 7:481bce714567 4829 return ret;
wolfSSL 7:481bce714567 4830 #endif
wolfSSL 7:481bce714567 4831 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 4832 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 7:481bce714567 4833 if (ret != 0)
wolfSSL 7:481bce714567 4834 return ret;
wolfSSL 7:481bce714567 4835 #endif
wolfSSL 7:481bce714567 4836 }
wolfSSL 7:481bce714567 4837
wolfSSL 7:481bce714567 4838 return ret;
wolfSSL 7:481bce714567 4839 }
wolfSSL 7:481bce714567 4840
wolfSSL 7:481bce714567 4841
wolfSSL 7:481bce714567 4842 /* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL 7:481bce714567 4843 static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
wolfSSL 7:481bce714567 4844 {
wolfSSL 7:481bce714567 4845 int ret = 0;
wolfSSL 7:481bce714567 4846 const byte* adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 4847 sz += HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 4848
wolfSSL 7:481bce714567 4849 (void)adj;
wolfSSL 7:481bce714567 4850
wolfSSL 7:481bce714567 4851 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4852 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 4853 adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 4854 sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 4855 }
wolfSSL 7:481bce714567 4856 #endif
wolfSSL 7:481bce714567 4857
wolfSSL 7:481bce714567 4858 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 4859 #ifndef NO_SHA
wolfSSL 7:481bce714567 4860 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 7:481bce714567 4861 #endif
wolfSSL 7:481bce714567 4862 #ifndef NO_MD5
wolfSSL 7:481bce714567 4863 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 7:481bce714567 4864 #endif
wolfSSL 7:481bce714567 4865 #endif
wolfSSL 7:481bce714567 4866
wolfSSL 7:481bce714567 4867 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 4868 #ifndef NO_SHA256
wolfSSL 7:481bce714567 4869 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 7:481bce714567 4870 if (ret != 0)
wolfSSL 7:481bce714567 4871 return ret;
wolfSSL 7:481bce714567 4872 #endif
wolfSSL 7:481bce714567 4873 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 4874 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 7:481bce714567 4875 if (ret != 0)
wolfSSL 7:481bce714567 4876 return ret;
wolfSSL 7:481bce714567 4877 #endif
wolfSSL 7:481bce714567 4878 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 4879 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 7:481bce714567 4880 if (ret != 0)
wolfSSL 7:481bce714567 4881 return ret;
wolfSSL 7:481bce714567 4882 #endif
wolfSSL 7:481bce714567 4883 }
wolfSSL 7:481bce714567 4884
wolfSSL 7:481bce714567 4885 return ret;
wolfSSL 7:481bce714567 4886 }
wolfSSL 7:481bce714567 4887
wolfSSL 7:481bce714567 4888
wolfSSL 7:481bce714567 4889 /* add record layer header for message */
wolfSSL 7:481bce714567 4890 static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 7:481bce714567 4891 {
wolfSSL 7:481bce714567 4892 RecordLayerHeader* rl;
wolfSSL 7:481bce714567 4893
wolfSSL 7:481bce714567 4894 /* record layer header */
wolfSSL 7:481bce714567 4895 rl = (RecordLayerHeader*)output;
wolfSSL 7:481bce714567 4896 if (rl == NULL) {
wolfSSL 7:481bce714567 4897 return;
wolfSSL 7:481bce714567 4898 }
wolfSSL 7:481bce714567 4899 rl->type = type;
wolfSSL 7:481bce714567 4900 rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL 7:481bce714567 4901 rl->pvMinor = ssl->version.minor;
wolfSSL 7:481bce714567 4902
wolfSSL 7:481bce714567 4903 #ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
wolfSSL 7:481bce714567 4904 if (ssl->options.side == WOLFSSL_CLIENT_END
wolfSSL 7:481bce714567 4905 && ssl->options.connectState == CONNECT_BEGIN
wolfSSL 7:481bce714567 4906 && !ssl->options.resuming) {
wolfSSL 7:481bce714567 4907 rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
wolfSSL 7:481bce714567 4908 : ssl->version.minor;
wolfSSL 7:481bce714567 4909 }
wolfSSL 7:481bce714567 4910 #endif
wolfSSL 7:481bce714567 4911
wolfSSL 7:481bce714567 4912 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 4913 c16toa((word16)length, rl->length);
wolfSSL 7:481bce714567 4914 }
wolfSSL 7:481bce714567 4915 else {
wolfSSL 7:481bce714567 4916 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4917 DtlsRecordLayerHeader* dtls;
wolfSSL 7:481bce714567 4918
wolfSSL 7:481bce714567 4919 /* dtls record layer header extensions */
wolfSSL 7:481bce714567 4920 dtls = (DtlsRecordLayerHeader*)output;
wolfSSL 7:481bce714567 4921 WriteSEQ(ssl, 0, dtls->sequence_number);
wolfSSL 7:481bce714567 4922 c16toa((word16)length, dtls->length);
wolfSSL 7:481bce714567 4923 #endif
wolfSSL 7:481bce714567 4924 }
wolfSSL 7:481bce714567 4925 }
wolfSSL 7:481bce714567 4926
wolfSSL 7:481bce714567 4927
wolfSSL 7:481bce714567 4928 /* add handshake header for message */
wolfSSL 7:481bce714567 4929 static void AddHandShakeHeader(byte* output, word32 length,
wolfSSL 7:481bce714567 4930 word32 fragOffset, word32 fragLength,
wolfSSL 7:481bce714567 4931 byte type, WOLFSSL* ssl)
wolfSSL 7:481bce714567 4932 {
wolfSSL 7:481bce714567 4933 HandShakeHeader* hs;
wolfSSL 7:481bce714567 4934 (void)fragOffset;
wolfSSL 7:481bce714567 4935 (void)fragLength;
wolfSSL 7:481bce714567 4936 (void)ssl;
wolfSSL 7:481bce714567 4937
wolfSSL 7:481bce714567 4938 /* handshake header */
wolfSSL 7:481bce714567 4939 hs = (HandShakeHeader*)output;
wolfSSL 7:481bce714567 4940 hs->type = type;
wolfSSL 7:481bce714567 4941 c32to24(length, hs->length); /* type and length same for each */
wolfSSL 7:481bce714567 4942 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4943 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 4944 DtlsHandShakeHeader* dtls;
wolfSSL 7:481bce714567 4945
wolfSSL 7:481bce714567 4946 /* dtls handshake header extensions */
wolfSSL 7:481bce714567 4947 dtls = (DtlsHandShakeHeader*)output;
wolfSSL 7:481bce714567 4948 c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL 7:481bce714567 4949 c32to24(fragOffset, dtls->fragment_offset);
wolfSSL 7:481bce714567 4950 c32to24(fragLength, dtls->fragment_length);
wolfSSL 7:481bce714567 4951 }
wolfSSL 7:481bce714567 4952 #endif
wolfSSL 7:481bce714567 4953 }
wolfSSL 7:481bce714567 4954
wolfSSL 7:481bce714567 4955
wolfSSL 7:481bce714567 4956 /* add both headers for handshake message */
wolfSSL 7:481bce714567 4957 static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 7:481bce714567 4958 {
wolfSSL 7:481bce714567 4959 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 4960 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 4961
wolfSSL 7:481bce714567 4962 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4963 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 4964 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 4965 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 4966 }
wolfSSL 7:481bce714567 4967 #endif
wolfSSL 7:481bce714567 4968
wolfSSL 7:481bce714567 4969 AddRecordHeader(output, length + lengthAdj, handshake, ssl);
wolfSSL 7:481bce714567 4970 AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
wolfSSL 7:481bce714567 4971 }
wolfSSL 7:481bce714567 4972
wolfSSL 7:481bce714567 4973
wolfSSL 7:481bce714567 4974 #ifndef NO_CERTS
wolfSSL 7:481bce714567 4975 static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
wolfSSL 7:481bce714567 4976 word32 length, byte type, WOLFSSL* ssl)
wolfSSL 7:481bce714567 4977 {
wolfSSL 7:481bce714567 4978 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 4979 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 4980 (void)fragSz;
wolfSSL 7:481bce714567 4981
wolfSSL 7:481bce714567 4982 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 4983 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 4984 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 4985 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 4986 }
wolfSSL 7:481bce714567 4987 #endif
wolfSSL 7:481bce714567 4988
wolfSSL 7:481bce714567 4989 AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
wolfSSL 7:481bce714567 4990 AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
wolfSSL 7:481bce714567 4991 }
wolfSSL 7:481bce714567 4992 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 4993
wolfSSL 7:481bce714567 4994
wolfSSL 7:481bce714567 4995 /* return bytes received, -1 on error */
wolfSSL 7:481bce714567 4996 static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 7:481bce714567 4997 {
wolfSSL 7:481bce714567 4998 int recvd;
wolfSSL 7:481bce714567 4999
wolfSSL 7:481bce714567 5000 if (ssl->ctx->CBIORecv == NULL) {
wolfSSL 7:481bce714567 5001 WOLFSSL_MSG("Your IO Recv callback is null, please set");
wolfSSL 7:481bce714567 5002 return -1;
wolfSSL 7:481bce714567 5003 }
wolfSSL 7:481bce714567 5004
wolfSSL 7:481bce714567 5005 retry:
wolfSSL 7:481bce714567 5006 recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL 7:481bce714567 5007 if (recvd < 0)
wolfSSL 7:481bce714567 5008 switch (recvd) {
wolfSSL 7:481bce714567 5009 case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL 7:481bce714567 5010 return -1;
wolfSSL 7:481bce714567 5011
wolfSSL 7:481bce714567 5012 case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL 7:481bce714567 5013 return WANT_READ;
wolfSSL 7:481bce714567 5014
wolfSSL 7:481bce714567 5015 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 7:481bce714567 5016 #ifdef USE_WINDOWS_API
wolfSSL 7:481bce714567 5017 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 5018 goto retry;
wolfSSL 7:481bce714567 5019 }
wolfSSL 7:481bce714567 5020 #endif
wolfSSL 7:481bce714567 5021 ssl->options.connReset = 1;
wolfSSL 7:481bce714567 5022 return -1;
wolfSSL 7:481bce714567 5023
wolfSSL 7:481bce714567 5024 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 7:481bce714567 5025 /* see if we got our timeout */
wolfSSL 7:481bce714567 5026 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 5027 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 5028 struct itimerval timeout;
wolfSSL 7:481bce714567 5029 getitimer(ITIMER_REAL, &timeout);
wolfSSL 7:481bce714567 5030 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 7:481bce714567 5031 timeout.it_value.tv_usec == 0) {
wolfSSL 7:481bce714567 5032 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 7:481bce714567 5033 "recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 7:481bce714567 5034 WOLFSSL_MSG("Got our timeout");
wolfSSL 7:481bce714567 5035 return WANT_READ;
wolfSSL 7:481bce714567 5036 }
wolfSSL 7:481bce714567 5037 }
wolfSSL 7:481bce714567 5038 #endif
wolfSSL 7:481bce714567 5039 goto retry;
wolfSSL 7:481bce714567 5040
wolfSSL 7:481bce714567 5041 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL 7:481bce714567 5042 ssl->options.isClosed = 1;
wolfSSL 7:481bce714567 5043 return -1;
wolfSSL 7:481bce714567 5044
wolfSSL 7:481bce714567 5045 case WOLFSSL_CBIO_ERR_TIMEOUT:
wolfSSL 7:481bce714567 5046 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 5047 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 7:481bce714567 5048 !ssl->options.handShakeDone &&
wolfSSL 7:481bce714567 5049 DtlsMsgPoolTimeout(ssl) == 0 &&
wolfSSL 7:481bce714567 5050 DtlsMsgPoolSend(ssl, 0) == 0) {
wolfSSL 7:481bce714567 5051
wolfSSL 7:481bce714567 5052 goto retry;
wolfSSL 7:481bce714567 5053 }
wolfSSL 7:481bce714567 5054 #endif
wolfSSL 7:481bce714567 5055 return -1;
wolfSSL 7:481bce714567 5056
wolfSSL 7:481bce714567 5057 default:
wolfSSL 7:481bce714567 5058 return recvd;
wolfSSL 7:481bce714567 5059 }
wolfSSL 7:481bce714567 5060
wolfSSL 7:481bce714567 5061 return recvd;
wolfSSL 7:481bce714567 5062 }
wolfSSL 7:481bce714567 5063
wolfSSL 7:481bce714567 5064
wolfSSL 7:481bce714567 5065 /* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL 7:481bce714567 5066 void ShrinkOutputBuffer(WOLFSSL* ssl)
wolfSSL 7:481bce714567 5067 {
wolfSSL 7:481bce714567 5068 WOLFSSL_MSG("Shrinking output buffer\n");
wolfSSL 7:481bce714567 5069 XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL 7:481bce714567 5070 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 7:481bce714567 5071 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 7:481bce714567 5072 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 7:481bce714567 5073 ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL 7:481bce714567 5074 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 7:481bce714567 5075 }
wolfSSL 7:481bce714567 5076
wolfSSL 7:481bce714567 5077
wolfSSL 7:481bce714567 5078 /* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL 7:481bce714567 5079 /* forced free means cleaning up */
wolfSSL 7:481bce714567 5080 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
wolfSSL 7:481bce714567 5081 {
wolfSSL 7:481bce714567 5082 int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL 7:481bce714567 5083 ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 5084 if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL 7:481bce714567 5085 return;
wolfSSL 7:481bce714567 5086
wolfSSL 7:481bce714567 5087 WOLFSSL_MSG("Shrinking input buffer\n");
wolfSSL 7:481bce714567 5088
wolfSSL 7:481bce714567 5089 if (!forcedFree && usedLength > 0)
wolfSSL 7:481bce714567 5090 XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL 7:481bce714567 5091 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 5092 usedLength);
wolfSSL 7:481bce714567 5093
wolfSSL 7:481bce714567 5094 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 7:481bce714567 5095 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 7:481bce714567 5096 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 7:481bce714567 5097 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 7:481bce714567 5098 ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL 7:481bce714567 5099 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 7:481bce714567 5100 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 7:481bce714567 5101 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 7:481bce714567 5102 }
wolfSSL 7:481bce714567 5103
wolfSSL 7:481bce714567 5104 int SendBuffered(WOLFSSL* ssl)
wolfSSL 7:481bce714567 5105 {
wolfSSL 7:481bce714567 5106 if (ssl->ctx->CBIOSend == NULL) {
wolfSSL 7:481bce714567 5107 WOLFSSL_MSG("Your IO Send callback is null, please set");
wolfSSL 7:481bce714567 5108 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 5109 }
wolfSSL 7:481bce714567 5110
wolfSSL 7:481bce714567 5111 while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 7:481bce714567 5112 int sent = ssl->ctx->CBIOSend(ssl,
wolfSSL 7:481bce714567 5113 (char*)ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 5114 ssl->buffers.outputBuffer.idx,
wolfSSL 7:481bce714567 5115 (int)ssl->buffers.outputBuffer.length,
wolfSSL 7:481bce714567 5116 ssl->IOCB_WriteCtx);
wolfSSL 7:481bce714567 5117 if (sent < 0) {
wolfSSL 7:481bce714567 5118 switch (sent) {
wolfSSL 7:481bce714567 5119
wolfSSL 7:481bce714567 5120 case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL 7:481bce714567 5121 return WANT_WRITE;
wolfSSL 7:481bce714567 5122
wolfSSL 7:481bce714567 5123 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 7:481bce714567 5124 ssl->options.connReset = 1;
wolfSSL 7:481bce714567 5125 break;
wolfSSL 7:481bce714567 5126
wolfSSL 7:481bce714567 5127 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 7:481bce714567 5128 /* see if we got our timeout */
wolfSSL 7:481bce714567 5129 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 5130 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 5131 struct itimerval timeout;
wolfSSL 7:481bce714567 5132 getitimer(ITIMER_REAL, &timeout);
wolfSSL 7:481bce714567 5133 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 7:481bce714567 5134 timeout.it_value.tv_usec == 0) {
wolfSSL 7:481bce714567 5135 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 7:481bce714567 5136 "send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 7:481bce714567 5137 WOLFSSL_MSG("Got our timeout");
wolfSSL 7:481bce714567 5138 return WANT_WRITE;
wolfSSL 7:481bce714567 5139 }
wolfSSL 7:481bce714567 5140 }
wolfSSL 7:481bce714567 5141 #endif
wolfSSL 7:481bce714567 5142 continue;
wolfSSL 7:481bce714567 5143
wolfSSL 7:481bce714567 5144 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL 7:481bce714567 5145 ssl->options.connReset = 1; /* treat same as reset */
wolfSSL 7:481bce714567 5146 break;
wolfSSL 7:481bce714567 5147
wolfSSL 7:481bce714567 5148 default:
wolfSSL 7:481bce714567 5149 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 5150 }
wolfSSL 7:481bce714567 5151
wolfSSL 7:481bce714567 5152 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 5153 }
wolfSSL 7:481bce714567 5154
wolfSSL 7:481bce714567 5155 if (sent > (int)ssl->buffers.outputBuffer.length) {
wolfSSL 7:481bce714567 5156 WOLFSSL_MSG("SendBuffered() out of bounds read");
wolfSSL 7:481bce714567 5157 return SEND_OOB_READ_E;
wolfSSL 7:481bce714567 5158 }
wolfSSL 7:481bce714567 5159
wolfSSL 7:481bce714567 5160 ssl->buffers.outputBuffer.idx += sent;
wolfSSL 7:481bce714567 5161 ssl->buffers.outputBuffer.length -= sent;
wolfSSL 7:481bce714567 5162 }
wolfSSL 7:481bce714567 5163
wolfSSL 7:481bce714567 5164 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 7:481bce714567 5165
wolfSSL 7:481bce714567 5166 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 5167 ShrinkOutputBuffer(ssl);
wolfSSL 7:481bce714567 5168
wolfSSL 7:481bce714567 5169 return 0;
wolfSSL 7:481bce714567 5170 }
wolfSSL 7:481bce714567 5171
wolfSSL 7:481bce714567 5172
wolfSSL 7:481bce714567 5173 /* Grow the output buffer */
wolfSSL 7:481bce714567 5174 static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
wolfSSL 7:481bce714567 5175 {
wolfSSL 7:481bce714567 5176 byte* tmp;
wolfSSL 7:481bce714567 5177 byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL 7:481bce714567 5178 RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 5179 byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 7:481bce714567 5180 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 7:481bce714567 5181 the header, if the user wants encrypted alignment they need
wolfSSL 7:481bce714567 5182 to define their alignment requirement */
wolfSSL 7:481bce714567 5183
wolfSSL 7:481bce714567 5184 if (align) {
wolfSSL 7:481bce714567 5185 while (align < hdrSz)
wolfSSL 7:481bce714567 5186 align *= 2;
wolfSSL 7:481bce714567 5187 }
wolfSSL 7:481bce714567 5188
wolfSSL 7:481bce714567 5189 tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL 7:481bce714567 5190 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 7:481bce714567 5191 WOLFSSL_MSG("growing output buffer\n");
wolfSSL 7:481bce714567 5192
wolfSSL 7:481bce714567 5193 if (!tmp) return MEMORY_E;
wolfSSL 7:481bce714567 5194 if (align)
wolfSSL 7:481bce714567 5195 tmp += align - hdrSz;
wolfSSL 7:481bce714567 5196
wolfSSL 7:481bce714567 5197 if (ssl->buffers.outputBuffer.length)
wolfSSL 7:481bce714567 5198 XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL 7:481bce714567 5199 ssl->buffers.outputBuffer.length);
wolfSSL 7:481bce714567 5200
wolfSSL 7:481bce714567 5201 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 5202 XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL 7:481bce714567 5203 ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL 7:481bce714567 5204 DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 7:481bce714567 5205 ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL 7:481bce714567 5206 if (align)
wolfSSL 7:481bce714567 5207 ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL 7:481bce714567 5208 else
wolfSSL 7:481bce714567 5209 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 7:481bce714567 5210 ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL 7:481bce714567 5211 ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL 7:481bce714567 5212 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 5213 return 0;
wolfSSL 7:481bce714567 5214 }
wolfSSL 7:481bce714567 5215
wolfSSL 7:481bce714567 5216
wolfSSL 7:481bce714567 5217 /* Grow the input buffer, should only be to read cert or big app data */
wolfSSL 7:481bce714567 5218 int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
wolfSSL 7:481bce714567 5219 {
wolfSSL 7:481bce714567 5220 byte* tmp;
wolfSSL 7:481bce714567 5221 byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 5222 byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
wolfSSL 7:481bce714567 5223 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 7:481bce714567 5224 the dtls record header, if the user wants encrypted alignment they need
wolfSSL 7:481bce714567 5225 to define their alignment requirement. in tls we read record header
wolfSSL 7:481bce714567 5226 to get size of record and put actual data back at front, so don't need */
wolfSSL 7:481bce714567 5227
wolfSSL 7:481bce714567 5228 if (align) {
wolfSSL 7:481bce714567 5229 while (align < hdrSz)
wolfSSL 7:481bce714567 5230 align *= 2;
wolfSSL 7:481bce714567 5231 }
wolfSSL 7:481bce714567 5232
wolfSSL 7:481bce714567 5233 if (usedLength < 0 || size < 0) {
wolfSSL 7:481bce714567 5234 WOLFSSL_MSG("GrowInputBuffer() called with negative number");
wolfSSL 7:481bce714567 5235 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5236 }
wolfSSL 7:481bce714567 5237
wolfSSL 7:481bce714567 5238 tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
wolfSSL 7:481bce714567 5239 DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 7:481bce714567 5240 WOLFSSL_MSG("growing input buffer\n");
wolfSSL 7:481bce714567 5241
wolfSSL 7:481bce714567 5242 if (!tmp) return MEMORY_E;
wolfSSL 7:481bce714567 5243 if (align)
wolfSSL 7:481bce714567 5244 tmp += align - hdrSz;
wolfSSL 7:481bce714567 5245
wolfSSL 7:481bce714567 5246 if (usedLength)
wolfSSL 7:481bce714567 5247 XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 5248 ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL 7:481bce714567 5249
wolfSSL 7:481bce714567 5250 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 5251 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 7:481bce714567 5252 ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 7:481bce714567 5253
wolfSSL 7:481bce714567 5254 ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL 7:481bce714567 5255 if (align)
wolfSSL 7:481bce714567 5256 ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL 7:481bce714567 5257 else
wolfSSL 7:481bce714567 5258 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 7:481bce714567 5259 ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL 7:481bce714567 5260 ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL 7:481bce714567 5261 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 7:481bce714567 5262 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 7:481bce714567 5263
wolfSSL 7:481bce714567 5264 return 0;
wolfSSL 7:481bce714567 5265 }
wolfSSL 7:481bce714567 5266
wolfSSL 7:481bce714567 5267
wolfSSL 7:481bce714567 5268 /* check available size into output buffer, make room if needed */
wolfSSL 7:481bce714567 5269 int CheckAvailableSize(WOLFSSL *ssl, int size)
wolfSSL 7:481bce714567 5270 {
wolfSSL 7:481bce714567 5271
wolfSSL 7:481bce714567 5272 if (size < 0) {
wolfSSL 7:481bce714567 5273 WOLFSSL_MSG("CheckAvailableSize() called with negative number");
wolfSSL 7:481bce714567 5274 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 5275 }
wolfSSL 7:481bce714567 5276
wolfSSL 7:481bce714567 5277 if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL 7:481bce714567 5278 < (word32)size) {
wolfSSL 7:481bce714567 5279 if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL 7:481bce714567 5280 return MEMORY_E;
wolfSSL 7:481bce714567 5281 }
wolfSSL 7:481bce714567 5282
wolfSSL 7:481bce714567 5283 return 0;
wolfSSL 7:481bce714567 5284 }
wolfSSL 7:481bce714567 5285
wolfSSL 7:481bce714567 5286
wolfSSL 7:481bce714567 5287 /* do all verify and sanity checks on record header */
wolfSSL 7:481bce714567 5288 static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 5289 RecordLayerHeader* rh, word16 *size)
wolfSSL 7:481bce714567 5290 {
wolfSSL 7:481bce714567 5291 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 5292 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 5293 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 5294 ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
wolfSSL 7:481bce714567 5295 ssl->fuzzerCtx);
wolfSSL 7:481bce714567 5296 #endif
wolfSSL 7:481bce714567 5297 XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL 7:481bce714567 5298 *inOutIdx += RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 5299 ato16(rh->length, size);
wolfSSL 7:481bce714567 5300 }
wolfSSL 7:481bce714567 5301 else {
wolfSSL 7:481bce714567 5302 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 5303 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 5304 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 5305 ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
wolfSSL 7:481bce714567 5306 FUZZ_HEAD, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 5307 #endif
wolfSSL 7:481bce714567 5308 /* type and version in same sport */
wolfSSL 7:481bce714567 5309 XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL 7:481bce714567 5310 *inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL 7:481bce714567 5311 ato16(input + *inOutIdx, &ssl->keys.curEpoch);
wolfSSL 7:481bce714567 5312 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 5313 ato16(input + *inOutIdx, &ssl->keys.curSeq_hi);
wolfSSL 7:481bce714567 5314 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 5315 ato32(input + *inOutIdx, &ssl->keys.curSeq_lo);
wolfSSL 7:481bce714567 5316 *inOutIdx += OPAQUE32_LEN; /* advance past rest of seq */
wolfSSL 7:481bce714567 5317 ato16(input + *inOutIdx, size);
wolfSSL 7:481bce714567 5318 *inOutIdx += LENGTH_SZ;
wolfSSL 7:481bce714567 5319 #endif
wolfSSL 7:481bce714567 5320 }
wolfSSL 7:481bce714567 5321
wolfSSL 7:481bce714567 5322 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 5323 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 7:481bce714567 5324 (!DtlsCheckWindow(ssl) ||
wolfSSL 7:481bce714567 5325 (ssl->options.handShakeDone && ssl->keys.curEpoch == 0))) {
wolfSSL 7:481bce714567 5326 return SEQUENCE_ERROR;
wolfSSL 7:481bce714567 5327 }
wolfSSL 7:481bce714567 5328 #endif
wolfSSL 7:481bce714567 5329
wolfSSL 7:481bce714567 5330 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 5331 /* case where specific protocols are turned off */
wolfSSL 7:481bce714567 5332 if (!ssl->options.dtls && ssl->options.mask > 0) {
wolfSSL 7:481bce714567 5333 if (rh->pvMinor == SSLv3_MINOR &&
wolfSSL 7:481bce714567 5334 (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 7:481bce714567 5335 WOLFSSL_MSG("Option set to not allow SSLv3");
wolfSSL 7:481bce714567 5336 return VERSION_ERROR;
wolfSSL 7:481bce714567 5337 }
wolfSSL 7:481bce714567 5338 if (rh->pvMinor == TLSv1_MINOR &&
wolfSSL 7:481bce714567 5339 (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 7:481bce714567 5340 WOLFSSL_MSG("Option set to not allow TLSv1");
wolfSSL 7:481bce714567 5341 return VERSION_ERROR;
wolfSSL 7:481bce714567 5342 }
wolfSSL 7:481bce714567 5343 if (rh->pvMinor == TLSv1_1_MINOR &&
wolfSSL 7:481bce714567 5344 (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 7:481bce714567 5345 WOLFSSL_MSG("Option set to not allow TLSv1.1");
wolfSSL 7:481bce714567 5346 return VERSION_ERROR;
wolfSSL 7:481bce714567 5347 }
wolfSSL 7:481bce714567 5348 if (rh->pvMinor == TLSv1_2_MINOR &&
wolfSSL 7:481bce714567 5349 (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 7:481bce714567 5350 WOLFSSL_MSG("Option set to not allow TLSv1.2");
wolfSSL 7:481bce714567 5351 return VERSION_ERROR;
wolfSSL 7:481bce714567 5352 }
wolfSSL 7:481bce714567 5353 }
wolfSSL 7:481bce714567 5354 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 5355
wolfSSL 7:481bce714567 5356 /* catch version mismatch */
wolfSSL 7:481bce714567 5357 if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
wolfSSL 7:481bce714567 5358 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 7:481bce714567 5359 ssl->options.acceptState < ACCEPT_FIRST_REPLY_DONE)
wolfSSL 7:481bce714567 5360
wolfSSL 7:481bce714567 5361 WOLFSSL_MSG("Client attempting to connect with different version");
wolfSSL 7:481bce714567 5362 else if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL 7:481bce714567 5363 ssl->options.downgrade &&
wolfSSL 7:481bce714567 5364 ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL 7:481bce714567 5365 WOLFSSL_MSG("Server attempting to accept with different version");
wolfSSL 7:481bce714567 5366 else if (ssl->options.dtls && rh->type == handshake)
wolfSSL 7:481bce714567 5367 /* Check the DTLS handshake message RH version later. */
wolfSSL 7:481bce714567 5368 WOLFSSL_MSG("DTLS handshake, skip RH version number check");
wolfSSL 7:481bce714567 5369 else {
wolfSSL 7:481bce714567 5370 WOLFSSL_MSG("SSL version error");
wolfSSL 7:481bce714567 5371 return VERSION_ERROR; /* only use requested version */
wolfSSL 7:481bce714567 5372 }
wolfSSL 7:481bce714567 5373 }
wolfSSL 7:481bce714567 5374
wolfSSL 7:481bce714567 5375 /* record layer length check */
wolfSSL 7:481bce714567 5376 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 5377 if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
wolfSSL 7:481bce714567 5378 SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL 7:481bce714567 5379 return LENGTH_ERROR;
wolfSSL 7:481bce714567 5380 }
wolfSSL 7:481bce714567 5381 #else
wolfSSL 7:481bce714567 5382 if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL 7:481bce714567 5383 return LENGTH_ERROR;
wolfSSL 7:481bce714567 5384 #endif
wolfSSL 7:481bce714567 5385
wolfSSL 7:481bce714567 5386 /* verify record type here as well */
wolfSSL 7:481bce714567 5387 switch (rh->type) {
wolfSSL 7:481bce714567 5388 case handshake:
wolfSSL 7:481bce714567 5389 case change_cipher_spec:
wolfSSL 7:481bce714567 5390 case application_data:
wolfSSL 7:481bce714567 5391 case alert:
wolfSSL 7:481bce714567 5392 break;
wolfSSL 7:481bce714567 5393 case no_type:
wolfSSL 7:481bce714567 5394 default:
wolfSSL 7:481bce714567 5395 WOLFSSL_MSG("Unknown Record Type");
wolfSSL 7:481bce714567 5396 return UNKNOWN_RECORD_TYPE;
wolfSSL 7:481bce714567 5397 }
wolfSSL 7:481bce714567 5398
wolfSSL 7:481bce714567 5399 /* haven't decrypted this record yet */
wolfSSL 7:481bce714567 5400 ssl->keys.decryptedCur = 0;
wolfSSL 7:481bce714567 5401
wolfSSL 7:481bce714567 5402 return 0;
wolfSSL 7:481bce714567 5403 }
wolfSSL 7:481bce714567 5404
wolfSSL 7:481bce714567 5405
wolfSSL 7:481bce714567 5406 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 5407 byte *type, word32 *size, word32 totalSz)
wolfSSL 7:481bce714567 5408 {
wolfSSL 7:481bce714567 5409 const byte *ptr = input + *inOutIdx;
wolfSSL 7:481bce714567 5410 (void)ssl;
wolfSSL 7:481bce714567 5411
wolfSSL 7:481bce714567 5412 *inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 5413 if (*inOutIdx > totalSz)
wolfSSL 7:481bce714567 5414 return BUFFER_E;
wolfSSL 7:481bce714567 5415
wolfSSL 7:481bce714567 5416 *type = ptr[0];
wolfSSL 7:481bce714567 5417 c24to32(&ptr[1], size);
wolfSSL 7:481bce714567 5418
wolfSSL 7:481bce714567 5419 return 0;
wolfSSL 7:481bce714567 5420 }
wolfSSL 7:481bce714567 5421
wolfSSL 7:481bce714567 5422
wolfSSL 7:481bce714567 5423 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 5424 static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
wolfSSL 7:481bce714567 5425 word32* inOutIdx, byte *type, word32 *size,
wolfSSL 7:481bce714567 5426 word32 *fragOffset, word32 *fragSz,
wolfSSL 7:481bce714567 5427 word32 totalSz)
wolfSSL 7:481bce714567 5428 {
wolfSSL 7:481bce714567 5429 word32 idx = *inOutIdx;
wolfSSL 7:481bce714567 5430
wolfSSL 7:481bce714567 5431 *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 5432 if (*inOutIdx > totalSz)
wolfSSL 7:481bce714567 5433 return BUFFER_E;
wolfSSL 7:481bce714567 5434
wolfSSL 7:481bce714567 5435 *type = input[idx++];
wolfSSL 7:481bce714567 5436 c24to32(input + idx, size);
wolfSSL 7:481bce714567 5437 idx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 5438
wolfSSL 7:481bce714567 5439 ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL 7:481bce714567 5440 idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL 7:481bce714567 5441
wolfSSL 7:481bce714567 5442 c24to32(input + idx, fragOffset);
wolfSSL 7:481bce714567 5443 idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL 7:481bce714567 5444 c24to32(input + idx, fragSz);
wolfSSL 7:481bce714567 5445
wolfSSL 7:481bce714567 5446 if (ssl->curRL.pvMajor != ssl->version.major ||
wolfSSL 7:481bce714567 5447 ssl->curRL.pvMinor != ssl->version.minor) {
wolfSSL 7:481bce714567 5448
wolfSSL 7:481bce714567 5449 if (*type != client_hello && *type != hello_verify_request)
wolfSSL 7:481bce714567 5450 return VERSION_ERROR;
wolfSSL 7:481bce714567 5451 else {
wolfSSL 7:481bce714567 5452 WOLFSSL_MSG("DTLS Handshake ignoring hello or verify version");
wolfSSL 7:481bce714567 5453 }
wolfSSL 7:481bce714567 5454 }
wolfSSL 7:481bce714567 5455 return 0;
wolfSSL 7:481bce714567 5456 }
wolfSSL 7:481bce714567 5457 #endif
wolfSSL 7:481bce714567 5458
wolfSSL 7:481bce714567 5459
wolfSSL 7:481bce714567 5460 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 5461 /* fill with MD5 pad size since biggest required */
wolfSSL 7:481bce714567 5462 static const byte PAD1[PAD_MD5] =
wolfSSL 7:481bce714567 5463 { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 7:481bce714567 5464 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 7:481bce714567 5465 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 7:481bce714567 5466 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 7:481bce714567 5467 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 7:481bce714567 5468 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL 7:481bce714567 5469 };
wolfSSL 7:481bce714567 5470 static const byte PAD2[PAD_MD5] =
wolfSSL 7:481bce714567 5471 { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 7:481bce714567 5472 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 7:481bce714567 5473 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 7:481bce714567 5474 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 7:481bce714567 5475 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 7:481bce714567 5476 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL 7:481bce714567 5477 };
wolfSSL 7:481bce714567 5478
wolfSSL 7:481bce714567 5479 /* calculate MD5 hash for finished */
wolfSSL 7:481bce714567 5480 #ifdef WOLFSSL_TI_HASH
wolfSSL 7:481bce714567 5481 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 7:481bce714567 5482 #endif
wolfSSL 7:481bce714567 5483
wolfSSL 7:481bce714567 5484 static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 7:481bce714567 5485 {
wolfSSL 7:481bce714567 5486
wolfSSL 7:481bce714567 5487 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 7:481bce714567 5488
wolfSSL 7:481bce714567 5489 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5490 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5491 Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5492
wolfSSL 7:481bce714567 5493 if (md5 == NULL || md5_2 == NULL) {
wolfSSL 7:481bce714567 5494 if (md5) {
wolfSSL 7:481bce714567 5495 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5496 }
wolfSSL 7:481bce714567 5497 if (md5_2) {
wolfSSL 7:481bce714567 5498 XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5499 }
wolfSSL 7:481bce714567 5500 return MEMORY_E;
wolfSSL 7:481bce714567 5501 }
wolfSSL 7:481bce714567 5502 #else
wolfSSL 7:481bce714567 5503 Md5 md5[1];
wolfSSL 7:481bce714567 5504 Md5 md5_2[1];
wolfSSL 7:481bce714567 5505 #endif
wolfSSL 7:481bce714567 5506
wolfSSL 7:481bce714567 5507 /* make md5 inner */
wolfSSL 7:481bce714567 5508 md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
wolfSSL 7:481bce714567 5509
wolfSSL 7:481bce714567 5510 wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
wolfSSL 7:481bce714567 5511 wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 5512 wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wolfSSL 7:481bce714567 5513 wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wolfSSL 7:481bce714567 5514 wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
wolfSSL 7:481bce714567 5515
wolfSSL 7:481bce714567 5516 /* make md5 outer */
wolfSSL 7:481bce714567 5517 wc_InitMd5(md5_2) ;
wolfSSL 7:481bce714567 5518 wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 5519 wc_Md5Update(md5_2, PAD2, PAD_MD5);
wolfSSL 7:481bce714567 5520 wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
wolfSSL 7:481bce714567 5521 wc_Md5Final(md5_2, hashes->md5);
wolfSSL 7:481bce714567 5522
wolfSSL 7:481bce714567 5523 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5524 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5525 XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5526 #endif
wolfSSL 7:481bce714567 5527
wolfSSL 7:481bce714567 5528 return 0;
wolfSSL 7:481bce714567 5529 }
wolfSSL 7:481bce714567 5530
wolfSSL 7:481bce714567 5531
wolfSSL 7:481bce714567 5532 /* calculate SHA hash for finished */
wolfSSL 7:481bce714567 5533 static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 7:481bce714567 5534 {
wolfSSL 7:481bce714567 5535 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 7:481bce714567 5536
wolfSSL 7:481bce714567 5537 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5538 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5539 Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5540
wolfSSL 7:481bce714567 5541 if (sha == NULL || sha2 == NULL) {
wolfSSL 7:481bce714567 5542 if (sha) {
wolfSSL 7:481bce714567 5543 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5544 }
wolfSSL 7:481bce714567 5545 if (sha2) {
wolfSSL 7:481bce714567 5546 XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5547 }
wolfSSL 7:481bce714567 5548 return MEMORY_E;
wolfSSL 7:481bce714567 5549 }
wolfSSL 7:481bce714567 5550 #else
wolfSSL 7:481bce714567 5551 Sha sha[1];
wolfSSL 7:481bce714567 5552 Sha sha2[1] ;
wolfSSL 7:481bce714567 5553 #endif
wolfSSL 7:481bce714567 5554 /* make sha inner */
wolfSSL 7:481bce714567 5555 sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
wolfSSL 7:481bce714567 5556
wolfSSL 7:481bce714567 5557 wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
wolfSSL 7:481bce714567 5558 wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 5559 wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
wolfSSL 7:481bce714567 5560 wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
wolfSSL 7:481bce714567 5561 wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
wolfSSL 7:481bce714567 5562
wolfSSL 7:481bce714567 5563 /* make sha outer */
wolfSSL 7:481bce714567 5564 wc_InitSha(sha2) ;
wolfSSL 7:481bce714567 5565 wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 5566 wc_ShaUpdate(sha2, PAD2, PAD_SHA);
wolfSSL 7:481bce714567 5567 wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
wolfSSL 7:481bce714567 5568 wc_ShaFinal(sha2, hashes->sha);
wolfSSL 7:481bce714567 5569
wolfSSL 7:481bce714567 5570 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5571 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5572 XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5573 #endif
wolfSSL 7:481bce714567 5574
wolfSSL 7:481bce714567 5575 return 0;
wolfSSL 7:481bce714567 5576 }
wolfSSL 7:481bce714567 5577 #endif
wolfSSL 7:481bce714567 5578
wolfSSL 7:481bce714567 5579 /* Finished doesn't support SHA512, not SHA512 cipher suites yet */
wolfSSL 7:481bce714567 5580 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 7:481bce714567 5581 {
wolfSSL 7:481bce714567 5582 int ret = 0;
wolfSSL 7:481bce714567 5583 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5584 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5585 Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5586 #endif
wolfSSL 7:481bce714567 5587 #else
wolfSSL 7:481bce714567 5588 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5589 Sha384 sha384[1];
wolfSSL 7:481bce714567 5590 #endif
wolfSSL 7:481bce714567 5591 #endif
wolfSSL 7:481bce714567 5592
wolfSSL 7:481bce714567 5593 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5594 if (ssl == NULL
wolfSSL 7:481bce714567 5595 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5596 || sha384 == NULL
wolfSSL 7:481bce714567 5597 #endif
wolfSSL 7:481bce714567 5598 ) {
wolfSSL 7:481bce714567 5599 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5600 XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5601 #endif
wolfSSL 7:481bce714567 5602 return MEMORY_E;
wolfSSL 7:481bce714567 5603 }
wolfSSL 7:481bce714567 5604 #endif
wolfSSL 7:481bce714567 5605
wolfSSL 7:481bce714567 5606 /* store current states, building requires get_digest which resets state */
wolfSSL 7:481bce714567 5607 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5608 sha384[0] = ssl->hsHashes->hashSha384;
wolfSSL 7:481bce714567 5609 #endif
wolfSSL 7:481bce714567 5610
wolfSSL 7:481bce714567 5611 #ifndef NO_TLS
wolfSSL 7:481bce714567 5612 if (ssl->options.tls) {
wolfSSL 7:481bce714567 5613 ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL 7:481bce714567 5614 }
wolfSSL 7:481bce714567 5615 #endif
wolfSSL 7:481bce714567 5616 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 5617 if (!ssl->options.tls) {
wolfSSL 7:481bce714567 5618 ret = BuildMD5(ssl, hashes, sender);
wolfSSL 7:481bce714567 5619 if (ret == 0) {
wolfSSL 7:481bce714567 5620 ret = BuildSHA(ssl, hashes, sender);
wolfSSL 7:481bce714567 5621 }
wolfSSL 7:481bce714567 5622 }
wolfSSL 7:481bce714567 5623 #endif
wolfSSL 7:481bce714567 5624
wolfSSL 7:481bce714567 5625 /* restore */
wolfSSL 7:481bce714567 5626 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 5627 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5628 ssl->hsHashes->hashSha384 = sha384[0];
wolfSSL 7:481bce714567 5629 #endif
wolfSSL 7:481bce714567 5630 }
wolfSSL 7:481bce714567 5631
wolfSSL 7:481bce714567 5632 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 5633 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 5634 XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 5635 #endif
wolfSSL 7:481bce714567 5636 #endif
wolfSSL 7:481bce714567 5637
wolfSSL 7:481bce714567 5638 return ret;
wolfSSL 7:481bce714567 5639 }
wolfSSL 7:481bce714567 5640
wolfSSL 7:481bce714567 5641
wolfSSL 7:481bce714567 5642 /* cipher requirements */
wolfSSL 7:481bce714567 5643 enum {
wolfSSL 7:481bce714567 5644 REQUIRES_RSA,
wolfSSL 7:481bce714567 5645 REQUIRES_DHE,
wolfSSL 7:481bce714567 5646 REQUIRES_ECC,
wolfSSL 7:481bce714567 5647 REQUIRES_ECC_STATIC,
wolfSSL 7:481bce714567 5648 REQUIRES_PSK,
wolfSSL 7:481bce714567 5649 REQUIRES_NTRU,
wolfSSL 7:481bce714567 5650 REQUIRES_RSA_SIG
wolfSSL 7:481bce714567 5651 };
wolfSSL 7:481bce714567 5652
wolfSSL 7:481bce714567 5653
wolfSSL 7:481bce714567 5654
wolfSSL 7:481bce714567 5655 /* Does this cipher suite (first, second) have the requirement
wolfSSL 7:481bce714567 5656 an ephemeral key exchange will still require the key for signing
wolfSSL 7:481bce714567 5657 the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL 7:481bce714567 5658 static int CipherRequires(byte first, byte second, int requirement)
wolfSSL 7:481bce714567 5659 {
wolfSSL 7:481bce714567 5660
wolfSSL 7:481bce714567 5661 if (first == CHACHA_BYTE) {
wolfSSL 7:481bce714567 5662
wolfSSL 7:481bce714567 5663 switch (second) {
wolfSSL 7:481bce714567 5664
wolfSSL 7:481bce714567 5665 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5666 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5667 return 1;
wolfSSL 7:481bce714567 5668 break;
wolfSSL 7:481bce714567 5669
wolfSSL 7:481bce714567 5670 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5671 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5672 return 1;
wolfSSL 7:481bce714567 5673 break;
wolfSSL 7:481bce714567 5674
wolfSSL 7:481bce714567 5675 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5676 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5677 return 1;
wolfSSL 7:481bce714567 5678 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 5679 return 1;
wolfSSL 7:481bce714567 5680 break;
wolfSSL 7:481bce714567 5681
wolfSSL 7:481bce714567 5682 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5683 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5684 return 1;
wolfSSL 7:481bce714567 5685 break;
wolfSSL 7:481bce714567 5686
wolfSSL 7:481bce714567 5687 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5688 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5689 return 1;
wolfSSL 7:481bce714567 5690 break;
wolfSSL 7:481bce714567 5691
wolfSSL 7:481bce714567 5692 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5693 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5694 return 1;
wolfSSL 7:481bce714567 5695 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 5696 return 1;
wolfSSL 7:481bce714567 5697 break;
wolfSSL 7:481bce714567 5698
wolfSSL 7:481bce714567 5699
wolfSSL 7:481bce714567 5700 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5701 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5702 return 1;
wolfSSL 7:481bce714567 5703 break;
wolfSSL 7:481bce714567 5704
wolfSSL 7:481bce714567 5705 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5706 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5707 return 1;
wolfSSL 7:481bce714567 5708 break;
wolfSSL 7:481bce714567 5709
wolfSSL 7:481bce714567 5710 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 5711 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5712 return 1;
wolfSSL 7:481bce714567 5713 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 5714 return 1;
wolfSSL 7:481bce714567 5715 break;
wolfSSL 7:481bce714567 5716 }
wolfSSL 7:481bce714567 5717 }
wolfSSL 7:481bce714567 5718
wolfSSL 7:481bce714567 5719 /* ECC extensions */
wolfSSL 7:481bce714567 5720 if (first == ECC_BYTE) {
wolfSSL 7:481bce714567 5721
wolfSSL 7:481bce714567 5722 switch (second) {
wolfSSL 7:481bce714567 5723
wolfSSL 7:481bce714567 5724 #ifndef NO_RSA
wolfSSL 7:481bce714567 5725 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5726 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5727 return 1;
wolfSSL 7:481bce714567 5728 break;
wolfSSL 7:481bce714567 5729
wolfSSL 7:481bce714567 5730 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5731 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5732 return 1;
wolfSSL 7:481bce714567 5733 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5734 return 1;
wolfSSL 7:481bce714567 5735 break;
wolfSSL 7:481bce714567 5736
wolfSSL 7:481bce714567 5737 #ifndef NO_DES3
wolfSSL 7:481bce714567 5738 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5739 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5740 return 1;
wolfSSL 7:481bce714567 5741 break;
wolfSSL 7:481bce714567 5742
wolfSSL 7:481bce714567 5743 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5744 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5745 return 1;
wolfSSL 7:481bce714567 5746 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5747 return 1;
wolfSSL 7:481bce714567 5748 break;
wolfSSL 7:481bce714567 5749 #endif
wolfSSL 7:481bce714567 5750
wolfSSL 7:481bce714567 5751 #ifndef NO_RC4
wolfSSL 7:481bce714567 5752 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5753 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5754 return 1;
wolfSSL 7:481bce714567 5755 break;
wolfSSL 7:481bce714567 5756
wolfSSL 7:481bce714567 5757 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5758 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5759 return 1;
wolfSSL 7:481bce714567 5760 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5761 return 1;
wolfSSL 7:481bce714567 5762 break;
wolfSSL 7:481bce714567 5763 #endif
wolfSSL 7:481bce714567 5764 #endif /* NO_RSA */
wolfSSL 7:481bce714567 5765
wolfSSL 7:481bce714567 5766 #ifndef NO_DES3
wolfSSL 7:481bce714567 5767 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5768 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5769 return 1;
wolfSSL 7:481bce714567 5770 break;
wolfSSL 7:481bce714567 5771
wolfSSL 7:481bce714567 5772 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5773 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5774 return 1;
wolfSSL 7:481bce714567 5775 break;
wolfSSL 7:481bce714567 5776 #endif
wolfSSL 7:481bce714567 5777 #ifndef NO_RC4
wolfSSL 7:481bce714567 5778 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5779 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5780 return 1;
wolfSSL 7:481bce714567 5781 break;
wolfSSL 7:481bce714567 5782
wolfSSL 7:481bce714567 5783 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5784 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5785 return 1;
wolfSSL 7:481bce714567 5786 break;
wolfSSL 7:481bce714567 5787 #endif
wolfSSL 7:481bce714567 5788 #ifndef NO_RSA
wolfSSL 7:481bce714567 5789 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 5790 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5791 return 1;
wolfSSL 7:481bce714567 5792 break;
wolfSSL 7:481bce714567 5793
wolfSSL 7:481bce714567 5794 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 5795 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5796 return 1;
wolfSSL 7:481bce714567 5797 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5798 return 1;
wolfSSL 7:481bce714567 5799 break;
wolfSSL 7:481bce714567 5800 #endif
wolfSSL 7:481bce714567 5801
wolfSSL 7:481bce714567 5802 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5803 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5804 return 1;
wolfSSL 7:481bce714567 5805 break;
wolfSSL 7:481bce714567 5806
wolfSSL 7:481bce714567 5807 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5808 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5809 return 1;
wolfSSL 7:481bce714567 5810 break;
wolfSSL 7:481bce714567 5811
wolfSSL 7:481bce714567 5812 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 5813 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5814 return 1;
wolfSSL 7:481bce714567 5815 break;
wolfSSL 7:481bce714567 5816
wolfSSL 7:481bce714567 5817 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 5818 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5819 return 1;
wolfSSL 7:481bce714567 5820 break;
wolfSSL 7:481bce714567 5821
wolfSSL 7:481bce714567 5822 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 5823 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5824 return 1;
wolfSSL 7:481bce714567 5825 break;
wolfSSL 7:481bce714567 5826
wolfSSL 7:481bce714567 5827 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 5828 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5829 return 1;
wolfSSL 7:481bce714567 5830 break;
wolfSSL 7:481bce714567 5831
wolfSSL 7:481bce714567 5832 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 5833 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5834 return 1;
wolfSSL 7:481bce714567 5835 break;
wolfSSL 7:481bce714567 5836
wolfSSL 7:481bce714567 5837 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 5838 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5839 return 1;
wolfSSL 7:481bce714567 5840 break;
wolfSSL 7:481bce714567 5841
wolfSSL 7:481bce714567 5842 #ifndef NO_RSA
wolfSSL 7:481bce714567 5843 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 5844 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5845 return 1;
wolfSSL 7:481bce714567 5846 break;
wolfSSL 7:481bce714567 5847
wolfSSL 7:481bce714567 5848 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 5849 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5850 return 1;
wolfSSL 7:481bce714567 5851 break;
wolfSSL 7:481bce714567 5852
wolfSSL 7:481bce714567 5853 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 5854 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5855 return 1;
wolfSSL 7:481bce714567 5856 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5857 return 1;
wolfSSL 7:481bce714567 5858 break;
wolfSSL 7:481bce714567 5859
wolfSSL 7:481bce714567 5860 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 5861 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5862 return 1;
wolfSSL 7:481bce714567 5863 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5864 return 1;
wolfSSL 7:481bce714567 5865 break;
wolfSSL 7:481bce714567 5866
wolfSSL 7:481bce714567 5867 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 7:481bce714567 5868 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 7:481bce714567 5869 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5870 return 1;
wolfSSL 7:481bce714567 5871 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5872 return 1;
wolfSSL 7:481bce714567 5873 break;
wolfSSL 7:481bce714567 5874
wolfSSL 7:481bce714567 5875 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5876 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 5877 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5878 return 1;
wolfSSL 7:481bce714567 5879 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5880 return 1;
wolfSSL 7:481bce714567 5881 break;
wolfSSL 7:481bce714567 5882
wolfSSL 7:481bce714567 5883 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5884 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 5885 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 5886 return 1;
wolfSSL 7:481bce714567 5887 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5888 return 1;
wolfSSL 7:481bce714567 5889 break;
wolfSSL 7:481bce714567 5890 #endif
wolfSSL 7:481bce714567 5891
wolfSSL 7:481bce714567 5892 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
wolfSSL 7:481bce714567 5893 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL 7:481bce714567 5894 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 7:481bce714567 5895 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5896 return 1;
wolfSSL 7:481bce714567 5897 break;
wolfSSL 7:481bce714567 5898
wolfSSL 7:481bce714567 5899 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 5900 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5901 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5902 return 1;
wolfSSL 7:481bce714567 5903 break;
wolfSSL 7:481bce714567 5904
wolfSSL 7:481bce714567 5905 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5906 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 5907 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5908 return 1;
wolfSSL 7:481bce714567 5909 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 7:481bce714567 5910 return 1;
wolfSSL 7:481bce714567 5911 break;
wolfSSL 7:481bce714567 5912
wolfSSL 7:481bce714567 5913 case TLS_PSK_WITH_AES_128_CCM:
wolfSSL 7:481bce714567 5914 case TLS_PSK_WITH_AES_256_CCM:
wolfSSL 7:481bce714567 5915 case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL 7:481bce714567 5916 case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL 7:481bce714567 5917 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5918 return 1;
wolfSSL 7:481bce714567 5919 break;
wolfSSL 7:481bce714567 5920
wolfSSL 7:481bce714567 5921 case TLS_DHE_PSK_WITH_AES_128_CCM:
wolfSSL 7:481bce714567 5922 case TLS_DHE_PSK_WITH_AES_256_CCM:
wolfSSL 7:481bce714567 5923 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5924 return 1;
wolfSSL 7:481bce714567 5925 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 5926 return 1;
wolfSSL 7:481bce714567 5927 break;
wolfSSL 7:481bce714567 5928
wolfSSL 7:481bce714567 5929 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 7:481bce714567 5930 if (requirement == REQUIRES_ECC)
wolfSSL 7:481bce714567 5931 return 1;
wolfSSL 7:481bce714567 5932 break;
wolfSSL 7:481bce714567 5933
wolfSSL 7:481bce714567 5934 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 5935 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5936 return 1;
wolfSSL 7:481bce714567 5937 break;
wolfSSL 7:481bce714567 5938
wolfSSL 7:481bce714567 5939 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5940 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 5941 return 1;
wolfSSL 7:481bce714567 5942 break;
wolfSSL 7:481bce714567 5943
wolfSSL 7:481bce714567 5944 default:
wolfSSL 7:481bce714567 5945 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL 7:481bce714567 5946 return 0;
wolfSSL 7:481bce714567 5947 } /* switch */
wolfSSL 7:481bce714567 5948 } /* if */
wolfSSL 7:481bce714567 5949 if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */
wolfSSL 7:481bce714567 5950 switch (second) {
wolfSSL 7:481bce714567 5951
wolfSSL 7:481bce714567 5952 #ifndef NO_RSA
wolfSSL 7:481bce714567 5953 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5954 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5955 return 1;
wolfSSL 7:481bce714567 5956 break;
wolfSSL 7:481bce714567 5957
wolfSSL 7:481bce714567 5958 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 7:481bce714567 5959 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5960 return 1;
wolfSSL 7:481bce714567 5961 break;
wolfSSL 7:481bce714567 5962
wolfSSL 7:481bce714567 5963 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5964 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5965 return 1;
wolfSSL 7:481bce714567 5966 break;
wolfSSL 7:481bce714567 5967
wolfSSL 7:481bce714567 5968 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 5969 if (requirement == REQUIRES_NTRU)
wolfSSL 7:481bce714567 5970 return 1;
wolfSSL 7:481bce714567 5971 break;
wolfSSL 7:481bce714567 5972
wolfSSL 7:481bce714567 5973 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5974 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5975 return 1;
wolfSSL 7:481bce714567 5976 break;
wolfSSL 7:481bce714567 5977
wolfSSL 7:481bce714567 5978 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 5979 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5980 return 1;
wolfSSL 7:481bce714567 5981 break;
wolfSSL 7:481bce714567 5982
wolfSSL 7:481bce714567 5983 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 5984 if (requirement == REQUIRES_NTRU)
wolfSSL 7:481bce714567 5985 return 1;
wolfSSL 7:481bce714567 5986 break;
wolfSSL 7:481bce714567 5987
wolfSSL 7:481bce714567 5988 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 5989 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 5990 return 1;
wolfSSL 7:481bce714567 5991 break;
wolfSSL 7:481bce714567 5992
wolfSSL 7:481bce714567 5993 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 5994 if (requirement == REQUIRES_NTRU)
wolfSSL 7:481bce714567 5995 return 1;
wolfSSL 7:481bce714567 5996 break;
wolfSSL 7:481bce714567 5997
wolfSSL 7:481bce714567 5998 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 7:481bce714567 5999 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6000 return 1;
wolfSSL 7:481bce714567 6001 break;
wolfSSL 7:481bce714567 6002
wolfSSL 7:481bce714567 6003 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 7:481bce714567 6004 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 6005 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6006 return 1;
wolfSSL 7:481bce714567 6007 break;
wolfSSL 7:481bce714567 6008
wolfSSL 7:481bce714567 6009 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 6010 if (requirement == REQUIRES_NTRU)
wolfSSL 7:481bce714567 6011 return 1;
wolfSSL 7:481bce714567 6012 break;
wolfSSL 7:481bce714567 6013
wolfSSL 7:481bce714567 6014 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 7:481bce714567 6015 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6016 return 1;
wolfSSL 7:481bce714567 6017 break;
wolfSSL 7:481bce714567 6018 #endif
wolfSSL 7:481bce714567 6019
wolfSSL 7:481bce714567 6020 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 6021 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 6022 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 6023 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 6024 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 6025 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 6026 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 7:481bce714567 6027 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 6028 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 7:481bce714567 6029 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 6030 return 1;
wolfSSL 7:481bce714567 6031 break;
wolfSSL 7:481bce714567 6032
wolfSSL 7:481bce714567 6033 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 6034 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 6035 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 6036 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 6037 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 7:481bce714567 6038 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 6039 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6040 return 1;
wolfSSL 7:481bce714567 6041 if (requirement == REQUIRES_PSK)
wolfSSL 7:481bce714567 6042 return 1;
wolfSSL 7:481bce714567 6043 break;
wolfSSL 7:481bce714567 6044
wolfSSL 7:481bce714567 6045 #ifndef NO_RSA
wolfSSL 7:481bce714567 6046 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 6047 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6048 return 1;
wolfSSL 7:481bce714567 6049 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6050 return 1;
wolfSSL 7:481bce714567 6051 break;
wolfSSL 7:481bce714567 6052
wolfSSL 7:481bce714567 6053 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 7:481bce714567 6054 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6055 return 1;
wolfSSL 7:481bce714567 6056 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6057 return 1;
wolfSSL 7:481bce714567 6058 break;
wolfSSL 7:481bce714567 6059
wolfSSL 7:481bce714567 6060 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 6061 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6062 return 1;
wolfSSL 7:481bce714567 6063 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6064 return 1;
wolfSSL 7:481bce714567 6065 break;
wolfSSL 7:481bce714567 6066
wolfSSL 7:481bce714567 6067 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 6068 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6069 return 1;
wolfSSL 7:481bce714567 6070 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6071 return 1;
wolfSSL 7:481bce714567 6072 break;
wolfSSL 7:481bce714567 6073
wolfSSL 7:481bce714567 6074 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 7:481bce714567 6075 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6076 return 1;
wolfSSL 7:481bce714567 6077 break;
wolfSSL 7:481bce714567 6078
wolfSSL 7:481bce714567 6079 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 7:481bce714567 6080 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6081 return 1;
wolfSSL 7:481bce714567 6082 break;
wolfSSL 7:481bce714567 6083
wolfSSL 7:481bce714567 6084 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 7:481bce714567 6085 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6086 return 1;
wolfSSL 7:481bce714567 6087 break;
wolfSSL 7:481bce714567 6088
wolfSSL 7:481bce714567 6089 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 7:481bce714567 6090 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 7:481bce714567 6091 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6092 return 1;
wolfSSL 7:481bce714567 6093 break;
wolfSSL 7:481bce714567 6094
wolfSSL 7:481bce714567 6095 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 7:481bce714567 6096 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6097 return 1;
wolfSSL 7:481bce714567 6098 break;
wolfSSL 7:481bce714567 6099
wolfSSL 7:481bce714567 6100 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 6101 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 6102 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6103 return 1;
wolfSSL 7:481bce714567 6104 break;
wolfSSL 7:481bce714567 6105
wolfSSL 7:481bce714567 6106 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 6107 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 6108 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6109 return 1;
wolfSSL 7:481bce714567 6110 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6111 return 1;
wolfSSL 7:481bce714567 6112 break;
wolfSSL 7:481bce714567 6113
wolfSSL 7:481bce714567 6114 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 7:481bce714567 6115 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 7:481bce714567 6116 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 7:481bce714567 6117 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 7:481bce714567 6118 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6119 return 1;
wolfSSL 7:481bce714567 6120 break;
wolfSSL 7:481bce714567 6121
wolfSSL 7:481bce714567 6122 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 7:481bce714567 6123 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 7:481bce714567 6124 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 7:481bce714567 6125 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 7:481bce714567 6126 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6127 return 1;
wolfSSL 7:481bce714567 6128 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 6129 return 1;
wolfSSL 7:481bce714567 6130 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6131 return 1;
wolfSSL 7:481bce714567 6132 break;
wolfSSL 7:481bce714567 6133
wolfSSL 7:481bce714567 6134 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 7:481bce714567 6135 if (requirement == REQUIRES_RSA)
wolfSSL 7:481bce714567 6136 return 1;
wolfSSL 7:481bce714567 6137 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 7:481bce714567 6138 return 1;
wolfSSL 7:481bce714567 6139 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6140 return 1;
wolfSSL 7:481bce714567 6141 break;
wolfSSL 7:481bce714567 6142 #endif
wolfSSL 7:481bce714567 6143 #ifdef HAVE_ANON
wolfSSL 7:481bce714567 6144 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 6145 if (requirement == REQUIRES_DHE)
wolfSSL 7:481bce714567 6146 return 1;
wolfSSL 7:481bce714567 6147 break;
wolfSSL 7:481bce714567 6148 #endif
wolfSSL 7:481bce714567 6149
wolfSSL 7:481bce714567 6150 default:
wolfSSL 7:481bce714567 6151 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL 7:481bce714567 6152 return 0;
wolfSSL 7:481bce714567 6153 } /* switch */
wolfSSL 7:481bce714567 6154 } /* if ECC / Normal suites else */
wolfSSL 7:481bce714567 6155
wolfSSL 7:481bce714567 6156 return 0;
wolfSSL 7:481bce714567 6157 }
wolfSSL 7:481bce714567 6158
wolfSSL 7:481bce714567 6159
wolfSSL 7:481bce714567 6160 #ifndef NO_CERTS
wolfSSL 7:481bce714567 6161
wolfSSL 7:481bce714567 6162
wolfSSL 7:481bce714567 6163 /* Match names with wildcards, each wildcard can represent a single name
wolfSSL 7:481bce714567 6164 component or fragment but not mulitple names, i.e.,
wolfSSL 7:481bce714567 6165 *.z.com matches y.z.com but not x.y.z.com
wolfSSL 7:481bce714567 6166
wolfSSL 7:481bce714567 6167 return 1 on success */
wolfSSL 7:481bce714567 6168 static int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL 7:481bce714567 6169 {
wolfSSL 7:481bce714567 6170 char p, s;
wolfSSL 7:481bce714567 6171
wolfSSL 7:481bce714567 6172 if (pattern == NULL || str == NULL || len <= 0)
wolfSSL 7:481bce714567 6173 return 0;
wolfSSL 7:481bce714567 6174
wolfSSL 7:481bce714567 6175 while (len > 0) {
wolfSSL 7:481bce714567 6176
wolfSSL 7:481bce714567 6177 p = (char)XTOLOWER((unsigned char)*pattern++);
wolfSSL 7:481bce714567 6178 if (p == 0)
wolfSSL 7:481bce714567 6179 break;
wolfSSL 7:481bce714567 6180
wolfSSL 7:481bce714567 6181 if (p == '*') {
wolfSSL 7:481bce714567 6182 while (--len > 0 &&
wolfSSL 7:481bce714567 6183 (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*')
wolfSSL 7:481bce714567 6184 ;
wolfSSL 7:481bce714567 6185
wolfSSL 7:481bce714567 6186 if (len == 0)
wolfSSL 7:481bce714567 6187 p = '\0';
wolfSSL 7:481bce714567 6188
wolfSSL 7:481bce714567 6189 while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
wolfSSL 7:481bce714567 6190 if (s == p)
wolfSSL 7:481bce714567 6191 break;
wolfSSL 7:481bce714567 6192 if (s == '.')
wolfSSL 7:481bce714567 6193 return 0;
wolfSSL 7:481bce714567 6194 str++;
wolfSSL 7:481bce714567 6195 }
wolfSSL 7:481bce714567 6196 }
wolfSSL 7:481bce714567 6197 else {
wolfSSL 7:481bce714567 6198 if (p != (char)XTOLOWER((unsigned char) *str))
wolfSSL 7:481bce714567 6199 return 0;
wolfSSL 7:481bce714567 6200 }
wolfSSL 7:481bce714567 6201
wolfSSL 7:481bce714567 6202 if (*str != '\0')
wolfSSL 7:481bce714567 6203 str++;
wolfSSL 7:481bce714567 6204
wolfSSL 7:481bce714567 6205 if (len > 0)
wolfSSL 7:481bce714567 6206 len--;
wolfSSL 7:481bce714567 6207 }
wolfSSL 7:481bce714567 6208
wolfSSL 7:481bce714567 6209 return *str == '\0';
wolfSSL 7:481bce714567 6210 }
wolfSSL 7:481bce714567 6211
wolfSSL 7:481bce714567 6212
wolfSSL 7:481bce714567 6213 /* try to find an altName match to domain, return 1 on success */
wolfSSL 7:481bce714567 6214 static int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL 7:481bce714567 6215 {
wolfSSL 7:481bce714567 6216 int match = 0;
wolfSSL 7:481bce714567 6217 DNS_entry* altName = NULL;
wolfSSL 7:481bce714567 6218
wolfSSL 7:481bce714567 6219 WOLFSSL_MSG("Checking AltNames");
wolfSSL 7:481bce714567 6220
wolfSSL 7:481bce714567 6221 if (dCert)
wolfSSL 7:481bce714567 6222 altName = dCert->altNames;
wolfSSL 7:481bce714567 6223
wolfSSL 7:481bce714567 6224 while (altName) {
wolfSSL 7:481bce714567 6225 WOLFSSL_MSG("\tindividual AltName check");
wolfSSL 7:481bce714567 6226
wolfSSL 7:481bce714567 6227 if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
wolfSSL 7:481bce714567 6228 match = 1;
wolfSSL 7:481bce714567 6229 break;
wolfSSL 7:481bce714567 6230 }
wolfSSL 7:481bce714567 6231
wolfSSL 7:481bce714567 6232 altName = altName->next;
wolfSSL 7:481bce714567 6233 }
wolfSSL 7:481bce714567 6234
wolfSSL 7:481bce714567 6235 return match;
wolfSSL 7:481bce714567 6236 }
wolfSSL 7:481bce714567 6237
wolfSSL 7:481bce714567 6238
wolfSSL 7:481bce714567 6239 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 7:481bce714567 6240
wolfSSL 7:481bce714567 6241 /* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL 7:481bce714567 6242 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
wolfSSL 7:481bce714567 6243 {
wolfSSL 7:481bce714567 6244 int ret = 0;
wolfSSL 7:481bce714567 6245
wolfSSL 7:481bce714567 6246 if (x509 == NULL || dCert == NULL ||
wolfSSL 7:481bce714567 6247 dCert->subjectCNLen < 0)
wolfSSL 7:481bce714567 6248 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 6249
wolfSSL 7:481bce714567 6250 x509->version = dCert->version + 1;
wolfSSL 7:481bce714567 6251
wolfSSL 7:481bce714567 6252 XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL 7:481bce714567 6253 x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 7:481bce714567 6254 x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL 7:481bce714567 6255 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6256 if (dCert->issuerName.fullName != NULL) {
wolfSSL 7:481bce714567 6257 XMEMCPY(&x509->issuer.fullName,
wolfSSL 7:481bce714567 6258 &dCert->issuerName, sizeof(DecodedName));
wolfSSL 7:481bce714567 6259 x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL 7:481bce714567 6260 dCert->issuerName.fullNameLen, x509->heap,
wolfSSL 7:481bce714567 6261 DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 6262 if (x509->issuer.fullName.fullName != NULL)
wolfSSL 7:481bce714567 6263 XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL 7:481bce714567 6264 dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL 7:481bce714567 6265 }
wolfSSL 7:481bce714567 6266 x509->issuer.x509 = x509;
wolfSSL 7:481bce714567 6267 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 6268
wolfSSL 7:481bce714567 6269 XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL 7:481bce714567 6270 x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 7:481bce714567 6271 x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL 7:481bce714567 6272 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6273 if (dCert->subjectName.fullName != NULL) {
wolfSSL 7:481bce714567 6274 XMEMCPY(&x509->subject.fullName,
wolfSSL 7:481bce714567 6275 &dCert->subjectName, sizeof(DecodedName));
wolfSSL 7:481bce714567 6276 x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL 7:481bce714567 6277 dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 7:481bce714567 6278 if (x509->subject.fullName.fullName != NULL)
wolfSSL 7:481bce714567 6279 XMEMCPY(x509->subject.fullName.fullName,
wolfSSL 7:481bce714567 6280 dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL 7:481bce714567 6281 }
wolfSSL 7:481bce714567 6282 x509->subject.x509 = x509;
wolfSSL 7:481bce714567 6283 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 6284
wolfSSL 7:481bce714567 6285 XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL 7:481bce714567 6286 x509->serialSz = dCert->serialSz;
wolfSSL 7:481bce714567 6287 if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 7:481bce714567 6288 XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL 7:481bce714567 6289 x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL 7:481bce714567 6290 }
wolfSSL 7:481bce714567 6291 else
wolfSSL 7:481bce714567 6292 x509->subjectCN[0] = '\0';
wolfSSL 7:481bce714567 6293
wolfSSL 7:481bce714567 6294 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 6295 {
wolfSSL 7:481bce714567 6296 int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 7:481bce714567 6297 if (minSz > 0) {
wolfSSL 7:481bce714567 6298 x509->deviceTypeSz = minSz;
wolfSSL 7:481bce714567 6299 XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL 7:481bce714567 6300 }
wolfSSL 7:481bce714567 6301 else
wolfSSL 7:481bce714567 6302 x509->deviceTypeSz = 0;
wolfSSL 7:481bce714567 6303 minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 7:481bce714567 6304 if (minSz > 0) {
wolfSSL 7:481bce714567 6305 x509->hwTypeSz = minSz;
wolfSSL 7:481bce714567 6306 XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL 7:481bce714567 6307 }
wolfSSL 7:481bce714567 6308 else
wolfSSL 7:481bce714567 6309 x509->hwTypeSz = 0;
wolfSSL 7:481bce714567 6310 minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 7:481bce714567 6311 if (minSz > 0) {
wolfSSL 7:481bce714567 6312 x509->hwSerialNumSz = minSz;
wolfSSL 7:481bce714567 6313 XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL 7:481bce714567 6314 }
wolfSSL 7:481bce714567 6315 else
wolfSSL 7:481bce714567 6316 x509->hwSerialNumSz = 0;
wolfSSL 7:481bce714567 6317 }
wolfSSL 7:481bce714567 6318 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 6319 {
wolfSSL 7:481bce714567 6320 int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
wolfSSL 7:481bce714567 6321 if (minSz > 0) {
wolfSSL 7:481bce714567 6322 x509->notBeforeSz = minSz;
wolfSSL 7:481bce714567 6323 XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
wolfSSL 7:481bce714567 6324 }
wolfSSL 7:481bce714567 6325 else
wolfSSL 7:481bce714567 6326 x509->notBeforeSz = 0;
wolfSSL 7:481bce714567 6327 minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
wolfSSL 7:481bce714567 6328 if (minSz > 0) {
wolfSSL 7:481bce714567 6329 x509->notAfterSz = minSz;
wolfSSL 7:481bce714567 6330 XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
wolfSSL 7:481bce714567 6331 }
wolfSSL 7:481bce714567 6332 else
wolfSSL 7:481bce714567 6333 x509->notAfterSz = 0;
wolfSSL 7:481bce714567 6334 }
wolfSSL 7:481bce714567 6335
wolfSSL 7:481bce714567 6336 if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL 7:481bce714567 6337 x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 6338 dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 7:481bce714567 6339 if (x509->pubKey.buffer != NULL) {
wolfSSL 7:481bce714567 6340 x509->pubKeyOID = dCert->keyOID;
wolfSSL 7:481bce714567 6341 x509->pubKey.length = dCert->pubKeySize;
wolfSSL 7:481bce714567 6342 XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL 7:481bce714567 6343 }
wolfSSL 7:481bce714567 6344 else
wolfSSL 7:481bce714567 6345 ret = MEMORY_E;
wolfSSL 7:481bce714567 6346 }
wolfSSL 7:481bce714567 6347
wolfSSL 7:481bce714567 6348 if (dCert->signature != NULL && dCert->sigLength != 0) {
wolfSSL 7:481bce714567 6349 x509->sig.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 6350 dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 7:481bce714567 6351 if (x509->sig.buffer == NULL) {
wolfSSL 7:481bce714567 6352 ret = MEMORY_E;
wolfSSL 7:481bce714567 6353 }
wolfSSL 7:481bce714567 6354 else {
wolfSSL 7:481bce714567 6355 XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL 7:481bce714567 6356 x509->sig.length = dCert->sigLength;
wolfSSL 7:481bce714567 6357 x509->sigOID = dCert->signatureOID;
wolfSSL 7:481bce714567 6358 }
wolfSSL 7:481bce714567 6359 }
wolfSSL 7:481bce714567 6360
wolfSSL 7:481bce714567 6361 /* store cert for potential retrieval */
wolfSSL 7:481bce714567 6362 if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
wolfSSL 7:481bce714567 6363 XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
wolfSSL 7:481bce714567 6364 }
wolfSSL 7:481bce714567 6365 else {
wolfSSL 7:481bce714567 6366 ret = MEMORY_E;
wolfSSL 7:481bce714567 6367 }
wolfSSL 7:481bce714567 6368
wolfSSL 7:481bce714567 6369 x509->altNames = dCert->altNames;
wolfSSL 7:481bce714567 6370 dCert->weOwnAltNames = 0;
wolfSSL 7:481bce714567 6371 x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL 7:481bce714567 6372
wolfSSL 7:481bce714567 6373 x509->isCa = dCert->isCA;
wolfSSL 7:481bce714567 6374 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6375 x509->pathLength = dCert->pathLength;
wolfSSL 7:481bce714567 6376 x509->keyUsage = dCert->extKeyUsage;
wolfSSL 7:481bce714567 6377
wolfSSL 7:481bce714567 6378 x509->CRLdistSet = dCert->extCRLdistSet;
wolfSSL 7:481bce714567 6379 x509->CRLdistCrit = dCert->extCRLdistCrit;
wolfSSL 7:481bce714567 6380 x509->CRLInfo = dCert->extCrlInfo;
wolfSSL 7:481bce714567 6381 x509->CRLInfoSz = dCert->extCrlInfoSz;
wolfSSL 7:481bce714567 6382 x509->authInfoSet = dCert->extAuthInfoSet;
wolfSSL 7:481bce714567 6383 x509->authInfoCrit = dCert->extAuthInfoCrit;
wolfSSL 7:481bce714567 6384 if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
wolfSSL 7:481bce714567 6385 x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
wolfSSL 7:481bce714567 6386 DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 6387 if (x509->authInfo != NULL) {
wolfSSL 7:481bce714567 6388 XMEMCPY(x509->authInfo, dCert->extAuthInfo, dCert->extAuthInfoSz);
wolfSSL 7:481bce714567 6389 x509->authInfoSz = dCert->extAuthInfoSz;
wolfSSL 7:481bce714567 6390 }
wolfSSL 7:481bce714567 6391 else {
wolfSSL 7:481bce714567 6392 ret = MEMORY_E;
wolfSSL 7:481bce714567 6393 }
wolfSSL 7:481bce714567 6394 }
wolfSSL 7:481bce714567 6395 x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL 7:481bce714567 6396 x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL 7:481bce714567 6397 x509->basicConstPlSet = dCert->pathLengthSet;
wolfSSL 7:481bce714567 6398 x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL 7:481bce714567 6399 x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL 7:481bce714567 6400 x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL 7:481bce714567 6401 x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL 7:481bce714567 6402 if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL 7:481bce714567 6403 x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
wolfSSL 7:481bce714567 6404 DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 6405 if (x509->authKeyId != NULL) {
wolfSSL 7:481bce714567 6406 XMEMCPY(x509->authKeyId,
wolfSSL 7:481bce714567 6407 dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL 7:481bce714567 6408 x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL 7:481bce714567 6409 }
wolfSSL 7:481bce714567 6410 else
wolfSSL 7:481bce714567 6411 ret = MEMORY_E;
wolfSSL 7:481bce714567 6412 }
wolfSSL 7:481bce714567 6413 x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL 7:481bce714567 6414 x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL 7:481bce714567 6415 if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL 7:481bce714567 6416 x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap,
wolfSSL 7:481bce714567 6417 DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 6418 if (x509->subjKeyId != NULL) {
wolfSSL 7:481bce714567 6419 XMEMCPY(x509->subjKeyId,
wolfSSL 7:481bce714567 6420 dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL 7:481bce714567 6421 x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL 7:481bce714567 6422 }
wolfSSL 7:481bce714567 6423 else
wolfSSL 7:481bce714567 6424 ret = MEMORY_E;
wolfSSL 7:481bce714567 6425 }
wolfSSL 7:481bce714567 6426 x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL 7:481bce714567 6427 x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL 7:481bce714567 6428 if (dCert->extExtKeyUsageSrc != NULL && dCert->extExtKeyUsageSz > 0) {
wolfSSL 7:481bce714567 6429 x509->extKeyUsageSrc = (byte*)XMALLOC(dCert->extExtKeyUsageSz,
wolfSSL 7:481bce714567 6430 x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 7:481bce714567 6431 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 7:481bce714567 6432 XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
wolfSSL 7:481bce714567 6433 dCert->extExtKeyUsageSz);
wolfSSL 7:481bce714567 6434 x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
wolfSSL 7:481bce714567 6435 x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
wolfSSL 7:481bce714567 6436 x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
wolfSSL 7:481bce714567 6437 }
wolfSSL 7:481bce714567 6438 else {
wolfSSL 7:481bce714567 6439 ret = MEMORY_E;
wolfSSL 7:481bce714567 6440 }
wolfSSL 7:481bce714567 6441 }
wolfSSL 7:481bce714567 6442 #ifdef WOLFSSL_SEP
wolfSSL 7:481bce714567 6443 x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL 7:481bce714567 6444 x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL 7:481bce714567 6445 #endif /* WOLFSSL_SEP */
wolfSSL 7:481bce714567 6446 #ifdef WOLFSSL_CERT_EXT
wolfSSL 7:481bce714567 6447 {
wolfSSL 7:481bce714567 6448 int i;
wolfSSL 7:481bce714567 6449 for (i = 0; i < dCert->extCertPoliciesNb && i < MAX_CERTPOL_NB; i++)
wolfSSL 7:481bce714567 6450 XMEMCPY(x509->certPolicies[i], dCert->extCertPolicies[i],
wolfSSL 7:481bce714567 6451 MAX_CERTPOL_SZ);
wolfSSL 7:481bce714567 6452 x509->certPoliciesNb = dCert->extCertPoliciesNb;
wolfSSL 7:481bce714567 6453 }
wolfSSL 7:481bce714567 6454 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 7:481bce714567 6455 #endif /* OPENSSL_EXTRA */
wolfSSL 7:481bce714567 6456 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 6457 x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL 7:481bce714567 6458 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 6459
wolfSSL 7:481bce714567 6460 return ret;
wolfSSL 7:481bce714567 6461 }
wolfSSL 7:481bce714567 6462
wolfSSL 7:481bce714567 6463 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 7:481bce714567 6464
wolfSSL 7:481bce714567 6465
wolfSSL 7:481bce714567 6466 static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 6467 word32 size)
wolfSSL 7:481bce714567 6468 {
wolfSSL 7:481bce714567 6469 word32 listSz;
wolfSSL 7:481bce714567 6470 word32 begin = *inOutIdx;
wolfSSL 7:481bce714567 6471 int ret = 0;
wolfSSL 7:481bce714567 6472 int anyError = 0;
wolfSSL 7:481bce714567 6473 int totalCerts = 0; /* number of certs in certs buffer */
wolfSSL 7:481bce714567 6474 int count;
wolfSSL 7:481bce714567 6475 buffer certs[MAX_CHAIN_DEPTH];
wolfSSL 7:481bce714567 6476
wolfSSL 7:481bce714567 6477 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 6478 char* domain = NULL;
wolfSSL 7:481bce714567 6479 DecodedCert* dCert = NULL;
wolfSSL 7:481bce714567 6480 WOLFSSL_X509_STORE_CTX* store = NULL;
wolfSSL 7:481bce714567 6481 #else
wolfSSL 7:481bce714567 6482 char domain[ASN_NAME_MAX];
wolfSSL 7:481bce714567 6483 DecodedCert dCert[1];
wolfSSL 7:481bce714567 6484 WOLFSSL_X509_STORE_CTX store[1];
wolfSSL 7:481bce714567 6485 #endif
wolfSSL 7:481bce714567 6486
wolfSSL 7:481bce714567 6487 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 6488 byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */
wolfSSL 7:481bce714567 6489 #endif
wolfSSL 7:481bce714567 6490
wolfSSL 7:481bce714567 6491 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 6492 if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 6493 if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 6494 #endif
wolfSSL 7:481bce714567 6495
wolfSSL 7:481bce714567 6496 if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL 7:481bce714567 6497 return BUFFER_ERROR;
wolfSSL 7:481bce714567 6498
wolfSSL 7:481bce714567 6499 c24to32(input + *inOutIdx, &listSz);
wolfSSL 7:481bce714567 6500 *inOutIdx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 6501
wolfSSL 7:481bce714567 6502 if (listSz > MAX_RECORD_SIZE)
wolfSSL 7:481bce714567 6503 return BUFFER_E;
wolfSSL 7:481bce714567 6504
wolfSSL 7:481bce714567 6505 if ((*inOutIdx - begin) + listSz != size)
wolfSSL 7:481bce714567 6506 return BUFFER_ERROR;
wolfSSL 7:481bce714567 6507
wolfSSL 7:481bce714567 6508 WOLFSSL_MSG("Loading peer's cert chain");
wolfSSL 7:481bce714567 6509 /* first put cert chain into buffer so can verify top down
wolfSSL 7:481bce714567 6510 we're sent bottom up */
wolfSSL 7:481bce714567 6511 while (listSz) {
wolfSSL 7:481bce714567 6512 word32 certSz;
wolfSSL 7:481bce714567 6513
wolfSSL 7:481bce714567 6514 if (totalCerts >= MAX_CHAIN_DEPTH) {
wolfSSL 7:481bce714567 6515 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6516 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL 7:481bce714567 6517 #endif
wolfSSL 7:481bce714567 6518 return MAX_CHAIN_ERROR;
wolfSSL 7:481bce714567 6519 }
wolfSSL 7:481bce714567 6520
wolfSSL 7:481bce714567 6521 if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL 7:481bce714567 6522 return BUFFER_ERROR;
wolfSSL 7:481bce714567 6523
wolfSSL 7:481bce714567 6524 c24to32(input + *inOutIdx, &certSz);
wolfSSL 7:481bce714567 6525 *inOutIdx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 6526
wolfSSL 7:481bce714567 6527 if ((*inOutIdx - begin) + certSz > size)
wolfSSL 7:481bce714567 6528 return BUFFER_ERROR;
wolfSSL 7:481bce714567 6529
wolfSSL 7:481bce714567 6530 certs[totalCerts].length = certSz;
wolfSSL 7:481bce714567 6531 certs[totalCerts].buffer = input + *inOutIdx;
wolfSSL 7:481bce714567 6532
wolfSSL 7:481bce714567 6533 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 6534 if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
wolfSSL 7:481bce714567 6535 certSz < MAX_X509_SIZE) {
wolfSSL 7:481bce714567 6536 ssl->session.chain.certs[ssl->session.chain.count].length = certSz;
wolfSSL 7:481bce714567 6537 XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer,
wolfSSL 7:481bce714567 6538 input + *inOutIdx, certSz);
wolfSSL 7:481bce714567 6539 ssl->session.chain.count++;
wolfSSL 7:481bce714567 6540 } else {
wolfSSL 7:481bce714567 6541 WOLFSSL_MSG("Couldn't store chain cert for session");
wolfSSL 7:481bce714567 6542 }
wolfSSL 7:481bce714567 6543 #endif
wolfSSL 7:481bce714567 6544
wolfSSL 7:481bce714567 6545 *inOutIdx += certSz;
wolfSSL 7:481bce714567 6546 listSz -= certSz + CERT_HEADER_SZ;
wolfSSL 7:481bce714567 6547
wolfSSL 7:481bce714567 6548 totalCerts++;
wolfSSL 7:481bce714567 6549 WOLFSSL_MSG("\tPut another cert into chain");
wolfSSL 7:481bce714567 6550 }
wolfSSL 7:481bce714567 6551
wolfSSL 7:481bce714567 6552 count = totalCerts;
wolfSSL 7:481bce714567 6553
wolfSSL 7:481bce714567 6554 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 6555 dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 6556 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 6557 if (dCert == NULL)
wolfSSL 7:481bce714567 6558 return MEMORY_E;
wolfSSL 7:481bce714567 6559 #endif
wolfSSL 7:481bce714567 6560
wolfSSL 7:481bce714567 6561 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 6562 /* if using trusted peer certs check before verify chain and CA test */
wolfSSL 7:481bce714567 6563 if (count > 0) {
wolfSSL 7:481bce714567 6564 TrustedPeerCert* tp = NULL;
wolfSSL 7:481bce714567 6565
wolfSSL 7:481bce714567 6566 InitDecodedCert(dCert, certs[0].buffer, certs[0].length, ssl->heap);
wolfSSL 7:481bce714567 6567 ret = ParseCertRelative(dCert, CERT_TYPE, 0, ssl->ctx->cm);
wolfSSL 7:481bce714567 6568 #ifndef NO_SKID
wolfSSL 7:481bce714567 6569 if (dCert->extAuthKeyIdSet) {
wolfSSL 7:481bce714567 6570 tp = GetTrustedPeer(ssl->ctx->cm, dCert->extSubjKeyId,
wolfSSL 7:481bce714567 6571 WC_MATCH_SKID);
wolfSSL 7:481bce714567 6572 }
wolfSSL 7:481bce714567 6573 else { /* if the cert has no SKID try to match by name */
wolfSSL 7:481bce714567 6574 tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash,
wolfSSL 7:481bce714567 6575 WC_MATCH_NAME);
wolfSSL 7:481bce714567 6576 }
wolfSSL 7:481bce714567 6577 #else /* NO_SKID */
wolfSSL 7:481bce714567 6578 tp = GetTrustedPeer(ssl->ctx->cm, dCert->subjectHash,
wolfSSL 7:481bce714567 6579 WC_MATCH_NAME);
wolfSSL 7:481bce714567 6580 #endif /* NO SKID */
wolfSSL 7:481bce714567 6581 WOLFSSL_MSG("Checking for trusted peer cert");
wolfSSL 7:481bce714567 6582
wolfSSL 7:481bce714567 6583 if (tp == NULL) {
wolfSSL 7:481bce714567 6584 /* no trusted peer cert */
wolfSSL 7:481bce714567 6585 WOLFSSL_MSG("No matching trusted peer cert. Checking CAs");
wolfSSL 7:481bce714567 6586 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 6587 } else if (MatchTrustedPeer(tp, dCert)){
wolfSSL 7:481bce714567 6588 WOLFSSL_MSG("Found matching trusted peer cert");
wolfSSL 7:481bce714567 6589 haveTrustPeer = 1;
wolfSSL 7:481bce714567 6590 } else {
wolfSSL 7:481bce714567 6591 WOLFSSL_MSG("Trusted peer cert did not match!");
wolfSSL 7:481bce714567 6592 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 6593 }
wolfSSL 7:481bce714567 6594 }
wolfSSL 7:481bce714567 6595 if (!haveTrustPeer) { /* do not verify chain if trusted peer cert found */
wolfSSL 7:481bce714567 6596 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 7:481bce714567 6597
wolfSSL 7:481bce714567 6598 /* verify up to peer's first */
wolfSSL 7:481bce714567 6599 while (count > 1) {
wolfSSL 7:481bce714567 6600 buffer myCert = certs[count - 1];
wolfSSL 7:481bce714567 6601 byte* subjectHash;
wolfSSL 7:481bce714567 6602
wolfSSL 7:481bce714567 6603 InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL 7:481bce714567 6604 ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL 7:481bce714567 6605 ssl->ctx->cm);
wolfSSL 7:481bce714567 6606 #ifndef NO_SKID
wolfSSL 7:481bce714567 6607 subjectHash = dCert->extSubjKeyId;
wolfSSL 7:481bce714567 6608 #else
wolfSSL 7:481bce714567 6609 subjectHash = dCert->subjectHash;
wolfSSL 7:481bce714567 6610 #endif
wolfSSL 7:481bce714567 6611
wolfSSL 7:481bce714567 6612 /* Check key sizes for certs. Is redundent check since ProcessBuffer
wolfSSL 7:481bce714567 6613 also performs this check. */
wolfSSL 7:481bce714567 6614 if (!ssl->options.verifyNone) {
wolfSSL 7:481bce714567 6615 switch (dCert->keyOID) {
wolfSSL 7:481bce714567 6616 #ifndef NO_RSA
wolfSSL 7:481bce714567 6617 case RSAk:
wolfSSL 7:481bce714567 6618 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 7:481bce714567 6619 dCert->pubKeySize < (word16)ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 6620 WOLFSSL_MSG("RSA key size in cert chain error");
wolfSSL 7:481bce714567 6621 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 6622 }
wolfSSL 7:481bce714567 6623 break;
wolfSSL 7:481bce714567 6624 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 6625 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 6626 case ECDSAk:
wolfSSL 7:481bce714567 6627 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 7:481bce714567 6628 dCert->pubKeySize < (word16)ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 6629 WOLFSSL_MSG("ECC key size in cert chain error");
wolfSSL 7:481bce714567 6630 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 6631 }
wolfSSL 7:481bce714567 6632 break;
wolfSSL 7:481bce714567 6633 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 6634
wolfSSL 7:481bce714567 6635 default:
wolfSSL 7:481bce714567 6636 WOLFSSL_MSG("Key size not checked");
wolfSSL 7:481bce714567 6637 break; /* key not being checked for size if not in switch */
wolfSSL 7:481bce714567 6638 }
wolfSSL 7:481bce714567 6639 }
wolfSSL 7:481bce714567 6640
wolfSSL 7:481bce714567 6641 if (ret == 0 && dCert->isCA == 0) {
wolfSSL 7:481bce714567 6642 WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL 7:481bce714567 6643 }
wolfSSL 7:481bce714567 6644 else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL 7:481bce714567 6645 WOLFSSL_MSG("Chain cert not verified by option, not adding as CA");
wolfSSL 7:481bce714567 6646 }
wolfSSL 7:481bce714567 6647 else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
wolfSSL 7:481bce714567 6648 DerBuffer* add = NULL;
wolfSSL 7:481bce714567 6649 ret = AllocDer(&add, myCert.length, CA_TYPE, ssl->heap);
wolfSSL 7:481bce714567 6650 if (ret < 0) {
wolfSSL 7:481bce714567 6651 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 6652 XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 6653 #endif
wolfSSL 7:481bce714567 6654 return ret;
wolfSSL 7:481bce714567 6655 }
wolfSSL 7:481bce714567 6656
wolfSSL 7:481bce714567 6657 WOLFSSL_MSG("Adding CA from chain");
wolfSSL 7:481bce714567 6658
wolfSSL 7:481bce714567 6659 XMEMCPY(add->buffer, myCert.buffer, myCert.length);
wolfSSL 7:481bce714567 6660
wolfSSL 7:481bce714567 6661 /* already verified above */
wolfSSL 7:481bce714567 6662 ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0);
wolfSSL 7:481bce714567 6663 if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
wolfSSL 7:481bce714567 6664 }
wolfSSL 7:481bce714567 6665 else if (ret != 0) {
wolfSSL 7:481bce714567 6666 WOLFSSL_MSG("Failed to verify CA from chain");
wolfSSL 7:481bce714567 6667 }
wolfSSL 7:481bce714567 6668 else {
wolfSSL 7:481bce714567 6669 WOLFSSL_MSG("Verified CA from chain and already had it");
wolfSSL 7:481bce714567 6670 }
wolfSSL 7:481bce714567 6671
wolfSSL 7:481bce714567 6672 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 7:481bce714567 6673 if (ret == 0) {
wolfSSL 7:481bce714567 6674 int doCrlLookup = 1;
wolfSSL 7:481bce714567 6675
wolfSSL 7:481bce714567 6676 #ifdef HAVE_OCSP
wolfSSL 7:481bce714567 6677 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 6678 if (ssl->status_request_v2)
wolfSSL 7:481bce714567 6679 ret = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 0,
wolfSSL 7:481bce714567 6680 ssl->heap);
wolfSSL 7:481bce714567 6681 else /* skips OCSP and force CRL check */
wolfSSL 7:481bce714567 6682 #endif
wolfSSL 7:481bce714567 6683 if (ssl->ctx->cm->ocspEnabled && ssl->ctx->cm->ocspCheckAll) {
wolfSSL 7:481bce714567 6684 WOLFSSL_MSG("Doing Non Leaf OCSP check");
wolfSSL 7:481bce714567 6685 ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL);
wolfSSL 7:481bce714567 6686 doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 7:481bce714567 6687 if (ret != 0) {
wolfSSL 7:481bce714567 6688 doCrlLookup = 0;
wolfSSL 7:481bce714567 6689 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 7:481bce714567 6690 }
wolfSSL 7:481bce714567 6691 }
wolfSSL 7:481bce714567 6692 #endif /* HAVE_OCSP */
wolfSSL 7:481bce714567 6693
wolfSSL 7:481bce714567 6694 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 6695 if (ret == 0 && doCrlLookup && ssl->ctx->cm->crlEnabled
wolfSSL 7:481bce714567 6696 && ssl->ctx->cm->crlCheckAll) {
wolfSSL 7:481bce714567 6697 WOLFSSL_MSG("Doing Non Leaf CRL check");
wolfSSL 7:481bce714567 6698 ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
wolfSSL 7:481bce714567 6699
wolfSSL 7:481bce714567 6700 if (ret != 0) {
wolfSSL 7:481bce714567 6701 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 7:481bce714567 6702 }
wolfSSL 7:481bce714567 6703 }
wolfSSL 7:481bce714567 6704 #else
wolfSSL 7:481bce714567 6705 (void)doCrlLookup;
wolfSSL 7:481bce714567 6706 #endif /* HAVE_CRL */
wolfSSL 7:481bce714567 6707 }
wolfSSL 7:481bce714567 6708 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 7:481bce714567 6709
wolfSSL 7:481bce714567 6710 if (ret != 0 && anyError == 0)
wolfSSL 7:481bce714567 6711 anyError = ret; /* save error from last time */
wolfSSL 7:481bce714567 6712
wolfSSL 7:481bce714567 6713 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 6714 count--;
wolfSSL 7:481bce714567 6715 }
wolfSSL 7:481bce714567 6716
wolfSSL 7:481bce714567 6717 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 6718 } /* end of if (haveTrustPeer) -- a check for if already verified */
wolfSSL 7:481bce714567 6719 #endif
wolfSSL 7:481bce714567 6720
wolfSSL 7:481bce714567 6721 /* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL 7:481bce714567 6722 if (count) {
wolfSSL 7:481bce714567 6723 buffer myCert = certs[0];
wolfSSL 7:481bce714567 6724 int fatal = 0;
wolfSSL 7:481bce714567 6725
wolfSSL 7:481bce714567 6726 WOLFSSL_MSG("Verifying Peer's cert");
wolfSSL 7:481bce714567 6727
wolfSSL 7:481bce714567 6728 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 6729 if (!haveTrustPeer) { /* do not parse again if previously verified */
wolfSSL 7:481bce714567 6730 #endif
wolfSSL 7:481bce714567 6731 InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL 7:481bce714567 6732 ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL 7:481bce714567 6733 ssl->ctx->cm);
wolfSSL 7:481bce714567 6734 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 7:481bce714567 6735 }
wolfSSL 7:481bce714567 6736 #endif
wolfSSL 7:481bce714567 6737
wolfSSL 7:481bce714567 6738 if (ret == 0) {
wolfSSL 7:481bce714567 6739 WOLFSSL_MSG("Verified Peer's cert");
wolfSSL 7:481bce714567 6740 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6741 ssl->peerVerifyRet = X509_V_OK;
wolfSSL 7:481bce714567 6742 #endif
wolfSSL 7:481bce714567 6743 fatal = 0;
wolfSSL 7:481bce714567 6744 }
wolfSSL 7:481bce714567 6745 else if (ret == ASN_PARSE_E) {
wolfSSL 7:481bce714567 6746 WOLFSSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
wolfSSL 7:481bce714567 6747 fatal = 1;
wolfSSL 7:481bce714567 6748 }
wolfSSL 7:481bce714567 6749 else {
wolfSSL 7:481bce714567 6750 WOLFSSL_MSG("Failed to verify Peer's cert");
wolfSSL 7:481bce714567 6751 if (ssl->verifyCallback) {
wolfSSL 7:481bce714567 6752 WOLFSSL_MSG("\tCallback override available, will continue");
wolfSSL 7:481bce714567 6753 fatal = 0;
wolfSSL 7:481bce714567 6754 }
wolfSSL 7:481bce714567 6755 else {
wolfSSL 7:481bce714567 6756 WOLFSSL_MSG("\tNo callback override available, fatal");
wolfSSL 7:481bce714567 6757 fatal = 1;
wolfSSL 7:481bce714567 6758 }
wolfSSL 7:481bce714567 6759 }
wolfSSL 7:481bce714567 6760
wolfSSL 7:481bce714567 6761 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 6762 if (fatal == 0 && ssl->secure_renegotiation
wolfSSL 7:481bce714567 6763 && ssl->secure_renegotiation->enabled) {
wolfSSL 7:481bce714567 6764
wolfSSL 7:481bce714567 6765 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 6766 /* compare against previous time */
wolfSSL 7:481bce714567 6767 if (XMEMCMP(dCert->subjectHash,
wolfSSL 7:481bce714567 6768 ssl->secure_renegotiation->subject_hash,
wolfSSL 7:481bce714567 6769 SHA_DIGEST_SIZE) != 0) {
wolfSSL 7:481bce714567 6770 WOLFSSL_MSG("Peer sent different cert during scr, fatal");
wolfSSL 7:481bce714567 6771 fatal = 1;
wolfSSL 7:481bce714567 6772 ret = SCR_DIFFERENT_CERT_E;
wolfSSL 7:481bce714567 6773 }
wolfSSL 7:481bce714567 6774 }
wolfSSL 7:481bce714567 6775
wolfSSL 7:481bce714567 6776 /* cache peer's hash */
wolfSSL 7:481bce714567 6777 if (fatal == 0) {
wolfSSL 7:481bce714567 6778 XMEMCPY(ssl->secure_renegotiation->subject_hash,
wolfSSL 7:481bce714567 6779 dCert->subjectHash, SHA_DIGEST_SIZE);
wolfSSL 7:481bce714567 6780 }
wolfSSL 7:481bce714567 6781 }
wolfSSL 7:481bce714567 6782 #endif
wolfSSL 7:481bce714567 6783
wolfSSL 7:481bce714567 6784 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 7:481bce714567 6785 if (fatal == 0) {
wolfSSL 7:481bce714567 6786 int doLookup = 1;
wolfSSL 7:481bce714567 6787
wolfSSL 7:481bce714567 6788 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 6789 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 7:481bce714567 6790 if (ssl->status_request) {
wolfSSL 7:481bce714567 6791 fatal = TLSX_CSR_InitRequest(ssl->extensions, dCert,
wolfSSL 7:481bce714567 6792 ssl->heap);
wolfSSL 7:481bce714567 6793 doLookup = 0;
wolfSSL 7:481bce714567 6794 }
wolfSSL 7:481bce714567 6795 #endif
wolfSSL 7:481bce714567 6796 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 6797 if (ssl->status_request_v2) {
wolfSSL 7:481bce714567 6798 fatal = TLSX_CSR2_InitRequests(ssl->extensions, dCert, 1,
wolfSSL 7:481bce714567 6799 ssl->heap);
wolfSSL 7:481bce714567 6800 doLookup = 0;
wolfSSL 7:481bce714567 6801 }
wolfSSL 7:481bce714567 6802 #endif
wolfSSL 7:481bce714567 6803 }
wolfSSL 7:481bce714567 6804
wolfSSL 7:481bce714567 6805 #ifdef HAVE_OCSP
wolfSSL 7:481bce714567 6806 if (doLookup && ssl->ctx->cm->ocspEnabled) {
wolfSSL 7:481bce714567 6807 WOLFSSL_MSG("Doing Leaf OCSP check");
wolfSSL 7:481bce714567 6808 ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert, NULL);
wolfSSL 7:481bce714567 6809 doLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 7:481bce714567 6810 if (ret != 0) {
wolfSSL 7:481bce714567 6811 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 7:481bce714567 6812 fatal = 0;
wolfSSL 7:481bce714567 6813 }
wolfSSL 7:481bce714567 6814 }
wolfSSL 7:481bce714567 6815 #endif /* HAVE_OCSP */
wolfSSL 7:481bce714567 6816
wolfSSL 7:481bce714567 6817 #ifdef HAVE_CRL
wolfSSL 7:481bce714567 6818 if (doLookup && ssl->ctx->cm->crlEnabled) {
wolfSSL 7:481bce714567 6819 WOLFSSL_MSG("Doing Leaf CRL check");
wolfSSL 7:481bce714567 6820 ret = CheckCertCRL(ssl->ctx->cm->crl, dCert);
wolfSSL 7:481bce714567 6821 if (ret != 0) {
wolfSSL 7:481bce714567 6822 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 7:481bce714567 6823 fatal = 0;
wolfSSL 7:481bce714567 6824 }
wolfSSL 7:481bce714567 6825 }
wolfSSL 7:481bce714567 6826 #endif /* HAVE_CRL */
wolfSSL 7:481bce714567 6827 (void)doLookup;
wolfSSL 7:481bce714567 6828 }
wolfSSL 7:481bce714567 6829 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 7:481bce714567 6830
wolfSSL 7:481bce714567 6831 #ifdef KEEP_PEER_CERT
wolfSSL 7:481bce714567 6832 {
wolfSSL 7:481bce714567 6833 /* set X509 format for peer cert even if fatal */
wolfSSL 7:481bce714567 6834 int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert);
wolfSSL 7:481bce714567 6835 if (copyRet == MEMORY_E)
wolfSSL 7:481bce714567 6836 fatal = 1;
wolfSSL 7:481bce714567 6837 }
wolfSSL 7:481bce714567 6838 #endif
wolfSSL 7:481bce714567 6839
wolfSSL 7:481bce714567 6840 #ifndef IGNORE_KEY_EXTENSIONS
wolfSSL 7:481bce714567 6841 if (dCert->extKeyUsageSet) {
wolfSSL 7:481bce714567 6842 if ((ssl->specs.kea == rsa_kea) &&
wolfSSL 7:481bce714567 6843 (ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 7:481bce714567 6844 (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL 7:481bce714567 6845 ret = KEYUSE_ENCIPHER_E;
wolfSSL 7:481bce714567 6846 }
wolfSSL 7:481bce714567 6847 if ((ssl->specs.sig_algo == rsa_sa_algo ||
wolfSSL 7:481bce714567 6848 (ssl->specs.sig_algo == ecc_dsa_sa_algo &&
wolfSSL 7:481bce714567 6849 !ssl->specs.static_ecdh)) &&
wolfSSL 7:481bce714567 6850 (dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL 7:481bce714567 6851 WOLFSSL_MSG("KeyUse Digital Sig not set");
wolfSSL 7:481bce714567 6852 ret = KEYUSE_SIGNATURE_E;
wolfSSL 7:481bce714567 6853 }
wolfSSL 7:481bce714567 6854 }
wolfSSL 7:481bce714567 6855
wolfSSL 7:481bce714567 6856 if (dCert->extExtKeyUsageSet) {
wolfSSL 7:481bce714567 6857 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 6858 if ((dCert->extExtKeyUsage &
wolfSSL 7:481bce714567 6859 (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL 7:481bce714567 6860 WOLFSSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL 7:481bce714567 6861 ret = EXTKEYUSE_AUTH_E;
wolfSSL 7:481bce714567 6862 }
wolfSSL 7:481bce714567 6863 }
wolfSSL 7:481bce714567 6864 else {
wolfSSL 7:481bce714567 6865 if ((dCert->extExtKeyUsage &
wolfSSL 7:481bce714567 6866 (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL 7:481bce714567 6867 WOLFSSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL 7:481bce714567 6868 ret = EXTKEYUSE_AUTH_E;
wolfSSL 7:481bce714567 6869 }
wolfSSL 7:481bce714567 6870 }
wolfSSL 7:481bce714567 6871 }
wolfSSL 7:481bce714567 6872 #endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL 7:481bce714567 6873
wolfSSL 7:481bce714567 6874 if (fatal) {
wolfSSL 7:481bce714567 6875 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 6876 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 6877 XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 6878 #endif
wolfSSL 7:481bce714567 6879 ssl->error = ret;
wolfSSL 7:481bce714567 6880 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 6881 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 7:481bce714567 6882 #endif
wolfSSL 7:481bce714567 6883 return ret;
wolfSSL 7:481bce714567 6884 }
wolfSSL 7:481bce714567 6885 ssl->options.havePeerCert = 1;
wolfSSL 7:481bce714567 6886
wolfSSL 7:481bce714567 6887 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 6888 domain = (char*)XMALLOC(ASN_NAME_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 6889 if (domain == NULL) {
wolfSSL 7:481bce714567 6890 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 6891 XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 6892 return MEMORY_E;
wolfSSL 7:481bce714567 6893 }
wolfSSL 7:481bce714567 6894 #endif
wolfSSL 7:481bce714567 6895 /* store for callback use */
wolfSSL 7:481bce714567 6896 if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 7:481bce714567 6897 XMEMCPY(domain, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL 7:481bce714567 6898 domain[dCert->subjectCNLen] = '\0';
wolfSSL 7:481bce714567 6899 }
wolfSSL 7:481bce714567 6900 else
wolfSSL 7:481bce714567 6901 domain[0] = '\0';
wolfSSL 7:481bce714567 6902
wolfSSL 7:481bce714567 6903 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL 7:481bce714567 6904 if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
wolfSSL 7:481bce714567 6905 (char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL 7:481bce714567 6906 WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL 7:481bce714567 6907 if (CheckAltNames(dCert,
wolfSSL 7:481bce714567 6908 (char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL 7:481bce714567 6909 WOLFSSL_MSG("DomainName match on alt names failed too");
wolfSSL 7:481bce714567 6910 ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */
wolfSSL 7:481bce714567 6911 }
wolfSSL 7:481bce714567 6912 }
wolfSSL 7:481bce714567 6913 }
wolfSSL 7:481bce714567 6914
wolfSSL 7:481bce714567 6915 /* decode peer key */
wolfSSL 7:481bce714567 6916 switch (dCert->keyOID) {
wolfSSL 7:481bce714567 6917 #ifndef NO_RSA
wolfSSL 7:481bce714567 6918 case RSAk:
wolfSSL 7:481bce714567 6919 {
wolfSSL 7:481bce714567 6920 word32 idx = 0;
wolfSSL 7:481bce714567 6921 int keyRet = 0;
wolfSSL 7:481bce714567 6922
wolfSSL 7:481bce714567 6923 if (ssl->peerRsaKey == NULL) {
wolfSSL 7:481bce714567 6924 ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey),
wolfSSL 7:481bce714567 6925 ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 6926 if (ssl->peerRsaKey == NULL) {
wolfSSL 7:481bce714567 6927 WOLFSSL_MSG("PeerRsaKey Memory error");
wolfSSL 7:481bce714567 6928 keyRet = MEMORY_E;
wolfSSL 7:481bce714567 6929 } else {
wolfSSL 7:481bce714567 6930 keyRet = wc_InitRsaKey_ex(ssl->peerRsaKey,
wolfSSL 7:481bce714567 6931 ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 6932 }
wolfSSL 7:481bce714567 6933 } else if (ssl->peerRsaKeyPresent) {
wolfSSL 7:481bce714567 6934 /* don't leak on reuse */
wolfSSL 7:481bce714567 6935 wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL 7:481bce714567 6936 ssl->peerRsaKeyPresent = 0;
wolfSSL 7:481bce714567 6937 keyRet = wc_InitRsaKey_ex(ssl->peerRsaKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 6938 }
wolfSSL 7:481bce714567 6939
wolfSSL 7:481bce714567 6940 if (keyRet != 0 || wc_RsaPublicKeyDecode(dCert->publicKey,
wolfSSL 7:481bce714567 6941 &idx, ssl->peerRsaKey, dCert->pubKeySize) != 0) {
wolfSSL 7:481bce714567 6942 ret = PEER_KEY_ERROR;
wolfSSL 7:481bce714567 6943 }
wolfSSL 7:481bce714567 6944 else {
wolfSSL 7:481bce714567 6945 ssl->peerRsaKeyPresent = 1;
wolfSSL 7:481bce714567 6946 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 6947 #ifndef NO_RSA
wolfSSL 7:481bce714567 6948 ssl->buffers.peerRsaKey.buffer =
wolfSSL 7:481bce714567 6949 (byte*)XMALLOC(dCert->pubKeySize,
wolfSSL 7:481bce714567 6950 ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 6951 if (ssl->buffers.peerRsaKey.buffer == NULL)
wolfSSL 7:481bce714567 6952 ret = MEMORY_ERROR;
wolfSSL 7:481bce714567 6953 else {
wolfSSL 7:481bce714567 6954 XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL 7:481bce714567 6955 dCert->publicKey, dCert->pubKeySize);
wolfSSL 7:481bce714567 6956 ssl->buffers.peerRsaKey.length =
wolfSSL 7:481bce714567 6957 dCert->pubKeySize;
wolfSSL 7:481bce714567 6958 }
wolfSSL 7:481bce714567 6959 #endif /* NO_RSA */
wolfSSL 7:481bce714567 6960 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 6961 }
wolfSSL 7:481bce714567 6962
wolfSSL 7:481bce714567 6963 /* check size of peer RSA key */
wolfSSL 7:481bce714567 6964 if (ret == 0 && ssl->peerRsaKeyPresent &&
wolfSSL 7:481bce714567 6965 !ssl->options.verifyNone &&
wolfSSL 7:481bce714567 6966 wc_RsaEncryptSize(ssl->peerRsaKey)
wolfSSL 7:481bce714567 6967 < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 6968 ret = RSA_KEY_SIZE_E;
wolfSSL 7:481bce714567 6969 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 7:481bce714567 6970 }
wolfSSL 7:481bce714567 6971
wolfSSL 7:481bce714567 6972 }
wolfSSL 7:481bce714567 6973 break;
wolfSSL 7:481bce714567 6974 #endif /* NO_RSA */
wolfSSL 7:481bce714567 6975 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 6976 case NTRUk:
wolfSSL 7:481bce714567 6977 {
wolfSSL 7:481bce714567 6978 if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL 7:481bce714567 6979 ret = PEER_KEY_ERROR;
wolfSSL 7:481bce714567 6980 }
wolfSSL 7:481bce714567 6981 else {
wolfSSL 7:481bce714567 6982 XMEMCPY(ssl->peerNtruKey, dCert->publicKey,
wolfSSL 7:481bce714567 6983 dCert->pubKeySize);
wolfSSL 7:481bce714567 6984 ssl->peerNtruKeyLen = (word16)dCert->pubKeySize;
wolfSSL 7:481bce714567 6985 ssl->peerNtruKeyPresent = 1;
wolfSSL 7:481bce714567 6986 }
wolfSSL 7:481bce714567 6987 }
wolfSSL 7:481bce714567 6988 break;
wolfSSL 7:481bce714567 6989 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 6990 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 6991 case ECDSAk:
wolfSSL 7:481bce714567 6992 {
wolfSSL 7:481bce714567 6993 int curveId;
wolfSSL 7:481bce714567 6994 if (ssl->peerEccDsaKey == NULL) {
wolfSSL 7:481bce714567 6995 /* alloc/init on demand */
wolfSSL 7:481bce714567 6996 ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 6997 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 6998 if (ssl->peerEccDsaKey == NULL) {
wolfSSL 7:481bce714567 6999 WOLFSSL_MSG("PeerEccDsaKey Memory error");
wolfSSL 7:481bce714567 7000 return MEMORY_E;
wolfSSL 7:481bce714567 7001 }
wolfSSL 7:481bce714567 7002 wc_ecc_init_ex(ssl->peerEccDsaKey, ssl->heap,
wolfSSL 7:481bce714567 7003 ssl->devId);
wolfSSL 7:481bce714567 7004 } else if (ssl->peerEccDsaKeyPresent) {
wolfSSL 7:481bce714567 7005 /* don't leak on reuse */
wolfSSL 7:481bce714567 7006 wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL 7:481bce714567 7007 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 7:481bce714567 7008 wc_ecc_init_ex(ssl->peerEccDsaKey, ssl->heap,
wolfSSL 7:481bce714567 7009 ssl->devId);
wolfSSL 7:481bce714567 7010 }
wolfSSL 7:481bce714567 7011
wolfSSL 7:481bce714567 7012 curveId = wc_ecc_get_oid(dCert->keyOID, NULL, NULL);
wolfSSL 7:481bce714567 7013 if (wc_ecc_import_x963_ex(dCert->publicKey,
wolfSSL 7:481bce714567 7014 dCert->pubKeySize, ssl->peerEccDsaKey, curveId) != 0) {
wolfSSL 7:481bce714567 7015 ret = PEER_KEY_ERROR;
wolfSSL 7:481bce714567 7016 }
wolfSSL 7:481bce714567 7017 else {
wolfSSL 7:481bce714567 7018 ssl->peerEccDsaKeyPresent = 1;
wolfSSL 7:481bce714567 7019 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 7020 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 7021 ssl->buffers.peerEccDsaKey.buffer =
wolfSSL 7:481bce714567 7022 (byte*)XMALLOC(dCert->pubKeySize,
wolfSSL 7:481bce714567 7023 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 7024 if (ssl->buffers.peerEccDsaKey.buffer == NULL)
wolfSSL 7:481bce714567 7025 ret = MEMORY_ERROR;
wolfSSL 7:481bce714567 7026 else {
wolfSSL 7:481bce714567 7027 XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 7:481bce714567 7028 dCert->publicKey, dCert->pubKeySize);
wolfSSL 7:481bce714567 7029 ssl->buffers.peerEccDsaKey.length =
wolfSSL 7:481bce714567 7030 dCert->pubKeySize;
wolfSSL 7:481bce714567 7031 }
wolfSSL 7:481bce714567 7032 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 7033 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 7:481bce714567 7034 }
wolfSSL 7:481bce714567 7035
wolfSSL 7:481bce714567 7036 /* check size of peer ECC key */
wolfSSL 7:481bce714567 7037 if (ret == 0 && ssl->peerEccDsaKeyPresent &&
wolfSSL 7:481bce714567 7038 !ssl->options.verifyNone &&
wolfSSL 7:481bce714567 7039 wc_ecc_size(ssl->peerEccDsaKey)
wolfSSL 7:481bce714567 7040 < ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 7041 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 7042 WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL 7:481bce714567 7043 }
wolfSSL 7:481bce714567 7044
wolfSSL 7:481bce714567 7045 }
wolfSSL 7:481bce714567 7046 break;
wolfSSL 7:481bce714567 7047 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 7048 default:
wolfSSL 7:481bce714567 7049 break;
wolfSSL 7:481bce714567 7050 }
wolfSSL 7:481bce714567 7051
wolfSSL 7:481bce714567 7052 FreeDecodedCert(dCert);
wolfSSL 7:481bce714567 7053 }
wolfSSL 7:481bce714567 7054
wolfSSL 7:481bce714567 7055 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7056 XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7057
wolfSSL 7:481bce714567 7058 store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX),
wolfSSL 7:481bce714567 7059 NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7060 if (store == NULL) {
wolfSSL 7:481bce714567 7061 XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7062 return MEMORY_E;
wolfSSL 7:481bce714567 7063 }
wolfSSL 7:481bce714567 7064 #endif
wolfSSL 7:481bce714567 7065 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
wolfSSL 7:481bce714567 7066
wolfSSL 7:481bce714567 7067 if (anyError != 0 && ret == 0)
wolfSSL 7:481bce714567 7068 ret = anyError;
wolfSSL 7:481bce714567 7069
wolfSSL 7:481bce714567 7070 if (ret != 0) {
wolfSSL 7:481bce714567 7071 if (!ssl->options.verifyNone) {
wolfSSL 7:481bce714567 7072 int why = bad_certificate;
wolfSSL 7:481bce714567 7073
wolfSSL 7:481bce714567 7074 if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
wolfSSL 7:481bce714567 7075 why = certificate_expired;
wolfSSL 7:481bce714567 7076 if (ssl->verifyCallback) {
wolfSSL 7:481bce714567 7077 int ok;
wolfSSL 7:481bce714567 7078
wolfSSL 7:481bce714567 7079 store->error = ret;
wolfSSL 7:481bce714567 7080 store->error_depth = totalCerts;
wolfSSL 7:481bce714567 7081 store->discardSessionCerts = 0;
wolfSSL 7:481bce714567 7082 store->domain = domain;
wolfSSL 7:481bce714567 7083 store->userCtx = ssl->verifyCbCtx;
wolfSSL 7:481bce714567 7084 store->certs = certs;
wolfSSL 7:481bce714567 7085 store->totalCerts = totalCerts;
wolfSSL 7:481bce714567 7086 #ifdef KEEP_PEER_CERT
wolfSSL 7:481bce714567 7087 store->current_cert = &ssl->peerCert;
wolfSSL 7:481bce714567 7088 #else
wolfSSL 7:481bce714567 7089 store->current_cert = NULL;
wolfSSL 7:481bce714567 7090 #endif
wolfSSL 7:481bce714567 7091 #if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL)
wolfSSL 7:481bce714567 7092 store->ex_data = ssl;
wolfSSL 7:481bce714567 7093 #endif
wolfSSL 7:481bce714567 7094 ok = ssl->verifyCallback(0, store);
wolfSSL 7:481bce714567 7095 if (ok) {
wolfSSL 7:481bce714567 7096 WOLFSSL_MSG("Verify callback overriding error!");
wolfSSL 7:481bce714567 7097 ret = 0;
wolfSSL 7:481bce714567 7098 }
wolfSSL 7:481bce714567 7099 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 7100 if (store->discardSessionCerts) {
wolfSSL 7:481bce714567 7101 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 7:481bce714567 7102 ssl->session.chain.count = 0;
wolfSSL 7:481bce714567 7103 }
wolfSSL 7:481bce714567 7104 #endif
wolfSSL 7:481bce714567 7105 }
wolfSSL 7:481bce714567 7106 if (ret != 0) {
wolfSSL 7:481bce714567 7107 SendAlert(ssl, alert_fatal, why); /* try to send */
wolfSSL 7:481bce714567 7108 ssl->options.isClosed = 1;
wolfSSL 7:481bce714567 7109 }
wolfSSL 7:481bce714567 7110 }
wolfSSL 7:481bce714567 7111 ssl->error = ret;
wolfSSL 7:481bce714567 7112 }
wolfSSL 7:481bce714567 7113 #ifdef WOLFSSL_ALWAYS_VERIFY_CB
wolfSSL 7:481bce714567 7114 else {
wolfSSL 7:481bce714567 7115 if (ssl->verifyCallback) {
wolfSSL 7:481bce714567 7116 int ok;
wolfSSL 7:481bce714567 7117
wolfSSL 7:481bce714567 7118 store->error = ret;
wolfSSL 7:481bce714567 7119 store->error_depth = totalCerts;
wolfSSL 7:481bce714567 7120 store->discardSessionCerts = 0;
wolfSSL 7:481bce714567 7121 store->domain = domain;
wolfSSL 7:481bce714567 7122 store->userCtx = ssl->verifyCbCtx;
wolfSSL 7:481bce714567 7123 store->certs = certs;
wolfSSL 7:481bce714567 7124 store->totalCerts = totalCerts;
wolfSSL 7:481bce714567 7125 #ifdef KEEP_PEER_CERT
wolfSSL 7:481bce714567 7126 store->current_cert = &ssl->peerCert;
wolfSSL 7:481bce714567 7127 #endif
wolfSSL 7:481bce714567 7128 store->ex_data = ssl;
wolfSSL 7:481bce714567 7129
wolfSSL 7:481bce714567 7130 ok = ssl->verifyCallback(1, store);
wolfSSL 7:481bce714567 7131 if (!ok) {
wolfSSL 7:481bce714567 7132 WOLFSSL_MSG("Verify callback overriding valid certificate!");
wolfSSL 7:481bce714567 7133 ret = -1;
wolfSSL 7:481bce714567 7134 SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL 7:481bce714567 7135 ssl->options.isClosed = 1;
wolfSSL 7:481bce714567 7136 }
wolfSSL 7:481bce714567 7137 #ifdef SESSION_CERTS
wolfSSL 7:481bce714567 7138 if (store->discardSessionCerts) {
wolfSSL 7:481bce714567 7139 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 7:481bce714567 7140 ssl->session.chain.count = 0;
wolfSSL 7:481bce714567 7141 }
wolfSSL 7:481bce714567 7142 #endif
wolfSSL 7:481bce714567 7143 }
wolfSSL 7:481bce714567 7144 }
wolfSSL 7:481bce714567 7145 #endif
wolfSSL 7:481bce714567 7146
wolfSSL 7:481bce714567 7147 if (ssl->options.verifyNone &&
wolfSSL 7:481bce714567 7148 (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
wolfSSL 7:481bce714567 7149 WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
wolfSSL 7:481bce714567 7150 ret = ssl->error = 0;
wolfSSL 7:481bce714567 7151 }
wolfSSL 7:481bce714567 7152
wolfSSL 7:481bce714567 7153 if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 7154 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 7:481bce714567 7155
wolfSSL 7:481bce714567 7156 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 7157 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 7158 }
wolfSSL 7:481bce714567 7159
wolfSSL 7:481bce714567 7160 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7161 XFREE(store, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7162 XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7163 #endif
wolfSSL 7:481bce714567 7164
wolfSSL 7:481bce714567 7165 return ret;
wolfSSL 7:481bce714567 7166 }
wolfSSL 7:481bce714567 7167
wolfSSL 7:481bce714567 7168
wolfSSL 7:481bce714567 7169 static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 7170 word32 size)
wolfSSL 7:481bce714567 7171 {
wolfSSL 7:481bce714567 7172 int ret = 0;
wolfSSL 7:481bce714567 7173 byte status_type;
wolfSSL 7:481bce714567 7174 word32 status_length;
wolfSSL 7:481bce714567 7175
wolfSSL 7:481bce714567 7176 if (size < ENUM_LEN + OPAQUE24_LEN)
wolfSSL 7:481bce714567 7177 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7178
wolfSSL 7:481bce714567 7179 status_type = input[(*inOutIdx)++];
wolfSSL 7:481bce714567 7180
wolfSSL 7:481bce714567 7181 c24to32(input + *inOutIdx, &status_length);
wolfSSL 7:481bce714567 7182 *inOutIdx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 7183
wolfSSL 7:481bce714567 7184 if (size != ENUM_LEN + OPAQUE24_LEN + status_length)
wolfSSL 7:481bce714567 7185 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7186
wolfSSL 7:481bce714567 7187 switch (status_type) {
wolfSSL 7:481bce714567 7188
wolfSSL 7:481bce714567 7189 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 7190 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 7191
wolfSSL 7:481bce714567 7192 /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
wolfSSL 7:481bce714567 7193 case WOLFSSL_CSR2_OCSP: {
wolfSSL 7:481bce714567 7194 OcspRequest* request;
wolfSSL 7:481bce714567 7195
wolfSSL 7:481bce714567 7196 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7197 CertStatus* status;
wolfSSL 7:481bce714567 7198 OcspResponse* response;
wolfSSL 7:481bce714567 7199 #else
wolfSSL 7:481bce714567 7200 CertStatus status[1];
wolfSSL 7:481bce714567 7201 OcspResponse response[1];
wolfSSL 7:481bce714567 7202 #endif
wolfSSL 7:481bce714567 7203
wolfSSL 7:481bce714567 7204 do {
wolfSSL 7:481bce714567 7205 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 7:481bce714567 7206 if (ssl->status_request) {
wolfSSL 7:481bce714567 7207 request = (OcspRequest*)TLSX_CSR_GetRequest(
wolfSSL 7:481bce714567 7208 ssl->extensions);
wolfSSL 7:481bce714567 7209 ssl->status_request = 0;
wolfSSL 7:481bce714567 7210 break;
wolfSSL 7:481bce714567 7211 }
wolfSSL 7:481bce714567 7212 #endif
wolfSSL 7:481bce714567 7213
wolfSSL 7:481bce714567 7214 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 7215 if (ssl->status_request_v2) {
wolfSSL 7:481bce714567 7216 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 7:481bce714567 7217 ssl->extensions, status_type, 0);
wolfSSL 7:481bce714567 7218 ssl->status_request_v2 = 0;
wolfSSL 7:481bce714567 7219 break;
wolfSSL 7:481bce714567 7220 }
wolfSSL 7:481bce714567 7221 #endif
wolfSSL 7:481bce714567 7222
wolfSSL 7:481bce714567 7223 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7224 } while(0);
wolfSSL 7:481bce714567 7225
wolfSSL 7:481bce714567 7226 if (request == NULL)
wolfSSL 7:481bce714567 7227 return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */
wolfSSL 7:481bce714567 7228
wolfSSL 7:481bce714567 7229 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7230 status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL 7:481bce714567 7231 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7232 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL 7:481bce714567 7233 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7234
wolfSSL 7:481bce714567 7235 if (status == NULL || response == NULL) {
wolfSSL 7:481bce714567 7236 if (status)
wolfSSL 7:481bce714567 7237 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7238 if (response)
wolfSSL 7:481bce714567 7239 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7240
wolfSSL 7:481bce714567 7241 return MEMORY_ERROR;
wolfSSL 7:481bce714567 7242 }
wolfSSL 7:481bce714567 7243 #endif
wolfSSL 7:481bce714567 7244
wolfSSL 7:481bce714567 7245 InitOcspResponse(response, status, input +*inOutIdx, status_length);
wolfSSL 7:481bce714567 7246
wolfSSL 7:481bce714567 7247 if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap) != 0)
wolfSSL 7:481bce714567 7248 || (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 7:481bce714567 7249 || (response->status->status != CERT_GOOD)
wolfSSL 7:481bce714567 7250 || (CompareOcspReqResp(request, response) != 0))
wolfSSL 7:481bce714567 7251 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 7:481bce714567 7252
wolfSSL 7:481bce714567 7253 *inOutIdx += status_length;
wolfSSL 7:481bce714567 7254
wolfSSL 7:481bce714567 7255 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7256 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7257 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7258 #endif
wolfSSL 7:481bce714567 7259
wolfSSL 7:481bce714567 7260 }
wolfSSL 7:481bce714567 7261 break;
wolfSSL 7:481bce714567 7262
wolfSSL 7:481bce714567 7263 #endif
wolfSSL 7:481bce714567 7264
wolfSSL 7:481bce714567 7265 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 7266
wolfSSL 7:481bce714567 7267 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 7:481bce714567 7268 OcspRequest* request;
wolfSSL 7:481bce714567 7269 word32 list_length = status_length;
wolfSSL 7:481bce714567 7270 byte index = 0;
wolfSSL 7:481bce714567 7271
wolfSSL 7:481bce714567 7272 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7273 CertStatus* status;
wolfSSL 7:481bce714567 7274 OcspResponse* response;
wolfSSL 7:481bce714567 7275 #else
wolfSSL 7:481bce714567 7276 CertStatus status[1];
wolfSSL 7:481bce714567 7277 OcspResponse response[1];
wolfSSL 7:481bce714567 7278 #endif
wolfSSL 7:481bce714567 7279
wolfSSL 7:481bce714567 7280 do {
wolfSSL 7:481bce714567 7281 if (ssl->status_request_v2) {
wolfSSL 7:481bce714567 7282 ssl->status_request_v2 = 0;
wolfSSL 7:481bce714567 7283 break;
wolfSSL 7:481bce714567 7284 }
wolfSSL 7:481bce714567 7285
wolfSSL 7:481bce714567 7286 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7287 } while(0);
wolfSSL 7:481bce714567 7288
wolfSSL 7:481bce714567 7289 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7290 status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL 7:481bce714567 7291 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7292 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL 7:481bce714567 7293 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7294
wolfSSL 7:481bce714567 7295 if (status == NULL || response == NULL) {
wolfSSL 7:481bce714567 7296 if (status)
wolfSSL 7:481bce714567 7297 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7298 if (response)
wolfSSL 7:481bce714567 7299 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7300
wolfSSL 7:481bce714567 7301 return MEMORY_ERROR;
wolfSSL 7:481bce714567 7302 }
wolfSSL 7:481bce714567 7303 #endif
wolfSSL 7:481bce714567 7304
wolfSSL 7:481bce714567 7305 while (list_length && ret == 0) {
wolfSSL 7:481bce714567 7306 if (OPAQUE24_LEN > list_length) {
wolfSSL 7:481bce714567 7307 ret = BUFFER_ERROR;
wolfSSL 7:481bce714567 7308 break;
wolfSSL 7:481bce714567 7309 }
wolfSSL 7:481bce714567 7310
wolfSSL 7:481bce714567 7311 c24to32(input + *inOutIdx, &status_length);
wolfSSL 7:481bce714567 7312 *inOutIdx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 7313 list_length -= OPAQUE24_LEN;
wolfSSL 7:481bce714567 7314
wolfSSL 7:481bce714567 7315 if (status_length > list_length) {
wolfSSL 7:481bce714567 7316 ret = BUFFER_ERROR;
wolfSSL 7:481bce714567 7317 break;
wolfSSL 7:481bce714567 7318 }
wolfSSL 7:481bce714567 7319
wolfSSL 7:481bce714567 7320 if (status_length) {
wolfSSL 7:481bce714567 7321 InitOcspResponse(response, status, input +*inOutIdx,
wolfSSL 7:481bce714567 7322 status_length);
wolfSSL 7:481bce714567 7323
wolfSSL 7:481bce714567 7324 if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap)
wolfSSL 7:481bce714567 7325 != 0)
wolfSSL 7:481bce714567 7326 || (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 7:481bce714567 7327 || (response->status->status != CERT_GOOD))
wolfSSL 7:481bce714567 7328 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 7:481bce714567 7329
wolfSSL 7:481bce714567 7330 while (ret == 0) {
wolfSSL 7:481bce714567 7331 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 7:481bce714567 7332 ssl->extensions, status_type, index++);
wolfSSL 7:481bce714567 7333
wolfSSL 7:481bce714567 7334 if (request == NULL)
wolfSSL 7:481bce714567 7335 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 7:481bce714567 7336 else if (CompareOcspReqResp(request, response) == 0)
wolfSSL 7:481bce714567 7337 break;
wolfSSL 7:481bce714567 7338 else if (index == 1) /* server cert must be OK */
wolfSSL 7:481bce714567 7339 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 7:481bce714567 7340 }
wolfSSL 7:481bce714567 7341
wolfSSL 7:481bce714567 7342 *inOutIdx += status_length;
wolfSSL 7:481bce714567 7343 list_length -= status_length;
wolfSSL 7:481bce714567 7344 }
wolfSSL 7:481bce714567 7345 }
wolfSSL 7:481bce714567 7346
wolfSSL 7:481bce714567 7347 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 7348 ssl->status_request_v2 = 0;
wolfSSL 7:481bce714567 7349 #endif
wolfSSL 7:481bce714567 7350
wolfSSL 7:481bce714567 7351 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 7352 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7353 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 7354 #endif
wolfSSL 7:481bce714567 7355
wolfSSL 7:481bce714567 7356 }
wolfSSL 7:481bce714567 7357 break;
wolfSSL 7:481bce714567 7358
wolfSSL 7:481bce714567 7359 #endif
wolfSSL 7:481bce714567 7360
wolfSSL 7:481bce714567 7361 default:
wolfSSL 7:481bce714567 7362 ret = BUFFER_ERROR;
wolfSSL 7:481bce714567 7363 }
wolfSSL 7:481bce714567 7364
wolfSSL 7:481bce714567 7365 if (ret != 0)
wolfSSL 7:481bce714567 7366 SendAlert(ssl, alert_fatal, bad_certificate_status_response);
wolfSSL 7:481bce714567 7367
wolfSSL 7:481bce714567 7368 return ret;
wolfSSL 7:481bce714567 7369 }
wolfSSL 7:481bce714567 7370
wolfSSL 7:481bce714567 7371 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 7372
wolfSSL 7:481bce714567 7373
wolfSSL 7:481bce714567 7374 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 7375 word32 size, word32 totalSz)
wolfSSL 7:481bce714567 7376 {
wolfSSL 7:481bce714567 7377 (void)input;
wolfSSL 7:481bce714567 7378
wolfSSL 7:481bce714567 7379 if (size) /* must be 0 */
wolfSSL 7:481bce714567 7380 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7381
wolfSSL 7:481bce714567 7382 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 7383 /* access beyond input + size should be checked against totalSz */
wolfSSL 7:481bce714567 7384 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 7:481bce714567 7385 return BUFFER_E;
wolfSSL 7:481bce714567 7386
wolfSSL 7:481bce714567 7387 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 7388 }
wolfSSL 7:481bce714567 7389
wolfSSL 7:481bce714567 7390 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 7391 SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL 7:481bce714567 7392 return FATAL_ERROR;
wolfSSL 7:481bce714567 7393 }
wolfSSL 7:481bce714567 7394 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 7395 else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 7:481bce714567 7396 ssl->secure_renegotiation->startScr = 1;
wolfSSL 7:481bce714567 7397 return 0;
wolfSSL 7:481bce714567 7398 }
wolfSSL 7:481bce714567 7399 #endif
wolfSSL 7:481bce714567 7400 else {
wolfSSL 7:481bce714567 7401 return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL 7:481bce714567 7402 }
wolfSSL 7:481bce714567 7403 }
wolfSSL 7:481bce714567 7404
wolfSSL 7:481bce714567 7405
wolfSSL 7:481bce714567 7406 int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL 7:481bce714567 7407 word32 totalSz, int sniff)
wolfSSL 7:481bce714567 7408 {
wolfSSL 7:481bce714567 7409 word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL 7:481bce714567 7410
wolfSSL 7:481bce714567 7411 if (finishedSz != size)
wolfSSL 7:481bce714567 7412 return BUFFER_ERROR;
wolfSSL 7:481bce714567 7413
wolfSSL 7:481bce714567 7414 /* check against totalSz */
wolfSSL 7:481bce714567 7415 if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL 7:481bce714567 7416 return BUFFER_E;
wolfSSL 7:481bce714567 7417
wolfSSL 7:481bce714567 7418 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 7419 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 7420 if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 7421 #endif
wolfSSL 7:481bce714567 7422
wolfSSL 7:481bce714567 7423 if (sniff == NO_SNIFF) {
wolfSSL 7:481bce714567 7424 if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
wolfSSL 7:481bce714567 7425 WOLFSSL_MSG("Verify finished error on hashes");
wolfSSL 7:481bce714567 7426 return VERIFY_FINISHED_ERROR;
wolfSSL 7:481bce714567 7427 }
wolfSSL 7:481bce714567 7428 }
wolfSSL 7:481bce714567 7429
wolfSSL 7:481bce714567 7430 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 7431 if (ssl->secure_renegotiation) {
wolfSSL 7:481bce714567 7432 /* save peer's state */
wolfSSL 7:481bce714567 7433 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 7434 XMEMCPY(ssl->secure_renegotiation->server_verify_data,
wolfSSL 7:481bce714567 7435 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 7:481bce714567 7436 else
wolfSSL 7:481bce714567 7437 XMEMCPY(ssl->secure_renegotiation->client_verify_data,
wolfSSL 7:481bce714567 7438 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 7:481bce714567 7439 }
wolfSSL 7:481bce714567 7440 #endif
wolfSSL 7:481bce714567 7441
wolfSSL 7:481bce714567 7442 /* force input exhaustion at ProcessReply consuming padSz */
wolfSSL 7:481bce714567 7443 *inOutIdx += size + ssl->keys.padSz;
wolfSSL 7:481bce714567 7444
wolfSSL 7:481bce714567 7445 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 7446 ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL 7:481bce714567 7447 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 7448 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 7:481bce714567 7449 ssl->options.handShakeDone = 1;
wolfSSL 7:481bce714567 7450 }
wolfSSL 7:481bce714567 7451 }
wolfSSL 7:481bce714567 7452 else {
wolfSSL 7:481bce714567 7453 ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL 7:481bce714567 7454 if (ssl->options.resuming) {
wolfSSL 7:481bce714567 7455 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 7:481bce714567 7456 ssl->options.handShakeDone = 1;
wolfSSL 7:481bce714567 7457 }
wolfSSL 7:481bce714567 7458 }
wolfSSL 7:481bce714567 7459
wolfSSL 7:481bce714567 7460 return 0;
wolfSSL 7:481bce714567 7461 }
wolfSSL 7:481bce714567 7462
wolfSSL 7:481bce714567 7463
wolfSSL 7:481bce714567 7464 /* Make sure no duplicates, no fast forward, or other problems; 0 on success */
wolfSSL 7:481bce714567 7465 static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
wolfSSL 7:481bce714567 7466 {
wolfSSL 7:481bce714567 7467 /* verify not a duplicate, mark received, check state */
wolfSSL 7:481bce714567 7468 switch (type) {
wolfSSL 7:481bce714567 7469
wolfSSL 7:481bce714567 7470 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7471 case hello_request:
wolfSSL 7:481bce714567 7472 if (ssl->msgsReceived.got_hello_request) {
wolfSSL 7:481bce714567 7473 WOLFSSL_MSG("Duplicate HelloRequest received");
wolfSSL 7:481bce714567 7474 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7475 }
wolfSSL 7:481bce714567 7476 ssl->msgsReceived.got_hello_request = 1;
wolfSSL 7:481bce714567 7477
wolfSSL 7:481bce714567 7478 break;
wolfSSL 7:481bce714567 7479 #endif
wolfSSL 7:481bce714567 7480
wolfSSL 7:481bce714567 7481 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7482 case client_hello:
wolfSSL 7:481bce714567 7483 if (ssl->msgsReceived.got_client_hello) {
wolfSSL 7:481bce714567 7484 WOLFSSL_MSG("Duplicate ClientHello received");
wolfSSL 7:481bce714567 7485 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7486 }
wolfSSL 7:481bce714567 7487 ssl->msgsReceived.got_client_hello = 1;
wolfSSL 7:481bce714567 7488
wolfSSL 7:481bce714567 7489 break;
wolfSSL 7:481bce714567 7490 #endif
wolfSSL 7:481bce714567 7491
wolfSSL 7:481bce714567 7492 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7493 case server_hello:
wolfSSL 7:481bce714567 7494 if (ssl->msgsReceived.got_server_hello) {
wolfSSL 7:481bce714567 7495 WOLFSSL_MSG("Duplicate ServerHello received");
wolfSSL 7:481bce714567 7496 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7497 }
wolfSSL 7:481bce714567 7498 ssl->msgsReceived.got_server_hello = 1;
wolfSSL 7:481bce714567 7499
wolfSSL 7:481bce714567 7500 break;
wolfSSL 7:481bce714567 7501 #endif
wolfSSL 7:481bce714567 7502
wolfSSL 7:481bce714567 7503 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7504 case hello_verify_request:
wolfSSL 7:481bce714567 7505 if (ssl->msgsReceived.got_hello_verify_request) {
wolfSSL 7:481bce714567 7506 WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
wolfSSL 7:481bce714567 7507 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7508 }
wolfSSL 7:481bce714567 7509 ssl->msgsReceived.got_hello_verify_request = 1;
wolfSSL 7:481bce714567 7510
wolfSSL 7:481bce714567 7511 break;
wolfSSL 7:481bce714567 7512 #endif
wolfSSL 7:481bce714567 7513
wolfSSL 7:481bce714567 7514 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7515 case session_ticket:
wolfSSL 7:481bce714567 7516 if (ssl->msgsReceived.got_session_ticket) {
wolfSSL 7:481bce714567 7517 WOLFSSL_MSG("Duplicate SessionTicket received");
wolfSSL 7:481bce714567 7518 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7519 }
wolfSSL 7:481bce714567 7520 ssl->msgsReceived.got_session_ticket = 1;
wolfSSL 7:481bce714567 7521
wolfSSL 7:481bce714567 7522 break;
wolfSSL 7:481bce714567 7523 #endif
wolfSSL 7:481bce714567 7524
wolfSSL 7:481bce714567 7525 case certificate:
wolfSSL 7:481bce714567 7526 if (ssl->msgsReceived.got_certificate) {
wolfSSL 7:481bce714567 7527 WOLFSSL_MSG("Duplicate Certificate received");
wolfSSL 7:481bce714567 7528 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7529 }
wolfSSL 7:481bce714567 7530 ssl->msgsReceived.got_certificate = 1;
wolfSSL 7:481bce714567 7531
wolfSSL 7:481bce714567 7532 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7533 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 7534 if ( ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 7:481bce714567 7535 WOLFSSL_MSG("No ServerHello before Cert");
wolfSSL 7:481bce714567 7536 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7537 }
wolfSSL 7:481bce714567 7538 }
wolfSSL 7:481bce714567 7539 #endif
wolfSSL 7:481bce714567 7540 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7541 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 7542 if ( ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 7:481bce714567 7543 WOLFSSL_MSG("No ClientHello before Cert");
wolfSSL 7:481bce714567 7544 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7545 }
wolfSSL 7:481bce714567 7546 }
wolfSSL 7:481bce714567 7547 #endif
wolfSSL 7:481bce714567 7548 break;
wolfSSL 7:481bce714567 7549
wolfSSL 7:481bce714567 7550 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7551 case certificate_status:
wolfSSL 7:481bce714567 7552 if (ssl->msgsReceived.got_certificate_status) {
wolfSSL 7:481bce714567 7553 WOLFSSL_MSG("Duplicate CertificateSatatus received");
wolfSSL 7:481bce714567 7554 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7555 }
wolfSSL 7:481bce714567 7556 ssl->msgsReceived.got_certificate_status = 1;
wolfSSL 7:481bce714567 7557
wolfSSL 7:481bce714567 7558 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 7:481bce714567 7559 WOLFSSL_MSG("No Certificate before CertificateStatus");
wolfSSL 7:481bce714567 7560 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7561 }
wolfSSL 7:481bce714567 7562 if (ssl->msgsReceived.got_server_key_exchange != 0) {
wolfSSL 7:481bce714567 7563 WOLFSSL_MSG("CertificateStatus after ServerKeyExchange");
wolfSSL 7:481bce714567 7564 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7565 }
wolfSSL 7:481bce714567 7566
wolfSSL 7:481bce714567 7567 break;
wolfSSL 7:481bce714567 7568 #endif
wolfSSL 7:481bce714567 7569
wolfSSL 7:481bce714567 7570 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7571 case server_key_exchange:
wolfSSL 7:481bce714567 7572 if (ssl->msgsReceived.got_server_key_exchange) {
wolfSSL 7:481bce714567 7573 WOLFSSL_MSG("Duplicate ServerKeyExchange received");
wolfSSL 7:481bce714567 7574 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7575 }
wolfSSL 7:481bce714567 7576 ssl->msgsReceived.got_server_key_exchange = 1;
wolfSSL 7:481bce714567 7577
wolfSSL 7:481bce714567 7578 if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 7:481bce714567 7579 WOLFSSL_MSG("No ServerHello before ServerKeyExchange");
wolfSSL 7:481bce714567 7580 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7581 }
wolfSSL 7:481bce714567 7582 if (ssl->msgsReceived.got_certificate_status == 0) {
wolfSSL 7:481bce714567 7583 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 7:481bce714567 7584 if (ssl->status_request) {
wolfSSL 7:481bce714567 7585 int ret;
wolfSSL 7:481bce714567 7586
wolfSSL 7:481bce714567 7587 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 7:481bce714567 7588 if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0)
wolfSSL 7:481bce714567 7589 return ret;
wolfSSL 7:481bce714567 7590 }
wolfSSL 7:481bce714567 7591 #endif
wolfSSL 7:481bce714567 7592 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 7593 if (ssl->status_request_v2) {
wolfSSL 7:481bce714567 7594 int ret;
wolfSSL 7:481bce714567 7595
wolfSSL 7:481bce714567 7596 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 7:481bce714567 7597 if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0)
wolfSSL 7:481bce714567 7598 return ret;
wolfSSL 7:481bce714567 7599 }
wolfSSL 7:481bce714567 7600 #endif
wolfSSL 7:481bce714567 7601 }
wolfSSL 7:481bce714567 7602
wolfSSL 7:481bce714567 7603 break;
wolfSSL 7:481bce714567 7604 #endif
wolfSSL 7:481bce714567 7605
wolfSSL 7:481bce714567 7606 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7607 case certificate_request:
wolfSSL 7:481bce714567 7608 if (ssl->msgsReceived.got_certificate_request) {
wolfSSL 7:481bce714567 7609 WOLFSSL_MSG("Duplicate CertificateRequest received");
wolfSSL 7:481bce714567 7610 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7611 }
wolfSSL 7:481bce714567 7612 ssl->msgsReceived.got_certificate_request = 1;
wolfSSL 7:481bce714567 7613
wolfSSL 7:481bce714567 7614 break;
wolfSSL 7:481bce714567 7615 #endif
wolfSSL 7:481bce714567 7616
wolfSSL 7:481bce714567 7617 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7618 case server_hello_done:
wolfSSL 7:481bce714567 7619 if (ssl->msgsReceived.got_server_hello_done) {
wolfSSL 7:481bce714567 7620 WOLFSSL_MSG("Duplicate ServerHelloDone received");
wolfSSL 7:481bce714567 7621 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7622 }
wolfSSL 7:481bce714567 7623 ssl->msgsReceived.got_server_hello_done = 1;
wolfSSL 7:481bce714567 7624
wolfSSL 7:481bce714567 7625 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 7:481bce714567 7626 if (ssl->specs.kea == psk_kea ||
wolfSSL 7:481bce714567 7627 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 7:481bce714567 7628 ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 7:481bce714567 7629 ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 7630 WOLFSSL_MSG("No Cert required");
wolfSSL 7:481bce714567 7631 } else {
wolfSSL 7:481bce714567 7632 WOLFSSL_MSG("No Certificate before ServerHelloDone");
wolfSSL 7:481bce714567 7633 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7634 }
wolfSSL 7:481bce714567 7635 }
wolfSSL 7:481bce714567 7636 if (ssl->msgsReceived.got_server_key_exchange == 0) {
wolfSSL 7:481bce714567 7637 int pskNoServerHint = 0; /* not required in this case */
wolfSSL 7:481bce714567 7638
wolfSSL 7:481bce714567 7639 #ifndef NO_PSK
wolfSSL 7:481bce714567 7640 if (ssl->specs.kea == psk_kea &&
wolfSSL 7:481bce714567 7641 ssl->arrays->server_hint[0] == 0)
wolfSSL 7:481bce714567 7642 pskNoServerHint = 1;
wolfSSL 7:481bce714567 7643 #endif
wolfSSL 7:481bce714567 7644 if (ssl->specs.static_ecdh == 1 ||
wolfSSL 7:481bce714567 7645 ssl->specs.kea == rsa_kea ||
wolfSSL 7:481bce714567 7646 ssl->specs.kea == ntru_kea ||
wolfSSL 7:481bce714567 7647 pskNoServerHint) {
wolfSSL 7:481bce714567 7648 WOLFSSL_MSG("No KeyExchange required");
wolfSSL 7:481bce714567 7649 } else {
wolfSSL 7:481bce714567 7650 WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
wolfSSL 7:481bce714567 7651 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7652 }
wolfSSL 7:481bce714567 7653 }
wolfSSL 7:481bce714567 7654 break;
wolfSSL 7:481bce714567 7655 #endif
wolfSSL 7:481bce714567 7656
wolfSSL 7:481bce714567 7657 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7658 case certificate_verify:
wolfSSL 7:481bce714567 7659 if (ssl->msgsReceived.got_certificate_verify) {
wolfSSL 7:481bce714567 7660 WOLFSSL_MSG("Duplicate CertificateVerify received");
wolfSSL 7:481bce714567 7661 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7662 }
wolfSSL 7:481bce714567 7663 ssl->msgsReceived.got_certificate_verify = 1;
wolfSSL 7:481bce714567 7664
wolfSSL 7:481bce714567 7665 if ( ssl->msgsReceived.got_certificate == 0) {
wolfSSL 7:481bce714567 7666 WOLFSSL_MSG("No Cert before CertVerify");
wolfSSL 7:481bce714567 7667 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7668 }
wolfSSL 7:481bce714567 7669 break;
wolfSSL 7:481bce714567 7670 #endif
wolfSSL 7:481bce714567 7671
wolfSSL 7:481bce714567 7672 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7673 case client_key_exchange:
wolfSSL 7:481bce714567 7674 if (ssl->msgsReceived.got_client_key_exchange) {
wolfSSL 7:481bce714567 7675 WOLFSSL_MSG("Duplicate ClientKeyExchange received");
wolfSSL 7:481bce714567 7676 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7677 }
wolfSSL 7:481bce714567 7678 ssl->msgsReceived.got_client_key_exchange = 1;
wolfSSL 7:481bce714567 7679
wolfSSL 7:481bce714567 7680 if (ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 7:481bce714567 7681 WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
wolfSSL 7:481bce714567 7682 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7683 }
wolfSSL 7:481bce714567 7684 break;
wolfSSL 7:481bce714567 7685 #endif
wolfSSL 7:481bce714567 7686
wolfSSL 7:481bce714567 7687 case finished:
wolfSSL 7:481bce714567 7688 if (ssl->msgsReceived.got_finished) {
wolfSSL 7:481bce714567 7689 WOLFSSL_MSG("Duplicate Finished received");
wolfSSL 7:481bce714567 7690 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7691 }
wolfSSL 7:481bce714567 7692 ssl->msgsReceived.got_finished = 1;
wolfSSL 7:481bce714567 7693
wolfSSL 7:481bce714567 7694 if (ssl->msgsReceived.got_change_cipher == 0) {
wolfSSL 7:481bce714567 7695 WOLFSSL_MSG("Finished received before ChangeCipher");
wolfSSL 7:481bce714567 7696 return NO_CHANGE_CIPHER_E;
wolfSSL 7:481bce714567 7697 }
wolfSSL 7:481bce714567 7698
wolfSSL 7:481bce714567 7699 break;
wolfSSL 7:481bce714567 7700
wolfSSL 7:481bce714567 7701 case change_cipher_hs:
wolfSSL 7:481bce714567 7702 if (ssl->msgsReceived.got_change_cipher) {
wolfSSL 7:481bce714567 7703 WOLFSSL_MSG("Duplicate ChangeCipher received");
wolfSSL 7:481bce714567 7704 return DUPLICATE_MSG_E;
wolfSSL 7:481bce714567 7705 }
wolfSSL 7:481bce714567 7706 /* DTLS is going to ignore the CCS message if the client key
wolfSSL 7:481bce714567 7707 * exchange message wasn't received yet. */
wolfSSL 7:481bce714567 7708 if (!ssl->options.dtls)
wolfSSL 7:481bce714567 7709 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 7:481bce714567 7710
wolfSSL 7:481bce714567 7711 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7712 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 7713 if (!ssl->options.resuming &&
wolfSSL 7:481bce714567 7714 ssl->msgsReceived.got_server_hello_done == 0) {
wolfSSL 7:481bce714567 7715 WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
wolfSSL 7:481bce714567 7716 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7717 }
wolfSSL 7:481bce714567 7718 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 7719 if (ssl->expect_session_ticket) {
wolfSSL 7:481bce714567 7720 WOLFSSL_MSG("Expected session ticket missing");
wolfSSL 7:481bce714567 7721 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7722 if (ssl->options.dtls)
wolfSSL 7:481bce714567 7723 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7724 #endif
wolfSSL 7:481bce714567 7725 return SESSION_TICKET_EXPECT_E;
wolfSSL 7:481bce714567 7726 }
wolfSSL 7:481bce714567 7727 #endif
wolfSSL 7:481bce714567 7728 }
wolfSSL 7:481bce714567 7729 #endif
wolfSSL 7:481bce714567 7730 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7731 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 7732 if (!ssl->options.resuming &&
wolfSSL 7:481bce714567 7733 ssl->msgsReceived.got_client_key_exchange == 0) {
wolfSSL 7:481bce714567 7734 WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
wolfSSL 7:481bce714567 7735 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7736 }
wolfSSL 7:481bce714567 7737 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7738 if (ssl->options.verifyPeer &&
wolfSSL 7:481bce714567 7739 ssl->options.havePeerCert) {
wolfSSL 7:481bce714567 7740
wolfSSL 7:481bce714567 7741 if (!ssl->options.havePeerVerify) {
wolfSSL 7:481bce714567 7742 WOLFSSL_MSG("client didn't send cert verify");
wolfSSL 7:481bce714567 7743 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7744 if (ssl->options.dtls)
wolfSSL 7:481bce714567 7745 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7746 #endif
wolfSSL 7:481bce714567 7747 return NO_PEER_VERIFY;
wolfSSL 7:481bce714567 7748 }
wolfSSL 7:481bce714567 7749 }
wolfSSL 7:481bce714567 7750 #endif
wolfSSL 7:481bce714567 7751 }
wolfSSL 7:481bce714567 7752 #endif
wolfSSL 7:481bce714567 7753 if (ssl->options.dtls)
wolfSSL 7:481bce714567 7754 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 7:481bce714567 7755 break;
wolfSSL 7:481bce714567 7756
wolfSSL 7:481bce714567 7757 default:
wolfSSL 7:481bce714567 7758 WOLFSSL_MSG("Unknown message type");
wolfSSL 7:481bce714567 7759 return SANITY_MSG_E;
wolfSSL 7:481bce714567 7760 }
wolfSSL 7:481bce714567 7761
wolfSSL 7:481bce714567 7762 return 0;
wolfSSL 7:481bce714567 7763 }
wolfSSL 7:481bce714567 7764
wolfSSL 7:481bce714567 7765
wolfSSL 7:481bce714567 7766 static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 7767 byte type, word32 size, word32 totalSz)
wolfSSL 7:481bce714567 7768 {
wolfSSL 7:481bce714567 7769 int ret = 0;
wolfSSL 7:481bce714567 7770 word32 expectedIdx;
wolfSSL 7:481bce714567 7771
wolfSSL 7:481bce714567 7772 WOLFSSL_ENTER("DoHandShakeMsgType");
wolfSSL 7:481bce714567 7773
wolfSSL 7:481bce714567 7774 /* make sure can read the message */
wolfSSL 7:481bce714567 7775 if (*inOutIdx + size > totalSz)
wolfSSL 7:481bce714567 7776 return INCOMPLETE_DATA;
wolfSSL 7:481bce714567 7777
wolfSSL 7:481bce714567 7778 expectedIdx = *inOutIdx + size +
wolfSSL 7:481bce714567 7779 (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
wolfSSL 7:481bce714567 7780
wolfSSL 7:481bce714567 7781 /* sanity check msg received */
wolfSSL 7:481bce714567 7782 if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
wolfSSL 7:481bce714567 7783 WOLFSSL_MSG("Sanity Check on handshake message type received failed");
wolfSSL 7:481bce714567 7784 return ret;
wolfSSL 7:481bce714567 7785 }
wolfSSL 7:481bce714567 7786
wolfSSL 7:481bce714567 7787 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 7788 /* add name later, add on record and handshake header part back on */
wolfSSL 7:481bce714567 7789 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 7790 int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 7791 AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
wolfSSL 7:481bce714567 7792 size + add, ssl->heap);
wolfSSL 7:481bce714567 7793 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 7:481bce714567 7794 }
wolfSSL 7:481bce714567 7795 #endif
wolfSSL 7:481bce714567 7796
wolfSSL 7:481bce714567 7797 if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL 7:481bce714567 7798 WOLFSSL_MSG("HandShake message after handshake complete");
wolfSSL 7:481bce714567 7799 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 7800 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7801 }
wolfSSL 7:481bce714567 7802
wolfSSL 7:481bce714567 7803 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL 7:481bce714567 7804 ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL 7:481bce714567 7805 WOLFSSL_MSG("First server message not server hello");
wolfSSL 7:481bce714567 7806 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 7807 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7808 }
wolfSSL 7:481bce714567 7809
wolfSSL 7:481bce714567 7810 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
wolfSSL 7:481bce714567 7811 type == server_hello_done &&
wolfSSL 7:481bce714567 7812 ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL 7:481bce714567 7813 WOLFSSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL 7:481bce714567 7814 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 7815 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7816 }
wolfSSL 7:481bce714567 7817
wolfSSL 7:481bce714567 7818 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 7:481bce714567 7819 ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL 7:481bce714567 7820 WOLFSSL_MSG("First client message not client hello");
wolfSSL 7:481bce714567 7821 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 7822 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 7823 }
wolfSSL 7:481bce714567 7824
wolfSSL 7:481bce714567 7825 /* above checks handshake state */
wolfSSL 7:481bce714567 7826 /* hello_request not hashed */
wolfSSL 7:481bce714567 7827 /* Also, skip hashing the client_hello message here for DTLS. It will be
wolfSSL 7:481bce714567 7828 * hashed later if the DTLS cookie is correct. */
wolfSSL 7:481bce714567 7829 if (type != hello_request &&
wolfSSL 7:481bce714567 7830 !(IsDtlsNotSctpMode(ssl) && type == client_hello) &&
wolfSSL 7:481bce714567 7831 ssl->error != WC_PENDING_E) {
wolfSSL 7:481bce714567 7832 ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL 7:481bce714567 7833 if (ret != 0) return ret;
wolfSSL 7:481bce714567 7834 }
wolfSSL 7:481bce714567 7835
wolfSSL 7:481bce714567 7836 switch (type) {
wolfSSL 7:481bce714567 7837
wolfSSL 7:481bce714567 7838 case hello_request:
wolfSSL 7:481bce714567 7839 WOLFSSL_MSG("processing hello request");
wolfSSL 7:481bce714567 7840 ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL 7:481bce714567 7841 break;
wolfSSL 7:481bce714567 7842
wolfSSL 7:481bce714567 7843 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 7844 case hello_verify_request:
wolfSSL 7:481bce714567 7845 WOLFSSL_MSG("processing hello verify request");
wolfSSL 7:481bce714567 7846 ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL 7:481bce714567 7847 break;
wolfSSL 7:481bce714567 7848
wolfSSL 7:481bce714567 7849 case server_hello:
wolfSSL 7:481bce714567 7850 WOLFSSL_MSG("processing server hello");
wolfSSL 7:481bce714567 7851 ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7852 break;
wolfSSL 7:481bce714567 7853
wolfSSL 7:481bce714567 7854 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7855 case certificate_request:
wolfSSL 7:481bce714567 7856 WOLFSSL_MSG("processing certificate request");
wolfSSL 7:481bce714567 7857 ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7858 break;
wolfSSL 7:481bce714567 7859 #endif
wolfSSL 7:481bce714567 7860
wolfSSL 7:481bce714567 7861 case server_key_exchange:
wolfSSL 7:481bce714567 7862 WOLFSSL_MSG("processing server key exchange");
wolfSSL 7:481bce714567 7863 ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7864 break;
wolfSSL 7:481bce714567 7865
wolfSSL 7:481bce714567 7866 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 7867 case session_ticket:
wolfSSL 7:481bce714567 7868 WOLFSSL_MSG("processing session ticket");
wolfSSL 7:481bce714567 7869 ret = DoSessionTicket(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7870 break;
wolfSSL 7:481bce714567 7871 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 7872 #endif
wolfSSL 7:481bce714567 7873
wolfSSL 7:481bce714567 7874 #ifndef NO_CERTS
wolfSSL 7:481bce714567 7875 case certificate:
wolfSSL 7:481bce714567 7876 WOLFSSL_MSG("processing certificate");
wolfSSL 7:481bce714567 7877 ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7878 break;
wolfSSL 7:481bce714567 7879
wolfSSL 7:481bce714567 7880 case certificate_status:
wolfSSL 7:481bce714567 7881 WOLFSSL_MSG("processing certificate status");
wolfSSL 7:481bce714567 7882 ret = DoCertificateStatus(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7883 break;
wolfSSL 7:481bce714567 7884 #endif
wolfSSL 7:481bce714567 7885
wolfSSL 7:481bce714567 7886 case server_hello_done:
wolfSSL 7:481bce714567 7887 WOLFSSL_MSG("processing server hello done");
wolfSSL 7:481bce714567 7888 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 7889 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 7890 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 7891 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 7892 AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 7893 #endif
wolfSSL 7:481bce714567 7894 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 7895 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 7896 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 7897 }
wolfSSL 7:481bce714567 7898 if (ssl->options.resuming) {
wolfSSL 7:481bce714567 7899 WOLFSSL_MSG("Not resuming as thought");
wolfSSL 7:481bce714567 7900 ssl->options.resuming = 0;
wolfSSL 7:481bce714567 7901 }
wolfSSL 7:481bce714567 7902 break;
wolfSSL 7:481bce714567 7903
wolfSSL 7:481bce714567 7904 case finished:
wolfSSL 7:481bce714567 7905 WOLFSSL_MSG("processing finished");
wolfSSL 7:481bce714567 7906 ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL 7:481bce714567 7907 break;
wolfSSL 7:481bce714567 7908
wolfSSL 7:481bce714567 7909 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 7910 case client_hello:
wolfSSL 7:481bce714567 7911 WOLFSSL_MSG("processing client hello");
wolfSSL 7:481bce714567 7912 ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7913 break;
wolfSSL 7:481bce714567 7914
wolfSSL 7:481bce714567 7915 case client_key_exchange:
wolfSSL 7:481bce714567 7916 WOLFSSL_MSG("processing client key exchange");
wolfSSL 7:481bce714567 7917 ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7918 break;
wolfSSL 7:481bce714567 7919
wolfSSL 7:481bce714567 7920 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 7921 case certificate_verify:
wolfSSL 7:481bce714567 7922 WOLFSSL_MSG("processing certificate verify");
wolfSSL 7:481bce714567 7923 ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL 7:481bce714567 7924 break;
wolfSSL 7:481bce714567 7925 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 7:481bce714567 7926
wolfSSL 7:481bce714567 7927 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 7928
wolfSSL 7:481bce714567 7929 default:
wolfSSL 7:481bce714567 7930 WOLFSSL_MSG("Unknown handshake message type");
wolfSSL 7:481bce714567 7931 ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL 7:481bce714567 7932 break;
wolfSSL 7:481bce714567 7933 }
wolfSSL 7:481bce714567 7934
wolfSSL 7:481bce714567 7935 if (ret == 0 && expectedIdx != *inOutIdx) {
wolfSSL 7:481bce714567 7936 WOLFSSL_MSG("Extra data in handshake message");
wolfSSL 7:481bce714567 7937 if (!ssl->options.dtls)
wolfSSL 7:481bce714567 7938 SendAlert(ssl, alert_fatal, decode_error);
wolfSSL 7:481bce714567 7939 ret = DECODE_E;
wolfSSL 7:481bce714567 7940 }
wolfSSL 7:481bce714567 7941
wolfSSL 7:481bce714567 7942 /* if async, offset index so this msg will be processed again */
wolfSSL 7:481bce714567 7943 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 7944 *inOutIdx -= HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 7945 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 7946 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 7947 *inOutIdx -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 7948 }
wolfSSL 7:481bce714567 7949 #endif
wolfSSL 7:481bce714567 7950 }
wolfSSL 7:481bce714567 7951
wolfSSL 7:481bce714567 7952 WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL 7:481bce714567 7953 return ret;
wolfSSL 7:481bce714567 7954 }
wolfSSL 7:481bce714567 7955
wolfSSL 7:481bce714567 7956
wolfSSL 7:481bce714567 7957 static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 7958 word32 totalSz)
wolfSSL 7:481bce714567 7959 {
wolfSSL 7:481bce714567 7960 int ret = 0;
wolfSSL 7:481bce714567 7961 word32 inputLength;
wolfSSL 7:481bce714567 7962
wolfSSL 7:481bce714567 7963 WOLFSSL_ENTER("DoHandShakeMsg()");
wolfSSL 7:481bce714567 7964
wolfSSL 7:481bce714567 7965 if (ssl->arrays == NULL) {
wolfSSL 7:481bce714567 7966 byte type;
wolfSSL 7:481bce714567 7967 word32 size;
wolfSSL 7:481bce714567 7968
wolfSSL 7:481bce714567 7969 if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0)
wolfSSL 7:481bce714567 7970 return PARSE_ERROR;
wolfSSL 7:481bce714567 7971
wolfSSL 7:481bce714567 7972 return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 7:481bce714567 7973 }
wolfSSL 7:481bce714567 7974
wolfSSL 7:481bce714567 7975 inputLength = ssl->buffers.inputBuffer.length - *inOutIdx;
wolfSSL 7:481bce714567 7976
wolfSSL 7:481bce714567 7977 /* If there is a pending fragmented handshake message,
wolfSSL 7:481bce714567 7978 * pending message size will be non-zero. */
wolfSSL 7:481bce714567 7979 if (ssl->arrays->pendingMsgSz == 0) {
wolfSSL 7:481bce714567 7980 byte type;
wolfSSL 7:481bce714567 7981 word32 size;
wolfSSL 7:481bce714567 7982
wolfSSL 7:481bce714567 7983 if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
wolfSSL 7:481bce714567 7984 return PARSE_ERROR;
wolfSSL 7:481bce714567 7985
wolfSSL 7:481bce714567 7986 /* Cap the maximum size of a handshake message to something reasonable.
wolfSSL 7:481bce714567 7987 * By default is the maximum size of a certificate message assuming
wolfSSL 7:481bce714567 7988 * nine 2048-bit RSA certificates in the chain. */
wolfSSL 7:481bce714567 7989 if (size > MAX_HANDSHAKE_SZ) {
wolfSSL 7:481bce714567 7990 WOLFSSL_MSG("Handshake message too large");
wolfSSL 7:481bce714567 7991 return HANDSHAKE_SIZE_ERROR;
wolfSSL 7:481bce714567 7992 }
wolfSSL 7:481bce714567 7993
wolfSSL 7:481bce714567 7994 /* size is the size of the certificate message payload */
wolfSSL 7:481bce714567 7995 if (inputLength - HANDSHAKE_HEADER_SZ < size) {
wolfSSL 7:481bce714567 7996 ssl->arrays->pendingMsgType = type;
wolfSSL 7:481bce714567 7997 ssl->arrays->pendingMsgSz = size + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 7998 ssl->arrays->pendingMsg = (byte*)XMALLOC(size + HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 7999 ssl->heap,
wolfSSL 7:481bce714567 8000 DYNAMIC_TYPE_ARRAYS);
wolfSSL 7:481bce714567 8001 if (ssl->arrays->pendingMsg == NULL)
wolfSSL 7:481bce714567 8002 return MEMORY_E;
wolfSSL 7:481bce714567 8003 XMEMCPY(ssl->arrays->pendingMsg,
wolfSSL 7:481bce714567 8004 input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 8005 inputLength);
wolfSSL 7:481bce714567 8006 ssl->arrays->pendingMsgOffset = inputLength;
wolfSSL 7:481bce714567 8007 *inOutIdx += inputLength - HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 8008 return 0;
wolfSSL 7:481bce714567 8009 }
wolfSSL 7:481bce714567 8010
wolfSSL 7:481bce714567 8011 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 7:481bce714567 8012 }
wolfSSL 7:481bce714567 8013 else {
wolfSSL 7:481bce714567 8014 if (inputLength + ssl->arrays->pendingMsgOffset
wolfSSL 7:481bce714567 8015 > ssl->arrays->pendingMsgSz) {
wolfSSL 7:481bce714567 8016
wolfSSL 7:481bce714567 8017 return BUFFER_ERROR;
wolfSSL 7:481bce714567 8018 }
wolfSSL 7:481bce714567 8019 else {
wolfSSL 7:481bce714567 8020 XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
wolfSSL 7:481bce714567 8021 input + *inOutIdx, inputLength);
wolfSSL 7:481bce714567 8022 ssl->arrays->pendingMsgOffset += inputLength;
wolfSSL 7:481bce714567 8023 *inOutIdx += inputLength;
wolfSSL 7:481bce714567 8024 }
wolfSSL 7:481bce714567 8025
wolfSSL 7:481bce714567 8026 if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz)
wolfSSL 7:481bce714567 8027 {
wolfSSL 7:481bce714567 8028 word32 idx = 0;
wolfSSL 7:481bce714567 8029 ret = DoHandShakeMsgType(ssl,
wolfSSL 7:481bce714567 8030 ssl->arrays->pendingMsg
wolfSSL 7:481bce714567 8031 + HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 8032 &idx, ssl->arrays->pendingMsgType,
wolfSSL 7:481bce714567 8033 ssl->arrays->pendingMsgSz
wolfSSL 7:481bce714567 8034 - HANDSHAKE_HEADER_SZ,
wolfSSL 7:481bce714567 8035 ssl->arrays->pendingMsgSz);
wolfSSL 7:481bce714567 8036 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 7:481bce714567 8037 ssl->arrays->pendingMsg = NULL;
wolfSSL 7:481bce714567 8038 ssl->arrays->pendingMsgSz = 0;
wolfSSL 7:481bce714567 8039 }
wolfSSL 7:481bce714567 8040 }
wolfSSL 7:481bce714567 8041
wolfSSL 7:481bce714567 8042 WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL 7:481bce714567 8043 return ret;
wolfSSL 7:481bce714567 8044 }
wolfSSL 7:481bce714567 8045
wolfSSL 7:481bce714567 8046
wolfSSL 7:481bce714567 8047 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8048
wolfSSL 7:481bce714567 8049 static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8050 {
wolfSSL 7:481bce714567 8051 word32* window;
wolfSSL 7:481bce714567 8052 word16 cur_hi, next_hi;
wolfSSL 7:481bce714567 8053 word32 cur_lo, next_lo, diff;
wolfSSL 7:481bce714567 8054 int curLT;
wolfSSL 7:481bce714567 8055
wolfSSL 7:481bce714567 8056 if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
wolfSSL 7:481bce714567 8057 next_hi = ssl->keys.nextSeq_hi;
wolfSSL 7:481bce714567 8058 next_lo = ssl->keys.nextSeq_lo;
wolfSSL 7:481bce714567 8059 window = ssl->keys.window;
wolfSSL 7:481bce714567 8060 }
wolfSSL 7:481bce714567 8061 else if (ssl->keys.curEpoch == ssl->keys.nextEpoch - 1) {
wolfSSL 7:481bce714567 8062 next_hi = ssl->keys.prevSeq_hi;
wolfSSL 7:481bce714567 8063 next_lo = ssl->keys.prevSeq_lo;
wolfSSL 7:481bce714567 8064 window = ssl->keys.prevWindow;
wolfSSL 7:481bce714567 8065 }
wolfSSL 7:481bce714567 8066 else {
wolfSSL 7:481bce714567 8067 return 0;
wolfSSL 7:481bce714567 8068 }
wolfSSL 7:481bce714567 8069
wolfSSL 7:481bce714567 8070 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 7:481bce714567 8071 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 7:481bce714567 8072
wolfSSL 7:481bce714567 8073 /* If the difference between next and cur is > 2^32, way outside window. */
wolfSSL 7:481bce714567 8074 if ((cur_hi > next_hi + 1) || (next_hi > cur_hi + 1)) {
wolfSSL 7:481bce714567 8075 WOLFSSL_MSG("Current record from way too far in the future.");
wolfSSL 7:481bce714567 8076 return 0;
wolfSSL 7:481bce714567 8077 }
wolfSSL 7:481bce714567 8078
wolfSSL 7:481bce714567 8079 if (cur_hi == next_hi) {
wolfSSL 7:481bce714567 8080 curLT = cur_lo < next_lo;
wolfSSL 7:481bce714567 8081 diff = curLT ? next_lo - cur_lo : cur_lo - next_lo;
wolfSSL 7:481bce714567 8082 }
wolfSSL 7:481bce714567 8083 else {
wolfSSL 7:481bce714567 8084 curLT = cur_hi < next_hi;
wolfSSL 7:481bce714567 8085 diff = curLT ? cur_lo - next_lo : next_lo - cur_lo;
wolfSSL 7:481bce714567 8086 }
wolfSSL 7:481bce714567 8087
wolfSSL 7:481bce714567 8088 /* Check to see that the next value is greater than the number of messages
wolfSSL 7:481bce714567 8089 * trackable in the window, and that the difference between the next
wolfSSL 7:481bce714567 8090 * expected sequence number and the received sequence number is inside the
wolfSSL 7:481bce714567 8091 * window. */
wolfSSL 7:481bce714567 8092 if ((next_hi || next_lo > DTLS_SEQ_BITS) &&
wolfSSL 7:481bce714567 8093 curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 7:481bce714567 8094
wolfSSL 7:481bce714567 8095 WOLFSSL_MSG("Current record sequence number from the past.");
wolfSSL 7:481bce714567 8096 return 0;
wolfSSL 7:481bce714567 8097 }
wolfSSL 7:481bce714567 8098 else if (!curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 7:481bce714567 8099 WOLFSSL_MSG("Rejecting message too far into the future.");
wolfSSL 7:481bce714567 8100 return 0;
wolfSSL 7:481bce714567 8101 }
wolfSSL 7:481bce714567 8102 else if (curLT) {
wolfSSL 7:481bce714567 8103 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8104 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8105
wolfSSL 7:481bce714567 8106 if (window[idx] & (1 << (newDiff - 1))) {
wolfSSL 7:481bce714567 8107 WOLFSSL_MSG("Current record sequence number already received.");
wolfSSL 7:481bce714567 8108 return 0;
wolfSSL 7:481bce714567 8109 }
wolfSSL 7:481bce714567 8110 }
wolfSSL 7:481bce714567 8111
wolfSSL 7:481bce714567 8112 return 1;
wolfSSL 7:481bce714567 8113 }
wolfSSL 7:481bce714567 8114
wolfSSL 7:481bce714567 8115
wolfSSL 7:481bce714567 8116 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8117 {
wolfSSL 7:481bce714567 8118 word32* window;
wolfSSL 7:481bce714567 8119 word32* next_lo;
wolfSSL 7:481bce714567 8120 word16* next_hi;
wolfSSL 7:481bce714567 8121 int curLT;
wolfSSL 7:481bce714567 8122 word32 cur_lo, diff;
wolfSSL 7:481bce714567 8123 word16 cur_hi;
wolfSSL 7:481bce714567 8124
wolfSSL 7:481bce714567 8125 if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
wolfSSL 7:481bce714567 8126 next_hi = &ssl->keys.nextSeq_hi;
wolfSSL 7:481bce714567 8127 next_lo = &ssl->keys.nextSeq_lo;
wolfSSL 7:481bce714567 8128 window = ssl->keys.window;
wolfSSL 7:481bce714567 8129 }
wolfSSL 7:481bce714567 8130 else {
wolfSSL 7:481bce714567 8131 next_hi = &ssl->keys.prevSeq_hi;
wolfSSL 7:481bce714567 8132 next_lo = &ssl->keys.prevSeq_lo;
wolfSSL 7:481bce714567 8133 window = ssl->keys.prevWindow;
wolfSSL 7:481bce714567 8134 }
wolfSSL 7:481bce714567 8135
wolfSSL 7:481bce714567 8136 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 7:481bce714567 8137 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 7:481bce714567 8138
wolfSSL 7:481bce714567 8139 if (cur_hi == *next_hi) {
wolfSSL 7:481bce714567 8140 curLT = cur_lo < *next_lo;
wolfSSL 7:481bce714567 8141 diff = curLT ? *next_lo - cur_lo : cur_lo - *next_lo;
wolfSSL 7:481bce714567 8142 }
wolfSSL 7:481bce714567 8143 else {
wolfSSL 7:481bce714567 8144 curLT = cur_hi < *next_hi;
wolfSSL 7:481bce714567 8145 diff = curLT ? cur_lo - *next_lo : *next_lo - cur_lo;
wolfSSL 7:481bce714567 8146 }
wolfSSL 7:481bce714567 8147
wolfSSL 7:481bce714567 8148 if (curLT) {
wolfSSL 7:481bce714567 8149 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8150 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8151
wolfSSL 7:481bce714567 8152 if (idx < WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL 7:481bce714567 8153 window[idx] |= (1 << (newDiff - 1));
wolfSSL 7:481bce714567 8154 }
wolfSSL 7:481bce714567 8155 else {
wolfSSL 7:481bce714567 8156 if (diff >= DTLS_SEQ_BITS)
wolfSSL 7:481bce714567 8157 XMEMSET(window, 0, DTLS_SEQ_SZ);
wolfSSL 7:481bce714567 8158 else {
wolfSSL 7:481bce714567 8159 word32 idx, newDiff, temp, i;
wolfSSL 7:481bce714567 8160 word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL 7:481bce714567 8161
wolfSSL 7:481bce714567 8162 temp = 0;
wolfSSL 7:481bce714567 8163 diff++;
wolfSSL 7:481bce714567 8164 idx = diff / DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8165 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 7:481bce714567 8166
wolfSSL 7:481bce714567 8167 XMEMCPY(oldWindow, window, sizeof(oldWindow));
wolfSSL 7:481bce714567 8168
wolfSSL 7:481bce714567 8169 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 7:481bce714567 8170 if (i < idx)
wolfSSL 7:481bce714567 8171 window[i] = 0;
wolfSSL 7:481bce714567 8172 else {
wolfSSL 7:481bce714567 8173 temp |= (oldWindow[i-idx] << newDiff);
wolfSSL 7:481bce714567 8174 window[i] = temp;
wolfSSL 7:481bce714567 8175 temp = oldWindow[i-idx] >> (DTLS_WORD_BITS - newDiff);
wolfSSL 7:481bce714567 8176 }
wolfSSL 7:481bce714567 8177 }
wolfSSL 7:481bce714567 8178 }
wolfSSL 7:481bce714567 8179 window[0] |= 1;
wolfSSL 7:481bce714567 8180 *next_lo = cur_lo + 1;
wolfSSL 7:481bce714567 8181 if (*next_lo < cur_lo)
wolfSSL 7:481bce714567 8182 (*next_hi)++;
wolfSSL 7:481bce714567 8183 }
wolfSSL 7:481bce714567 8184
wolfSSL 7:481bce714567 8185 return 1;
wolfSSL 7:481bce714567 8186 }
wolfSSL 7:481bce714567 8187
wolfSSL 7:481bce714567 8188
wolfSSL 7:481bce714567 8189 static int DtlsMsgDrain(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8190 {
wolfSSL 7:481bce714567 8191 DtlsMsg* item = ssl->dtls_rx_msg_list;
wolfSSL 7:481bce714567 8192 int ret = 0;
wolfSSL 7:481bce714567 8193
wolfSSL 7:481bce714567 8194 /* While there is an item in the store list, and it is the expected
wolfSSL 7:481bce714567 8195 * message, and it is complete, and there hasn't been an error in the
wolfSSL 7:481bce714567 8196 * last messge... */
wolfSSL 7:481bce714567 8197 while (item != NULL &&
wolfSSL 7:481bce714567 8198 ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL 7:481bce714567 8199 item->fragSz == item->sz &&
wolfSSL 7:481bce714567 8200 ret == 0) {
wolfSSL 7:481bce714567 8201 word32 idx = 0;
wolfSSL 7:481bce714567 8202 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 7:481bce714567 8203 ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL 7:481bce714567 8204 &idx, item->type, item->sz, item->sz);
wolfSSL 7:481bce714567 8205 ssl->dtls_rx_msg_list = item->next;
wolfSSL 7:481bce714567 8206 DtlsMsgDelete(item, ssl->heap);
wolfSSL 7:481bce714567 8207 item = ssl->dtls_rx_msg_list;
wolfSSL 7:481bce714567 8208 ssl->dtls_rx_msg_list_sz--;
wolfSSL 7:481bce714567 8209 }
wolfSSL 7:481bce714567 8210
wolfSSL 7:481bce714567 8211 return ret;
wolfSSL 7:481bce714567 8212 }
wolfSSL 7:481bce714567 8213
wolfSSL 7:481bce714567 8214
wolfSSL 7:481bce714567 8215 static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 8216 word32 totalSz)
wolfSSL 7:481bce714567 8217 {
wolfSSL 7:481bce714567 8218 byte type;
wolfSSL 7:481bce714567 8219 word32 size;
wolfSSL 7:481bce714567 8220 word32 fragOffset, fragSz;
wolfSSL 7:481bce714567 8221 int ret = 0;
wolfSSL 7:481bce714567 8222
wolfSSL 7:481bce714567 8223 WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL 7:481bce714567 8224 if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL 7:481bce714567 8225 &size, &fragOffset, &fragSz, totalSz) != 0)
wolfSSL 7:481bce714567 8226 return PARSE_ERROR;
wolfSSL 7:481bce714567 8227
wolfSSL 7:481bce714567 8228 if (*inOutIdx + fragSz > totalSz)
wolfSSL 7:481bce714567 8229 return INCOMPLETE_DATA;
wolfSSL 7:481bce714567 8230
wolfSSL 7:481bce714567 8231 /* Check the handshake sequence number first. If out of order,
wolfSSL 7:481bce714567 8232 * add the current message to the list. If the message is in order,
wolfSSL 7:481bce714567 8233 * but it is a fragment, add the current message to the list, then
wolfSSL 7:481bce714567 8234 * check the head of the list to see if it is complete, if so, pop
wolfSSL 7:481bce714567 8235 * it out as the current message. If the message is complete and in
wolfSSL 7:481bce714567 8236 * order, process it. Check the head of the list to see if it is in
wolfSSL 7:481bce714567 8237 * order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL 7:481bce714567 8238 * head is out of order, return for more processing.
wolfSSL 7:481bce714567 8239 */
wolfSSL 7:481bce714567 8240 if (ssl->keys.dtls_peer_handshake_number >
wolfSSL 7:481bce714567 8241 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 7:481bce714567 8242 /* Current message is out of order. It will get stored in the list.
wolfSSL 7:481bce714567 8243 * Storing also takes care of defragmentation. If the messages is a
wolfSSL 7:481bce714567 8244 * client hello, we need to process this out of order; the server
wolfSSL 7:481bce714567 8245 * is not supposed to keep state, but the second client hello will
wolfSSL 7:481bce714567 8246 * have a different handshake sequence number than is expected, and
wolfSSL 7:481bce714567 8247 * the server shouldn't be expecting any particular handshake sequence
wolfSSL 7:481bce714567 8248 * number. (If the cookie changes multiple times in quick succession,
wolfSSL 7:481bce714567 8249 * the client could be sending multiple new client hello messages
wolfSSL 7:481bce714567 8250 * with newer and newer cookies.) */
wolfSSL 7:481bce714567 8251 if (type != client_hello) {
wolfSSL 7:481bce714567 8252 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 7:481bce714567 8253 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 7:481bce714567 8254 input + *inOutIdx, size, type,
wolfSSL 7:481bce714567 8255 fragOffset, fragSz, ssl->heap);
wolfSSL 7:481bce714567 8256 }
wolfSSL 7:481bce714567 8257 *inOutIdx += fragSz;
wolfSSL 7:481bce714567 8258 ret = 0;
wolfSSL 7:481bce714567 8259 }
wolfSSL 7:481bce714567 8260 else {
wolfSSL 7:481bce714567 8261 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 7:481bce714567 8262 if (ret == 0) {
wolfSSL 7:481bce714567 8263 ssl->keys.dtls_expected_peer_handshake_number =
wolfSSL 7:481bce714567 8264 ssl->keys.dtls_peer_handshake_number + 1;
wolfSSL 7:481bce714567 8265 }
wolfSSL 7:481bce714567 8266 }
wolfSSL 7:481bce714567 8267 }
wolfSSL 7:481bce714567 8268 else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL 7:481bce714567 8269 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 7:481bce714567 8270 /* Already saw this message and processed it. It can be ignored. */
wolfSSL 7:481bce714567 8271 *inOutIdx += fragSz;
wolfSSL 7:481bce714567 8272 if(type == finished ) {
wolfSSL 7:481bce714567 8273 if (*inOutIdx + ssl->keys.padSz > totalSz) {
wolfSSL 7:481bce714567 8274 return BUFFER_E;
wolfSSL 7:481bce714567 8275 }
wolfSSL 7:481bce714567 8276 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 8277 }
wolfSSL 7:481bce714567 8278 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 7:481bce714567 8279 VerifyForDtlsMsgPoolSend(ssl, type, fragOffset)) {
wolfSSL 7:481bce714567 8280
wolfSSL 7:481bce714567 8281 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 7:481bce714567 8282 }
wolfSSL 7:481bce714567 8283 }
wolfSSL 7:481bce714567 8284 else if (fragSz < size) {
wolfSSL 7:481bce714567 8285 /* Since this branch is in order, but fragmented, dtls_rx_msg_list will
wolfSSL 7:481bce714567 8286 * be pointing to the message with this fragment in it. Check it to see
wolfSSL 7:481bce714567 8287 * if it is completed. */
wolfSSL 7:481bce714567 8288 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 7:481bce714567 8289 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 7:481bce714567 8290 input + *inOutIdx, size, type,
wolfSSL 7:481bce714567 8291 fragOffset, fragSz, ssl->heap);
wolfSSL 7:481bce714567 8292 }
wolfSSL 7:481bce714567 8293 *inOutIdx += fragSz;
wolfSSL 7:481bce714567 8294 ret = 0;
wolfSSL 7:481bce714567 8295 if (ssl->dtls_rx_msg_list != NULL &&
wolfSSL 7:481bce714567 8296 ssl->dtls_rx_msg_list->fragSz >= ssl->dtls_rx_msg_list->sz)
wolfSSL 7:481bce714567 8297 ret = DtlsMsgDrain(ssl);
wolfSSL 7:481bce714567 8298 }
wolfSSL 7:481bce714567 8299 else {
wolfSSL 7:481bce714567 8300 /* This branch is in order next, and a complete message. */
wolfSSL 7:481bce714567 8301 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 7:481bce714567 8302 if (ret == 0) {
wolfSSL 7:481bce714567 8303 if (type != client_hello || !IsDtlsNotSctpMode(ssl))
wolfSSL 7:481bce714567 8304 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 7:481bce714567 8305 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 7:481bce714567 8306 ret = DtlsMsgDrain(ssl);
wolfSSL 7:481bce714567 8307 }
wolfSSL 7:481bce714567 8308 }
wolfSSL 7:481bce714567 8309 }
wolfSSL 7:481bce714567 8310
wolfSSL 7:481bce714567 8311 WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL 7:481bce714567 8312 return ret;
wolfSSL 7:481bce714567 8313 }
wolfSSL 7:481bce714567 8314 #endif
wolfSSL 7:481bce714567 8315
wolfSSL 7:481bce714567 8316
wolfSSL 7:481bce714567 8317 #ifdef HAVE_AEAD
wolfSSL 7:481bce714567 8318 static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
wolfSSL 7:481bce714567 8319 {
wolfSSL 7:481bce714567 8320 int i;
wolfSSL 7:481bce714567 8321 for (i = AEAD_MAX_EXP_SZ-1; i >= 0; i--) {
wolfSSL 7:481bce714567 8322 if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL 7:481bce714567 8323 }
wolfSSL 7:481bce714567 8324 }
wolfSSL 7:481bce714567 8325
wolfSSL 7:481bce714567 8326
wolfSSL 7:481bce714567 8327 #if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
wolfSSL 7:481bce714567 8328 /* Used for the older version of creating AEAD tags with Poly1305 */
wolfSSL 7:481bce714567 8329 static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
wolfSSL 7:481bce714567 8330 byte* cipher, word16 sz, byte* tag)
wolfSSL 7:481bce714567 8331 {
wolfSSL 7:481bce714567 8332 int ret = 0;
wolfSSL 7:481bce714567 8333 int msglen = (sz - ssl->specs.aead_mac_size);
wolfSSL 7:481bce714567 8334 word32 keySz = 32;
wolfSSL 7:481bce714567 8335 byte padding[8]; /* used to temporarily store lengths */
wolfSSL 7:481bce714567 8336
wolfSSL 7:481bce714567 8337 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8338 printf("Using old version of poly1305 input.\n");
wolfSSL 7:481bce714567 8339 #endif
wolfSSL 7:481bce714567 8340
wolfSSL 7:481bce714567 8341 if (msglen < 0)
wolfSSL 7:481bce714567 8342 return INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 8343
wolfSSL 7:481bce714567 8344 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
wolfSSL 7:481bce714567 8345 return ret;
wolfSSL 7:481bce714567 8346
wolfSSL 7:481bce714567 8347 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
wolfSSL 7:481bce714567 8348 AEAD_AUTH_DATA_SZ)) != 0)
wolfSSL 7:481bce714567 8349 return ret;
wolfSSL 7:481bce714567 8350
wolfSSL 7:481bce714567 8351 /* length of additional input plus padding */
wolfSSL 7:481bce714567 8352 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 7:481bce714567 8353 padding[0] = AEAD_AUTH_DATA_SZ;
wolfSSL 7:481bce714567 8354 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
wolfSSL 7:481bce714567 8355 sizeof(padding))) != 0)
wolfSSL 7:481bce714567 8356 return ret;
wolfSSL 7:481bce714567 8357
wolfSSL 7:481bce714567 8358
wolfSSL 7:481bce714567 8359 /* add cipher info and then its length */
wolfSSL 7:481bce714567 8360 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 7:481bce714567 8361 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
wolfSSL 7:481bce714567 8362 return ret;
wolfSSL 7:481bce714567 8363
wolfSSL 7:481bce714567 8364 /* 32 bit size of cipher to 64 bit endian */
wolfSSL 7:481bce714567 8365 padding[0] = msglen & 0xff;
wolfSSL 7:481bce714567 8366 padding[1] = (msglen >> 8) & 0xff;
wolfSSL 7:481bce714567 8367 padding[2] = (msglen >> 16) & 0xff;
wolfSSL 7:481bce714567 8368 padding[3] = (msglen >> 24) & 0xff;
wolfSSL 7:481bce714567 8369 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
wolfSSL 7:481bce714567 8370 != 0)
wolfSSL 7:481bce714567 8371 return ret;
wolfSSL 7:481bce714567 8372
wolfSSL 7:481bce714567 8373 /* generate tag */
wolfSSL 7:481bce714567 8374 if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
wolfSSL 7:481bce714567 8375 return ret;
wolfSSL 7:481bce714567 8376
wolfSSL 7:481bce714567 8377 return ret;
wolfSSL 7:481bce714567 8378 }
wolfSSL 7:481bce714567 8379
wolfSSL 7:481bce714567 8380
wolfSSL 7:481bce714567 8381 static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL 7:481bce714567 8382 word16 sz)
wolfSSL 7:481bce714567 8383 {
wolfSSL 7:481bce714567 8384 const byte* additionalSrc = input - RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 8385 int ret = 0;
wolfSSL 7:481bce714567 8386 word32 msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 7:481bce714567 8387 byte tag[POLY1305_AUTH_SZ];
wolfSSL 7:481bce714567 8388 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8389 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 7:481bce714567 8390 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
wolfSSL 7:481bce714567 8391 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8392 int i;
wolfSSL 7:481bce714567 8393 #endif
wolfSSL 7:481bce714567 8394
wolfSSL 7:481bce714567 8395 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 7:481bce714567 8396 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 7:481bce714567 8397 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 7:481bce714567 8398 XMEMSET(add, 0, sizeof(add));
wolfSSL 7:481bce714567 8399
wolfSSL 7:481bce714567 8400 if (ssl->options.oldPoly != 0) {
wolfSSL 7:481bce714567 8401 /* get nonce */
wolfSSL 7:481bce714567 8402 WriteSEQ(ssl, CUR_ORDER, nonce + CHACHA20_OLD_OFFSET);
wolfSSL 7:481bce714567 8403 }
wolfSSL 7:481bce714567 8404
wolfSSL 7:481bce714567 8405 /* opaque SEQ number stored for AD */
wolfSSL 7:481bce714567 8406 WriteSEQ(ssl, CUR_ORDER, add);
wolfSSL 7:481bce714567 8407
wolfSSL 7:481bce714567 8408 /* Store the type, version. Unfortunately, they are in
wolfSSL 7:481bce714567 8409 * the input buffer ahead of the plaintext. */
wolfSSL 7:481bce714567 8410 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8411 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 8412 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 8413 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 8414 }
wolfSSL 7:481bce714567 8415 #endif
wolfSSL 7:481bce714567 8416
wolfSSL 7:481bce714567 8417 /* add TLS message size to additional data */
wolfSSL 7:481bce714567 8418 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 7:481bce714567 8419 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 7:481bce714567 8420
wolfSSL 7:481bce714567 8421 XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL 7:481bce714567 8422
wolfSSL 7:481bce714567 8423 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8424 printf("Encrypt Additional : ");
wolfSSL 7:481bce714567 8425 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 7:481bce714567 8426 printf("%02x", add[i]);
wolfSSL 7:481bce714567 8427 }
wolfSSL 7:481bce714567 8428 printf("\n\n");
wolfSSL 7:481bce714567 8429 printf("input before encryption :\n");
wolfSSL 7:481bce714567 8430 for (i = 0; i < sz; i++) {
wolfSSL 7:481bce714567 8431 printf("%02x", input[i]);
wolfSSL 7:481bce714567 8432 if ((i + 1) % 16 == 0)
wolfSSL 7:481bce714567 8433 printf("\n");
wolfSSL 7:481bce714567 8434 }
wolfSSL 7:481bce714567 8435 printf("\n");
wolfSSL 7:481bce714567 8436 #endif
wolfSSL 7:481bce714567 8437
wolfSSL 7:481bce714567 8438 if (ssl->options.oldPoly == 0) {
wolfSSL 7:481bce714567 8439 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 7:481bce714567 8440 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 7:481bce714567 8441 XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 7:481bce714567 8442 nonce[4] ^= add[0];
wolfSSL 7:481bce714567 8443 nonce[5] ^= add[1];
wolfSSL 7:481bce714567 8444 nonce[6] ^= add[2];
wolfSSL 7:481bce714567 8445 nonce[7] ^= add[3];
wolfSSL 7:481bce714567 8446 nonce[8] ^= add[4];
wolfSSL 7:481bce714567 8447 nonce[9] ^= add[5];
wolfSSL 7:481bce714567 8448 nonce[10] ^= add[6];
wolfSSL 7:481bce714567 8449 nonce[11] ^= add[7];
wolfSSL 7:481bce714567 8450 }
wolfSSL 7:481bce714567 8451
wolfSSL 7:481bce714567 8452 /* set the nonce for chacha and get poly1305 key */
wolfSSL 7:481bce714567 8453 if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) {
wolfSSL 7:481bce714567 8454 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 7:481bce714567 8455 return ret;
wolfSSL 7:481bce714567 8456 }
wolfSSL 7:481bce714567 8457
wolfSSL 7:481bce714567 8458 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 7:481bce714567 8459 /* create Poly1305 key using chacha20 keystream */
wolfSSL 7:481bce714567 8460 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, poly,
wolfSSL 7:481bce714567 8461 poly, sizeof(poly))) != 0)
wolfSSL 7:481bce714567 8462 return ret;
wolfSSL 7:481bce714567 8463
wolfSSL 7:481bce714567 8464 /* encrypt the plain text */
wolfSSL 7:481bce714567 8465 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out,
wolfSSL 7:481bce714567 8466 input, msgLen)) != 0) {
wolfSSL 7:481bce714567 8467 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8468 return ret;
wolfSSL 7:481bce714567 8469 }
wolfSSL 7:481bce714567 8470
wolfSSL 7:481bce714567 8471 /* get the poly1305 tag using either old padding scheme or more recent */
wolfSSL 7:481bce714567 8472 if (ssl->options.oldPoly != 0) {
wolfSSL 7:481bce714567 8473 if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
wolfSSL 7:481bce714567 8474 poly, sz, tag)) != 0) {
wolfSSL 7:481bce714567 8475 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8476 return ret;
wolfSSL 7:481bce714567 8477 }
wolfSSL 7:481bce714567 8478 }
wolfSSL 7:481bce714567 8479 else {
wolfSSL 7:481bce714567 8480 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 7:481bce714567 8481 sizeof(poly))) != 0) {
wolfSSL 7:481bce714567 8482 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8483 return ret;
wolfSSL 7:481bce714567 8484 }
wolfSSL 7:481bce714567 8485 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 7:481bce714567 8486 sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 7:481bce714567 8487 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8488 return ret;
wolfSSL 7:481bce714567 8489 }
wolfSSL 7:481bce714567 8490 }
wolfSSL 7:481bce714567 8491 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 7:481bce714567 8492
wolfSSL 7:481bce714567 8493 /* append tag to ciphertext */
wolfSSL 7:481bce714567 8494 XMEMCPY(out + msgLen, tag, sizeof(tag));
wolfSSL 7:481bce714567 8495
wolfSSL 7:481bce714567 8496 AeadIncrementExpIV(ssl);
wolfSSL 7:481bce714567 8497
wolfSSL 7:481bce714567 8498 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8499 printf("mac tag :\n");
wolfSSL 7:481bce714567 8500 for (i = 0; i < 16; i++) {
wolfSSL 7:481bce714567 8501 printf("%02x", tag[i]);
wolfSSL 7:481bce714567 8502 if ((i + 1) % 16 == 0)
wolfSSL 7:481bce714567 8503 printf("\n");
wolfSSL 7:481bce714567 8504 }
wolfSSL 7:481bce714567 8505 printf("\n\noutput after encrypt :\n");
wolfSSL 7:481bce714567 8506 for (i = 0; i < sz; i++) {
wolfSSL 7:481bce714567 8507 printf("%02x", out[i]);
wolfSSL 7:481bce714567 8508 if ((i + 1) % 16 == 0)
wolfSSL 7:481bce714567 8509 printf("\n");
wolfSSL 7:481bce714567 8510 }
wolfSSL 7:481bce714567 8511 printf("\n");
wolfSSL 7:481bce714567 8512 #endif
wolfSSL 7:481bce714567 8513
wolfSSL 7:481bce714567 8514 return ret;
wolfSSL 7:481bce714567 8515 }
wolfSSL 7:481bce714567 8516
wolfSSL 7:481bce714567 8517
wolfSSL 7:481bce714567 8518 static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 7:481bce714567 8519 word16 sz)
wolfSSL 7:481bce714567 8520 {
wolfSSL 7:481bce714567 8521 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8522 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 7:481bce714567 8523 byte tag[POLY1305_AUTH_SZ];
wolfSSL 7:481bce714567 8524 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
wolfSSL 7:481bce714567 8525 int ret = 0;
wolfSSL 7:481bce714567 8526 int msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 7:481bce714567 8527
wolfSSL 7:481bce714567 8528 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8529 int i;
wolfSSL 7:481bce714567 8530 printf("input before decrypt :\n");
wolfSSL 7:481bce714567 8531 for (i = 0; i < sz; i++) {
wolfSSL 7:481bce714567 8532 printf("%02x", input[i]);
wolfSSL 7:481bce714567 8533 if ((i + 1) % 16 == 0)
wolfSSL 7:481bce714567 8534 printf("\n");
wolfSSL 7:481bce714567 8535 }
wolfSSL 7:481bce714567 8536 printf("\n");
wolfSSL 7:481bce714567 8537 #endif
wolfSSL 7:481bce714567 8538
wolfSSL 7:481bce714567 8539 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 7:481bce714567 8540 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 7:481bce714567 8541 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 7:481bce714567 8542 XMEMSET(add, 0, sizeof(add));
wolfSSL 7:481bce714567 8543
wolfSSL 7:481bce714567 8544 if (ssl->options.oldPoly != 0) {
wolfSSL 7:481bce714567 8545 /* get nonce */
wolfSSL 7:481bce714567 8546 WriteSEQ(ssl, PEER_ORDER, nonce + CHACHA20_OLD_OFFSET);
wolfSSL 7:481bce714567 8547 }
wolfSSL 7:481bce714567 8548
wolfSSL 7:481bce714567 8549 /* sequence number field is 64-bits */
wolfSSL 7:481bce714567 8550 WriteSEQ(ssl, PEER_ORDER, add);
wolfSSL 7:481bce714567 8551
wolfSSL 7:481bce714567 8552 /* get AD info */
wolfSSL 7:481bce714567 8553 /* Store the type, version. */
wolfSSL 7:481bce714567 8554 add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 7:481bce714567 8555 add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 7:481bce714567 8556 add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 7:481bce714567 8557
wolfSSL 7:481bce714567 8558 /* add TLS message size to additional data */
wolfSSL 7:481bce714567 8559 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 7:481bce714567 8560 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 7:481bce714567 8561
wolfSSL 7:481bce714567 8562 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8563 printf("Decrypt Additional : ");
wolfSSL 7:481bce714567 8564 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 7:481bce714567 8565 printf("%02x", add[i]);
wolfSSL 7:481bce714567 8566 }
wolfSSL 7:481bce714567 8567 printf("\n\n");
wolfSSL 7:481bce714567 8568 #endif
wolfSSL 7:481bce714567 8569
wolfSSL 7:481bce714567 8570 if (ssl->options.oldPoly == 0) {
wolfSSL 7:481bce714567 8571 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 7:481bce714567 8572 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 7:481bce714567 8573 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 7:481bce714567 8574 nonce[4] ^= add[0];
wolfSSL 7:481bce714567 8575 nonce[5] ^= add[1];
wolfSSL 7:481bce714567 8576 nonce[6] ^= add[2];
wolfSSL 7:481bce714567 8577 nonce[7] ^= add[3];
wolfSSL 7:481bce714567 8578 nonce[8] ^= add[4];
wolfSSL 7:481bce714567 8579 nonce[9] ^= add[5];
wolfSSL 7:481bce714567 8580 nonce[10] ^= add[6];
wolfSSL 7:481bce714567 8581 nonce[11] ^= add[7];
wolfSSL 7:481bce714567 8582 }
wolfSSL 7:481bce714567 8583
wolfSSL 7:481bce714567 8584 /* set nonce and get poly1305 key */
wolfSSL 7:481bce714567 8585 if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) {
wolfSSL 7:481bce714567 8586 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 7:481bce714567 8587 return ret;
wolfSSL 7:481bce714567 8588 }
wolfSSL 7:481bce714567 8589
wolfSSL 7:481bce714567 8590 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 7:481bce714567 8591 /* use chacha20 keystream to get poly1305 key for tag */
wolfSSL 7:481bce714567 8592 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, poly,
wolfSSL 7:481bce714567 8593 poly, sizeof(poly))) != 0)
wolfSSL 7:481bce714567 8594 return ret;
wolfSSL 7:481bce714567 8595
wolfSSL 7:481bce714567 8596 /* get the tag using Poly1305 */
wolfSSL 7:481bce714567 8597 if (ssl->options.oldPoly != 0) {
wolfSSL 7:481bce714567 8598 if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
wolfSSL 7:481bce714567 8599 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8600 return ret;
wolfSSL 7:481bce714567 8601 }
wolfSSL 7:481bce714567 8602 }
wolfSSL 7:481bce714567 8603 else {
wolfSSL 7:481bce714567 8604 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 7:481bce714567 8605 sizeof(poly))) != 0) {
wolfSSL 7:481bce714567 8606 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8607 return ret;
wolfSSL 7:481bce714567 8608 }
wolfSSL 7:481bce714567 8609 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 7:481bce714567 8610 sizeof(add), (byte*)input, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 7:481bce714567 8611 ForceZero(poly, sizeof(poly));
wolfSSL 7:481bce714567 8612 return ret;
wolfSSL 7:481bce714567 8613 }
wolfSSL 7:481bce714567 8614 }
wolfSSL 7:481bce714567 8615 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 7:481bce714567 8616
wolfSSL 7:481bce714567 8617 /* check tag sent along with packet */
wolfSSL 7:481bce714567 8618 if (ConstantCompare(input + msgLen, tag, ssl->specs.aead_mac_size) != 0) {
wolfSSL 7:481bce714567 8619 WOLFSSL_MSG("MAC did not match");
wolfSSL 7:481bce714567 8620 if (!ssl->options.dtls)
wolfSSL 7:481bce714567 8621 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 7:481bce714567 8622 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 8623 }
wolfSSL 7:481bce714567 8624
wolfSSL 7:481bce714567 8625 /* if the tag was good decrypt message */
wolfSSL 7:481bce714567 8626 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
wolfSSL 7:481bce714567 8627 input, msgLen)) != 0)
wolfSSL 7:481bce714567 8628 return ret;
wolfSSL 7:481bce714567 8629
wolfSSL 7:481bce714567 8630 #ifdef CHACHA_AEAD_TEST
wolfSSL 7:481bce714567 8631 printf("plain after decrypt :\n");
wolfSSL 7:481bce714567 8632 for (i = 0; i < sz; i++) {
wolfSSL 7:481bce714567 8633 printf("%02x", plain[i]);
wolfSSL 7:481bce714567 8634 if ((i + 1) % 16 == 0)
wolfSSL 7:481bce714567 8635 printf("\n");
wolfSSL 7:481bce714567 8636 }
wolfSSL 7:481bce714567 8637 printf("\n");
wolfSSL 7:481bce714567 8638 #endif
wolfSSL 7:481bce714567 8639
wolfSSL 7:481bce714567 8640 return ret;
wolfSSL 7:481bce714567 8641 }
wolfSSL 7:481bce714567 8642 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL 7:481bce714567 8643 #endif /* HAVE_AEAD */
wolfSSL 7:481bce714567 8644
wolfSSL 7:481bce714567 8645
wolfSSL 7:481bce714567 8646 static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
wolfSSL 7:481bce714567 8647 {
wolfSSL 7:481bce714567 8648 int ret = 0;
wolfSSL 7:481bce714567 8649
wolfSSL 7:481bce714567 8650 (void)out;
wolfSSL 7:481bce714567 8651 (void)input;
wolfSSL 7:481bce714567 8652 (void)sz;
wolfSSL 7:481bce714567 8653
wolfSSL 7:481bce714567 8654 if (ssl->encrypt.setup == 0) {
wolfSSL 7:481bce714567 8655 WOLFSSL_MSG("Encrypt ciphers not setup");
wolfSSL 7:481bce714567 8656 return ENCRYPT_ERROR;
wolfSSL 7:481bce714567 8657 }
wolfSSL 7:481bce714567 8658
wolfSSL 7:481bce714567 8659 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 8660 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 8661 ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 8662 #endif
wolfSSL 7:481bce714567 8663
wolfSSL 7:481bce714567 8664 switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL 7:481bce714567 8665 #ifdef BUILD_ARC4
wolfSSL 7:481bce714567 8666 case wolfssl_rc4:
wolfSSL 7:481bce714567 8667 wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL 7:481bce714567 8668 break;
wolfSSL 7:481bce714567 8669 #endif
wolfSSL 7:481bce714567 8670
wolfSSL 7:481bce714567 8671 #ifdef BUILD_DES3
wolfSSL 7:481bce714567 8672 case wolfssl_triple_des:
wolfSSL 7:481bce714567 8673 ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL 7:481bce714567 8674 break;
wolfSSL 7:481bce714567 8675 #endif
wolfSSL 7:481bce714567 8676
wolfSSL 7:481bce714567 8677 #ifdef BUILD_AES
wolfSSL 7:481bce714567 8678 case wolfssl_aes:
wolfSSL 7:481bce714567 8679 ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL 7:481bce714567 8680 break;
wolfSSL 7:481bce714567 8681 #endif
wolfSSL 7:481bce714567 8682
wolfSSL 7:481bce714567 8683 #ifdef BUILD_AESGCM
wolfSSL 7:481bce714567 8684 case wolfssl_aes_gcm:
wolfSSL 7:481bce714567 8685 {
wolfSSL 7:481bce714567 8686 byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8687 byte nonce[AESGCM_NONCE_SZ];
wolfSSL 7:481bce714567 8688 const byte* additionalSrc = input - 5;
wolfSSL 7:481bce714567 8689
wolfSSL 7:481bce714567 8690 XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8691
wolfSSL 7:481bce714567 8692 /* sequence number field is 64-bits */
wolfSSL 7:481bce714567 8693 WriteSEQ(ssl, CUR_ORDER, additional);
wolfSSL 7:481bce714567 8694
wolfSSL 7:481bce714567 8695 /* Store the type, version. Unfortunately, they are in
wolfSSL 7:481bce714567 8696 * the input buffer ahead of the plaintext. */
wolfSSL 7:481bce714567 8697 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8698 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 8699 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 8700 }
wolfSSL 7:481bce714567 8701 #endif
wolfSSL 7:481bce714567 8702 XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL 7:481bce714567 8703
wolfSSL 7:481bce714567 8704 /* Store the length of the plain text minus the explicit
wolfSSL 7:481bce714567 8705 * IV length minus the authentication tag size. */
wolfSSL 7:481bce714567 8706 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8707 additional + AEAD_LEN_OFFSET);
wolfSSL 7:481bce714567 8708 XMEMCPY(nonce,
wolfSSL 7:481bce714567 8709 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 7:481bce714567 8710 XMEMCPY(nonce + AESGCM_IMP_IV_SZ,
wolfSSL 7:481bce714567 8711 ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 7:481bce714567 8712 ret = wc_AesGcmEncrypt(ssl->encrypt.aes,
wolfSSL 7:481bce714567 8713 out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8714 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8715 nonce, AESGCM_NONCE_SZ,
wolfSSL 7:481bce714567 8716 out + sz - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8717 ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8718 additional, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8719 AeadIncrementExpIV(ssl);
wolfSSL 7:481bce714567 8720 ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL 7:481bce714567 8721 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8722 if (ssl->options.dtls)
wolfSSL 7:481bce714567 8723 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 8724 #endif
wolfSSL 7:481bce714567 8725 }
wolfSSL 7:481bce714567 8726 break;
wolfSSL 7:481bce714567 8727 #endif
wolfSSL 7:481bce714567 8728
wolfSSL 7:481bce714567 8729 #ifdef HAVE_AESCCM
wolfSSL 7:481bce714567 8730 /* AEAD CCM uses same size as macros for AESGCM */
wolfSSL 7:481bce714567 8731 case wolfssl_aes_ccm:
wolfSSL 7:481bce714567 8732 {
wolfSSL 7:481bce714567 8733 byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8734 byte nonce[AESGCM_NONCE_SZ];
wolfSSL 7:481bce714567 8735 const byte* additionalSrc = input - 5;
wolfSSL 7:481bce714567 8736
wolfSSL 7:481bce714567 8737 XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8738
wolfSSL 7:481bce714567 8739 /* sequence number field is 64-bits */
wolfSSL 7:481bce714567 8740 WriteSEQ(ssl, CUR_ORDER, additional);
wolfSSL 7:481bce714567 8741
wolfSSL 7:481bce714567 8742 /* Store the type, version. Unfortunately, they are in
wolfSSL 7:481bce714567 8743 * the input buffer ahead of the plaintext. */
wolfSSL 7:481bce714567 8744 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8745 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 8746 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 8747 }
wolfSSL 7:481bce714567 8748 #endif
wolfSSL 7:481bce714567 8749 XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL 7:481bce714567 8750
wolfSSL 7:481bce714567 8751 /* Store the length of the plain text minus the explicit
wolfSSL 7:481bce714567 8752 * IV length minus the authentication tag size. */
wolfSSL 7:481bce714567 8753 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8754 additional + AEAD_LEN_OFFSET);
wolfSSL 7:481bce714567 8755 XMEMCPY(nonce,
wolfSSL 7:481bce714567 8756 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 7:481bce714567 8757 XMEMCPY(nonce + AESGCM_IMP_IV_SZ,
wolfSSL 7:481bce714567 8758 ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 7:481bce714567 8759 ret = wc_AesCcmEncrypt(ssl->encrypt.aes,
wolfSSL 7:481bce714567 8760 out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8761 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8762 nonce, AESGCM_NONCE_SZ,
wolfSSL 7:481bce714567 8763 out + sz - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8764 ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8765 additional, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8766 AeadIncrementExpIV(ssl);
wolfSSL 7:481bce714567 8767 ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL 7:481bce714567 8768 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 8769 if (ssl->options.dtls)
wolfSSL 7:481bce714567 8770 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 8771 #endif
wolfSSL 7:481bce714567 8772 }
wolfSSL 7:481bce714567 8773 break;
wolfSSL 7:481bce714567 8774 #endif
wolfSSL 7:481bce714567 8775
wolfSSL 7:481bce714567 8776 #ifdef HAVE_CAMELLIA
wolfSSL 7:481bce714567 8777 case wolfssl_camellia:
wolfSSL 7:481bce714567 8778 wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL 7:481bce714567 8779 break;
wolfSSL 7:481bce714567 8780 #endif
wolfSSL 7:481bce714567 8781
wolfSSL 7:481bce714567 8782 #ifdef HAVE_HC128
wolfSSL 7:481bce714567 8783 case wolfssl_hc128:
wolfSSL 7:481bce714567 8784 ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL 7:481bce714567 8785 break;
wolfSSL 7:481bce714567 8786 #endif
wolfSSL 7:481bce714567 8787
wolfSSL 7:481bce714567 8788 #ifdef BUILD_RABBIT
wolfSSL 7:481bce714567 8789 case wolfssl_rabbit:
wolfSSL 7:481bce714567 8790 ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL 7:481bce714567 8791 break;
wolfSSL 7:481bce714567 8792 #endif
wolfSSL 7:481bce714567 8793
wolfSSL 7:481bce714567 8794 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 7:481bce714567 8795 case wolfssl_chacha:
wolfSSL 7:481bce714567 8796 ret = ChachaAEADEncrypt(ssl, out, input, sz);
wolfSSL 7:481bce714567 8797 break;
wolfSSL 7:481bce714567 8798 #endif
wolfSSL 7:481bce714567 8799
wolfSSL 7:481bce714567 8800 #ifdef HAVE_NULL_CIPHER
wolfSSL 7:481bce714567 8801 case wolfssl_cipher_null:
wolfSSL 7:481bce714567 8802 if (input != out) {
wolfSSL 7:481bce714567 8803 XMEMMOVE(out, input, sz);
wolfSSL 7:481bce714567 8804 }
wolfSSL 7:481bce714567 8805 break;
wolfSSL 7:481bce714567 8806 #endif
wolfSSL 7:481bce714567 8807
wolfSSL 7:481bce714567 8808 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 8809 case wolfssl_idea:
wolfSSL 7:481bce714567 8810 ret = wc_IdeaCbcEncrypt(ssl->encrypt.idea, out, input, sz);
wolfSSL 7:481bce714567 8811 break;
wolfSSL 7:481bce714567 8812 #endif
wolfSSL 7:481bce714567 8813
wolfSSL 7:481bce714567 8814 default:
wolfSSL 7:481bce714567 8815 WOLFSSL_MSG("wolfSSL Encrypt programming error");
wolfSSL 7:481bce714567 8816 ret = ENCRYPT_ERROR;
wolfSSL 7:481bce714567 8817 }
wolfSSL 7:481bce714567 8818
wolfSSL 7:481bce714567 8819 return ret;
wolfSSL 7:481bce714567 8820 }
wolfSSL 7:481bce714567 8821
wolfSSL 7:481bce714567 8822
wolfSSL 7:481bce714567 8823
wolfSSL 7:481bce714567 8824 static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 7:481bce714567 8825 word16 sz)
wolfSSL 7:481bce714567 8826 {
wolfSSL 7:481bce714567 8827 int ret = 0;
wolfSSL 7:481bce714567 8828
wolfSSL 7:481bce714567 8829 (void)plain;
wolfSSL 7:481bce714567 8830 (void)input;
wolfSSL 7:481bce714567 8831 (void)sz;
wolfSSL 7:481bce714567 8832
wolfSSL 7:481bce714567 8833 if (ssl->decrypt.setup == 0) {
wolfSSL 7:481bce714567 8834 WOLFSSL_MSG("Decrypt ciphers not setup");
wolfSSL 7:481bce714567 8835 return DECRYPT_ERROR;
wolfSSL 7:481bce714567 8836 }
wolfSSL 7:481bce714567 8837
wolfSSL 7:481bce714567 8838 switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL 7:481bce714567 8839 #ifdef BUILD_ARC4
wolfSSL 7:481bce714567 8840 case wolfssl_rc4:
wolfSSL 7:481bce714567 8841 wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL 7:481bce714567 8842 break;
wolfSSL 7:481bce714567 8843 #endif
wolfSSL 7:481bce714567 8844
wolfSSL 7:481bce714567 8845 #ifdef BUILD_DES3
wolfSSL 7:481bce714567 8846 case wolfssl_triple_des:
wolfSSL 7:481bce714567 8847 ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL 7:481bce714567 8848 break;
wolfSSL 7:481bce714567 8849 #endif
wolfSSL 7:481bce714567 8850
wolfSSL 7:481bce714567 8851 #ifdef BUILD_AES
wolfSSL 7:481bce714567 8852 case wolfssl_aes:
wolfSSL 7:481bce714567 8853 ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL 7:481bce714567 8854 break;
wolfSSL 7:481bce714567 8855 #endif
wolfSSL 7:481bce714567 8856
wolfSSL 7:481bce714567 8857 #ifdef BUILD_AESGCM
wolfSSL 7:481bce714567 8858 case wolfssl_aes_gcm:
wolfSSL 7:481bce714567 8859 {
wolfSSL 7:481bce714567 8860 byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8861 byte nonce[AESGCM_NONCE_SZ];
wolfSSL 7:481bce714567 8862
wolfSSL 7:481bce714567 8863 XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8864
wolfSSL 7:481bce714567 8865 /* sequence number field is 64-bits */
wolfSSL 7:481bce714567 8866 WriteSEQ(ssl, PEER_ORDER, additional);
wolfSSL 7:481bce714567 8867
wolfSSL 7:481bce714567 8868 additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 7:481bce714567 8869 additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 7:481bce714567 8870 additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 7:481bce714567 8871
wolfSSL 7:481bce714567 8872 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8873 additional + AEAD_LEN_OFFSET);
wolfSSL 7:481bce714567 8874 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 7:481bce714567 8875 XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL 7:481bce714567 8876 if (wc_AesGcmDecrypt(ssl->decrypt.aes,
wolfSSL 7:481bce714567 8877 plain + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8878 input + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8879 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8880 nonce, AESGCM_NONCE_SZ,
wolfSSL 7:481bce714567 8881 input + sz - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8882 ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8883 additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL 7:481bce714567 8884 if (!ssl->options.dtls)
wolfSSL 7:481bce714567 8885 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 7:481bce714567 8886 ret = VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 8887 }
wolfSSL 7:481bce714567 8888 ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL 7:481bce714567 8889 }
wolfSSL 7:481bce714567 8890 break;
wolfSSL 7:481bce714567 8891 #endif
wolfSSL 7:481bce714567 8892
wolfSSL 7:481bce714567 8893 #ifdef HAVE_AESCCM
wolfSSL 7:481bce714567 8894 /* AESGCM AEAD macros use same size as AESCCM */
wolfSSL 7:481bce714567 8895 case wolfssl_aes_ccm:
wolfSSL 7:481bce714567 8896 {
wolfSSL 7:481bce714567 8897 byte additional[AEAD_AUTH_DATA_SZ];
wolfSSL 7:481bce714567 8898 byte nonce[AESGCM_NONCE_SZ];
wolfSSL 7:481bce714567 8899
wolfSSL 7:481bce714567 8900 XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 7:481bce714567 8901
wolfSSL 7:481bce714567 8902 /* sequence number field is 64-bits */
wolfSSL 7:481bce714567 8903 WriteSEQ(ssl, PEER_ORDER, additional);
wolfSSL 7:481bce714567 8904
wolfSSL 7:481bce714567 8905 additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 7:481bce714567 8906 additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 7:481bce714567 8907 additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 7:481bce714567 8908
wolfSSL 7:481bce714567 8909 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8910 additional + AEAD_LEN_OFFSET);
wolfSSL 7:481bce714567 8911 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 7:481bce714567 8912 XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL 7:481bce714567 8913 if (wc_AesCcmDecrypt(ssl->decrypt.aes,
wolfSSL 7:481bce714567 8914 plain + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8915 input + AESGCM_EXP_IV_SZ,
wolfSSL 7:481bce714567 8916 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8917 nonce, AESGCM_NONCE_SZ,
wolfSSL 7:481bce714567 8918 input + sz - ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8919 ssl->specs.aead_mac_size,
wolfSSL 7:481bce714567 8920 additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL 7:481bce714567 8921 if (!ssl->options.dtls)
wolfSSL 7:481bce714567 8922 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 7:481bce714567 8923 ret = VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 8924 }
wolfSSL 7:481bce714567 8925 ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL 7:481bce714567 8926 }
wolfSSL 7:481bce714567 8927 break;
wolfSSL 7:481bce714567 8928 #endif
wolfSSL 7:481bce714567 8929
wolfSSL 7:481bce714567 8930 #ifdef HAVE_CAMELLIA
wolfSSL 7:481bce714567 8931 case wolfssl_camellia:
wolfSSL 7:481bce714567 8932 wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL 7:481bce714567 8933 break;
wolfSSL 7:481bce714567 8934 #endif
wolfSSL 7:481bce714567 8935
wolfSSL 7:481bce714567 8936 #ifdef HAVE_HC128
wolfSSL 7:481bce714567 8937 case wolfssl_hc128:
wolfSSL 7:481bce714567 8938 ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL 7:481bce714567 8939 break;
wolfSSL 7:481bce714567 8940 #endif
wolfSSL 7:481bce714567 8941
wolfSSL 7:481bce714567 8942 #ifdef BUILD_RABBIT
wolfSSL 7:481bce714567 8943 case wolfssl_rabbit:
wolfSSL 7:481bce714567 8944 ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL 7:481bce714567 8945 break;
wolfSSL 7:481bce714567 8946 #endif
wolfSSL 7:481bce714567 8947
wolfSSL 7:481bce714567 8948 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 7:481bce714567 8949 case wolfssl_chacha:
wolfSSL 7:481bce714567 8950 ret = ChachaAEADDecrypt(ssl, plain, input, sz);
wolfSSL 7:481bce714567 8951 break;
wolfSSL 7:481bce714567 8952 #endif
wolfSSL 7:481bce714567 8953
wolfSSL 7:481bce714567 8954 #ifdef HAVE_NULL_CIPHER
wolfSSL 7:481bce714567 8955 case wolfssl_cipher_null:
wolfSSL 7:481bce714567 8956 if (input != plain) {
wolfSSL 7:481bce714567 8957 XMEMMOVE(plain, input, sz);
wolfSSL 7:481bce714567 8958 }
wolfSSL 7:481bce714567 8959 break;
wolfSSL 7:481bce714567 8960 #endif
wolfSSL 7:481bce714567 8961
wolfSSL 7:481bce714567 8962 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 8963 case wolfssl_idea:
wolfSSL 7:481bce714567 8964 ret = wc_IdeaCbcDecrypt(ssl->decrypt.idea, plain, input, sz);
wolfSSL 7:481bce714567 8965 break;
wolfSSL 7:481bce714567 8966 #endif
wolfSSL 7:481bce714567 8967
wolfSSL 7:481bce714567 8968 default:
wolfSSL 7:481bce714567 8969 WOLFSSL_MSG("wolfSSL Decrypt programming error");
wolfSSL 7:481bce714567 8970 ret = DECRYPT_ERROR;
wolfSSL 7:481bce714567 8971 }
wolfSSL 7:481bce714567 8972
wolfSSL 7:481bce714567 8973 return ret;
wolfSSL 7:481bce714567 8974 }
wolfSSL 7:481bce714567 8975
wolfSSL 7:481bce714567 8976
wolfSSL 7:481bce714567 8977 /* check cipher text size for sanity */
wolfSSL 7:481bce714567 8978 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
wolfSSL 7:481bce714567 8979 {
wolfSSL 7:481bce714567 8980 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 8981 word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 7:481bce714567 8982 : ssl->specs.hash_size;
wolfSSL 7:481bce714567 8983 #else
wolfSSL 7:481bce714567 8984 word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL 7:481bce714567 8985 #endif
wolfSSL 7:481bce714567 8986
wolfSSL 7:481bce714567 8987 if (ssl->specs.cipher_type == block) {
wolfSSL 7:481bce714567 8988 if (encryptSz % ssl->specs.block_size) {
wolfSSL 7:481bce714567 8989 WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL 7:481bce714567 8990 return SANITY_CIPHER_E;
wolfSSL 7:481bce714567 8991 }
wolfSSL 7:481bce714567 8992
wolfSSL 7:481bce714567 8993 minLength++; /* pad byte */
wolfSSL 7:481bce714567 8994
wolfSSL 7:481bce714567 8995 if (ssl->specs.block_size > minLength)
wolfSSL 7:481bce714567 8996 minLength = ssl->specs.block_size;
wolfSSL 7:481bce714567 8997
wolfSSL 7:481bce714567 8998 if (ssl->options.tls1_1)
wolfSSL 7:481bce714567 8999 minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL 7:481bce714567 9000 }
wolfSSL 7:481bce714567 9001 else if (ssl->specs.cipher_type == aead) {
wolfSSL 7:481bce714567 9002 minLength = ssl->specs.aead_mac_size; /* authTag size */
wolfSSL 7:481bce714567 9003 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 7:481bce714567 9004 minLength += AESGCM_EXP_IV_SZ; /* explicit IV */
wolfSSL 7:481bce714567 9005 }
wolfSSL 7:481bce714567 9006
wolfSSL 7:481bce714567 9007 if (encryptSz < minLength) {
wolfSSL 7:481bce714567 9008 WOLFSSL_MSG("Ciphertext not minimum size");
wolfSSL 7:481bce714567 9009 return SANITY_CIPHER_E;
wolfSSL 7:481bce714567 9010 }
wolfSSL 7:481bce714567 9011
wolfSSL 7:481bce714567 9012 return 0;
wolfSSL 7:481bce714567 9013 }
wolfSSL 7:481bce714567 9014
wolfSSL 7:481bce714567 9015
wolfSSL 7:481bce714567 9016 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 9017
wolfSSL 7:481bce714567 9018 static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9019 {
wolfSSL 7:481bce714567 9020 Md5 md5;
wolfSSL 7:481bce714567 9021 int i;
wolfSSL 7:481bce714567 9022
wolfSSL 7:481bce714567 9023 wc_InitMd5(&md5);
wolfSSL 7:481bce714567 9024
wolfSSL 7:481bce714567 9025 for (i = 0; i < rounds; i++)
wolfSSL 7:481bce714567 9026 wc_Md5Update(&md5, data, sz);
wolfSSL 7:481bce714567 9027 wc_Md5Free(&md5) ; /* in case needed to release resources */
wolfSSL 7:481bce714567 9028 }
wolfSSL 7:481bce714567 9029
wolfSSL 7:481bce714567 9030
wolfSSL 7:481bce714567 9031
wolfSSL 7:481bce714567 9032 /* do a dummy sha round */
wolfSSL 7:481bce714567 9033 static INLINE void ShaRounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9034 {
wolfSSL 7:481bce714567 9035 Sha sha;
wolfSSL 7:481bce714567 9036 int i;
wolfSSL 7:481bce714567 9037
wolfSSL 7:481bce714567 9038 wc_InitSha(&sha); /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9039
wolfSSL 7:481bce714567 9040 for (i = 0; i < rounds; i++)
wolfSSL 7:481bce714567 9041 wc_ShaUpdate(&sha, data, sz);
wolfSSL 7:481bce714567 9042 wc_ShaFree(&sha) ; /* in case needed to release resources */
wolfSSL 7:481bce714567 9043 }
wolfSSL 7:481bce714567 9044 #endif
wolfSSL 7:481bce714567 9045
wolfSSL 7:481bce714567 9046
wolfSSL 7:481bce714567 9047 #ifndef NO_SHA256
wolfSSL 7:481bce714567 9048
wolfSSL 7:481bce714567 9049 static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9050 {
wolfSSL 7:481bce714567 9051 Sha256 sha256;
wolfSSL 7:481bce714567 9052 int i;
wolfSSL 7:481bce714567 9053
wolfSSL 7:481bce714567 9054 wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9055
wolfSSL 7:481bce714567 9056 for (i = 0; i < rounds; i++) {
wolfSSL 7:481bce714567 9057 wc_Sha256Update(&sha256, data, sz);
wolfSSL 7:481bce714567 9058 /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9059 }
wolfSSL 7:481bce714567 9060 wc_Sha256Free(&sha256) ; /* in case needed to release resources */
wolfSSL 7:481bce714567 9061 }
wolfSSL 7:481bce714567 9062
wolfSSL 7:481bce714567 9063 #endif
wolfSSL 7:481bce714567 9064
wolfSSL 7:481bce714567 9065
wolfSSL 7:481bce714567 9066 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 9067
wolfSSL 7:481bce714567 9068 static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9069 {
wolfSSL 7:481bce714567 9070 Sha384 sha384;
wolfSSL 7:481bce714567 9071 int i;
wolfSSL 7:481bce714567 9072
wolfSSL 7:481bce714567 9073 wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9074
wolfSSL 7:481bce714567 9075 for (i = 0; i < rounds; i++) {
wolfSSL 7:481bce714567 9076 wc_Sha384Update(&sha384, data, sz);
wolfSSL 7:481bce714567 9077 /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9078 }
wolfSSL 7:481bce714567 9079 wc_Sha384Free(&sha384) ; /* in case needed to release resources */
wolfSSL 7:481bce714567 9080 }
wolfSSL 7:481bce714567 9081
wolfSSL 7:481bce714567 9082 #endif
wolfSSL 7:481bce714567 9083
wolfSSL 7:481bce714567 9084
wolfSSL 7:481bce714567 9085 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 9086
wolfSSL 7:481bce714567 9087 static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9088 {
wolfSSL 7:481bce714567 9089 Sha512 sha512;
wolfSSL 7:481bce714567 9090 int i;
wolfSSL 7:481bce714567 9091
wolfSSL 7:481bce714567 9092 wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9093
wolfSSL 7:481bce714567 9094 for (i = 0; i < rounds; i++) {
wolfSSL 7:481bce714567 9095 wc_Sha512Update(&sha512, data, sz);
wolfSSL 7:481bce714567 9096 /* no error check on purpose, dummy round */
wolfSSL 7:481bce714567 9097 }
wolfSSL 7:481bce714567 9098 wc_Sha512Free(&sha512) ; /* in case needed to release resources */
wolfSSL 7:481bce714567 9099 }
wolfSSL 7:481bce714567 9100
wolfSSL 7:481bce714567 9101 #endif
wolfSSL 7:481bce714567 9102
wolfSSL 7:481bce714567 9103
wolfSSL 7:481bce714567 9104 #ifdef WOLFSSL_RIPEMD
wolfSSL 7:481bce714567 9105
wolfSSL 7:481bce714567 9106 static INLINE void RmdRounds(int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9107 {
wolfSSL 7:481bce714567 9108 RipeMd ripemd;
wolfSSL 7:481bce714567 9109 int i;
wolfSSL 7:481bce714567 9110
wolfSSL 7:481bce714567 9111 wc_InitRipeMd(&ripemd);
wolfSSL 7:481bce714567 9112
wolfSSL 7:481bce714567 9113 for (i = 0; i < rounds; i++)
wolfSSL 7:481bce714567 9114 wc_RipeMdUpdate(&ripemd, data, sz);
wolfSSL 7:481bce714567 9115 }
wolfSSL 7:481bce714567 9116
wolfSSL 7:481bce714567 9117 #endif
wolfSSL 7:481bce714567 9118
wolfSSL 7:481bce714567 9119
wolfSSL 7:481bce714567 9120 /* Do dummy rounds */
wolfSSL 7:481bce714567 9121 static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
wolfSSL 7:481bce714567 9122 {
wolfSSL 7:481bce714567 9123 (void)rounds;
wolfSSL 7:481bce714567 9124 (void)data;
wolfSSL 7:481bce714567 9125 (void)sz;
wolfSSL 7:481bce714567 9126
wolfSSL 7:481bce714567 9127 switch (type) {
wolfSSL 7:481bce714567 9128 case no_mac :
wolfSSL 7:481bce714567 9129 break;
wolfSSL 7:481bce714567 9130
wolfSSL 7:481bce714567 9131 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 9132 #ifndef NO_MD5
wolfSSL 7:481bce714567 9133 case md5_mac :
wolfSSL 7:481bce714567 9134 Md5Rounds(rounds, data, sz);
wolfSSL 7:481bce714567 9135 break;
wolfSSL 7:481bce714567 9136 #endif
wolfSSL 7:481bce714567 9137
wolfSSL 7:481bce714567 9138 #ifndef NO_SHA
wolfSSL 7:481bce714567 9139 case sha_mac :
wolfSSL 7:481bce714567 9140 ShaRounds(rounds, data, sz);
wolfSSL 7:481bce714567 9141 break;
wolfSSL 7:481bce714567 9142 #endif
wolfSSL 7:481bce714567 9143 #endif
wolfSSL 7:481bce714567 9144
wolfSSL 7:481bce714567 9145 #ifndef NO_SHA256
wolfSSL 7:481bce714567 9146 case sha256_mac :
wolfSSL 7:481bce714567 9147 Sha256Rounds(rounds, data, sz);
wolfSSL 7:481bce714567 9148 break;
wolfSSL 7:481bce714567 9149 #endif
wolfSSL 7:481bce714567 9150
wolfSSL 7:481bce714567 9151 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 9152 case sha384_mac :
wolfSSL 7:481bce714567 9153 Sha384Rounds(rounds, data, sz);
wolfSSL 7:481bce714567 9154 break;
wolfSSL 7:481bce714567 9155 #endif
wolfSSL 7:481bce714567 9156
wolfSSL 7:481bce714567 9157 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 9158 case sha512_mac :
wolfSSL 7:481bce714567 9159 Sha512Rounds(rounds, data, sz);
wolfSSL 7:481bce714567 9160 break;
wolfSSL 7:481bce714567 9161 #endif
wolfSSL 7:481bce714567 9162
wolfSSL 7:481bce714567 9163 #ifdef WOLFSSL_RIPEMD
wolfSSL 7:481bce714567 9164 case rmd_mac :
wolfSSL 7:481bce714567 9165 RmdRounds(rounds, data, sz);
wolfSSL 7:481bce714567 9166 break;
wolfSSL 7:481bce714567 9167 #endif
wolfSSL 7:481bce714567 9168
wolfSSL 7:481bce714567 9169 default:
wolfSSL 7:481bce714567 9170 WOLFSSL_MSG("Bad round type");
wolfSSL 7:481bce714567 9171 break;
wolfSSL 7:481bce714567 9172 }
wolfSSL 7:481bce714567 9173 }
wolfSSL 7:481bce714567 9174
wolfSSL 7:481bce714567 9175
wolfSSL 7:481bce714567 9176 /* do number of compression rounds on dummy data */
wolfSSL 7:481bce714567 9177 static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
wolfSSL 7:481bce714567 9178 {
wolfSSL 7:481bce714567 9179 if (rounds)
wolfSSL 7:481bce714567 9180 DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
wolfSSL 7:481bce714567 9181 }
wolfSSL 7:481bce714567 9182
wolfSSL 7:481bce714567 9183
wolfSSL 7:481bce714567 9184 /* check all length bytes for the pad value, return 0 on success */
wolfSSL 7:481bce714567 9185 static int PadCheck(const byte* a, byte pad, int length)
wolfSSL 7:481bce714567 9186 {
wolfSSL 7:481bce714567 9187 int i;
wolfSSL 7:481bce714567 9188 int compareSum = 0;
wolfSSL 7:481bce714567 9189
wolfSSL 7:481bce714567 9190 for (i = 0; i < length; i++) {
wolfSSL 7:481bce714567 9191 compareSum |= a[i] ^ pad;
wolfSSL 7:481bce714567 9192 }
wolfSSL 7:481bce714567 9193
wolfSSL 7:481bce714567 9194 return compareSum;
wolfSSL 7:481bce714567 9195 }
wolfSSL 7:481bce714567 9196
wolfSSL 7:481bce714567 9197
wolfSSL 7:481bce714567 9198 /* get compression extra rounds */
wolfSSL 7:481bce714567 9199 static INLINE int GetRounds(int pLen, int padLen, int t)
wolfSSL 7:481bce714567 9200 {
wolfSSL 7:481bce714567 9201 int roundL1 = 1; /* round up flags */
wolfSSL 7:481bce714567 9202 int roundL2 = 1;
wolfSSL 7:481bce714567 9203
wolfSSL 7:481bce714567 9204 int L1 = COMPRESS_CONSTANT + pLen - t;
wolfSSL 7:481bce714567 9205 int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
wolfSSL 7:481bce714567 9206
wolfSSL 7:481bce714567 9207 L1 -= COMPRESS_UPPER;
wolfSSL 7:481bce714567 9208 L2 -= COMPRESS_UPPER;
wolfSSL 7:481bce714567 9209
wolfSSL 7:481bce714567 9210 if ( (L1 % COMPRESS_LOWER) == 0)
wolfSSL 7:481bce714567 9211 roundL1 = 0;
wolfSSL 7:481bce714567 9212 if ( (L2 % COMPRESS_LOWER) == 0)
wolfSSL 7:481bce714567 9213 roundL2 = 0;
wolfSSL 7:481bce714567 9214
wolfSSL 7:481bce714567 9215 L1 /= COMPRESS_LOWER;
wolfSSL 7:481bce714567 9216 L2 /= COMPRESS_LOWER;
wolfSSL 7:481bce714567 9217
wolfSSL 7:481bce714567 9218 L1 += roundL1;
wolfSSL 7:481bce714567 9219 L2 += roundL2;
wolfSSL 7:481bce714567 9220
wolfSSL 7:481bce714567 9221 return L1 - L2;
wolfSSL 7:481bce714567 9222 }
wolfSSL 7:481bce714567 9223
wolfSSL 7:481bce714567 9224
wolfSSL 7:481bce714567 9225 /* timing resistant pad/verify check, return 0 on success */
wolfSSL 7:481bce714567 9226 static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL 7:481bce714567 9227 int pLen, int content)
wolfSSL 7:481bce714567 9228 {
wolfSSL 7:481bce714567 9229 byte verify[MAX_DIGEST_SIZE];
wolfSSL 7:481bce714567 9230 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 7:481bce714567 9231 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 7:481bce714567 9232 int ret = 0;
wolfSSL 7:481bce714567 9233
wolfSSL 7:481bce714567 9234 (void)dmy;
wolfSSL 7:481bce714567 9235
wolfSSL 7:481bce714567 9236 if ( (t + padLen + 1) > pLen) {
wolfSSL 7:481bce714567 9237 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 7:481bce714567 9238 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
wolfSSL 7:481bce714567 9239 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 7:481bce714567 9240 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 7:481bce714567 9241
wolfSSL 7:481bce714567 9242 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9243 }
wolfSSL 7:481bce714567 9244
wolfSSL 7:481bce714567 9245 if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
wolfSSL 7:481bce714567 9246 WOLFSSL_MSG("PadCheck failed");
wolfSSL 7:481bce714567 9247 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 7:481bce714567 9248 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 7:481bce714567 9249 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 7:481bce714567 9250
wolfSSL 7:481bce714567 9251 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9252 }
wolfSSL 7:481bce714567 9253
wolfSSL 7:481bce714567 9254 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 7:481bce714567 9255 ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
wolfSSL 7:481bce714567 9256
wolfSSL 7:481bce714567 9257 CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
wolfSSL 7:481bce714567 9258
wolfSSL 7:481bce714567 9259 if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
wolfSSL 7:481bce714567 9260 WOLFSSL_MSG("Verify MAC compare failed");
wolfSSL 7:481bce714567 9261 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9262 }
wolfSSL 7:481bce714567 9263
wolfSSL 7:481bce714567 9264 if (ret != 0)
wolfSSL 7:481bce714567 9265 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9266 return 0;
wolfSSL 7:481bce714567 9267 }
wolfSSL 7:481bce714567 9268
wolfSSL 7:481bce714567 9269
wolfSSL 7:481bce714567 9270 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
wolfSSL 7:481bce714567 9271 {
wolfSSL 7:481bce714567 9272 word32 msgSz = ssl->keys.encryptSz;
wolfSSL 7:481bce714567 9273 word32 idx = *inOutIdx;
wolfSSL 7:481bce714567 9274 int dataSz;
wolfSSL 7:481bce714567 9275 int ivExtra = 0;
wolfSSL 7:481bce714567 9276 byte* rawData = input + idx; /* keep current for hmac */
wolfSSL 7:481bce714567 9277 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 9278 byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 7:481bce714567 9279 #endif
wolfSSL 7:481bce714567 9280
wolfSSL 7:481bce714567 9281 if (ssl->options.handShakeDone == 0) {
wolfSSL 7:481bce714567 9282 WOLFSSL_MSG("Received App data before a handshake completed");
wolfSSL 7:481bce714567 9283 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 9284 return OUT_OF_ORDER_E;
wolfSSL 7:481bce714567 9285 }
wolfSSL 7:481bce714567 9286
wolfSSL 7:481bce714567 9287 if (ssl->specs.cipher_type == block) {
wolfSSL 7:481bce714567 9288 if (ssl->options.tls1_1)
wolfSSL 7:481bce714567 9289 ivExtra = ssl->specs.block_size;
wolfSSL 7:481bce714567 9290 }
wolfSSL 7:481bce714567 9291 else if (ssl->specs.cipher_type == aead) {
wolfSSL 7:481bce714567 9292 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 7:481bce714567 9293 ivExtra = AESGCM_EXP_IV_SZ;
wolfSSL 7:481bce714567 9294 }
wolfSSL 7:481bce714567 9295
wolfSSL 7:481bce714567 9296 dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL 7:481bce714567 9297 if (dataSz < 0) {
wolfSSL 7:481bce714567 9298 WOLFSSL_MSG("App data buffer error, malicious input?");
wolfSSL 7:481bce714567 9299 return BUFFER_ERROR;
wolfSSL 7:481bce714567 9300 }
wolfSSL 7:481bce714567 9301
wolfSSL 7:481bce714567 9302 /* read data */
wolfSSL 7:481bce714567 9303 if (dataSz) {
wolfSSL 7:481bce714567 9304 int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL 7:481bce714567 9305
wolfSSL 7:481bce714567 9306 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 9307 if (ssl->options.usingCompression) {
wolfSSL 7:481bce714567 9308 dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL 7:481bce714567 9309 if (dataSz < 0) return dataSz;
wolfSSL 7:481bce714567 9310 }
wolfSSL 7:481bce714567 9311 #endif
wolfSSL 7:481bce714567 9312 idx += rawSz;
wolfSSL 7:481bce714567 9313
wolfSSL 7:481bce714567 9314 ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL 7:481bce714567 9315 ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL 7:481bce714567 9316 }
wolfSSL 7:481bce714567 9317
wolfSSL 7:481bce714567 9318 idx += ssl->keys.padSz;
wolfSSL 7:481bce714567 9319
wolfSSL 7:481bce714567 9320 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 9321 /* decompress could be bigger, overwrite after verify */
wolfSSL 7:481bce714567 9322 if (ssl->options.usingCompression)
wolfSSL 7:481bce714567 9323 XMEMMOVE(rawData, decomp, dataSz);
wolfSSL 7:481bce714567 9324 #endif
wolfSSL 7:481bce714567 9325
wolfSSL 7:481bce714567 9326 *inOutIdx = idx;
wolfSSL 7:481bce714567 9327 return 0;
wolfSSL 7:481bce714567 9328 }
wolfSSL 7:481bce714567 9329
wolfSSL 7:481bce714567 9330
wolfSSL 7:481bce714567 9331 /* process alert, return level */
wolfSSL 7:481bce714567 9332 static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL 7:481bce714567 9333 word32 totalSz)
wolfSSL 7:481bce714567 9334 {
wolfSSL 7:481bce714567 9335 byte level;
wolfSSL 7:481bce714567 9336 byte code;
wolfSSL 7:481bce714567 9337
wolfSSL 7:481bce714567 9338 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 9339 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 9340 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 9341 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 9342 /* add record header back on to info + 2 byte level, data */
wolfSSL 7:481bce714567 9343 AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
wolfSSL 7:481bce714567 9344 RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL 7:481bce714567 9345 #endif
wolfSSL 7:481bce714567 9346
wolfSSL 7:481bce714567 9347 /* make sure can read the message */
wolfSSL 7:481bce714567 9348 if (*inOutIdx + ALERT_SIZE > totalSz)
wolfSSL 7:481bce714567 9349 return BUFFER_E;
wolfSSL 7:481bce714567 9350
wolfSSL 7:481bce714567 9351 level = input[(*inOutIdx)++];
wolfSSL 7:481bce714567 9352 code = input[(*inOutIdx)++];
wolfSSL 7:481bce714567 9353 ssl->alert_history.last_rx.code = code;
wolfSSL 7:481bce714567 9354 ssl->alert_history.last_rx.level = level;
wolfSSL 7:481bce714567 9355 *type = code;
wolfSSL 7:481bce714567 9356 if (level == alert_fatal) {
wolfSSL 7:481bce714567 9357 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 7:481bce714567 9358 }
wolfSSL 7:481bce714567 9359
wolfSSL 7:481bce714567 9360 WOLFSSL_MSG("Got alert");
wolfSSL 7:481bce714567 9361 if (*type == close_notify) {
wolfSSL 7:481bce714567 9362 WOLFSSL_MSG("\tclose notify");
wolfSSL 7:481bce714567 9363 ssl->options.closeNotify = 1;
wolfSSL 7:481bce714567 9364 }
wolfSSL 7:481bce714567 9365 WOLFSSL_ERROR(*type);
wolfSSL 7:481bce714567 9366 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 9367 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 7:481bce714567 9368 return BUFFER_E;
wolfSSL 7:481bce714567 9369 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 9370 }
wolfSSL 7:481bce714567 9371
wolfSSL 7:481bce714567 9372 return level;
wolfSSL 7:481bce714567 9373 }
wolfSSL 7:481bce714567 9374
wolfSSL 7:481bce714567 9375 static int GetInputData(WOLFSSL *ssl, word32 size)
wolfSSL 7:481bce714567 9376 {
wolfSSL 7:481bce714567 9377 int in;
wolfSSL 7:481bce714567 9378 int inSz;
wolfSSL 7:481bce714567 9379 int maxLength;
wolfSSL 7:481bce714567 9380 int usedLength;
wolfSSL 7:481bce714567 9381 int dtlsExtra = 0;
wolfSSL 7:481bce714567 9382
wolfSSL 7:481bce714567 9383
wolfSSL 7:481bce714567 9384 /* check max input length */
wolfSSL 7:481bce714567 9385 usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 9386 maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL 7:481bce714567 9387 inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL 7:481bce714567 9388
wolfSSL 7:481bce714567 9389 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9390 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 9391 if (size < ssl->dtls_expected_rx)
wolfSSL 7:481bce714567 9392 dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL 7:481bce714567 9393 inSz = ssl->dtls_expected_rx;
wolfSSL 7:481bce714567 9394 }
wolfSSL 7:481bce714567 9395 #endif
wolfSSL 7:481bce714567 9396
wolfSSL 7:481bce714567 9397 /* check that no lengths or size values are negative */
wolfSSL 7:481bce714567 9398 if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
wolfSSL 7:481bce714567 9399 return BUFFER_ERROR;
wolfSSL 7:481bce714567 9400 }
wolfSSL 7:481bce714567 9401
wolfSSL 7:481bce714567 9402 if (inSz > maxLength) {
wolfSSL 7:481bce714567 9403 if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL 7:481bce714567 9404 return MEMORY_E;
wolfSSL 7:481bce714567 9405 }
wolfSSL 7:481bce714567 9406
wolfSSL 7:481bce714567 9407 /* Put buffer data at start if not there */
wolfSSL 7:481bce714567 9408 if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL 7:481bce714567 9409 XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9410 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9411 usedLength);
wolfSSL 7:481bce714567 9412
wolfSSL 7:481bce714567 9413 /* remove processed data */
wolfSSL 7:481bce714567 9414 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 7:481bce714567 9415 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 7:481bce714567 9416
wolfSSL 7:481bce714567 9417 /* read data from network */
wolfSSL 7:481bce714567 9418 do {
wolfSSL 7:481bce714567 9419 in = Receive(ssl,
wolfSSL 7:481bce714567 9420 ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9421 ssl->buffers.inputBuffer.length,
wolfSSL 7:481bce714567 9422 inSz);
wolfSSL 7:481bce714567 9423 if (in == -1)
wolfSSL 7:481bce714567 9424 return SOCKET_ERROR_E;
wolfSSL 7:481bce714567 9425
wolfSSL 7:481bce714567 9426 if (in == WANT_READ)
wolfSSL 7:481bce714567 9427 return WANT_READ;
wolfSSL 7:481bce714567 9428
wolfSSL 7:481bce714567 9429 if (in > inSz)
wolfSSL 7:481bce714567 9430 return RECV_OVERFLOW_E;
wolfSSL 7:481bce714567 9431
wolfSSL 7:481bce714567 9432 ssl->buffers.inputBuffer.length += in;
wolfSSL 7:481bce714567 9433 inSz -= in;
wolfSSL 7:481bce714567 9434
wolfSSL 7:481bce714567 9435 } while (ssl->buffers.inputBuffer.length < size);
wolfSSL 7:481bce714567 9436
wolfSSL 7:481bce714567 9437 return 0;
wolfSSL 7:481bce714567 9438 }
wolfSSL 7:481bce714567 9439
wolfSSL 7:481bce714567 9440
wolfSSL 7:481bce714567 9441 static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL 7:481bce714567 9442 int content, word32* padSz)
wolfSSL 7:481bce714567 9443 {
wolfSSL 7:481bce714567 9444 int ivExtra = 0;
wolfSSL 7:481bce714567 9445 int ret;
wolfSSL 7:481bce714567 9446 word32 pad = 0;
wolfSSL 7:481bce714567 9447 word32 padByte = 0;
wolfSSL 7:481bce714567 9448 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 9449 word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 7:481bce714567 9450 : ssl->specs.hash_size;
wolfSSL 7:481bce714567 9451 #else
wolfSSL 7:481bce714567 9452 word32 digestSz = ssl->specs.hash_size;
wolfSSL 7:481bce714567 9453 #endif
wolfSSL 7:481bce714567 9454 byte verify[MAX_DIGEST_SIZE];
wolfSSL 7:481bce714567 9455
wolfSSL 7:481bce714567 9456 if (ssl->specs.cipher_type == block) {
wolfSSL 7:481bce714567 9457 if (ssl->options.tls1_1)
wolfSSL 7:481bce714567 9458 ivExtra = ssl->specs.block_size;
wolfSSL 7:481bce714567 9459 pad = *(input + msgSz - ivExtra - 1);
wolfSSL 7:481bce714567 9460 padByte = 1;
wolfSSL 7:481bce714567 9461
wolfSSL 7:481bce714567 9462 if (ssl->options.tls) {
wolfSSL 7:481bce714567 9463 ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL 7:481bce714567 9464 content);
wolfSSL 7:481bce714567 9465 if (ret != 0)
wolfSSL 7:481bce714567 9466 return ret;
wolfSSL 7:481bce714567 9467 }
wolfSSL 7:481bce714567 9468 else { /* sslv3, some implementations have bad padding, but don't
wolfSSL 7:481bce714567 9469 * allow bad read */
wolfSSL 7:481bce714567 9470 int badPadLen = 0;
wolfSSL 7:481bce714567 9471 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 7:481bce714567 9472 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 7:481bce714567 9473
wolfSSL 7:481bce714567 9474 (void)dmy;
wolfSSL 7:481bce714567 9475
wolfSSL 7:481bce714567 9476 if (pad > (msgSz - digestSz - 1)) {
wolfSSL 7:481bce714567 9477 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 7:481bce714567 9478 pad = 0; /* no bad read */
wolfSSL 7:481bce714567 9479 badPadLen = 1;
wolfSSL 7:481bce714567 9480 }
wolfSSL 7:481bce714567 9481 PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL 7:481bce714567 9482 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
wolfSSL 7:481bce714567 9483 content, 1);
wolfSSL 7:481bce714567 9484 if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL 7:481bce714567 9485 digestSz) != 0)
wolfSSL 7:481bce714567 9486 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9487 if (ret != 0 || badPadLen)
wolfSSL 7:481bce714567 9488 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9489 }
wolfSSL 7:481bce714567 9490 }
wolfSSL 7:481bce714567 9491 else if (ssl->specs.cipher_type == stream) {
wolfSSL 7:481bce714567 9492 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
wolfSSL 7:481bce714567 9493 if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL 7:481bce714567 9494 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9495 }
wolfSSL 7:481bce714567 9496 if (ret != 0)
wolfSSL 7:481bce714567 9497 return VERIFY_MAC_ERROR;
wolfSSL 7:481bce714567 9498 }
wolfSSL 7:481bce714567 9499
wolfSSL 7:481bce714567 9500 if (ssl->specs.cipher_type == aead) {
wolfSSL 7:481bce714567 9501 *padSz = ssl->specs.aead_mac_size;
wolfSSL 7:481bce714567 9502 }
wolfSSL 7:481bce714567 9503 else {
wolfSSL 7:481bce714567 9504 *padSz = digestSz + pad + padByte;
wolfSSL 7:481bce714567 9505 }
wolfSSL 7:481bce714567 9506
wolfSSL 7:481bce714567 9507 return 0;
wolfSSL 7:481bce714567 9508 }
wolfSSL 7:481bce714567 9509
wolfSSL 7:481bce714567 9510
wolfSSL 7:481bce714567 9511 /* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL 7:481bce714567 9512 negative number is error */
wolfSSL 7:481bce714567 9513 int ProcessReply(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9514 {
wolfSSL 7:481bce714567 9515 int ret = 0, type, readSz;
wolfSSL 7:481bce714567 9516 int atomicUser = 0;
wolfSSL 7:481bce714567 9517 word32 startIdx = 0;
wolfSSL 7:481bce714567 9518 #if defined(WOLFSSL_DTLS)
wolfSSL 7:481bce714567 9519 int used;
wolfSSL 7:481bce714567 9520 #endif
wolfSSL 7:481bce714567 9521
wolfSSL 7:481bce714567 9522 #ifdef ATOMIC_USER
wolfSSL 7:481bce714567 9523 if (ssl->ctx->DecryptVerifyCb)
wolfSSL 7:481bce714567 9524 atomicUser = 1;
wolfSSL 7:481bce714567 9525 #endif
wolfSSL 7:481bce714567 9526
wolfSSL 7:481bce714567 9527 if (ssl->error != 0 && ssl->error != WANT_READ &&
wolfSSL 7:481bce714567 9528 ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) {
wolfSSL 7:481bce714567 9529 WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL 7:481bce714567 9530 return ssl->error;
wolfSSL 7:481bce714567 9531 }
wolfSSL 7:481bce714567 9532
wolfSSL 7:481bce714567 9533 for (;;) {
wolfSSL 7:481bce714567 9534 switch (ssl->options.processReply) {
wolfSSL 7:481bce714567 9535
wolfSSL 7:481bce714567 9536 /* in the WOLFSSL_SERVER case, get the first byte for detecting
wolfSSL 7:481bce714567 9537 * old client hello */
wolfSSL 7:481bce714567 9538 case doProcessInit:
wolfSSL 7:481bce714567 9539
wolfSSL 7:481bce714567 9540 readSz = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 9541
wolfSSL 7:481bce714567 9542 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9543 if (ssl->options.dtls)
wolfSSL 7:481bce714567 9544 readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 9545 #endif
wolfSSL 7:481bce714567 9546
wolfSSL 7:481bce714567 9547 /* get header or return error */
wolfSSL 7:481bce714567 9548 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 9549 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 7:481bce714567 9550 return ret;
wolfSSL 7:481bce714567 9551 } else {
wolfSSL 7:481bce714567 9552 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9553 /* read ahead may already have header */
wolfSSL 7:481bce714567 9554 used = ssl->buffers.inputBuffer.length -
wolfSSL 7:481bce714567 9555 ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 9556 if (used < readSz)
wolfSSL 7:481bce714567 9557 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 7:481bce714567 9558 return ret;
wolfSSL 7:481bce714567 9559 #endif
wolfSSL 7:481bce714567 9560 }
wolfSSL 7:481bce714567 9561
wolfSSL 7:481bce714567 9562 #ifdef OLD_HELLO_ALLOWED
wolfSSL 7:481bce714567 9563
wolfSSL 7:481bce714567 9564 /* see if sending SSLv2 client hello */
wolfSSL 7:481bce714567 9565 if ( ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 7:481bce714567 9566 ssl->options.clientState == NULL_STATE &&
wolfSSL 7:481bce714567 9567 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL 7:481bce714567 9568 != handshake) {
wolfSSL 7:481bce714567 9569 byte b0, b1;
wolfSSL 7:481bce714567 9570
wolfSSL 7:481bce714567 9571 ssl->options.processReply = runProcessOldClientHello;
wolfSSL 7:481bce714567 9572
wolfSSL 7:481bce714567 9573 /* sanity checks before getting size at front */
wolfSSL 7:481bce714567 9574 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 7:481bce714567 9575 ssl->buffers.inputBuffer.idx + 2] != OLD_HELLO_ID) {
wolfSSL 7:481bce714567 9576 WOLFSSL_MSG("Not a valid old client hello");
wolfSSL 7:481bce714567 9577 return PARSE_ERROR;
wolfSSL 7:481bce714567 9578 }
wolfSSL 7:481bce714567 9579
wolfSSL 7:481bce714567 9580 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 7:481bce714567 9581 ssl->buffers.inputBuffer.idx + 3] != SSLv3_MAJOR &&
wolfSSL 7:481bce714567 9582 ssl->buffers.inputBuffer.buffer[
wolfSSL 7:481bce714567 9583 ssl->buffers.inputBuffer.idx + 3] != DTLS_MAJOR) {
wolfSSL 7:481bce714567 9584 WOLFSSL_MSG("Not a valid version in old client hello");
wolfSSL 7:481bce714567 9585 return PARSE_ERROR;
wolfSSL 7:481bce714567 9586 }
wolfSSL 7:481bce714567 9587
wolfSSL 7:481bce714567 9588 /* how many bytes need ProcessOldClientHello */
wolfSSL 7:481bce714567 9589 b0 =
wolfSSL 7:481bce714567 9590 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 7:481bce714567 9591 b1 =
wolfSSL 7:481bce714567 9592 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 7:481bce714567 9593 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
wolfSSL 7:481bce714567 9594 }
wolfSSL 7:481bce714567 9595 else {
wolfSSL 7:481bce714567 9596 ssl->options.processReply = getRecordLayerHeader;
wolfSSL 7:481bce714567 9597 continue;
wolfSSL 7:481bce714567 9598 }
wolfSSL 7:481bce714567 9599
wolfSSL 7:481bce714567 9600 /* in the WOLFSSL_SERVER case, run the old client hello */
wolfSSL 7:481bce714567 9601 case runProcessOldClientHello:
wolfSSL 7:481bce714567 9602
wolfSSL 7:481bce714567 9603 /* get sz bytes or return error */
wolfSSL 7:481bce714567 9604 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 9605 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 7:481bce714567 9606 return ret;
wolfSSL 7:481bce714567 9607 } else {
wolfSSL 7:481bce714567 9608 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9609 /* read ahead may already have */
wolfSSL 7:481bce714567 9610 used = ssl->buffers.inputBuffer.length -
wolfSSL 7:481bce714567 9611 ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 9612 if (used < ssl->curSize)
wolfSSL 7:481bce714567 9613 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 7:481bce714567 9614 return ret;
wolfSSL 7:481bce714567 9615 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 9616 }
wolfSSL 7:481bce714567 9617
wolfSSL 7:481bce714567 9618 ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9619 &ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9620 ssl->buffers.inputBuffer.length -
wolfSSL 7:481bce714567 9621 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9622 ssl->curSize);
wolfSSL 7:481bce714567 9623 if (ret < 0)
wolfSSL 7:481bce714567 9624 return ret;
wolfSSL 7:481bce714567 9625
wolfSSL 7:481bce714567 9626 else if (ssl->buffers.inputBuffer.idx ==
wolfSSL 7:481bce714567 9627 ssl->buffers.inputBuffer.length) {
wolfSSL 7:481bce714567 9628 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9629 return 0;
wolfSSL 7:481bce714567 9630 }
wolfSSL 7:481bce714567 9631
wolfSSL 7:481bce714567 9632 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 7:481bce714567 9633
wolfSSL 7:481bce714567 9634 /* get the record layer header */
wolfSSL 7:481bce714567 9635 case getRecordLayerHeader:
wolfSSL 7:481bce714567 9636
wolfSSL 7:481bce714567 9637 ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9638 &ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9639 &ssl->curRL, &ssl->curSize);
wolfSSL 7:481bce714567 9640 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9641 if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL 7:481bce714567 9642 WOLFSSL_MSG("Silently dropping out of order DTLS message");
wolfSSL 7:481bce714567 9643 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9644 ssl->buffers.inputBuffer.length = 0;
wolfSSL 7:481bce714567 9645 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 7:481bce714567 9646
wolfSSL 7:481bce714567 9647 if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) {
wolfSSL 7:481bce714567 9648 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 7:481bce714567 9649 if (ret != 0)
wolfSSL 7:481bce714567 9650 return ret;
wolfSSL 7:481bce714567 9651 }
wolfSSL 7:481bce714567 9652
wolfSSL 7:481bce714567 9653 continue;
wolfSSL 7:481bce714567 9654 }
wolfSSL 7:481bce714567 9655 #endif
wolfSSL 7:481bce714567 9656 if (ret != 0)
wolfSSL 7:481bce714567 9657 return ret;
wolfSSL 7:481bce714567 9658
wolfSSL 7:481bce714567 9659 ssl->options.processReply = getData;
wolfSSL 7:481bce714567 9660
wolfSSL 7:481bce714567 9661 /* retrieve record layer data */
wolfSSL 7:481bce714567 9662 case getData:
wolfSSL 7:481bce714567 9663
wolfSSL 7:481bce714567 9664 /* get sz bytes or return error */
wolfSSL 7:481bce714567 9665 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 9666 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 7:481bce714567 9667 return ret;
wolfSSL 7:481bce714567 9668 } else {
wolfSSL 7:481bce714567 9669 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9670 /* read ahead may already have */
wolfSSL 7:481bce714567 9671 used = ssl->buffers.inputBuffer.length -
wolfSSL 7:481bce714567 9672 ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 9673 if (used < ssl->curSize)
wolfSSL 7:481bce714567 9674 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 7:481bce714567 9675 return ret;
wolfSSL 7:481bce714567 9676 #endif
wolfSSL 7:481bce714567 9677 }
wolfSSL 7:481bce714567 9678
wolfSSL 7:481bce714567 9679 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 7:481bce714567 9680 startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL 7:481bce714567 9681
wolfSSL 7:481bce714567 9682 /* the record layer is here */
wolfSSL 7:481bce714567 9683 case runProcessingOneMessage:
wolfSSL 7:481bce714567 9684
wolfSSL 7:481bce714567 9685 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0)
wolfSSL 7:481bce714567 9686 {
wolfSSL 7:481bce714567 9687 ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL 7:481bce714567 9688 if (ret < 0)
wolfSSL 7:481bce714567 9689 return ret;
wolfSSL 7:481bce714567 9690
wolfSSL 7:481bce714567 9691 if (atomicUser) {
wolfSSL 7:481bce714567 9692 #ifdef ATOMIC_USER
wolfSSL 7:481bce714567 9693 ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL 7:481bce714567 9694 ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9695 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9696 ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9697 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9698 ssl->curSize, ssl->curRL.type, 1,
wolfSSL 7:481bce714567 9699 &ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL 7:481bce714567 9700 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL 7:481bce714567 9701 ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL 7:481bce714567 9702 /* go past TLSv1.1 IV */
wolfSSL 7:481bce714567 9703 if (ssl->specs.cipher_type == aead &&
wolfSSL 7:481bce714567 9704 ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 7:481bce714567 9705 ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL 7:481bce714567 9706 #endif /* ATOMIC_USER */
wolfSSL 7:481bce714567 9707 }
wolfSSL 7:481bce714567 9708 else {
wolfSSL 7:481bce714567 9709 ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9710 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9711 ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9712 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9713 ssl->curSize);
wolfSSL 7:481bce714567 9714 if (ret < 0) {
wolfSSL 7:481bce714567 9715 WOLFSSL_MSG("Decrypt failed");
wolfSSL 7:481bce714567 9716 WOLFSSL_ERROR(ret);
wolfSSL 7:481bce714567 9717 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9718 /* If in DTLS mode, if the decrypt fails for any
wolfSSL 7:481bce714567 9719 * reason, pretend the datagram never happened. */
wolfSSL 7:481bce714567 9720 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 9721 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9722 ssl->buffers.inputBuffer.idx =
wolfSSL 7:481bce714567 9723 ssl->buffers.inputBuffer.length;
wolfSSL 7:481bce714567 9724 }
wolfSSL 7:481bce714567 9725 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 9726 return DECRYPT_ERROR;
wolfSSL 7:481bce714567 9727 }
wolfSSL 7:481bce714567 9728 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL 7:481bce714567 9729 ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL 7:481bce714567 9730 /* go past TLSv1.1 IV */
wolfSSL 7:481bce714567 9731 if (ssl->specs.cipher_type == aead &&
wolfSSL 7:481bce714567 9732 ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 7:481bce714567 9733 ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL 7:481bce714567 9734
wolfSSL 7:481bce714567 9735 ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9736 ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9737 ssl->curSize, ssl->curRL.type,
wolfSSL 7:481bce714567 9738 &ssl->keys.padSz);
wolfSSL 7:481bce714567 9739 }
wolfSSL 7:481bce714567 9740 if (ret < 0) {
wolfSSL 7:481bce714567 9741 WOLFSSL_MSG("VerifyMac failed");
wolfSSL 7:481bce714567 9742 WOLFSSL_ERROR(ret);
wolfSSL 7:481bce714567 9743 return DECRYPT_ERROR;
wolfSSL 7:481bce714567 9744 }
wolfSSL 7:481bce714567 9745 ssl->keys.encryptSz = ssl->curSize;
wolfSSL 7:481bce714567 9746 ssl->keys.decryptedCur = 1;
wolfSSL 7:481bce714567 9747 }
wolfSSL 7:481bce714567 9748
wolfSSL 7:481bce714567 9749 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9750 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 9751 DtlsUpdateWindow(ssl);
wolfSSL 7:481bce714567 9752 }
wolfSSL 7:481bce714567 9753 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 9754
wolfSSL 7:481bce714567 9755 WOLFSSL_MSG("received record layer msg");
wolfSSL 7:481bce714567 9756
wolfSSL 7:481bce714567 9757 switch (ssl->curRL.type) {
wolfSSL 7:481bce714567 9758 case handshake :
wolfSSL 7:481bce714567 9759 /* debugging in DoHandShakeMsg */
wolfSSL 7:481bce714567 9760 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 9761 ret = DoHandShakeMsg(ssl,
wolfSSL 7:481bce714567 9762 ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9763 &ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9764 ssl->buffers.inputBuffer.length);
wolfSSL 7:481bce714567 9765 }
wolfSSL 7:481bce714567 9766 else {
wolfSSL 7:481bce714567 9767 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9768 ret = DoDtlsHandShakeMsg(ssl,
wolfSSL 7:481bce714567 9769 ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9770 &ssl->buffers.inputBuffer.idx,
wolfSSL 7:481bce714567 9771 ssl->buffers.inputBuffer.length);
wolfSSL 7:481bce714567 9772 #endif
wolfSSL 7:481bce714567 9773 }
wolfSSL 7:481bce714567 9774 if (ret != 0)
wolfSSL 7:481bce714567 9775 return ret;
wolfSSL 7:481bce714567 9776 break;
wolfSSL 7:481bce714567 9777
wolfSSL 7:481bce714567 9778 case change_cipher_spec:
wolfSSL 7:481bce714567 9779 WOLFSSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL 7:481bce714567 9780 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 9781 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 9782 AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 9783 /* add record header back on info */
wolfSSL 7:481bce714567 9784 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 9785 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
wolfSSL 7:481bce714567 9786 ssl->buffers.inputBuffer.buffer +
wolfSSL 7:481bce714567 9787 ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL 7:481bce714567 9788 1 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL 7:481bce714567 9789 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 7:481bce714567 9790 }
wolfSSL 7:481bce714567 9791 #endif
wolfSSL 7:481bce714567 9792
wolfSSL 7:481bce714567 9793 ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
wolfSSL 7:481bce714567 9794 if (ret != 0) {
wolfSSL 7:481bce714567 9795 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 9796 return ret;
wolfSSL 7:481bce714567 9797 }
wolfSSL 7:481bce714567 9798 else {
wolfSSL 7:481bce714567 9799 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9800 /* Check for duplicate CCS message in DTLS mode.
wolfSSL 7:481bce714567 9801 * DTLS allows for duplicate messages, and it should be
wolfSSL 7:481bce714567 9802 * skipped. Also skip if out of order. */
wolfSSL 7:481bce714567 9803 if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E)
wolfSSL 7:481bce714567 9804 return ret;
wolfSSL 7:481bce714567 9805
wolfSSL 7:481bce714567 9806 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 9807 ret = DtlsMsgPoolSend(ssl, 1);
wolfSSL 7:481bce714567 9808 if (ret != 0)
wolfSSL 7:481bce714567 9809 return ret;
wolfSSL 7:481bce714567 9810 }
wolfSSL 7:481bce714567 9811
wolfSSL 7:481bce714567 9812 if (ssl->curSize != 1) {
wolfSSL 7:481bce714567 9813 WOLFSSL_MSG("Malicious or corrupted"
wolfSSL 7:481bce714567 9814 " duplicate ChangeCipher msg");
wolfSSL 7:481bce714567 9815 return LENGTH_ERROR;
wolfSSL 7:481bce714567 9816 }
wolfSSL 7:481bce714567 9817 ssl->buffers.inputBuffer.idx++;
wolfSSL 7:481bce714567 9818 break;
wolfSSL 7:481bce714567 9819 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 9820 }
wolfSSL 7:481bce714567 9821 }
wolfSSL 7:481bce714567 9822
wolfSSL 7:481bce714567 9823 if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
wolfSSL 7:481bce714567 9824 ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
wolfSSL 7:481bce714567 9825 ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
wolfSSL 7:481bce714567 9826 }
wolfSSL 7:481bce714567 9827
wolfSSL 7:481bce714567 9828 if (ssl->curSize != 1) {
wolfSSL 7:481bce714567 9829 WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL 7:481bce714567 9830 return LENGTH_ERROR;
wolfSSL 7:481bce714567 9831 }
wolfSSL 7:481bce714567 9832
wolfSSL 7:481bce714567 9833 ssl->buffers.inputBuffer.idx++;
wolfSSL 7:481bce714567 9834 ssl->keys.encryptionOn = 1;
wolfSSL 7:481bce714567 9835
wolfSSL 7:481bce714567 9836 /* setup decrypt keys for following messages */
wolfSSL 7:481bce714567 9837 if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
wolfSSL 7:481bce714567 9838 return ret;
wolfSSL 7:481bce714567 9839
wolfSSL 7:481bce714567 9840 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9841 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 9842 DtlsMsgPoolReset(ssl);
wolfSSL 7:481bce714567 9843 ssl->keys.prevSeq_lo = ssl->keys.nextSeq_lo;
wolfSSL 7:481bce714567 9844 ssl->keys.prevSeq_hi = ssl->keys.nextSeq_hi;
wolfSSL 7:481bce714567 9845 XMEMCPY(ssl->keys.prevWindow, ssl->keys.window,
wolfSSL 7:481bce714567 9846 DTLS_SEQ_SZ);
wolfSSL 7:481bce714567 9847 ssl->keys.nextEpoch++;
wolfSSL 7:481bce714567 9848 ssl->keys.nextSeq_lo = 0;
wolfSSL 7:481bce714567 9849 ssl->keys.nextSeq_hi = 0;
wolfSSL 7:481bce714567 9850 XMEMSET(ssl->keys.window, 0, DTLS_SEQ_SZ);
wolfSSL 7:481bce714567 9851 }
wolfSSL 7:481bce714567 9852 #endif
wolfSSL 7:481bce714567 9853
wolfSSL 7:481bce714567 9854 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 9855 if (ssl->options.usingCompression)
wolfSSL 7:481bce714567 9856 if ( (ret = InitStreams(ssl)) != 0)
wolfSSL 7:481bce714567 9857 return ret;
wolfSSL 7:481bce714567 9858 #endif
wolfSSL 7:481bce714567 9859 ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
wolfSSL 7:481bce714567 9860 ssl->options.side == WOLFSSL_CLIENT_END ?
wolfSSL 7:481bce714567 9861 server : client);
wolfSSL 7:481bce714567 9862 if (ret != 0)
wolfSSL 7:481bce714567 9863 return ret;
wolfSSL 7:481bce714567 9864 break;
wolfSSL 7:481bce714567 9865
wolfSSL 7:481bce714567 9866 case application_data:
wolfSSL 7:481bce714567 9867 WOLFSSL_MSG("got app DATA");
wolfSSL 7:481bce714567 9868 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9869 if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
wolfSSL 7:481bce714567 9870 FreeHandshakeResources(ssl);
wolfSSL 7:481bce714567 9871 ssl->options.dtlsHsRetain = 0;
wolfSSL 7:481bce714567 9872 }
wolfSSL 7:481bce714567 9873 #endif
wolfSSL 7:481bce714567 9874 if ((ret = DoApplicationData(ssl,
wolfSSL 7:481bce714567 9875 ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9876 &ssl->buffers.inputBuffer.idx))
wolfSSL 7:481bce714567 9877 != 0) {
wolfSSL 7:481bce714567 9878 WOLFSSL_ERROR(ret);
wolfSSL 7:481bce714567 9879 return ret;
wolfSSL 7:481bce714567 9880 }
wolfSSL 7:481bce714567 9881 break;
wolfSSL 7:481bce714567 9882
wolfSSL 7:481bce714567 9883 case alert:
wolfSSL 7:481bce714567 9884 WOLFSSL_MSG("got ALERT!");
wolfSSL 7:481bce714567 9885 ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 7:481bce714567 9886 &ssl->buffers.inputBuffer.idx, &type,
wolfSSL 7:481bce714567 9887 ssl->buffers.inputBuffer.length);
wolfSSL 7:481bce714567 9888 if (ret == alert_fatal)
wolfSSL 7:481bce714567 9889 return FATAL_ERROR;
wolfSSL 7:481bce714567 9890 else if (ret < 0)
wolfSSL 7:481bce714567 9891 return ret;
wolfSSL 7:481bce714567 9892
wolfSSL 7:481bce714567 9893 /* catch warnings that are handled as errors */
wolfSSL 7:481bce714567 9894 if (type == close_notify)
wolfSSL 7:481bce714567 9895 return ssl->error = ZERO_RETURN;
wolfSSL 7:481bce714567 9896
wolfSSL 7:481bce714567 9897 if (type == decrypt_error)
wolfSSL 7:481bce714567 9898 return FATAL_ERROR;
wolfSSL 7:481bce714567 9899 break;
wolfSSL 7:481bce714567 9900
wolfSSL 7:481bce714567 9901 default:
wolfSSL 7:481bce714567 9902 WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL 7:481bce714567 9903 return UNKNOWN_RECORD_TYPE;
wolfSSL 7:481bce714567 9904 }
wolfSSL 7:481bce714567 9905
wolfSSL 7:481bce714567 9906 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9907
wolfSSL 7:481bce714567 9908 /* input exhausted? */
wolfSSL 7:481bce714567 9909 if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length)
wolfSSL 7:481bce714567 9910 return 0;
wolfSSL 7:481bce714567 9911
wolfSSL 7:481bce714567 9912 /* more messages per record */
wolfSSL 7:481bce714567 9913 else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL 7:481bce714567 9914 WOLFSSL_MSG("More messages in record");
wolfSSL 7:481bce714567 9915 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9916 /* read-ahead but dtls doesn't bundle messages per record */
wolfSSL 7:481bce714567 9917 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 9918 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9919 continue;
wolfSSL 7:481bce714567 9920 }
wolfSSL 7:481bce714567 9921 #endif
wolfSSL 7:481bce714567 9922 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 7:481bce714567 9923
wolfSSL 7:481bce714567 9924 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 9925 WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
wolfSSL 7:481bce714567 9926 ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
wolfSSL 7:481bce714567 9927 }
wolfSSL 7:481bce714567 9928
wolfSSL 7:481bce714567 9929 continue;
wolfSSL 7:481bce714567 9930 }
wolfSSL 7:481bce714567 9931 /* more records */
wolfSSL 7:481bce714567 9932 else {
wolfSSL 7:481bce714567 9933 WOLFSSL_MSG("More records in input");
wolfSSL 7:481bce714567 9934 ssl->options.processReply = doProcessInit;
wolfSSL 7:481bce714567 9935 continue;
wolfSSL 7:481bce714567 9936 }
wolfSSL 7:481bce714567 9937
wolfSSL 7:481bce714567 9938 default:
wolfSSL 7:481bce714567 9939 WOLFSSL_MSG("Bad process input state, programming error");
wolfSSL 7:481bce714567 9940 return INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 9941 }
wolfSSL 7:481bce714567 9942 }
wolfSSL 7:481bce714567 9943 }
wolfSSL 7:481bce714567 9944
wolfSSL 7:481bce714567 9945
wolfSSL 7:481bce714567 9946 int SendChangeCipher(WOLFSSL* ssl)
wolfSSL 7:481bce714567 9947 {
wolfSSL 7:481bce714567 9948 byte *output;
wolfSSL 7:481bce714567 9949 int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL 7:481bce714567 9950 int idx = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 9951 int ret;
wolfSSL 7:481bce714567 9952
wolfSSL 7:481bce714567 9953 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9954 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 9955 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 9956 idx += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 9957 }
wolfSSL 7:481bce714567 9958 #endif
wolfSSL 7:481bce714567 9959
wolfSSL 7:481bce714567 9960 /* are we in scr */
wolfSSL 7:481bce714567 9961 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 7:481bce714567 9962 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 9963 }
wolfSSL 7:481bce714567 9964
wolfSSL 7:481bce714567 9965 /* check for avalaible size */
wolfSSL 7:481bce714567 9966 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 9967 return ret;
wolfSSL 7:481bce714567 9968
wolfSSL 7:481bce714567 9969 /* get output buffer */
wolfSSL 7:481bce714567 9970 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 9971 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 9972
wolfSSL 7:481bce714567 9973 AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL 7:481bce714567 9974
wolfSSL 7:481bce714567 9975 output[idx] = 1; /* turn it on */
wolfSSL 7:481bce714567 9976
wolfSSL 7:481bce714567 9977 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 7:481bce714567 9978 byte input[ENUM_LEN];
wolfSSL 7:481bce714567 9979 int inputSz = ENUM_LEN;
wolfSSL 7:481bce714567 9980
wolfSSL 7:481bce714567 9981 input[0] = 1; /* turn it on */
wolfSSL 7:481bce714567 9982 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 9983 change_cipher_spec, 0, 0);
wolfSSL 7:481bce714567 9984 if (sendSz < 0)
wolfSSL 7:481bce714567 9985 return sendSz;
wolfSSL 7:481bce714567 9986 }
wolfSSL 7:481bce714567 9987
wolfSSL 7:481bce714567 9988 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 9989 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 9990 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 9991 return ret;
wolfSSL 7:481bce714567 9992 }
wolfSSL 7:481bce714567 9993 #endif
wolfSSL 7:481bce714567 9994 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 9995 if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 9996 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 9997 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 9998 ssl->heap);
wolfSSL 7:481bce714567 9999 #endif
wolfSSL 7:481bce714567 10000 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 10001
wolfSSL 7:481bce714567 10002 if (ssl->options.groupMessages)
wolfSSL 7:481bce714567 10003 return 0;
wolfSSL 7:481bce714567 10004 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
wolfSSL 7:481bce714567 10005 else if (ssl->options.dtls) {
wolfSSL 7:481bce714567 10006 /* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL 7:481bce714567 10007 * same datagram as the finished message. */
wolfSSL 7:481bce714567 10008 return 0;
wolfSSL 7:481bce714567 10009 }
wolfSSL 7:481bce714567 10010 #endif
wolfSSL 7:481bce714567 10011 else
wolfSSL 7:481bce714567 10012 return SendBuffered(ssl);
wolfSSL 7:481bce714567 10013 }
wolfSSL 7:481bce714567 10014
wolfSSL 7:481bce714567 10015
wolfSSL 7:481bce714567 10016 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 10017 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 7:481bce714567 10018 int content, int verify)
wolfSSL 7:481bce714567 10019 {
wolfSSL 7:481bce714567 10020 byte result[MAX_DIGEST_SIZE];
wolfSSL 7:481bce714567 10021 word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL 7:481bce714567 10022 word32 padSz = ssl->specs.pad_size;
wolfSSL 7:481bce714567 10023 int ret = 0;
wolfSSL 7:481bce714567 10024
wolfSSL 7:481bce714567 10025 Md5 md5;
wolfSSL 7:481bce714567 10026 Sha sha;
wolfSSL 7:481bce714567 10027
wolfSSL 7:481bce714567 10028 /* data */
wolfSSL 7:481bce714567 10029 byte seq[SEQ_SZ];
wolfSSL 7:481bce714567 10030 byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL 7:481bce714567 10031 const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
wolfSSL 7:481bce714567 10032
wolfSSL 7:481bce714567 10033 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 10034 if (ssl->fuzzerCb)
wolfSSL 7:481bce714567 10035 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 10036 #endif
wolfSSL 7:481bce714567 10037
wolfSSL 7:481bce714567 10038 XMEMSET(seq, 0, SEQ_SZ);
wolfSSL 7:481bce714567 10039 conLen[0] = (byte)content;
wolfSSL 7:481bce714567 10040 c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL 7:481bce714567 10041 WriteSEQ(ssl, verify, seq);
wolfSSL 7:481bce714567 10042
wolfSSL 7:481bce714567 10043 if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL 7:481bce714567 10044 wc_InitMd5(&md5);
wolfSSL 7:481bce714567 10045 /* inner */
wolfSSL 7:481bce714567 10046 wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 7:481bce714567 10047 wc_Md5Update(&md5, PAD1, padSz);
wolfSSL 7:481bce714567 10048 wc_Md5Update(&md5, seq, SEQ_SZ);
wolfSSL 7:481bce714567 10049 wc_Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL 7:481bce714567 10050 /* in buffer */
wolfSSL 7:481bce714567 10051 wc_Md5Update(&md5, in, sz);
wolfSSL 7:481bce714567 10052 wc_Md5Final(&md5, result);
wolfSSL 7:481bce714567 10053 /* outer */
wolfSSL 7:481bce714567 10054 wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 7:481bce714567 10055 wc_Md5Update(&md5, PAD2, padSz);
wolfSSL 7:481bce714567 10056 wc_Md5Update(&md5, result, digestSz);
wolfSSL 7:481bce714567 10057 wc_Md5Final(&md5, digest);
wolfSSL 7:481bce714567 10058 }
wolfSSL 7:481bce714567 10059 else {
wolfSSL 7:481bce714567 10060 ret = wc_InitSha(&sha);
wolfSSL 7:481bce714567 10061 if (ret != 0)
wolfSSL 7:481bce714567 10062 return ret;
wolfSSL 7:481bce714567 10063 /* inner */
wolfSSL 7:481bce714567 10064 wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 7:481bce714567 10065 wc_ShaUpdate(&sha, PAD1, padSz);
wolfSSL 7:481bce714567 10066 wc_ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL 7:481bce714567 10067 wc_ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL 7:481bce714567 10068 /* in buffer */
wolfSSL 7:481bce714567 10069 wc_ShaUpdate(&sha, in, sz);
wolfSSL 7:481bce714567 10070 wc_ShaFinal(&sha, result);
wolfSSL 7:481bce714567 10071 /* outer */
wolfSSL 7:481bce714567 10072 wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 7:481bce714567 10073 wc_ShaUpdate(&sha, PAD2, padSz);
wolfSSL 7:481bce714567 10074 wc_ShaUpdate(&sha, result, digestSz);
wolfSSL 7:481bce714567 10075 wc_ShaFinal(&sha, digest);
wolfSSL 7:481bce714567 10076 }
wolfSSL 7:481bce714567 10077 return 0;
wolfSSL 7:481bce714567 10078 }
wolfSSL 7:481bce714567 10079
wolfSSL 7:481bce714567 10080 #ifndef NO_CERTS
wolfSSL 7:481bce714567 10081 static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 7:481bce714567 10082 {
wolfSSL 7:481bce714567 10083 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 7:481bce714567 10084
wolfSSL 7:481bce714567 10085 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10086 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10087 Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10088 #else
wolfSSL 7:481bce714567 10089 Md5 md5[1];
wolfSSL 7:481bce714567 10090 Md5 md5_2[1];
wolfSSL 7:481bce714567 10091 #endif
wolfSSL 7:481bce714567 10092
wolfSSL 7:481bce714567 10093 /* make md5 inner */
wolfSSL 7:481bce714567 10094 md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
wolfSSL 7:481bce714567 10095 wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 10096 wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
wolfSSL 7:481bce714567 10097 wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
wolfSSL 7:481bce714567 10098 wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
wolfSSL 7:481bce714567 10099
wolfSSL 7:481bce714567 10100 /* make md5 outer */
wolfSSL 7:481bce714567 10101 wc_InitMd5(md5_2) ;
wolfSSL 7:481bce714567 10102 wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 10103 wc_Md5Update(md5_2, PAD2, PAD_MD5);
wolfSSL 7:481bce714567 10104 wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
wolfSSL 7:481bce714567 10105
wolfSSL 7:481bce714567 10106 wc_Md5Final(md5_2, digest);
wolfSSL 7:481bce714567 10107
wolfSSL 7:481bce714567 10108 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10109 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10110 XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10111 #endif
wolfSSL 7:481bce714567 10112 }
wolfSSL 7:481bce714567 10113
wolfSSL 7:481bce714567 10114
wolfSSL 7:481bce714567 10115 static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 7:481bce714567 10116 {
wolfSSL 7:481bce714567 10117 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 7:481bce714567 10118
wolfSSL 7:481bce714567 10119 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10120 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10121 Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10122 #else
wolfSSL 7:481bce714567 10123 Sha sha[1];
wolfSSL 7:481bce714567 10124 Sha sha2[1];
wolfSSL 7:481bce714567 10125 #endif
wolfSSL 7:481bce714567 10126
wolfSSL 7:481bce714567 10127 /* make sha inner */
wolfSSL 7:481bce714567 10128 sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
wolfSSL 7:481bce714567 10129 wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 10130 wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
wolfSSL 7:481bce714567 10131 wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
wolfSSL 7:481bce714567 10132 wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
wolfSSL 7:481bce714567 10133
wolfSSL 7:481bce714567 10134 /* make sha outer */
wolfSSL 7:481bce714567 10135 wc_InitSha(sha2) ;
wolfSSL 7:481bce714567 10136 wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 7:481bce714567 10137 wc_ShaUpdate(sha2, PAD2, PAD_SHA);
wolfSSL 7:481bce714567 10138 wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
wolfSSL 7:481bce714567 10139
wolfSSL 7:481bce714567 10140 wc_ShaFinal(sha2, digest);
wolfSSL 7:481bce714567 10141
wolfSSL 7:481bce714567 10142 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10143 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10144 XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10145 #endif
wolfSSL 7:481bce714567 10146
wolfSSL 7:481bce714567 10147 }
wolfSSL 7:481bce714567 10148 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 10149 #endif /* NO_OLD_TLS */
wolfSSL 7:481bce714567 10150
wolfSSL 7:481bce714567 10151
wolfSSL 7:481bce714567 10152 #ifndef NO_CERTS
wolfSSL 7:481bce714567 10153
wolfSSL 7:481bce714567 10154 static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
wolfSSL 7:481bce714567 10155 {
wolfSSL 7:481bce714567 10156 int ret = 0;
wolfSSL 7:481bce714567 10157
wolfSSL 7:481bce714567 10158 (void)hashes;
wolfSSL 7:481bce714567 10159
wolfSSL 7:481bce714567 10160 if (ssl->options.tls) {
wolfSSL 7:481bce714567 10161 #if ! defined( NO_OLD_TLS )
wolfSSL 7:481bce714567 10162 wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
wolfSSL 7:481bce714567 10163 wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
wolfSSL 7:481bce714567 10164 #endif
wolfSSL 7:481bce714567 10165 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 10166 #ifndef NO_SHA256
wolfSSL 7:481bce714567 10167 ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,
wolfSSL 7:481bce714567 10168 hashes->sha256);
wolfSSL 7:481bce714567 10169 if (ret != 0)
wolfSSL 7:481bce714567 10170 return ret;
wolfSSL 7:481bce714567 10171 #endif
wolfSSL 7:481bce714567 10172 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 10173 ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384,
wolfSSL 7:481bce714567 10174 hashes->sha384);
wolfSSL 7:481bce714567 10175 if (ret != 0)
wolfSSL 7:481bce714567 10176 return ret;
wolfSSL 7:481bce714567 10177 #endif
wolfSSL 7:481bce714567 10178 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 10179 ret = wc_Sha512GetHash(&ssl->hsHashes->hashSha512,
wolfSSL 7:481bce714567 10180 hashes->sha512);
wolfSSL 7:481bce714567 10181 if (ret != 0)
wolfSSL 7:481bce714567 10182 return ret;
wolfSSL 7:481bce714567 10183 #endif
wolfSSL 7:481bce714567 10184 }
wolfSSL 7:481bce714567 10185 }
wolfSSL 7:481bce714567 10186 #if ! defined( NO_OLD_TLS )
wolfSSL 7:481bce714567 10187 else {
wolfSSL 7:481bce714567 10188 BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL 7:481bce714567 10189 BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL 7:481bce714567 10190 }
wolfSSL 7:481bce714567 10191 #endif
wolfSSL 7:481bce714567 10192
wolfSSL 7:481bce714567 10193 return ret;
wolfSSL 7:481bce714567 10194 }
wolfSSL 7:481bce714567 10195
wolfSSL 7:481bce714567 10196 #endif /* WOLFSSL_LEANPSK */
wolfSSL 7:481bce714567 10197
wolfSSL 7:481bce714567 10198 /* Build SSL Message, encrypted */
wolfSSL 7:481bce714567 10199 int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL 7:481bce714567 10200 int inSz, int type, int hashOutput, int sizeOnly)
wolfSSL 7:481bce714567 10201 {
wolfSSL 7:481bce714567 10202 word32 digestSz;
wolfSSL 7:481bce714567 10203 word32 sz = RECORD_HEADER_SZ + inSz;
wolfSSL 7:481bce714567 10204 word32 pad = 0, i;
wolfSSL 7:481bce714567 10205 word32 idx = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 10206 word32 ivSz = 0; /* TLSv1.1 IV */
wolfSSL 7:481bce714567 10207 word32 headerSz = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 10208 word16 size;
wolfSSL 7:481bce714567 10209 byte iv[AES_BLOCK_SIZE]; /* max size */
wolfSSL 7:481bce714567 10210 int ret = 0;
wolfSSL 7:481bce714567 10211 int atomicUser = 0;
wolfSSL 7:481bce714567 10212
wolfSSL 7:481bce714567 10213 if (ssl == NULL) {
wolfSSL 7:481bce714567 10214 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 10215 }
wolfSSL 7:481bce714567 10216
wolfSSL 7:481bce714567 10217 if (!sizeOnly && (output == NULL || input == NULL) ) {
wolfSSL 7:481bce714567 10218 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 10219 }
wolfSSL 7:481bce714567 10220
wolfSSL 7:481bce714567 10221 /* catch mistaken sizeOnly parameter */
wolfSSL 7:481bce714567 10222 if (sizeOnly && (output || input) ) {
wolfSSL 7:481bce714567 10223 WOLFSSL_MSG("BuildMessage with sizeOnly doesn't need input or output");
wolfSSL 7:481bce714567 10224 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 10225 }
wolfSSL 7:481bce714567 10226
wolfSSL 7:481bce714567 10227 digestSz = ssl->specs.hash_size;
wolfSSL 7:481bce714567 10228 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 10229 if (ssl->truncated_hmac)
wolfSSL 7:481bce714567 10230 digestSz = min(TRUNCATED_HMAC_SZ, digestSz);
wolfSSL 7:481bce714567 10231 #endif
wolfSSL 7:481bce714567 10232 sz += digestSz;
wolfSSL 7:481bce714567 10233
wolfSSL 7:481bce714567 10234 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10235 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 10236 sz += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 10237 idx += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 10238 headerSz += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 10239 }
wolfSSL 7:481bce714567 10240 #endif
wolfSSL 7:481bce714567 10241
wolfSSL 7:481bce714567 10242 #ifdef ATOMIC_USER
wolfSSL 7:481bce714567 10243 if (ssl->ctx->MacEncryptCb)
wolfSSL 7:481bce714567 10244 atomicUser = 1;
wolfSSL 7:481bce714567 10245 #endif
wolfSSL 7:481bce714567 10246
wolfSSL 7:481bce714567 10247 if (ssl->specs.cipher_type == block) {
wolfSSL 7:481bce714567 10248 word32 blockSz = ssl->specs.block_size;
wolfSSL 7:481bce714567 10249 if (ssl->options.tls1_1) {
wolfSSL 7:481bce714567 10250 ivSz = blockSz;
wolfSSL 7:481bce714567 10251 sz += ivSz;
wolfSSL 7:481bce714567 10252
wolfSSL 7:481bce714567 10253 if (ivSz > (word32)sizeof(iv))
wolfSSL 7:481bce714567 10254 return BUFFER_E;
wolfSSL 7:481bce714567 10255
wolfSSL 7:481bce714567 10256 if (!sizeOnly) {
wolfSSL 7:481bce714567 10257 ret = wc_RNG_GenerateBlock(ssl->rng, iv, ivSz);
wolfSSL 7:481bce714567 10258 if (ret != 0)
wolfSSL 7:481bce714567 10259 return ret;
wolfSSL 7:481bce714567 10260 }
wolfSSL 7:481bce714567 10261
wolfSSL 7:481bce714567 10262 }
wolfSSL 7:481bce714567 10263 sz += 1; /* pad byte */
wolfSSL 7:481bce714567 10264 pad = (sz - headerSz) % blockSz;
wolfSSL 7:481bce714567 10265 pad = blockSz - pad;
wolfSSL 7:481bce714567 10266 sz += pad;
wolfSSL 7:481bce714567 10267 }
wolfSSL 7:481bce714567 10268
wolfSSL 7:481bce714567 10269 #ifdef HAVE_AEAD
wolfSSL 7:481bce714567 10270 if (ssl->specs.cipher_type == aead) {
wolfSSL 7:481bce714567 10271 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 7:481bce714567 10272 ivSz = AESGCM_EXP_IV_SZ;
wolfSSL 7:481bce714567 10273
wolfSSL 7:481bce714567 10274 sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
wolfSSL 7:481bce714567 10275 if (!sizeOnly) {
wolfSSL 7:481bce714567 10276 XMEMCPY(iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 7:481bce714567 10277 }
wolfSSL 7:481bce714567 10278 }
wolfSSL 7:481bce714567 10279 #endif
wolfSSL 7:481bce714567 10280 /* done with size calculations */
wolfSSL 7:481bce714567 10281 if (sizeOnly) {
wolfSSL 7:481bce714567 10282 return sz;
wolfSSL 7:481bce714567 10283 }
wolfSSL 7:481bce714567 10284 if (sz > (word32)outSz) {
wolfSSL 7:481bce714567 10285 WOLFSSL_MSG("Oops, want to write past output buffer size");
wolfSSL 7:481bce714567 10286 return BUFFER_E;
wolfSSL 7:481bce714567 10287 }
wolfSSL 7:481bce714567 10288 size = (word16)(sz - headerSz); /* include mac and digest */
wolfSSL 7:481bce714567 10289 AddRecordHeader(output, size, (byte)type, ssl);
wolfSSL 7:481bce714567 10290
wolfSSL 7:481bce714567 10291 /* write to output */
wolfSSL 7:481bce714567 10292 if (ivSz) {
wolfSSL 7:481bce714567 10293 XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
wolfSSL 7:481bce714567 10294 idx += ivSz;
wolfSSL 7:481bce714567 10295 }
wolfSSL 7:481bce714567 10296 XMEMCPY(output + idx, input, inSz);
wolfSSL 7:481bce714567 10297 idx += inSz;
wolfSSL 7:481bce714567 10298
wolfSSL 7:481bce714567 10299 if (type == handshake && hashOutput) {
wolfSSL 7:481bce714567 10300 ret = HashOutput(ssl, output, headerSz + inSz, ivSz);
wolfSSL 7:481bce714567 10301 if (ret != 0)
wolfSSL 7:481bce714567 10302 return ret;
wolfSSL 7:481bce714567 10303 }
wolfSSL 7:481bce714567 10304
wolfSSL 7:481bce714567 10305 if (ssl->specs.cipher_type == block) {
wolfSSL 7:481bce714567 10306 word32 tmpIdx = idx + digestSz;
wolfSSL 7:481bce714567 10307
wolfSSL 7:481bce714567 10308 for (i = 0; i <= pad; i++)
wolfSSL 7:481bce714567 10309 output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */
wolfSSL 7:481bce714567 10310 }
wolfSSL 7:481bce714567 10311
wolfSSL 7:481bce714567 10312 if (atomicUser) { /* User Record Layer Callback handling */
wolfSSL 7:481bce714567 10313 #ifdef ATOMIC_USER
wolfSSL 7:481bce714567 10314 if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx,
wolfSSL 7:481bce714567 10315 output + headerSz + ivSz, inSz, type, 0,
wolfSSL 7:481bce714567 10316 output + headerSz, output + headerSz, size,
wolfSSL 7:481bce714567 10317 ssl->MacEncryptCtx)) != 0)
wolfSSL 7:481bce714567 10318 return ret;
wolfSSL 7:481bce714567 10319 #endif
wolfSSL 7:481bce714567 10320 }
wolfSSL 7:481bce714567 10321 else {
wolfSSL 7:481bce714567 10322 if (ssl->specs.cipher_type != aead) {
wolfSSL 7:481bce714567 10323 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 7:481bce714567 10324 if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
wolfSSL 7:481bce714567 10325 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10326 byte* hmac = NULL;
wolfSSL 7:481bce714567 10327 #else
wolfSSL 7:481bce714567 10328 byte hmac[MAX_DIGEST_SIZE];
wolfSSL 7:481bce714567 10329 #endif
wolfSSL 7:481bce714567 10330
wolfSSL 7:481bce714567 10331 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10332 hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL,
wolfSSL 7:481bce714567 10333 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10334 if (hmac == NULL)
wolfSSL 7:481bce714567 10335 return MEMORY_E;
wolfSSL 7:481bce714567 10336 #endif
wolfSSL 7:481bce714567 10337
wolfSSL 7:481bce714567 10338 ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz,
wolfSSL 7:481bce714567 10339 type, 0);
wolfSSL 7:481bce714567 10340 XMEMCPY(output + idx, hmac, digestSz);
wolfSSL 7:481bce714567 10341
wolfSSL 7:481bce714567 10342 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10343 XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10344 #endif
wolfSSL 7:481bce714567 10345 } else
wolfSSL 7:481bce714567 10346 #endif
wolfSSL 7:481bce714567 10347 ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
wolfSSL 7:481bce714567 10348 type, 0);
wolfSSL 7:481bce714567 10349 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10350 if (ssl->options.dtls)
wolfSSL 7:481bce714567 10351 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 10352 #endif
wolfSSL 7:481bce714567 10353 }
wolfSSL 7:481bce714567 10354 if (ret != 0)
wolfSSL 7:481bce714567 10355 return ret;
wolfSSL 7:481bce714567 10356
wolfSSL 7:481bce714567 10357 if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
wolfSSL 7:481bce714567 10358 return ret;
wolfSSL 7:481bce714567 10359 }
wolfSSL 7:481bce714567 10360
wolfSSL 7:481bce714567 10361 return sz;
wolfSSL 7:481bce714567 10362 }
wolfSSL 7:481bce714567 10363
wolfSSL 7:481bce714567 10364
wolfSSL 7:481bce714567 10365 int SendFinished(WOLFSSL* ssl)
wolfSSL 7:481bce714567 10366 {
wolfSSL 7:481bce714567 10367 int sendSz,
wolfSSL 7:481bce714567 10368 finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL 7:481bce714567 10369 FINISHED_SZ;
wolfSSL 7:481bce714567 10370 byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL 7:481bce714567 10371 byte *output;
wolfSSL 7:481bce714567 10372 Hashes* hashes;
wolfSSL 7:481bce714567 10373 int ret;
wolfSSL 7:481bce714567 10374 int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10375 int outputSz;
wolfSSL 7:481bce714567 10376
wolfSSL 7:481bce714567 10377 /* setup encrypt keys */
wolfSSL 7:481bce714567 10378 if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
wolfSSL 7:481bce714567 10379 return ret;
wolfSSL 7:481bce714567 10380
wolfSSL 7:481bce714567 10381 /* check for available size */
wolfSSL 7:481bce714567 10382 outputSz = sizeof(input) + MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 10383 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 7:481bce714567 10384 return ret;
wolfSSL 7:481bce714567 10385
wolfSSL 7:481bce714567 10386 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10387 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 10388 headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 10389 ssl->keys.dtls_epoch++;
wolfSSL 7:481bce714567 10390 ssl->keys.dtls_prev_sequence_number_hi =
wolfSSL 7:481bce714567 10391 ssl->keys.dtls_sequence_number_hi;
wolfSSL 7:481bce714567 10392 ssl->keys.dtls_prev_sequence_number_lo =
wolfSSL 7:481bce714567 10393 ssl->keys.dtls_sequence_number_lo;
wolfSSL 7:481bce714567 10394 ssl->keys.dtls_sequence_number_hi = 0;
wolfSSL 7:481bce714567 10395 ssl->keys.dtls_sequence_number_lo = 0;
wolfSSL 7:481bce714567 10396 }
wolfSSL 7:481bce714567 10397 #endif
wolfSSL 7:481bce714567 10398
wolfSSL 7:481bce714567 10399 /* get output buffer */
wolfSSL 7:481bce714567 10400 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 10401 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 10402
wolfSSL 7:481bce714567 10403 AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
wolfSSL 7:481bce714567 10404
wolfSSL 7:481bce714567 10405 /* make finished hashes */
wolfSSL 7:481bce714567 10406 hashes = (Hashes*)&input[headerSz];
wolfSSL 7:481bce714567 10407 ret = BuildFinished(ssl, hashes,
wolfSSL 7:481bce714567 10408 ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
wolfSSL 7:481bce714567 10409 if (ret != 0) return ret;
wolfSSL 7:481bce714567 10410
wolfSSL 7:481bce714567 10411 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 10412 if (ssl->secure_renegotiation) {
wolfSSL 7:481bce714567 10413 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 7:481bce714567 10414 XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
wolfSSL 7:481bce714567 10415 TLS_FINISHED_SZ);
wolfSSL 7:481bce714567 10416 else
wolfSSL 7:481bce714567 10417 XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
wolfSSL 7:481bce714567 10418 TLS_FINISHED_SZ);
wolfSSL 7:481bce714567 10419 }
wolfSSL 7:481bce714567 10420 #endif
wolfSSL 7:481bce714567 10421
wolfSSL 7:481bce714567 10422 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10423 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 10424 if ((ret = DtlsMsgPoolSave(ssl, input, headerSz + finishedSz)) != 0)
wolfSSL 7:481bce714567 10425 return ret;
wolfSSL 7:481bce714567 10426 }
wolfSSL 7:481bce714567 10427 #endif
wolfSSL 7:481bce714567 10428
wolfSSL 7:481bce714567 10429 sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
wolfSSL 7:481bce714567 10430 handshake, 1, 0);
wolfSSL 7:481bce714567 10431 if (sendSz < 0)
wolfSSL 7:481bce714567 10432 return BUILD_MSG_ERROR;
wolfSSL 7:481bce714567 10433
wolfSSL 7:481bce714567 10434 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 10435 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 10436 AddSession(ssl); /* just try */
wolfSSL 7:481bce714567 10437 #endif
wolfSSL 7:481bce714567 10438 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 10439 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 7:481bce714567 10440 ssl->options.handShakeDone = 1;
wolfSSL 7:481bce714567 10441 }
wolfSSL 7:481bce714567 10442 }
wolfSSL 7:481bce714567 10443 else {
wolfSSL 7:481bce714567 10444 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 7:481bce714567 10445 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 7:481bce714567 10446 ssl->options.handShakeDone = 1;
wolfSSL 7:481bce714567 10447 }
wolfSSL 7:481bce714567 10448 }
wolfSSL 7:481bce714567 10449
wolfSSL 7:481bce714567 10450 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 10451 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 10452 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 10453 AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 10454 ssl->heap);
wolfSSL 7:481bce714567 10455 #endif
wolfSSL 7:481bce714567 10456
wolfSSL 7:481bce714567 10457 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 10458
wolfSSL 7:481bce714567 10459 return SendBuffered(ssl);
wolfSSL 7:481bce714567 10460 }
wolfSSL 7:481bce714567 10461
wolfSSL 7:481bce714567 10462
wolfSSL 7:481bce714567 10463 #ifndef NO_CERTS
wolfSSL 7:481bce714567 10464 int SendCertificate(WOLFSSL* ssl)
wolfSSL 7:481bce714567 10465 {
wolfSSL 7:481bce714567 10466 int ret = 0;
wolfSSL 7:481bce714567 10467 word32 certSz, certChainSz, headerSz, listSz, payloadSz;
wolfSSL 7:481bce714567 10468 word32 length, maxFragment;
wolfSSL 7:481bce714567 10469
wolfSSL 7:481bce714567 10470 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 7:481bce714567 10471 return 0; /* not needed */
wolfSSL 7:481bce714567 10472
wolfSSL 7:481bce714567 10473 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 7:481bce714567 10474 certSz = 0;
wolfSSL 7:481bce714567 10475 certChainSz = 0;
wolfSSL 7:481bce714567 10476 headerSz = CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10477 length = CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10478 listSz = 0;
wolfSSL 7:481bce714567 10479 }
wolfSSL 7:481bce714567 10480 else {
wolfSSL 7:481bce714567 10481 if (!ssl->buffers.certificate) {
wolfSSL 7:481bce714567 10482 WOLFSSL_MSG("Send Cert missing certificate buffer");
wolfSSL 7:481bce714567 10483 return BUFFER_ERROR;
wolfSSL 7:481bce714567 10484 }
wolfSSL 7:481bce714567 10485 certSz = ssl->buffers.certificate->length;
wolfSSL 7:481bce714567 10486 headerSz = 2 * CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10487 /* list + cert size */
wolfSSL 7:481bce714567 10488 length = certSz + headerSz;
wolfSSL 7:481bce714567 10489 listSz = certSz + CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10490
wolfSSL 7:481bce714567 10491 /* may need to send rest of chain, already has leading size(s) */
wolfSSL 7:481bce714567 10492 if (certSz && ssl->buffers.certChain) {
wolfSSL 7:481bce714567 10493 certChainSz = ssl->buffers.certChain->length;
wolfSSL 7:481bce714567 10494 length += certChainSz;
wolfSSL 7:481bce714567 10495 listSz += certChainSz;
wolfSSL 7:481bce714567 10496 }
wolfSSL 7:481bce714567 10497 else
wolfSSL 7:481bce714567 10498 certChainSz = 0;
wolfSSL 7:481bce714567 10499 }
wolfSSL 7:481bce714567 10500
wolfSSL 7:481bce714567 10501 payloadSz = length;
wolfSSL 7:481bce714567 10502
wolfSSL 7:481bce714567 10503 if (ssl->fragOffset != 0)
wolfSSL 7:481bce714567 10504 length -= (ssl->fragOffset + headerSz);
wolfSSL 7:481bce714567 10505
wolfSSL 7:481bce714567 10506 maxFragment = MAX_RECORD_SIZE;
wolfSSL 7:481bce714567 10507 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 10508 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10509 maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
wolfSSL 7:481bce714567 10510 - DTLS_HANDSHAKE_HEADER_SZ - 100;
wolfSSL 7:481bce714567 10511 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 10512 }
wolfSSL 7:481bce714567 10513
wolfSSL 7:481bce714567 10514 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 10515 if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
wolfSSL 7:481bce714567 10516 maxFragment = ssl->max_fragment;
wolfSSL 7:481bce714567 10517 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 7:481bce714567 10518
wolfSSL 7:481bce714567 10519 while (length > 0 && ret == 0) {
wolfSSL 7:481bce714567 10520 byte* output = NULL;
wolfSSL 7:481bce714567 10521 word32 fragSz = 0;
wolfSSL 7:481bce714567 10522 word32 i = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 10523 int sendSz = RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 10524
wolfSSL 7:481bce714567 10525 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 10526 if (ssl->fragOffset == 0) {
wolfSSL 7:481bce714567 10527 if (headerSz + certSz + certChainSz <=
wolfSSL 7:481bce714567 10528 maxFragment - HANDSHAKE_HEADER_SZ) {
wolfSSL 7:481bce714567 10529
wolfSSL 7:481bce714567 10530 fragSz = headerSz + certSz + certChainSz;
wolfSSL 7:481bce714567 10531 }
wolfSSL 7:481bce714567 10532 else {
wolfSSL 7:481bce714567 10533 fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10534 }
wolfSSL 7:481bce714567 10535 sendSz += fragSz + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10536 i += HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10537 }
wolfSSL 7:481bce714567 10538 else {
wolfSSL 7:481bce714567 10539 fragSz = min(length, maxFragment);
wolfSSL 7:481bce714567 10540 sendSz += fragSz;
wolfSSL 7:481bce714567 10541 }
wolfSSL 7:481bce714567 10542
wolfSSL 7:481bce714567 10543 if (IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 10544 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 10545 }
wolfSSL 7:481bce714567 10546 else {
wolfSSL 7:481bce714567 10547 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10548 fragSz = min(length, maxFragment);
wolfSSL 7:481bce714567 10549 sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 7:481bce714567 10550 + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10551 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 7:481bce714567 10552 + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10553 #endif
wolfSSL 7:481bce714567 10554 }
wolfSSL 7:481bce714567 10555
wolfSSL 7:481bce714567 10556 /* check for available size */
wolfSSL 7:481bce714567 10557 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 10558 return ret;
wolfSSL 7:481bce714567 10559
wolfSSL 7:481bce714567 10560 /* get output buffer */
wolfSSL 7:481bce714567 10561 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 10562 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 10563
wolfSSL 7:481bce714567 10564 if (ssl->fragOffset == 0) {
wolfSSL 7:481bce714567 10565 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 10566 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 7:481bce714567 10567 if (!IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 10568 HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
wolfSSL 7:481bce714567 10569 HANDSHAKE_HEADER_SZ);
wolfSSL 7:481bce714567 10570 }
wolfSSL 7:481bce714567 10571 else {
wolfSSL 7:481bce714567 10572 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10573 AddHeaders(output, payloadSz, certificate, ssl);
wolfSSL 7:481bce714567 10574 if (!IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 10575 HashOutputRaw(ssl,
wolfSSL 7:481bce714567 10576 output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
wolfSSL 7:481bce714567 10577 HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
wolfSSL 7:481bce714567 10578 /* Adding the headers increments these, decrement them for
wolfSSL 7:481bce714567 10579 * actual message header. */
wolfSSL 7:481bce714567 10580 ssl->keys.dtls_handshake_number--;
wolfSSL 7:481bce714567 10581 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 7:481bce714567 10582 ssl->keys.dtls_handshake_number--;
wolfSSL 7:481bce714567 10583 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 10584 }
wolfSSL 7:481bce714567 10585
wolfSSL 7:481bce714567 10586 /* list total */
wolfSSL 7:481bce714567 10587 c32to24(listSz, output + i);
wolfSSL 7:481bce714567 10588 if (!IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 10589 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 7:481bce714567 10590 i += CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10591 length -= CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10592 fragSz -= CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10593 if (certSz) {
wolfSSL 7:481bce714567 10594 c32to24(certSz, output + i);
wolfSSL 7:481bce714567 10595 if (!IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 10596 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 7:481bce714567 10597 i += CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10598 length -= CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10599 fragSz -= CERT_HEADER_SZ;
wolfSSL 7:481bce714567 10600
wolfSSL 7:481bce714567 10601 if (!IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 10602 HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz);
wolfSSL 7:481bce714567 10603 if (certChainSz)
wolfSSL 7:481bce714567 10604 HashOutputRaw(ssl, ssl->buffers.certChain->buffer,
wolfSSL 7:481bce714567 10605 certChainSz);
wolfSSL 7:481bce714567 10606 }
wolfSSL 7:481bce714567 10607 }
wolfSSL 7:481bce714567 10608 }
wolfSSL 7:481bce714567 10609 else {
wolfSSL 7:481bce714567 10610 if (!ssl->options.dtls) {
wolfSSL 7:481bce714567 10611 AddRecordHeader(output, fragSz, handshake, ssl);
wolfSSL 7:481bce714567 10612 }
wolfSSL 7:481bce714567 10613 else {
wolfSSL 7:481bce714567 10614 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10615 AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
wolfSSL 7:481bce714567 10616 payloadSz, certificate, ssl);
wolfSSL 7:481bce714567 10617 ssl->keys.dtls_handshake_number--;
wolfSSL 7:481bce714567 10618 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 10619 }
wolfSSL 7:481bce714567 10620 }
wolfSSL 7:481bce714567 10621
wolfSSL 7:481bce714567 10622 /* member */
wolfSSL 7:481bce714567 10623 if (certSz && ssl->fragOffset < certSz) {
wolfSSL 7:481bce714567 10624 word32 copySz = min(certSz - ssl->fragOffset, fragSz);
wolfSSL 7:481bce714567 10625 XMEMCPY(output + i,
wolfSSL 7:481bce714567 10626 ssl->buffers.certificate->buffer + ssl->fragOffset, copySz);
wolfSSL 7:481bce714567 10627 i += copySz;
wolfSSL 7:481bce714567 10628 ssl->fragOffset += copySz;
wolfSSL 7:481bce714567 10629 length -= copySz;
wolfSSL 7:481bce714567 10630 fragSz -= copySz;
wolfSSL 7:481bce714567 10631 }
wolfSSL 7:481bce714567 10632 if (certChainSz && fragSz) {
wolfSSL 7:481bce714567 10633 word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
wolfSSL 7:481bce714567 10634 XMEMCPY(output + i,
wolfSSL 7:481bce714567 10635 ssl->buffers.certChain->buffer + ssl->fragOffset - certSz,
wolfSSL 7:481bce714567 10636 copySz);
wolfSSL 7:481bce714567 10637 i += copySz;
wolfSSL 7:481bce714567 10638 ssl->fragOffset += copySz;
wolfSSL 7:481bce714567 10639 length -= copySz;
wolfSSL 7:481bce714567 10640 }
wolfSSL 7:481bce714567 10641
wolfSSL 7:481bce714567 10642 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 10643 byte* input = NULL;
wolfSSL 7:481bce714567 10644 int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 7:481bce714567 10645
wolfSSL 7:481bce714567 10646 if (inputSz < 0) {
wolfSSL 7:481bce714567 10647 WOLFSSL_MSG("Send Cert bad inputSz");
wolfSSL 7:481bce714567 10648 return BUFFER_E;
wolfSSL 7:481bce714567 10649 }
wolfSSL 7:481bce714567 10650
wolfSSL 7:481bce714567 10651 if (inputSz > 0) { /* clang thinks could be zero, let's help */
wolfSSL 7:481bce714567 10652 input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL 7:481bce714567 10653 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10654 if (input == NULL)
wolfSSL 7:481bce714567 10655 return MEMORY_E;
wolfSSL 7:481bce714567 10656 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 7:481bce714567 10657 }
wolfSSL 7:481bce714567 10658
wolfSSL 7:481bce714567 10659 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 10660 handshake, 1, 0);
wolfSSL 7:481bce714567 10661
wolfSSL 7:481bce714567 10662 if (inputSz > 0)
wolfSSL 7:481bce714567 10663 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10664
wolfSSL 7:481bce714567 10665 if (sendSz < 0)
wolfSSL 7:481bce714567 10666 return sendSz;
wolfSSL 7:481bce714567 10667 }
wolfSSL 7:481bce714567 10668 else {
wolfSSL 7:481bce714567 10669 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10670 if (ssl->options.dtls)
wolfSSL 7:481bce714567 10671 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 10672 #endif
wolfSSL 7:481bce714567 10673 }
wolfSSL 7:481bce714567 10674
wolfSSL 7:481bce714567 10675 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10676 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 10677 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 10678 return ret;
wolfSSL 7:481bce714567 10679 }
wolfSSL 7:481bce714567 10680 #endif
wolfSSL 7:481bce714567 10681
wolfSSL 7:481bce714567 10682 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 10683 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 10684 AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 10685 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 10686 AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 10687 ssl->heap);
wolfSSL 7:481bce714567 10688 #endif
wolfSSL 7:481bce714567 10689
wolfSSL 7:481bce714567 10690 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 10691 if (!ssl->options.groupMessages)
wolfSSL 7:481bce714567 10692 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 10693 }
wolfSSL 7:481bce714567 10694
wolfSSL 7:481bce714567 10695 if (ret != WANT_WRITE) {
wolfSSL 7:481bce714567 10696 /* Clean up the fragment offset. */
wolfSSL 7:481bce714567 10697 ssl->fragOffset = 0;
wolfSSL 7:481bce714567 10698 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10699 if (ssl->options.dtls)
wolfSSL 7:481bce714567 10700 ssl->keys.dtls_handshake_number++;
wolfSSL 7:481bce714567 10701 #endif
wolfSSL 7:481bce714567 10702 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 7:481bce714567 10703 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 7:481bce714567 10704 }
wolfSSL 7:481bce714567 10705
wolfSSL 7:481bce714567 10706 return ret;
wolfSSL 7:481bce714567 10707 }
wolfSSL 7:481bce714567 10708
wolfSSL 7:481bce714567 10709
wolfSSL 7:481bce714567 10710 int SendCertificateRequest(WOLFSSL* ssl)
wolfSSL 7:481bce714567 10711 {
wolfSSL 7:481bce714567 10712 byte *output;
wolfSSL 7:481bce714567 10713 int ret;
wolfSSL 7:481bce714567 10714 int sendSz;
wolfSSL 7:481bce714567 10715 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10716
wolfSSL 7:481bce714567 10717 int typeTotal = 1; /* only 1 for now */
wolfSSL 7:481bce714567 10718 int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL 7:481bce714567 10719
wolfSSL 7:481bce714567 10720 if (IsAtLeastTLSv1_2(ssl))
wolfSSL 7:481bce714567 10721 reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL 7:481bce714567 10722
wolfSSL 7:481bce714567 10723 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 7:481bce714567 10724 return 0; /* not needed */
wolfSSL 7:481bce714567 10725
wolfSSL 7:481bce714567 10726 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL 7:481bce714567 10727
wolfSSL 7:481bce714567 10728 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10729 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 10730 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 10731 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 10732 }
wolfSSL 7:481bce714567 10733 #endif
wolfSSL 7:481bce714567 10734 /* check for available size */
wolfSSL 7:481bce714567 10735 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 10736 return ret;
wolfSSL 7:481bce714567 10737
wolfSSL 7:481bce714567 10738 /* get output buffer */
wolfSSL 7:481bce714567 10739 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 10740 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 10741
wolfSSL 7:481bce714567 10742 AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL 7:481bce714567 10743
wolfSSL 7:481bce714567 10744 /* write to output */
wolfSSL 7:481bce714567 10745 output[i++] = (byte)typeTotal; /* # of types */
wolfSSL 7:481bce714567 10746 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 10747 if ((ssl->options.cipherSuite0 == ECC_BYTE ||
wolfSSL 7:481bce714567 10748 ssl->options.cipherSuite0 == CHACHA_BYTE) &&
wolfSSL 7:481bce714567 10749 ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL 7:481bce714567 10750 output[i++] = ecdsa_sign;
wolfSSL 7:481bce714567 10751 } else
wolfSSL 7:481bce714567 10752 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 10753 {
wolfSSL 7:481bce714567 10754 output[i++] = rsa_sign;
wolfSSL 7:481bce714567 10755 }
wolfSSL 7:481bce714567 10756
wolfSSL 7:481bce714567 10757 /* supported hash/sig */
wolfSSL 7:481bce714567 10758 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 10759 c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL 7:481bce714567 10760 i += LENGTH_SZ;
wolfSSL 7:481bce714567 10761
wolfSSL 7:481bce714567 10762 XMEMCPY(&output[i],
wolfSSL 7:481bce714567 10763 ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL 7:481bce714567 10764 i += ssl->suites->hashSigAlgoSz;
wolfSSL 7:481bce714567 10765 }
wolfSSL 7:481bce714567 10766
wolfSSL 7:481bce714567 10767 c16toa(0, &output[i]); /* auth's */
wolfSSL 7:481bce714567 10768 /* if add more to output, adjust i
wolfSSL 7:481bce714567 10769 i += REQ_HEADER_SZ; */
wolfSSL 7:481bce714567 10770
wolfSSL 7:481bce714567 10771 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10772 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 10773 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 10774 return ret;
wolfSSL 7:481bce714567 10775 }
wolfSSL 7:481bce714567 10776 if (ssl->options.dtls)
wolfSSL 7:481bce714567 10777 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 10778 #endif
wolfSSL 7:481bce714567 10779
wolfSSL 7:481bce714567 10780 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 10781 if (ret != 0)
wolfSSL 7:481bce714567 10782 return ret;
wolfSSL 7:481bce714567 10783
wolfSSL 7:481bce714567 10784 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 10785 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 10786 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 10787 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 10788 AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
wolfSSL 7:481bce714567 10789 sendSz, ssl->heap);
wolfSSL 7:481bce714567 10790 #endif
wolfSSL 7:481bce714567 10791 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 10792 if (ssl->options.groupMessages)
wolfSSL 7:481bce714567 10793 return 0;
wolfSSL 7:481bce714567 10794 else
wolfSSL 7:481bce714567 10795 return SendBuffered(ssl);
wolfSSL 7:481bce714567 10796 }
wolfSSL 7:481bce714567 10797
wolfSSL 7:481bce714567 10798 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 10799 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 10800 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 10801 static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
wolfSSL 7:481bce714567 10802 byte count)
wolfSSL 7:481bce714567 10803 {
wolfSSL 7:481bce714567 10804 byte* output = NULL;
wolfSSL 7:481bce714567 10805 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 10806 word32 length = ENUM_LEN;
wolfSSL 7:481bce714567 10807 int sendSz = 0;
wolfSSL 7:481bce714567 10808 int ret = 0;
wolfSSL 7:481bce714567 10809 int i = 0;
wolfSSL 7:481bce714567 10810
wolfSSL 7:481bce714567 10811 WOLFSSL_ENTER("BuildCertificateStatus");
wolfSSL 7:481bce714567 10812
wolfSSL 7:481bce714567 10813 switch (type) {
wolfSSL 7:481bce714567 10814 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 7:481bce714567 10815 length += OPAQUE24_LEN;
wolfSSL 7:481bce714567 10816 /* followed by */
wolfSSL 7:481bce714567 10817
wolfSSL 7:481bce714567 10818 case WOLFSSL_CSR2_OCSP:
wolfSSL 7:481bce714567 10819 for (i = 0; i < count; i++)
wolfSSL 7:481bce714567 10820 length += OPAQUE24_LEN + status[i].length;
wolfSSL 7:481bce714567 10821 break;
wolfSSL 7:481bce714567 10822
wolfSSL 7:481bce714567 10823 default:
wolfSSL 7:481bce714567 10824 return 0;
wolfSSL 7:481bce714567 10825 }
wolfSSL 7:481bce714567 10826
wolfSSL 7:481bce714567 10827 sendSz = idx + length;
wolfSSL 7:481bce714567 10828
wolfSSL 7:481bce714567 10829 if (ssl->keys.encryptionOn)
wolfSSL 7:481bce714567 10830 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 10831
wolfSSL 7:481bce714567 10832 if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
wolfSSL 7:481bce714567 10833 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 10834 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 10835
wolfSSL 7:481bce714567 10836 AddHeaders(output, length, certificate_status, ssl);
wolfSSL 7:481bce714567 10837
wolfSSL 7:481bce714567 10838 output[idx++] = type;
wolfSSL 7:481bce714567 10839
wolfSSL 7:481bce714567 10840 if (type == WOLFSSL_CSR2_OCSP_MULTI) {
wolfSSL 7:481bce714567 10841 c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
wolfSSL 7:481bce714567 10842 idx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 10843 }
wolfSSL 7:481bce714567 10844
wolfSSL 7:481bce714567 10845 for (i = 0; i < count; i++) {
wolfSSL 7:481bce714567 10846 c32to24(status[i].length, output + idx);
wolfSSL 7:481bce714567 10847 idx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 10848
wolfSSL 7:481bce714567 10849 XMEMCPY(output + idx, status[i].buffer, status[i].length);
wolfSSL 7:481bce714567 10850 idx += status[i].length;
wolfSSL 7:481bce714567 10851 }
wolfSSL 7:481bce714567 10852
wolfSSL 7:481bce714567 10853 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 10854 byte* input;
wolfSSL 7:481bce714567 10855 int inputSz = idx - RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 10856
wolfSSL 7:481bce714567 10857 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10858 if (input == NULL)
wolfSSL 7:481bce714567 10859 return MEMORY_E;
wolfSSL 7:481bce714567 10860
wolfSSL 7:481bce714567 10861 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 7:481bce714567 10862 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 10863 handshake, 1, 0);
wolfSSL 7:481bce714567 10864 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10865
wolfSSL 7:481bce714567 10866 if (sendSz < 0)
wolfSSL 7:481bce714567 10867 ret = sendSz;
wolfSSL 7:481bce714567 10868 }
wolfSSL 7:481bce714567 10869 else {
wolfSSL 7:481bce714567 10870 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10871 if (ssl->options.dtls)
wolfSSL 7:481bce714567 10872 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 10873 #endif
wolfSSL 7:481bce714567 10874 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 10875 }
wolfSSL 7:481bce714567 10876
wolfSSL 7:481bce714567 10877 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 10878 if (ret == 0 && IsDtlsNotSctpMode(ssl))
wolfSSL 7:481bce714567 10879 ret = DtlsMsgPoolSave(ssl, output, sendSz);
wolfSSL 7:481bce714567 10880 #endif
wolfSSL 7:481bce714567 10881
wolfSSL 7:481bce714567 10882 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 10883 if (ret == 0 && ssl->hsInfoOn)
wolfSSL 7:481bce714567 10884 AddPacketName("CertificateStatus", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 10885 if (ret == 0 && ssl->toInfoOn)
wolfSSL 7:481bce714567 10886 AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output,
wolfSSL 7:481bce714567 10887 sendSz, ssl->heap);
wolfSSL 7:481bce714567 10888 #endif
wolfSSL 7:481bce714567 10889
wolfSSL 7:481bce714567 10890 if (ret == 0) {
wolfSSL 7:481bce714567 10891 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 10892 if (!ssl->options.groupMessages)
wolfSSL 7:481bce714567 10893 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 10894 }
wolfSSL 7:481bce714567 10895 }
wolfSSL 7:481bce714567 10896
wolfSSL 7:481bce714567 10897 WOLFSSL_LEAVE("BuildCertificateStatus", ret);
wolfSSL 7:481bce714567 10898 return ret;
wolfSSL 7:481bce714567 10899 }
wolfSSL 7:481bce714567 10900 #endif
wolfSSL 7:481bce714567 10901 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 10902
wolfSSL 7:481bce714567 10903
wolfSSL 7:481bce714567 10904 int SendCertificateStatus(WOLFSSL* ssl)
wolfSSL 7:481bce714567 10905 {
wolfSSL 7:481bce714567 10906 int ret = 0;
wolfSSL 7:481bce714567 10907 byte status_type = 0;
wolfSSL 7:481bce714567 10908
wolfSSL 7:481bce714567 10909 WOLFSSL_ENTER("SendCertificateStatus");
wolfSSL 7:481bce714567 10910
wolfSSL 7:481bce714567 10911 (void) ssl;
wolfSSL 7:481bce714567 10912
wolfSSL 7:481bce714567 10913 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 7:481bce714567 10914 status_type = ssl->status_request;
wolfSSL 7:481bce714567 10915 #endif
wolfSSL 7:481bce714567 10916
wolfSSL 7:481bce714567 10917 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 10918 status_type = status_type ? status_type : ssl->status_request_v2;
wolfSSL 7:481bce714567 10919 #endif
wolfSSL 7:481bce714567 10920
wolfSSL 7:481bce714567 10921 switch (status_type) {
wolfSSL 7:481bce714567 10922
wolfSSL 7:481bce714567 10923 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 10924 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 7:481bce714567 10925 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 7:481bce714567 10926 /* case WOLFSSL_CSR_OCSP: */
wolfSSL 7:481bce714567 10927 case WOLFSSL_CSR2_OCSP: {
wolfSSL 7:481bce714567 10928 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 7:481bce714567 10929 buffer response;
wolfSSL 7:481bce714567 10930
wolfSSL 7:481bce714567 10931 XMEMSET(&response, 0, sizeof(response));
wolfSSL 7:481bce714567 10932
wolfSSL 7:481bce714567 10933 /* unable to fetch status. skip. */
wolfSSL 7:481bce714567 10934 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 7:481bce714567 10935 return 0;
wolfSSL 7:481bce714567 10936
wolfSSL 7:481bce714567 10937 if (!request || ssl->buffers.weOwnCert) {
wolfSSL 7:481bce714567 10938 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 7:481bce714567 10939 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10940 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 10941 #else
wolfSSL 7:481bce714567 10942 DecodedCert cert[1];
wolfSSL 7:481bce714567 10943 #endif
wolfSSL 7:481bce714567 10944
wolfSSL 7:481bce714567 10945 /* unable to fetch status. skip. */
wolfSSL 7:481bce714567 10946 if (der->buffer == NULL || der->length == 0)
wolfSSL 7:481bce714567 10947 return 0;
wolfSSL 7:481bce714567 10948
wolfSSL 7:481bce714567 10949 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10950 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 10951 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10952 if (cert == NULL)
wolfSSL 7:481bce714567 10953 return MEMORY_E;
wolfSSL 7:481bce714567 10954 #endif
wolfSSL 7:481bce714567 10955
wolfSSL 7:481bce714567 10956 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 7:481bce714567 10957
wolfSSL 7:481bce714567 10958 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 7:481bce714567 10959 ssl->ctx->cm)) != 0) {
wolfSSL 7:481bce714567 10960 WOLFSSL_MSG("ParseCert failed");
wolfSSL 7:481bce714567 10961 }
wolfSSL 7:481bce714567 10962 else {
wolfSSL 7:481bce714567 10963 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 7:481bce714567 10964 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 10965 if (request == NULL) {
wolfSSL 7:481bce714567 10966 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 10967
wolfSSL 7:481bce714567 10968 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10969 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10970 #endif
wolfSSL 7:481bce714567 10971
wolfSSL 7:481bce714567 10972 return MEMORY_E;
wolfSSL 7:481bce714567 10973 }
wolfSSL 7:481bce714567 10974
wolfSSL 7:481bce714567 10975 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 7:481bce714567 10976 if (ret != 0) {
wolfSSL 7:481bce714567 10977 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 10978 }
wolfSSL 7:481bce714567 10979 else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
wolfSSL 7:481bce714567 10980 &ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL 7:481bce714567 10981 if (!ssl->ctx->certOcspRequest)
wolfSSL 7:481bce714567 10982 ssl->ctx->certOcspRequest = request;
wolfSSL 7:481bce714567 10983 wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL 7:481bce714567 10984 }
wolfSSL 7:481bce714567 10985 }
wolfSSL 7:481bce714567 10986
wolfSSL 7:481bce714567 10987 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 10988
wolfSSL 7:481bce714567 10989 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 10990 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 10991 #endif
wolfSSL 7:481bce714567 10992 }
wolfSSL 7:481bce714567 10993
wolfSSL 7:481bce714567 10994 if (ret == 0) {
wolfSSL 7:481bce714567 10995 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 7:481bce714567 10996 &response);
wolfSSL 7:481bce714567 10997
wolfSSL 7:481bce714567 10998 /* Suppressing, not critical */
wolfSSL 7:481bce714567 10999 if (ret == OCSP_CERT_REVOKED
wolfSSL 7:481bce714567 11000 || ret == OCSP_CERT_UNKNOWN
wolfSSL 7:481bce714567 11001 || ret == OCSP_LOOKUP_FAIL)
wolfSSL 7:481bce714567 11002 ret = 0;
wolfSSL 7:481bce714567 11003
wolfSSL 7:481bce714567 11004 if (response.buffer) {
wolfSSL 7:481bce714567 11005 if (ret == 0)
wolfSSL 7:481bce714567 11006 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 7:481bce714567 11007 &response, 1);
wolfSSL 7:481bce714567 11008
wolfSSL 7:481bce714567 11009 XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11010 }
wolfSSL 7:481bce714567 11011
wolfSSL 7:481bce714567 11012 }
wolfSSL 7:481bce714567 11013
wolfSSL 7:481bce714567 11014 if (request != ssl->ctx->certOcspRequest)
wolfSSL 7:481bce714567 11015 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11016 }
wolfSSL 7:481bce714567 11017 break;
wolfSSL 7:481bce714567 11018
wolfSSL 7:481bce714567 11019 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 7:481bce714567 11020 /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 7:481bce714567 11021
wolfSSL 7:481bce714567 11022 #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 7:481bce714567 11023 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 7:481bce714567 11024 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 7:481bce714567 11025 buffer responses[1 + MAX_CHAIN_DEPTH];
wolfSSL 7:481bce714567 11026 int i = 0;
wolfSSL 7:481bce714567 11027
wolfSSL 7:481bce714567 11028 XMEMSET(responses, 0, sizeof(responses));
wolfSSL 7:481bce714567 11029
wolfSSL 7:481bce714567 11030 /* unable to fetch status. skip. */
wolfSSL 7:481bce714567 11031 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 7:481bce714567 11032 return 0;
wolfSSL 7:481bce714567 11033
wolfSSL 7:481bce714567 11034 if (!request || ssl->buffers.weOwnCert) {
wolfSSL 7:481bce714567 11035 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 7:481bce714567 11036 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11037 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 11038 #else
wolfSSL 7:481bce714567 11039 DecodedCert cert[1];
wolfSSL 7:481bce714567 11040 #endif
wolfSSL 7:481bce714567 11041
wolfSSL 7:481bce714567 11042 /* unable to fetch status. skip. */
wolfSSL 7:481bce714567 11043 if (der->buffer == NULL || der->length == 0)
wolfSSL 7:481bce714567 11044 return 0;
wolfSSL 7:481bce714567 11045
wolfSSL 7:481bce714567 11046 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11047 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 11048 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11049 if (cert == NULL)
wolfSSL 7:481bce714567 11050 return MEMORY_E;
wolfSSL 7:481bce714567 11051 #endif
wolfSSL 7:481bce714567 11052
wolfSSL 7:481bce714567 11053 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 7:481bce714567 11054
wolfSSL 7:481bce714567 11055 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 7:481bce714567 11056 ssl->ctx->cm)) != 0) {
wolfSSL 7:481bce714567 11057 WOLFSSL_MSG("ParseCert failed");
wolfSSL 7:481bce714567 11058 }
wolfSSL 7:481bce714567 11059 else {
wolfSSL 7:481bce714567 11060 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 7:481bce714567 11061 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11062 if (request == NULL) {
wolfSSL 7:481bce714567 11063 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 11064
wolfSSL 7:481bce714567 11065 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11066 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11067 #endif
wolfSSL 7:481bce714567 11068
wolfSSL 7:481bce714567 11069 return MEMORY_E;
wolfSSL 7:481bce714567 11070 }
wolfSSL 7:481bce714567 11071
wolfSSL 7:481bce714567 11072 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 7:481bce714567 11073 if (ret != 0) {
wolfSSL 7:481bce714567 11074 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11075 }
wolfSSL 7:481bce714567 11076 else if (!ssl->buffers.weOwnCert && 0 == wc_LockMutex(
wolfSSL 7:481bce714567 11077 &ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL 7:481bce714567 11078 if (!ssl->ctx->certOcspRequest)
wolfSSL 7:481bce714567 11079 ssl->ctx->certOcspRequest = request;
wolfSSL 7:481bce714567 11080
wolfSSL 7:481bce714567 11081 wc_UnLockMutex(&ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL 7:481bce714567 11082 }
wolfSSL 7:481bce714567 11083 }
wolfSSL 7:481bce714567 11084
wolfSSL 7:481bce714567 11085 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 11086
wolfSSL 7:481bce714567 11087 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11088 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11089 #endif
wolfSSL 7:481bce714567 11090 }
wolfSSL 7:481bce714567 11091
wolfSSL 7:481bce714567 11092 if (ret == 0) {
wolfSSL 7:481bce714567 11093 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 7:481bce714567 11094 &responses[0]);
wolfSSL 7:481bce714567 11095
wolfSSL 7:481bce714567 11096 /* Suppressing, not critical */
wolfSSL 7:481bce714567 11097 if (ret == OCSP_CERT_REVOKED
wolfSSL 7:481bce714567 11098 || ret == OCSP_CERT_UNKNOWN
wolfSSL 7:481bce714567 11099 || ret == OCSP_LOOKUP_FAIL)
wolfSSL 7:481bce714567 11100 ret = 0;
wolfSSL 7:481bce714567 11101 }
wolfSSL 7:481bce714567 11102
wolfSSL 7:481bce714567 11103 if (request != ssl->ctx->certOcspRequest)
wolfSSL 7:481bce714567 11104 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11105
wolfSSL 7:481bce714567 11106 if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
wolfSSL 7:481bce714567 11107 || ssl->buffers.weOwnCertChain)) {
wolfSSL 7:481bce714567 11108 buffer der;
wolfSSL 7:481bce714567 11109 word32 idx = 0;
wolfSSL 7:481bce714567 11110 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11111 DecodedCert* cert = NULL;
wolfSSL 7:481bce714567 11112 #else
wolfSSL 7:481bce714567 11113 DecodedCert cert[1];
wolfSSL 7:481bce714567 11114 #endif
wolfSSL 7:481bce714567 11115
wolfSSL 7:481bce714567 11116 XMEMSET(&der, 0, sizeof(buffer));
wolfSSL 7:481bce714567 11117
wolfSSL 7:481bce714567 11118 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11119 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 7:481bce714567 11120 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11121 if (cert == NULL)
wolfSSL 7:481bce714567 11122 return MEMORY_E;
wolfSSL 7:481bce714567 11123 #endif
wolfSSL 7:481bce714567 11124
wolfSSL 7:481bce714567 11125 while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {
wolfSSL 7:481bce714567 11126 c24to32(ssl->buffers.certChain->buffer + idx, &der.length);
wolfSSL 7:481bce714567 11127 idx += OPAQUE24_LEN;
wolfSSL 7:481bce714567 11128
wolfSSL 7:481bce714567 11129 der.buffer = ssl->buffers.certChain->buffer + idx;
wolfSSL 7:481bce714567 11130 idx += der.length;
wolfSSL 7:481bce714567 11131
wolfSSL 7:481bce714567 11132 if (idx > ssl->buffers.certChain->length)
wolfSSL 7:481bce714567 11133 break;
wolfSSL 7:481bce714567 11134
wolfSSL 7:481bce714567 11135 InitDecodedCert(cert, der.buffer, der.length, ssl->heap);
wolfSSL 7:481bce714567 11136
wolfSSL 7:481bce714567 11137 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 7:481bce714567 11138 ssl->ctx->cm)) != 0) {
wolfSSL 7:481bce714567 11139 WOLFSSL_MSG("ParseCert failed");
wolfSSL 7:481bce714567 11140 break;
wolfSSL 7:481bce714567 11141 }
wolfSSL 7:481bce714567 11142 else {
wolfSSL 7:481bce714567 11143 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 7:481bce714567 11144 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11145 if (request == NULL) {
wolfSSL 7:481bce714567 11146 ret = MEMORY_E;
wolfSSL 7:481bce714567 11147 break;
wolfSSL 7:481bce714567 11148 }
wolfSSL 7:481bce714567 11149
wolfSSL 7:481bce714567 11150 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 7:481bce714567 11151 if (ret != 0) {
wolfSSL 7:481bce714567 11152 XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11153 break;
wolfSSL 7:481bce714567 11154 }
wolfSSL 7:481bce714567 11155 else if (!ssl->buffers.weOwnCertChain && 0 ==
wolfSSL 7:481bce714567 11156 wc_LockMutex(
wolfSSL 7:481bce714567 11157 &ssl->ctx->cm->ocsp_stapling->ocspLock)) {
wolfSSL 7:481bce714567 11158 if (!ssl->ctx->chainOcspRequest[i])
wolfSSL 7:481bce714567 11159 ssl->ctx->chainOcspRequest[i] = request;
wolfSSL 7:481bce714567 11160
wolfSSL 7:481bce714567 11161 wc_UnLockMutex(
wolfSSL 7:481bce714567 11162 &ssl->ctx->cm->ocsp_stapling->ocspLock);
wolfSSL 7:481bce714567 11163 }
wolfSSL 7:481bce714567 11164
wolfSSL 7:481bce714567 11165 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 7:481bce714567 11166 request, &responses[i + 1]);
wolfSSL 7:481bce714567 11167
wolfSSL 7:481bce714567 11168 /* Suppressing, not critical */
wolfSSL 7:481bce714567 11169 if (ret == OCSP_CERT_REVOKED
wolfSSL 7:481bce714567 11170 || ret == OCSP_CERT_UNKNOWN
wolfSSL 7:481bce714567 11171 || ret == OCSP_LOOKUP_FAIL)
wolfSSL 7:481bce714567 11172 ret = 0;
wolfSSL 7:481bce714567 11173
wolfSSL 7:481bce714567 11174 if (request != ssl->ctx->chainOcspRequest[i])
wolfSSL 7:481bce714567 11175 XFREE(request, ssl->heap,DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 7:481bce714567 11176
wolfSSL 7:481bce714567 11177 i++;
wolfSSL 7:481bce714567 11178 }
wolfSSL 7:481bce714567 11179
wolfSSL 7:481bce714567 11180 FreeDecodedCert(cert);
wolfSSL 7:481bce714567 11181 }
wolfSSL 7:481bce714567 11182
wolfSSL 7:481bce714567 11183 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 11184 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11185 #endif
wolfSSL 7:481bce714567 11186 }
wolfSSL 7:481bce714567 11187 else {
wolfSSL 7:481bce714567 11188 while (ret == 0 &&
wolfSSL 7:481bce714567 11189 NULL != (request = ssl->ctx->chainOcspRequest[i])) {
wolfSSL 7:481bce714567 11190 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 7:481bce714567 11191 request, &responses[++i]);
wolfSSL 7:481bce714567 11192
wolfSSL 7:481bce714567 11193 /* Suppressing, not critical */
wolfSSL 7:481bce714567 11194 if (ret == OCSP_CERT_REVOKED
wolfSSL 7:481bce714567 11195 || ret == OCSP_CERT_UNKNOWN
wolfSSL 7:481bce714567 11196 || ret == OCSP_LOOKUP_FAIL)
wolfSSL 7:481bce714567 11197 ret = 0;
wolfSSL 7:481bce714567 11198 }
wolfSSL 7:481bce714567 11199 }
wolfSSL 7:481bce714567 11200
wolfSSL 7:481bce714567 11201 if (responses[0].buffer) {
wolfSSL 7:481bce714567 11202 if (ret == 0)
wolfSSL 7:481bce714567 11203 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 7:481bce714567 11204 responses, (byte)i + 1);
wolfSSL 7:481bce714567 11205
wolfSSL 7:481bce714567 11206 for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
wolfSSL 7:481bce714567 11207 if (responses[i].buffer)
wolfSSL 7:481bce714567 11208 XFREE(responses[i].buffer, ssl->heap,
wolfSSL 7:481bce714567 11209 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 11210 }
wolfSSL 7:481bce714567 11211 }
wolfSSL 7:481bce714567 11212 break;
wolfSSL 7:481bce714567 11213
wolfSSL 7:481bce714567 11214 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 7:481bce714567 11215 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 11216
wolfSSL 7:481bce714567 11217 default:
wolfSSL 7:481bce714567 11218 break;
wolfSSL 7:481bce714567 11219 }
wolfSSL 7:481bce714567 11220
wolfSSL 7:481bce714567 11221 return ret;
wolfSSL 7:481bce714567 11222 }
wolfSSL 7:481bce714567 11223
wolfSSL 7:481bce714567 11224 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 11225
wolfSSL 7:481bce714567 11226
wolfSSL 7:481bce714567 11227 int SendData(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 7:481bce714567 11228 {
wolfSSL 7:481bce714567 11229 int sent = 0, /* plainText size */
wolfSSL 7:481bce714567 11230 sendSz,
wolfSSL 7:481bce714567 11231 ret,
wolfSSL 7:481bce714567 11232 dtlsExtra = 0;
wolfSSL 7:481bce714567 11233
wolfSSL 7:481bce714567 11234 if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E)
wolfSSL 7:481bce714567 11235 ssl->error = 0;
wolfSSL 7:481bce714567 11236
wolfSSL 7:481bce714567 11237 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 7:481bce714567 11238 int err;
wolfSSL 7:481bce714567 11239 WOLFSSL_MSG("handshake not complete, trying to finish");
wolfSSL 7:481bce714567 11240 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 11241 /* if async would block return WANT_WRITE */
wolfSSL 7:481bce714567 11242 if (ssl->error == WC_PENDING_E) {
wolfSSL 7:481bce714567 11243 return WOLFSSL_CBIO_ERR_WANT_WRITE;
wolfSSL 7:481bce714567 11244 }
wolfSSL 7:481bce714567 11245 return err;
wolfSSL 7:481bce714567 11246 }
wolfSSL 7:481bce714567 11247 }
wolfSSL 7:481bce714567 11248
wolfSSL 7:481bce714567 11249 /* last time system socket output buffer was full, try again to send */
wolfSSL 7:481bce714567 11250 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 7:481bce714567 11251 WOLFSSL_MSG("output buffer was full, trying to send again");
wolfSSL 7:481bce714567 11252 if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL 7:481bce714567 11253 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 11254 if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 7:481bce714567 11255 return 0; /* peer reset */
wolfSSL 7:481bce714567 11256 return ssl->error;
wolfSSL 7:481bce714567 11257 }
wolfSSL 7:481bce714567 11258 else {
wolfSSL 7:481bce714567 11259 /* advance sent to previous sent + plain size just sent */
wolfSSL 7:481bce714567 11260 sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL 7:481bce714567 11261 WOLFSSL_MSG("sent write buffered data");
wolfSSL 7:481bce714567 11262
wolfSSL 7:481bce714567 11263 if (sent > sz) {
wolfSSL 7:481bce714567 11264 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
wolfSSL 7:481bce714567 11265 return ssl->error = BAD_FUNC_ARG;
wolfSSL 7:481bce714567 11266 }
wolfSSL 7:481bce714567 11267 }
wolfSSL 7:481bce714567 11268 }
wolfSSL 7:481bce714567 11269
wolfSSL 7:481bce714567 11270 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11271 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 11272 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 11273 }
wolfSSL 7:481bce714567 11274 #endif
wolfSSL 7:481bce714567 11275
wolfSSL 7:481bce714567 11276 for (;;) {
wolfSSL 7:481bce714567 11277 int len;
wolfSSL 7:481bce714567 11278 byte* out;
wolfSSL 7:481bce714567 11279 byte* sendBuffer = (byte*)data + sent; /* may switch on comp */
wolfSSL 7:481bce714567 11280 int buffSz; /* may switch on comp */
wolfSSL 7:481bce714567 11281 int outputSz;
wolfSSL 7:481bce714567 11282 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 11283 byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 7:481bce714567 11284 #endif
wolfSSL 7:481bce714567 11285
wolfSSL 7:481bce714567 11286 if (sent == sz) break;
wolfSSL 7:481bce714567 11287
wolfSSL 7:481bce714567 11288 len = min(sz - sent, OUTPUT_RECORD_SIZE);
wolfSSL 7:481bce714567 11289 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 7:481bce714567 11290 len = min(len, ssl->max_fragment);
wolfSSL 7:481bce714567 11291 #endif
wolfSSL 7:481bce714567 11292
wolfSSL 7:481bce714567 11293 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11294 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 11295 len = min(len, MAX_UDP_SIZE);
wolfSSL 7:481bce714567 11296 }
wolfSSL 7:481bce714567 11297 #endif
wolfSSL 7:481bce714567 11298 buffSz = len;
wolfSSL 7:481bce714567 11299
wolfSSL 7:481bce714567 11300 /* check for available size */
wolfSSL 7:481bce714567 11301 outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 11302 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 7:481bce714567 11303 return ssl->error = ret;
wolfSSL 7:481bce714567 11304
wolfSSL 7:481bce714567 11305 /* get output buffer */
wolfSSL 7:481bce714567 11306 out = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 11307 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 11308
wolfSSL 7:481bce714567 11309 #ifdef HAVE_LIBZ
wolfSSL 7:481bce714567 11310 if (ssl->options.usingCompression) {
wolfSSL 7:481bce714567 11311 buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL 7:481bce714567 11312 if (buffSz < 0) {
wolfSSL 7:481bce714567 11313 return buffSz;
wolfSSL 7:481bce714567 11314 }
wolfSSL 7:481bce714567 11315 sendBuffer = comp;
wolfSSL 7:481bce714567 11316 }
wolfSSL 7:481bce714567 11317 #endif
wolfSSL 7:481bce714567 11318 sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL 7:481bce714567 11319 application_data, 0, 0);
wolfSSL 7:481bce714567 11320 if (sendSz < 0)
wolfSSL 7:481bce714567 11321 return BUILD_MSG_ERROR;
wolfSSL 7:481bce714567 11322
wolfSSL 7:481bce714567 11323 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 11324
wolfSSL 7:481bce714567 11325 if ( (ret = SendBuffered(ssl)) < 0) {
wolfSSL 7:481bce714567 11326 WOLFSSL_ERROR(ret);
wolfSSL 7:481bce714567 11327 /* store for next call if WANT_WRITE or user embedSend() that
wolfSSL 7:481bce714567 11328 doesn't present like WANT_WRITE */
wolfSSL 7:481bce714567 11329 ssl->buffers.plainSz = len;
wolfSSL 7:481bce714567 11330 ssl->buffers.prevSent = sent;
wolfSSL 7:481bce714567 11331 if (ret == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 7:481bce714567 11332 return 0; /* peer reset */
wolfSSL 7:481bce714567 11333 return ssl->error = ret;
wolfSSL 7:481bce714567 11334 }
wolfSSL 7:481bce714567 11335
wolfSSL 7:481bce714567 11336 sent += len;
wolfSSL 7:481bce714567 11337
wolfSSL 7:481bce714567 11338 /* only one message per attempt */
wolfSSL 7:481bce714567 11339 if (ssl->options.partialWrite == 1) {
wolfSSL 7:481bce714567 11340 WOLFSSL_MSG("Paritial Write on, only sending one record");
wolfSSL 7:481bce714567 11341 break;
wolfSSL 7:481bce714567 11342 }
wolfSSL 7:481bce714567 11343 }
wolfSSL 7:481bce714567 11344
wolfSSL 7:481bce714567 11345 return sent;
wolfSSL 7:481bce714567 11346 }
wolfSSL 7:481bce714567 11347
wolfSSL 7:481bce714567 11348 /* process input data */
wolfSSL 7:481bce714567 11349 int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
wolfSSL 7:481bce714567 11350 {
wolfSSL 7:481bce714567 11351 int size;
wolfSSL 7:481bce714567 11352
wolfSSL 7:481bce714567 11353 WOLFSSL_ENTER("ReceiveData()");
wolfSSL 7:481bce714567 11354
wolfSSL 7:481bce714567 11355 if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E)
wolfSSL 7:481bce714567 11356 ssl->error = 0;
wolfSSL 7:481bce714567 11357
wolfSSL 7:481bce714567 11358 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11359 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 11360 /* In DTLS mode, we forgive some errors and allow the session
wolfSSL 7:481bce714567 11361 * to continue despite them. */
wolfSSL 7:481bce714567 11362 if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR)
wolfSSL 7:481bce714567 11363 ssl->error = 0;
wolfSSL 7:481bce714567 11364 }
wolfSSL 7:481bce714567 11365 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 11366
wolfSSL 7:481bce714567 11367 if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL 7:481bce714567 11368 WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
wolfSSL 7:481bce714567 11369 return ssl->error;
wolfSSL 7:481bce714567 11370 }
wolfSSL 7:481bce714567 11371
wolfSSL 7:481bce714567 11372 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 7:481bce714567 11373 int err;
wolfSSL 7:481bce714567 11374 WOLFSSL_MSG("Handshake not complete, trying to finish");
wolfSSL 7:481bce714567 11375 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 7:481bce714567 11376 /* if async would block return WANT_WRITE */
wolfSSL 7:481bce714567 11377 if (ssl->error == WC_PENDING_E) {
wolfSSL 7:481bce714567 11378 return WOLFSSL_CBIO_ERR_WANT_READ;
wolfSSL 7:481bce714567 11379 }
wolfSSL 7:481bce714567 11380 return err;
wolfSSL 7:481bce714567 11381 }
wolfSSL 7:481bce714567 11382 }
wolfSSL 7:481bce714567 11383
wolfSSL 7:481bce714567 11384 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 11385 startScr:
wolfSSL 7:481bce714567 11386 if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
wolfSSL 7:481bce714567 11387 int err;
wolfSSL 7:481bce714567 11388 ssl->secure_renegotiation->startScr = 0; /* only start once */
wolfSSL 7:481bce714567 11389 WOLFSSL_MSG("Need to start scr, server requested");
wolfSSL 7:481bce714567 11390 if ( (err = wolfSSL_Rehandshake(ssl)) != SSL_SUCCESS)
wolfSSL 7:481bce714567 11391 return err;
wolfSSL 7:481bce714567 11392 }
wolfSSL 7:481bce714567 11393 #endif
wolfSSL 7:481bce714567 11394
wolfSSL 7:481bce714567 11395 while (ssl->buffers.clearOutputBuffer.length == 0) {
wolfSSL 7:481bce714567 11396 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 7:481bce714567 11397 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 11398 if (ssl->error == ZERO_RETURN) {
wolfSSL 7:481bce714567 11399 WOLFSSL_MSG("Zero return, no more data coming");
wolfSSL 7:481bce714567 11400 return 0; /* no more data coming */
wolfSSL 7:481bce714567 11401 }
wolfSSL 7:481bce714567 11402 if (ssl->error == SOCKET_ERROR_E) {
wolfSSL 7:481bce714567 11403 if (ssl->options.connReset || ssl->options.isClosed) {
wolfSSL 7:481bce714567 11404 WOLFSSL_MSG("Peer reset or closed, connection done");
wolfSSL 7:481bce714567 11405 ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL 7:481bce714567 11406 WOLFSSL_ERROR(ssl->error);
wolfSSL 7:481bce714567 11407 return 0; /* peer reset or closed */
wolfSSL 7:481bce714567 11408 }
wolfSSL 7:481bce714567 11409 }
wolfSSL 7:481bce714567 11410 return ssl->error;
wolfSSL 7:481bce714567 11411 }
wolfSSL 7:481bce714567 11412 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 11413 if (ssl->secure_renegotiation &&
wolfSSL 7:481bce714567 11414 ssl->secure_renegotiation->startScr) {
wolfSSL 7:481bce714567 11415 goto startScr;
wolfSSL 7:481bce714567 11416 }
wolfSSL 7:481bce714567 11417 #endif
wolfSSL 7:481bce714567 11418 }
wolfSSL 7:481bce714567 11419
wolfSSL 7:481bce714567 11420 if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL 7:481bce714567 11421 size = sz;
wolfSSL 7:481bce714567 11422 else
wolfSSL 7:481bce714567 11423 size = ssl->buffers.clearOutputBuffer.length;
wolfSSL 7:481bce714567 11424
wolfSSL 7:481bce714567 11425 XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL 7:481bce714567 11426
wolfSSL 7:481bce714567 11427 if (peek == 0) {
wolfSSL 7:481bce714567 11428 ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL 7:481bce714567 11429 ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL 7:481bce714567 11430 }
wolfSSL 7:481bce714567 11431
wolfSSL 7:481bce714567 11432 if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL 7:481bce714567 11433 ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 7:481bce714567 11434 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 7:481bce714567 11435
wolfSSL 7:481bce714567 11436 WOLFSSL_LEAVE("ReceiveData()", size);
wolfSSL 7:481bce714567 11437 return size;
wolfSSL 7:481bce714567 11438 }
wolfSSL 7:481bce714567 11439
wolfSSL 7:481bce714567 11440
wolfSSL 7:481bce714567 11441 /* send alert message */
wolfSSL 7:481bce714567 11442 int SendAlert(WOLFSSL* ssl, int severity, int type)
wolfSSL 7:481bce714567 11443 {
wolfSSL 7:481bce714567 11444 byte input[ALERT_SIZE];
wolfSSL 7:481bce714567 11445 byte *output;
wolfSSL 7:481bce714567 11446 int sendSz;
wolfSSL 7:481bce714567 11447 int ret;
wolfSSL 7:481bce714567 11448 int outputSz;
wolfSSL 7:481bce714567 11449 int dtlsExtra = 0;
wolfSSL 7:481bce714567 11450
wolfSSL 7:481bce714567 11451 /* if sendalert is called again for nonblocking */
wolfSSL 7:481bce714567 11452 if (ssl->options.sendAlertState != 0) {
wolfSSL 7:481bce714567 11453 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 11454 if (ret == 0)
wolfSSL 7:481bce714567 11455 ssl->options.sendAlertState = 0;
wolfSSL 7:481bce714567 11456 return ret;
wolfSSL 7:481bce714567 11457 }
wolfSSL 7:481bce714567 11458
wolfSSL 7:481bce714567 11459 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11460 if (ssl->options.dtls)
wolfSSL 7:481bce714567 11461 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 11462 #endif
wolfSSL 7:481bce714567 11463
wolfSSL 7:481bce714567 11464 /* check for available size */
wolfSSL 7:481bce714567 11465 outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
wolfSSL 7:481bce714567 11466 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 7:481bce714567 11467 return ret;
wolfSSL 7:481bce714567 11468
wolfSSL 7:481bce714567 11469 /* get output buffer */
wolfSSL 7:481bce714567 11470 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 11471 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 11472
wolfSSL 7:481bce714567 11473 input[0] = (byte)severity;
wolfSSL 7:481bce714567 11474 input[1] = (byte)type;
wolfSSL 7:481bce714567 11475 ssl->alert_history.last_tx.code = type;
wolfSSL 7:481bce714567 11476 ssl->alert_history.last_tx.level = severity;
wolfSSL 7:481bce714567 11477 if (severity == alert_fatal) {
wolfSSL 7:481bce714567 11478 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 7:481bce714567 11479 }
wolfSSL 7:481bce714567 11480
wolfSSL 7:481bce714567 11481 /* only send encrypted alert if handshake actually complete, otherwise
wolfSSL 7:481bce714567 11482 other side may not be able to handle it */
wolfSSL 7:481bce714567 11483 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
wolfSSL 7:481bce714567 11484 sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,
wolfSSL 7:481bce714567 11485 alert, 0, 0);
wolfSSL 7:481bce714567 11486 else {
wolfSSL 7:481bce714567 11487
wolfSSL 7:481bce714567 11488 AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL 7:481bce714567 11489 output += RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 11490 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11491 if (ssl->options.dtls)
wolfSSL 7:481bce714567 11492 output += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 11493 #endif
wolfSSL 7:481bce714567 11494 XMEMCPY(output, input, ALERT_SIZE);
wolfSSL 7:481bce714567 11495
wolfSSL 7:481bce714567 11496 sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL 7:481bce714567 11497 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 11498 if (ssl->options.dtls)
wolfSSL 7:481bce714567 11499 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 11500 #endif
wolfSSL 7:481bce714567 11501 }
wolfSSL 7:481bce714567 11502 if (sendSz < 0)
wolfSSL 7:481bce714567 11503 return BUILD_MSG_ERROR;
wolfSSL 7:481bce714567 11504
wolfSSL 7:481bce714567 11505 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 11506 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 11507 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 11508 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 11509 AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
wolfSSL 7:481bce714567 11510 #endif
wolfSSL 7:481bce714567 11511
wolfSSL 7:481bce714567 11512 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 11513 ssl->options.sendAlertState = 1;
wolfSSL 7:481bce714567 11514
wolfSSL 7:481bce714567 11515 return SendBuffered(ssl);
wolfSSL 7:481bce714567 11516 }
wolfSSL 7:481bce714567 11517
wolfSSL 7:481bce714567 11518 const char* wolfSSL_ERR_reason_error_string(unsigned long e)
wolfSSL 7:481bce714567 11519 {
wolfSSL 7:481bce714567 11520 #ifdef NO_ERROR_STRINGS
wolfSSL 7:481bce714567 11521
wolfSSL 7:481bce714567 11522 (void)e;
wolfSSL 7:481bce714567 11523 return "no support for error strings built in";
wolfSSL 7:481bce714567 11524
wolfSSL 7:481bce714567 11525 #else
wolfSSL 7:481bce714567 11526
wolfSSL 7:481bce714567 11527 int error = (int)e;
wolfSSL 7:481bce714567 11528
wolfSSL 7:481bce714567 11529 /* pass to wolfCrypt */
wolfSSL 7:481bce714567 11530 if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL 7:481bce714567 11531 return wc_GetErrorString(error);
wolfSSL 7:481bce714567 11532 }
wolfSSL 7:481bce714567 11533
wolfSSL 7:481bce714567 11534 switch (error) {
wolfSSL 7:481bce714567 11535
wolfSSL 7:481bce714567 11536 case UNSUPPORTED_SUITE :
wolfSSL 7:481bce714567 11537 return "unsupported cipher suite";
wolfSSL 7:481bce714567 11538
wolfSSL 7:481bce714567 11539 case INPUT_CASE_ERROR :
wolfSSL 7:481bce714567 11540 return "input state error";
wolfSSL 7:481bce714567 11541
wolfSSL 7:481bce714567 11542 case PREFIX_ERROR :
wolfSSL 7:481bce714567 11543 return "bad index to key rounds";
wolfSSL 7:481bce714567 11544
wolfSSL 7:481bce714567 11545 case MEMORY_ERROR :
wolfSSL 7:481bce714567 11546 return "out of memory";
wolfSSL 7:481bce714567 11547
wolfSSL 7:481bce714567 11548 case VERIFY_FINISHED_ERROR :
wolfSSL 7:481bce714567 11549 return "verify problem on finished";
wolfSSL 7:481bce714567 11550
wolfSSL 7:481bce714567 11551 case VERIFY_MAC_ERROR :
wolfSSL 7:481bce714567 11552 return "verify mac problem";
wolfSSL 7:481bce714567 11553
wolfSSL 7:481bce714567 11554 case PARSE_ERROR :
wolfSSL 7:481bce714567 11555 return "parse error on header";
wolfSSL 7:481bce714567 11556
wolfSSL 7:481bce714567 11557 case SIDE_ERROR :
wolfSSL 7:481bce714567 11558 return "wrong client/server type";
wolfSSL 7:481bce714567 11559
wolfSSL 7:481bce714567 11560 case NO_PEER_CERT :
wolfSSL 7:481bce714567 11561 return "peer didn't send cert";
wolfSSL 7:481bce714567 11562
wolfSSL 7:481bce714567 11563 case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL 7:481bce714567 11564 return "weird handshake type";
wolfSSL 7:481bce714567 11565
wolfSSL 7:481bce714567 11566 case SOCKET_ERROR_E :
wolfSSL 7:481bce714567 11567 return "error state on socket";
wolfSSL 7:481bce714567 11568
wolfSSL 7:481bce714567 11569 case SOCKET_NODATA :
wolfSSL 7:481bce714567 11570 return "expected data, not there";
wolfSSL 7:481bce714567 11571
wolfSSL 7:481bce714567 11572 case INCOMPLETE_DATA :
wolfSSL 7:481bce714567 11573 return "don't have enough data to complete task";
wolfSSL 7:481bce714567 11574
wolfSSL 7:481bce714567 11575 case UNKNOWN_RECORD_TYPE :
wolfSSL 7:481bce714567 11576 return "unknown type in record hdr";
wolfSSL 7:481bce714567 11577
wolfSSL 7:481bce714567 11578 case DECRYPT_ERROR :
wolfSSL 7:481bce714567 11579 return "error during decryption";
wolfSSL 7:481bce714567 11580
wolfSSL 7:481bce714567 11581 case FATAL_ERROR :
wolfSSL 7:481bce714567 11582 return "revcd alert fatal error";
wolfSSL 7:481bce714567 11583
wolfSSL 7:481bce714567 11584 case ENCRYPT_ERROR :
wolfSSL 7:481bce714567 11585 return "error during encryption";
wolfSSL 7:481bce714567 11586
wolfSSL 7:481bce714567 11587 case FREAD_ERROR :
wolfSSL 7:481bce714567 11588 return "fread problem";
wolfSSL 7:481bce714567 11589
wolfSSL 7:481bce714567 11590 case NO_PEER_KEY :
wolfSSL 7:481bce714567 11591 return "need peer's key";
wolfSSL 7:481bce714567 11592
wolfSSL 7:481bce714567 11593 case NO_PRIVATE_KEY :
wolfSSL 7:481bce714567 11594 return "need the private key";
wolfSSL 7:481bce714567 11595
wolfSSL 7:481bce714567 11596 case NO_DH_PARAMS :
wolfSSL 7:481bce714567 11597 return "server missing DH params";
wolfSSL 7:481bce714567 11598
wolfSSL 7:481bce714567 11599 case RSA_PRIVATE_ERROR :
wolfSSL 7:481bce714567 11600 return "error during rsa priv op";
wolfSSL 7:481bce714567 11601
wolfSSL 7:481bce714567 11602 case MATCH_SUITE_ERROR :
wolfSSL 7:481bce714567 11603 return "can't match cipher suite";
wolfSSL 7:481bce714567 11604
wolfSSL 7:481bce714567 11605 case COMPRESSION_ERROR :
wolfSSL 7:481bce714567 11606 return "compression mismatch error";
wolfSSL 7:481bce714567 11607
wolfSSL 7:481bce714567 11608 case BUILD_MSG_ERROR :
wolfSSL 7:481bce714567 11609 return "build message failure";
wolfSSL 7:481bce714567 11610
wolfSSL 7:481bce714567 11611 case BAD_HELLO :
wolfSSL 7:481bce714567 11612 return "client hello malformed";
wolfSSL 7:481bce714567 11613
wolfSSL 7:481bce714567 11614 case DOMAIN_NAME_MISMATCH :
wolfSSL 7:481bce714567 11615 return "peer subject name mismatch";
wolfSSL 7:481bce714567 11616
wolfSSL 7:481bce714567 11617 case WANT_READ :
wolfSSL 7:481bce714567 11618 case SSL_ERROR_WANT_READ :
wolfSSL 7:481bce714567 11619 return "non-blocking socket wants data to be read";
wolfSSL 7:481bce714567 11620
wolfSSL 7:481bce714567 11621 case NOT_READY_ERROR :
wolfSSL 7:481bce714567 11622 return "handshake layer not ready yet, complete first";
wolfSSL 7:481bce714567 11623
wolfSSL 7:481bce714567 11624 case PMS_VERSION_ERROR :
wolfSSL 7:481bce714567 11625 return "premaster secret version mismatch error";
wolfSSL 7:481bce714567 11626
wolfSSL 7:481bce714567 11627 case VERSION_ERROR :
wolfSSL 7:481bce714567 11628 return "record layer version error";
wolfSSL 7:481bce714567 11629
wolfSSL 7:481bce714567 11630 case WANT_WRITE :
wolfSSL 7:481bce714567 11631 case SSL_ERROR_WANT_WRITE :
wolfSSL 7:481bce714567 11632 return "non-blocking socket write buffer full";
wolfSSL 7:481bce714567 11633
wolfSSL 7:481bce714567 11634 case BUFFER_ERROR :
wolfSSL 7:481bce714567 11635 return "malformed buffer input error";
wolfSSL 7:481bce714567 11636
wolfSSL 7:481bce714567 11637 case VERIFY_CERT_ERROR :
wolfSSL 7:481bce714567 11638 return "verify problem on certificate";
wolfSSL 7:481bce714567 11639
wolfSSL 7:481bce714567 11640 case VERIFY_SIGN_ERROR :
wolfSSL 7:481bce714567 11641 return "verify problem based on signature";
wolfSSL 7:481bce714567 11642
wolfSSL 7:481bce714567 11643 case CLIENT_ID_ERROR :
wolfSSL 7:481bce714567 11644 return "psk client identity error";
wolfSSL 7:481bce714567 11645
wolfSSL 7:481bce714567 11646 case SERVER_HINT_ERROR:
wolfSSL 7:481bce714567 11647 return "psk server hint error";
wolfSSL 7:481bce714567 11648
wolfSSL 7:481bce714567 11649 case PSK_KEY_ERROR:
wolfSSL 7:481bce714567 11650 return "psk key callback error";
wolfSSL 7:481bce714567 11651
wolfSSL 7:481bce714567 11652 case NTRU_KEY_ERROR:
wolfSSL 7:481bce714567 11653 return "NTRU key error";
wolfSSL 7:481bce714567 11654
wolfSSL 7:481bce714567 11655 case NTRU_DRBG_ERROR:
wolfSSL 7:481bce714567 11656 return "NTRU drbg error";
wolfSSL 7:481bce714567 11657
wolfSSL 7:481bce714567 11658 case NTRU_ENCRYPT_ERROR:
wolfSSL 7:481bce714567 11659 return "NTRU encrypt error";
wolfSSL 7:481bce714567 11660
wolfSSL 7:481bce714567 11661 case NTRU_DECRYPT_ERROR:
wolfSSL 7:481bce714567 11662 return "NTRU decrypt error";
wolfSSL 7:481bce714567 11663
wolfSSL 7:481bce714567 11664 case ZLIB_INIT_ERROR:
wolfSSL 7:481bce714567 11665 return "zlib init error";
wolfSSL 7:481bce714567 11666
wolfSSL 7:481bce714567 11667 case ZLIB_COMPRESS_ERROR:
wolfSSL 7:481bce714567 11668 return "zlib compress error";
wolfSSL 7:481bce714567 11669
wolfSSL 7:481bce714567 11670 case ZLIB_DECOMPRESS_ERROR:
wolfSSL 7:481bce714567 11671 return "zlib decompress error";
wolfSSL 7:481bce714567 11672
wolfSSL 7:481bce714567 11673 case GETTIME_ERROR:
wolfSSL 7:481bce714567 11674 return "gettimeofday() error";
wolfSSL 7:481bce714567 11675
wolfSSL 7:481bce714567 11676 case GETITIMER_ERROR:
wolfSSL 7:481bce714567 11677 return "getitimer() error";
wolfSSL 7:481bce714567 11678
wolfSSL 7:481bce714567 11679 case SIGACT_ERROR:
wolfSSL 7:481bce714567 11680 return "sigaction() error";
wolfSSL 7:481bce714567 11681
wolfSSL 7:481bce714567 11682 case SETITIMER_ERROR:
wolfSSL 7:481bce714567 11683 return "setitimer() error";
wolfSSL 7:481bce714567 11684
wolfSSL 7:481bce714567 11685 case LENGTH_ERROR:
wolfSSL 7:481bce714567 11686 return "record layer length error";
wolfSSL 7:481bce714567 11687
wolfSSL 7:481bce714567 11688 case PEER_KEY_ERROR:
wolfSSL 7:481bce714567 11689 return "cant decode peer key";
wolfSSL 7:481bce714567 11690
wolfSSL 7:481bce714567 11691 case ZERO_RETURN:
wolfSSL 7:481bce714567 11692 case SSL_ERROR_ZERO_RETURN:
wolfSSL 7:481bce714567 11693 return "peer sent close notify alert";
wolfSSL 7:481bce714567 11694
wolfSSL 7:481bce714567 11695 case ECC_CURVETYPE_ERROR:
wolfSSL 7:481bce714567 11696 return "Bad ECC Curve Type or unsupported";
wolfSSL 7:481bce714567 11697
wolfSSL 7:481bce714567 11698 case ECC_CURVE_ERROR:
wolfSSL 7:481bce714567 11699 return "Bad ECC Curve or unsupported";
wolfSSL 7:481bce714567 11700
wolfSSL 7:481bce714567 11701 case ECC_PEERKEY_ERROR:
wolfSSL 7:481bce714567 11702 return "Bad ECC Peer Key";
wolfSSL 7:481bce714567 11703
wolfSSL 7:481bce714567 11704 case ECC_MAKEKEY_ERROR:
wolfSSL 7:481bce714567 11705 return "ECC Make Key failure";
wolfSSL 7:481bce714567 11706
wolfSSL 7:481bce714567 11707 case ECC_EXPORT_ERROR:
wolfSSL 7:481bce714567 11708 return "ECC Export Key failure";
wolfSSL 7:481bce714567 11709
wolfSSL 7:481bce714567 11710 case ECC_SHARED_ERROR:
wolfSSL 7:481bce714567 11711 return "ECC DHE shared failure";
wolfSSL 7:481bce714567 11712
wolfSSL 7:481bce714567 11713 case NOT_CA_ERROR:
wolfSSL 7:481bce714567 11714 return "Not a CA by basic constraint error";
wolfSSL 7:481bce714567 11715
wolfSSL 7:481bce714567 11716
wolfSSL 7:481bce714567 11717 case BAD_CERT_MANAGER_ERROR:
wolfSSL 7:481bce714567 11718 return "Bad Cert Manager error";
wolfSSL 7:481bce714567 11719
wolfSSL 7:481bce714567 11720 case OCSP_CERT_REVOKED:
wolfSSL 7:481bce714567 11721 return "OCSP Cert revoked";
wolfSSL 7:481bce714567 11722
wolfSSL 7:481bce714567 11723 case CRL_CERT_REVOKED:
wolfSSL 7:481bce714567 11724 return "CRL Cert revoked";
wolfSSL 7:481bce714567 11725
wolfSSL 7:481bce714567 11726 case CRL_MISSING:
wolfSSL 7:481bce714567 11727 return "CRL missing, not loaded";
wolfSSL 7:481bce714567 11728
wolfSSL 7:481bce714567 11729 case MONITOR_SETUP_E:
wolfSSL 7:481bce714567 11730 return "CRL monitor setup error";
wolfSSL 7:481bce714567 11731
wolfSSL 7:481bce714567 11732 case THREAD_CREATE_E:
wolfSSL 7:481bce714567 11733 return "Thread creation problem";
wolfSSL 7:481bce714567 11734
wolfSSL 7:481bce714567 11735 case OCSP_NEED_URL:
wolfSSL 7:481bce714567 11736 return "OCSP need URL";
wolfSSL 7:481bce714567 11737
wolfSSL 7:481bce714567 11738 case OCSP_CERT_UNKNOWN:
wolfSSL 7:481bce714567 11739 return "OCSP Cert unknown";
wolfSSL 7:481bce714567 11740
wolfSSL 7:481bce714567 11741 case OCSP_LOOKUP_FAIL:
wolfSSL 7:481bce714567 11742 return "OCSP Responder lookup fail";
wolfSSL 7:481bce714567 11743
wolfSSL 7:481bce714567 11744 case MAX_CHAIN_ERROR:
wolfSSL 7:481bce714567 11745 return "Maximum Chain Depth Exceeded";
wolfSSL 7:481bce714567 11746
wolfSSL 7:481bce714567 11747 case COOKIE_ERROR:
wolfSSL 7:481bce714567 11748 return "DTLS Cookie Error";
wolfSSL 7:481bce714567 11749
wolfSSL 7:481bce714567 11750 case SEQUENCE_ERROR:
wolfSSL 7:481bce714567 11751 return "DTLS Sequence Error";
wolfSSL 7:481bce714567 11752
wolfSSL 7:481bce714567 11753 case SUITES_ERROR:
wolfSSL 7:481bce714567 11754 return "Suites Pointer Error";
wolfSSL 7:481bce714567 11755
wolfSSL 7:481bce714567 11756 case SSL_NO_PEM_HEADER:
wolfSSL 7:481bce714567 11757 return "No PEM Header Error";
wolfSSL 7:481bce714567 11758
wolfSSL 7:481bce714567 11759 case OUT_OF_ORDER_E:
wolfSSL 7:481bce714567 11760 return "Out of order message, fatal";
wolfSSL 7:481bce714567 11761
wolfSSL 7:481bce714567 11762 case BAD_KEA_TYPE_E:
wolfSSL 7:481bce714567 11763 return "Bad KEA type found";
wolfSSL 7:481bce714567 11764
wolfSSL 7:481bce714567 11765 case SANITY_CIPHER_E:
wolfSSL 7:481bce714567 11766 return "Sanity check on ciphertext failed";
wolfSSL 7:481bce714567 11767
wolfSSL 7:481bce714567 11768 case RECV_OVERFLOW_E:
wolfSSL 7:481bce714567 11769 return "Receive callback returned more than requested";
wolfSSL 7:481bce714567 11770
wolfSSL 7:481bce714567 11771 case GEN_COOKIE_E:
wolfSSL 7:481bce714567 11772 return "Generate Cookie Error";
wolfSSL 7:481bce714567 11773
wolfSSL 7:481bce714567 11774 case NO_PEER_VERIFY:
wolfSSL 7:481bce714567 11775 return "Need peer certificate verify Error";
wolfSSL 7:481bce714567 11776
wolfSSL 7:481bce714567 11777 case FWRITE_ERROR:
wolfSSL 7:481bce714567 11778 return "fwrite Error";
wolfSSL 7:481bce714567 11779
wolfSSL 7:481bce714567 11780 case CACHE_MATCH_ERROR:
wolfSSL 7:481bce714567 11781 return "Cache restore header match Error";
wolfSSL 7:481bce714567 11782
wolfSSL 7:481bce714567 11783 case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL 7:481bce714567 11784 return "Unrecognized host name Error";
wolfSSL 7:481bce714567 11785
wolfSSL 7:481bce714567 11786 case UNKNOWN_MAX_FRAG_LEN_E:
wolfSSL 7:481bce714567 11787 return "Unrecognized max frag len Error";
wolfSSL 7:481bce714567 11788
wolfSSL 7:481bce714567 11789 case KEYUSE_SIGNATURE_E:
wolfSSL 7:481bce714567 11790 return "Key Use digitalSignature not set Error";
wolfSSL 7:481bce714567 11791
wolfSSL 7:481bce714567 11792 case KEYUSE_ENCIPHER_E:
wolfSSL 7:481bce714567 11793 return "Key Use keyEncipherment not set Error";
wolfSSL 7:481bce714567 11794
wolfSSL 7:481bce714567 11795 case EXTKEYUSE_AUTH_E:
wolfSSL 7:481bce714567 11796 return "Ext Key Use server/client auth not set Error";
wolfSSL 7:481bce714567 11797
wolfSSL 7:481bce714567 11798 case SEND_OOB_READ_E:
wolfSSL 7:481bce714567 11799 return "Send Callback Out of Bounds Read Error";
wolfSSL 7:481bce714567 11800
wolfSSL 7:481bce714567 11801 case SECURE_RENEGOTIATION_E:
wolfSSL 7:481bce714567 11802 return "Invalid Renegotiation Error";
wolfSSL 7:481bce714567 11803
wolfSSL 7:481bce714567 11804 case SESSION_TICKET_LEN_E:
wolfSSL 7:481bce714567 11805 return "Session Ticket Too Long Error";
wolfSSL 7:481bce714567 11806
wolfSSL 7:481bce714567 11807 case SESSION_TICKET_EXPECT_E:
wolfSSL 7:481bce714567 11808 return "Session Ticket Error";
wolfSSL 7:481bce714567 11809
wolfSSL 7:481bce714567 11810 case SCR_DIFFERENT_CERT_E:
wolfSSL 7:481bce714567 11811 return "Peer sent different cert during SCR";
wolfSSL 7:481bce714567 11812
wolfSSL 7:481bce714567 11813 case SESSION_SECRET_CB_E:
wolfSSL 7:481bce714567 11814 return "Session Secret Callback Error";
wolfSSL 7:481bce714567 11815
wolfSSL 7:481bce714567 11816 case NO_CHANGE_CIPHER_E:
wolfSSL 7:481bce714567 11817 return "Finished received from peer before Change Cipher Error";
wolfSSL 7:481bce714567 11818
wolfSSL 7:481bce714567 11819 case SANITY_MSG_E:
wolfSSL 7:481bce714567 11820 return "Sanity Check on message order Error";
wolfSSL 7:481bce714567 11821
wolfSSL 7:481bce714567 11822 case DUPLICATE_MSG_E:
wolfSSL 7:481bce714567 11823 return "Duplicate HandShake message Error";
wolfSSL 7:481bce714567 11824
wolfSSL 7:481bce714567 11825 case SNI_UNSUPPORTED:
wolfSSL 7:481bce714567 11826 return "Protocol version does not support SNI Error";
wolfSSL 7:481bce714567 11827
wolfSSL 7:481bce714567 11828 case SOCKET_PEER_CLOSED_E:
wolfSSL 7:481bce714567 11829 return "Peer closed underlying transport Error";
wolfSSL 7:481bce714567 11830
wolfSSL 7:481bce714567 11831 case BAD_TICKET_KEY_CB_SZ:
wolfSSL 7:481bce714567 11832 return "Bad user session ticket key callback Size Error";
wolfSSL 7:481bce714567 11833
wolfSSL 7:481bce714567 11834 case BAD_TICKET_MSG_SZ:
wolfSSL 7:481bce714567 11835 return "Bad session ticket message Size Error";
wolfSSL 7:481bce714567 11836
wolfSSL 7:481bce714567 11837 case BAD_TICKET_ENCRYPT:
wolfSSL 7:481bce714567 11838 return "Bad user ticket callback encrypt Error";
wolfSSL 7:481bce714567 11839
wolfSSL 7:481bce714567 11840 case DH_KEY_SIZE_E:
wolfSSL 7:481bce714567 11841 return "DH key too small Error";
wolfSSL 7:481bce714567 11842
wolfSSL 7:481bce714567 11843 case SNI_ABSENT_ERROR:
wolfSSL 7:481bce714567 11844 return "No Server Name Indication extension Error";
wolfSSL 7:481bce714567 11845
wolfSSL 7:481bce714567 11846 case RSA_SIGN_FAULT:
wolfSSL 7:481bce714567 11847 return "RSA Signature Fault Error";
wolfSSL 7:481bce714567 11848
wolfSSL 7:481bce714567 11849 case HANDSHAKE_SIZE_ERROR:
wolfSSL 7:481bce714567 11850 return "Handshake message too large Error";
wolfSSL 7:481bce714567 11851
wolfSSL 7:481bce714567 11852 case UNKNOWN_ALPN_PROTOCOL_NAME_E:
wolfSSL 7:481bce714567 11853 return "Unrecognized protocol name Error";
wolfSSL 7:481bce714567 11854
wolfSSL 7:481bce714567 11855 case BAD_CERTIFICATE_STATUS_ERROR:
wolfSSL 7:481bce714567 11856 return "Bad Certificate Status Message Error";
wolfSSL 7:481bce714567 11857
wolfSSL 7:481bce714567 11858 case OCSP_INVALID_STATUS:
wolfSSL 7:481bce714567 11859 return "Invalid OCSP Status Error";
wolfSSL 7:481bce714567 11860
wolfSSL 7:481bce714567 11861 case RSA_KEY_SIZE_E:
wolfSSL 7:481bce714567 11862 return "RSA key too small";
wolfSSL 7:481bce714567 11863
wolfSSL 7:481bce714567 11864 case ECC_KEY_SIZE_E:
wolfSSL 7:481bce714567 11865 return "ECC key too small";
wolfSSL 7:481bce714567 11866
wolfSSL 7:481bce714567 11867 case DTLS_EXPORT_VER_E:
wolfSSL 7:481bce714567 11868 return "Version needs updated after code change or version mismatch";
wolfSSL 7:481bce714567 11869
wolfSSL 7:481bce714567 11870 case INPUT_SIZE_E:
wolfSSL 7:481bce714567 11871 return "Input size too large Error";
wolfSSL 7:481bce714567 11872
wolfSSL 7:481bce714567 11873 case CTX_INIT_MUTEX_E:
wolfSSL 7:481bce714567 11874 return "Initialize ctx mutex error";
wolfSSL 7:481bce714567 11875
wolfSSL 7:481bce714567 11876 case EXT_MASTER_SECRET_NEEDED_E:
wolfSSL 7:481bce714567 11877 return "Extended Master Secret must be enabled to resume EMS session";
wolfSSL 7:481bce714567 11878
wolfSSL 7:481bce714567 11879 case DTLS_POOL_SZ_E:
wolfSSL 7:481bce714567 11880 return "Maximum DTLS pool size exceeded";
wolfSSL 7:481bce714567 11881
wolfSSL 7:481bce714567 11882 case DECODE_E:
wolfSSL 7:481bce714567 11883 return "Decode handshake message error";
wolfSSL 7:481bce714567 11884
wolfSSL 7:481bce714567 11885 default :
wolfSSL 7:481bce714567 11886 return "unknown error number";
wolfSSL 7:481bce714567 11887 }
wolfSSL 7:481bce714567 11888
wolfSSL 7:481bce714567 11889 #endif /* NO_ERROR_STRINGS */
wolfSSL 7:481bce714567 11890 }
wolfSSL 7:481bce714567 11891
wolfSSL 7:481bce714567 11892 void SetErrorString(int error, char* str)
wolfSSL 7:481bce714567 11893 {
wolfSSL 7:481bce714567 11894 XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
wolfSSL 7:481bce714567 11895 }
wolfSSL 7:481bce714567 11896
wolfSSL 7:481bce714567 11897
wolfSSL 7:481bce714567 11898 /* be sure to add to cipher_name_idx too !!!! */
wolfSSL 7:481bce714567 11899 static const char* const cipher_names[] =
wolfSSL 7:481bce714567 11900 {
wolfSSL 7:481bce714567 11901 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 11902 "RC4-SHA",
wolfSSL 7:481bce714567 11903 #endif
wolfSSL 7:481bce714567 11904
wolfSSL 7:481bce714567 11905 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 7:481bce714567 11906 "RC4-MD5",
wolfSSL 7:481bce714567 11907 #endif
wolfSSL 7:481bce714567 11908
wolfSSL 7:481bce714567 11909 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 11910 "DES-CBC3-SHA",
wolfSSL 7:481bce714567 11911 #endif
wolfSSL 7:481bce714567 11912
wolfSSL 7:481bce714567 11913 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 11914 "AES128-SHA",
wolfSSL 7:481bce714567 11915 #endif
wolfSSL 7:481bce714567 11916
wolfSSL 7:481bce714567 11917 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 11918 "AES256-SHA",
wolfSSL 7:481bce714567 11919 #endif
wolfSSL 7:481bce714567 11920
wolfSSL 7:481bce714567 11921 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 11922 "NULL-SHA",
wolfSSL 7:481bce714567 11923 #endif
wolfSSL 7:481bce714567 11924
wolfSSL 7:481bce714567 11925 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 7:481bce714567 11926 "NULL-SHA256",
wolfSSL 7:481bce714567 11927 #endif
wolfSSL 7:481bce714567 11928
wolfSSL 7:481bce714567 11929 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 11930 "DHE-RSA-AES128-SHA",
wolfSSL 7:481bce714567 11931 #endif
wolfSSL 7:481bce714567 11932
wolfSSL 7:481bce714567 11933 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 11934 "DHE-RSA-AES256-SHA",
wolfSSL 7:481bce714567 11935 #endif
wolfSSL 7:481bce714567 11936
wolfSSL 7:481bce714567 11937 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 11938 "DHE-PSK-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 11939 #endif
wolfSSL 7:481bce714567 11940
wolfSSL 7:481bce714567 11941 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 11942 "DHE-PSK-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 11943 #endif
wolfSSL 7:481bce714567 11944
wolfSSL 7:481bce714567 11945 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 11946 "PSK-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 11947 #endif
wolfSSL 7:481bce714567 11948
wolfSSL 7:481bce714567 11949 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 11950 "PSK-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 11951 #endif
wolfSSL 7:481bce714567 11952
wolfSSL 7:481bce714567 11953 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 11954 "DHE-PSK-AES256-CBC-SHA384",
wolfSSL 7:481bce714567 11955 #endif
wolfSSL 7:481bce714567 11956
wolfSSL 7:481bce714567 11957 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 11958 "DHE-PSK-AES128-CBC-SHA256",
wolfSSL 7:481bce714567 11959 #endif
wolfSSL 7:481bce714567 11960
wolfSSL 7:481bce714567 11961 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 11962 "PSK-AES256-CBC-SHA384",
wolfSSL 7:481bce714567 11963 #endif
wolfSSL 7:481bce714567 11964
wolfSSL 7:481bce714567 11965 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 11966 "PSK-AES128-CBC-SHA256",
wolfSSL 7:481bce714567 11967 #endif
wolfSSL 7:481bce714567 11968
wolfSSL 7:481bce714567 11969 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 11970 "PSK-AES128-CBC-SHA",
wolfSSL 7:481bce714567 11971 #endif
wolfSSL 7:481bce714567 11972
wolfSSL 7:481bce714567 11973 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 11974 "PSK-AES256-CBC-SHA",
wolfSSL 7:481bce714567 11975 #endif
wolfSSL 7:481bce714567 11976
wolfSSL 7:481bce714567 11977 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 11978 "DHE-PSK-AES128-CCM",
wolfSSL 7:481bce714567 11979 #endif
wolfSSL 7:481bce714567 11980
wolfSSL 7:481bce714567 11981 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 11982 "DHE-PSK-AES256-CCM",
wolfSSL 7:481bce714567 11983 #endif
wolfSSL 7:481bce714567 11984
wolfSSL 7:481bce714567 11985 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 11986 "PSK-AES128-CCM",
wolfSSL 7:481bce714567 11987 #endif
wolfSSL 7:481bce714567 11988
wolfSSL 7:481bce714567 11989 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 11990 "PSK-AES256-CCM",
wolfSSL 7:481bce714567 11991 #endif
wolfSSL 7:481bce714567 11992
wolfSSL 7:481bce714567 11993 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 11994 "PSK-AES128-CCM-8",
wolfSSL 7:481bce714567 11995 #endif
wolfSSL 7:481bce714567 11996
wolfSSL 7:481bce714567 11997 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 11998 "PSK-AES256-CCM-8",
wolfSSL 7:481bce714567 11999 #endif
wolfSSL 7:481bce714567 12000
wolfSSL 7:481bce714567 12001 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 12002 "DHE-PSK-NULL-SHA384",
wolfSSL 7:481bce714567 12003 #endif
wolfSSL 7:481bce714567 12004
wolfSSL 7:481bce714567 12005 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12006 "DHE-PSK-NULL-SHA256",
wolfSSL 7:481bce714567 12007 #endif
wolfSSL 7:481bce714567 12008
wolfSSL 7:481bce714567 12009 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 12010 "PSK-NULL-SHA384",
wolfSSL 7:481bce714567 12011 #endif
wolfSSL 7:481bce714567 12012
wolfSSL 7:481bce714567 12013 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12014 "PSK-NULL-SHA256",
wolfSSL 7:481bce714567 12015 #endif
wolfSSL 7:481bce714567 12016
wolfSSL 7:481bce714567 12017 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 7:481bce714567 12018 "PSK-NULL-SHA",
wolfSSL 7:481bce714567 12019 #endif
wolfSSL 7:481bce714567 12020
wolfSSL 7:481bce714567 12021 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 7:481bce714567 12022 "HC128-MD5",
wolfSSL 7:481bce714567 12023 #endif
wolfSSL 7:481bce714567 12024
wolfSSL 7:481bce714567 12025 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 7:481bce714567 12026 "HC128-SHA",
wolfSSL 7:481bce714567 12027 #endif
wolfSSL 7:481bce714567 12028
wolfSSL 7:481bce714567 12029 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 7:481bce714567 12030 "HC128-B2B256",
wolfSSL 7:481bce714567 12031 #endif
wolfSSL 7:481bce714567 12032
wolfSSL 7:481bce714567 12033 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 7:481bce714567 12034 "AES128-B2B256",
wolfSSL 7:481bce714567 12035 #endif
wolfSSL 7:481bce714567 12036
wolfSSL 7:481bce714567 12037 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 7:481bce714567 12038 "AES256-B2B256",
wolfSSL 7:481bce714567 12039 #endif
wolfSSL 7:481bce714567 12040
wolfSSL 7:481bce714567 12041 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 7:481bce714567 12042 "RABBIT-SHA",
wolfSSL 7:481bce714567 12043 #endif
wolfSSL 7:481bce714567 12044
wolfSSL 7:481bce714567 12045 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12046 "NTRU-RC4-SHA",
wolfSSL 7:481bce714567 12047 #endif
wolfSSL 7:481bce714567 12048
wolfSSL 7:481bce714567 12049 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12050 "NTRU-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12051 #endif
wolfSSL 7:481bce714567 12052
wolfSSL 7:481bce714567 12053 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12054 "NTRU-AES128-SHA",
wolfSSL 7:481bce714567 12055 #endif
wolfSSL 7:481bce714567 12056
wolfSSL 7:481bce714567 12057 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12058 "NTRU-AES256-SHA",
wolfSSL 7:481bce714567 12059 #endif
wolfSSL 7:481bce714567 12060
wolfSSL 7:481bce714567 12061 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 12062 "AES128-CCM-8",
wolfSSL 7:481bce714567 12063 #endif
wolfSSL 7:481bce714567 12064
wolfSSL 7:481bce714567 12065 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 12066 "AES256-CCM-8",
wolfSSL 7:481bce714567 12067 #endif
wolfSSL 7:481bce714567 12068
wolfSSL 7:481bce714567 12069 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 7:481bce714567 12070 "ECDHE-ECDSA-AES128-CCM",
wolfSSL 7:481bce714567 12071 #endif
wolfSSL 7:481bce714567 12072
wolfSSL 7:481bce714567 12073 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 12074 "ECDHE-ECDSA-AES128-CCM-8",
wolfSSL 7:481bce714567 12075 #endif
wolfSSL 7:481bce714567 12076
wolfSSL 7:481bce714567 12077 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 12078 "ECDHE-ECDSA-AES256-CCM-8",
wolfSSL 7:481bce714567 12079 #endif
wolfSSL 7:481bce714567 12080
wolfSSL 7:481bce714567 12081 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12082 "ECDHE-RSA-AES128-SHA",
wolfSSL 7:481bce714567 12083 #endif
wolfSSL 7:481bce714567 12084
wolfSSL 7:481bce714567 12085 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12086 "ECDHE-RSA-AES256-SHA",
wolfSSL 7:481bce714567 12087 #endif
wolfSSL 7:481bce714567 12088
wolfSSL 7:481bce714567 12089 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12090 "ECDHE-ECDSA-AES128-SHA",
wolfSSL 7:481bce714567 12091 #endif
wolfSSL 7:481bce714567 12092
wolfSSL 7:481bce714567 12093 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12094 "ECDHE-ECDSA-AES256-SHA",
wolfSSL 7:481bce714567 12095 #endif
wolfSSL 7:481bce714567 12096
wolfSSL 7:481bce714567 12097 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12098 "ECDHE-RSA-RC4-SHA",
wolfSSL 7:481bce714567 12099 #endif
wolfSSL 7:481bce714567 12100
wolfSSL 7:481bce714567 12101 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12102 "ECDHE-RSA-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12103 #endif
wolfSSL 7:481bce714567 12104
wolfSSL 7:481bce714567 12105 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12106 "ECDHE-ECDSA-RC4-SHA",
wolfSSL 7:481bce714567 12107 #endif
wolfSSL 7:481bce714567 12108
wolfSSL 7:481bce714567 12109 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12110 "ECDHE-ECDSA-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12111 #endif
wolfSSL 7:481bce714567 12112
wolfSSL 7:481bce714567 12113 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12114 "AES128-SHA256",
wolfSSL 7:481bce714567 12115 #endif
wolfSSL 7:481bce714567 12116
wolfSSL 7:481bce714567 12117 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 12118 "AES256-SHA256",
wolfSSL 7:481bce714567 12119 #endif
wolfSSL 7:481bce714567 12120
wolfSSL 7:481bce714567 12121 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12122 "DHE-RSA-AES128-SHA256",
wolfSSL 7:481bce714567 12123 #endif
wolfSSL 7:481bce714567 12124
wolfSSL 7:481bce714567 12125 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 12126 "DHE-RSA-AES256-SHA256",
wolfSSL 7:481bce714567 12127 #endif
wolfSSL 7:481bce714567 12128
wolfSSL 7:481bce714567 12129 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12130 "ECDH-RSA-AES128-SHA",
wolfSSL 7:481bce714567 12131 #endif
wolfSSL 7:481bce714567 12132
wolfSSL 7:481bce714567 12133 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12134 "ECDH-RSA-AES256-SHA",
wolfSSL 7:481bce714567 12135 #endif
wolfSSL 7:481bce714567 12136
wolfSSL 7:481bce714567 12137 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12138 "ECDH-ECDSA-AES128-SHA",
wolfSSL 7:481bce714567 12139 #endif
wolfSSL 7:481bce714567 12140
wolfSSL 7:481bce714567 12141 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12142 "ECDH-ECDSA-AES256-SHA",
wolfSSL 7:481bce714567 12143 #endif
wolfSSL 7:481bce714567 12144
wolfSSL 7:481bce714567 12145 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12146 "ECDH-RSA-RC4-SHA",
wolfSSL 7:481bce714567 12147 #endif
wolfSSL 7:481bce714567 12148
wolfSSL 7:481bce714567 12149 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12150 "ECDH-RSA-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12151 #endif
wolfSSL 7:481bce714567 12152
wolfSSL 7:481bce714567 12153 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12154 "ECDH-ECDSA-RC4-SHA",
wolfSSL 7:481bce714567 12155 #endif
wolfSSL 7:481bce714567 12156
wolfSSL 7:481bce714567 12157 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12158 "ECDH-ECDSA-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12159 #endif
wolfSSL 7:481bce714567 12160
wolfSSL 7:481bce714567 12161 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12162 "AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12163 #endif
wolfSSL 7:481bce714567 12164
wolfSSL 7:481bce714567 12165 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12166 "AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12167 #endif
wolfSSL 7:481bce714567 12168
wolfSSL 7:481bce714567 12169 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12170 "DHE-RSA-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12171 #endif
wolfSSL 7:481bce714567 12172
wolfSSL 7:481bce714567 12173 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12174 "DHE-RSA-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12175 #endif
wolfSSL 7:481bce714567 12176
wolfSSL 7:481bce714567 12177 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12178 "ECDHE-RSA-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12179 #endif
wolfSSL 7:481bce714567 12180
wolfSSL 7:481bce714567 12181 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12182 "ECDHE-RSA-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12183 #endif
wolfSSL 7:481bce714567 12184
wolfSSL 7:481bce714567 12185 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12186 "ECDHE-ECDSA-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12187 #endif
wolfSSL 7:481bce714567 12188
wolfSSL 7:481bce714567 12189 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12190 "ECDHE-ECDSA-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12191 #endif
wolfSSL 7:481bce714567 12192
wolfSSL 7:481bce714567 12193 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12194 "ECDH-RSA-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12195 #endif
wolfSSL 7:481bce714567 12196
wolfSSL 7:481bce714567 12197 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12198 "ECDH-RSA-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12199 #endif
wolfSSL 7:481bce714567 12200
wolfSSL 7:481bce714567 12201 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12202 "ECDH-ECDSA-AES128-GCM-SHA256",
wolfSSL 7:481bce714567 12203 #endif
wolfSSL 7:481bce714567 12204
wolfSSL 7:481bce714567 12205 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12206 "ECDH-ECDSA-AES256-GCM-SHA384",
wolfSSL 7:481bce714567 12207 #endif
wolfSSL 7:481bce714567 12208
wolfSSL 7:481bce714567 12209 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 12210 "CAMELLIA128-SHA",
wolfSSL 7:481bce714567 12211 #endif
wolfSSL 7:481bce714567 12212
wolfSSL 7:481bce714567 12213 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 12214 "DHE-RSA-CAMELLIA128-SHA",
wolfSSL 7:481bce714567 12215 #endif
wolfSSL 7:481bce714567 12216
wolfSSL 7:481bce714567 12217 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 12218 "CAMELLIA256-SHA",
wolfSSL 7:481bce714567 12219 #endif
wolfSSL 7:481bce714567 12220
wolfSSL 7:481bce714567 12221 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 12222 "DHE-RSA-CAMELLIA256-SHA",
wolfSSL 7:481bce714567 12223 #endif
wolfSSL 7:481bce714567 12224
wolfSSL 7:481bce714567 12225 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 12226 "CAMELLIA128-SHA256",
wolfSSL 7:481bce714567 12227 #endif
wolfSSL 7:481bce714567 12228
wolfSSL 7:481bce714567 12229 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 12230 "DHE-RSA-CAMELLIA128-SHA256",
wolfSSL 7:481bce714567 12231 #endif
wolfSSL 7:481bce714567 12232
wolfSSL 7:481bce714567 12233 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 12234 "CAMELLIA256-SHA256",
wolfSSL 7:481bce714567 12235 #endif
wolfSSL 7:481bce714567 12236
wolfSSL 7:481bce714567 12237 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 12238 "DHE-RSA-CAMELLIA256-SHA256",
wolfSSL 7:481bce714567 12239 #endif
wolfSSL 7:481bce714567 12240
wolfSSL 7:481bce714567 12241 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12242 "ECDHE-RSA-AES128-SHA256",
wolfSSL 7:481bce714567 12243 #endif
wolfSSL 7:481bce714567 12244
wolfSSL 7:481bce714567 12245 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12246 "ECDHE-ECDSA-AES128-SHA256",
wolfSSL 7:481bce714567 12247 #endif
wolfSSL 7:481bce714567 12248
wolfSSL 7:481bce714567 12249 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12250 "ECDH-RSA-AES128-SHA256",
wolfSSL 7:481bce714567 12251 #endif
wolfSSL 7:481bce714567 12252
wolfSSL 7:481bce714567 12253 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12254 "ECDH-ECDSA-AES128-SHA256",
wolfSSL 7:481bce714567 12255 #endif
wolfSSL 7:481bce714567 12256
wolfSSL 7:481bce714567 12257 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12258 "ECDHE-RSA-AES256-SHA384",
wolfSSL 7:481bce714567 12259 #endif
wolfSSL 7:481bce714567 12260
wolfSSL 7:481bce714567 12261 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12262 "ECDHE-ECDSA-AES256-SHA384",
wolfSSL 7:481bce714567 12263 #endif
wolfSSL 7:481bce714567 12264
wolfSSL 7:481bce714567 12265 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12266 "ECDH-RSA-AES256-SHA384",
wolfSSL 7:481bce714567 12267 #endif
wolfSSL 7:481bce714567 12268
wolfSSL 7:481bce714567 12269 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12270 "ECDH-ECDSA-AES256-SHA384",
wolfSSL 7:481bce714567 12271 #endif
wolfSSL 7:481bce714567 12272
wolfSSL 7:481bce714567 12273 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12274 "ECDHE-RSA-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12275 #endif
wolfSSL 7:481bce714567 12276
wolfSSL 7:481bce714567 12277 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12278 "ECDHE-ECDSA-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12279 #endif
wolfSSL 7:481bce714567 12280
wolfSSL 7:481bce714567 12281 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12282 "DHE-RSA-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12283 #endif
wolfSSL 7:481bce714567 12284
wolfSSL 7:481bce714567 12285 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12286 "ECDHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 7:481bce714567 12287 #endif
wolfSSL 7:481bce714567 12288
wolfSSL 7:481bce714567 12289 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12290 "ECDHE-ECDSA-CHACHA20-POLY1305-OLD",
wolfSSL 7:481bce714567 12291 #endif
wolfSSL 7:481bce714567 12292
wolfSSL 7:481bce714567 12293 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12294 "DHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 7:481bce714567 12295 #endif
wolfSSL 7:481bce714567 12296
wolfSSL 7:481bce714567 12297 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12298 "ADH-AES128-SHA",
wolfSSL 7:481bce714567 12299 #endif
wolfSSL 7:481bce714567 12300
wolfSSL 7:481bce714567 12301 #ifdef BUILD_TLS_QSH
wolfSSL 7:481bce714567 12302 "QSH",
wolfSSL 7:481bce714567 12303 #endif
wolfSSL 7:481bce714567 12304
wolfSSL 7:481bce714567 12305 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 7:481bce714567 12306 "RENEGOTIATION-INFO",
wolfSSL 7:481bce714567 12307 #endif
wolfSSL 7:481bce714567 12308
wolfSSL 7:481bce714567 12309 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 7:481bce714567 12310 "IDEA-CBC-SHA",
wolfSSL 7:481bce714567 12311 #endif
wolfSSL 7:481bce714567 12312
wolfSSL 7:481bce714567 12313 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 12314 "ECDHE-ECDSA-NULL-SHA",
wolfSSL 7:481bce714567 12315 #endif
wolfSSL 7:481bce714567 12316
wolfSSL 7:481bce714567 12317 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12318 "ECDHE-PSK-NULL-SHA256",
wolfSSL 7:481bce714567 12319 #endif
wolfSSL 7:481bce714567 12320
wolfSSL 7:481bce714567 12321 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12322 "ECDHE-PSK-AES128-CBC-SHA256",
wolfSSL 7:481bce714567 12323 #endif
wolfSSL 7:481bce714567 12324
wolfSSL 7:481bce714567 12325 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12326 "PSK-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12327 #endif
wolfSSL 7:481bce714567 12328
wolfSSL 7:481bce714567 12329 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12330 "ECDHE-PSK-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12331 #endif
wolfSSL 7:481bce714567 12332
wolfSSL 7:481bce714567 12333 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12334 "DHE-PSK-CHACHA20-POLY1305",
wolfSSL 7:481bce714567 12335 #endif
wolfSSL 7:481bce714567 12336
wolfSSL 7:481bce714567 12337 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12338 "EDH-RSA-DES-CBC3-SHA",
wolfSSL 7:481bce714567 12339 #endif
wolfSSL 7:481bce714567 12340 };
wolfSSL 7:481bce714567 12341
wolfSSL 7:481bce714567 12342
wolfSSL 7:481bce714567 12343 /* cipher suite number that matches above name table */
wolfSSL 7:481bce714567 12344 static int cipher_name_idx[] =
wolfSSL 7:481bce714567 12345 {
wolfSSL 7:481bce714567 12346
wolfSSL 7:481bce714567 12347 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12348 SSL_RSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12349 #endif
wolfSSL 7:481bce714567 12350
wolfSSL 7:481bce714567 12351 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 7:481bce714567 12352 SSL_RSA_WITH_RC4_128_MD5,
wolfSSL 7:481bce714567 12353 #endif
wolfSSL 7:481bce714567 12354
wolfSSL 7:481bce714567 12355 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12356 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12357 #endif
wolfSSL 7:481bce714567 12358
wolfSSL 7:481bce714567 12359 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12360 TLS_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12361 #endif
wolfSSL 7:481bce714567 12362
wolfSSL 7:481bce714567 12363 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12364 TLS_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12365 #endif
wolfSSL 7:481bce714567 12366
wolfSSL 7:481bce714567 12367 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 12368 TLS_RSA_WITH_NULL_SHA,
wolfSSL 7:481bce714567 12369 #endif
wolfSSL 7:481bce714567 12370
wolfSSL 7:481bce714567 12371 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12372 TLS_RSA_WITH_NULL_SHA256,
wolfSSL 7:481bce714567 12373 #endif
wolfSSL 7:481bce714567 12374
wolfSSL 7:481bce714567 12375 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12376 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12377 #endif
wolfSSL 7:481bce714567 12378
wolfSSL 7:481bce714567 12379 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12380 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12381 #endif
wolfSSL 7:481bce714567 12382
wolfSSL 7:481bce714567 12383 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12384 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12385 #endif
wolfSSL 7:481bce714567 12386
wolfSSL 7:481bce714567 12387 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12388 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12389 #endif
wolfSSL 7:481bce714567 12390
wolfSSL 7:481bce714567 12391 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12392 TLS_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12393 #endif
wolfSSL 7:481bce714567 12394
wolfSSL 7:481bce714567 12395 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12396 TLS_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12397 #endif
wolfSSL 7:481bce714567 12398
wolfSSL 7:481bce714567 12399 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12400 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12401 #endif
wolfSSL 7:481bce714567 12402
wolfSSL 7:481bce714567 12403 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12404 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12405 #endif
wolfSSL 7:481bce714567 12406
wolfSSL 7:481bce714567 12407 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12408 TLS_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12409 #endif
wolfSSL 7:481bce714567 12410
wolfSSL 7:481bce714567 12411 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12412 TLS_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12413 #endif
wolfSSL 7:481bce714567 12414
wolfSSL 7:481bce714567 12415 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12416 TLS_PSK_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12417 #endif
wolfSSL 7:481bce714567 12418
wolfSSL 7:481bce714567 12419 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12420 TLS_PSK_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12421 #endif
wolfSSL 7:481bce714567 12422
wolfSSL 7:481bce714567 12423 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 12424 TLS_DHE_PSK_WITH_AES_128_CCM,
wolfSSL 7:481bce714567 12425 #endif
wolfSSL 7:481bce714567 12426
wolfSSL 7:481bce714567 12427 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 12428 TLS_DHE_PSK_WITH_AES_256_CCM,
wolfSSL 7:481bce714567 12429 #endif
wolfSSL 7:481bce714567 12430
wolfSSL 7:481bce714567 12431 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 7:481bce714567 12432 TLS_PSK_WITH_AES_128_CCM,
wolfSSL 7:481bce714567 12433 #endif
wolfSSL 7:481bce714567 12434
wolfSSL 7:481bce714567 12435 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 7:481bce714567 12436 TLS_PSK_WITH_AES_256_CCM,
wolfSSL 7:481bce714567 12437 #endif
wolfSSL 7:481bce714567 12438
wolfSSL 7:481bce714567 12439 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 12440 TLS_PSK_WITH_AES_128_CCM_8,
wolfSSL 7:481bce714567 12441 #endif
wolfSSL 7:481bce714567 12442
wolfSSL 7:481bce714567 12443 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 12444 TLS_PSK_WITH_AES_256_CCM_8,
wolfSSL 7:481bce714567 12445 #endif
wolfSSL 7:481bce714567 12446
wolfSSL 7:481bce714567 12447 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 12448 TLS_DHE_PSK_WITH_NULL_SHA384,
wolfSSL 7:481bce714567 12449 #endif
wolfSSL 7:481bce714567 12450
wolfSSL 7:481bce714567 12451 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12452 TLS_DHE_PSK_WITH_NULL_SHA256,
wolfSSL 7:481bce714567 12453 #endif
wolfSSL 7:481bce714567 12454
wolfSSL 7:481bce714567 12455 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 7:481bce714567 12456 TLS_PSK_WITH_NULL_SHA384,
wolfSSL 7:481bce714567 12457 #endif
wolfSSL 7:481bce714567 12458
wolfSSL 7:481bce714567 12459 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12460 TLS_PSK_WITH_NULL_SHA256,
wolfSSL 7:481bce714567 12461 #endif
wolfSSL 7:481bce714567 12462
wolfSSL 7:481bce714567 12463 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 7:481bce714567 12464 TLS_PSK_WITH_NULL_SHA,
wolfSSL 7:481bce714567 12465 #endif
wolfSSL 7:481bce714567 12466
wolfSSL 7:481bce714567 12467 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 7:481bce714567 12468 TLS_RSA_WITH_HC_128_MD5,
wolfSSL 7:481bce714567 12469 #endif
wolfSSL 7:481bce714567 12470
wolfSSL 7:481bce714567 12471 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 7:481bce714567 12472 TLS_RSA_WITH_HC_128_SHA,
wolfSSL 7:481bce714567 12473 #endif
wolfSSL 7:481bce714567 12474
wolfSSL 7:481bce714567 12475 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 7:481bce714567 12476 TLS_RSA_WITH_HC_128_B2B256,
wolfSSL 7:481bce714567 12477 #endif
wolfSSL 7:481bce714567 12478
wolfSSL 7:481bce714567 12479 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 7:481bce714567 12480 TLS_RSA_WITH_AES_128_CBC_B2B256,
wolfSSL 7:481bce714567 12481 #endif
wolfSSL 7:481bce714567 12482
wolfSSL 7:481bce714567 12483 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 7:481bce714567 12484 TLS_RSA_WITH_AES_256_CBC_B2B256,
wolfSSL 7:481bce714567 12485 #endif
wolfSSL 7:481bce714567 12486
wolfSSL 7:481bce714567 12487 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 7:481bce714567 12488 TLS_RSA_WITH_RABBIT_SHA,
wolfSSL 7:481bce714567 12489 #endif
wolfSSL 7:481bce714567 12490
wolfSSL 7:481bce714567 12491 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12492 TLS_NTRU_RSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12493 #endif
wolfSSL 7:481bce714567 12494
wolfSSL 7:481bce714567 12495 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12496 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12497 #endif
wolfSSL 7:481bce714567 12498
wolfSSL 7:481bce714567 12499 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12500 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12501 #endif
wolfSSL 7:481bce714567 12502
wolfSSL 7:481bce714567 12503 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12504 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12505 #endif
wolfSSL 7:481bce714567 12506
wolfSSL 7:481bce714567 12507 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 12508 TLS_RSA_WITH_AES_128_CCM_8,
wolfSSL 7:481bce714567 12509 #endif
wolfSSL 7:481bce714567 12510
wolfSSL 7:481bce714567 12511 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 12512 TLS_RSA_WITH_AES_256_CCM_8,
wolfSSL 7:481bce714567 12513 #endif
wolfSSL 7:481bce714567 12514
wolfSSL 7:481bce714567 12515 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 7:481bce714567 12516 TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
wolfSSL 7:481bce714567 12517 #endif
wolfSSL 7:481bce714567 12518
wolfSSL 7:481bce714567 12519 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 7:481bce714567 12520 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
wolfSSL 7:481bce714567 12521 #endif
wolfSSL 7:481bce714567 12522
wolfSSL 7:481bce714567 12523 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 7:481bce714567 12524 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
wolfSSL 7:481bce714567 12525 #endif
wolfSSL 7:481bce714567 12526
wolfSSL 7:481bce714567 12527 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12528 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12529 #endif
wolfSSL 7:481bce714567 12530
wolfSSL 7:481bce714567 12531 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12532 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12533 #endif
wolfSSL 7:481bce714567 12534
wolfSSL 7:481bce714567 12535 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12536 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12537 #endif
wolfSSL 7:481bce714567 12538
wolfSSL 7:481bce714567 12539 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12540 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12541 #endif
wolfSSL 7:481bce714567 12542
wolfSSL 7:481bce714567 12543 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12544 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12545 #endif
wolfSSL 7:481bce714567 12546
wolfSSL 7:481bce714567 12547 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12548 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12549 #endif
wolfSSL 7:481bce714567 12550
wolfSSL 7:481bce714567 12551 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12552 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12553 #endif
wolfSSL 7:481bce714567 12554
wolfSSL 7:481bce714567 12555 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12556 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12557 #endif
wolfSSL 7:481bce714567 12558
wolfSSL 7:481bce714567 12559 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12560 TLS_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12561 #endif
wolfSSL 7:481bce714567 12562
wolfSSL 7:481bce714567 12563 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 12564 TLS_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 7:481bce714567 12565 #endif
wolfSSL 7:481bce714567 12566
wolfSSL 7:481bce714567 12567 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12568 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12569 #endif
wolfSSL 7:481bce714567 12570
wolfSSL 7:481bce714567 12571 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 7:481bce714567 12572 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 7:481bce714567 12573 #endif
wolfSSL 7:481bce714567 12574
wolfSSL 7:481bce714567 12575 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12576 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12577 #endif
wolfSSL 7:481bce714567 12578
wolfSSL 7:481bce714567 12579 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12580 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12581 #endif
wolfSSL 7:481bce714567 12582
wolfSSL 7:481bce714567 12583 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12584 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12585 #endif
wolfSSL 7:481bce714567 12586
wolfSSL 7:481bce714567 12587 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 7:481bce714567 12588 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 7:481bce714567 12589 #endif
wolfSSL 7:481bce714567 12590
wolfSSL 7:481bce714567 12591 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12592 TLS_ECDH_RSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12593 #endif
wolfSSL 7:481bce714567 12594
wolfSSL 7:481bce714567 12595 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12596 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12597 #endif
wolfSSL 7:481bce714567 12598
wolfSSL 7:481bce714567 12599 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 7:481bce714567 12600 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
wolfSSL 7:481bce714567 12601 #endif
wolfSSL 7:481bce714567 12602
wolfSSL 7:481bce714567 12603 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12604 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12605 #endif
wolfSSL 7:481bce714567 12606
wolfSSL 7:481bce714567 12607 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12608 TLS_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12609 #endif
wolfSSL 7:481bce714567 12610
wolfSSL 7:481bce714567 12611 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12612 TLS_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12613 #endif
wolfSSL 7:481bce714567 12614
wolfSSL 7:481bce714567 12615 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12616 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12617 #endif
wolfSSL 7:481bce714567 12618
wolfSSL 7:481bce714567 12619 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12620 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12621 #endif
wolfSSL 7:481bce714567 12622
wolfSSL 7:481bce714567 12623 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12624 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12625 #endif
wolfSSL 7:481bce714567 12626
wolfSSL 7:481bce714567 12627 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12628 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12629 #endif
wolfSSL 7:481bce714567 12630
wolfSSL 7:481bce714567 12631 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12632 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12633 #endif
wolfSSL 7:481bce714567 12634
wolfSSL 7:481bce714567 12635 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12636 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12637 #endif
wolfSSL 7:481bce714567 12638
wolfSSL 7:481bce714567 12639 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12640 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12641 #endif
wolfSSL 7:481bce714567 12642
wolfSSL 7:481bce714567 12643 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12644 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12645 #endif
wolfSSL 7:481bce714567 12646
wolfSSL 7:481bce714567 12647 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 7:481bce714567 12648 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 7:481bce714567 12649 #endif
wolfSSL 7:481bce714567 12650
wolfSSL 7:481bce714567 12651 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 7:481bce714567 12652 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 7:481bce714567 12653 #endif
wolfSSL 7:481bce714567 12654
wolfSSL 7:481bce714567 12655 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 12656 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 7:481bce714567 12657 #endif
wolfSSL 7:481bce714567 12658
wolfSSL 7:481bce714567 12659 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 7:481bce714567 12660 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 7:481bce714567 12661 #endif
wolfSSL 7:481bce714567 12662
wolfSSL 7:481bce714567 12663 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 12664 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 7:481bce714567 12665 #endif
wolfSSL 7:481bce714567 12666
wolfSSL 7:481bce714567 12667 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 7:481bce714567 12668 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 7:481bce714567 12669 #endif
wolfSSL 7:481bce714567 12670
wolfSSL 7:481bce714567 12671 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 12672 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 7:481bce714567 12673 #endif
wolfSSL 7:481bce714567 12674
wolfSSL 7:481bce714567 12675 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 7:481bce714567 12676 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 7:481bce714567 12677 #endif
wolfSSL 7:481bce714567 12678
wolfSSL 7:481bce714567 12679 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 12680 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 7:481bce714567 12681 #endif
wolfSSL 7:481bce714567 12682
wolfSSL 7:481bce714567 12683 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 7:481bce714567 12684 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 7:481bce714567 12685 #endif
wolfSSL 7:481bce714567 12686
wolfSSL 7:481bce714567 12687 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12688 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12689 #endif
wolfSSL 7:481bce714567 12690
wolfSSL 7:481bce714567 12691 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12692 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12693 #endif
wolfSSL 7:481bce714567 12694
wolfSSL 7:481bce714567 12695 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12696 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12697 #endif
wolfSSL 7:481bce714567 12698
wolfSSL 7:481bce714567 12699 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12700 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12701 #endif
wolfSSL 7:481bce714567 12702
wolfSSL 7:481bce714567 12703 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12704 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12705 #endif
wolfSSL 7:481bce714567 12706
wolfSSL 7:481bce714567 12707 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12708 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12709 #endif
wolfSSL 7:481bce714567 12710
wolfSSL 7:481bce714567 12711 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12712 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12713 #endif
wolfSSL 7:481bce714567 12714
wolfSSL 7:481bce714567 12715 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 7:481bce714567 12716 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 7:481bce714567 12717 #endif
wolfSSL 7:481bce714567 12718
wolfSSL 7:481bce714567 12719 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12720 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12721 #endif
wolfSSL 7:481bce714567 12722
wolfSSL 7:481bce714567 12723 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12724 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12725 #endif
wolfSSL 7:481bce714567 12726
wolfSSL 7:481bce714567 12727 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12728 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12729 #endif
wolfSSL 7:481bce714567 12730
wolfSSL 7:481bce714567 12731 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12732 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 7:481bce714567 12733 #endif
wolfSSL 7:481bce714567 12734
wolfSSL 7:481bce714567 12735 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12736 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 7:481bce714567 12737 #endif
wolfSSL 7:481bce714567 12738
wolfSSL 7:481bce714567 12739 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 7:481bce714567 12740 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 7:481bce714567 12741 #endif
wolfSSL 7:481bce714567 12742
wolfSSL 7:481bce714567 12743 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 12744 TLS_DH_anon_WITH_AES_128_CBC_SHA,
wolfSSL 7:481bce714567 12745 #endif
wolfSSL 7:481bce714567 12746
wolfSSL 7:481bce714567 12747 #ifdef BUILD_TLS_QSH
wolfSSL 7:481bce714567 12748 TLS_QSH,
wolfSSL 7:481bce714567 12749 #endif
wolfSSL 7:481bce714567 12750
wolfSSL 7:481bce714567 12751 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 7:481bce714567 12752 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
wolfSSL 7:481bce714567 12753 #endif
wolfSSL 7:481bce714567 12754
wolfSSL 7:481bce714567 12755 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 7:481bce714567 12756 SSL_RSA_WITH_IDEA_CBC_SHA,
wolfSSL 7:481bce714567 12757 #endif
wolfSSL 7:481bce714567 12758
wolfSSL 7:481bce714567 12759 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 7:481bce714567 12760 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
wolfSSL 7:481bce714567 12761 #endif
wolfSSL 7:481bce714567 12762
wolfSSL 7:481bce714567 12763 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 7:481bce714567 12764 TLS_ECDHE_PSK_WITH_NULL_SHA256,
wolfSSL 7:481bce714567 12765 #endif
wolfSSL 7:481bce714567 12766
wolfSSL 7:481bce714567 12767 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 7:481bce714567 12768 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 7:481bce714567 12769 #endif
wolfSSL 7:481bce714567 12770
wolfSSL 7:481bce714567 12771 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12772 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12773 #endif
wolfSSL 7:481bce714567 12774
wolfSSL 7:481bce714567 12775 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12776 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12777 #endif
wolfSSL 7:481bce714567 12778
wolfSSL 7:481bce714567 12779 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 7:481bce714567 12780 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 7:481bce714567 12781 #endif
wolfSSL 7:481bce714567 12782
wolfSSL 7:481bce714567 12783 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 7:481bce714567 12784 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 7:481bce714567 12785 #endif
wolfSSL 7:481bce714567 12786 };
wolfSSL 7:481bce714567 12787
wolfSSL 7:481bce714567 12788
wolfSSL 7:481bce714567 12789 /* returns the cipher_names array */
wolfSSL 7:481bce714567 12790 const char* const* GetCipherNames(void)
wolfSSL 7:481bce714567 12791 {
wolfSSL 7:481bce714567 12792 return cipher_names;
wolfSSL 7:481bce714567 12793 }
wolfSSL 7:481bce714567 12794
wolfSSL 7:481bce714567 12795
wolfSSL 7:481bce714567 12796 /* returns the size of the cipher_names array */
wolfSSL 7:481bce714567 12797 int GetCipherNamesSize(void)
wolfSSL 7:481bce714567 12798 {
wolfSSL 7:481bce714567 12799 return (int)(sizeof(cipher_names) / sizeof(char*));
wolfSSL 7:481bce714567 12800 }
wolfSSL 7:481bce714567 12801
wolfSSL 7:481bce714567 12802 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 7:481bce714567 12803 const char* GetCipherNameInternal(const char* cipherName, int cipherSuite)
wolfSSL 7:481bce714567 12804 {
wolfSSL 7:481bce714567 12805 const char* result = NULL;
wolfSSL 7:481bce714567 12806 const char* first;
wolfSSL 7:481bce714567 12807 int i;
wolfSSL 7:481bce714567 12808
wolfSSL 7:481bce714567 12809 if (cipherName == NULL) {
wolfSSL 7:481bce714567 12810 WOLFSSL_MSG("Bad argument");
wolfSSL 7:481bce714567 12811 return NULL;
wolfSSL 7:481bce714567 12812 }
wolfSSL 7:481bce714567 12813
wolfSSL 7:481bce714567 12814 first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA"
wolfSSL 7:481bce714567 12815 : (XSTRSTR(cipherName, "EC")) ? "EC"
wolfSSL 7:481bce714567 12816 : (XSTRSTR(cipherName, "CCM")) ? "CCM"
wolfSSL 7:481bce714567 12817 : NULL; /* normal */
wolfSSL 7:481bce714567 12818
wolfSSL 7:481bce714567 12819 for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) {
wolfSSL 7:481bce714567 12820 if (cipher_name_idx[i] == cipherSuite) {
wolfSSL 7:481bce714567 12821 const char* nameFound = cipher_names[i];
wolfSSL 7:481bce714567 12822
wolfSSL 7:481bce714567 12823 /* extra sanity check on returned cipher name */
wolfSSL 7:481bce714567 12824 if (nameFound == NULL) {
wolfSSL 7:481bce714567 12825 continue;
wolfSSL 7:481bce714567 12826 }
wolfSSL 7:481bce714567 12827
wolfSSL 7:481bce714567 12828 /* if first is null then not any */
wolfSSL 7:481bce714567 12829 if (first == NULL) {
wolfSSL 7:481bce714567 12830 if ( !XSTRSTR(nameFound, "CHACHA") &&
wolfSSL 7:481bce714567 12831 !XSTRSTR(nameFound, "EC") &&
wolfSSL 7:481bce714567 12832 !XSTRSTR(nameFound, "CCM")) {
wolfSSL 7:481bce714567 12833 result = nameFound;
wolfSSL 7:481bce714567 12834 break;
wolfSSL 7:481bce714567 12835 }
wolfSSL 7:481bce714567 12836 }
wolfSSL 7:481bce714567 12837 else if (XSTRSTR(nameFound, first)) {
wolfSSL 7:481bce714567 12838 result = nameFound;
wolfSSL 7:481bce714567 12839 break;
wolfSSL 7:481bce714567 12840 }
wolfSSL 7:481bce714567 12841 }
wolfSSL 7:481bce714567 12842 }
wolfSSL 7:481bce714567 12843
wolfSSL 7:481bce714567 12844 return result;
wolfSSL 7:481bce714567 12845 }
wolfSSL 7:481bce714567 12846
wolfSSL 7:481bce714567 12847 const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
wolfSSL 7:481bce714567 12848 {
wolfSSL 7:481bce714567 12849 if (ssl == NULL) {
wolfSSL 7:481bce714567 12850 WOLFSSL_MSG("Bad argument");
wolfSSL 7:481bce714567 12851 return NULL;
wolfSSL 7:481bce714567 12852 }
wolfSSL 7:481bce714567 12853
wolfSSL 7:481bce714567 12854 return GetCipherNameInternal(
wolfSSL 7:481bce714567 12855 wolfSSL_CIPHER_get_name(&ssl->cipher),
wolfSSL 7:481bce714567 12856 ssl->options.cipherSuite);
wolfSSL 7:481bce714567 12857 }
wolfSSL 7:481bce714567 12858
wolfSSL 7:481bce714567 12859
wolfSSL 7:481bce714567 12860 const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
wolfSSL 7:481bce714567 12861 const unsigned char cipherSuite0)
wolfSSL 7:481bce714567 12862 {
wolfSSL 7:481bce714567 12863
wolfSSL 7:481bce714567 12864 WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite");
wolfSSL 7:481bce714567 12865
wolfSSL 7:481bce714567 12866 (void)cipherSuite;
wolfSSL 7:481bce714567 12867 (void)cipherSuite0;
wolfSSL 7:481bce714567 12868
wolfSSL 7:481bce714567 12869 #ifndef NO_ERROR_STRINGS
wolfSSL 7:481bce714567 12870
wolfSSL 7:481bce714567 12871 #if defined(HAVE_CHACHA)
wolfSSL 7:481bce714567 12872 if (cipherSuite0 == CHACHA_BYTE) {
wolfSSL 7:481bce714567 12873 /* ChaCha suites */
wolfSSL 7:481bce714567 12874 switch (cipherSuite) {
wolfSSL 7:481bce714567 12875 #ifdef HAVE_POLY1305
wolfSSL 7:481bce714567 12876 #ifndef NO_RSA
wolfSSL 7:481bce714567 12877 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12878 return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12879
wolfSSL 7:481bce714567 12880 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12881 return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12882
wolfSSL 7:481bce714567 12883 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12884 return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 7:481bce714567 12885
wolfSSL 7:481bce714567 12886 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12887 return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 7:481bce714567 12888 #endif
wolfSSL 7:481bce714567 12889 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12890 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12891
wolfSSL 7:481bce714567 12892 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12893 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 7:481bce714567 12894 #ifndef NO_PSK
wolfSSL 7:481bce714567 12895 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12896 return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12897 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12898 return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12899 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 7:481bce714567 12900 return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 7:481bce714567 12901 #endif /* NO_PSK */
wolfSSL 7:481bce714567 12902 #endif /* HAVE_POLY1305 */
wolfSSL 7:481bce714567 12903 } /* switch */
wolfSSL 7:481bce714567 12904 } /* chacha */
wolfSSL 7:481bce714567 12905 #endif /* HAVE_CHACHA */
wolfSSL 7:481bce714567 12906
wolfSSL 7:481bce714567 12907 #if defined(HAVE_ECC) || defined(HAVE_AESCCM)
wolfSSL 7:481bce714567 12908 /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
wolfSSL 7:481bce714567 12909 * but the AES-CCM cipher suites also use it, even the ones that
wolfSSL 7:481bce714567 12910 * aren't ECC. */
wolfSSL 7:481bce714567 12911 if (cipherSuite0 == ECC_BYTE) {
wolfSSL 7:481bce714567 12912 /* ECC suites */
wolfSSL 7:481bce714567 12913 switch (cipherSuite) {
wolfSSL 7:481bce714567 12914 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 12915 #ifndef NO_RSA
wolfSSL 7:481bce714567 12916 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 12917 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 12918 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12919 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 12920 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 12921 #ifndef NO_RSA
wolfSSL 7:481bce714567 12922 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 12923 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 12924 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12925 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 12926 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 12927 #ifndef NO_RSA
wolfSSL 7:481bce714567 12928 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 12929 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 12930 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12931 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 12932 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 12933 #ifndef NO_RSA
wolfSSL 7:481bce714567 12934 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 12935 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 12936 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12937 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 12938 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 12939 #ifndef NO_SHA
wolfSSL 7:481bce714567 12940 #ifndef NO_RSA
wolfSSL 7:481bce714567 12941 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 12942 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 12943 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 12944 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 12945 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12946 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 12947 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 12948 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 12949 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 12950 #ifndef NO_RC4
wolfSSL 7:481bce714567 12951 #ifndef NO_RSA
wolfSSL 7:481bce714567 12952 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 12953 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 12954 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12955 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 12956 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 12957 #endif /* !NO_RC4 */
wolfSSL 7:481bce714567 12958 #ifndef NO_DES3
wolfSSL 7:481bce714567 12959 #ifndef NO_RSA
wolfSSL 7:481bce714567 12960 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 12961 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 12962 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12963 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 12964 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 12965 #endif /* !NO_DES3 */
wolfSSL 7:481bce714567 12966
wolfSSL 7:481bce714567 12967 #ifndef NO_RSA
wolfSSL 7:481bce714567 12968 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 12969 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 12970 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 12971 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 12972 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12973 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 12974 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 12975 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 12976 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 12977 #ifndef NO_RC4
wolfSSL 7:481bce714567 12978 #ifndef NO_RSA
wolfSSL 7:481bce714567 12979 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 12980 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 12981 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12982 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 12983 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 12984 #endif /* !NO_RC4 */
wolfSSL 7:481bce714567 12985 #ifndef NO_DES3
wolfSSL 7:481bce714567 12986 #ifndef NO_RSA
wolfSSL 7:481bce714567 12987 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 12988 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 12989 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 12990 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 12991 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 12992 #endif /* !NO_DES3 */
wolfSSL 7:481bce714567 12993 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 12994
wolfSSL 7:481bce714567 12995 #ifdef HAVE_AESGCM
wolfSSL 7:481bce714567 12996 #ifndef NO_RSA
wolfSSL 7:481bce714567 12997 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 12998 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 12999 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13000 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13001 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 13002 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13003 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13004 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13005 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13006 #ifndef NO_RSA
wolfSSL 7:481bce714567 13007 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13008 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13009 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13010 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13011 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 13012 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13013 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13014 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13015 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13016 #endif /* HAVE_AESGCM */
wolfSSL 7:481bce714567 13017
wolfSSL 7:481bce714567 13018 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 7:481bce714567 13019 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
wolfSSL 7:481bce714567 13020 #ifndef NO_PSK
wolfSSL 7:481bce714567 13021 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 13022 return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
wolfSSL 7:481bce714567 13023 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13024 return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 13025 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 13026 #ifndef NO_RSA
wolfSSL 7:481bce714567 13027 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 7:481bce714567 13028 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 7:481bce714567 13029 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 7:481bce714567 13030 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 7:481bce714567 13031 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 13032 #ifndef NO_PSK
wolfSSL 7:481bce714567 13033 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 7:481bce714567 13034 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 7:481bce714567 13035 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 7:481bce714567 13036 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 7:481bce714567 13037 case TLS_PSK_WITH_AES_128_CCM :
wolfSSL 7:481bce714567 13038 return "TLS_PSK_WITH_AES_128_CCM";
wolfSSL 7:481bce714567 13039 case TLS_PSK_WITH_AES_256_CCM :
wolfSSL 7:481bce714567 13040 return "TLS_PSK_WITH_AES_256_CCM";
wolfSSL 7:481bce714567 13041 case TLS_DHE_PSK_WITH_AES_128_CCM :
wolfSSL 7:481bce714567 13042 return "TLS_DHE_PSK_WITH_AES_128_CCM";
wolfSSL 7:481bce714567 13043 case TLS_DHE_PSK_WITH_AES_256_CCM :
wolfSSL 7:481bce714567 13044 return "TLS_DHE_PSK_WITH_AES_256_CCM";
wolfSSL 7:481bce714567 13045 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 13046 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 13047 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
wolfSSL 7:481bce714567 13048 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
wolfSSL 7:481bce714567 13049 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 7:481bce714567 13050 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 7:481bce714567 13051 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 7:481bce714567 13052 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 7:481bce714567 13053 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 13054 #endif /* HAVE_AESGCM */
wolfSSL 7:481bce714567 13055
wolfSSL 7:481bce714567 13056 default:
wolfSSL 7:481bce714567 13057 return "NONE";
wolfSSL 7:481bce714567 13058 } /* switch */
wolfSSL 7:481bce714567 13059 } /* ECC and AES CCM/GCM */
wolfSSL 7:481bce714567 13060 #endif /* HAVE_ECC || HAVE_AESCCM*/
wolfSSL 7:481bce714567 13061
wolfSSL 7:481bce714567 13062 if (cipherSuite0 != ECC_BYTE &&
wolfSSL 7:481bce714567 13063 cipherSuite0 != CHACHA_BYTE) {
wolfSSL 7:481bce714567 13064
wolfSSL 7:481bce714567 13065 /* normal suites */
wolfSSL 7:481bce714567 13066 switch (cipherSuite) {
wolfSSL 7:481bce714567 13067 #ifndef NO_RSA
wolfSSL 7:481bce714567 13068 #ifndef NO_RC4
wolfSSL 7:481bce714567 13069 #ifndef NO_SHA
wolfSSL 7:481bce714567 13070 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 13071 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 13072 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13073 #ifndef NO_MD5
wolfSSL 7:481bce714567 13074 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 7:481bce714567 13075 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 7:481bce714567 13076 #endif /* !NO_MD5 */
wolfSSL 7:481bce714567 13077 #endif /* !NO_RC4 */
wolfSSL 7:481bce714567 13078 #ifndef NO_SHA
wolfSSL 7:481bce714567 13079 #ifndef NO_DES3
wolfSSL 7:481bce714567 13080 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 13081 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 13082 #endif /* !NO_DES3 */
wolfSSL 7:481bce714567 13083 #ifdef HAVE_IDEA
wolfSSL 7:481bce714567 13084 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 7:481bce714567 13085 return "SSL_RSA_WITH_IDEA_CBC_SHA";
wolfSSL 7:481bce714567 13086 #endif /* HAVE_IDEA */
wolfSSL 7:481bce714567 13087
wolfSSL 7:481bce714567 13088 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 13089 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 13090 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 13091 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 13092 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13093 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13094 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 13095 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 7:481bce714567 13096 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 7:481bce714567 13097 #ifdef HAVE_BLAKE2
wolfSSL 7:481bce714567 13098 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 7:481bce714567 13099 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 7:481bce714567 13100 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 7:481bce714567 13101 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 7:481bce714567 13102 #endif /* HAVE_BLAKE2 */
wolfSSL 7:481bce714567 13103 #ifndef NO_SHA
wolfSSL 7:481bce714567 13104 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 7:481bce714567 13105 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 7:481bce714567 13106 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13107 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 13108 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 7:481bce714567 13109 #endif /* NO_RSA */
wolfSSL 7:481bce714567 13110
wolfSSL 7:481bce714567 13111 #ifndef NO_PSK
wolfSSL 7:481bce714567 13112 #ifndef NO_SHA
wolfSSL 7:481bce714567 13113 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 13114 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 13115 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 13116 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 13117 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13118 #ifndef NO_SHA256
wolfSSL 7:481bce714567 13119 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13120 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 13121 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 13122 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 7:481bce714567 13123 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13124 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 13125 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 7:481bce714567 13126 return "TLS_DHE_PSK_WITH_NULL_SHA256";
wolfSSL 7:481bce714567 13127 #ifdef HAVE_AESGCM
wolfSSL 7:481bce714567 13128 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13129 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13130 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13131 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13132 #endif /* HAVE_AESGCM */
wolfSSL 7:481bce714567 13133 #endif /* !NO_SHA256 */
wolfSSL 7:481bce714567 13134 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 13135 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 13136 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 13137 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 7:481bce714567 13138 return "TLS_PSK_WITH_NULL_SHA384";
wolfSSL 7:481bce714567 13139 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 7:481bce714567 13140 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 7:481bce714567 13141 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 7:481bce714567 13142 return "TLS_DHE_PSK_WITH_NULL_SHA384";
wolfSSL 7:481bce714567 13143 #ifdef HAVE_AESGCM
wolfSSL 7:481bce714567 13144 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13145 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13146 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13147 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13148 #endif /* HAVE_AESGCM */
wolfSSL 7:481bce714567 13149 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 13150 #ifndef NO_SHA
wolfSSL 7:481bce714567 13151 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 7:481bce714567 13152 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 7:481bce714567 13153 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13154 #endif /* NO_PSK */
wolfSSL 7:481bce714567 13155
wolfSSL 7:481bce714567 13156 #ifndef NO_RSA
wolfSSL 7:481bce714567 13157 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13158 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 7:481bce714567 13159 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 7:481bce714567 13160 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 7:481bce714567 13161 #ifndef NO_SHA
wolfSSL 7:481bce714567 13162 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 13163 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 13164 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 13165 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 13166 #ifndef NO_DES3
wolfSSL 7:481bce714567 13167 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 7:481bce714567 13168 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 13169 #endif
wolfSSL 7:481bce714567 13170 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 13171 #ifndef NO_HC128
wolfSSL 7:481bce714567 13172 #ifndef NO_MD5
wolfSSL 7:481bce714567 13173 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 7:481bce714567 13174 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 7:481bce714567 13175 #endif /* !NO_MD5 */
wolfSSL 7:481bce714567 13176 #ifndef NO_SHA
wolfSSL 7:481bce714567 13177 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 7:481bce714567 13178 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 7:481bce714567 13179 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13180 #ifdef HAVE_BLAKE2
wolfSSL 7:481bce714567 13181 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 7:481bce714567 13182 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 7:481bce714567 13183 #endif /* HAVE_BLAKE2 */
wolfSSL 7:481bce714567 13184 #endif /* !NO_HC128 */
wolfSSL 7:481bce714567 13185 #ifndef NO_SHA
wolfSSL 7:481bce714567 13186 #ifndef NO_RABBIT
wolfSSL 7:481bce714567 13187 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 7:481bce714567 13188 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 7:481bce714567 13189 #endif /* !NO_RABBIT */
wolfSSL 7:481bce714567 13190 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 13191 #ifndef NO_RC4
wolfSSL 7:481bce714567 13192 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 7:481bce714567 13193 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 7:481bce714567 13194 #endif /* !NO_RC4 */
wolfSSL 7:481bce714567 13195 #ifndef NO_DES3
wolfSSL 7:481bce714567 13196 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 7:481bce714567 13197 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 7:481bce714567 13198 #endif /* !NO_DES3 */
wolfSSL 7:481bce714567 13199 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 13200 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 13201 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 7:481bce714567 13202 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 7:481bce714567 13203 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 13204
wolfSSL 7:481bce714567 13205 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 13206 case TLS_QSH :
wolfSSL 7:481bce714567 13207 return "TLS_QSH";
wolfSSL 7:481bce714567 13208 #endif /* HAVE_QSH */
wolfSSL 7:481bce714567 13209 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13210
wolfSSL 7:481bce714567 13211 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13212 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13213 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13214 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13215 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 7:481bce714567 13216 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 7:481bce714567 13217 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 7:481bce714567 13218 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 7:481bce714567 13219 #ifndef NO_SHA
wolfSSL 7:481bce714567 13220 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 7:481bce714567 13221 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 7:481bce714567 13222 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 7:481bce714567 13223 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 7:481bce714567 13224 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13225 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13226 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 7:481bce714567 13227 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 7:481bce714567 13228 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 7:481bce714567 13229 #ifndef NO_SHA
wolfSSL 7:481bce714567 13230 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 7:481bce714567 13231 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 7:481bce714567 13232 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 7:481bce714567 13233 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 7:481bce714567 13234 #endif /* !NO_SHA */
wolfSSL 7:481bce714567 13235 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 7:481bce714567 13236 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 7:481bce714567 13237 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 7:481bce714567 13238 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 7:481bce714567 13239 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 13240
wolfSSL 7:481bce714567 13241 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 7:481bce714567 13242 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 7:481bce714567 13243 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
wolfSSL 7:481bce714567 13244 #endif
wolfSSL 7:481bce714567 13245 default:
wolfSSL 7:481bce714567 13246 return "NONE";
wolfSSL 7:481bce714567 13247 } /* switch */
wolfSSL 7:481bce714567 13248 } /* normal / PSK */
wolfSSL 7:481bce714567 13249 #endif /* NO_ERROR_STRINGS */
wolfSSL 7:481bce714567 13250
wolfSSL 7:481bce714567 13251 return "NONE";
wolfSSL 7:481bce714567 13252 }
wolfSSL 7:481bce714567 13253
wolfSSL 7:481bce714567 13254
wolfSSL 7:481bce714567 13255 /**
wolfSSL 7:481bce714567 13256 Set the enabled cipher suites.
wolfSSL 7:481bce714567 13257
wolfSSL 7:481bce714567 13258 @param [out] suites Suites structure.
wolfSSL 7:481bce714567 13259 @param [in] list List of cipher suites, only supports full name from
wolfSSL 7:481bce714567 13260 cipher_name[] delimited by ':'.
wolfSSL 7:481bce714567 13261
wolfSSL 7:481bce714567 13262 @return true on success, else false.
wolfSSL 7:481bce714567 13263 */
wolfSSL 7:481bce714567 13264 int SetCipherList(Suites* suites, const char* list)
wolfSSL 7:481bce714567 13265 {
wolfSSL 7:481bce714567 13266 int ret = 0;
wolfSSL 7:481bce714567 13267 int idx = 0;
wolfSSL 7:481bce714567 13268 int haveRSAsig = 0;
wolfSSL 7:481bce714567 13269 int haveECDSAsig = 0;
wolfSSL 7:481bce714567 13270 int haveAnon = 0;
wolfSSL 7:481bce714567 13271 const int suiteSz = GetCipherNamesSize();
wolfSSL 7:481bce714567 13272 char* next = (char*)list;
wolfSSL 7:481bce714567 13273
wolfSSL 7:481bce714567 13274 if (suites == NULL || list == NULL) {
wolfSSL 7:481bce714567 13275 WOLFSSL_MSG("SetCipherList parameter error");
wolfSSL 7:481bce714567 13276 return 0;
wolfSSL 7:481bce714567 13277 }
wolfSSL 7:481bce714567 13278
wolfSSL 7:481bce714567 13279 if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0)
wolfSSL 7:481bce714567 13280 return 1; /* wolfSSL defualt */
wolfSSL 7:481bce714567 13281
wolfSSL 7:481bce714567 13282 do {
wolfSSL 7:481bce714567 13283 char* current = next;
wolfSSL 7:481bce714567 13284 char name[MAX_SUITE_NAME + 1];
wolfSSL 7:481bce714567 13285 int i;
wolfSSL 7:481bce714567 13286 word32 length;
wolfSSL 7:481bce714567 13287
wolfSSL 7:481bce714567 13288 next = XSTRSTR(next, ":");
wolfSSL 7:481bce714567 13289 length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL 7:481bce714567 13290 : (word32)(next - current));
wolfSSL 7:481bce714567 13291
wolfSSL 7:481bce714567 13292 XSTRNCPY(name, current, length);
wolfSSL 7:481bce714567 13293 name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL 7:481bce714567 13294
wolfSSL 7:481bce714567 13295 for (i = 0; i < suiteSz; i++) {
wolfSSL 7:481bce714567 13296 if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
wolfSSL 7:481bce714567 13297 suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
wolfSSL 7:481bce714567 13298 : (XSTRSTR(name, "QSH")) ? QSH_BYTE
wolfSSL 7:481bce714567 13299 : (XSTRSTR(name, "EC")) ? ECC_BYTE
wolfSSL 7:481bce714567 13300 : (XSTRSTR(name, "CCM")) ? ECC_BYTE
wolfSSL 7:481bce714567 13301 : 0x00; /* normal */
wolfSSL 7:481bce714567 13302
wolfSSL 7:481bce714567 13303 suites->suites[idx++] = (byte)cipher_name_idx[i];
wolfSSL 7:481bce714567 13304
wolfSSL 7:481bce714567 13305 /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
wolfSSL 7:481bce714567 13306 * suites don't necessarily have RSA in the name. */
wolfSSL 7:481bce714567 13307 if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
wolfSSL 7:481bce714567 13308 haveECDSAsig = 1;
wolfSSL 7:481bce714567 13309 else if (XSTRSTR(name, "ADH"))
wolfSSL 7:481bce714567 13310 haveAnon = 1;
wolfSSL 7:481bce714567 13311 else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
wolfSSL 7:481bce714567 13312 haveRSAsig = 1;
wolfSSL 7:481bce714567 13313
wolfSSL 7:481bce714567 13314 ret = 1; /* found at least one */
wolfSSL 7:481bce714567 13315 break;
wolfSSL 7:481bce714567 13316 }
wolfSSL 7:481bce714567 13317 }
wolfSSL 7:481bce714567 13318 }
wolfSSL 7:481bce714567 13319 while (next++); /* ++ needed to skip ':' */
wolfSSL 7:481bce714567 13320
wolfSSL 7:481bce714567 13321 if (ret) {
wolfSSL 7:481bce714567 13322 suites->setSuites = 1;
wolfSSL 7:481bce714567 13323 suites->suiteSz = (word16)idx;
wolfSSL 7:481bce714567 13324 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon);
wolfSSL 7:481bce714567 13325 }
wolfSSL 7:481bce714567 13326
wolfSSL 7:481bce714567 13327 return ret;
wolfSSL 7:481bce714567 13328 }
wolfSSL 7:481bce714567 13329
wolfSSL 7:481bce714567 13330 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)
wolfSSL 7:481bce714567 13331 static void PickHashSigAlgo(WOLFSSL* ssl,
wolfSSL 7:481bce714567 13332 const byte* hashSigAlgo, word32 hashSigAlgoSz)
wolfSSL 7:481bce714567 13333 {
wolfSSL 7:481bce714567 13334 word32 i;
wolfSSL 7:481bce714567 13335
wolfSSL 7:481bce714567 13336 ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL 7:481bce714567 13337 ssl->suites->hashAlgo = sha_mac;
wolfSSL 7:481bce714567 13338
wolfSSL 7:481bce714567 13339 /* i+1 since peek a byte ahead for type */
wolfSSL 7:481bce714567 13340 for (i = 0; (i+1) < hashSigAlgoSz; i += 2) {
wolfSSL 7:481bce714567 13341 if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
wolfSSL 7:481bce714567 13342 if (hashSigAlgo[i] == sha_mac) {
wolfSSL 7:481bce714567 13343 break;
wolfSSL 7:481bce714567 13344 }
wolfSSL 7:481bce714567 13345 #ifndef NO_SHA256
wolfSSL 7:481bce714567 13346 else if (hashSigAlgo[i] == sha256_mac) {
wolfSSL 7:481bce714567 13347 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 7:481bce714567 13348 break;
wolfSSL 7:481bce714567 13349 }
wolfSSL 7:481bce714567 13350 #endif
wolfSSL 7:481bce714567 13351 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 13352 else if (hashSigAlgo[i] == sha384_mac) {
wolfSSL 7:481bce714567 13353 ssl->suites->hashAlgo = sha384_mac;
wolfSSL 7:481bce714567 13354 break;
wolfSSL 7:481bce714567 13355 }
wolfSSL 7:481bce714567 13356 #endif
wolfSSL 7:481bce714567 13357 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 13358 else if (hashSigAlgo[i] == sha512_mac) {
wolfSSL 7:481bce714567 13359 ssl->suites->hashAlgo = sha512_mac;
wolfSSL 7:481bce714567 13360 break;
wolfSSL 7:481bce714567 13361 }
wolfSSL 7:481bce714567 13362 #endif
wolfSSL 7:481bce714567 13363 }
wolfSSL 7:481bce714567 13364 }
wolfSSL 7:481bce714567 13365 }
wolfSSL 7:481bce714567 13366 #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
wolfSSL 7:481bce714567 13367
wolfSSL 7:481bce714567 13368 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 13369
wolfSSL 7:481bce714567 13370 /* Initialisze HandShakeInfo */
wolfSSL 7:481bce714567 13371 void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl)
wolfSSL 7:481bce714567 13372 {
wolfSSL 7:481bce714567 13373 int i;
wolfSSL 7:481bce714567 13374
wolfSSL 7:481bce714567 13375 info->ssl = ssl;
wolfSSL 7:481bce714567 13376 info->cipherName[0] = 0;
wolfSSL 7:481bce714567 13377 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 7:481bce714567 13378 info->packetNames[i][0] = 0;
wolfSSL 7:481bce714567 13379 info->numberPackets = 0;
wolfSSL 7:481bce714567 13380 info->negotiationError = 0;
wolfSSL 7:481bce714567 13381 }
wolfSSL 7:481bce714567 13382
wolfSSL 7:481bce714567 13383 /* Set Final HandShakeInfo parameters */
wolfSSL 7:481bce714567 13384 void FinishHandShakeInfo(HandShakeInfo* info)
wolfSSL 7:481bce714567 13385 {
wolfSSL 7:481bce714567 13386 int i;
wolfSSL 7:481bce714567 13387 int sz = sizeof(cipher_name_idx)/sizeof(int);
wolfSSL 7:481bce714567 13388
wolfSSL 7:481bce714567 13389 for (i = 0; i < sz; i++)
wolfSSL 7:481bce714567 13390 if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
wolfSSL 7:481bce714567 13391 if (info->ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL 7:481bce714567 13392 continue; /* ECC suites at end */
wolfSSL 7:481bce714567 13393 XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
wolfSSL 7:481bce714567 13394 break;
wolfSSL 7:481bce714567 13395 }
wolfSSL 7:481bce714567 13396
wolfSSL 7:481bce714567 13397 /* error max and min are negative numbers */
wolfSSL 7:481bce714567 13398 if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR)
wolfSSL 7:481bce714567 13399 info->negotiationError = info->ssl->error;
wolfSSL 7:481bce714567 13400 }
wolfSSL 7:481bce714567 13401
wolfSSL 7:481bce714567 13402
wolfSSL 7:481bce714567 13403 /* Add name to info packet names, increase packet name count */
wolfSSL 7:481bce714567 13404 void AddPacketName(const char* name, HandShakeInfo* info)
wolfSSL 7:481bce714567 13405 {
wolfSSL 7:481bce714567 13406 if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL 7:481bce714567 13407 XSTRNCPY(info->packetNames[info->numberPackets++], name,
wolfSSL 7:481bce714567 13408 MAX_PACKETNAME_SZ);
wolfSSL 7:481bce714567 13409 }
wolfSSL 7:481bce714567 13410 }
wolfSSL 7:481bce714567 13411
wolfSSL 7:481bce714567 13412
wolfSSL 7:481bce714567 13413 /* Initialisze TimeoutInfo */
wolfSSL 7:481bce714567 13414 void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL 7:481bce714567 13415 {
wolfSSL 7:481bce714567 13416 int i;
wolfSSL 7:481bce714567 13417
wolfSSL 7:481bce714567 13418 info->timeoutName[0] = 0;
wolfSSL 7:481bce714567 13419 info->flags = 0;
wolfSSL 7:481bce714567 13420
wolfSSL 7:481bce714567 13421 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL 7:481bce714567 13422 info->packets[i].packetName[0] = 0;
wolfSSL 7:481bce714567 13423 info->packets[i].timestamp.tv_sec = 0;
wolfSSL 7:481bce714567 13424 info->packets[i].timestamp.tv_usec = 0;
wolfSSL 7:481bce714567 13425 info->packets[i].bufferValue = 0;
wolfSSL 7:481bce714567 13426 info->packets[i].valueSz = 0;
wolfSSL 7:481bce714567 13427 }
wolfSSL 7:481bce714567 13428 info->numberPackets = 0;
wolfSSL 7:481bce714567 13429 info->timeoutValue.tv_sec = 0;
wolfSSL 7:481bce714567 13430 info->timeoutValue.tv_usec = 0;
wolfSSL 7:481bce714567 13431 }
wolfSSL 7:481bce714567 13432
wolfSSL 7:481bce714567 13433
wolfSSL 7:481bce714567 13434 /* Free TimeoutInfo */
wolfSSL 7:481bce714567 13435 void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL 7:481bce714567 13436 {
wolfSSL 7:481bce714567 13437 int i;
wolfSSL 7:481bce714567 13438 (void)heap;
wolfSSL 7:481bce714567 13439 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 7:481bce714567 13440 if (info->packets[i].bufferValue) {
wolfSSL 7:481bce714567 13441 XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL 7:481bce714567 13442 info->packets[i].bufferValue = 0;
wolfSSL 7:481bce714567 13443 }
wolfSSL 7:481bce714567 13444
wolfSSL 7:481bce714567 13445 }
wolfSSL 7:481bce714567 13446
wolfSSL 7:481bce714567 13447
wolfSSL 7:481bce714567 13448 /* Add PacketInfo to TimeoutInfo */
wolfSSL 7:481bce714567 13449 void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
wolfSSL 7:481bce714567 13450 int sz, void* heap)
wolfSSL 7:481bce714567 13451 {
wolfSSL 7:481bce714567 13452 if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL 7:481bce714567 13453 Timeval currTime;
wolfSSL 7:481bce714567 13454
wolfSSL 7:481bce714567 13455 /* may add name after */
wolfSSL 7:481bce714567 13456 if (name)
wolfSSL 7:481bce714567 13457 XSTRNCPY(info->packets[info->numberPackets].packetName, name,
wolfSSL 7:481bce714567 13458 MAX_PACKETNAME_SZ);
wolfSSL 7:481bce714567 13459
wolfSSL 7:481bce714567 13460 /* add data, put in buffer if bigger than static buffer */
wolfSSL 7:481bce714567 13461 info->packets[info->numberPackets].valueSz = sz;
wolfSSL 7:481bce714567 13462 if (sz < MAX_VALUE_SZ)
wolfSSL 7:481bce714567 13463 XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL 7:481bce714567 13464 else {
wolfSSL 7:481bce714567 13465 info->packets[info->numberPackets].bufferValue =
wolfSSL 7:481bce714567 13466 XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL 7:481bce714567 13467 if (!info->packets[info->numberPackets].bufferValue)
wolfSSL 7:481bce714567 13468 /* let next alloc catch, just don't fill, not fatal here */
wolfSSL 7:481bce714567 13469 info->packets[info->numberPackets].valueSz = 0;
wolfSSL 7:481bce714567 13470 else
wolfSSL 7:481bce714567 13471 XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL 7:481bce714567 13472 data, sz);
wolfSSL 7:481bce714567 13473 }
wolfSSL 7:481bce714567 13474 gettimeofday(&currTime, 0);
wolfSSL 7:481bce714567 13475 info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL 7:481bce714567 13476 currTime.tv_sec;
wolfSSL 7:481bce714567 13477 info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL 7:481bce714567 13478 currTime.tv_usec;
wolfSSL 7:481bce714567 13479 info->numberPackets++;
wolfSSL 7:481bce714567 13480 }
wolfSSL 7:481bce714567 13481 }
wolfSSL 7:481bce714567 13482
wolfSSL 7:481bce714567 13483
wolfSSL 7:481bce714567 13484 /* Add packet name to previsouly added packet info */
wolfSSL 7:481bce714567 13485 void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL 7:481bce714567 13486 {
wolfSSL 7:481bce714567 13487 /* make sure we have a valid previous one */
wolfSSL 7:481bce714567 13488 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 7:481bce714567 13489 MAX_PACKETS_HANDSHAKE) {
wolfSSL 7:481bce714567 13490 XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
wolfSSL 7:481bce714567 13491 MAX_PACKETNAME_SZ);
wolfSSL 7:481bce714567 13492 }
wolfSSL 7:481bce714567 13493 }
wolfSSL 7:481bce714567 13494
wolfSSL 7:481bce714567 13495 /* Add record header to previsouly added packet info */
wolfSSL 7:481bce714567 13496 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL 7:481bce714567 13497 {
wolfSSL 7:481bce714567 13498 /* make sure we have a valid previous one */
wolfSSL 7:481bce714567 13499 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 7:481bce714567 13500 MAX_PACKETS_HANDSHAKE) {
wolfSSL 7:481bce714567 13501 if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL 7:481bce714567 13502 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL 7:481bce714567 13503 RECORD_HEADER_SZ);
wolfSSL 7:481bce714567 13504 else
wolfSSL 7:481bce714567 13505 XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL 7:481bce714567 13506 RECORD_HEADER_SZ);
wolfSSL 7:481bce714567 13507 }
wolfSSL 7:481bce714567 13508 }
wolfSSL 7:481bce714567 13509
wolfSSL 7:481bce714567 13510 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 7:481bce714567 13511
wolfSSL 7:481bce714567 13512
wolfSSL 7:481bce714567 13513
wolfSSL 7:481bce714567 13514 /* client only parts */
wolfSSL 7:481bce714567 13515 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 7:481bce714567 13516
wolfSSL 7:481bce714567 13517 int SendClientHello(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13518 {
wolfSSL 7:481bce714567 13519 byte *output;
wolfSSL 7:481bce714567 13520 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 13521 int sendSz;
wolfSSL 7:481bce714567 13522 int idSz = ssl->options.resuming
wolfSSL 7:481bce714567 13523 ? ssl->session.sessionIDSz
wolfSSL 7:481bce714567 13524 : 0;
wolfSSL 7:481bce714567 13525 int ret;
wolfSSL 7:481bce714567 13526 word16 extSz = 0;
wolfSSL 7:481bce714567 13527
wolfSSL 7:481bce714567 13528 if (ssl->suites == NULL) {
wolfSSL 7:481bce714567 13529 WOLFSSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL 7:481bce714567 13530 return SUITES_ERROR;
wolfSSL 7:481bce714567 13531 }
wolfSSL 7:481bce714567 13532
wolfSSL 7:481bce714567 13533 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 13534 if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL 7:481bce714567 13535 SessionTicket* ticket;
wolfSSL 7:481bce714567 13536
wolfSSL 7:481bce714567 13537 ticket = TLSX_SessionTicket_Create(0, ssl->session.ticket,
wolfSSL 7:481bce714567 13538 ssl->session.ticketLen, ssl->heap);
wolfSSL 7:481bce714567 13539 if (ticket == NULL) return MEMORY_E;
wolfSSL 7:481bce714567 13540
wolfSSL 7:481bce714567 13541 ret = TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap);
wolfSSL 7:481bce714567 13542 if (ret != SSL_SUCCESS) return ret;
wolfSSL 7:481bce714567 13543
wolfSSL 7:481bce714567 13544 idSz = 0;
wolfSSL 7:481bce714567 13545 }
wolfSSL 7:481bce714567 13546 #endif
wolfSSL 7:481bce714567 13547 length = VERSION_SZ + RAN_LEN
wolfSSL 7:481bce714567 13548 + idSz + ENUM_LEN
wolfSSL 7:481bce714567 13549 + ssl->suites->suiteSz + SUITE_LEN
wolfSSL 7:481bce714567 13550 + COMP_LEN + ENUM_LEN;
wolfSSL 7:481bce714567 13551
wolfSSL 7:481bce714567 13552 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 13553 /* auto populate extensions supported unless user defined */
wolfSSL 7:481bce714567 13554 if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
wolfSSL 7:481bce714567 13555 return ret;
wolfSSL 7:481bce714567 13556 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 13557 if (QSH_Init(ssl) != 0)
wolfSSL 7:481bce714567 13558 return MEMORY_E;
wolfSSL 7:481bce714567 13559 #endif
wolfSSL 7:481bce714567 13560 extSz = TLSX_GetRequestSize(ssl);
wolfSSL 7:481bce714567 13561 if (extSz != 0)
wolfSSL 7:481bce714567 13562 length += extSz;
wolfSSL 7:481bce714567 13563 #else
wolfSSL 7:481bce714567 13564 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 7:481bce714567 13565 extSz += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL 7:481bce714567 13566 + ssl->suites->hashSigAlgoSz;
wolfSSL 7:481bce714567 13567 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 13568 if (ssl->options.haveEMS)
wolfSSL 7:481bce714567 13569 extSz += HELLO_EXT_SZ;
wolfSSL 7:481bce714567 13570 #endif
wolfSSL 7:481bce714567 13571 if (extSz != 0)
wolfSSL 7:481bce714567 13572 length += extSz + HELLO_EXT_SZ_SZ;
wolfSSL 7:481bce714567 13573 #endif
wolfSSL 7:481bce714567 13574 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 13575
wolfSSL 7:481bce714567 13576 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13577 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 13578 length += ENUM_LEN; /* cookie */
wolfSSL 7:481bce714567 13579 if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL 7:481bce714567 13580 sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 13581 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 13582 }
wolfSSL 7:481bce714567 13583 #endif
wolfSSL 7:481bce714567 13584
wolfSSL 7:481bce714567 13585 if (IsEncryptionOn(ssl, 1))
wolfSSL 7:481bce714567 13586 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 13587
wolfSSL 7:481bce714567 13588 /* check for available size */
wolfSSL 7:481bce714567 13589 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 13590 return ret;
wolfSSL 7:481bce714567 13591
wolfSSL 7:481bce714567 13592 /* get output buffer */
wolfSSL 7:481bce714567 13593 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 13594 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 13595
wolfSSL 7:481bce714567 13596 AddHeaders(output, length, client_hello, ssl);
wolfSSL 7:481bce714567 13597
wolfSSL 7:481bce714567 13598 /* client hello, first version */
wolfSSL 7:481bce714567 13599 output[idx++] = ssl->version.major;
wolfSSL 7:481bce714567 13600 output[idx++] = ssl->version.minor;
wolfSSL 7:481bce714567 13601 ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL 7:481bce714567 13602
wolfSSL 7:481bce714567 13603 /* then random */
wolfSSL 7:481bce714567 13604 if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL 7:481bce714567 13605 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL 7:481bce714567 13606 if (ret != 0)
wolfSSL 7:481bce714567 13607 return ret;
wolfSSL 7:481bce714567 13608
wolfSSL 7:481bce714567 13609 /* store random */
wolfSSL 7:481bce714567 13610 XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL 7:481bce714567 13611 } else {
wolfSSL 7:481bce714567 13612 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13613 /* send same random on hello again */
wolfSSL 7:481bce714567 13614 XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 7:481bce714567 13615 #endif
wolfSSL 7:481bce714567 13616 }
wolfSSL 7:481bce714567 13617 idx += RAN_LEN;
wolfSSL 7:481bce714567 13618
wolfSSL 7:481bce714567 13619 /* then session id */
wolfSSL 7:481bce714567 13620 output[idx++] = (byte)idSz;
wolfSSL 7:481bce714567 13621 if (idSz) {
wolfSSL 7:481bce714567 13622 XMEMCPY(output + idx, ssl->session.sessionID,
wolfSSL 7:481bce714567 13623 ssl->session.sessionIDSz);
wolfSSL 7:481bce714567 13624 idx += ssl->session.sessionIDSz;
wolfSSL 7:481bce714567 13625 }
wolfSSL 7:481bce714567 13626
wolfSSL 7:481bce714567 13627 /* then DTLS cookie */
wolfSSL 7:481bce714567 13628 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13629 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 13630 byte cookieSz = ssl->arrays->cookieSz;
wolfSSL 7:481bce714567 13631
wolfSSL 7:481bce714567 13632 output[idx++] = cookieSz;
wolfSSL 7:481bce714567 13633 if (cookieSz) {
wolfSSL 7:481bce714567 13634 XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL 7:481bce714567 13635 idx += cookieSz;
wolfSSL 7:481bce714567 13636 }
wolfSSL 7:481bce714567 13637 }
wolfSSL 7:481bce714567 13638 #endif
wolfSSL 7:481bce714567 13639 /* then cipher suites */
wolfSSL 7:481bce714567 13640 c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL 7:481bce714567 13641 idx += 2;
wolfSSL 7:481bce714567 13642 XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL 7:481bce714567 13643 idx += ssl->suites->suiteSz;
wolfSSL 7:481bce714567 13644
wolfSSL 7:481bce714567 13645 /* last, compression */
wolfSSL 7:481bce714567 13646 output[idx++] = COMP_LEN;
wolfSSL 7:481bce714567 13647 if (ssl->options.usingCompression)
wolfSSL 7:481bce714567 13648 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 7:481bce714567 13649 else
wolfSSL 7:481bce714567 13650 output[idx++] = NO_COMPRESSION;
wolfSSL 7:481bce714567 13651
wolfSSL 7:481bce714567 13652 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 13653 idx += TLSX_WriteRequest(ssl, output + idx);
wolfSSL 7:481bce714567 13654
wolfSSL 7:481bce714567 13655 (void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL 7:481bce714567 13656 #else
wolfSSL 7:481bce714567 13657 if (extSz != 0) {
wolfSSL 7:481bce714567 13658 c16toa(extSz, output + idx);
wolfSSL 7:481bce714567 13659 idx += HELLO_EXT_SZ_SZ;
wolfSSL 7:481bce714567 13660
wolfSSL 7:481bce714567 13661 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 13662 if (ssl->suites->hashSigAlgoSz) {
wolfSSL 7:481bce714567 13663 int i;
wolfSSL 7:481bce714567 13664 /* extension type */
wolfSSL 7:481bce714567 13665 c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL 7:481bce714567 13666 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 7:481bce714567 13667 /* extension data length */
wolfSSL 7:481bce714567 13668 c16toa(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz,
wolfSSL 7:481bce714567 13669 output + idx);
wolfSSL 7:481bce714567 13670 idx += HELLO_EXT_SZ_SZ;
wolfSSL 7:481bce714567 13671 /* sig algos length */
wolfSSL 7:481bce714567 13672 c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL 7:481bce714567 13673 idx += HELLO_EXT_SIGALGO_SZ;
wolfSSL 7:481bce714567 13674 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL 7:481bce714567 13675 output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL 7:481bce714567 13676 }
wolfSSL 7:481bce714567 13677 }
wolfSSL 7:481bce714567 13678 }
wolfSSL 7:481bce714567 13679 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 13680 if (ssl->options.haveEMS) {
wolfSSL 7:481bce714567 13681 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 7:481bce714567 13682 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 7:481bce714567 13683 c16toa(0, output + idx);
wolfSSL 7:481bce714567 13684 idx += HELLO_EXT_SZ_SZ;
wolfSSL 7:481bce714567 13685 }
wolfSSL 7:481bce714567 13686 #endif
wolfSSL 7:481bce714567 13687 }
wolfSSL 7:481bce714567 13688 #endif
wolfSSL 7:481bce714567 13689
wolfSSL 7:481bce714567 13690 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 13691 byte* input;
wolfSSL 7:481bce714567 13692 int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 7:481bce714567 13693
wolfSSL 7:481bce714567 13694 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 13695 if (input == NULL)
wolfSSL 7:481bce714567 13696 return MEMORY_E;
wolfSSL 7:481bce714567 13697
wolfSSL 7:481bce714567 13698 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 7:481bce714567 13699 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 13700 handshake, 1, 0);
wolfSSL 7:481bce714567 13701 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 13702
wolfSSL 7:481bce714567 13703 if (sendSz < 0)
wolfSSL 7:481bce714567 13704 return sendSz;
wolfSSL 7:481bce714567 13705 } else {
wolfSSL 7:481bce714567 13706 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13707 if (ssl->options.dtls)
wolfSSL 7:481bce714567 13708 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 13709 #endif
wolfSSL 7:481bce714567 13710 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 13711 if (ret != 0)
wolfSSL 7:481bce714567 13712 return ret;
wolfSSL 7:481bce714567 13713 }
wolfSSL 7:481bce714567 13714
wolfSSL 7:481bce714567 13715 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13716 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 13717 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 13718 return ret;
wolfSSL 7:481bce714567 13719 }
wolfSSL 7:481bce714567 13720 #endif
wolfSSL 7:481bce714567 13721
wolfSSL 7:481bce714567 13722 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 7:481bce714567 13723
wolfSSL 7:481bce714567 13724 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 13725 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 13726 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 13727 AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 13728 ssl->heap);
wolfSSL 7:481bce714567 13729 #endif
wolfSSL 7:481bce714567 13730
wolfSSL 7:481bce714567 13731 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 13732
wolfSSL 7:481bce714567 13733 return SendBuffered(ssl);
wolfSSL 7:481bce714567 13734 }
wolfSSL 7:481bce714567 13735
wolfSSL 7:481bce714567 13736
wolfSSL 7:481bce714567 13737 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
wolfSSL 7:481bce714567 13738 word32* inOutIdx, word32 size)
wolfSSL 7:481bce714567 13739 {
wolfSSL 7:481bce714567 13740 ProtocolVersion pv;
wolfSSL 7:481bce714567 13741 byte cookieSz;
wolfSSL 7:481bce714567 13742 word32 begin = *inOutIdx;
wolfSSL 7:481bce714567 13743
wolfSSL 7:481bce714567 13744 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 13745 if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
wolfSSL 7:481bce714567 13746 &ssl->handShakeInfo);
wolfSSL 7:481bce714567 13747 if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 13748 #endif
wolfSSL 7:481bce714567 13749
wolfSSL 7:481bce714567 13750 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13751 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 13752 DtlsMsgPoolReset(ssl);
wolfSSL 7:481bce714567 13753 }
wolfSSL 7:481bce714567 13754 #endif
wolfSSL 7:481bce714567 13755
wolfSSL 7:481bce714567 13756 if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL 7:481bce714567 13757 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13758
wolfSSL 7:481bce714567 13759 XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL 7:481bce714567 13760 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13761
wolfSSL 7:481bce714567 13762 if (pv.major != DTLS_MAJOR ||
wolfSSL 7:481bce714567 13763 (pv.minor != DTLS_MINOR && pv.minor != DTLSv1_2_MINOR))
wolfSSL 7:481bce714567 13764 return VERSION_ERROR;
wolfSSL 7:481bce714567 13765
wolfSSL 7:481bce714567 13766 cookieSz = input[(*inOutIdx)++];
wolfSSL 7:481bce714567 13767
wolfSSL 7:481bce714567 13768 if (cookieSz) {
wolfSSL 7:481bce714567 13769 if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL 7:481bce714567 13770 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13771
wolfSSL 7:481bce714567 13772 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13773 if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL 7:481bce714567 13774 XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL 7:481bce714567 13775 ssl->arrays->cookieSz = cookieSz;
wolfSSL 7:481bce714567 13776 }
wolfSSL 7:481bce714567 13777 #endif
wolfSSL 7:481bce714567 13778 *inOutIdx += cookieSz;
wolfSSL 7:481bce714567 13779 }
wolfSSL 7:481bce714567 13780
wolfSSL 7:481bce714567 13781 ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 7:481bce714567 13782 return 0;
wolfSSL 7:481bce714567 13783 }
wolfSSL 7:481bce714567 13784
wolfSSL 7:481bce714567 13785
wolfSSL 7:481bce714567 13786 static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
wolfSSL 7:481bce714567 13787 {
wolfSSL 7:481bce714567 13788 int ret = 0;
wolfSSL 7:481bce714567 13789
wolfSSL 7:481bce714567 13790 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 7:481bce714567 13791 /* If a session secret callback exists, we are using that
wolfSSL 7:481bce714567 13792 * key instead of the saved session key. */
wolfSSL 7:481bce714567 13793 ret = ret || (ssl->sessionSecretCb != NULL);
wolfSSL 7:481bce714567 13794 #endif
wolfSSL 7:481bce714567 13795
wolfSSL 7:481bce714567 13796 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 13797 /* server may send blank ticket which may not be expected to indicate
wolfSSL 7:481bce714567 13798 * existing one ok but will also be sending a new one */
wolfSSL 7:481bce714567 13799 ret = ret || (ssl->session.ticketLen > 0);
wolfSSL 7:481bce714567 13800 #endif
wolfSSL 7:481bce714567 13801
wolfSSL 7:481bce714567 13802 ret = ret ||
wolfSSL 7:481bce714567 13803 (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL 7:481bce714567 13804 ssl->session.sessionID, ID_LEN) == 0);
wolfSSL 7:481bce714567 13805
wolfSSL 7:481bce714567 13806 return ret;
wolfSSL 7:481bce714567 13807 }
wolfSSL 7:481bce714567 13808
wolfSSL 7:481bce714567 13809 static int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 13810 word32 helloSz)
wolfSSL 7:481bce714567 13811 {
wolfSSL 7:481bce714567 13812 byte cs0; /* cipher suite bytes 0, 1 */
wolfSSL 7:481bce714567 13813 byte cs1;
wolfSSL 7:481bce714567 13814 ProtocolVersion pv;
wolfSSL 7:481bce714567 13815 byte compression;
wolfSSL 7:481bce714567 13816 word32 i = *inOutIdx;
wolfSSL 7:481bce714567 13817 word32 begin = i;
wolfSSL 7:481bce714567 13818
wolfSSL 7:481bce714567 13819 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 13820 if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 13821 if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 13822 #endif
wolfSSL 7:481bce714567 13823
wolfSSL 7:481bce714567 13824 /* protocol version, random and session id length check */
wolfSSL 7:481bce714567 13825 if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 7:481bce714567 13826 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13827
wolfSSL 7:481bce714567 13828 /* protocol version */
wolfSSL 7:481bce714567 13829 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 7:481bce714567 13830 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13831
wolfSSL 7:481bce714567 13832 if (pv.minor > ssl->version.minor) {
wolfSSL 7:481bce714567 13833 WOLFSSL_MSG("Server using higher version, fatal error");
wolfSSL 7:481bce714567 13834 return VERSION_ERROR;
wolfSSL 7:481bce714567 13835 }
wolfSSL 7:481bce714567 13836 else if (pv.minor < ssl->version.minor) {
wolfSSL 7:481bce714567 13837 WOLFSSL_MSG("server using lower version");
wolfSSL 7:481bce714567 13838
wolfSSL 7:481bce714567 13839 if (!ssl->options.downgrade) {
wolfSSL 7:481bce714567 13840 WOLFSSL_MSG("\tno downgrade allowed, fatal error");
wolfSSL 7:481bce714567 13841 return VERSION_ERROR;
wolfSSL 7:481bce714567 13842 }
wolfSSL 7:481bce714567 13843 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 7:481bce714567 13844 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 7:481bce714567 13845 return VERSION_ERROR;
wolfSSL 7:481bce714567 13846 }
wolfSSL 7:481bce714567 13847
wolfSSL 7:481bce714567 13848 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 13849 if (ssl->secure_renegotiation &&
wolfSSL 7:481bce714567 13850 ssl->secure_renegotiation->enabled &&
wolfSSL 7:481bce714567 13851 ssl->options.handShakeDone) {
wolfSSL 7:481bce714567 13852 WOLFSSL_MSG("Server changed version during scr");
wolfSSL 7:481bce714567 13853 return VERSION_ERROR;
wolfSSL 7:481bce714567 13854 }
wolfSSL 7:481bce714567 13855 #endif
wolfSSL 7:481bce714567 13856
wolfSSL 7:481bce714567 13857 if (pv.minor == SSLv3_MINOR) {
wolfSSL 7:481bce714567 13858 /* turn off tls */
wolfSSL 7:481bce714567 13859 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 7:481bce714567 13860 ssl->options.tls = 0;
wolfSSL 7:481bce714567 13861 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 13862 ssl->version.minor = SSLv3_MINOR;
wolfSSL 7:481bce714567 13863 }
wolfSSL 7:481bce714567 13864 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 7:481bce714567 13865 /* turn off tls 1.1+ */
wolfSSL 7:481bce714567 13866 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 7:481bce714567 13867 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 13868 ssl->version.minor = TLSv1_MINOR;
wolfSSL 7:481bce714567 13869 }
wolfSSL 7:481bce714567 13870 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 7:481bce714567 13871 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 7:481bce714567 13872 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 7:481bce714567 13873 }
wolfSSL 7:481bce714567 13874 }
wolfSSL 7:481bce714567 13875
wolfSSL 7:481bce714567 13876 /* random */
wolfSSL 7:481bce714567 13877 XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL 7:481bce714567 13878 i += RAN_LEN;
wolfSSL 7:481bce714567 13879
wolfSSL 7:481bce714567 13880 /* session id */
wolfSSL 7:481bce714567 13881 ssl->arrays->sessionIDSz = input[i++];
wolfSSL 7:481bce714567 13882
wolfSSL 7:481bce714567 13883 if (ssl->arrays->sessionIDSz > ID_LEN) {
wolfSSL 7:481bce714567 13884 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 7:481bce714567 13885 ssl->arrays->sessionIDSz = 0;
wolfSSL 7:481bce714567 13886 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13887 }
wolfSSL 7:481bce714567 13888 else if (ssl->arrays->sessionIDSz) {
wolfSSL 7:481bce714567 13889 if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
wolfSSL 7:481bce714567 13890 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13891
wolfSSL 7:481bce714567 13892 XMEMCPY(ssl->arrays->sessionID, input + i,
wolfSSL 7:481bce714567 13893 ssl->arrays->sessionIDSz);
wolfSSL 7:481bce714567 13894 i += ssl->arrays->sessionIDSz;
wolfSSL 7:481bce714567 13895 ssl->options.haveSessionId = 1;
wolfSSL 7:481bce714567 13896 }
wolfSSL 7:481bce714567 13897
wolfSSL 7:481bce714567 13898
wolfSSL 7:481bce714567 13899 /* suite and compression */
wolfSSL 7:481bce714567 13900 if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 7:481bce714567 13901 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13902
wolfSSL 7:481bce714567 13903 cs0 = input[i++];
wolfSSL 7:481bce714567 13904 cs1 = input[i++];
wolfSSL 7:481bce714567 13905
wolfSSL 7:481bce714567 13906 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 7:481bce714567 13907 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL 7:481bce714567 13908 ssl->options.handShakeDone) {
wolfSSL 7:481bce714567 13909 if (ssl->options.cipherSuite0 != cs0 ||
wolfSSL 7:481bce714567 13910 ssl->options.cipherSuite != cs1) {
wolfSSL 7:481bce714567 13911 WOLFSSL_MSG("Server changed cipher suite during scr");
wolfSSL 7:481bce714567 13912 return MATCH_SUITE_ERROR;
wolfSSL 7:481bce714567 13913 }
wolfSSL 7:481bce714567 13914 }
wolfSSL 7:481bce714567 13915 #endif
wolfSSL 7:481bce714567 13916
wolfSSL 7:481bce714567 13917 ssl->options.cipherSuite0 = cs0;
wolfSSL 7:481bce714567 13918 ssl->options.cipherSuite = cs1;
wolfSSL 7:481bce714567 13919 compression = input[i++];
wolfSSL 7:481bce714567 13920
wolfSSL 7:481bce714567 13921 if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
wolfSSL 7:481bce714567 13922 WOLFSSL_MSG("Server forcing compression w/o support");
wolfSSL 7:481bce714567 13923 return COMPRESSION_ERROR;
wolfSSL 7:481bce714567 13924 }
wolfSSL 7:481bce714567 13925
wolfSSL 7:481bce714567 13926 if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL 7:481bce714567 13927 WOLFSSL_MSG("Server refused compression, turning off");
wolfSSL 7:481bce714567 13928 ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL 7:481bce714567 13929 }
wolfSSL 7:481bce714567 13930
wolfSSL 7:481bce714567 13931 *inOutIdx = i;
wolfSSL 7:481bce714567 13932
wolfSSL 7:481bce714567 13933 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 13934 if ( (i - begin) < helloSz) {
wolfSSL 7:481bce714567 13935 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 7:481bce714567 13936 int ret = 0;
wolfSSL 7:481bce714567 13937 word16 totalExtSz;
wolfSSL 7:481bce714567 13938
wolfSSL 7:481bce714567 13939 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 7:481bce714567 13940 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13941
wolfSSL 7:481bce714567 13942 ato16(&input[i], &totalExtSz);
wolfSSL 7:481bce714567 13943 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13944
wolfSSL 7:481bce714567 13945 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 7:481bce714567 13946 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13947
wolfSSL 7:481bce714567 13948 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL 7:481bce714567 13949 totalExtSz, 0, NULL)))
wolfSSL 7:481bce714567 13950 return ret;
wolfSSL 7:481bce714567 13951
wolfSSL 7:481bce714567 13952 i += totalExtSz;
wolfSSL 7:481bce714567 13953 *inOutIdx = i;
wolfSSL 7:481bce714567 13954 }
wolfSSL 7:481bce714567 13955 else
wolfSSL 7:481bce714567 13956 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 7:481bce714567 13957 }
wolfSSL 7:481bce714567 13958 else
wolfSSL 7:481bce714567 13959 ssl->options.haveEMS = 0; /* If no extensions, no EMS */
wolfSSL 7:481bce714567 13960 #else
wolfSSL 7:481bce714567 13961 {
wolfSSL 7:481bce714567 13962 int allowExt = 0;
wolfSSL 7:481bce714567 13963 byte pendingEMS = 0;
wolfSSL 7:481bce714567 13964
wolfSSL 7:481bce714567 13965 if ( (i - begin) < helloSz) {
wolfSSL 7:481bce714567 13966 if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL 7:481bce714567 13967 ssl->version.minor >= TLSv1_MINOR) {
wolfSSL 7:481bce714567 13968
wolfSSL 7:481bce714567 13969 allowExt = 1;
wolfSSL 7:481bce714567 13970 }
wolfSSL 7:481bce714567 13971 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 13972 if (ssl->version.major == DTLS_MAJOR)
wolfSSL 7:481bce714567 13973 allowExt = 1;
wolfSSL 7:481bce714567 13974 #endif
wolfSSL 7:481bce714567 13975
wolfSSL 7:481bce714567 13976 if (allowExt) {
wolfSSL 7:481bce714567 13977 word16 totalExtSz;
wolfSSL 7:481bce714567 13978
wolfSSL 7:481bce714567 13979 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 7:481bce714567 13980 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13981
wolfSSL 7:481bce714567 13982 ato16(&input[i], &totalExtSz);
wolfSSL 7:481bce714567 13983 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13984
wolfSSL 7:481bce714567 13985 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 7:481bce714567 13986 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13987
wolfSSL 7:481bce714567 13988 while (totalExtSz) {
wolfSSL 7:481bce714567 13989 word16 extId, extSz;
wolfSSL 7:481bce714567 13990
wolfSSL 7:481bce714567 13991 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 7:481bce714567 13992 return BUFFER_ERROR;
wolfSSL 7:481bce714567 13993
wolfSSL 7:481bce714567 13994 ato16(&input[i], &extId);
wolfSSL 7:481bce714567 13995 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13996 ato16(&input[i], &extSz);
wolfSSL 7:481bce714567 13997 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 13998
wolfSSL 7:481bce714567 13999 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 7:481bce714567 14000 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14001
wolfSSL 7:481bce714567 14002 if (extId == HELLO_EXT_EXTMS)
wolfSSL 7:481bce714567 14003 pendingEMS = 1;
wolfSSL 7:481bce714567 14004 else
wolfSSL 7:481bce714567 14005 i += extSz;
wolfSSL 7:481bce714567 14006
wolfSSL 7:481bce714567 14007 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 7:481bce714567 14008 }
wolfSSL 7:481bce714567 14009
wolfSSL 7:481bce714567 14010 *inOutIdx = i;
wolfSSL 7:481bce714567 14011 }
wolfSSL 7:481bce714567 14012 else
wolfSSL 7:481bce714567 14013 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 7:481bce714567 14014 }
wolfSSL 7:481bce714567 14015
wolfSSL 7:481bce714567 14016 if (!pendingEMS && ssl->options.haveEMS)
wolfSSL 7:481bce714567 14017 ssl->options.haveEMS = 0;
wolfSSL 7:481bce714567 14018 }
wolfSSL 7:481bce714567 14019 #endif
wolfSSL 7:481bce714567 14020
wolfSSL 7:481bce714567 14021 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 7:481bce714567 14022
wolfSSL 7:481bce714567 14023 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 14024 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 14025 }
wolfSSL 7:481bce714567 14026
wolfSSL 7:481bce714567 14027 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 7:481bce714567 14028 if (ssl->sessionSecretCb != NULL) {
wolfSSL 7:481bce714567 14029 int secretSz = SECRET_LEN, ret;
wolfSSL 7:481bce714567 14030 ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
wolfSSL 7:481bce714567 14031 &secretSz, ssl->sessionSecretCtx);
wolfSSL 7:481bce714567 14032 if (ret != 0 || secretSz != SECRET_LEN)
wolfSSL 7:481bce714567 14033 return SESSION_SECRET_CB_E;
wolfSSL 7:481bce714567 14034 }
wolfSSL 7:481bce714567 14035 #endif /* HAVE_SECRET_CALLBACK */
wolfSSL 7:481bce714567 14036
wolfSSL 7:481bce714567 14037 if (ssl->options.resuming) {
wolfSSL 7:481bce714567 14038 if (DSH_CheckSessionId(ssl)) {
wolfSSL 7:481bce714567 14039 if (SetCipherSpecs(ssl) == 0) {
wolfSSL 7:481bce714567 14040 int ret = -1;
wolfSSL 7:481bce714567 14041
wolfSSL 7:481bce714567 14042 XMEMCPY(ssl->arrays->masterSecret,
wolfSSL 7:481bce714567 14043 ssl->session.masterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 14044 #ifdef NO_OLD_TLS
wolfSSL 7:481bce714567 14045 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 14046 #else
wolfSSL 7:481bce714567 14047 #ifndef NO_TLS
wolfSSL 7:481bce714567 14048 if (ssl->options.tls)
wolfSSL 7:481bce714567 14049 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 14050 #endif
wolfSSL 7:481bce714567 14051 if (!ssl->options.tls)
wolfSSL 7:481bce714567 14052 ret = DeriveKeys(ssl);
wolfSSL 7:481bce714567 14053 #endif
wolfSSL 7:481bce714567 14054 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 14055
wolfSSL 7:481bce714567 14056 return ret;
wolfSSL 7:481bce714567 14057 }
wolfSSL 7:481bce714567 14058 else {
wolfSSL 7:481bce714567 14059 WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL 7:481bce714567 14060 return UNSUPPORTED_SUITE;
wolfSSL 7:481bce714567 14061 }
wolfSSL 7:481bce714567 14062 }
wolfSSL 7:481bce714567 14063 else {
wolfSSL 7:481bce714567 14064 WOLFSSL_MSG("Server denied resumption attempt");
wolfSSL 7:481bce714567 14065 ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL 7:481bce714567 14066 }
wolfSSL 7:481bce714567 14067 }
wolfSSL 7:481bce714567 14068 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 14069 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 14070 DtlsMsgPoolReset(ssl);
wolfSSL 7:481bce714567 14071 }
wolfSSL 7:481bce714567 14072 #endif
wolfSSL 7:481bce714567 14073
wolfSSL 7:481bce714567 14074 return SetCipherSpecs(ssl);
wolfSSL 7:481bce714567 14075 }
wolfSSL 7:481bce714567 14076
wolfSSL 7:481bce714567 14077
wolfSSL 7:481bce714567 14078 /* Make sure client setup is valid for this suite, true on success */
wolfSSL 7:481bce714567 14079 int VerifyClientSuite(WOLFSSL* ssl)
wolfSSL 7:481bce714567 14080 {
wolfSSL 7:481bce714567 14081 int havePSK = 0;
wolfSSL 7:481bce714567 14082 byte first = ssl->options.cipherSuite0;
wolfSSL 7:481bce714567 14083 byte second = ssl->options.cipherSuite;
wolfSSL 7:481bce714567 14084
wolfSSL 7:481bce714567 14085 WOLFSSL_ENTER("VerifyClientSuite");
wolfSSL 7:481bce714567 14086
wolfSSL 7:481bce714567 14087 #ifndef NO_PSK
wolfSSL 7:481bce714567 14088 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 14089 #endif
wolfSSL 7:481bce714567 14090
wolfSSL 7:481bce714567 14091 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 7:481bce714567 14092 WOLFSSL_MSG("Requires PSK");
wolfSSL 7:481bce714567 14093 if (havePSK == 0) {
wolfSSL 7:481bce714567 14094 WOLFSSL_MSG("Don't have PSK");
wolfSSL 7:481bce714567 14095 return 0;
wolfSSL 7:481bce714567 14096 }
wolfSSL 7:481bce714567 14097 }
wolfSSL 7:481bce714567 14098
wolfSSL 7:481bce714567 14099 return 1; /* success */
wolfSSL 7:481bce714567 14100 }
wolfSSL 7:481bce714567 14101
wolfSSL 7:481bce714567 14102
wolfSSL 7:481bce714567 14103 #ifndef NO_CERTS
wolfSSL 7:481bce714567 14104 /* just read in and ignore for now TODO: */
wolfSSL 7:481bce714567 14105 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
wolfSSL 7:481bce714567 14106 inOutIdx, word32 size)
wolfSSL 7:481bce714567 14107 {
wolfSSL 7:481bce714567 14108 word16 len;
wolfSSL 7:481bce714567 14109 word32 begin = *inOutIdx;
wolfSSL 7:481bce714567 14110
wolfSSL 7:481bce714567 14111 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 14112 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 14113 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 14114 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 14115 AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 14116 #endif
wolfSSL 7:481bce714567 14117
wolfSSL 7:481bce714567 14118 if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL 7:481bce714567 14119 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14120
wolfSSL 7:481bce714567 14121 len = input[(*inOutIdx)++];
wolfSSL 7:481bce714567 14122
wolfSSL 7:481bce714567 14123 if ((*inOutIdx - begin) + len > size)
wolfSSL 7:481bce714567 14124 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14125
wolfSSL 7:481bce714567 14126 /* types, read in here */
wolfSSL 7:481bce714567 14127 *inOutIdx += len;
wolfSSL 7:481bce714567 14128
wolfSSL 7:481bce714567 14129 /* signature and hash signature algorithm */
wolfSSL 7:481bce714567 14130 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 14131 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 7:481bce714567 14132 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14133
wolfSSL 7:481bce714567 14134 ato16(input + *inOutIdx, &len);
wolfSSL 7:481bce714567 14135 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14136
wolfSSL 7:481bce714567 14137 if ((*inOutIdx - begin) + len > size)
wolfSSL 7:481bce714567 14138 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14139
wolfSSL 7:481bce714567 14140 PickHashSigAlgo(ssl, input + *inOutIdx, len);
wolfSSL 7:481bce714567 14141 *inOutIdx += len;
wolfSSL 7:481bce714567 14142 }
wolfSSL 7:481bce714567 14143
wolfSSL 7:481bce714567 14144 /* authorities */
wolfSSL 7:481bce714567 14145 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 7:481bce714567 14146 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14147
wolfSSL 7:481bce714567 14148 ato16(input + *inOutIdx, &len);
wolfSSL 7:481bce714567 14149 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14150
wolfSSL 7:481bce714567 14151 if ((*inOutIdx - begin) + len > size)
wolfSSL 7:481bce714567 14152 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14153
wolfSSL 7:481bce714567 14154 while (len) {
wolfSSL 7:481bce714567 14155 word16 dnSz;
wolfSSL 7:481bce714567 14156
wolfSSL 7:481bce714567 14157 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 7:481bce714567 14158 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14159
wolfSSL 7:481bce714567 14160 ato16(input + *inOutIdx, &dnSz);
wolfSSL 7:481bce714567 14161 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14162
wolfSSL 7:481bce714567 14163 if ((*inOutIdx - begin) + dnSz > size)
wolfSSL 7:481bce714567 14164 return BUFFER_ERROR;
wolfSSL 7:481bce714567 14165
wolfSSL 7:481bce714567 14166 *inOutIdx += dnSz;
wolfSSL 7:481bce714567 14167 len -= OPAQUE16_LEN + dnSz;
wolfSSL 7:481bce714567 14168 }
wolfSSL 7:481bce714567 14169
wolfSSL 7:481bce714567 14170 /* don't send client cert or cert verify if user hasn't provided
wolfSSL 7:481bce714567 14171 cert and private key */
wolfSSL 7:481bce714567 14172 if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
wolfSSL 7:481bce714567 14173 ssl->buffers.key && ssl->buffers.key->buffer)
wolfSSL 7:481bce714567 14174 ssl->options.sendVerify = SEND_CERT;
wolfSSL 7:481bce714567 14175 else if (IsTLS(ssl))
wolfSSL 7:481bce714567 14176 ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL 7:481bce714567 14177
wolfSSL 7:481bce714567 14178 if (IsEncryptionOn(ssl, 0))
wolfSSL 7:481bce714567 14179 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 14180
wolfSSL 7:481bce714567 14181 return 0;
wolfSSL 7:481bce714567 14182 }
wolfSSL 7:481bce714567 14183 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 14184
wolfSSL 7:481bce714567 14185
wolfSSL 7:481bce714567 14186 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 14187
wolfSSL 7:481bce714567 14188 static int CheckCurveId(int tlsCurveId)
wolfSSL 7:481bce714567 14189 {
wolfSSL 7:481bce714567 14190 int ret = ECC_CURVE_ERROR;
wolfSSL 7:481bce714567 14191
wolfSSL 7:481bce714567 14192 switch (tlsCurveId) {
wolfSSL 7:481bce714567 14193 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14194 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14195 case WOLFSSL_ECC_SECP160R1: return ECC_SECP160R1_OID;
wolfSSL 7:481bce714567 14196 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14197 #ifdef HAVE_ECC_SECPR2
wolfSSL 7:481bce714567 14198 case WOLFSSL_ECC_SECP160R2: return ECC_SECP160R2_OID;
wolfSSL 7:481bce714567 14199 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 7:481bce714567 14200 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 14201 case WOLFSSL_ECC_SECP160K1: return ECC_SECP160K1_OID;
wolfSSL 7:481bce714567 14202 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 14203 #endif
wolfSSL 7:481bce714567 14204 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14205 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14206 case WOLFSSL_ECC_SECP192R1: return ECC_SECP192R1_OID;
wolfSSL 7:481bce714567 14207 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14208 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 14209 case WOLFSSL_ECC_SECP192K1: return ECC_SECP192K1_OID;
wolfSSL 7:481bce714567 14210 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 14211 #endif
wolfSSL 7:481bce714567 14212 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14213 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14214 case WOLFSSL_ECC_SECP224R1: return ECC_SECP224R1_OID;
wolfSSL 7:481bce714567 14215 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14216 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 14217 case WOLFSSL_ECC_SECP224K1: return ECC_SECP224K1_OID;
wolfSSL 7:481bce714567 14218 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 14219 #endif
wolfSSL 7:481bce714567 14220 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14221 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14222 case WOLFSSL_ECC_SECP256R1: return ECC_SECP256R1_OID;
wolfSSL 7:481bce714567 14223 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14224 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 14225 case WOLFSSL_ECC_SECP256K1: return ECC_SECP256K1_OID;
wolfSSL 7:481bce714567 14226 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 14227 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 14228 case WOLFSSL_ECC_BRAINPOOLP256R1: return ECC_BRAINPOOLP256R1_OID;
wolfSSL 7:481bce714567 14229 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 14230 #endif
wolfSSL 7:481bce714567 14231 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14232 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14233 case WOLFSSL_ECC_SECP384R1: return ECC_SECP384R1_OID;
wolfSSL 7:481bce714567 14234 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14235 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 14236 case WOLFSSL_ECC_BRAINPOOLP384R1: return ECC_BRAINPOOLP384R1_OID;
wolfSSL 7:481bce714567 14237 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 14238 #endif
wolfSSL 7:481bce714567 14239 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14240 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 14241 case WOLFSSL_ECC_BRAINPOOLP512R1: return ECC_BRAINPOOLP512R1_OID;
wolfSSL 7:481bce714567 14242 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 14243 #endif
wolfSSL 7:481bce714567 14244 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 14245 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 14246 case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
wolfSSL 7:481bce714567 14247 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 14248 #endif
wolfSSL 7:481bce714567 14249 }
wolfSSL 7:481bce714567 14250
wolfSSL 7:481bce714567 14251 return ret;
wolfSSL 7:481bce714567 14252 }
wolfSSL 7:481bce714567 14253
wolfSSL 7:481bce714567 14254 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 14255
wolfSSL 7:481bce714567 14256
wolfSSL 7:481bce714567 14257 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wolfSSL 7:481bce714567 14258 word32* inOutIdx, word32 size)
wolfSSL 7:481bce714567 14259 {
wolfSSL 7:481bce714567 14260 int ret = 0;
wolfSSL 7:481bce714567 14261 word16 length = 0;
wolfSSL 7:481bce714567 14262 word32 idx = *inOutIdx, begin = *inOutIdx;
wolfSSL 7:481bce714567 14263 #ifndef NO_RSA
wolfSSL 7:481bce714567 14264 int typeH = 0;
wolfSSL 7:481bce714567 14265 #endif
wolfSSL 7:481bce714567 14266 byte* output = NULL;
wolfSSL 7:481bce714567 14267 byte sigAlgo = ssl->specs.sig_algo;
wolfSSL 7:481bce714567 14268 word16 sigSz = 0;
wolfSSL 7:481bce714567 14269 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 14270 byte* verifySig = NULL;
wolfSSL 7:481bce714567 14271 #endif
wolfSSL 7:481bce714567 14272
wolfSSL 7:481bce714567 14273 (void)output;
wolfSSL 7:481bce714567 14274 (void)sigAlgo;
wolfSSL 7:481bce714567 14275 (void)sigSz;
wolfSSL 7:481bce714567 14276
wolfSSL 7:481bce714567 14277 WOLFSSL_ENTER("DoServerKeyExchange");
wolfSSL 7:481bce714567 14278
wolfSSL 7:481bce714567 14279 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 14280 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 14281 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 14282 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 14283
wolfSSL 7:481bce714567 14284 /* Clear event */
wolfSSL 7:481bce714567 14285 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 14286
wolfSSL 7:481bce714567 14287 /* Check for error */
wolfSSL 7:481bce714567 14288 if (ret < 0) {
wolfSSL 7:481bce714567 14289 goto exit_dske;
wolfSSL 7:481bce714567 14290 }
wolfSSL 7:481bce714567 14291 else {
wolfSSL 7:481bce714567 14292 /* Restore variables needed for async */
wolfSSL 7:481bce714567 14293 idx = ssl->async.idx;
wolfSSL 7:481bce714567 14294 length = ssl->async.length;
wolfSSL 7:481bce714567 14295 output = ssl->async.output;
wolfSSL 7:481bce714567 14296 sigSz = ssl->async.sigSz;
wolfSSL 7:481bce714567 14297 #ifndef NO_RSA
wolfSSL 7:481bce714567 14298 typeH = ssl->async.hashAlgo;
wolfSSL 7:481bce714567 14299 #endif
wolfSSL 7:481bce714567 14300 sigAlgo = ssl->async.sigAlgo;
wolfSSL 7:481bce714567 14301 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 14302 verifySig = ssl->async.data;
wolfSSL 7:481bce714567 14303 #endif
wolfSSL 7:481bce714567 14304
wolfSSL 7:481bce714567 14305 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 14306 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 14307 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 14308 }
wolfSSL 7:481bce714567 14309 }
wolfSSL 7:481bce714567 14310 }
wolfSSL 7:481bce714567 14311 else
wolfSSL 7:481bce714567 14312 #endif
wolfSSL 7:481bce714567 14313 {
wolfSSL 7:481bce714567 14314 /* Reset state */
wolfSSL 7:481bce714567 14315 ret = 0;
wolfSSL 7:481bce714567 14316 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 14317 }
wolfSSL 7:481bce714567 14318
wolfSSL 7:481bce714567 14319 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 14320 {
wolfSSL 7:481bce714567 14321 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 14322 {
wolfSSL 7:481bce714567 14323 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 14324 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 14325 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 14326 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 14327 AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 14328 #endif
wolfSSL 7:481bce714567 14329
wolfSSL 7:481bce714567 14330 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 14331 {
wolfSSL 7:481bce714567 14332 #ifndef NO_PSK
wolfSSL 7:481bce714567 14333 case psk_kea:
wolfSSL 7:481bce714567 14334 {
wolfSSL 7:481bce714567 14335 int srvHintLen;
wolfSSL 7:481bce714567 14336
wolfSSL 7:481bce714567 14337 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14338 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14339 }
wolfSSL 7:481bce714567 14340
wolfSSL 7:481bce714567 14341 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14342 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14343
wolfSSL 7:481bce714567 14344 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14345 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14346 }
wolfSSL 7:481bce714567 14347
wolfSSL 7:481bce714567 14348 /* get PSK server hint from the wire */
wolfSSL 7:481bce714567 14349 srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
wolfSSL 7:481bce714567 14350 XMEMCPY(ssl->arrays->server_hint, input + idx, srvHintLen);
wolfSSL 7:481bce714567 14351 ssl->arrays->server_hint[srvHintLen] = 0;
wolfSSL 7:481bce714567 14352 idx += length;
wolfSSL 7:481bce714567 14353 break;
wolfSSL 7:481bce714567 14354 }
wolfSSL 7:481bce714567 14355 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 14356 #ifndef NO_DH
wolfSSL 7:481bce714567 14357 case diffie_hellman_kea:
wolfSSL 7:481bce714567 14358 {
wolfSSL 7:481bce714567 14359 /* p */
wolfSSL 7:481bce714567 14360 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14361 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14362 }
wolfSSL 7:481bce714567 14363
wolfSSL 7:481bce714567 14364 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14365 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14366
wolfSSL 7:481bce714567 14367 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14368 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14369 }
wolfSSL 7:481bce714567 14370
wolfSSL 7:481bce714567 14371 if (length < ssl->options.minDhKeySz) {
wolfSSL 7:481bce714567 14372 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 7:481bce714567 14373 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 7:481bce714567 14374 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 7:481bce714567 14375 }
wolfSSL 7:481bce714567 14376
wolfSSL 7:481bce714567 14377 ssl->buffers.serverDH_P.buffer =
wolfSSL 7:481bce714567 14378 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14379 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 7:481bce714567 14380 ssl->buffers.serverDH_P.length = length;
wolfSSL 7:481bce714567 14381 }
wolfSSL 7:481bce714567 14382 else {
wolfSSL 7:481bce714567 14383 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14384 }
wolfSSL 7:481bce714567 14385
wolfSSL 7:481bce714567 14386 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + idx, length);
wolfSSL 7:481bce714567 14387 idx += length;
wolfSSL 7:481bce714567 14388
wolfSSL 7:481bce714567 14389 ssl->options.dhKeySz = length;
wolfSSL 7:481bce714567 14390
wolfSSL 7:481bce714567 14391 /* g */
wolfSSL 7:481bce714567 14392 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14393 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14394 }
wolfSSL 7:481bce714567 14395
wolfSSL 7:481bce714567 14396 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14397 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14398
wolfSSL 7:481bce714567 14399 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14400 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14401 }
wolfSSL 7:481bce714567 14402
wolfSSL 7:481bce714567 14403 ssl->buffers.serverDH_G.buffer =
wolfSSL 7:481bce714567 14404 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14405 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 7:481bce714567 14406 ssl->buffers.serverDH_G.length = length;
wolfSSL 7:481bce714567 14407 }
wolfSSL 7:481bce714567 14408 else {
wolfSSL 7:481bce714567 14409 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14410 }
wolfSSL 7:481bce714567 14411
wolfSSL 7:481bce714567 14412 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + idx, length);
wolfSSL 7:481bce714567 14413 idx += length;
wolfSSL 7:481bce714567 14414
wolfSSL 7:481bce714567 14415 /* pub */
wolfSSL 7:481bce714567 14416 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14417 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14418 }
wolfSSL 7:481bce714567 14419
wolfSSL 7:481bce714567 14420 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14421 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14422
wolfSSL 7:481bce714567 14423 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14424 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14425 }
wolfSSL 7:481bce714567 14426
wolfSSL 7:481bce714567 14427 ssl->buffers.serverDH_Pub.buffer =
wolfSSL 7:481bce714567 14428 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14429 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 7:481bce714567 14430 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 7:481bce714567 14431 }
wolfSSL 7:481bce714567 14432 else {
wolfSSL 7:481bce714567 14433 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14434 }
wolfSSL 7:481bce714567 14435
wolfSSL 7:481bce714567 14436 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + idx, length);
wolfSSL 7:481bce714567 14437 idx += length;
wolfSSL 7:481bce714567 14438 break;
wolfSSL 7:481bce714567 14439 }
wolfSSL 7:481bce714567 14440 #endif /* !NO_DH */
wolfSSL 7:481bce714567 14441 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 14442 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 14443 {
wolfSSL 7:481bce714567 14444 byte b;
wolfSSL 7:481bce714567 14445 int curveId, curveOid;
wolfSSL 7:481bce714567 14446
wolfSSL 7:481bce714567 14447 if ((idx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size) {
wolfSSL 7:481bce714567 14448 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14449 }
wolfSSL 7:481bce714567 14450
wolfSSL 7:481bce714567 14451 b = input[idx++];
wolfSSL 7:481bce714567 14452 if (b != named_curve) {
wolfSSL 7:481bce714567 14453 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 7:481bce714567 14454 }
wolfSSL 7:481bce714567 14455
wolfSSL 7:481bce714567 14456 idx += 1; /* curve type, eat leading 0 */
wolfSSL 7:481bce714567 14457 b = input[idx++];
wolfSSL 7:481bce714567 14458 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 7:481bce714567 14459 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 7:481bce714567 14460 }
wolfSSL 7:481bce714567 14461
wolfSSL 7:481bce714567 14462 length = input[idx++];
wolfSSL 7:481bce714567 14463 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14464 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14465 }
wolfSSL 7:481bce714567 14466
wolfSSL 7:481bce714567 14467 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 14468 /* alloc/init on demand */
wolfSSL 7:481bce714567 14469 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 14470 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 14471 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 14472 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 7:481bce714567 14473 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 14474 }
wolfSSL 7:481bce714567 14475 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 7:481bce714567 14476 ssl->devId);
wolfSSL 7:481bce714567 14477 if (ret != 0) {
wolfSSL 7:481bce714567 14478 goto exit_dske;
wolfSSL 7:481bce714567 14479 }
wolfSSL 7:481bce714567 14480 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 7:481bce714567 14481 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 14482 ssl->peerEccKeyPresent = 0;
wolfSSL 7:481bce714567 14483 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 14484 if (ret != 0) {
wolfSSL 7:481bce714567 14485 goto exit_dske;
wolfSSL 7:481bce714567 14486 }
wolfSSL 7:481bce714567 14487 }
wolfSSL 7:481bce714567 14488
wolfSSL 7:481bce714567 14489 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 7:481bce714567 14490 if (wc_ecc_import_x963_ex(input + idx, length,
wolfSSL 7:481bce714567 14491 ssl->peerEccKey, curveId) != 0) {
wolfSSL 7:481bce714567 14492 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14493 }
wolfSSL 7:481bce714567 14494
wolfSSL 7:481bce714567 14495 idx += length;
wolfSSL 7:481bce714567 14496 ssl->peerEccKeyPresent = 1;
wolfSSL 7:481bce714567 14497 break;
wolfSSL 7:481bce714567 14498 }
wolfSSL 7:481bce714567 14499 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 14500 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 14501 case dhe_psk_kea:
wolfSSL 7:481bce714567 14502 {
wolfSSL 7:481bce714567 14503 int srvHintLen;
wolfSSL 7:481bce714567 14504
wolfSSL 7:481bce714567 14505 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14506 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14507 }
wolfSSL 7:481bce714567 14508
wolfSSL 7:481bce714567 14509 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14510 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14511
wolfSSL 7:481bce714567 14512 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14513 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14514 }
wolfSSL 7:481bce714567 14515
wolfSSL 7:481bce714567 14516 /* get PSK server hint from the wire */
wolfSSL 7:481bce714567 14517 srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
wolfSSL 7:481bce714567 14518 XMEMCPY(ssl->arrays->server_hint, input + idx, srvHintLen);
wolfSSL 7:481bce714567 14519 ssl->arrays->server_hint[srvHintLen] = 0;
wolfSSL 7:481bce714567 14520 idx += length;
wolfSSL 7:481bce714567 14521
wolfSSL 7:481bce714567 14522 /* p */
wolfSSL 7:481bce714567 14523 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14524 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14525 }
wolfSSL 7:481bce714567 14526
wolfSSL 7:481bce714567 14527 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14528 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14529
wolfSSL 7:481bce714567 14530 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14531 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14532 }
wolfSSL 7:481bce714567 14533
wolfSSL 7:481bce714567 14534 if (length < ssl->options.minDhKeySz) {
wolfSSL 7:481bce714567 14535 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 7:481bce714567 14536 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 7:481bce714567 14537 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 7:481bce714567 14538 }
wolfSSL 7:481bce714567 14539
wolfSSL 7:481bce714567 14540 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length,
wolfSSL 7:481bce714567 14541 ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14542 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 7:481bce714567 14543 ssl->buffers.serverDH_P.length = length;
wolfSSL 7:481bce714567 14544 }
wolfSSL 7:481bce714567 14545 else {
wolfSSL 7:481bce714567 14546 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14547 }
wolfSSL 7:481bce714567 14548
wolfSSL 7:481bce714567 14549 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + idx, length);
wolfSSL 7:481bce714567 14550 idx += length;
wolfSSL 7:481bce714567 14551
wolfSSL 7:481bce714567 14552 ssl->options.dhKeySz = length;
wolfSSL 7:481bce714567 14553
wolfSSL 7:481bce714567 14554 /* g */
wolfSSL 7:481bce714567 14555 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14556 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14557 }
wolfSSL 7:481bce714567 14558
wolfSSL 7:481bce714567 14559 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14560 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14561
wolfSSL 7:481bce714567 14562 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14563 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14564 }
wolfSSL 7:481bce714567 14565
wolfSSL 7:481bce714567 14566 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length,
wolfSSL 7:481bce714567 14567 ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14568 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 7:481bce714567 14569 ssl->buffers.serverDH_G.length = length;
wolfSSL 7:481bce714567 14570 }
wolfSSL 7:481bce714567 14571 else {
wolfSSL 7:481bce714567 14572 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14573 }
wolfSSL 7:481bce714567 14574
wolfSSL 7:481bce714567 14575 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + idx, length);
wolfSSL 7:481bce714567 14576 idx += length;
wolfSSL 7:481bce714567 14577
wolfSSL 7:481bce714567 14578 /* pub */
wolfSSL 7:481bce714567 14579 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14580 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14581 }
wolfSSL 7:481bce714567 14582
wolfSSL 7:481bce714567 14583 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14584 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14585
wolfSSL 7:481bce714567 14586 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14587 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14588 }
wolfSSL 7:481bce714567 14589
wolfSSL 7:481bce714567 14590 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length,
wolfSSL 7:481bce714567 14591 ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 14592 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 7:481bce714567 14593 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 7:481bce714567 14594 }
wolfSSL 7:481bce714567 14595 else {
wolfSSL 7:481bce714567 14596 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14597 }
wolfSSL 7:481bce714567 14598
wolfSSL 7:481bce714567 14599 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + idx, length);
wolfSSL 7:481bce714567 14600 idx += length;
wolfSSL 7:481bce714567 14601 break;
wolfSSL 7:481bce714567 14602 }
wolfSSL 7:481bce714567 14603 #endif /* !NO_DH || !NO_PSK */
wolfSSL 7:481bce714567 14604 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 14605 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 14606 {
wolfSSL 7:481bce714567 14607 byte b;
wolfSSL 7:481bce714567 14608 int curveOid, curveId;
wolfSSL 7:481bce714567 14609 int srvHintLen;
wolfSSL 7:481bce714567 14610
wolfSSL 7:481bce714567 14611 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14612 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14613 }
wolfSSL 7:481bce714567 14614
wolfSSL 7:481bce714567 14615 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14616 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14617
wolfSSL 7:481bce714567 14618 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14619 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14620 }
wolfSSL 7:481bce714567 14621
wolfSSL 7:481bce714567 14622 /* get PSK server hint from the wire */
wolfSSL 7:481bce714567 14623 srvHintLen = min(length, MAX_PSK_ID_LEN - 1);
wolfSSL 7:481bce714567 14624 XMEMCPY(ssl->arrays->server_hint, input + idx, srvHintLen);
wolfSSL 7:481bce714567 14625 ssl->arrays->server_hint[srvHintLen] = 0;
wolfSSL 7:481bce714567 14626
wolfSSL 7:481bce714567 14627 idx += length;
wolfSSL 7:481bce714567 14628
wolfSSL 7:481bce714567 14629 if ((idx - begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL 7:481bce714567 14630 OPAQUE8_LEN > size) {
wolfSSL 7:481bce714567 14631 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14632 }
wolfSSL 7:481bce714567 14633
wolfSSL 7:481bce714567 14634 /* Check curve name and ID */
wolfSSL 7:481bce714567 14635 b = input[idx++];
wolfSSL 7:481bce714567 14636 if (b != named_curve) {
wolfSSL 7:481bce714567 14637 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 7:481bce714567 14638 }
wolfSSL 7:481bce714567 14639
wolfSSL 7:481bce714567 14640 idx += 1; /* curve type, eat leading 0 */
wolfSSL 7:481bce714567 14641 b = input[idx++];
wolfSSL 7:481bce714567 14642 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 7:481bce714567 14643 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 7:481bce714567 14644 }
wolfSSL 7:481bce714567 14645
wolfSSL 7:481bce714567 14646 length = input[idx++];
wolfSSL 7:481bce714567 14647 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14648 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14649 }
wolfSSL 7:481bce714567 14650
wolfSSL 7:481bce714567 14651 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 14652 /* alloc/init on demand */
wolfSSL 7:481bce714567 14653 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 14654 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 14655 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 14656 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 7:481bce714567 14657 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 14658 }
wolfSSL 7:481bce714567 14659 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 14660 if (ret != 0) {
wolfSSL 7:481bce714567 14661 goto exit_dske;
wolfSSL 7:481bce714567 14662 }
wolfSSL 7:481bce714567 14663 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 7:481bce714567 14664 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 14665 ssl->peerEccKeyPresent = 0;
wolfSSL 7:481bce714567 14666 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 14667 if (ret != 0) {
wolfSSL 7:481bce714567 14668 goto exit_dske;
wolfSSL 7:481bce714567 14669 }
wolfSSL 7:481bce714567 14670 }
wolfSSL 7:481bce714567 14671
wolfSSL 7:481bce714567 14672 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 7:481bce714567 14673 if (wc_ecc_import_x963_ex(input + idx, length,
wolfSSL 7:481bce714567 14674 ssl->peerEccKey, curveId) != 0) {
wolfSSL 7:481bce714567 14675 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 7:481bce714567 14676 }
wolfSSL 7:481bce714567 14677
wolfSSL 7:481bce714567 14678 idx += length;
wolfSSL 7:481bce714567 14679 ssl->peerEccKeyPresent = 1;
wolfSSL 7:481bce714567 14680 break;
wolfSSL 7:481bce714567 14681 }
wolfSSL 7:481bce714567 14682 #endif /* HAVE_ECC || !NO_PSK */
wolfSSL 7:481bce714567 14683 default:
wolfSSL 7:481bce714567 14684 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 14685 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 14686
wolfSSL 7:481bce714567 14687 /* Check for error */
wolfSSL 7:481bce714567 14688 if (ret != 0) {
wolfSSL 7:481bce714567 14689 goto exit_dske;
wolfSSL 7:481bce714567 14690 }
wolfSSL 7:481bce714567 14691
wolfSSL 7:481bce714567 14692 /* Advance state and proceed */
wolfSSL 7:481bce714567 14693 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 14694 } /* case KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 14695
wolfSSL 7:481bce714567 14696 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 14697 {
wolfSSL 7:481bce714567 14698 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 14699 {
wolfSSL 7:481bce714567 14700 case psk_kea:
wolfSSL 7:481bce714567 14701 case dhe_psk_kea:
wolfSSL 7:481bce714567 14702 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 14703 {
wolfSSL 7:481bce714567 14704 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 14705 break;
wolfSSL 7:481bce714567 14706 }
wolfSSL 7:481bce714567 14707
wolfSSL 7:481bce714567 14708 case diffie_hellman_kea:
wolfSSL 7:481bce714567 14709 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 14710 {
wolfSSL 7:481bce714567 14711 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 7:481bce714567 14712 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 7:481bce714567 14713 #else
wolfSSL 7:481bce714567 14714 byte hashAlgo = sha_mac;
wolfSSL 7:481bce714567 14715 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 7:481bce714567 14716 word16 verifySz;
wolfSSL 7:481bce714567 14717
wolfSSL 7:481bce714567 14718 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 14719 break;
wolfSSL 7:481bce714567 14720 }
wolfSSL 7:481bce714567 14721
wolfSSL 7:481bce714567 14722 verifySz = (word16)(idx - begin);
wolfSSL 7:481bce714567 14723 if (verifySz > MAX_DH_SZ) {
wolfSSL 7:481bce714567 14724 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14725 }
wolfSSL 7:481bce714567 14726
wolfSSL 7:481bce714567 14727 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 14728 if ((idx - begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL 7:481bce714567 14729 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14730 }
wolfSSL 7:481bce714567 14731
wolfSSL 7:481bce714567 14732 hashAlgo = input[idx++];
wolfSSL 7:481bce714567 14733 sigAlgo = input[idx++];
wolfSSL 7:481bce714567 14734
wolfSSL 7:481bce714567 14735 switch (hashAlgo) {
wolfSSL 7:481bce714567 14736 case sha512_mac:
wolfSSL 7:481bce714567 14737 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 14738 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 7:481bce714567 14739 #endif
wolfSSL 7:481bce714567 14740 break;
wolfSSL 7:481bce714567 14741 case sha384_mac:
wolfSSL 7:481bce714567 14742 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 14743 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 7:481bce714567 14744 #endif
wolfSSL 7:481bce714567 14745 break;
wolfSSL 7:481bce714567 14746 case sha256_mac:
wolfSSL 7:481bce714567 14747 #ifndef NO_SHA256
wolfSSL 7:481bce714567 14748 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 7:481bce714567 14749 #endif
wolfSSL 7:481bce714567 14750 break;
wolfSSL 7:481bce714567 14751 case sha_mac:
wolfSSL 7:481bce714567 14752 #if !defined(NO_SHA) && \
wolfSSL 7:481bce714567 14753 (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 14754 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 14755 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 14756 #endif
wolfSSL 7:481bce714567 14757 break;
wolfSSL 7:481bce714567 14758 default:
wolfSSL 7:481bce714567 14759 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 7:481bce714567 14760 break;
wolfSSL 7:481bce714567 14761 }
wolfSSL 7:481bce714567 14762
wolfSSL 7:481bce714567 14763 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 7:481bce714567 14764 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 7:481bce714567 14765 }
wolfSSL 7:481bce714567 14766 } else {
wolfSSL 7:481bce714567 14767 /* only using sha and md5 for rsa */
wolfSSL 7:481bce714567 14768 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 14769 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 14770 if (sigAlgo == rsa_sa_algo) {
wolfSSL 7:481bce714567 14771 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 7:481bce714567 14772 }
wolfSSL 7:481bce714567 14773 #else
wolfSSL 7:481bce714567 14774 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 7:481bce714567 14775 #endif
wolfSSL 7:481bce714567 14776 }
wolfSSL 7:481bce714567 14777 #ifndef NO_RSA
wolfSSL 7:481bce714567 14778 typeH = wc_HashGetOID(hashType);
wolfSSL 7:481bce714567 14779 #endif
wolfSSL 7:481bce714567 14780
wolfSSL 7:481bce714567 14781 /* signature */
wolfSSL 7:481bce714567 14782 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 14783 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14784 }
wolfSSL 7:481bce714567 14785
wolfSSL 7:481bce714567 14786 ato16(input + idx, &length);
wolfSSL 7:481bce714567 14787 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 14788
wolfSSL 7:481bce714567 14789 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 14790 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 14791 }
wolfSSL 7:481bce714567 14792
wolfSSL 7:481bce714567 14793 /* buffer for signature */
wolfSSL 7:481bce714567 14794 ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
wolfSSL 7:481bce714567 14795 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14796 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 14797 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 14798 }
wolfSSL 7:481bce714567 14799 ssl->buffers.sig.length = SEED_LEN + verifySz;
wolfSSL 7:481bce714567 14800
wolfSSL 7:481bce714567 14801 /* buffer for hash */
wolfSSL 7:481bce714567 14802 ssl->buffers.digest.length = wc_HashGetDigestSize(hashType);
wolfSSL 7:481bce714567 14803 ssl->buffers.digest.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 14804 ssl->buffers.digest.length, ssl->heap,
wolfSSL 7:481bce714567 14805 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14806 if (ssl->buffers.digest.buffer == NULL) {
wolfSSL 7:481bce714567 14807 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 14808 }
wolfSSL 7:481bce714567 14809
wolfSSL 7:481bce714567 14810 /* build message to hash */
wolfSSL 7:481bce714567 14811 XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 14812 ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 7:481bce714567 14813 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN],
wolfSSL 7:481bce714567 14814 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 7:481bce714567 14815 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2],
wolfSSL 7:481bce714567 14816 input + begin, verifySz); /* message */
wolfSSL 7:481bce714567 14817
wolfSSL 7:481bce714567 14818 /* Perform hash */
wolfSSL 7:481bce714567 14819 ret = wc_Hash(hashType,
wolfSSL 7:481bce714567 14820 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 7:481bce714567 14821 ssl->buffers.digest.buffer, ssl->buffers.digest.length);
wolfSSL 7:481bce714567 14822 if (ret != 0) {
wolfSSL 7:481bce714567 14823 goto exit_dske;
wolfSSL 7:481bce714567 14824 }
wolfSSL 7:481bce714567 14825
wolfSSL 7:481bce714567 14826 switch (sigAlgo)
wolfSSL 7:481bce714567 14827 {
wolfSSL 7:481bce714567 14828 #ifndef NO_RSA
wolfSSL 7:481bce714567 14829 case rsa_sa_algo:
wolfSSL 7:481bce714567 14830 {
wolfSSL 7:481bce714567 14831 if (ssl->peerRsaKey == NULL ||
wolfSSL 7:481bce714567 14832 !ssl->peerRsaKeyPresent) {
wolfSSL 7:481bce714567 14833 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 7:481bce714567 14834 }
wolfSSL 7:481bce714567 14835 break;
wolfSSL 7:481bce714567 14836 }
wolfSSL 7:481bce714567 14837 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 14838 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 14839 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 14840 {
wolfSSL 7:481bce714567 14841 if (!ssl->peerEccDsaKeyPresent) {
wolfSSL 7:481bce714567 14842 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 7:481bce714567 14843 }
wolfSSL 7:481bce714567 14844 break;
wolfSSL 7:481bce714567 14845 }
wolfSSL 7:481bce714567 14846 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 14847
wolfSSL 7:481bce714567 14848 default:
wolfSSL 7:481bce714567 14849 ret = ALGO_ID_E;
wolfSSL 7:481bce714567 14850 } /* switch (sigAlgo) */
wolfSSL 7:481bce714567 14851
wolfSSL 7:481bce714567 14852 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 7:481bce714567 14853 break;
wolfSSL 7:481bce714567 14854 }
wolfSSL 7:481bce714567 14855 default:
wolfSSL 7:481bce714567 14856 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 14857 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 14858
wolfSSL 7:481bce714567 14859 /* Check for error */
wolfSSL 7:481bce714567 14860 if (ret != 0) {
wolfSSL 7:481bce714567 14861 goto exit_dske;
wolfSSL 7:481bce714567 14862 }
wolfSSL 7:481bce714567 14863
wolfSSL 7:481bce714567 14864 /* Advance state and proceed */
wolfSSL 7:481bce714567 14865 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 14866 } /* case KEYSHARE_BUILD */
wolfSSL 7:481bce714567 14867
wolfSSL 7:481bce714567 14868 case KEYSHARE_DO:
wolfSSL 7:481bce714567 14869 {
wolfSSL 7:481bce714567 14870 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 14871 {
wolfSSL 7:481bce714567 14872 case psk_kea:
wolfSSL 7:481bce714567 14873 case dhe_psk_kea:
wolfSSL 7:481bce714567 14874 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 14875 {
wolfSSL 7:481bce714567 14876 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 14877 break;
wolfSSL 7:481bce714567 14878 }
wolfSSL 7:481bce714567 14879
wolfSSL 7:481bce714567 14880 case diffie_hellman_kea:
wolfSSL 7:481bce714567 14881 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 14882 {
wolfSSL 7:481bce714567 14883 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 7:481bce714567 14884 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 7:481bce714567 14885 #else
wolfSSL 7:481bce714567 14886 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 14887 break;
wolfSSL 7:481bce714567 14888 }
wolfSSL 7:481bce714567 14889
wolfSSL 7:481bce714567 14890 if (verifySig == NULL) {
wolfSSL 7:481bce714567 14891 verifySig = (byte*)XMALLOC(length, ssl->heap,
wolfSSL 7:481bce714567 14892 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 14893 if (!verifySig) {
wolfSSL 7:481bce714567 14894 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 14895 }
wolfSSL 7:481bce714567 14896 XMEMCPY(verifySig, input + idx, length);
wolfSSL 7:481bce714567 14897 }
wolfSSL 7:481bce714567 14898
wolfSSL 7:481bce714567 14899 switch (sigAlgo)
wolfSSL 7:481bce714567 14900 {
wolfSSL 7:481bce714567 14901 #ifndef NO_RSA
wolfSSL 7:481bce714567 14902 case rsa_sa_algo:
wolfSSL 7:481bce714567 14903 {
wolfSSL 7:481bce714567 14904 ret = RsaVerify(ssl,
wolfSSL 7:481bce714567 14905 verifySig, length,
wolfSSL 7:481bce714567 14906 &output,
wolfSSL 7:481bce714567 14907 ssl->peerRsaKey,
wolfSSL 7:481bce714567 14908 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 14909 ssl->buffers.peerRsaKey.buffer,
wolfSSL 7:481bce714567 14910 ssl->buffers.peerRsaKey.length,
wolfSSL 7:481bce714567 14911 ssl->RsaVerifyCtx
wolfSSL 7:481bce714567 14912 #else
wolfSSL 7:481bce714567 14913 NULL, 0, NULL
wolfSSL 7:481bce714567 14914 #endif
wolfSSL 7:481bce714567 14915 );
wolfSSL 7:481bce714567 14916
wolfSSL 7:481bce714567 14917 if (ret >= 0) {
wolfSSL 7:481bce714567 14918 sigSz = (word16)ret;
wolfSSL 7:481bce714567 14919 ret = 0;
wolfSSL 7:481bce714567 14920 }
wolfSSL 7:481bce714567 14921 break;
wolfSSL 7:481bce714567 14922 }
wolfSSL 7:481bce714567 14923 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 14924 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 14925 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 14926 {
wolfSSL 7:481bce714567 14927 ret = EccVerify(ssl,
wolfSSL 7:481bce714567 14928 verifySig, length,
wolfSSL 7:481bce714567 14929 ssl->buffers.digest.buffer,
wolfSSL 7:481bce714567 14930 ssl->buffers.digest.length,
wolfSSL 7:481bce714567 14931 ssl->peerEccDsaKey,
wolfSSL 7:481bce714567 14932 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 14933 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 7:481bce714567 14934 ssl->buffers.peerEccDsaKey.length,
wolfSSL 7:481bce714567 14935 ssl->EccVerifyCtx
wolfSSL 7:481bce714567 14936 #else
wolfSSL 7:481bce714567 14937 NULL, 0, NULL
wolfSSL 7:481bce714567 14938 #endif
wolfSSL 7:481bce714567 14939 );
wolfSSL 7:481bce714567 14940 break;
wolfSSL 7:481bce714567 14941 }
wolfSSL 7:481bce714567 14942 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 14943
wolfSSL 7:481bce714567 14944 default:
wolfSSL 7:481bce714567 14945 ret = ALGO_ID_E;
wolfSSL 7:481bce714567 14946 } /* switch (sigAlgo) */
wolfSSL 7:481bce714567 14947 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 7:481bce714567 14948 break;
wolfSSL 7:481bce714567 14949 }
wolfSSL 7:481bce714567 14950 default:
wolfSSL 7:481bce714567 14951 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 14952 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 14953
wolfSSL 7:481bce714567 14954 /* Check for error */
wolfSSL 7:481bce714567 14955 if (ret != 0) {
wolfSSL 7:481bce714567 14956 goto exit_dske;
wolfSSL 7:481bce714567 14957 }
wolfSSL 7:481bce714567 14958
wolfSSL 7:481bce714567 14959 /* Advance state and proceed */
wolfSSL 7:481bce714567 14960 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 14961 } /* case KEYSHARE_DO */
wolfSSL 7:481bce714567 14962
wolfSSL 7:481bce714567 14963 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 14964 {
wolfSSL 7:481bce714567 14965 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 14966 {
wolfSSL 7:481bce714567 14967 case psk_kea:
wolfSSL 7:481bce714567 14968 case dhe_psk_kea:
wolfSSL 7:481bce714567 14969 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 14970 {
wolfSSL 7:481bce714567 14971 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 14972 break;
wolfSSL 7:481bce714567 14973 }
wolfSSL 7:481bce714567 14974
wolfSSL 7:481bce714567 14975 case diffie_hellman_kea:
wolfSSL 7:481bce714567 14976 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 14977 {
wolfSSL 7:481bce714567 14978 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 7:481bce714567 14979 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 7:481bce714567 14980 #else
wolfSSL 7:481bce714567 14981 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 14982 break;
wolfSSL 7:481bce714567 14983 }
wolfSSL 7:481bce714567 14984
wolfSSL 7:481bce714567 14985 /* increment index after verify is done */
wolfSSL 7:481bce714567 14986 idx += length;
wolfSSL 7:481bce714567 14987
wolfSSL 7:481bce714567 14988 switch(sigAlgo)
wolfSSL 7:481bce714567 14989 {
wolfSSL 7:481bce714567 14990 #ifndef NO_RSA
wolfSSL 7:481bce714567 14991 case rsa_sa_algo:
wolfSSL 7:481bce714567 14992 {
wolfSSL 7:481bce714567 14993 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 14994 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 14995 byte* encodedSig = NULL;
wolfSSL 7:481bce714567 14996 #else
wolfSSL 7:481bce714567 14997 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 7:481bce714567 14998 #endif
wolfSSL 7:481bce714567 14999 word32 encSigSz;
wolfSSL 7:481bce714567 15000
wolfSSL 7:481bce714567 15001 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15002 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL 7:481bce714567 15003 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15004 if (encodedSig == NULL) {
wolfSSL 7:481bce714567 15005 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 7:481bce714567 15006 }
wolfSSL 7:481bce714567 15007 #endif
wolfSSL 7:481bce714567 15008
wolfSSL 7:481bce714567 15009 encSigSz = wc_EncodeSignature(encodedSig,
wolfSSL 7:481bce714567 15010 ssl->buffers.digest.buffer,
wolfSSL 7:481bce714567 15011 ssl->buffers.digest.length, typeH);
wolfSSL 7:481bce714567 15012 if (encSigSz != sigSz || !output ||
wolfSSL 7:481bce714567 15013 XMEMCMP(output, encodedSig,
wolfSSL 7:481bce714567 15014 min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 7:481bce714567 15015 ret = VERIFY_SIGN_ERROR;
wolfSSL 7:481bce714567 15016 }
wolfSSL 7:481bce714567 15017 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 15018 XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15019 #endif
wolfSSL 7:481bce714567 15020 if (ret != 0) {
wolfSSL 7:481bce714567 15021 goto exit_dske;
wolfSSL 7:481bce714567 15022 }
wolfSSL 7:481bce714567 15023 }
wolfSSL 7:481bce714567 15024 else if (sigSz != FINISHED_SZ || !output ||
wolfSSL 7:481bce714567 15025 XMEMCMP(output, ssl->buffers.digest.buffer,
wolfSSL 7:481bce714567 15026 FINISHED_SZ) != 0) {
wolfSSL 7:481bce714567 15027 ERROR_OUT(VERIFY_SIGN_ERROR, exit_dske);
wolfSSL 7:481bce714567 15028 }
wolfSSL 7:481bce714567 15029 break;
wolfSSL 7:481bce714567 15030 }
wolfSSL 7:481bce714567 15031 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 15032 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 15033 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 15034 /* Nothing to do in this algo */
wolfSSL 7:481bce714567 15035 break;
wolfSSL 7:481bce714567 15036 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 15037 default:
wolfSSL 7:481bce714567 15038 ret = ALGO_ID_E;
wolfSSL 7:481bce714567 15039 } /* switch (sigAlgo) */
wolfSSL 7:481bce714567 15040 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 7:481bce714567 15041 break;
wolfSSL 7:481bce714567 15042 }
wolfSSL 7:481bce714567 15043 default:
wolfSSL 7:481bce714567 15044 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 15045 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 15046
wolfSSL 7:481bce714567 15047 /* Check for error */
wolfSSL 7:481bce714567 15048 if (ret != 0) {
wolfSSL 7:481bce714567 15049 goto exit_dske;
wolfSSL 7:481bce714567 15050 }
wolfSSL 7:481bce714567 15051
wolfSSL 7:481bce714567 15052 /* Advance state and proceed */
wolfSSL 7:481bce714567 15053 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 15054 } /* case KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 15055
wolfSSL 7:481bce714567 15056 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 15057 {
wolfSSL 7:481bce714567 15058 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 15059 idx += ssl->keys.padSz;
wolfSSL 7:481bce714567 15060 }
wolfSSL 7:481bce714567 15061
wolfSSL 7:481bce714567 15062 /* QSH extensions */
wolfSSL 7:481bce714567 15063 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 15064 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 15065 word16 name;
wolfSSL 7:481bce714567 15066 int qshSz;
wolfSSL 7:481bce714567 15067
wolfSSL 7:481bce714567 15068 /* extension name */
wolfSSL 7:481bce714567 15069 ato16(input + idx, &name);
wolfSSL 7:481bce714567 15070 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 15071
wolfSSL 7:481bce714567 15072 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 7:481bce714567 15073 /* if qshSz is larger than 0 it is the length of
wolfSSL 7:481bce714567 15074 buffer used */
wolfSSL 7:481bce714567 15075 if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + idx,
wolfSSL 7:481bce714567 15076 size, 0)) < 0) {
wolfSSL 7:481bce714567 15077 ERROR_OUT(qshSz, exit_dske);
wolfSSL 7:481bce714567 15078 }
wolfSSL 7:481bce714567 15079 idx += qshSz;
wolfSSL 7:481bce714567 15080 }
wolfSSL 7:481bce714567 15081 else {
wolfSSL 7:481bce714567 15082 /* unknown extension sent server ignored handshake */
wolfSSL 7:481bce714567 15083 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 7:481bce714567 15084 }
wolfSSL 7:481bce714567 15085 }
wolfSSL 7:481bce714567 15086 #endif
wolfSSL 7:481bce714567 15087
wolfSSL 7:481bce714567 15088 /* Check for error */
wolfSSL 7:481bce714567 15089 if (ret != 0) {
wolfSSL 7:481bce714567 15090 goto exit_dske;
wolfSSL 7:481bce714567 15091 }
wolfSSL 7:481bce714567 15092
wolfSSL 7:481bce714567 15093 /* Advance state and proceed */
wolfSSL 7:481bce714567 15094 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 15095 } /* case KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 15096
wolfSSL 7:481bce714567 15097 case KEYSHARE_END:
wolfSSL 7:481bce714567 15098 {
wolfSSL 7:481bce714567 15099 /* return index */
wolfSSL 7:481bce714567 15100 *inOutIdx = idx;
wolfSSL 7:481bce714567 15101
wolfSSL 7:481bce714567 15102 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 15103 break;
wolfSSL 7:481bce714567 15104 }
wolfSSL 7:481bce714567 15105 default:
wolfSSL 7:481bce714567 15106 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 15107 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 15108
wolfSSL 7:481bce714567 15109 exit_dske:
wolfSSL 7:481bce714567 15110
wolfSSL 7:481bce714567 15111 WOLFSSL_LEAVE("DoServerKeyExchange", ret);
wolfSSL 7:481bce714567 15112
wolfSSL 7:481bce714567 15113 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 15114
wolfSSL 7:481bce714567 15115 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 15116 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 15117 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 15118 /* Store variables needed for async */
wolfSSL 7:481bce714567 15119 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 15120 ssl->async.idx = idx;
wolfSSL 7:481bce714567 15121 ssl->async.length = length;
wolfSSL 7:481bce714567 15122 ssl->async.output = output;
wolfSSL 7:481bce714567 15123 ssl->async.sigSz = sigSz;
wolfSSL 7:481bce714567 15124 #ifndef NO_RSA
wolfSSL 7:481bce714567 15125 ssl->async.hashAlgo = typeH;
wolfSSL 7:481bce714567 15126 #endif
wolfSSL 7:481bce714567 15127 ssl->async.sigAlgo = sigAlgo;
wolfSSL 7:481bce714567 15128 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 15129 ssl->async.data = verifySig;
wolfSSL 7:481bce714567 15130 #endif
wolfSSL 7:481bce714567 15131
wolfSSL 7:481bce714567 15132 /* Mark message as not recevied so it can process again */
wolfSSL 7:481bce714567 15133 ssl->msgsReceived.got_server_key_exchange = 0;
wolfSSL 7:481bce714567 15134
wolfSSL 7:481bce714567 15135 /* Push event to queue */
wolfSSL 7:481bce714567 15136 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 15137 if (ret == 0) {
wolfSSL 7:481bce714567 15138 return WC_PENDING_E;
wolfSSL 7:481bce714567 15139 }
wolfSSL 7:481bce714567 15140 }
wolfSSL 7:481bce714567 15141 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 15142
wolfSSL 7:481bce714567 15143 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 15144 if (verifySig) {
wolfSSL 7:481bce714567 15145 XFREE(verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15146 verifySig = NULL;
wolfSSL 7:481bce714567 15147 }
wolfSSL 7:481bce714567 15148 #endif
wolfSSL 7:481bce714567 15149
wolfSSL 7:481bce714567 15150 /* Final cleanup */
wolfSSL 7:481bce714567 15151 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 15152
wolfSSL 7:481bce714567 15153 return ret;
wolfSSL 7:481bce714567 15154 }
wolfSSL 7:481bce714567 15155
wolfSSL 7:481bce714567 15156
wolfSSL 7:481bce714567 15157 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 15158
wolfSSL 7:481bce714567 15159 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15160 /* Encrypt a byte array using ntru
wolfSSL 7:481bce714567 15161 key a struct containing the public key to use
wolfSSL 7:481bce714567 15162 bufIn array to be encrypted
wolfSSL 7:481bce714567 15163 inSz size of bufIn array
wolfSSL 7:481bce714567 15164 bufOut cipher text out
wolfSSL 7:481bce714567 15165 outSz will be set to the new size of cipher text
wolfSSL 7:481bce714567 15166 */
wolfSSL 7:481bce714567 15167 static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 7:481bce714567 15168 byte* bufOut, word16* outSz)
wolfSSL 7:481bce714567 15169 {
wolfSSL 7:481bce714567 15170 int ret;
wolfSSL 7:481bce714567 15171 DRBG_HANDLE drbg;
wolfSSL 7:481bce714567 15172
wolfSSL 7:481bce714567 15173 /* sanity checks on input arguments */
wolfSSL 7:481bce714567 15174 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 7:481bce714567 15175 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 15176
wolfSSL 7:481bce714567 15177 if (key->pub.buffer == NULL)
wolfSSL 7:481bce714567 15178 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 15179
wolfSSL 7:481bce714567 15180 switch (key->name) {
wolfSSL 7:481bce714567 15181 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 15182 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 15183 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 15184 break;
wolfSSL 7:481bce714567 15185 default:
wolfSSL 7:481bce714567 15186 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 7:481bce714567 15187 return -1;
wolfSSL 7:481bce714567 15188 }
wolfSSL 7:481bce714567 15189
wolfSSL 7:481bce714567 15190 /* set up ntru drbg */
wolfSSL 7:481bce714567 15191 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 7:481bce714567 15192 if (ret != DRBG_OK)
wolfSSL 7:481bce714567 15193 return NTRU_DRBG_ERROR;
wolfSSL 7:481bce714567 15194
wolfSSL 7:481bce714567 15195 /* encrypt the byte array */
wolfSSL 7:481bce714567 15196 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
wolfSSL 7:481bce714567 15197 inSz, bufIn, outSz, bufOut);
wolfSSL 7:481bce714567 15198 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 7:481bce714567 15199 if (ret != NTRU_OK)
wolfSSL 7:481bce714567 15200 return NTRU_ENCRYPT_ERROR;
wolfSSL 7:481bce714567 15201
wolfSSL 7:481bce714567 15202 return ret;
wolfSSL 7:481bce714567 15203 }
wolfSSL 7:481bce714567 15204
wolfSSL 7:481bce714567 15205 /* Decrypt a byte array using ntru
wolfSSL 7:481bce714567 15206 key a struct containing the private key to use
wolfSSL 7:481bce714567 15207 bufIn array to be decrypted
wolfSSL 7:481bce714567 15208 inSz size of bufIn array
wolfSSL 7:481bce714567 15209 bufOut plain text out
wolfSSL 7:481bce714567 15210 outSz will be set to the new size of plain text
wolfSSL 7:481bce714567 15211 */
wolfSSL 7:481bce714567 15212
wolfSSL 7:481bce714567 15213 static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 7:481bce714567 15214 byte* bufOut, word16* outSz)
wolfSSL 7:481bce714567 15215 {
wolfSSL 7:481bce714567 15216 int ret;
wolfSSL 7:481bce714567 15217 DRBG_HANDLE drbg;
wolfSSL 7:481bce714567 15218
wolfSSL 7:481bce714567 15219 /* sanity checks on input arguments */
wolfSSL 7:481bce714567 15220 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 7:481bce714567 15221 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 15222
wolfSSL 7:481bce714567 15223 if (key->pri.buffer == NULL)
wolfSSL 7:481bce714567 15224 return BAD_FUNC_ARG;
wolfSSL 7:481bce714567 15225
wolfSSL 7:481bce714567 15226 switch (key->name) {
wolfSSL 7:481bce714567 15227 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 15228 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 15229 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 15230 break;
wolfSSL 7:481bce714567 15231 default:
wolfSSL 7:481bce714567 15232 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 7:481bce714567 15233 return -1;
wolfSSL 7:481bce714567 15234 }
wolfSSL 7:481bce714567 15235
wolfSSL 7:481bce714567 15236
wolfSSL 7:481bce714567 15237 /* set up drbg */
wolfSSL 7:481bce714567 15238 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 7:481bce714567 15239 if (ret != DRBG_OK)
wolfSSL 7:481bce714567 15240 return NTRU_DRBG_ERROR;
wolfSSL 7:481bce714567 15241
wolfSSL 7:481bce714567 15242 /* decrypt cipher text */
wolfSSL 7:481bce714567 15243 ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
wolfSSL 7:481bce714567 15244 inSz, bufIn, outSz, bufOut);
wolfSSL 7:481bce714567 15245 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 7:481bce714567 15246 if (ret != NTRU_OK)
wolfSSL 7:481bce714567 15247 return NTRU_ENCRYPT_ERROR;
wolfSSL 7:481bce714567 15248
wolfSSL 7:481bce714567 15249 return ret;
wolfSSL 7:481bce714567 15250 }
wolfSSL 7:481bce714567 15251 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 15252
wolfSSL 7:481bce714567 15253 int QSH_Init(WOLFSSL* ssl)
wolfSSL 7:481bce714567 15254 {
wolfSSL 7:481bce714567 15255 /* check so not initialising twice when running DTLS */
wolfSSL 7:481bce714567 15256 if (ssl->QSH_secret != NULL)
wolfSSL 7:481bce714567 15257 return 0;
wolfSSL 7:481bce714567 15258
wolfSSL 7:481bce714567 15259 /* malloc memory for holding generated secret information */
wolfSSL 7:481bce714567 15260 if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
wolfSSL 7:481bce714567 15261 DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 7:481bce714567 15262 return MEMORY_E;
wolfSSL 7:481bce714567 15263
wolfSSL 7:481bce714567 15264 ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 7:481bce714567 15265 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15266 if (ssl->QSH_secret->CliSi == NULL)
wolfSSL 7:481bce714567 15267 return MEMORY_E;
wolfSSL 7:481bce714567 15268
wolfSSL 7:481bce714567 15269 ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 7:481bce714567 15270 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15271 if (ssl->QSH_secret->SerSi == NULL)
wolfSSL 7:481bce714567 15272 return MEMORY_E;
wolfSSL 7:481bce714567 15273
wolfSSL 7:481bce714567 15274 /* initialize variables */
wolfSSL 7:481bce714567 15275 ssl->QSH_secret->list = NULL;
wolfSSL 7:481bce714567 15276 ssl->QSH_secret->CliSi->length = 0;
wolfSSL 7:481bce714567 15277 ssl->QSH_secret->CliSi->buffer = NULL;
wolfSSL 7:481bce714567 15278 ssl->QSH_secret->SerSi->length = 0;
wolfSSL 7:481bce714567 15279 ssl->QSH_secret->SerSi->buffer = NULL;
wolfSSL 7:481bce714567 15280
wolfSSL 7:481bce714567 15281 return 0;
wolfSSL 7:481bce714567 15282 }
wolfSSL 7:481bce714567 15283
wolfSSL 7:481bce714567 15284
wolfSSL 7:481bce714567 15285 static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL 7:481bce714567 15286 byte* out, word32* szOut)
wolfSSL 7:481bce714567 15287 {
wolfSSL 7:481bce714567 15288 int ret = 0;
wolfSSL 7:481bce714567 15289 word16 size = *szOut;
wolfSSL 7:481bce714567 15290
wolfSSL 7:481bce714567 15291 WOLFSSL_MSG("Encrypting QSH key material");
wolfSSL 7:481bce714567 15292
wolfSSL 7:481bce714567 15293 switch (key->name) {
wolfSSL 7:481bce714567 15294 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15295 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 15296 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 15297 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 15298 ret = NtruSecretEncrypt(key, in, szIn, out, &size);
wolfSSL 7:481bce714567 15299 break;
wolfSSL 7:481bce714567 15300 #endif
wolfSSL 7:481bce714567 15301 default:
wolfSSL 7:481bce714567 15302 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 7:481bce714567 15303 return -1;
wolfSSL 7:481bce714567 15304 }
wolfSSL 7:481bce714567 15305
wolfSSL 7:481bce714567 15306 *szOut = size;
wolfSSL 7:481bce714567 15307
wolfSSL 7:481bce714567 15308 return ret;
wolfSSL 7:481bce714567 15309 }
wolfSSL 7:481bce714567 15310
wolfSSL 7:481bce714567 15311
wolfSSL 7:481bce714567 15312 /* Decrypt using Quantum Safe Handshake algorithms */
wolfSSL 7:481bce714567 15313 int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL 7:481bce714567 15314 byte* out, word16* szOut)
wolfSSL 7:481bce714567 15315 {
wolfSSL 7:481bce714567 15316 int ret = 0;
wolfSSL 7:481bce714567 15317 word16 size = *szOut;
wolfSSL 7:481bce714567 15318
wolfSSL 7:481bce714567 15319 WOLFSSL_MSG("Decrypting QSH key material");
wolfSSL 7:481bce714567 15320
wolfSSL 7:481bce714567 15321 switch (key->name) {
wolfSSL 7:481bce714567 15322 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15323 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 15324 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 15325 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 15326 ret = NtruSecretDecrypt(key, in, szIn, out, &size);
wolfSSL 7:481bce714567 15327 break;
wolfSSL 7:481bce714567 15328 #endif
wolfSSL 7:481bce714567 15329 default:
wolfSSL 7:481bce714567 15330 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 7:481bce714567 15331 return -1;
wolfSSL 7:481bce714567 15332 }
wolfSSL 7:481bce714567 15333
wolfSSL 7:481bce714567 15334 *szOut = size;
wolfSSL 7:481bce714567 15335
wolfSSL 7:481bce714567 15336 return ret;
wolfSSL 7:481bce714567 15337 }
wolfSSL 7:481bce714567 15338
wolfSSL 7:481bce714567 15339
wolfSSL 7:481bce714567 15340 /* Get the max cipher text for corresponding encryption scheme
wolfSSL 7:481bce714567 15341 (encrypting 48 or max plain text whichever is smaller)
wolfSSL 7:481bce714567 15342 */
wolfSSL 7:481bce714567 15343 static word32 QSH_MaxSecret(QSHKey* key)
wolfSSL 7:481bce714567 15344 {
wolfSSL 7:481bce714567 15345 byte isNtru = 0;
wolfSSL 7:481bce714567 15346 word16 inSz = 48;
wolfSSL 7:481bce714567 15347 word16 outSz;
wolfSSL 7:481bce714567 15348 DRBG_HANDLE drbg = 0;
wolfSSL 7:481bce714567 15349 byte bufIn[48];
wolfSSL 7:481bce714567 15350 int ret = 0;
wolfSSL 7:481bce714567 15351
wolfSSL 7:481bce714567 15352 if (key == NULL || key->pub.length == 0)
wolfSSL 7:481bce714567 15353 return 0;
wolfSSL 7:481bce714567 15354
wolfSSL 7:481bce714567 15355 switch(key->name) {
wolfSSL 7:481bce714567 15356 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15357 case WOLFSSL_NTRU_EESS439:
wolfSSL 7:481bce714567 15358 isNtru = 1;
wolfSSL 7:481bce714567 15359 break;
wolfSSL 7:481bce714567 15360 case WOLFSSL_NTRU_EESS593:
wolfSSL 7:481bce714567 15361 isNtru = 1;
wolfSSL 7:481bce714567 15362 break;
wolfSSL 7:481bce714567 15363 case WOLFSSL_NTRU_EESS743:
wolfSSL 7:481bce714567 15364 isNtru = 1;
wolfSSL 7:481bce714567 15365 break;
wolfSSL 7:481bce714567 15366 #endif
wolfSSL 7:481bce714567 15367 default:
wolfSSL 7:481bce714567 15368 WOLFSSL_MSG("Unknown QSH encryption scheme size!");
wolfSSL 7:481bce714567 15369 return 0;
wolfSSL 7:481bce714567 15370 }
wolfSSL 7:481bce714567 15371
wolfSSL 7:481bce714567 15372 if (isNtru) {
wolfSSL 7:481bce714567 15373 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 7:481bce714567 15374 if (ret != DRBG_OK)
wolfSSL 7:481bce714567 15375 return NTRU_DRBG_ERROR;
wolfSSL 7:481bce714567 15376 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
wolfSSL 7:481bce714567 15377 key->pub.buffer, inSz, bufIn, &outSz, NULL);
wolfSSL 7:481bce714567 15378 if (ret != NTRU_OK) {
wolfSSL 7:481bce714567 15379 return NTRU_ENCRYPT_ERROR;
wolfSSL 7:481bce714567 15380 }
wolfSSL 7:481bce714567 15381 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 7:481bce714567 15382 return outSz;
wolfSSL 7:481bce714567 15383 }
wolfSSL 7:481bce714567 15384
wolfSSL 7:481bce714567 15385 return 0;
wolfSSL 7:481bce714567 15386 }
wolfSSL 7:481bce714567 15387
wolfSSL 7:481bce714567 15388 /* Generate the secret byte material for pms
wolfSSL 7:481bce714567 15389 returns length on success and -1 on fail
wolfSSL 7:481bce714567 15390 */
wolfSSL 7:481bce714567 15391 static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
wolfSSL 7:481bce714567 15392 {
wolfSSL 7:481bce714567 15393 int sz = 0;
wolfSSL 7:481bce714567 15394 int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
wolfSSL 7:481bce714567 15395 int offset = 0;
wolfSSL 7:481bce714567 15396 word32 tmpSz = 0;
wolfSSL 7:481bce714567 15397 buffer* buf;
wolfSSL 7:481bce714567 15398 QSHKey* current = ssl->peerQSHKey;
wolfSSL 7:481bce714567 15399 QSHScheme* schmPre = NULL;
wolfSSL 7:481bce714567 15400 QSHScheme* schm = NULL;
wolfSSL 7:481bce714567 15401
wolfSSL 7:481bce714567 15402 if (ssl == NULL)
wolfSSL 7:481bce714567 15403 return -1;
wolfSSL 7:481bce714567 15404
wolfSSL 7:481bce714567 15405 WOLFSSL_MSG("Generating QSH secret key material");
wolfSSL 7:481bce714567 15406
wolfSSL 7:481bce714567 15407 /* get size of buffer needed */
wolfSSL 7:481bce714567 15408 while (current) {
wolfSSL 7:481bce714567 15409 if (current->pub.length != 0) {
wolfSSL 7:481bce714567 15410 sz += plainSz;
wolfSSL 7:481bce714567 15411 }
wolfSSL 7:481bce714567 15412 current = (QSHKey*)current->next;
wolfSSL 7:481bce714567 15413 }
wolfSSL 7:481bce714567 15414
wolfSSL 7:481bce714567 15415 /* allocate memory for buffer */
wolfSSL 7:481bce714567 15416 if (isServer) {
wolfSSL 7:481bce714567 15417 buf = ssl->QSH_secret->SerSi;
wolfSSL 7:481bce714567 15418 }
wolfSSL 7:481bce714567 15419 else {
wolfSSL 7:481bce714567 15420 buf = ssl->QSH_secret->CliSi;
wolfSSL 7:481bce714567 15421 }
wolfSSL 7:481bce714567 15422 buf->length = sz;
wolfSSL 7:481bce714567 15423 buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15424 if (buf->buffer == NULL) {
wolfSSL 7:481bce714567 15425 WOLFSSL_ERROR(MEMORY_E);
wolfSSL 7:481bce714567 15426 }
wolfSSL 7:481bce714567 15427
wolfSSL 7:481bce714567 15428 /* create secret information */
wolfSSL 7:481bce714567 15429 sz = 0;
wolfSSL 7:481bce714567 15430 current = ssl->peerQSHKey;
wolfSSL 7:481bce714567 15431 while (current) {
wolfSSL 7:481bce714567 15432 schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
wolfSSL 7:481bce714567 15433 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15434 if (schm == NULL)
wolfSSL 7:481bce714567 15435 return MEMORY_E;
wolfSSL 7:481bce714567 15436
wolfSSL 7:481bce714567 15437 /* initialize variables */
wolfSSL 7:481bce714567 15438 schm->name = 0;
wolfSSL 7:481bce714567 15439 schm->PK = NULL;
wolfSSL 7:481bce714567 15440 schm->PKLen = 0;
wolfSSL 7:481bce714567 15441 schm->next = NULL;
wolfSSL 7:481bce714567 15442 if (ssl->QSH_secret->list == NULL) {
wolfSSL 7:481bce714567 15443 ssl->QSH_secret->list = schm;
wolfSSL 7:481bce714567 15444 }
wolfSSL 7:481bce714567 15445 else {
wolfSSL 7:481bce714567 15446 if (schmPre)
wolfSSL 7:481bce714567 15447 schmPre->next = schm;
wolfSSL 7:481bce714567 15448 }
wolfSSL 7:481bce714567 15449
wolfSSL 7:481bce714567 15450 tmpSz = QSH_MaxSecret(current);
wolfSSL 7:481bce714567 15451
wolfSSL 7:481bce714567 15452 if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
wolfSSL 7:481bce714567 15453 DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 7:481bce714567 15454 return -1;
wolfSSL 7:481bce714567 15455
wolfSSL 7:481bce714567 15456 /* store info for writing extension */
wolfSSL 7:481bce714567 15457 schm->name = current->name;
wolfSSL 7:481bce714567 15458
wolfSSL 7:481bce714567 15459 /* no key to use for encryption */
wolfSSL 7:481bce714567 15460 if (tmpSz == 0) {
wolfSSL 7:481bce714567 15461 current = (QSHKey*)current->next;
wolfSSL 7:481bce714567 15462 continue;
wolfSSL 7:481bce714567 15463 }
wolfSSL 7:481bce714567 15464
wolfSSL 7:481bce714567 15465 if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
wolfSSL 7:481bce714567 15466 != 0) {
wolfSSL 7:481bce714567 15467 return -1;
wolfSSL 7:481bce714567 15468 }
wolfSSL 7:481bce714567 15469 if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
wolfSSL 7:481bce714567 15470 &tmpSz) != 0) {
wolfSSL 7:481bce714567 15471 return -1;
wolfSSL 7:481bce714567 15472 }
wolfSSL 7:481bce714567 15473 schm->PKLen = tmpSz;
wolfSSL 7:481bce714567 15474
wolfSSL 7:481bce714567 15475 sz += tmpSz;
wolfSSL 7:481bce714567 15476 offset += plainSz;
wolfSSL 7:481bce714567 15477 schmPre = schm;
wolfSSL 7:481bce714567 15478 current = (QSHKey*)current->next;
wolfSSL 7:481bce714567 15479 }
wolfSSL 7:481bce714567 15480
wolfSSL 7:481bce714567 15481 return sz;
wolfSSL 7:481bce714567 15482 }
wolfSSL 7:481bce714567 15483
wolfSSL 7:481bce714567 15484
wolfSSL 7:481bce714567 15485 static word32 QSH_KeyGetSize(WOLFSSL* ssl)
wolfSSL 7:481bce714567 15486 {
wolfSSL 7:481bce714567 15487 word32 sz = 0;
wolfSSL 7:481bce714567 15488 QSHKey* current = ssl->peerQSHKey;
wolfSSL 7:481bce714567 15489
wolfSSL 7:481bce714567 15490 if (ssl == NULL)
wolfSSL 7:481bce714567 15491 return -1;
wolfSSL 7:481bce714567 15492
wolfSSL 7:481bce714567 15493 sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
wolfSSL 7:481bce714567 15494 sz += OPAQUE24_LEN;
wolfSSL 7:481bce714567 15495 /* get size of buffer needed */
wolfSSL 7:481bce714567 15496 while (current) {
wolfSSL 7:481bce714567 15497 sz += OPAQUE16_LEN; /* scheme id */
wolfSSL 7:481bce714567 15498 sz += OPAQUE16_LEN; /* encrypted key len*/
wolfSSL 7:481bce714567 15499 sz += QSH_MaxSecret(current);
wolfSSL 7:481bce714567 15500 current = (QSHKey*)current->next;
wolfSSL 7:481bce714567 15501 }
wolfSSL 7:481bce714567 15502
wolfSSL 7:481bce714567 15503 return sz;
wolfSSL 7:481bce714567 15504 }
wolfSSL 7:481bce714567 15505
wolfSSL 7:481bce714567 15506
wolfSSL 7:481bce714567 15507 /* handle QSH key Exchange
wolfSSL 7:481bce714567 15508 return 0 on success
wolfSSL 7:481bce714567 15509 */
wolfSSL 7:481bce714567 15510 static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
wolfSSL 7:481bce714567 15511 {
wolfSSL 7:481bce714567 15512 int ret = 0;
wolfSSL 7:481bce714567 15513
wolfSSL 7:481bce714567 15514 WOLFSSL_ENTER("QSH KeyExchange");
wolfSSL 7:481bce714567 15515
wolfSSL 7:481bce714567 15516 ret = QSH_GenerateSerCliSecret(ssl, isServer);
wolfSSL 7:481bce714567 15517 if (ret < 0)
wolfSSL 7:481bce714567 15518 return MEMORY_E;
wolfSSL 7:481bce714567 15519
wolfSSL 7:481bce714567 15520 return 0;
wolfSSL 7:481bce714567 15521 }
wolfSSL 7:481bce714567 15522
wolfSSL 7:481bce714567 15523 #endif /* HAVE_QSH */
wolfSSL 7:481bce714567 15524
wolfSSL 7:481bce714567 15525
wolfSSL 7:481bce714567 15526 int SendClientKeyExchange(WOLFSSL* ssl)
wolfSSL 7:481bce714567 15527 {
wolfSSL 7:481bce714567 15528 int ret = 0;
wolfSSL 7:481bce714567 15529 int sendSz = 0;
wolfSSL 7:481bce714567 15530 word32 length_lcl = 0;
wolfSSL 7:481bce714567 15531 word32* length = &length_lcl;
wolfSSL 7:481bce714567 15532 byte* output = NULL;
wolfSSL 7:481bce714567 15533 byte* encSecret = NULL;
wolfSSL 7:481bce714567 15534 word32 encSz = 0;
wolfSSL 7:481bce714567 15535
wolfSSL 7:481bce714567 15536 (void)length;
wolfSSL 7:481bce714567 15537
wolfSSL 7:481bce714567 15538 WOLFSSL_ENTER("SendClientKeyExchange");
wolfSSL 7:481bce714567 15539
wolfSSL 7:481bce714567 15540 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 15541 /* use async pointer for length */
wolfSSL 7:481bce714567 15542 length = &ssl->async.length;
wolfSSL 7:481bce714567 15543
wolfSSL 7:481bce714567 15544 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 15545 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 15546 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 15547
wolfSSL 7:481bce714567 15548 /* Clear event */
wolfSSL 7:481bce714567 15549 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 15550
wolfSSL 7:481bce714567 15551 /* Check for error */
wolfSSL 7:481bce714567 15552 if (ret < 0) {
wolfSSL 7:481bce714567 15553 goto exit_scke;
wolfSSL 7:481bce714567 15554 }
wolfSSL 7:481bce714567 15555 else {
wolfSSL 7:481bce714567 15556 /* Restore variables needed for async */
wolfSSL 7:481bce714567 15557 output = ssl->async.output;
wolfSSL 7:481bce714567 15558 sendSz = ssl->async.sendSz;
wolfSSL 7:481bce714567 15559 encSecret = ssl->async.data;
wolfSSL 7:481bce714567 15560 encSz = ssl->async.sigSz;
wolfSSL 7:481bce714567 15561
wolfSSL 7:481bce714567 15562 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 15563 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 15564 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 15565 }
wolfSSL 7:481bce714567 15566 }
wolfSSL 7:481bce714567 15567 }
wolfSSL 7:481bce714567 15568 else
wolfSSL 7:481bce714567 15569 #endif
wolfSSL 7:481bce714567 15570 {
wolfSSL 7:481bce714567 15571 /* Reset state */
wolfSSL 7:481bce714567 15572 ret = 0;
wolfSSL 7:481bce714567 15573 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 15574 }
wolfSSL 7:481bce714567 15575
wolfSSL 7:481bce714567 15576 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 15577 {
wolfSSL 7:481bce714567 15578 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 15579 {
wolfSSL 7:481bce714567 15580 switch (ssl->specs.kea) {
wolfSSL 7:481bce714567 15581 #ifndef NO_RSA
wolfSSL 7:481bce714567 15582 case rsa_kea:
wolfSSL 7:481bce714567 15583 if (ssl->peerRsaKey == NULL ||
wolfSSL 7:481bce714567 15584 ssl->peerRsaKeyPresent == 0) {
wolfSSL 7:481bce714567 15585 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15586 }
wolfSSL 7:481bce714567 15587 break;
wolfSSL 7:481bce714567 15588 #endif
wolfSSL 7:481bce714567 15589 #ifndef NO_DH
wolfSSL 7:481bce714567 15590 case diffie_hellman_kea:
wolfSSL 7:481bce714567 15591 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 7:481bce714567 15592 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 7:481bce714567 15593 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 7:481bce714567 15594 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15595 }
wolfSSL 7:481bce714567 15596 break;
wolfSSL 7:481bce714567 15597 #endif /* NO_DH */
wolfSSL 7:481bce714567 15598 #ifndef NO_PSK
wolfSSL 7:481bce714567 15599 case psk_kea:
wolfSSL 7:481bce714567 15600 /* sanity check that PSK client callback has been set */
wolfSSL 7:481bce714567 15601 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 7:481bce714567 15602 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 7:481bce714567 15603 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15604 }
wolfSSL 7:481bce714567 15605 break;
wolfSSL 7:481bce714567 15606 #endif /* NO_PSK */
wolfSSL 7:481bce714567 15607 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15608 case dhe_psk_kea:
wolfSSL 7:481bce714567 15609 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 7:481bce714567 15610 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 7:481bce714567 15611 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 7:481bce714567 15612 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15613 }
wolfSSL 7:481bce714567 15614
wolfSSL 7:481bce714567 15615 /* sanity check that PSK client callback has been set */
wolfSSL 7:481bce714567 15616 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 7:481bce714567 15617 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 7:481bce714567 15618 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15619 }
wolfSSL 7:481bce714567 15620 break;
wolfSSL 7:481bce714567 15621 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 15622 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15623 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 15624 /* sanity check that PSK client callback has been set */
wolfSSL 7:481bce714567 15625 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 7:481bce714567 15626 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 7:481bce714567 15627 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15628 }
wolfSSL 7:481bce714567 15629
wolfSSL 7:481bce714567 15630 /* Check client ECC public key */
wolfSSL 7:481bce714567 15631 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 7:481bce714567 15632 !ssl->peerEccKey->dp) {
wolfSSL 7:481bce714567 15633 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15634 }
wolfSSL 7:481bce714567 15635
wolfSSL 7:481bce714567 15636 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 15637 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 15638 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 15639 break;
wolfSSL 7:481bce714567 15640 }
wolfSSL 7:481bce714567 15641 #endif
wolfSSL 7:481bce714567 15642
wolfSSL 7:481bce714567 15643 /* create private key */
wolfSSL 7:481bce714567 15644 ssl->sigKey = XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 15645 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15646 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 15647 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 15648 }
wolfSSL 7:481bce714567 15649 ssl->sigType = DYNAMIC_TYPE_ECC;
wolfSSL 7:481bce714567 15650
wolfSSL 7:481bce714567 15651 ret = wc_ecc_init_ex((ecc_key*)ssl->sigKey, ssl->heap,
wolfSSL 7:481bce714567 15652 ssl->devId);
wolfSSL 7:481bce714567 15653 if (ret != 0) {
wolfSSL 7:481bce714567 15654 goto exit_scke;
wolfSSL 7:481bce714567 15655 }
wolfSSL 7:481bce714567 15656 ret = EccMakeKey(ssl, (ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 15657 ssl->peerEccKey);
wolfSSL 7:481bce714567 15658 break;
wolfSSL 7:481bce714567 15659 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 15660 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15661 case ntru_kea:
wolfSSL 7:481bce714567 15662 if (ssl->peerNtruKeyPresent == 0) {
wolfSSL 7:481bce714567 15663 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15664 }
wolfSSL 7:481bce714567 15665 break;
wolfSSL 7:481bce714567 15666 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 15667 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 15668 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 15669 {
wolfSSL 7:481bce714567 15670 ecc_key* peerKey;
wolfSSL 7:481bce714567 15671
wolfSSL 7:481bce714567 15672 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 15673 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 15674 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 15675 break;
wolfSSL 7:481bce714567 15676 }
wolfSSL 7:481bce714567 15677 #endif
wolfSSL 7:481bce714567 15678
wolfSSL 7:481bce714567 15679 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 15680 /* TODO: EccDsa is really fixed Ecc change naming */
wolfSSL 7:481bce714567 15681 if (!ssl->peerEccDsaKey ||
wolfSSL 7:481bce714567 15682 !ssl->peerEccDsaKeyPresent ||
wolfSSL 7:481bce714567 15683 !ssl->peerEccDsaKey->dp) {
wolfSSL 7:481bce714567 15684 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15685 }
wolfSSL 7:481bce714567 15686 peerKey = ssl->peerEccDsaKey;
wolfSSL 7:481bce714567 15687 }
wolfSSL 7:481bce714567 15688 else {
wolfSSL 7:481bce714567 15689 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 7:481bce714567 15690 !ssl->peerEccKey->dp) {
wolfSSL 7:481bce714567 15691 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15692 }
wolfSSL 7:481bce714567 15693 peerKey = ssl->peerEccKey;
wolfSSL 7:481bce714567 15694 }
wolfSSL 7:481bce714567 15695 if (peerKey == NULL) {
wolfSSL 7:481bce714567 15696 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 7:481bce714567 15697 }
wolfSSL 7:481bce714567 15698
wolfSSL 7:481bce714567 15699 /* create private key */
wolfSSL 7:481bce714567 15700 ssl->sigKey = XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 15701 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 15702 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 15703 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 15704 }
wolfSSL 7:481bce714567 15705 ssl->sigType = DYNAMIC_TYPE_ECC;
wolfSSL 7:481bce714567 15706
wolfSSL 7:481bce714567 15707 ret = wc_ecc_init_ex((ecc_key*)ssl->sigKey, ssl->heap,
wolfSSL 7:481bce714567 15708 ssl->devId);
wolfSSL 7:481bce714567 15709 if (ret != 0) {
wolfSSL 7:481bce714567 15710 goto exit_scke;
wolfSSL 7:481bce714567 15711 }
wolfSSL 7:481bce714567 15712 ret = EccMakeKey(ssl, (ecc_key*)ssl->sigKey, peerKey);
wolfSSL 7:481bce714567 15713 break;
wolfSSL 7:481bce714567 15714 }
wolfSSL 7:481bce714567 15715 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 15716
wolfSSL 7:481bce714567 15717 default:
wolfSSL 7:481bce714567 15718 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 15719 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 15720
wolfSSL 7:481bce714567 15721 /* Check for error */
wolfSSL 7:481bce714567 15722 if (ret != 0) {
wolfSSL 7:481bce714567 15723 goto exit_scke;
wolfSSL 7:481bce714567 15724 }
wolfSSL 7:481bce714567 15725
wolfSSL 7:481bce714567 15726 /* Advance state and proceed */
wolfSSL 7:481bce714567 15727 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 15728 } /* case KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 15729
wolfSSL 7:481bce714567 15730 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 15731 {
wolfSSL 7:481bce714567 15732 encSz = MAX_ENCRYPT_SZ;
wolfSSL 7:481bce714567 15733 encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, ssl->heap,
wolfSSL 7:481bce714567 15734 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15735 if (encSecret == NULL) {
wolfSSL 7:481bce714567 15736 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 15737 }
wolfSSL 7:481bce714567 15738
wolfSSL 7:481bce714567 15739 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 15740 {
wolfSSL 7:481bce714567 15741 #ifndef NO_RSA
wolfSSL 7:481bce714567 15742 case rsa_kea:
wolfSSL 7:481bce714567 15743 {
wolfSSL 7:481bce714567 15744 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 7:481bce714567 15745 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 15746 if (ret != 0) {
wolfSSL 7:481bce714567 15747 goto exit_scke;
wolfSSL 7:481bce714567 15748 }
wolfSSL 7:481bce714567 15749
wolfSSL 7:481bce714567 15750 ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL 7:481bce714567 15751 ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL 7:481bce714567 15752 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 7:481bce714567 15753 break;
wolfSSL 7:481bce714567 15754 }
wolfSSL 7:481bce714567 15755 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 15756 #ifndef NO_DH
wolfSSL 7:481bce714567 15757 case diffie_hellman_kea:
wolfSSL 7:481bce714567 15758 {
wolfSSL 7:481bce714567 15759 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 7:481bce714567 15760 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 7:481bce714567 15761 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15762 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 15763 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 15764 }
wolfSSL 7:481bce714567 15765 break;
wolfSSL 7:481bce714567 15766 }
wolfSSL 7:481bce714567 15767 #endif /* !NO_DH */
wolfSSL 7:481bce714567 15768 #ifndef NO_PSK
wolfSSL 7:481bce714567 15769 case psk_kea:
wolfSSL 7:481bce714567 15770 {
wolfSSL 7:481bce714567 15771 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 15772 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 7:481bce714567 15773 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 7:481bce714567 15774 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 15775 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 15776 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 15777 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15778 }
wolfSSL 7:481bce714567 15779 encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 7:481bce714567 15780 if (encSz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 15781 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 7:481bce714567 15782 }
wolfSSL 7:481bce714567 15783 XMEMCPY(encSecret,
wolfSSL 7:481bce714567 15784 ssl->arrays->client_identity, encSz);
wolfSSL 7:481bce714567 15785
wolfSSL 7:481bce714567 15786 /* make psk pre master secret */
wolfSSL 7:481bce714567 15787 /* length of key + length 0s + length of key + key */
wolfSSL 7:481bce714567 15788 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 15789 pms += 2;
wolfSSL 7:481bce714567 15790 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 15791 pms += ssl->arrays->psk_keySz;
wolfSSL 7:481bce714567 15792 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 15793 pms += 2;
wolfSSL 7:481bce714567 15794 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 15795 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL 7:481bce714567 15796 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 15797 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 7:481bce714567 15798 break;
wolfSSL 7:481bce714567 15799 }
wolfSSL 7:481bce714567 15800 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 15801 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15802 case dhe_psk_kea:
wolfSSL 7:481bce714567 15803 {
wolfSSL 7:481bce714567 15804 word32 esSz = 0;
wolfSSL 7:481bce714567 15805 output = encSecret;
wolfSSL 7:481bce714567 15806
wolfSSL 7:481bce714567 15807 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 7:481bce714567 15808 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 7:481bce714567 15809 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 15810 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 15811 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 15812 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15813 }
wolfSSL 7:481bce714567 15814 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 7:481bce714567 15815
wolfSSL 7:481bce714567 15816 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 15817 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 7:481bce714567 15818 }
wolfSSL 7:481bce714567 15819
wolfSSL 7:481bce714567 15820 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 7:481bce714567 15821 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 7:481bce714567 15822 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 15823 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 15824 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 15825 }
wolfSSL 7:481bce714567 15826
wolfSSL 7:481bce714567 15827 c16toa((word16)esSz, output);
wolfSSL 7:481bce714567 15828 output += OPAQUE16_LEN;
wolfSSL 7:481bce714567 15829 XMEMCPY(output, ssl->arrays->client_identity, esSz);
wolfSSL 7:481bce714567 15830 output += esSz;
wolfSSL 7:481bce714567 15831 encSz = esSz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 15832
wolfSSL 7:481bce714567 15833 *length = 0;
wolfSSL 7:481bce714567 15834 break;
wolfSSL 7:481bce714567 15835 }
wolfSSL 7:481bce714567 15836 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 15837 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15838 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 15839 {
wolfSSL 7:481bce714567 15840 word32 esSz = 0;
wolfSSL 7:481bce714567 15841 output = encSecret;
wolfSSL 7:481bce714567 15842
wolfSSL 7:481bce714567 15843 /* Send PSK client identity */
wolfSSL 7:481bce714567 15844 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 7:481bce714567 15845 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 7:481bce714567 15846 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 15847 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 15848 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 15849 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 7:481bce714567 15850 }
wolfSSL 7:481bce714567 15851
wolfSSL 7:481bce714567 15852 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 7:481bce714567 15853 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 15854 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 7:481bce714567 15855 }
wolfSSL 7:481bce714567 15856
wolfSSL 7:481bce714567 15857 /* place size and identity in output buffer sz:identity */
wolfSSL 7:481bce714567 15858 c16toa((word16)esSz, output);
wolfSSL 7:481bce714567 15859 output += OPAQUE16_LEN;
wolfSSL 7:481bce714567 15860 XMEMCPY(output, ssl->arrays->client_identity, esSz);
wolfSSL 7:481bce714567 15861 output += esSz;
wolfSSL 7:481bce714567 15862 encSz = esSz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 15863
wolfSSL 7:481bce714567 15864 /* length is used for public key size */
wolfSSL 7:481bce714567 15865 *length = MAX_ENCRYPT_SZ;
wolfSSL 7:481bce714567 15866
wolfSSL 7:481bce714567 15867 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 15868 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 15869 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 15870 break;
wolfSSL 7:481bce714567 15871 }
wolfSSL 7:481bce714567 15872 #endif
wolfSSL 7:481bce714567 15873
wolfSSL 7:481bce714567 15874 /* Place ECC key in buffer, leaving room for size */
wolfSSL 7:481bce714567 15875 ret = wc_ecc_export_x963((ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 15876 output + OPAQUE8_LEN, length);
wolfSSL 7:481bce714567 15877 if (ret != 0) {
wolfSSL 7:481bce714567 15878 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 7:481bce714567 15879 }
wolfSSL 7:481bce714567 15880 break;
wolfSSL 7:481bce714567 15881 }
wolfSSL 7:481bce714567 15882 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 15883 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 15884 case ntru_kea:
wolfSSL 7:481bce714567 15885 {
wolfSSL 7:481bce714567 15886 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 7:481bce714567 15887 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 15888 if (ret != 0) {
wolfSSL 7:481bce714567 15889 goto exit_scke;
wolfSSL 7:481bce714567 15890 }
wolfSSL 7:481bce714567 15891
wolfSSL 7:481bce714567 15892 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 7:481bce714567 15893 encSz = MAX_ENCRYPT_SZ;
wolfSSL 7:481bce714567 15894 break;
wolfSSL 7:481bce714567 15895 }
wolfSSL 7:481bce714567 15896 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 15897 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 15898 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 15899 {
wolfSSL 7:481bce714567 15900 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 15901 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 15902 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 15903 break;
wolfSSL 7:481bce714567 15904 }
wolfSSL 7:481bce714567 15905 #endif
wolfSSL 7:481bce714567 15906
wolfSSL 7:481bce714567 15907 /* Place ECC key in buffer, leaving room for size */
wolfSSL 7:481bce714567 15908 ret = wc_ecc_export_x963((ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 15909 encSecret + OPAQUE8_LEN, &encSz);
wolfSSL 7:481bce714567 15910 if (ret != 0) {
wolfSSL 7:481bce714567 15911 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 7:481bce714567 15912 }
wolfSSL 7:481bce714567 15913 break;
wolfSSL 7:481bce714567 15914 }
wolfSSL 7:481bce714567 15915 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 15916
wolfSSL 7:481bce714567 15917 default:
wolfSSL 7:481bce714567 15918 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 15919 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 15920
wolfSSL 7:481bce714567 15921 /* Check for error */
wolfSSL 7:481bce714567 15922 if (ret != 0) {
wolfSSL 7:481bce714567 15923 goto exit_scke;
wolfSSL 7:481bce714567 15924 }
wolfSSL 7:481bce714567 15925
wolfSSL 7:481bce714567 15926 /* Advance state and proceed */
wolfSSL 7:481bce714567 15927 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 15928 } /* case KEYSHARE_BUILD */
wolfSSL 7:481bce714567 15929
wolfSSL 7:481bce714567 15930 case KEYSHARE_DO:
wolfSSL 7:481bce714567 15931 {
wolfSSL 7:481bce714567 15932 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 15933 {
wolfSSL 7:481bce714567 15934 #ifndef NO_RSA
wolfSSL 7:481bce714567 15935 case rsa_kea:
wolfSSL 7:481bce714567 15936 {
wolfSSL 7:481bce714567 15937 ret = RsaEnc(ssl,
wolfSSL 7:481bce714567 15938 ssl->arrays->preMasterSecret, SECRET_LEN,
wolfSSL 7:481bce714567 15939 encSecret, &encSz,
wolfSSL 7:481bce714567 15940 ssl->peerRsaKey,
wolfSSL 7:481bce714567 15941 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 15942 ssl->buffers.peerRsaKey.buffer,
wolfSSL 7:481bce714567 15943 ssl->buffers.peerRsaKey.length,
wolfSSL 7:481bce714567 15944 ssl->RsaEncCtx
wolfSSL 7:481bce714567 15945 #else
wolfSSL 7:481bce714567 15946 NULL, 0, NULL
wolfSSL 7:481bce714567 15947 #endif
wolfSSL 7:481bce714567 15948 );
wolfSSL 7:481bce714567 15949 break;
wolfSSL 7:481bce714567 15950 }
wolfSSL 7:481bce714567 15951 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 15952 #ifndef NO_DH
wolfSSL 7:481bce714567 15953 case diffie_hellman_kea:
wolfSSL 7:481bce714567 15954 {
wolfSSL 7:481bce714567 15955 ret = DhAgree(ssl,
wolfSSL 7:481bce714567 15956 ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 15957 ssl->buffers.serverDH_P.length,
wolfSSL 7:481bce714567 15958 ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 15959 ssl->buffers.serverDH_G.length,
wolfSSL 7:481bce714567 15960 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 7:481bce714567 15961 encSecret, &encSz,
wolfSSL 7:481bce714567 15962 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 7:481bce714567 15963 ssl->buffers.serverDH_Pub.length,
wolfSSL 7:481bce714567 15964 ssl->arrays->preMasterSecret,
wolfSSL 7:481bce714567 15965 &ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 15966 break;
wolfSSL 7:481bce714567 15967 }
wolfSSL 7:481bce714567 15968 #endif /* !NO_DH */
wolfSSL 7:481bce714567 15969 #ifndef NO_PSK
wolfSSL 7:481bce714567 15970 case psk_kea:
wolfSSL 7:481bce714567 15971 {
wolfSSL 7:481bce714567 15972 break;
wolfSSL 7:481bce714567 15973 }
wolfSSL 7:481bce714567 15974 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 15975 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15976 case dhe_psk_kea:
wolfSSL 7:481bce714567 15977 {
wolfSSL 7:481bce714567 15978 ret = DhAgree(ssl,
wolfSSL 7:481bce714567 15979 ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 15980 ssl->buffers.serverDH_P.length,
wolfSSL 7:481bce714567 15981 ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 15982 ssl->buffers.serverDH_G.length,
wolfSSL 7:481bce714567 15983 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 7:481bce714567 15984 output + OPAQUE16_LEN, length,
wolfSSL 7:481bce714567 15985 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 7:481bce714567 15986 ssl->buffers.serverDH_Pub.length,
wolfSSL 7:481bce714567 15987 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 7:481bce714567 15988 &ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 15989 break;
wolfSSL 7:481bce714567 15990 }
wolfSSL 7:481bce714567 15991 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 15992 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 15993 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 15994 {
wolfSSL 7:481bce714567 15995 /* Create shared ECC key leaving room at the begining
wolfSSL 7:481bce714567 15996 of buffer for size of shared key. */
wolfSSL 7:481bce714567 15997 ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 7:481bce714567 15998
wolfSSL 7:481bce714567 15999 ret = EccSharedSecret(ssl,
wolfSSL 7:481bce714567 16000 (ecc_key*)ssl->sigKey, ssl->peerEccKey,
wolfSSL 7:481bce714567 16001 output + OPAQUE8_LEN, length,
wolfSSL 7:481bce714567 16002 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 7:481bce714567 16003 &ssl->arrays->preMasterSz,
wolfSSL 7:481bce714567 16004 WOLFSSL_CLIENT_END,
wolfSSL 7:481bce714567 16005 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 16006 ssl->EccSharedSecretCtx
wolfSSL 7:481bce714567 16007 #else
wolfSSL 7:481bce714567 16008 NULL
wolfSSL 7:481bce714567 16009 #endif
wolfSSL 7:481bce714567 16010 );
wolfSSL 7:481bce714567 16011 break;
wolfSSL 7:481bce714567 16012 }
wolfSSL 7:481bce714567 16013 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 16014 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 16015 case ntru_kea:
wolfSSL 7:481bce714567 16016 {
wolfSSL 7:481bce714567 16017 word32 rc;
wolfSSL 7:481bce714567 16018 DRBG_HANDLE drbg;
wolfSSL 7:481bce714567 16019
wolfSSL 7:481bce714567 16020 rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 7:481bce714567 16021 if (rc != DRBG_OK) {
wolfSSL 7:481bce714567 16022 ERROR_OUT(NTRU_DRBG_ERROR, exit_scke);
wolfSSL 7:481bce714567 16023 }
wolfSSL 7:481bce714567 16024 rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL 7:481bce714567 16025 ssl->peerNtruKey,
wolfSSL 7:481bce714567 16026 ssl->arrays->preMasterSz,
wolfSSL 7:481bce714567 16027 ssl->arrays->preMasterSecret,
wolfSSL 7:481bce714567 16028 (word16*)&encSz,
wolfSSL 7:481bce714567 16029 encSecret);
wolfSSL 7:481bce714567 16030 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 7:481bce714567 16031 if (rc != NTRU_OK) {
wolfSSL 7:481bce714567 16032 ERROR_OUT(NTRU_ENCRYPT_ERROR, exit_scke);
wolfSSL 7:481bce714567 16033 }
wolfSSL 7:481bce714567 16034 ret = 0;
wolfSSL 7:481bce714567 16035 break;
wolfSSL 7:481bce714567 16036 }
wolfSSL 7:481bce714567 16037 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 16038 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 16039 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 16040 {
wolfSSL 7:481bce714567 16041 ecc_key* peerKey = (ssl->specs.static_ecdh) ?
wolfSSL 7:481bce714567 16042 ssl->peerEccDsaKey : ssl->peerEccKey;
wolfSSL 7:481bce714567 16043
wolfSSL 7:481bce714567 16044 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 7:481bce714567 16045
wolfSSL 7:481bce714567 16046 ret = EccSharedSecret(ssl,
wolfSSL 7:481bce714567 16047 (ecc_key*)ssl->sigKey, peerKey,
wolfSSL 7:481bce714567 16048 encSecret + OPAQUE8_LEN, &encSz,
wolfSSL 7:481bce714567 16049 ssl->arrays->preMasterSecret,
wolfSSL 7:481bce714567 16050 &ssl->arrays->preMasterSz,
wolfSSL 7:481bce714567 16051 WOLFSSL_CLIENT_END,
wolfSSL 7:481bce714567 16052 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 16053 ssl->EccSharedSecretCtx
wolfSSL 7:481bce714567 16054 #else
wolfSSL 7:481bce714567 16055 NULL
wolfSSL 7:481bce714567 16056 #endif
wolfSSL 7:481bce714567 16057 );
wolfSSL 7:481bce714567 16058 break;
wolfSSL 7:481bce714567 16059 }
wolfSSL 7:481bce714567 16060 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 16061
wolfSSL 7:481bce714567 16062 default:
wolfSSL 7:481bce714567 16063 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 16064 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 16065
wolfSSL 7:481bce714567 16066 /* Check for error */
wolfSSL 7:481bce714567 16067 if (ret != 0) {
wolfSSL 7:481bce714567 16068 goto exit_scke;
wolfSSL 7:481bce714567 16069 }
wolfSSL 7:481bce714567 16070
wolfSSL 7:481bce714567 16071 /* Advance state and proceed */
wolfSSL 7:481bce714567 16072 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 16073 } /* case KEYSHARE_DO */
wolfSSL 7:481bce714567 16074
wolfSSL 7:481bce714567 16075 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 16076 {
wolfSSL 7:481bce714567 16077 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 16078 {
wolfSSL 7:481bce714567 16079 #ifndef NO_RSA
wolfSSL 7:481bce714567 16080 case rsa_kea:
wolfSSL 7:481bce714567 16081 {
wolfSSL 7:481bce714567 16082 break;
wolfSSL 7:481bce714567 16083 }
wolfSSL 7:481bce714567 16084 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 16085 #ifndef NO_DH
wolfSSL 7:481bce714567 16086 case diffie_hellman_kea:
wolfSSL 7:481bce714567 16087 {
wolfSSL 7:481bce714567 16088 break;
wolfSSL 7:481bce714567 16089 }
wolfSSL 7:481bce714567 16090 #endif /* !NO_DH */
wolfSSL 7:481bce714567 16091 #ifndef NO_PSK
wolfSSL 7:481bce714567 16092 case psk_kea:
wolfSSL 7:481bce714567 16093 {
wolfSSL 7:481bce714567 16094 break;
wolfSSL 7:481bce714567 16095 }
wolfSSL 7:481bce714567 16096 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 16097 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 16098 case dhe_psk_kea:
wolfSSL 7:481bce714567 16099 {
wolfSSL 7:481bce714567 16100 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 16101
wolfSSL 7:481bce714567 16102 /* validate args */
wolfSSL 7:481bce714567 16103 if (output == NULL || *length == 0) {
wolfSSL 7:481bce714567 16104 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 7:481bce714567 16105 }
wolfSSL 7:481bce714567 16106
wolfSSL 7:481bce714567 16107 c16toa((word16)*length, output);
wolfSSL 7:481bce714567 16108 encSz += *length + OPAQUE16_LEN;
wolfSSL 7:481bce714567 16109 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 7:481bce714567 16110 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16111 pms += ssl->arrays->preMasterSz;
wolfSSL 7:481bce714567 16112
wolfSSL 7:481bce714567 16113 /* make psk pre master secret */
wolfSSL 7:481bce714567 16114 /* length of key + length 0s + length of key + key */
wolfSSL 7:481bce714567 16115 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 16116 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16117 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 16118 ssl->arrays->preMasterSz +=
wolfSSL 7:481bce714567 16119 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 16120 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 16121 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 7:481bce714567 16122 break;
wolfSSL 7:481bce714567 16123 }
wolfSSL 7:481bce714567 16124 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 16125 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 16126 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 16127 {
wolfSSL 7:481bce714567 16128 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 16129
wolfSSL 7:481bce714567 16130 /* validate args */
wolfSSL 7:481bce714567 16131 if (output == NULL || *length > ENCRYPT_LEN) {
wolfSSL 7:481bce714567 16132 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 7:481bce714567 16133 }
wolfSSL 7:481bce714567 16134
wolfSSL 7:481bce714567 16135 /* place size of public key in output buffer */
wolfSSL 7:481bce714567 16136 *output = (byte)*length;
wolfSSL 7:481bce714567 16137 encSz += *length + OPAQUE8_LEN;
wolfSSL 7:481bce714567 16138
wolfSSL 7:481bce714567 16139 /* Create pre master secret is the concatination of
wolfSSL 7:481bce714567 16140 eccSize + eccSharedKey + pskSize + pskKey */
wolfSSL 7:481bce714567 16141 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 7:481bce714567 16142 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16143 pms += ssl->arrays->preMasterSz;
wolfSSL 7:481bce714567 16144
wolfSSL 7:481bce714567 16145 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 16146 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16147 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 16148 ssl->arrays->preMasterSz +=
wolfSSL 7:481bce714567 16149 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 16150
wolfSSL 7:481bce714567 16151 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 16152 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 7:481bce714567 16153 break;
wolfSSL 7:481bce714567 16154 }
wolfSSL 7:481bce714567 16155 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 16156 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 16157 case ntru_kea:
wolfSSL 7:481bce714567 16158 {
wolfSSL 7:481bce714567 16159 break;
wolfSSL 7:481bce714567 16160 }
wolfSSL 7:481bce714567 16161 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 16162 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 16163 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 16164 {
wolfSSL 7:481bce714567 16165 /* place size of public key in buffer */
wolfSSL 7:481bce714567 16166 *encSecret = (byte)encSz;
wolfSSL 7:481bce714567 16167 encSz += OPAQUE8_LEN;
wolfSSL 7:481bce714567 16168 break;
wolfSSL 7:481bce714567 16169 }
wolfSSL 7:481bce714567 16170 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 16171
wolfSSL 7:481bce714567 16172 default:
wolfSSL 7:481bce714567 16173 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 16174 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 16175
wolfSSL 7:481bce714567 16176 /* Check for error */
wolfSSL 7:481bce714567 16177 if (ret != 0) {
wolfSSL 7:481bce714567 16178 goto exit_scke;
wolfSSL 7:481bce714567 16179 }
wolfSSL 7:481bce714567 16180
wolfSSL 7:481bce714567 16181 /* Advance state and proceed */
wolfSSL 7:481bce714567 16182 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 16183 } /* case KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 16184
wolfSSL 7:481bce714567 16185 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 16186 {
wolfSSL 7:481bce714567 16187 word32 tlsSz = 0;
wolfSSL 7:481bce714567 16188 word32 idx = 0;
wolfSSL 7:481bce714567 16189
wolfSSL 7:481bce714567 16190 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 16191 word32 qshSz = 0;
wolfSSL 7:481bce714567 16192 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 16193 qshSz = QSH_KeyGetSize(ssl);
wolfSSL 7:481bce714567 16194 }
wolfSSL 7:481bce714567 16195 #endif
wolfSSL 7:481bce714567 16196
wolfSSL 7:481bce714567 16197 if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) {
wolfSSL 7:481bce714567 16198 tlsSz = 2;
wolfSSL 7:481bce714567 16199 }
wolfSSL 7:481bce714567 16200
wolfSSL 7:481bce714567 16201 if (ssl->specs.kea == ecc_diffie_hellman_kea ||
wolfSSL 7:481bce714567 16202 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 7:481bce714567 16203 ssl->specs.kea == ecdhe_psk_kea) { /* always off */
wolfSSL 7:481bce714567 16204 tlsSz = 0;
wolfSSL 7:481bce714567 16205 }
wolfSSL 7:481bce714567 16206
wolfSSL 7:481bce714567 16207 idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 16208 sendSz = encSz + tlsSz + idx;
wolfSSL 7:481bce714567 16209
wolfSSL 7:481bce714567 16210 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16211 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 16212 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 16213 sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 7:481bce714567 16214 }
wolfSSL 7:481bce714567 16215 #endif
wolfSSL 7:481bce714567 16216
wolfSSL 7:481bce714567 16217 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 16218 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 16219 }
wolfSSL 7:481bce714567 16220
wolfSSL 7:481bce714567 16221 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 16222 encSz += qshSz;
wolfSSL 7:481bce714567 16223 sendSz += qshSz;
wolfSSL 7:481bce714567 16224 #endif
wolfSSL 7:481bce714567 16225
wolfSSL 7:481bce714567 16226 /* check for available size */
wolfSSL 7:481bce714567 16227 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 16228 goto exit_scke;
wolfSSL 7:481bce714567 16229 }
wolfSSL 7:481bce714567 16230
wolfSSL 7:481bce714567 16231 /* get output buffer */
wolfSSL 7:481bce714567 16232 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 16233 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 16234
wolfSSL 7:481bce714567 16235 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 16236 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 16237 byte idxSave = idx;
wolfSSL 7:481bce714567 16238 idx = sendSz - qshSz;
wolfSSL 7:481bce714567 16239
wolfSSL 7:481bce714567 16240 if (QSH_KeyExchangeWrite(ssl, 0) != 0) {
wolfSSL 7:481bce714567 16241 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 16242 }
wolfSSL 7:481bce714567 16243
wolfSSL 7:481bce714567 16244 /* extension type */
wolfSSL 7:481bce714567 16245 c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL 7:481bce714567 16246 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16247
wolfSSL 7:481bce714567 16248 /* write to output and check amount written */
wolfSSL 7:481bce714567 16249 if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL 7:481bce714567 16250 > qshSz - OPAQUE16_LEN) {
wolfSSL 7:481bce714567 16251 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 16252 }
wolfSSL 7:481bce714567 16253
wolfSSL 7:481bce714567 16254 idx = idxSave;
wolfSSL 7:481bce714567 16255 }
wolfSSL 7:481bce714567 16256 #endif
wolfSSL 7:481bce714567 16257
wolfSSL 7:481bce714567 16258 AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
wolfSSL 7:481bce714567 16259
wolfSSL 7:481bce714567 16260 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 16261 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 16262 encSz -= qshSz;
wolfSSL 7:481bce714567 16263 }
wolfSSL 7:481bce714567 16264 #endif
wolfSSL 7:481bce714567 16265 if (tlsSz) {
wolfSSL 7:481bce714567 16266 c16toa((word16)encSz, &output[idx]);
wolfSSL 7:481bce714567 16267 idx += 2;
wolfSSL 7:481bce714567 16268 }
wolfSSL 7:481bce714567 16269 XMEMCPY(output + idx, encSecret, encSz);
wolfSSL 7:481bce714567 16270 idx += encSz;
wolfSSL 7:481bce714567 16271
wolfSSL 7:481bce714567 16272 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 16273 byte* input;
wolfSSL 7:481bce714567 16274 int inputSz = idx-RECORD_HEADER_SZ; /* buildmsg adds rechdr */
wolfSSL 7:481bce714567 16275
wolfSSL 7:481bce714567 16276 input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL 7:481bce714567 16277 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16278 if (input == NULL) {
wolfSSL 7:481bce714567 16279 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 7:481bce714567 16280 }
wolfSSL 7:481bce714567 16281
wolfSSL 7:481bce714567 16282 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 7:481bce714567 16283 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 7:481bce714567 16284 handshake, 1, 0);
wolfSSL 7:481bce714567 16285 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16286 if (sendSz < 0) {
wolfSSL 7:481bce714567 16287 ERROR_OUT(sendSz, exit_scke);
wolfSSL 7:481bce714567 16288 }
wolfSSL 7:481bce714567 16289 }
wolfSSL 7:481bce714567 16290 else {
wolfSSL 7:481bce714567 16291 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16292 if (ssl->options.dtls)
wolfSSL 7:481bce714567 16293 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 16294 #endif
wolfSSL 7:481bce714567 16295 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 16296 if (ret != 0) {
wolfSSL 7:481bce714567 16297 goto exit_scke;
wolfSSL 7:481bce714567 16298 }
wolfSSL 7:481bce714567 16299 }
wolfSSL 7:481bce714567 16300
wolfSSL 7:481bce714567 16301 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16302 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 16303 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL 7:481bce714567 16304 goto exit_scke;
wolfSSL 7:481bce714567 16305 }
wolfSSL 7:481bce714567 16306 }
wolfSSL 7:481bce714567 16307 #endif
wolfSSL 7:481bce714567 16308
wolfSSL 7:481bce714567 16309 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 16310 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 16311 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 16312 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 16313 AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
wolfSSL 7:481bce714567 16314 output, sendSz, ssl->heap);
wolfSSL 7:481bce714567 16315 #endif
wolfSSL 7:481bce714567 16316
wolfSSL 7:481bce714567 16317 /* Check for error */
wolfSSL 7:481bce714567 16318 if (ret != 0) {
wolfSSL 7:481bce714567 16319 goto exit_scke;
wolfSSL 7:481bce714567 16320 }
wolfSSL 7:481bce714567 16321
wolfSSL 7:481bce714567 16322 /* Advance state and proceed */
wolfSSL 7:481bce714567 16323 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 16324 } /* case KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 16325
wolfSSL 7:481bce714567 16326 case KEYSHARE_END:
wolfSSL 7:481bce714567 16327 {
wolfSSL 7:481bce714567 16328 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 16329
wolfSSL 7:481bce714567 16330 if (!ssl->options.groupMessages) {
wolfSSL 7:481bce714567 16331 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 16332 }
wolfSSL 7:481bce714567 16333 if (ret == 0 || ret == WANT_WRITE) {
wolfSSL 7:481bce714567 16334 int tmpRet = MakeMasterSecret(ssl);
wolfSSL 7:481bce714567 16335 if (tmpRet != 0) {
wolfSSL 7:481bce714567 16336 ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL 7:481bce714567 16337 }
wolfSSL 7:481bce714567 16338 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 16339 }
wolfSSL 7:481bce714567 16340 break;
wolfSSL 7:481bce714567 16341 }
wolfSSL 7:481bce714567 16342 default:
wolfSSL 7:481bce714567 16343 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 16344 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 16345
wolfSSL 7:481bce714567 16346 exit_scke:
wolfSSL 7:481bce714567 16347
wolfSSL 7:481bce714567 16348 WOLFSSL_LEAVE("SendClientKeyExchange", ret);
wolfSSL 7:481bce714567 16349
wolfSSL 7:481bce714567 16350 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 16351
wolfSSL 7:481bce714567 16352
wolfSSL 7:481bce714567 16353 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 16354 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 16355 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 16356 /* Store variables needed for async */
wolfSSL 7:481bce714567 16357 length_lcl = ssl->async.length;
wolfSSL 7:481bce714567 16358 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 16359 ssl->async.output = output;
wolfSSL 7:481bce714567 16360 ssl->async.sendSz = sendSz;
wolfSSL 7:481bce714567 16361 ssl->async.data = encSecret;
wolfSSL 7:481bce714567 16362 ssl->async.sigSz = encSz;
wolfSSL 7:481bce714567 16363 ssl->async.length = length_lcl;
wolfSSL 7:481bce714567 16364
wolfSSL 7:481bce714567 16365 /* Push event to queue */
wolfSSL 7:481bce714567 16366 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 16367 if (ret == 0) {
wolfSSL 7:481bce714567 16368 return WC_PENDING_E;
wolfSSL 7:481bce714567 16369 }
wolfSSL 7:481bce714567 16370 }
wolfSSL 7:481bce714567 16371 #endif
wolfSSL 7:481bce714567 16372
wolfSSL 7:481bce714567 16373 /* No further need for PMS */
wolfSSL 7:481bce714567 16374 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 16375 ssl->arrays->preMasterSz = 0;
wolfSSL 7:481bce714567 16376
wolfSSL 7:481bce714567 16377 if (encSecret) {
wolfSSL 7:481bce714567 16378 XFREE(encSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16379 encSecret = NULL;
wolfSSL 7:481bce714567 16380 }
wolfSSL 7:481bce714567 16381
wolfSSL 7:481bce714567 16382 /* Final cleanup */
wolfSSL 7:481bce714567 16383 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 16384
wolfSSL 7:481bce714567 16385 return ret;
wolfSSL 7:481bce714567 16386 }
wolfSSL 7:481bce714567 16387
wolfSSL 7:481bce714567 16388
wolfSSL 7:481bce714567 16389 #ifndef NO_CERTS
wolfSSL 7:481bce714567 16390
wolfSSL 7:481bce714567 16391 int SendCertificateVerify(WOLFSSL* ssl)
wolfSSL 7:481bce714567 16392 {
wolfSSL 7:481bce714567 16393 byte* output = NULL;
wolfSSL 7:481bce714567 16394 int sendSz = 0, length = 0, ret;
wolfSSL 7:481bce714567 16395 byte* verify = NULL;
wolfSSL 7:481bce714567 16396 word32 idx = 0;
wolfSSL 7:481bce714567 16397 word32 extraSz = 0;
wolfSSL 7:481bce714567 16398 #ifndef NO_RSA
wolfSSL 7:481bce714567 16399 byte* verifySig = NULL;
wolfSSL 7:481bce714567 16400 #endif
wolfSSL 7:481bce714567 16401
wolfSSL 7:481bce714567 16402 WOLFSSL_ENTER("SendCertificateVerify");
wolfSSL 7:481bce714567 16403
wolfSSL 7:481bce714567 16404 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 16405 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 16406 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 16407 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 16408
wolfSSL 7:481bce714567 16409 /* Clear event */
wolfSSL 7:481bce714567 16410 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 16411
wolfSSL 7:481bce714567 16412 /* Check for error */
wolfSSL 7:481bce714567 16413 if (ret < 0) {
wolfSSL 7:481bce714567 16414 goto exit_scv;
wolfSSL 7:481bce714567 16415 }
wolfSSL 7:481bce714567 16416 else {
wolfSSL 7:481bce714567 16417 /* Restore variables needed for async */
wolfSSL 7:481bce714567 16418 output = ssl->async.output;
wolfSSL 7:481bce714567 16419 sendSz = ssl->async.sendSz;
wolfSSL 7:481bce714567 16420 extraSz = ssl->async.sigSz;
wolfSSL 7:481bce714567 16421 length = ssl->async.length;
wolfSSL 7:481bce714567 16422 idx = ssl->async.idx;
wolfSSL 7:481bce714567 16423 #ifndef NO_RSA
wolfSSL 7:481bce714567 16424 verifySig = ssl->async.data;
wolfSSL 7:481bce714567 16425 #endif
wolfSSL 7:481bce714567 16426
wolfSSL 7:481bce714567 16427 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 16428 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 16429 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 16430 }
wolfSSL 7:481bce714567 16431 }
wolfSSL 7:481bce714567 16432 }
wolfSSL 7:481bce714567 16433 else
wolfSSL 7:481bce714567 16434 #endif
wolfSSL 7:481bce714567 16435 {
wolfSSL 7:481bce714567 16436 /* Reset state */
wolfSSL 7:481bce714567 16437 ret = 0;
wolfSSL 7:481bce714567 16438 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 16439 }
wolfSSL 7:481bce714567 16440
wolfSSL 7:481bce714567 16441 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 16442 {
wolfSSL 7:481bce714567 16443 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 16444 {
wolfSSL 7:481bce714567 16445 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 7:481bce714567 16446 return 0; /* sent blank cert, can't verify */
wolfSSL 7:481bce714567 16447 }
wolfSSL 7:481bce714567 16448
wolfSSL 7:481bce714567 16449 sendSz = MAX_CERT_VERIFY_SZ;
wolfSSL 7:481bce714567 16450 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 16451 sendSz += MAX_MSG_EXTRA;
wolfSSL 7:481bce714567 16452 }
wolfSSL 7:481bce714567 16453
wolfSSL 7:481bce714567 16454 /* check for available size */
wolfSSL 7:481bce714567 16455 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 16456 goto exit_scv;
wolfSSL 7:481bce714567 16457 }
wolfSSL 7:481bce714567 16458
wolfSSL 7:481bce714567 16459 /* get output buffer */
wolfSSL 7:481bce714567 16460 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 16461 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 16462
wolfSSL 7:481bce714567 16463 /* Advance state and proceed */
wolfSSL 7:481bce714567 16464 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 16465 } /* case KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 16466
wolfSSL 7:481bce714567 16467 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 16468 {
wolfSSL 7:481bce714567 16469 int keySz;
wolfSSL 7:481bce714567 16470 int typeH = 0;
wolfSSL 7:481bce714567 16471
wolfSSL 7:481bce714567 16472 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 7:481bce714567 16473 if (ret != 0) {
wolfSSL 7:481bce714567 16474 goto exit_scv;
wolfSSL 7:481bce714567 16475 }
wolfSSL 7:481bce714567 16476
wolfSSL 7:481bce714567 16477 #ifndef NO_RSA
wolfSSL 7:481bce714567 16478 ssl->sigKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap,
wolfSSL 7:481bce714567 16479 DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16480 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 16481 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 7:481bce714567 16482 }
wolfSSL 7:481bce714567 16483 ssl->sigType = DYNAMIC_TYPE_RSA;
wolfSSL 7:481bce714567 16484
wolfSSL 7:481bce714567 16485 ret = wc_InitRsaKey_ex((RsaKey*)ssl->sigKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 16486 if (ret != 0) {
wolfSSL 7:481bce714567 16487 goto exit_scv;
wolfSSL 7:481bce714567 16488 }
wolfSSL 7:481bce714567 16489
wolfSSL 7:481bce714567 16490 WOLFSSL_MSG("Trying RSA client cert");
wolfSSL 7:481bce714567 16491
wolfSSL 7:481bce714567 16492 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL 7:481bce714567 16493 (RsaKey*)ssl->sigKey, ssl->buffers.key->length);
wolfSSL 7:481bce714567 16494 if (ret == 0) {
wolfSSL 7:481bce714567 16495 keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 16496 if (keySz < 0) { /* check if keySz has error case */
wolfSSL 7:481bce714567 16497 ERROR_OUT(keySz, exit_scv);
wolfSSL 7:481bce714567 16498 }
wolfSSL 7:481bce714567 16499
wolfSSL 7:481bce714567 16500 length = (word32)keySz;
wolfSSL 7:481bce714567 16501 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 16502 WOLFSSL_MSG("RSA key size too small");
wolfSSL 7:481bce714567 16503 ERROR_OUT(RSA_KEY_SIZE_E, exit_scv);
wolfSSL 7:481bce714567 16504 }
wolfSSL 7:481bce714567 16505 }
wolfSSL 7:481bce714567 16506 else
wolfSSL 7:481bce714567 16507 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 16508 {
wolfSSL 7:481bce714567 16509 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 16510 if (ssl->sigKey) {
wolfSSL 7:481bce714567 16511 XFREE(ssl->sigKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 16512 }
wolfSSL 7:481bce714567 16513 ssl->sigKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 7:481bce714567 16514 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 16515 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 16516 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 7:481bce714567 16517 }
wolfSSL 7:481bce714567 16518 ssl->sigType = DYNAMIC_TYPE_ECC;
wolfSSL 7:481bce714567 16519
wolfSSL 7:481bce714567 16520 ret = wc_ecc_init_ex((ecc_key*)ssl->sigKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 16521 if (ret != 0) {
wolfSSL 7:481bce714567 16522 goto exit_scv;
wolfSSL 7:481bce714567 16523 }
wolfSSL 7:481bce714567 16524
wolfSSL 7:481bce714567 16525 WOLFSSL_MSG("Trying ECC client cert, RSA didn't work");
wolfSSL 7:481bce714567 16526
wolfSSL 7:481bce714567 16527 if (ssl->buffers.key == NULL) {
wolfSSL 7:481bce714567 16528 WOLFSSL_MSG("ECC Key missing");
wolfSSL 7:481bce714567 16529 ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
wolfSSL 7:481bce714567 16530 }
wolfSSL 7:481bce714567 16531
wolfSSL 7:481bce714567 16532 idx = 0;
wolfSSL 7:481bce714567 16533 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL 7:481bce714567 16534 (ecc_key*)ssl->sigKey, ssl->buffers.key->length);
wolfSSL 7:481bce714567 16535 if (ret != 0) {
wolfSSL 7:481bce714567 16536 WOLFSSL_MSG("Bad client cert type");
wolfSSL 7:481bce714567 16537 goto exit_scv;
wolfSSL 7:481bce714567 16538 }
wolfSSL 7:481bce714567 16539
wolfSSL 7:481bce714567 16540 WOLFSSL_MSG("Using ECC client cert");
wolfSSL 7:481bce714567 16541 length = MAX_ENCODED_SIG_SZ;
wolfSSL 7:481bce714567 16542
wolfSSL 7:481bce714567 16543 /* check minimum size of ECC key */
wolfSSL 7:481bce714567 16544 keySz = wc_ecc_size((ecc_key*)ssl->sigKey);
wolfSSL 7:481bce714567 16545 if (keySz < ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 16546 WOLFSSL_MSG("ECC key size too small");
wolfSSL 7:481bce714567 16547 ERROR_OUT(ECC_KEY_SIZE_E, exit_scv);
wolfSSL 7:481bce714567 16548 }
wolfSSL 7:481bce714567 16549 #endif
wolfSSL 7:481bce714567 16550 }
wolfSSL 7:481bce714567 16551
wolfSSL 7:481bce714567 16552
wolfSSL 7:481bce714567 16553 /* idx is used to track verify pointer offset to output */
wolfSSL 7:481bce714567 16554 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 16555 verify = &output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
wolfSSL 7:481bce714567 16556 extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL 7:481bce714567 16557
wolfSSL 7:481bce714567 16558 /* build encoded signature buffer */
wolfSSL 7:481bce714567 16559 ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
wolfSSL 7:481bce714567 16560 ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
wolfSSL 7:481bce714567 16561 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16562 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 16563 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 7:481bce714567 16564 }
wolfSSL 7:481bce714567 16565
wolfSSL 7:481bce714567 16566 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16567 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 16568 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 16569 verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 16570 }
wolfSSL 7:481bce714567 16571 #endif
wolfSSL 7:481bce714567 16572
wolfSSL 7:481bce714567 16573 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 16574 #ifndef NO_SHA
wolfSSL 7:481bce714567 16575 /* old tls default */
wolfSSL 7:481bce714567 16576 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 16577 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 7:481bce714567 16578 typeH = SHAh;
wolfSSL 7:481bce714567 16579 #endif
wolfSSL 7:481bce714567 16580 #else
wolfSSL 7:481bce714567 16581 #ifndef NO_SHA256
wolfSSL 7:481bce714567 16582 /* new tls default */
wolfSSL 7:481bce714567 16583 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 16584 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 7:481bce714567 16585 typeH = SHA256h;
wolfSSL 7:481bce714567 16586 #endif
wolfSSL 7:481bce714567 16587 #endif /* !NO_OLD_TLS */
wolfSSL 7:481bce714567 16588
wolfSSL 7:481bce714567 16589 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 16590 verify[0] = ssl->suites->hashAlgo;
wolfSSL 7:481bce714567 16591 verify[1] = (ssl->sigType == DYNAMIC_TYPE_ECC) ?
wolfSSL 7:481bce714567 16592 ecc_dsa_sa_algo : rsa_sa_algo;
wolfSSL 7:481bce714567 16593 extraSz = HASH_SIG_SIZE;
wolfSSL 7:481bce714567 16594
wolfSSL 7:481bce714567 16595 switch (ssl->suites->hashAlgo) {
wolfSSL 7:481bce714567 16596 #ifndef NO_SHA
wolfSSL 7:481bce714567 16597 case sha_mac:
wolfSSL 7:481bce714567 16598 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 16599 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 7:481bce714567 16600 typeH = SHAh;
wolfSSL 7:481bce714567 16601 break;
wolfSSL 7:481bce714567 16602 #endif /* NO_SHA */
wolfSSL 7:481bce714567 16603 #ifndef NO_SHA256
wolfSSL 7:481bce714567 16604 case sha256_mac:
wolfSSL 7:481bce714567 16605 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 16606 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 7:481bce714567 16607 typeH = SHA256h;
wolfSSL 7:481bce714567 16608 break;
wolfSSL 7:481bce714567 16609 #endif /* !NO_SHA256 */
wolfSSL 7:481bce714567 16610 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 16611 case sha384_mac:
wolfSSL 7:481bce714567 16612 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 7:481bce714567 16613 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 7:481bce714567 16614 typeH = SHA384h;
wolfSSL 7:481bce714567 16615 break;
wolfSSL 7:481bce714567 16616 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 16617 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 16618 case sha512_mac:
wolfSSL 7:481bce714567 16619 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 7:481bce714567 16620 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 7:481bce714567 16621 typeH = SHA512h;
wolfSSL 7:481bce714567 16622 break;
wolfSSL 7:481bce714567 16623 #endif /* WOLFSSL_SHA512 */
wolfSSL 7:481bce714567 16624 } /* switch */
wolfSSL 7:481bce714567 16625 }
wolfSSL 7:481bce714567 16626 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 16627 else {
wolfSSL 7:481bce714567 16628 /* if old TLS load MD5 hash as value to sign */
wolfSSL 7:481bce714567 16629 XMEMCPY(ssl->buffers.sig.buffer, ssl->hsHashes->certHashes.md5,
wolfSSL 7:481bce714567 16630 FINISHED_SZ);
wolfSSL 7:481bce714567 16631 }
wolfSSL 7:481bce714567 16632 #endif
wolfSSL 7:481bce714567 16633
wolfSSL 7:481bce714567 16634 if (typeH == 0) {
wolfSSL 7:481bce714567 16635 ERROR_OUT(ALGO_ID_E, exit_scv);
wolfSSL 7:481bce714567 16636 }
wolfSSL 7:481bce714567 16637
wolfSSL 7:481bce714567 16638 #ifndef NO_RSA
wolfSSL 7:481bce714567 16639 if (ssl->sigType == DYNAMIC_TYPE_RSA) {
wolfSSL 7:481bce714567 16640 ssl->buffers.sig.length = FINISHED_SZ;
wolfSSL 7:481bce714567 16641 ssl->sigLen = ENCRYPT_LEN;
wolfSSL 7:481bce714567 16642
wolfSSL 7:481bce714567 16643 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 16644 ssl->buffers.sig.length = wc_EncodeSignature(
wolfSSL 7:481bce714567 16645 ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL 7:481bce714567 16646 ssl->buffers.digest.length, typeH);
wolfSSL 7:481bce714567 16647 }
wolfSSL 7:481bce714567 16648
wolfSSL 7:481bce714567 16649 c16toa((word16)length, verify + extraSz); /* prepend hdr */
wolfSSL 7:481bce714567 16650 }
wolfSSL 7:481bce714567 16651 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 16652
wolfSSL 7:481bce714567 16653 /* Advance state and proceed */
wolfSSL 7:481bce714567 16654 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 16655 } /* case KEYSHARE_BUILD */
wolfSSL 7:481bce714567 16656
wolfSSL 7:481bce714567 16657 case KEYSHARE_DO:
wolfSSL 7:481bce714567 16658 {
wolfSSL 7:481bce714567 16659 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 16660 if (ssl->sigType == DYNAMIC_TYPE_ECC) {
wolfSSL 7:481bce714567 16661 ret = EccSign(ssl,
wolfSSL 7:481bce714567 16662 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 7:481bce714567 16663 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 7:481bce714567 16664 (ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 16665 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 16666 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 16667 ssl->buffers.key->length,
wolfSSL 7:481bce714567 16668 ssl->EccSignCtx
wolfSSL 7:481bce714567 16669 #else
wolfSSL 7:481bce714567 16670 NULL, 0, NULL
wolfSSL 7:481bce714567 16671 #endif
wolfSSL 7:481bce714567 16672 );
wolfSSL 7:481bce714567 16673 }
wolfSSL 7:481bce714567 16674 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 16675 #ifndef NO_RSA
wolfSSL 7:481bce714567 16676 if (ssl->sigType == DYNAMIC_TYPE_RSA) {
wolfSSL 7:481bce714567 16677 /* restore verify pointer */
wolfSSL 7:481bce714567 16678 verify = &output[idx];
wolfSSL 7:481bce714567 16679
wolfSSL 7:481bce714567 16680 ret = RsaSign(ssl,
wolfSSL 7:481bce714567 16681 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 7:481bce714567 16682 verify + extraSz + VERIFY_HEADER, &ssl->sigLen,
wolfSSL 7:481bce714567 16683 (RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 16684 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 16685 ssl->buffers.key->length,
wolfSSL 7:481bce714567 16686 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 16687 ssl->RsaSignCtx
wolfSSL 7:481bce714567 16688 #else
wolfSSL 7:481bce714567 16689 NULL
wolfSSL 7:481bce714567 16690 #endif
wolfSSL 7:481bce714567 16691 );
wolfSSL 7:481bce714567 16692 }
wolfSSL 7:481bce714567 16693 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 16694
wolfSSL 7:481bce714567 16695 /* Check for error */
wolfSSL 7:481bce714567 16696 if (ret != 0) {
wolfSSL 7:481bce714567 16697 goto exit_scv;
wolfSSL 7:481bce714567 16698 }
wolfSSL 7:481bce714567 16699
wolfSSL 7:481bce714567 16700 /* Advance state and proceed */
wolfSSL 7:481bce714567 16701 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 16702 } /* case KEYSHARE_DO */
wolfSSL 7:481bce714567 16703
wolfSSL 7:481bce714567 16704 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 16705 {
wolfSSL 7:481bce714567 16706 /* restore verify pointer */
wolfSSL 7:481bce714567 16707 verify = &output[idx];
wolfSSL 7:481bce714567 16708
wolfSSL 7:481bce714567 16709 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 16710 if (ssl->sigType == DYNAMIC_TYPE_ECC) {
wolfSSL 7:481bce714567 16711 length = ssl->buffers.sig.length;
wolfSSL 7:481bce714567 16712 c16toa((word16)ssl->buffers.sig.length, verify + extraSz); /* prepend hdr */
wolfSSL 7:481bce714567 16713 XMEMCPY(verify + extraSz + VERIFY_HEADER,
wolfSSL 7:481bce714567 16714 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 7:481bce714567 16715 }
wolfSSL 7:481bce714567 16716 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 16717 #ifndef NO_RSA
wolfSSL 7:481bce714567 16718 if (ssl->sigType == DYNAMIC_TYPE_RSA) {
wolfSSL 7:481bce714567 16719 if (verifySig == NULL) {
wolfSSL 7:481bce714567 16720 verifySig = (byte*)XMALLOC(ssl->sigLen, ssl->heap,
wolfSSL 7:481bce714567 16721 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16722 if (verifySig == NULL) {
wolfSSL 7:481bce714567 16723 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 7:481bce714567 16724 }
wolfSSL 7:481bce714567 16725 XMEMCPY(verifySig, verify + extraSz + VERIFY_HEADER,
wolfSSL 7:481bce714567 16726 ssl->sigLen);
wolfSSL 7:481bce714567 16727 }
wolfSSL 7:481bce714567 16728
wolfSSL 7:481bce714567 16729 /* check for signature faults */
wolfSSL 7:481bce714567 16730 ret = VerifyRsaSign(ssl,
wolfSSL 7:481bce714567 16731 verifySig, ssl->sigLen,
wolfSSL 7:481bce714567 16732 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 7:481bce714567 16733 (RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 16734 }
wolfSSL 7:481bce714567 16735 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 16736
wolfSSL 7:481bce714567 16737 /* Check for error */
wolfSSL 7:481bce714567 16738 if (ret != 0) {
wolfSSL 7:481bce714567 16739 goto exit_scv;
wolfSSL 7:481bce714567 16740 }
wolfSSL 7:481bce714567 16741
wolfSSL 7:481bce714567 16742 /* Advance state and proceed */
wolfSSL 7:481bce714567 16743 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 16744 } /* case KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 16745
wolfSSL 7:481bce714567 16746 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 16747 {
wolfSSL 7:481bce714567 16748 AddHeaders(output, length + extraSz + VERIFY_HEADER,
wolfSSL 7:481bce714567 16749 certificate_verify, ssl);
wolfSSL 7:481bce714567 16750
wolfSSL 7:481bce714567 16751 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
wolfSSL 7:481bce714567 16752 extraSz + VERIFY_HEADER;
wolfSSL 7:481bce714567 16753
wolfSSL 7:481bce714567 16754 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16755 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 16756 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 16757 }
wolfSSL 7:481bce714567 16758 #endif
wolfSSL 7:481bce714567 16759
wolfSSL 7:481bce714567 16760 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 7:481bce714567 16761 byte* input;
wolfSSL 7:481bce714567 16762 int inputSz = sendSz - RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 16763 /* build msg adds rec hdr */
wolfSSL 7:481bce714567 16764 input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL 7:481bce714567 16765 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16766 if (input == NULL) {
wolfSSL 7:481bce714567 16767 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 7:481bce714567 16768 }
wolfSSL 7:481bce714567 16769
wolfSSL 7:481bce714567 16770 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 7:481bce714567 16771 sendSz = BuildMessage(ssl, output,
wolfSSL 7:481bce714567 16772 MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA,
wolfSSL 7:481bce714567 16773 input, inputSz, handshake, 1, 0);
wolfSSL 7:481bce714567 16774 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16775
wolfSSL 7:481bce714567 16776 if (sendSz < 0) {
wolfSSL 7:481bce714567 16777 ret = sendSz;
wolfSSL 7:481bce714567 16778 }
wolfSSL 7:481bce714567 16779 }
wolfSSL 7:481bce714567 16780 else {
wolfSSL 7:481bce714567 16781 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16782 if (ssl->options.dtls)
wolfSSL 7:481bce714567 16783 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 16784 #endif
wolfSSL 7:481bce714567 16785 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 16786 }
wolfSSL 7:481bce714567 16787
wolfSSL 7:481bce714567 16788 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 16789 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 16790 ret = DtlsMsgPoolSave(ssl, output, sendSz);
wolfSSL 7:481bce714567 16791 }
wolfSSL 7:481bce714567 16792 #endif
wolfSSL 7:481bce714567 16793
wolfSSL 7:481bce714567 16794 /* Check for error */
wolfSSL 7:481bce714567 16795 if (ret != 0) {
wolfSSL 7:481bce714567 16796 goto exit_scv;
wolfSSL 7:481bce714567 16797 }
wolfSSL 7:481bce714567 16798
wolfSSL 7:481bce714567 16799 /* Advance state and proceed */
wolfSSL 7:481bce714567 16800 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 16801 } /* case KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 16802
wolfSSL 7:481bce714567 16803 case KEYSHARE_END:
wolfSSL 7:481bce714567 16804 {
wolfSSL 7:481bce714567 16805 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 16806 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 16807 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 16808 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 16809 AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
wolfSSL 7:481bce714567 16810 output, sendSz, ssl->heap);
wolfSSL 7:481bce714567 16811 #endif
wolfSSL 7:481bce714567 16812
wolfSSL 7:481bce714567 16813 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 16814
wolfSSL 7:481bce714567 16815 if (!ssl->options.groupMessages) {
wolfSSL 7:481bce714567 16816 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 16817 }
wolfSSL 7:481bce714567 16818 break;
wolfSSL 7:481bce714567 16819 }
wolfSSL 7:481bce714567 16820 default:
wolfSSL 7:481bce714567 16821 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 16822 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 16823
wolfSSL 7:481bce714567 16824 exit_scv:
wolfSSL 7:481bce714567 16825
wolfSSL 7:481bce714567 16826 WOLFSSL_LEAVE("SendCertificateVerify", ret);
wolfSSL 7:481bce714567 16827
wolfSSL 7:481bce714567 16828 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 16829
wolfSSL 7:481bce714567 16830
wolfSSL 7:481bce714567 16831 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 16832 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 16833 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 16834 /* Store variables needed for async */
wolfSSL 7:481bce714567 16835 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 16836 ssl->async.output = output;
wolfSSL 7:481bce714567 16837 ssl->async.sendSz = sendSz;
wolfSSL 7:481bce714567 16838 ssl->async.sigSz = extraSz;
wolfSSL 7:481bce714567 16839 ssl->async.length = length;
wolfSSL 7:481bce714567 16840 ssl->async.idx = idx;
wolfSSL 7:481bce714567 16841 #ifndef NO_RSA
wolfSSL 7:481bce714567 16842 ssl->async.data = verifySig;
wolfSSL 7:481bce714567 16843 #endif
wolfSSL 7:481bce714567 16844
wolfSSL 7:481bce714567 16845 /* Push event to queue */
wolfSSL 7:481bce714567 16846 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 16847 if (ret == 0) {
wolfSSL 7:481bce714567 16848 return WC_PENDING_E;
wolfSSL 7:481bce714567 16849 }
wolfSSL 7:481bce714567 16850 }
wolfSSL 7:481bce714567 16851 #endif
wolfSSL 7:481bce714567 16852
wolfSSL 7:481bce714567 16853 #ifndef NO_RSA
wolfSSL 7:481bce714567 16854 if (verifySig) {
wolfSSL 7:481bce714567 16855 XFREE(verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 16856 verifySig = NULL;
wolfSSL 7:481bce714567 16857 }
wolfSSL 7:481bce714567 16858 #endif
wolfSSL 7:481bce714567 16859
wolfSSL 7:481bce714567 16860 /* Digest is not allocated, so do this to prevent free */
wolfSSL 7:481bce714567 16861 ssl->buffers.digest.buffer = NULL;
wolfSSL 7:481bce714567 16862 ssl->buffers.digest.length = 0;
wolfSSL 7:481bce714567 16863
wolfSSL 7:481bce714567 16864 /* Final cleanup */
wolfSSL 7:481bce714567 16865 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 16866
wolfSSL 7:481bce714567 16867 return ret;
wolfSSL 7:481bce714567 16868 }
wolfSSL 7:481bce714567 16869
wolfSSL 7:481bce714567 16870 #endif /* NO_CERTS */
wolfSSL 7:481bce714567 16871
wolfSSL 7:481bce714567 16872
wolfSSL 7:481bce714567 16873 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 16874 int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 16875 word32 size)
wolfSSL 7:481bce714567 16876 {
wolfSSL 7:481bce714567 16877 word32 begin = *inOutIdx;
wolfSSL 7:481bce714567 16878 word32 lifetime;
wolfSSL 7:481bce714567 16879 word16 length;
wolfSSL 7:481bce714567 16880
wolfSSL 7:481bce714567 16881 if (ssl->expect_session_ticket == 0) {
wolfSSL 7:481bce714567 16882 WOLFSSL_MSG("Unexpected session ticket");
wolfSSL 7:481bce714567 16883 return SESSION_TICKET_EXPECT_E;
wolfSSL 7:481bce714567 16884 }
wolfSSL 7:481bce714567 16885
wolfSSL 7:481bce714567 16886 if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
wolfSSL 7:481bce714567 16887 return BUFFER_ERROR;
wolfSSL 7:481bce714567 16888
wolfSSL 7:481bce714567 16889 ato32(input + *inOutIdx, &lifetime);
wolfSSL 7:481bce714567 16890 *inOutIdx += OPAQUE32_LEN;
wolfSSL 7:481bce714567 16891
wolfSSL 7:481bce714567 16892 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 7:481bce714567 16893 return BUFFER_ERROR;
wolfSSL 7:481bce714567 16894
wolfSSL 7:481bce714567 16895 ato16(input + *inOutIdx, &length);
wolfSSL 7:481bce714567 16896 *inOutIdx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 16897
wolfSSL 7:481bce714567 16898 if ((*inOutIdx - begin) + length > size)
wolfSSL 7:481bce714567 16899 return BUFFER_ERROR;
wolfSSL 7:481bce714567 16900
wolfSSL 7:481bce714567 16901 if (length > sizeof(ssl->session.staticTicket)) {
wolfSSL 7:481bce714567 16902 /* Free old dynamic ticket if we already had one */
wolfSSL 7:481bce714567 16903 if (ssl->session.isDynamic)
wolfSSL 7:481bce714567 16904 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 16905 ssl->session.ticket =
wolfSSL 7:481bce714567 16906 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 16907 if (ssl->session.ticket == NULL) {
wolfSSL 7:481bce714567 16908 /* Set to static ticket to avoid null pointer error */
wolfSSL 7:481bce714567 16909 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 16910 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 16911 return MEMORY_E;
wolfSSL 7:481bce714567 16912 }
wolfSSL 7:481bce714567 16913 ssl->session.isDynamic = 1;
wolfSSL 7:481bce714567 16914 } else {
wolfSSL 7:481bce714567 16915 if(ssl->session.isDynamic) {
wolfSSL 7:481bce714567 16916 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 7:481bce714567 16917 }
wolfSSL 7:481bce714567 16918 ssl->session.isDynamic = 0;
wolfSSL 7:481bce714567 16919 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 7:481bce714567 16920 }
wolfSSL 7:481bce714567 16921
wolfSSL 7:481bce714567 16922 /* If the received ticket including its length is greater than
wolfSSL 7:481bce714567 16923 * a length value, the save it. Otherwise, don't save it. */
wolfSSL 7:481bce714567 16924 if (length > 0) {
wolfSSL 7:481bce714567 16925 XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
wolfSSL 7:481bce714567 16926 *inOutIdx += length;
wolfSSL 7:481bce714567 16927 ssl->session.ticketLen = length;
wolfSSL 7:481bce714567 16928 ssl->timeout = lifetime;
wolfSSL 7:481bce714567 16929 if (ssl->session_ticket_cb != NULL) {
wolfSSL 7:481bce714567 16930 ssl->session_ticket_cb(ssl,
wolfSSL 7:481bce714567 16931 ssl->session.ticket, ssl->session.ticketLen,
wolfSSL 7:481bce714567 16932 ssl->session_ticket_ctx);
wolfSSL 7:481bce714567 16933 }
wolfSSL 7:481bce714567 16934 /* Create a fake sessionID based on the ticket, this will
wolfSSL 7:481bce714567 16935 * supercede the existing session cache info. */
wolfSSL 7:481bce714567 16936 ssl->options.haveSessionId = 1;
wolfSSL 7:481bce714567 16937 XMEMCPY(ssl->arrays->sessionID,
wolfSSL 7:481bce714567 16938 ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL 7:481bce714567 16939 #ifndef NO_SESSION_CACHE
wolfSSL 7:481bce714567 16940 AddSession(ssl);
wolfSSL 7:481bce714567 16941 #endif
wolfSSL 7:481bce714567 16942
wolfSSL 7:481bce714567 16943 }
wolfSSL 7:481bce714567 16944 else {
wolfSSL 7:481bce714567 16945 ssl->session.ticketLen = 0;
wolfSSL 7:481bce714567 16946 }
wolfSSL 7:481bce714567 16947
wolfSSL 7:481bce714567 16948 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 7:481bce714567 16949 *inOutIdx += ssl->keys.padSz;
wolfSSL 7:481bce714567 16950 }
wolfSSL 7:481bce714567 16951
wolfSSL 7:481bce714567 16952 ssl->expect_session_ticket = 0;
wolfSSL 7:481bce714567 16953
wolfSSL 7:481bce714567 16954 return 0;
wolfSSL 7:481bce714567 16955 }
wolfSSL 7:481bce714567 16956 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 16957
wolfSSL 7:481bce714567 16958 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 7:481bce714567 16959
wolfSSL 7:481bce714567 16960
wolfSSL 7:481bce714567 16961 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 16962
wolfSSL 7:481bce714567 16963 int SendServerHello(WOLFSSL* ssl)
wolfSSL 7:481bce714567 16964 {
wolfSSL 7:481bce714567 16965 byte *output;
wolfSSL 7:481bce714567 16966 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 16967 int sendSz;
wolfSSL 7:481bce714567 16968 int ret;
wolfSSL 7:481bce714567 16969 byte sessIdSz = ID_LEN;
wolfSSL 7:481bce714567 16970
wolfSSL 7:481bce714567 16971 length = VERSION_SZ + RAN_LEN
wolfSSL 7:481bce714567 16972 + ID_LEN + ENUM_LEN
wolfSSL 7:481bce714567 16973 + SUITE_LEN
wolfSSL 7:481bce714567 16974 + ENUM_LEN;
wolfSSL 7:481bce714567 16975
wolfSSL 7:481bce714567 16976 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 16977 length += TLSX_GetResponseSize(ssl);
wolfSSL 7:481bce714567 16978 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 16979 if (ssl->options.useTicket) {
wolfSSL 7:481bce714567 16980 /* echo session id sz can be 0,32 or bogus len inbetween */
wolfSSL 7:481bce714567 16981 sessIdSz = ssl->arrays->sessionIDSz;
wolfSSL 7:481bce714567 16982 if (sessIdSz > ID_LEN) {
wolfSSL 7:481bce714567 16983 WOLFSSL_MSG("Bad bogus session id len");
wolfSSL 7:481bce714567 16984 return BUFFER_ERROR;
wolfSSL 7:481bce714567 16985 }
wolfSSL 7:481bce714567 16986 length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
wolfSSL 7:481bce714567 16987 }
wolfSSL 7:481bce714567 16988 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 16989 #else
wolfSSL 7:481bce714567 16990 if (ssl->options.haveEMS) {
wolfSSL 7:481bce714567 16991 length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
wolfSSL 7:481bce714567 16992 }
wolfSSL 7:481bce714567 16993 #endif
wolfSSL 7:481bce714567 16994
wolfSSL 7:481bce714567 16995 /* check for avalaible size */
wolfSSL 7:481bce714567 16996 if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
wolfSSL 7:481bce714567 16997 return ret;
wolfSSL 7:481bce714567 16998
wolfSSL 7:481bce714567 16999 /* get output buffer */
wolfSSL 7:481bce714567 17000 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17001 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17002
wolfSSL 7:481bce714567 17003 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17004 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17005 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17006 /* Server Hello should use the same sequence number as the
wolfSSL 7:481bce714567 17007 * Client Hello. */
wolfSSL 7:481bce714567 17008 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 7:481bce714567 17009 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 7:481bce714567 17010 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17011 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17012 }
wolfSSL 7:481bce714567 17013 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 17014 AddHeaders(output, length, server_hello, ssl);
wolfSSL 7:481bce714567 17015
wolfSSL 7:481bce714567 17016 /* now write to output */
wolfSSL 7:481bce714567 17017 /* first version */
wolfSSL 7:481bce714567 17018 output[idx++] = ssl->version.major;
wolfSSL 7:481bce714567 17019 output[idx++] = ssl->version.minor;
wolfSSL 7:481bce714567 17020
wolfSSL 7:481bce714567 17021 /* then random and session id */
wolfSSL 7:481bce714567 17022 if (!ssl->options.resuming) {
wolfSSL 7:481bce714567 17023 /* generate random part and session id */
wolfSSL 7:481bce714567 17024 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
wolfSSL 7:481bce714567 17025 RAN_LEN + sizeof(sessIdSz) + sessIdSz);
wolfSSL 7:481bce714567 17026 if (ret != 0)
wolfSSL 7:481bce714567 17027 return ret;
wolfSSL 7:481bce714567 17028
wolfSSL 7:481bce714567 17029 /* store info in SSL for later */
wolfSSL 7:481bce714567 17030 XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
wolfSSL 7:481bce714567 17031 idx += RAN_LEN;
wolfSSL 7:481bce714567 17032 output[idx++] = sessIdSz;
wolfSSL 7:481bce714567 17033 XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
wolfSSL 7:481bce714567 17034 }
wolfSSL 7:481bce714567 17035 else {
wolfSSL 7:481bce714567 17036 /* If resuming, use info from SSL */
wolfSSL 7:481bce714567 17037 XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 7:481bce714567 17038 idx += RAN_LEN;
wolfSSL 7:481bce714567 17039 output[idx++] = sessIdSz;
wolfSSL 7:481bce714567 17040 XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
wolfSSL 7:481bce714567 17041 }
wolfSSL 7:481bce714567 17042 idx += sessIdSz;
wolfSSL 7:481bce714567 17043
wolfSSL 7:481bce714567 17044 #ifdef SHOW_SECRETS
wolfSSL 7:481bce714567 17045 {
wolfSSL 7:481bce714567 17046 int j;
wolfSSL 7:481bce714567 17047 printf("server random: ");
wolfSSL 7:481bce714567 17048 for (j = 0; j < RAN_LEN; j++)
wolfSSL 7:481bce714567 17049 printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL 7:481bce714567 17050 printf("\n");
wolfSSL 7:481bce714567 17051 }
wolfSSL 7:481bce714567 17052 #endif
wolfSSL 7:481bce714567 17053
wolfSSL 7:481bce714567 17054 /* then cipher suite */
wolfSSL 7:481bce714567 17055 output[idx++] = ssl->options.cipherSuite0;
wolfSSL 7:481bce714567 17056 output[idx++] = ssl->options.cipherSuite;
wolfSSL 7:481bce714567 17057
wolfSSL 7:481bce714567 17058 /* then compression */
wolfSSL 7:481bce714567 17059 if (ssl->options.usingCompression)
wolfSSL 7:481bce714567 17060 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 7:481bce714567 17061 else
wolfSSL 7:481bce714567 17062 output[idx++] = NO_COMPRESSION;
wolfSSL 7:481bce714567 17063
wolfSSL 7:481bce714567 17064 /* last, extensions */
wolfSSL 7:481bce714567 17065 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 17066 TLSX_WriteResponse(ssl, output + idx);
wolfSSL 7:481bce714567 17067 #else
wolfSSL 7:481bce714567 17068 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 17069 if (ssl->options.haveEMS) {
wolfSSL 7:481bce714567 17070 c16toa(HELLO_EXT_SZ, output + idx);
wolfSSL 7:481bce714567 17071 idx += HELLO_EXT_SZ_SZ;
wolfSSL 7:481bce714567 17072
wolfSSL 7:481bce714567 17073 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 7:481bce714567 17074 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 7:481bce714567 17075 c16toa(0, output + idx);
wolfSSL 7:481bce714567 17076 /*idx += HELLO_EXT_SZ_SZ;*/
wolfSSL 7:481bce714567 17077 /* idx is not used after this point. uncomment the line above
wolfSSL 7:481bce714567 17078 * if adding any more extentions in the future. */
wolfSSL 7:481bce714567 17079 }
wolfSSL 7:481bce714567 17080 #endif
wolfSSL 7:481bce714567 17081 #endif
wolfSSL 7:481bce714567 17082
wolfSSL 7:481bce714567 17083 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 17084 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17085 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 17086 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 17087 return ret;
wolfSSL 7:481bce714567 17088 }
wolfSSL 7:481bce714567 17089
wolfSSL 7:481bce714567 17090 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17091 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 17092 }
wolfSSL 7:481bce714567 17093 #endif
wolfSSL 7:481bce714567 17094
wolfSSL 7:481bce714567 17095 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 17096 if (ret != 0)
wolfSSL 7:481bce714567 17097 return ret;
wolfSSL 7:481bce714567 17098
wolfSSL 7:481bce714567 17099 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 17100 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 17101 AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 17102 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 17103 AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 17104 ssl->heap);
wolfSSL 7:481bce714567 17105 #endif
wolfSSL 7:481bce714567 17106
wolfSSL 7:481bce714567 17107 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 7:481bce714567 17108
wolfSSL 7:481bce714567 17109 if (ssl->options.groupMessages)
wolfSSL 7:481bce714567 17110 return 0;
wolfSSL 7:481bce714567 17111 else
wolfSSL 7:481bce714567 17112 return SendBuffered(ssl);
wolfSSL 7:481bce714567 17113 }
wolfSSL 7:481bce714567 17114
wolfSSL 7:481bce714567 17115
wolfSSL 7:481bce714567 17116 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 17117
wolfSSL 7:481bce714567 17118 static byte SetCurveId(ecc_key* key)
wolfSSL 7:481bce714567 17119 {
wolfSSL 7:481bce714567 17120 if (key == NULL || key->dp == NULL) {
wolfSSL 7:481bce714567 17121 WOLFSSL_MSG("SetCurveId: Invalid key!");
wolfSSL 7:481bce714567 17122 return 0;
wolfSSL 7:481bce714567 17123 }
wolfSSL 7:481bce714567 17124
wolfSSL 7:481bce714567 17125 switch(key->dp->oidSum) {
wolfSSL 7:481bce714567 17126 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17127 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17128 case ECC_SECP160R1_OID:
wolfSSL 7:481bce714567 17129 return WOLFSSL_ECC_SECP160R1;
wolfSSL 7:481bce714567 17130 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17131 #ifdef HAVE_ECC_SECPR2
wolfSSL 7:481bce714567 17132 case ECC_SECP160R2_OID:
wolfSSL 7:481bce714567 17133 return WOLFSSL_ECC_SECP160R2;
wolfSSL 7:481bce714567 17134 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 7:481bce714567 17135 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 17136 case ECC_SECP160K1_OID:
wolfSSL 7:481bce714567 17137 return WOLFSSL_ECC_SECP160K1;
wolfSSL 7:481bce714567 17138 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 17139 #endif
wolfSSL 7:481bce714567 17140 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17141 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17142 case ECC_SECP192R1_OID:
wolfSSL 7:481bce714567 17143 return WOLFSSL_ECC_SECP192R1;
wolfSSL 7:481bce714567 17144 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17145 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 17146 case ECC_SECP192K1_OID:
wolfSSL 7:481bce714567 17147 return WOLFSSL_ECC_SECP192K1;
wolfSSL 7:481bce714567 17148 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 17149 #endif
wolfSSL 7:481bce714567 17150 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17151 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17152 case ECC_SECP224R1_OID:
wolfSSL 7:481bce714567 17153 return WOLFSSL_ECC_SECP224R1;
wolfSSL 7:481bce714567 17154 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17155 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 17156 case ECC_SECP224K1_OID:
wolfSSL 7:481bce714567 17157 return WOLFSSL_ECC_SECP224K1;
wolfSSL 7:481bce714567 17158 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 17159 #endif
wolfSSL 7:481bce714567 17160 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17161 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17162 case ECC_SECP256R1_OID:
wolfSSL 7:481bce714567 17163 return WOLFSSL_ECC_SECP256R1;
wolfSSL 7:481bce714567 17164 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17165 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 7:481bce714567 17166 case ECC_SECP256K1_OID:
wolfSSL 7:481bce714567 17167 return WOLFSSL_ECC_SECP256K1;
wolfSSL 7:481bce714567 17168 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 7:481bce714567 17169 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 17170 case ECC_BRAINPOOLP256R1_OID:
wolfSSL 7:481bce714567 17171 return WOLFSSL_ECC_BRAINPOOLP256R1;
wolfSSL 7:481bce714567 17172 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 17173 #endif
wolfSSL 7:481bce714567 17174 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17175 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17176 case ECC_SECP384R1_OID:
wolfSSL 7:481bce714567 17177 return WOLFSSL_ECC_SECP384R1;
wolfSSL 7:481bce714567 17178 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17179 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 17180 case ECC_BRAINPOOLP384R1_OID:
wolfSSL 7:481bce714567 17181 return WOLFSSL_ECC_BRAINPOOLP384R1;
wolfSSL 7:481bce714567 17182 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 17183 #endif
wolfSSL 7:481bce714567 17184 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17185 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 7:481bce714567 17186 case ECC_BRAINPOOLP512R1_OID:
wolfSSL 7:481bce714567 17187 return WOLFSSL_ECC_BRAINPOOLP512R1;
wolfSSL 7:481bce714567 17188 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 7:481bce714567 17189 #endif
wolfSSL 7:481bce714567 17190 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 7:481bce714567 17191 #ifndef NO_ECC_SECP
wolfSSL 7:481bce714567 17192 case ECC_SECP521R1_OID:
wolfSSL 7:481bce714567 17193 return WOLFSSL_ECC_SECP521R1;
wolfSSL 7:481bce714567 17194 #endif /* !NO_ECC_SECP */
wolfSSL 7:481bce714567 17195 #endif
wolfSSL 7:481bce714567 17196 default:
wolfSSL 7:481bce714567 17197 return 0;
wolfSSL 7:481bce714567 17198 }
wolfSSL 7:481bce714567 17199 }
wolfSSL 7:481bce714567 17200
wolfSSL 7:481bce714567 17201 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 17202
wolfSSL 7:481bce714567 17203
wolfSSL 7:481bce714567 17204 int SendServerKeyExchange(WOLFSSL* ssl)
wolfSSL 7:481bce714567 17205 {
wolfSSL 7:481bce714567 17206 int ret;
wolfSSL 7:481bce714567 17207 int sendSz = 0;
wolfSSL 7:481bce714567 17208 byte *output = NULL;
wolfSSL 7:481bce714567 17209 word32 idx = 0, sigSz = 0, length = 0;
wolfSSL 7:481bce714567 17210 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 7:481bce714567 17211 byte *sigDataBuf = NULL;
wolfSSL 7:481bce714567 17212 word32 sigDataSz = 0;
wolfSSL 7:481bce714567 17213 #endif
wolfSSL 7:481bce714567 17214 #if defined(HAVE_ECC)
wolfSSL 7:481bce714567 17215 byte *exportBuf = NULL;
wolfSSL 7:481bce714567 17216 word32 exportSz = 0;
wolfSSL 7:481bce714567 17217 #endif
wolfSSL 7:481bce714567 17218
wolfSSL 7:481bce714567 17219 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17220 word32 qshSz = 0;
wolfSSL 7:481bce714567 17221 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 17222 qshSz = QSH_KeyGetSize(ssl);
wolfSSL 7:481bce714567 17223 }
wolfSSL 7:481bce714567 17224 #endif
wolfSSL 7:481bce714567 17225 #ifndef NO_RSA
wolfSSL 7:481bce714567 17226 byte* verifySig = NULL;
wolfSSL 7:481bce714567 17227 #endif
wolfSSL 7:481bce714567 17228
wolfSSL 7:481bce714567 17229 (void)ssl;
wolfSSL 7:481bce714567 17230 (void)sigSz;
wolfSSL 7:481bce714567 17231 (void)length;
wolfSSL 7:481bce714567 17232 (void)idx;
wolfSSL 7:481bce714567 17233
wolfSSL 7:481bce714567 17234 WOLFSSL_ENTER("SendServerKeyExchange");
wolfSSL 7:481bce714567 17235
wolfSSL 7:481bce714567 17236 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 17237 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 17238 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 17239 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 17240
wolfSSL 7:481bce714567 17241 /* Clear event */
wolfSSL 7:481bce714567 17242 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 17243
wolfSSL 7:481bce714567 17244 /* Check for error */
wolfSSL 7:481bce714567 17245 if (ret < 0) {
wolfSSL 7:481bce714567 17246 goto exit_sske;
wolfSSL 7:481bce714567 17247 }
wolfSSL 7:481bce714567 17248 else {
wolfSSL 7:481bce714567 17249 /* Restore variables needed for async */
wolfSSL 7:481bce714567 17250 output = ssl->async.output;
wolfSSL 7:481bce714567 17251 sendSz = ssl->async.sendSz;
wolfSSL 7:481bce714567 17252 idx = ssl->async.idx;
wolfSSL 7:481bce714567 17253 sigSz = ssl->async.sigSz;
wolfSSL 7:481bce714567 17254 length = ssl->async.length;
wolfSSL 7:481bce714567 17255 #ifndef NO_RSA
wolfSSL 7:481bce714567 17256 verifySig = ssl->async.data;
wolfSSL 7:481bce714567 17257 #endif
wolfSSL 7:481bce714567 17258
wolfSSL 7:481bce714567 17259 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 17260 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 17261 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 17262 }
wolfSSL 7:481bce714567 17263 }
wolfSSL 7:481bce714567 17264 }
wolfSSL 7:481bce714567 17265 else
wolfSSL 7:481bce714567 17266 #endif
wolfSSL 7:481bce714567 17267 {
wolfSSL 7:481bce714567 17268 /* Reset state */
wolfSSL 7:481bce714567 17269 ret = 0;
wolfSSL 7:481bce714567 17270 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 17271 }
wolfSSL 7:481bce714567 17272
wolfSSL 7:481bce714567 17273 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 17274 {
wolfSSL 7:481bce714567 17275 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 17276 {
wolfSSL 7:481bce714567 17277 /* Do some checks / debug msgs */
wolfSSL 7:481bce714567 17278 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 17279 {
wolfSSL 7:481bce714567 17280 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 17281 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 17282 {
wolfSSL 7:481bce714567 17283 WOLFSSL_MSG("Using ephemeral ECDH PSK");
wolfSSL 7:481bce714567 17284 break;
wolfSSL 7:481bce714567 17285 }
wolfSSL 7:481bce714567 17286 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 17287 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 17288 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 17289 {
wolfSSL 7:481bce714567 17290 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 17291 WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange");
wolfSSL 7:481bce714567 17292 ERROR_OUT(0, exit_sske);
wolfSSL 7:481bce714567 17293 }
wolfSSL 7:481bce714567 17294
wolfSSL 7:481bce714567 17295 if (!ssl->buffers.key->buffer) {
wolfSSL 7:481bce714567 17296 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 7:481bce714567 17297 }
wolfSSL 7:481bce714567 17298
wolfSSL 7:481bce714567 17299 WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL 7:481bce714567 17300 break;
wolfSSL 7:481bce714567 17301 }
wolfSSL 7:481bce714567 17302 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 17303 }
wolfSSL 7:481bce714567 17304
wolfSSL 7:481bce714567 17305 /* Preparing keys */
wolfSSL 7:481bce714567 17306 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 17307 {
wolfSSL 7:481bce714567 17308 #ifndef NO_PSK
wolfSSL 7:481bce714567 17309 case psk_kea:
wolfSSL 7:481bce714567 17310 {
wolfSSL 7:481bce714567 17311 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 17312 break;
wolfSSL 7:481bce714567 17313 }
wolfSSL 7:481bce714567 17314 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 17315 #if !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA))
wolfSSL 7:481bce714567 17316 #if !defined(NO_PSK)
wolfSSL 7:481bce714567 17317 case dhe_psk_kea:
wolfSSL 7:481bce714567 17318 #endif
wolfSSL 7:481bce714567 17319 #if !defined(NO_RSA)
wolfSSL 7:481bce714567 17320 case diffie_hellman_kea:
wolfSSL 7:481bce714567 17321 #endif
wolfSSL 7:481bce714567 17322 {
wolfSSL 7:481bce714567 17323 /* Allocate DH key buffers and generate key */
wolfSSL 7:481bce714567 17324 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 7:481bce714567 17325 ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 7:481bce714567 17326 ERROR_OUT(NO_DH_PARAMS, exit_sske);
wolfSSL 7:481bce714567 17327 }
wolfSSL 7:481bce714567 17328
wolfSSL 7:481bce714567 17329 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 7:481bce714567 17330 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 7:481bce714567 17331 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 17332 ssl->buffers.serverDH_P.length + 2, ssl->heap,
wolfSSL 7:481bce714567 17333 DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 17334 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 7:481bce714567 17335 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17336 }
wolfSSL 7:481bce714567 17337 }
wolfSSL 7:481bce714567 17338
wolfSSL 7:481bce714567 17339 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 7:481bce714567 17340 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 7:481bce714567 17341 ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 17342 ssl->buffers.serverDH_P.length + 2, ssl->heap,
wolfSSL 7:481bce714567 17343 DYNAMIC_TYPE_DH);
wolfSSL 7:481bce714567 17344 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 7:481bce714567 17345 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17346 }
wolfSSL 7:481bce714567 17347 }
wolfSSL 7:481bce714567 17348
wolfSSL 7:481bce714567 17349 ret = DhGenKeyPair(ssl,
wolfSSL 7:481bce714567 17350 ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 17351 ssl->buffers.serverDH_P.length,
wolfSSL 7:481bce714567 17352 ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 17353 ssl->buffers.serverDH_G.length,
wolfSSL 7:481bce714567 17354 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 7:481bce714567 17355 &ssl->buffers.serverDH_Priv.length,
wolfSSL 7:481bce714567 17356 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 7:481bce714567 17357 &ssl->buffers.serverDH_Pub.length);
wolfSSL 7:481bce714567 17358 break;
wolfSSL 7:481bce714567 17359 }
wolfSSL 7:481bce714567 17360 #endif /* !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA)) */
wolfSSL 7:481bce714567 17361 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 17362 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 17363 /* Fall through to create temp ECC key */
wolfSSL 7:481bce714567 17364 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 17365 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 17366 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 17367 {
wolfSSL 7:481bce714567 17368 /* need ephemeral key now, create it if missing */
wolfSSL 7:481bce714567 17369 if (ssl->eccTempKey == NULL) {
wolfSSL 7:481bce714567 17370 /* alloc/init on demand */
wolfSSL 7:481bce714567 17371 ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 17372 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 17373 if (ssl->eccTempKey == NULL) {
wolfSSL 7:481bce714567 17374 WOLFSSL_MSG("EccTempKey Memory error");
wolfSSL 7:481bce714567 17375 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17376 }
wolfSSL 7:481bce714567 17377 ret = wc_ecc_init_ex(ssl->eccTempKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 17378 if (ret != 0)
wolfSSL 7:481bce714567 17379 goto exit_sske;
wolfSSL 7:481bce714567 17380 }
wolfSSL 7:481bce714567 17381
wolfSSL 7:481bce714567 17382 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 7:481bce714567 17383 /* TODO: Need to first do wc_EccPrivateKeyDecode, then we know curve dp */
wolfSSL 7:481bce714567 17384 ret = EccMakeKey(ssl, ssl->eccTempKey, NULL);
wolfSSL 7:481bce714567 17385 if (ret == 0 || ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 17386 ssl->eccTempKeyPresent = 1;
wolfSSL 7:481bce714567 17387 }
wolfSSL 7:481bce714567 17388 }
wolfSSL 7:481bce714567 17389 break;
wolfSSL 7:481bce714567 17390 }
wolfSSL 7:481bce714567 17391 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 17392 default:
wolfSSL 7:481bce714567 17393 /* Skip ServerKeyExchange */
wolfSSL 7:481bce714567 17394 goto exit_sske;
wolfSSL 7:481bce714567 17395 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 17396
wolfSSL 7:481bce714567 17397 /* Check for error */
wolfSSL 7:481bce714567 17398 if (ret != 0) {
wolfSSL 7:481bce714567 17399 goto exit_sske;
wolfSSL 7:481bce714567 17400 }
wolfSSL 7:481bce714567 17401
wolfSSL 7:481bce714567 17402 /* Advance state and proceed */
wolfSSL 7:481bce714567 17403 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 17404 } /* case KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 17405
wolfSSL 7:481bce714567 17406 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 17407 {
wolfSSL 7:481bce714567 17408 #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 17409 word32 preSigSz, preSigIdx;
wolfSSL 7:481bce714567 17410 #endif
wolfSSL 7:481bce714567 17411
wolfSSL 7:481bce714567 17412 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 17413 {
wolfSSL 7:481bce714567 17414 #ifndef NO_PSK
wolfSSL 7:481bce714567 17415 case psk_kea:
wolfSSL 7:481bce714567 17416 {
wolfSSL 7:481bce714567 17417 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 17418
wolfSSL 7:481bce714567 17419 if (ssl->arrays->server_hint[0] == 0) {
wolfSSL 7:481bce714567 17420 ERROR_OUT(0, exit_sske); /* don't send */
wolfSSL 7:481bce714567 17421 }
wolfSSL 7:481bce714567 17422
wolfSSL 7:481bce714567 17423 /* include size part */
wolfSSL 7:481bce714567 17424 length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 7:481bce714567 17425 if (length > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 17426 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 7:481bce714567 17427 }
wolfSSL 7:481bce714567 17428
wolfSSL 7:481bce714567 17429 length += HINT_LEN_SZ;
wolfSSL 7:481bce714567 17430 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17431
wolfSSL 7:481bce714567 17432 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17433 length += qshSz;
wolfSSL 7:481bce714567 17434 sendSz += qshSz;
wolfSSL 7:481bce714567 17435 #endif
wolfSSL 7:481bce714567 17436
wolfSSL 7:481bce714567 17437 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17438 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17439 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17440 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17441 }
wolfSSL 7:481bce714567 17442 #endif
wolfSSL 7:481bce714567 17443 /* check for available size */
wolfSSL 7:481bce714567 17444 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 17445 goto exit_sske;
wolfSSL 7:481bce714567 17446 }
wolfSSL 7:481bce714567 17447
wolfSSL 7:481bce714567 17448 /* get ouput buffer */
wolfSSL 7:481bce714567 17449 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17450 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17451
wolfSSL 7:481bce714567 17452 AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL 7:481bce714567 17453
wolfSSL 7:481bce714567 17454 /* key data */
wolfSSL 7:481bce714567 17455 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17456 c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx);
wolfSSL 7:481bce714567 17457 #else
wolfSSL 7:481bce714567 17458 c16toa((word16)(length - HINT_LEN_SZ), output + idx);
wolfSSL 7:481bce714567 17459 #endif
wolfSSL 7:481bce714567 17460
wolfSSL 7:481bce714567 17461 idx += HINT_LEN_SZ;
wolfSSL 7:481bce714567 17462 XMEMCPY(output + idx, ssl->arrays->server_hint, length - HINT_LEN_SZ);
wolfSSL 7:481bce714567 17463 break;
wolfSSL 7:481bce714567 17464 }
wolfSSL 7:481bce714567 17465 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 17466 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 17467 case dhe_psk_kea:
wolfSSL 7:481bce714567 17468 {
wolfSSL 7:481bce714567 17469 word32 hintLen;
wolfSSL 7:481bce714567 17470
wolfSSL 7:481bce714567 17471 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 17472 length = LENGTH_SZ * 3 + /* p, g, pub */
wolfSSL 7:481bce714567 17473 ssl->buffers.serverDH_P.length +
wolfSSL 7:481bce714567 17474 ssl->buffers.serverDH_G.length +
wolfSSL 7:481bce714567 17475 ssl->buffers.serverDH_Pub.length;
wolfSSL 7:481bce714567 17476
wolfSSL 7:481bce714567 17477 /* include size part */
wolfSSL 7:481bce714567 17478 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 7:481bce714567 17479 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 17480 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 7:481bce714567 17481 }
wolfSSL 7:481bce714567 17482 length += hintLen + HINT_LEN_SZ;
wolfSSL 7:481bce714567 17483 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17484
wolfSSL 7:481bce714567 17485 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17486 length += qshSz;
wolfSSL 7:481bce714567 17487 sendSz += qshSz;
wolfSSL 7:481bce714567 17488 #endif
wolfSSL 7:481bce714567 17489 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17490 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17491 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17492 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17493 }
wolfSSL 7:481bce714567 17494 #endif
wolfSSL 7:481bce714567 17495
wolfSSL 7:481bce714567 17496 /* check for available size */
wolfSSL 7:481bce714567 17497 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 17498 goto exit_sske;
wolfSSL 7:481bce714567 17499 }
wolfSSL 7:481bce714567 17500
wolfSSL 7:481bce714567 17501 /* get ouput buffer */
wolfSSL 7:481bce714567 17502 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17503 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17504
wolfSSL 7:481bce714567 17505 AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL 7:481bce714567 17506
wolfSSL 7:481bce714567 17507 /* key data */
wolfSSL 7:481bce714567 17508 c16toa((word16)hintLen, output + idx);
wolfSSL 7:481bce714567 17509 idx += HINT_LEN_SZ;
wolfSSL 7:481bce714567 17510 XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen);
wolfSSL 7:481bce714567 17511 idx += hintLen;
wolfSSL 7:481bce714567 17512
wolfSSL 7:481bce714567 17513 /* add p, g, pub */
wolfSSL 7:481bce714567 17514 c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
wolfSSL 7:481bce714567 17515 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17516 XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 17517 ssl->buffers.serverDH_P.length);
wolfSSL 7:481bce714567 17518 idx += ssl->buffers.serverDH_P.length;
wolfSSL 7:481bce714567 17519
wolfSSL 7:481bce714567 17520 /* g */
wolfSSL 7:481bce714567 17521 c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
wolfSSL 7:481bce714567 17522 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17523 XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 17524 ssl->buffers.serverDH_G.length);
wolfSSL 7:481bce714567 17525 idx += ssl->buffers.serverDH_G.length;
wolfSSL 7:481bce714567 17526
wolfSSL 7:481bce714567 17527 /* pub */
wolfSSL 7:481bce714567 17528 c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
wolfSSL 7:481bce714567 17529 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17530 XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
wolfSSL 7:481bce714567 17531 ssl->buffers.serverDH_Pub.length);
wolfSSL 7:481bce714567 17532 /* No need to update idx, since sizes are already set */
wolfSSL 7:481bce714567 17533 /* idx += ssl->buffers.serverDH_Pub.length; */
wolfSSL 7:481bce714567 17534 break;
wolfSSL 7:481bce714567 17535 }
wolfSSL 7:481bce714567 17536 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 7:481bce714567 17537 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 17538 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 17539 {
wolfSSL 7:481bce714567 17540 word32 hintLen;
wolfSSL 7:481bce714567 17541
wolfSSL 7:481bce714567 17542 /* curve type, named curve, length(1) */
wolfSSL 7:481bce714567 17543 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 17544 length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 7:481bce714567 17545
wolfSSL 7:481bce714567 17546 exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 7:481bce714567 17547 exportBuf = (byte*)XMALLOC(exportSz, ssl->heap,
wolfSSL 7:481bce714567 17548 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17549 if (exportBuf == NULL) {
wolfSSL 7:481bce714567 17550 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17551 }
wolfSSL 7:481bce714567 17552 if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &exportSz) != 0) {
wolfSSL 7:481bce714567 17553 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 7:481bce714567 17554 }
wolfSSL 7:481bce714567 17555 length += exportSz;
wolfSSL 7:481bce714567 17556
wolfSSL 7:481bce714567 17557 /* include size part */
wolfSSL 7:481bce714567 17558 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 7:481bce714567 17559 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 17560 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 7:481bce714567 17561 }
wolfSSL 7:481bce714567 17562 length += hintLen + HINT_LEN_SZ;
wolfSSL 7:481bce714567 17563 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17564
wolfSSL 7:481bce714567 17565 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17566 length += qshSz;
wolfSSL 7:481bce714567 17567 sendSz += qshSz;
wolfSSL 7:481bce714567 17568 #endif
wolfSSL 7:481bce714567 17569 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17570 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17571 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17572 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17573 }
wolfSSL 7:481bce714567 17574 #endif
wolfSSL 7:481bce714567 17575 /* check for available size */
wolfSSL 7:481bce714567 17576 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 17577 goto exit_sske;
wolfSSL 7:481bce714567 17578 }
wolfSSL 7:481bce714567 17579
wolfSSL 7:481bce714567 17580 /* get output buffer */
wolfSSL 7:481bce714567 17581 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17582 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17583
wolfSSL 7:481bce714567 17584 /* key data */
wolfSSL 7:481bce714567 17585 c16toa((word16)hintLen, output + idx);
wolfSSL 7:481bce714567 17586 idx += HINT_LEN_SZ;
wolfSSL 7:481bce714567 17587 XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen);
wolfSSL 7:481bce714567 17588 idx += hintLen;
wolfSSL 7:481bce714567 17589
wolfSSL 7:481bce714567 17590 /* ECC key exchange data */
wolfSSL 7:481bce714567 17591 output[idx++] = named_curve;
wolfSSL 7:481bce714567 17592 output[idx++] = 0x00; /* leading zero */
wolfSSL 7:481bce714567 17593 output[idx++] = SetCurveId(ssl->eccTempKey);
wolfSSL 7:481bce714567 17594 output[idx++] = (byte)exportSz;
wolfSSL 7:481bce714567 17595 XMEMCPY(output + idx, exportBuf, exportSz);
wolfSSL 7:481bce714567 17596 break;
wolfSSL 7:481bce714567 17597 }
wolfSSL 7:481bce714567 17598 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 17599 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 17600 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 17601 {
wolfSSL 7:481bce714567 17602 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 7:481bce714567 17603
wolfSSL 7:481bce714567 17604 /* curve type, named curve, length(1) */
wolfSSL 7:481bce714567 17605 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 17606 length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 7:481bce714567 17607
wolfSSL 7:481bce714567 17608 /* Export temp ECC key and add to length */
wolfSSL 7:481bce714567 17609 exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 7:481bce714567 17610 exportBuf = (byte*)XMALLOC(exportSz, ssl->heap,
wolfSSL 7:481bce714567 17611 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17612 if (exportBuf == NULL) {
wolfSSL 7:481bce714567 17613 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17614 }
wolfSSL 7:481bce714567 17615 if (wc_ecc_export_x963(ssl->eccTempKey, exportBuf, &exportSz) != 0) {
wolfSSL 7:481bce714567 17616 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 7:481bce714567 17617 }
wolfSSL 7:481bce714567 17618 length += exportSz;
wolfSSL 7:481bce714567 17619
wolfSSL 7:481bce714567 17620 preSigSz = length;
wolfSSL 7:481bce714567 17621 preSigIdx = idx;
wolfSSL 7:481bce714567 17622
wolfSSL 7:481bce714567 17623 switch(ssl->specs.sig_algo)
wolfSSL 7:481bce714567 17624 {
wolfSSL 7:481bce714567 17625 #ifndef NO_RSA
wolfSSL 7:481bce714567 17626 case rsa_sa_algo:
wolfSSL 7:481bce714567 17627 {
wolfSSL 7:481bce714567 17628 word32 i = 0;
wolfSSL 7:481bce714567 17629 int keySz;
wolfSSL 7:481bce714567 17630
wolfSSL 7:481bce714567 17631 ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap,
wolfSSL 7:481bce714567 17632 DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 17633 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 17634 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17635 }
wolfSSL 7:481bce714567 17636 ssl->sigType = DYNAMIC_TYPE_RSA;
wolfSSL 7:481bce714567 17637
wolfSSL 7:481bce714567 17638 ret = wc_InitRsaKey_ex((RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 17639 ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 17640 if (ret != 0) {
wolfSSL 7:481bce714567 17641 goto exit_sske;
wolfSSL 7:481bce714567 17642 }
wolfSSL 7:481bce714567 17643
wolfSSL 7:481bce714567 17644 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 17645 &i, (RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 17646 ssl->buffers.key->length);
wolfSSL 7:481bce714567 17647 if (ret != 0) {
wolfSSL 7:481bce714567 17648 goto exit_sske;
wolfSSL 7:481bce714567 17649 }
wolfSSL 7:481bce714567 17650 keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 17651 if (keySz < 0) { /* test if keySz has error */
wolfSSL 7:481bce714567 17652 ERROR_OUT(keySz, exit_sske);
wolfSSL 7:481bce714567 17653 }
wolfSSL 7:481bce714567 17654
wolfSSL 7:481bce714567 17655 sigSz = (word32)keySz;
wolfSSL 7:481bce714567 17656 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 17657 WOLFSSL_MSG("RSA signature key size too small");
wolfSSL 7:481bce714567 17658 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 7:481bce714567 17659 }
wolfSSL 7:481bce714567 17660 break;
wolfSSL 7:481bce714567 17661 }
wolfSSL 7:481bce714567 17662 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 17663 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 17664 {
wolfSSL 7:481bce714567 17665 word32 i = 0;
wolfSSL 7:481bce714567 17666 ssl->sigKey = XMALLOC(sizeof(ecc_key),
wolfSSL 7:481bce714567 17667 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 17668 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 17669 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17670 }
wolfSSL 7:481bce714567 17671 ssl->sigType = DYNAMIC_TYPE_ECC;
wolfSSL 7:481bce714567 17672
wolfSSL 7:481bce714567 17673 ret = wc_ecc_init_ex((ecc_key*)ssl->sigKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 17674 if (ret != 0)
wolfSSL 7:481bce714567 17675 goto exit_sske;
wolfSSL 7:481bce714567 17676
wolfSSL 7:481bce714567 17677 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 17678 &i, (ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 17679 ssl->buffers.key->length);
wolfSSL 7:481bce714567 17680 if (ret != 0) {
wolfSSL 7:481bce714567 17681 goto exit_sske;
wolfSSL 7:481bce714567 17682 }
wolfSSL 7:481bce714567 17683 sigSz = wc_ecc_sig_size((ecc_key*)ssl->sigKey); /* worst case estimate */
wolfSSL 7:481bce714567 17684
wolfSSL 7:481bce714567 17685 /* check the minimum ECC key size */
wolfSSL 7:481bce714567 17686 if (wc_ecc_size((ecc_key*)ssl->sigKey) <
wolfSSL 7:481bce714567 17687 ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 17688 WOLFSSL_MSG("ECC key size too small");
wolfSSL 7:481bce714567 17689 ret = ECC_KEY_SIZE_E;
wolfSSL 7:481bce714567 17690 goto exit_sske;
wolfSSL 7:481bce714567 17691 }
wolfSSL 7:481bce714567 17692 break;
wolfSSL 7:481bce714567 17693 }
wolfSSL 7:481bce714567 17694 default:
wolfSSL 7:481bce714567 17695 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 7:481bce714567 17696 } /* switch(ssl->specs.sig_algo) */
wolfSSL 7:481bce714567 17697
wolfSSL 7:481bce714567 17698 /* sig length */
wolfSSL 7:481bce714567 17699 length += LENGTH_SZ;
wolfSSL 7:481bce714567 17700 length += sigSz;
wolfSSL 7:481bce714567 17701
wolfSSL 7:481bce714567 17702 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 17703 length += HASH_SIG_SIZE;
wolfSSL 7:481bce714567 17704 }
wolfSSL 7:481bce714567 17705
wolfSSL 7:481bce714567 17706 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17707
wolfSSL 7:481bce714567 17708 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17709 length += qshSz;
wolfSSL 7:481bce714567 17710 sendSz += qshSz;
wolfSSL 7:481bce714567 17711 #endif
wolfSSL 7:481bce714567 17712 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17713 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17714 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17715 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17716 preSigIdx = idx;
wolfSSL 7:481bce714567 17717 }
wolfSSL 7:481bce714567 17718 #endif
wolfSSL 7:481bce714567 17719 /* check for available size */
wolfSSL 7:481bce714567 17720 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 17721 goto exit_sske;
wolfSSL 7:481bce714567 17722 }
wolfSSL 7:481bce714567 17723
wolfSSL 7:481bce714567 17724 /* get ouput buffer */
wolfSSL 7:481bce714567 17725 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17726 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17727
wolfSSL 7:481bce714567 17728 /* record and message headers will be added below, when we're sure
wolfSSL 7:481bce714567 17729 of the sig length */
wolfSSL 7:481bce714567 17730
wolfSSL 7:481bce714567 17731 /* key exchange data */
wolfSSL 7:481bce714567 17732 output[idx++] = named_curve;
wolfSSL 7:481bce714567 17733 output[idx++] = 0x00; /* leading zero */
wolfSSL 7:481bce714567 17734 output[idx++] = SetCurveId(ssl->eccTempKey);
wolfSSL 7:481bce714567 17735 output[idx++] = (byte)exportSz;
wolfSSL 7:481bce714567 17736 XMEMCPY(output + idx, exportBuf, exportSz);
wolfSSL 7:481bce714567 17737 idx += exportSz;
wolfSSL 7:481bce714567 17738
wolfSSL 7:481bce714567 17739 /* Determine hash type */
wolfSSL 7:481bce714567 17740 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 17741 output[idx++] = ssl->suites->hashAlgo;
wolfSSL 7:481bce714567 17742 output[idx++] = ssl->suites->sigAlgo;
wolfSSL 7:481bce714567 17743
wolfSSL 7:481bce714567 17744 switch (ssl->suites->hashAlgo) {
wolfSSL 7:481bce714567 17745 case sha512_mac:
wolfSSL 7:481bce714567 17746 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 17747 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 7:481bce714567 17748 #endif
wolfSSL 7:481bce714567 17749 break;
wolfSSL 7:481bce714567 17750 case sha384_mac:
wolfSSL 7:481bce714567 17751 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 17752 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 7:481bce714567 17753 #endif
wolfSSL 7:481bce714567 17754 break;
wolfSSL 7:481bce714567 17755 case sha256_mac:
wolfSSL 7:481bce714567 17756 #ifndef NO_SHA256
wolfSSL 7:481bce714567 17757 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 7:481bce714567 17758 #endif
wolfSSL 7:481bce714567 17759 break;
wolfSSL 7:481bce714567 17760 case sha_mac:
wolfSSL 7:481bce714567 17761 #if !defined(NO_SHA) && \
wolfSSL 7:481bce714567 17762 (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 17763 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 17764 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 17765 #endif
wolfSSL 7:481bce714567 17766 break;
wolfSSL 7:481bce714567 17767 default:
wolfSSL 7:481bce714567 17768 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 7:481bce714567 17769 break;
wolfSSL 7:481bce714567 17770 }
wolfSSL 7:481bce714567 17771
wolfSSL 7:481bce714567 17772 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 7:481bce714567 17773 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 7:481bce714567 17774 }
wolfSSL 7:481bce714567 17775
wolfSSL 7:481bce714567 17776 } else {
wolfSSL 7:481bce714567 17777 /* only using sha and md5 for rsa */
wolfSSL 7:481bce714567 17778 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 17779 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 17780 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 7:481bce714567 17781 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 7:481bce714567 17782 }
wolfSSL 7:481bce714567 17783 #else
wolfSSL 7:481bce714567 17784 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 7:481bce714567 17785 #endif
wolfSSL 7:481bce714567 17786 }
wolfSSL 7:481bce714567 17787
wolfSSL 7:481bce714567 17788 /* Signtaure length will be written later, when we're sure what it is */
wolfSSL 7:481bce714567 17789
wolfSSL 7:481bce714567 17790 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 17791 if (ssl->fuzzerCb) {
wolfSSL 7:481bce714567 17792 ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz,
wolfSSL 7:481bce714567 17793 FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 17794 }
wolfSSL 7:481bce714567 17795 #endif
wolfSSL 7:481bce714567 17796
wolfSSL 7:481bce714567 17797 /* Assemble buffer to hash for signature */
wolfSSL 7:481bce714567 17798 sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 7:481bce714567 17799 sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
wolfSSL 7:481bce714567 17800 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17801 if (sigDataBuf == NULL) {
wolfSSL 7:481bce714567 17802 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17803 }
wolfSSL 7:481bce714567 17804 XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 7:481bce714567 17805 XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 7:481bce714567 17806 XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz);
wolfSSL 7:481bce714567 17807
wolfSSL 7:481bce714567 17808 ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
wolfSSL 7:481bce714567 17809 ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
wolfSSL 7:481bce714567 17810 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17811 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 17812 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17813 }
wolfSSL 7:481bce714567 17814
wolfSSL 7:481bce714567 17815 /* Perform hash */
wolfSSL 7:481bce714567 17816 ret = wc_Hash(hashType, sigDataBuf, sigDataSz,
wolfSSL 7:481bce714567 17817 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 7:481bce714567 17818 if (ret != 0) {
wolfSSL 7:481bce714567 17819 goto exit_sske;
wolfSSL 7:481bce714567 17820 }
wolfSSL 7:481bce714567 17821
wolfSSL 7:481bce714567 17822 ssl->sigLen = sigSz;
wolfSSL 7:481bce714567 17823
wolfSSL 7:481bce714567 17824 /* Sign hash to create signature */
wolfSSL 7:481bce714567 17825 switch (ssl->specs.sig_algo)
wolfSSL 7:481bce714567 17826 {
wolfSSL 7:481bce714567 17827 #ifndef NO_RSA
wolfSSL 7:481bce714567 17828 case rsa_sa_algo:
wolfSSL 7:481bce714567 17829 {
wolfSSL 7:481bce714567 17830 /* For TLS 1.2 re-encode signature */
wolfSSL 7:481bce714567 17831 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 17832 int typeH = 0;
wolfSSL 7:481bce714567 17833 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 7:481bce714567 17834 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 7:481bce714567 17835 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17836 if (encodedSig == NULL) {
wolfSSL 7:481bce714567 17837 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17838 }
wolfSSL 7:481bce714567 17839
wolfSSL 7:481bce714567 17840 switch (ssl->suites->hashAlgo) {
wolfSSL 7:481bce714567 17841 case sha512_mac:
wolfSSL 7:481bce714567 17842 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 17843 typeH = SHA512h;
wolfSSL 7:481bce714567 17844 #endif
wolfSSL 7:481bce714567 17845 break;
wolfSSL 7:481bce714567 17846 case sha384_mac:
wolfSSL 7:481bce714567 17847 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 17848 typeH = SHA384h;
wolfSSL 7:481bce714567 17849 #endif
wolfSSL 7:481bce714567 17850 break;
wolfSSL 7:481bce714567 17851 case sha256_mac:
wolfSSL 7:481bce714567 17852 #ifndef NO_SHA256
wolfSSL 7:481bce714567 17853 typeH = SHA256h;
wolfSSL 7:481bce714567 17854 #endif
wolfSSL 7:481bce714567 17855 break;
wolfSSL 7:481bce714567 17856 case sha_mac:
wolfSSL 7:481bce714567 17857 #if !defined(NO_SHA) && \
wolfSSL 7:481bce714567 17858 (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 17859 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 17860 typeH = SHAh;
wolfSSL 7:481bce714567 17861 #endif
wolfSSL 7:481bce714567 17862 break;
wolfSSL 7:481bce714567 17863 default:
wolfSSL 7:481bce714567 17864 break;
wolfSSL 7:481bce714567 17865 }
wolfSSL 7:481bce714567 17866
wolfSSL 7:481bce714567 17867 ssl->buffers.sig.length = wc_EncodeSignature(encodedSig,
wolfSSL 7:481bce714567 17868 ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
wolfSSL 7:481bce714567 17869
wolfSSL 7:481bce714567 17870 /* Replace sig buffer with new one */
wolfSSL 7:481bce714567 17871 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 7:481bce714567 17872 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 17873 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 7:481bce714567 17874 }
wolfSSL 7:481bce714567 17875
wolfSSL 7:481bce714567 17876 /* write sig size here */
wolfSSL 7:481bce714567 17877 c16toa((word16)ssl->sigLen, output + idx);
wolfSSL 7:481bce714567 17878 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17879 break;
wolfSSL 7:481bce714567 17880 }
wolfSSL 7:481bce714567 17881 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 17882 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 17883 {
wolfSSL 7:481bce714567 17884 break;
wolfSSL 7:481bce714567 17885 }
wolfSSL 7:481bce714567 17886 } /* switch(ssl->specs.sig_algo) */
wolfSSL 7:481bce714567 17887 break;
wolfSSL 7:481bce714567 17888 }
wolfSSL 7:481bce714567 17889 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 17890 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 7:481bce714567 17891 case diffie_hellman_kea:
wolfSSL 7:481bce714567 17892 {
wolfSSL 7:481bce714567 17893 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 7:481bce714567 17894
wolfSSL 7:481bce714567 17895 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 17896 length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL 7:481bce714567 17897 length += ssl->buffers.serverDH_P.length +
wolfSSL 7:481bce714567 17898 ssl->buffers.serverDH_G.length +
wolfSSL 7:481bce714567 17899 ssl->buffers.serverDH_Pub.length;
wolfSSL 7:481bce714567 17900
wolfSSL 7:481bce714567 17901 preSigIdx = idx;
wolfSSL 7:481bce714567 17902 preSigSz = length;
wolfSSL 7:481bce714567 17903
wolfSSL 7:481bce714567 17904 if (!ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 17905 word32 i = 0;
wolfSSL 7:481bce714567 17906 int keySz;
wolfSSL 7:481bce714567 17907
wolfSSL 7:481bce714567 17908 ssl->sigKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap,
wolfSSL 7:481bce714567 17909 DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 17910 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 17911 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 17912 }
wolfSSL 7:481bce714567 17913 ssl->sigType = DYNAMIC_TYPE_RSA;
wolfSSL 7:481bce714567 17914
wolfSSL 7:481bce714567 17915 ret = wc_InitRsaKey_ex((RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 17916 ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 17917 if (ret != 0) {
wolfSSL 7:481bce714567 17918 goto exit_sske;
wolfSSL 7:481bce714567 17919 }
wolfSSL 7:481bce714567 17920
wolfSSL 7:481bce714567 17921 /* sig length */
wolfSSL 7:481bce714567 17922 length += LENGTH_SZ;
wolfSSL 7:481bce714567 17923
wolfSSL 7:481bce714567 17924 if (!ssl->buffers.key->buffer) {
wolfSSL 7:481bce714567 17925 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 7:481bce714567 17926 }
wolfSSL 7:481bce714567 17927
wolfSSL 7:481bce714567 17928 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &i,
wolfSSL 7:481bce714567 17929 (RsaKey*)ssl->sigKey, ssl->buffers.key->length);
wolfSSL 7:481bce714567 17930 if (ret != 0) {
wolfSSL 7:481bce714567 17931 goto exit_sske;
wolfSSL 7:481bce714567 17932 }
wolfSSL 7:481bce714567 17933 keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 17934 if (keySz < 0) { /* test if keySz has error */
wolfSSL 7:481bce714567 17935 ERROR_OUT(keySz, exit_sske);
wolfSSL 7:481bce714567 17936 }
wolfSSL 7:481bce714567 17937 sigSz = (word32)keySz;
wolfSSL 7:481bce714567 17938 length += sigSz;
wolfSSL 7:481bce714567 17939
wolfSSL 7:481bce714567 17940 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 17941 WOLFSSL_MSG("RSA key size too small");
wolfSSL 7:481bce714567 17942 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 7:481bce714567 17943 }
wolfSSL 7:481bce714567 17944
wolfSSL 7:481bce714567 17945 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 17946 length += HASH_SIG_SIZE;
wolfSSL 7:481bce714567 17947 }
wolfSSL 7:481bce714567 17948 }
wolfSSL 7:481bce714567 17949
wolfSSL 7:481bce714567 17950 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 17951
wolfSSL 7:481bce714567 17952 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 17953 length += qshSz;
wolfSSL 7:481bce714567 17954 sendSz += qshSz;
wolfSSL 7:481bce714567 17955 #endif
wolfSSL 7:481bce714567 17956 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 17957 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 17958 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17959 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 17960 preSigIdx = idx;
wolfSSL 7:481bce714567 17961 }
wolfSSL 7:481bce714567 17962 #endif
wolfSSL 7:481bce714567 17963
wolfSSL 7:481bce714567 17964 /* check for available size */
wolfSSL 7:481bce714567 17965 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL 7:481bce714567 17966 goto exit_sske;
wolfSSL 7:481bce714567 17967 }
wolfSSL 7:481bce714567 17968
wolfSSL 7:481bce714567 17969 /* get ouput buffer */
wolfSSL 7:481bce714567 17970 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 17971 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 17972
wolfSSL 7:481bce714567 17973 AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL 7:481bce714567 17974
wolfSSL 7:481bce714567 17975 /* add p, g, pub */
wolfSSL 7:481bce714567 17976 c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
wolfSSL 7:481bce714567 17977 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17978 XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 17979 ssl->buffers.serverDH_P.length);
wolfSSL 7:481bce714567 17980 idx += ssl->buffers.serverDH_P.length;
wolfSSL 7:481bce714567 17981
wolfSSL 7:481bce714567 17982 /* g */
wolfSSL 7:481bce714567 17983 c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
wolfSSL 7:481bce714567 17984 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17985 XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 17986 ssl->buffers.serverDH_G.length);
wolfSSL 7:481bce714567 17987 idx += ssl->buffers.serverDH_G.length;
wolfSSL 7:481bce714567 17988
wolfSSL 7:481bce714567 17989 /* pub */
wolfSSL 7:481bce714567 17990 c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
wolfSSL 7:481bce714567 17991 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 17992 XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
wolfSSL 7:481bce714567 17993 ssl->buffers.serverDH_Pub.length);
wolfSSL 7:481bce714567 17994 idx += ssl->buffers.serverDH_Pub.length;
wolfSSL 7:481bce714567 17995
wolfSSL 7:481bce714567 17996 #ifdef HAVE_FUZZER
wolfSSL 7:481bce714567 17997 if (ssl->fuzzerCb) {
wolfSSL 7:481bce714567 17998 ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz,
wolfSSL 7:481bce714567 17999 FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 7:481bce714567 18000 }
wolfSSL 7:481bce714567 18001 #endif
wolfSSL 7:481bce714567 18002
wolfSSL 7:481bce714567 18003 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 18004 break;
wolfSSL 7:481bce714567 18005 }
wolfSSL 7:481bce714567 18006
wolfSSL 7:481bce714567 18007 /* Determine hash type */
wolfSSL 7:481bce714567 18008 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 18009 output[idx++] = ssl->suites->hashAlgo;
wolfSSL 7:481bce714567 18010 output[idx++] = ssl->suites->sigAlgo;
wolfSSL 7:481bce714567 18011
wolfSSL 7:481bce714567 18012 switch (ssl->suites->hashAlgo) {
wolfSSL 7:481bce714567 18013 case sha512_mac:
wolfSSL 7:481bce714567 18014 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 18015 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 7:481bce714567 18016 #endif
wolfSSL 7:481bce714567 18017 break;
wolfSSL 7:481bce714567 18018 case sha384_mac:
wolfSSL 7:481bce714567 18019 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 18020 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 7:481bce714567 18021 #endif
wolfSSL 7:481bce714567 18022 break;
wolfSSL 7:481bce714567 18023 case sha256_mac:
wolfSSL 7:481bce714567 18024 #ifndef NO_SHA256
wolfSSL 7:481bce714567 18025 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 7:481bce714567 18026 #endif
wolfSSL 7:481bce714567 18027 break;
wolfSSL 7:481bce714567 18028 case sha_mac:
wolfSSL 7:481bce714567 18029 #if !defined(NO_SHA) && \
wolfSSL 7:481bce714567 18030 (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 18031 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 18032 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 18033 #endif
wolfSSL 7:481bce714567 18034 break;
wolfSSL 7:481bce714567 18035 default:
wolfSSL 7:481bce714567 18036 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 7:481bce714567 18037 break;
wolfSSL 7:481bce714567 18038 }
wolfSSL 7:481bce714567 18039
wolfSSL 7:481bce714567 18040 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 7:481bce714567 18041 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 7:481bce714567 18042 }
wolfSSL 7:481bce714567 18043 } else {
wolfSSL 7:481bce714567 18044 /* only using sha and md5 for rsa */
wolfSSL 7:481bce714567 18045 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 18046 hashType = WC_HASH_TYPE_SHA;
wolfSSL 7:481bce714567 18047 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 7:481bce714567 18048 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 7:481bce714567 18049 }
wolfSSL 7:481bce714567 18050 #else
wolfSSL 7:481bce714567 18051 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 7:481bce714567 18052 #endif
wolfSSL 7:481bce714567 18053 }
wolfSSL 7:481bce714567 18054
wolfSSL 7:481bce714567 18055 /* signature size */
wolfSSL 7:481bce714567 18056 c16toa((word16)sigSz, output + idx);
wolfSSL 7:481bce714567 18057 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 18058
wolfSSL 7:481bce714567 18059 /* Assemble buffer to hash for signature */
wolfSSL 7:481bce714567 18060 sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 7:481bce714567 18061 sigDataBuf = (byte*)XMALLOC(sigDataSz, ssl->heap,
wolfSSL 7:481bce714567 18062 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18063 if (sigDataBuf == NULL) {
wolfSSL 7:481bce714567 18064 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18065 }
wolfSSL 7:481bce714567 18066 XMEMCPY(sigDataBuf, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 7:481bce714567 18067 XMEMCPY(sigDataBuf+RAN_LEN, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 7:481bce714567 18068 XMEMCPY(sigDataBuf+RAN_LEN+RAN_LEN, output + preSigIdx, preSigSz);
wolfSSL 7:481bce714567 18069
wolfSSL 7:481bce714567 18070 ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
wolfSSL 7:481bce714567 18071 ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL 7:481bce714567 18072 ssl->buffers.sig.length, ssl->heap,
wolfSSL 7:481bce714567 18073 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18074 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 7:481bce714567 18075 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18076 }
wolfSSL 7:481bce714567 18077
wolfSSL 7:481bce714567 18078 /* Perform hash */
wolfSSL 7:481bce714567 18079 ret = wc_Hash(hashType, sigDataBuf, sigDataSz,
wolfSSL 7:481bce714567 18080 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 7:481bce714567 18081 if (ret != 0) {
wolfSSL 7:481bce714567 18082 goto exit_sske;
wolfSSL 7:481bce714567 18083 }
wolfSSL 7:481bce714567 18084
wolfSSL 7:481bce714567 18085 ssl->sigLen = sigSz;
wolfSSL 7:481bce714567 18086
wolfSSL 7:481bce714567 18087 /* Sign hash to create signature */
wolfSSL 7:481bce714567 18088 switch (ssl->suites->sigAlgo)
wolfSSL 7:481bce714567 18089 {
wolfSSL 7:481bce714567 18090 #ifndef NO_RSA
wolfSSL 7:481bce714567 18091 case rsa_sa_algo:
wolfSSL 7:481bce714567 18092 {
wolfSSL 7:481bce714567 18093 /* For TLS 1.2 re-encode signature */
wolfSSL 7:481bce714567 18094 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 18095 int typeH = 0;
wolfSSL 7:481bce714567 18096 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 7:481bce714567 18097 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 7:481bce714567 18098 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18099 if (encodedSig == NULL) {
wolfSSL 7:481bce714567 18100 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18101 }
wolfSSL 7:481bce714567 18102
wolfSSL 7:481bce714567 18103 switch (ssl->suites->hashAlgo) {
wolfSSL 7:481bce714567 18104 case sha512_mac:
wolfSSL 7:481bce714567 18105 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 18106 typeH = SHA512h;
wolfSSL 7:481bce714567 18107 #endif
wolfSSL 7:481bce714567 18108 break;
wolfSSL 7:481bce714567 18109 case sha384_mac:
wolfSSL 7:481bce714567 18110 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 18111 typeH = SHA384h;
wolfSSL 7:481bce714567 18112 #endif
wolfSSL 7:481bce714567 18113 break;
wolfSSL 7:481bce714567 18114 case sha256_mac:
wolfSSL 7:481bce714567 18115 #ifndef NO_SHA256
wolfSSL 7:481bce714567 18116 typeH = SHA256h;
wolfSSL 7:481bce714567 18117 #endif
wolfSSL 7:481bce714567 18118 break;
wolfSSL 7:481bce714567 18119 case sha_mac:
wolfSSL 7:481bce714567 18120 #if !defined(NO_SHA) && \
wolfSSL 7:481bce714567 18121 (!defined(NO_OLD_TLS) || \
wolfSSL 7:481bce714567 18122 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 7:481bce714567 18123 typeH = SHAh;
wolfSSL 7:481bce714567 18124 #endif
wolfSSL 7:481bce714567 18125 break;
wolfSSL 7:481bce714567 18126 default:
wolfSSL 7:481bce714567 18127 break;
wolfSSL 7:481bce714567 18128 }
wolfSSL 7:481bce714567 18129
wolfSSL 7:481bce714567 18130 ssl->buffers.sig.length = wc_EncodeSignature(encodedSig,
wolfSSL 7:481bce714567 18131 ssl->buffers.sig.buffer, ssl->buffers.sig.length, typeH);
wolfSSL 7:481bce714567 18132
wolfSSL 7:481bce714567 18133 /* Replace sig buffer with new one */
wolfSSL 7:481bce714567 18134 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 7:481bce714567 18135 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18136 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 7:481bce714567 18137 }
wolfSSL 7:481bce714567 18138 break;
wolfSSL 7:481bce714567 18139 }
wolfSSL 7:481bce714567 18140 #endif /* NO_RSA */
wolfSSL 7:481bce714567 18141 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 7:481bce714567 18142 break;
wolfSSL 7:481bce714567 18143 }
wolfSSL 7:481bce714567 18144 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 7:481bce714567 18145 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 18146
wolfSSL 7:481bce714567 18147 /* Check for error */
wolfSSL 7:481bce714567 18148 if (ret != 0) {
wolfSSL 7:481bce714567 18149 goto exit_sske;
wolfSSL 7:481bce714567 18150 }
wolfSSL 7:481bce714567 18151
wolfSSL 7:481bce714567 18152 /* Advance state and proceed */
wolfSSL 7:481bce714567 18153 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 18154 } /* case KEYSHARE_BUILD */
wolfSSL 7:481bce714567 18155
wolfSSL 7:481bce714567 18156 case KEYSHARE_DO:
wolfSSL 7:481bce714567 18157 {
wolfSSL 7:481bce714567 18158 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 18159 {
wolfSSL 7:481bce714567 18160 #ifndef NO_PSK
wolfSSL 7:481bce714567 18161 case psk_kea:
wolfSSL 7:481bce714567 18162 {
wolfSSL 7:481bce714567 18163 break;
wolfSSL 7:481bce714567 18164 }
wolfSSL 7:481bce714567 18165 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 18166 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 18167 case dhe_psk_kea:
wolfSSL 7:481bce714567 18168 {
wolfSSL 7:481bce714567 18169 break;
wolfSSL 7:481bce714567 18170 }
wolfSSL 7:481bce714567 18171 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 7:481bce714567 18172 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 18173 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 18174 {
wolfSSL 7:481bce714567 18175 break;
wolfSSL 7:481bce714567 18176 }
wolfSSL 7:481bce714567 18177 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 18178 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 18179 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 18180 {
wolfSSL 7:481bce714567 18181 /* Sign hash to create signature */
wolfSSL 7:481bce714567 18182 switch (ssl->specs.sig_algo)
wolfSSL 7:481bce714567 18183 {
wolfSSL 7:481bce714567 18184 #ifndef NO_RSA
wolfSSL 7:481bce714567 18185 case rsa_sa_algo:
wolfSSL 7:481bce714567 18186 {
wolfSSL 7:481bce714567 18187 ret = RsaSign(ssl,
wolfSSL 7:481bce714567 18188 ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 18189 ssl->buffers.sig.length,
wolfSSL 7:481bce714567 18190 output + idx,
wolfSSL 7:481bce714567 18191 &ssl->sigLen,
wolfSSL 7:481bce714567 18192 (RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 18193 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 18194 ssl->buffers.key->length,
wolfSSL 7:481bce714567 18195 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 18196 ssl->RsaSignCtx
wolfSSL 7:481bce714567 18197 #else
wolfSSL 7:481bce714567 18198 NULL
wolfSSL 7:481bce714567 18199 #endif
wolfSSL 7:481bce714567 18200 );
wolfSSL 7:481bce714567 18201 break;
wolfSSL 7:481bce714567 18202 }
wolfSSL 7:481bce714567 18203 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 18204 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 18205 {
wolfSSL 7:481bce714567 18206 ret = EccSign(ssl,
wolfSSL 7:481bce714567 18207 ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 18208 ssl->buffers.sig.length,
wolfSSL 7:481bce714567 18209 output + LENGTH_SZ + idx,
wolfSSL 7:481bce714567 18210 &ssl->sigLen,
wolfSSL 7:481bce714567 18211 (ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 18212 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 18213 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 18214 ssl->buffers.key->length,
wolfSSL 7:481bce714567 18215 ssl->EccSignCtx
wolfSSL 7:481bce714567 18216 #else
wolfSSL 7:481bce714567 18217 NULL, 0, NULL
wolfSSL 7:481bce714567 18218 #endif
wolfSSL 7:481bce714567 18219 );
wolfSSL 7:481bce714567 18220 break;
wolfSSL 7:481bce714567 18221 }
wolfSSL 7:481bce714567 18222 } /* switch(ssl->specs.sig_algo) */
wolfSSL 7:481bce714567 18223 break;
wolfSSL 7:481bce714567 18224 }
wolfSSL 7:481bce714567 18225 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 18226 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 7:481bce714567 18227 case diffie_hellman_kea:
wolfSSL 7:481bce714567 18228 {
wolfSSL 7:481bce714567 18229 /* Sign hash to create signature */
wolfSSL 7:481bce714567 18230 switch (ssl->suites->sigAlgo)
wolfSSL 7:481bce714567 18231 {
wolfSSL 7:481bce714567 18232 #ifndef NO_RSA
wolfSSL 7:481bce714567 18233 case rsa_sa_algo:
wolfSSL 7:481bce714567 18234 {
wolfSSL 7:481bce714567 18235 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 18236 break;
wolfSSL 7:481bce714567 18237 }
wolfSSL 7:481bce714567 18238
wolfSSL 7:481bce714567 18239 ret = RsaSign(ssl,
wolfSSL 7:481bce714567 18240 ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 18241 ssl->buffers.sig.length,
wolfSSL 7:481bce714567 18242 output + idx,
wolfSSL 7:481bce714567 18243 &ssl->sigLen,
wolfSSL 7:481bce714567 18244 (RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 18245 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 18246 ssl->buffers.key->length,
wolfSSL 7:481bce714567 18247 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 18248 ssl->RsaSignCtx
wolfSSL 7:481bce714567 18249 #else
wolfSSL 7:481bce714567 18250 NULL
wolfSSL 7:481bce714567 18251 #endif
wolfSSL 7:481bce714567 18252 );
wolfSSL 7:481bce714567 18253 break;
wolfSSL 7:481bce714567 18254 }
wolfSSL 7:481bce714567 18255 #endif /* NO_RSA */
wolfSSL 7:481bce714567 18256 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 7:481bce714567 18257
wolfSSL 7:481bce714567 18258 break;
wolfSSL 7:481bce714567 18259 }
wolfSSL 7:481bce714567 18260 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 7:481bce714567 18261 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 18262
wolfSSL 7:481bce714567 18263 /* Check for error */
wolfSSL 7:481bce714567 18264 if (ret != 0) {
wolfSSL 7:481bce714567 18265 goto exit_sske;
wolfSSL 7:481bce714567 18266 }
wolfSSL 7:481bce714567 18267
wolfSSL 7:481bce714567 18268 /* Advance state and proceed */
wolfSSL 7:481bce714567 18269 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 18270 } /* case KEYSHARE_DO */
wolfSSL 7:481bce714567 18271
wolfSSL 7:481bce714567 18272 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 18273 {
wolfSSL 7:481bce714567 18274 switch(ssl->specs.kea)
wolfSSL 7:481bce714567 18275 {
wolfSSL 7:481bce714567 18276 #ifndef NO_PSK
wolfSSL 7:481bce714567 18277 case psk_kea:
wolfSSL 7:481bce714567 18278 {
wolfSSL 7:481bce714567 18279 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 18280 break;
wolfSSL 7:481bce714567 18281 }
wolfSSL 7:481bce714567 18282 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 18283 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 18284 case dhe_psk_kea:
wolfSSL 7:481bce714567 18285 {
wolfSSL 7:481bce714567 18286 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 18287 break;
wolfSSL 7:481bce714567 18288 }
wolfSSL 7:481bce714567 18289 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 7:481bce714567 18290 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 18291 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 18292 {
wolfSSL 7:481bce714567 18293 /* Nothing to do in this sub-state */
wolfSSL 7:481bce714567 18294 break;
wolfSSL 7:481bce714567 18295 }
wolfSSL 7:481bce714567 18296 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 18297 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 18298 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 18299 {
wolfSSL 7:481bce714567 18300 switch(ssl->specs.sig_algo)
wolfSSL 7:481bce714567 18301 {
wolfSSL 7:481bce714567 18302 #ifndef NO_RSA
wolfSSL 7:481bce714567 18303 case rsa_sa_algo:
wolfSSL 7:481bce714567 18304 {
wolfSSL 7:481bce714567 18305 if (verifySig == NULL) {
wolfSSL 7:481bce714567 18306 if (ssl->sigLen == 0) {
wolfSSL 7:481bce714567 18307 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 7:481bce714567 18308 }
wolfSSL 7:481bce714567 18309 verifySig = (byte*)XMALLOC(ssl->sigLen, ssl->heap,
wolfSSL 7:481bce714567 18310 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18311 if (!verifySig) {
wolfSSL 7:481bce714567 18312 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18313 }
wolfSSL 7:481bce714567 18314 XMEMCPY(verifySig, output + idx, ssl->sigLen);
wolfSSL 7:481bce714567 18315 }
wolfSSL 7:481bce714567 18316
wolfSSL 7:481bce714567 18317 /* check for signature faults */
wolfSSL 7:481bce714567 18318 ret = VerifyRsaSign(ssl,
wolfSSL 7:481bce714567 18319 verifySig, ssl->sigLen,
wolfSSL 7:481bce714567 18320 ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 18321 ssl->buffers.sig.length,
wolfSSL 7:481bce714567 18322 (RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 18323 break;
wolfSSL 7:481bce714567 18324 }
wolfSSL 7:481bce714567 18325 #endif
wolfSSL 7:481bce714567 18326 case ecc_dsa_sa_algo:
wolfSSL 7:481bce714567 18327 {
wolfSSL 7:481bce714567 18328 /* Now that we know the real sig size, write it. */
wolfSSL 7:481bce714567 18329 c16toa((word16)ssl->sigLen, output + idx);
wolfSSL 7:481bce714567 18330
wolfSSL 7:481bce714567 18331 /* And adjust length and sendSz from estimates */
wolfSSL 7:481bce714567 18332 length += ssl->sigLen - sigSz;
wolfSSL 7:481bce714567 18333 sendSz += ssl->sigLen - sigSz;
wolfSSL 7:481bce714567 18334 break;
wolfSSL 7:481bce714567 18335 }
wolfSSL 7:481bce714567 18336 default:
wolfSSL 7:481bce714567 18337 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 7:481bce714567 18338 } /* switch(ssl->specs.sig_algo) */
wolfSSL 7:481bce714567 18339 break;
wolfSSL 7:481bce714567 18340 }
wolfSSL 7:481bce714567 18341 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 18342 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 7:481bce714567 18343 case diffie_hellman_kea:
wolfSSL 7:481bce714567 18344 {
wolfSSL 7:481bce714567 18345 switch (ssl->suites->sigAlgo)
wolfSSL 7:481bce714567 18346 {
wolfSSL 7:481bce714567 18347 #ifndef NO_RSA
wolfSSL 7:481bce714567 18348 case rsa_sa_algo:
wolfSSL 7:481bce714567 18349 {
wolfSSL 7:481bce714567 18350 if (ssl->options.usingAnon_cipher) {
wolfSSL 7:481bce714567 18351 break;
wolfSSL 7:481bce714567 18352 }
wolfSSL 7:481bce714567 18353
wolfSSL 7:481bce714567 18354 if (verifySig == NULL) {
wolfSSL 7:481bce714567 18355 if (ssl->sigLen == 0) {
wolfSSL 7:481bce714567 18356 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 7:481bce714567 18357 }
wolfSSL 7:481bce714567 18358 verifySig = (byte*)XMALLOC(ssl->sigLen, ssl->heap,
wolfSSL 7:481bce714567 18359 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18360 if (!verifySig) {
wolfSSL 7:481bce714567 18361 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18362 }
wolfSSL 7:481bce714567 18363 XMEMCPY(verifySig, output + idx, ssl->sigLen);
wolfSSL 7:481bce714567 18364 }
wolfSSL 7:481bce714567 18365
wolfSSL 7:481bce714567 18366 /* check for signature faults */
wolfSSL 7:481bce714567 18367 ret = VerifyRsaSign(ssl,
wolfSSL 7:481bce714567 18368 verifySig, ssl->sigLen,
wolfSSL 7:481bce714567 18369 ssl->buffers.sig.buffer,
wolfSSL 7:481bce714567 18370 ssl->buffers.sig.length,
wolfSSL 7:481bce714567 18371 (RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 18372 break;
wolfSSL 7:481bce714567 18373 }
wolfSSL 7:481bce714567 18374 #endif
wolfSSL 7:481bce714567 18375 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 7:481bce714567 18376 break;
wolfSSL 7:481bce714567 18377 }
wolfSSL 7:481bce714567 18378 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 7:481bce714567 18379 } /* switch(ssl->specs.kea) */
wolfSSL 7:481bce714567 18380
wolfSSL 7:481bce714567 18381 /* Check for error */
wolfSSL 7:481bce714567 18382 if (ret != 0) {
wolfSSL 7:481bce714567 18383 goto exit_sske;
wolfSSL 7:481bce714567 18384 }
wolfSSL 7:481bce714567 18385
wolfSSL 7:481bce714567 18386 /* Advance state and proceed */
wolfSSL 7:481bce714567 18387 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 18388 } /* case KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 18389
wolfSSL 7:481bce714567 18390 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 18391 {
wolfSSL 7:481bce714567 18392 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 18393 if (ssl->peerQSHKeyPresent) {
wolfSSL 7:481bce714567 18394 if (qshSz > 0) {
wolfSSL 7:481bce714567 18395 idx = sendSz - qshSz;
wolfSSL 7:481bce714567 18396 if (QSH_KeyExchangeWrite(ssl, 1) != 0) {
wolfSSL 7:481bce714567 18397 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18398 }
wolfSSL 7:481bce714567 18399
wolfSSL 7:481bce714567 18400 /* extension type */
wolfSSL 7:481bce714567 18401 c16toa(TLSX_QUANTUM_SAFE_HYBRID, output + idx);
wolfSSL 7:481bce714567 18402 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 18403
wolfSSL 7:481bce714567 18404 /* write to output and check amount written */
wolfSSL 7:481bce714567 18405 if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
wolfSSL 7:481bce714567 18406 > qshSz - OPAQUE16_LEN) {
wolfSSL 7:481bce714567 18407 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 7:481bce714567 18408 }
wolfSSL 7:481bce714567 18409 }
wolfSSL 7:481bce714567 18410 }
wolfSSL 7:481bce714567 18411 #endif
wolfSSL 7:481bce714567 18412
wolfSSL 7:481bce714567 18413 #if defined(HAVE_ECC)
wolfSSL 7:481bce714567 18414 if (ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 7:481bce714567 18415 ssl->specs.kea == ecc_diffie_hellman_kea) {
wolfSSL 7:481bce714567 18416 /* Check output to make sure it was set */
wolfSSL 7:481bce714567 18417 if (output) {
wolfSSL 7:481bce714567 18418 AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL 7:481bce714567 18419 }
wolfSSL 7:481bce714567 18420 else {
wolfSSL 7:481bce714567 18421 ERROR_OUT(BUFFER_ERROR, exit_sske);
wolfSSL 7:481bce714567 18422 }
wolfSSL 7:481bce714567 18423 }
wolfSSL 7:481bce714567 18424 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 18425
wolfSSL 7:481bce714567 18426 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 18427 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 18428 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) {
wolfSSL 7:481bce714567 18429 goto exit_sske;
wolfSSL 7:481bce714567 18430 }
wolfSSL 7:481bce714567 18431 }
wolfSSL 7:481bce714567 18432
wolfSSL 7:481bce714567 18433 if (ssl->options.dtls)
wolfSSL 7:481bce714567 18434 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 18435 #endif
wolfSSL 7:481bce714567 18436
wolfSSL 7:481bce714567 18437 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 18438 if (ret != 0) {
wolfSSL 7:481bce714567 18439 goto exit_sske;
wolfSSL 7:481bce714567 18440 }
wolfSSL 7:481bce714567 18441
wolfSSL 7:481bce714567 18442 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 18443 if (ssl->hsInfoOn) {
wolfSSL 7:481bce714567 18444 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 18445 }
wolfSSL 7:481bce714567 18446 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 18447 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output,
wolfSSL 7:481bce714567 18448 sendSz, ssl->heap);
wolfSSL 7:481bce714567 18449 }
wolfSSL 7:481bce714567 18450 #endif
wolfSSL 7:481bce714567 18451
wolfSSL 7:481bce714567 18452 /* Check for error */
wolfSSL 7:481bce714567 18453 if (ret != 0) {
wolfSSL 7:481bce714567 18454 goto exit_sske;
wolfSSL 7:481bce714567 18455 }
wolfSSL 7:481bce714567 18456
wolfSSL 7:481bce714567 18457 /* Advance state and proceed */
wolfSSL 7:481bce714567 18458 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 18459 } /* case KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 18460
wolfSSL 7:481bce714567 18461 case KEYSHARE_END:
wolfSSL 7:481bce714567 18462 {
wolfSSL 7:481bce714567 18463 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 18464 if (!ssl->options.groupMessages) {
wolfSSL 7:481bce714567 18465 ret = SendBuffered(ssl);
wolfSSL 7:481bce714567 18466 }
wolfSSL 7:481bce714567 18467
wolfSSL 7:481bce714567 18468 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 18469 break;
wolfSSL 7:481bce714567 18470 }
wolfSSL 7:481bce714567 18471 default:
wolfSSL 7:481bce714567 18472 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 18473 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 18474
wolfSSL 7:481bce714567 18475 exit_sske:
wolfSSL 7:481bce714567 18476
wolfSSL 7:481bce714567 18477 WOLFSSL_LEAVE("SendServerKeyExchange", ret);
wolfSSL 7:481bce714567 18478
wolfSSL 7:481bce714567 18479 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 18480 #if defined(HAVE_ECC)
wolfSSL 7:481bce714567 18481 if (exportBuf) {
wolfSSL 7:481bce714567 18482 XFREE(exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18483 exportBuf = NULL;
wolfSSL 7:481bce714567 18484 }
wolfSSL 7:481bce714567 18485 #endif
wolfSSL 7:481bce714567 18486 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 7:481bce714567 18487 if (sigDataBuf) {
wolfSSL 7:481bce714567 18488 XFREE(sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18489 sigDataBuf = NULL;
wolfSSL 7:481bce714567 18490 }
wolfSSL 7:481bce714567 18491 #endif
wolfSSL 7:481bce714567 18492
wolfSSL 7:481bce714567 18493
wolfSSL 7:481bce714567 18494 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 18495 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 18496 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 18497 /* Store variables needed for async */
wolfSSL 7:481bce714567 18498 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 18499 ssl->async.output = output;
wolfSSL 7:481bce714567 18500 ssl->async.sendSz = sendSz;
wolfSSL 7:481bce714567 18501 ssl->async.idx = idx;
wolfSSL 7:481bce714567 18502 ssl->async.length = length;
wolfSSL 7:481bce714567 18503 ssl->async.sigSz = sigSz;
wolfSSL 7:481bce714567 18504 #ifndef NO_RSA
wolfSSL 7:481bce714567 18505 ssl->async.data = verifySig;
wolfSSL 7:481bce714567 18506 #endif
wolfSSL 7:481bce714567 18507
wolfSSL 7:481bce714567 18508 /* Push event to queue */
wolfSSL 7:481bce714567 18509 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 18510 if (ret == 0) {
wolfSSL 7:481bce714567 18511 return WC_PENDING_E;
wolfSSL 7:481bce714567 18512 }
wolfSSL 7:481bce714567 18513 }
wolfSSL 7:481bce714567 18514 #endif
wolfSSL 7:481bce714567 18515
wolfSSL 7:481bce714567 18516 #ifndef NO_RSA
wolfSSL 7:481bce714567 18517 if (verifySig) {
wolfSSL 7:481bce714567 18518 XFREE(verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 18519 verifySig = NULL;
wolfSSL 7:481bce714567 18520 }
wolfSSL 7:481bce714567 18521 #endif
wolfSSL 7:481bce714567 18522
wolfSSL 7:481bce714567 18523 /* Final cleanup */
wolfSSL 7:481bce714567 18524 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 18525
wolfSSL 7:481bce714567 18526 return ret;
wolfSSL 7:481bce714567 18527 }
wolfSSL 7:481bce714567 18528
wolfSSL 7:481bce714567 18529 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 7:481bce714567 18530
wolfSSL 7:481bce714567 18531 /* search suites for specific one, idx on success, negative on error */
wolfSSL 7:481bce714567 18532 static int FindSuite(Suites* suites, byte first, byte second)
wolfSSL 7:481bce714567 18533 {
wolfSSL 7:481bce714567 18534 int i;
wolfSSL 7:481bce714567 18535
wolfSSL 7:481bce714567 18536 if (suites == NULL || suites->suiteSz == 0) {
wolfSSL 7:481bce714567 18537 WOLFSSL_MSG("Suites pointer error or suiteSz 0");
wolfSSL 7:481bce714567 18538 return SUITES_ERROR;
wolfSSL 7:481bce714567 18539 }
wolfSSL 7:481bce714567 18540
wolfSSL 7:481bce714567 18541 for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
wolfSSL 7:481bce714567 18542 if (suites->suites[i] == first &&
wolfSSL 7:481bce714567 18543 suites->suites[i+1] == second )
wolfSSL 7:481bce714567 18544 return i;
wolfSSL 7:481bce714567 18545 }
wolfSSL 7:481bce714567 18546
wolfSSL 7:481bce714567 18547 return MATCH_SUITE_ERROR;
wolfSSL 7:481bce714567 18548 }
wolfSSL 7:481bce714567 18549
wolfSSL 7:481bce714567 18550 #endif
wolfSSL 7:481bce714567 18551
wolfSSL 7:481bce714567 18552 /* Make sure server cert/key are valid for this suite, true on success */
wolfSSL 7:481bce714567 18553 static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
wolfSSL 7:481bce714567 18554 {
wolfSSL 7:481bce714567 18555 int haveRSA = !ssl->options.haveStaticECC;
wolfSSL 7:481bce714567 18556 int havePSK = 0;
wolfSSL 7:481bce714567 18557 byte first;
wolfSSL 7:481bce714567 18558 byte second;
wolfSSL 7:481bce714567 18559
wolfSSL 7:481bce714567 18560 WOLFSSL_ENTER("VerifyServerSuite");
wolfSSL 7:481bce714567 18561
wolfSSL 7:481bce714567 18562 if (ssl->suites == NULL) {
wolfSSL 7:481bce714567 18563 WOLFSSL_MSG("Suites pointer error");
wolfSSL 7:481bce714567 18564 return 0;
wolfSSL 7:481bce714567 18565 }
wolfSSL 7:481bce714567 18566
wolfSSL 7:481bce714567 18567 first = ssl->suites->suites[idx];
wolfSSL 7:481bce714567 18568 second = ssl->suites->suites[idx+1];
wolfSSL 7:481bce714567 18569
wolfSSL 7:481bce714567 18570 #ifndef NO_PSK
wolfSSL 7:481bce714567 18571 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 18572 #endif
wolfSSL 7:481bce714567 18573
wolfSSL 7:481bce714567 18574 if (ssl->options.haveNTRU)
wolfSSL 7:481bce714567 18575 haveRSA = 0;
wolfSSL 7:481bce714567 18576
wolfSSL 7:481bce714567 18577 if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL 7:481bce714567 18578 WOLFSSL_MSG("Requires RSA");
wolfSSL 7:481bce714567 18579 if (haveRSA == 0) {
wolfSSL 7:481bce714567 18580 WOLFSSL_MSG("Don't have RSA");
wolfSSL 7:481bce714567 18581 return 0;
wolfSSL 7:481bce714567 18582 }
wolfSSL 7:481bce714567 18583 }
wolfSSL 7:481bce714567 18584
wolfSSL 7:481bce714567 18585 if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL 7:481bce714567 18586 WOLFSSL_MSG("Requires DHE");
wolfSSL 7:481bce714567 18587 if (ssl->options.haveDH == 0) {
wolfSSL 7:481bce714567 18588 WOLFSSL_MSG("Don't have DHE");
wolfSSL 7:481bce714567 18589 return 0;
wolfSSL 7:481bce714567 18590 }
wolfSSL 7:481bce714567 18591 }
wolfSSL 7:481bce714567 18592
wolfSSL 7:481bce714567 18593 if (CipherRequires(first, second, REQUIRES_ECC)) {
wolfSSL 7:481bce714567 18594 WOLFSSL_MSG("Requires ECC");
wolfSSL 7:481bce714567 18595 if (ssl->options.haveECC == 0) {
wolfSSL 7:481bce714567 18596 WOLFSSL_MSG("Don't have ECC");
wolfSSL 7:481bce714567 18597 return 0;
wolfSSL 7:481bce714567 18598 }
wolfSSL 7:481bce714567 18599 }
wolfSSL 7:481bce714567 18600
wolfSSL 7:481bce714567 18601 if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL 7:481bce714567 18602 WOLFSSL_MSG("Requires static ECC");
wolfSSL 7:481bce714567 18603 if (ssl->options.haveStaticECC == 0) {
wolfSSL 7:481bce714567 18604 WOLFSSL_MSG("Don't have static ECC");
wolfSSL 7:481bce714567 18605 return 0;
wolfSSL 7:481bce714567 18606 }
wolfSSL 7:481bce714567 18607 }
wolfSSL 7:481bce714567 18608
wolfSSL 7:481bce714567 18609 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 7:481bce714567 18610 WOLFSSL_MSG("Requires PSK");
wolfSSL 7:481bce714567 18611 if (havePSK == 0) {
wolfSSL 7:481bce714567 18612 WOLFSSL_MSG("Don't have PSK");
wolfSSL 7:481bce714567 18613 return 0;
wolfSSL 7:481bce714567 18614 }
wolfSSL 7:481bce714567 18615 }
wolfSSL 7:481bce714567 18616
wolfSSL 7:481bce714567 18617 if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL 7:481bce714567 18618 WOLFSSL_MSG("Requires NTRU");
wolfSSL 7:481bce714567 18619 if (ssl->options.haveNTRU == 0) {
wolfSSL 7:481bce714567 18620 WOLFSSL_MSG("Don't have NTRU");
wolfSSL 7:481bce714567 18621 return 0;
wolfSSL 7:481bce714567 18622 }
wolfSSL 7:481bce714567 18623 }
wolfSSL 7:481bce714567 18624
wolfSSL 7:481bce714567 18625 if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL 7:481bce714567 18626 WOLFSSL_MSG("Requires RSA Signature");
wolfSSL 7:481bce714567 18627 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 7:481bce714567 18628 ssl->options.haveECDSAsig == 1) {
wolfSSL 7:481bce714567 18629 WOLFSSL_MSG("Don't have RSA Signature");
wolfSSL 7:481bce714567 18630 return 0;
wolfSSL 7:481bce714567 18631 }
wolfSSL 7:481bce714567 18632 }
wolfSSL 7:481bce714567 18633
wolfSSL 7:481bce714567 18634 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 7:481bce714567 18635 if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
wolfSSL 7:481bce714567 18636 WOLFSSL_MSG("Don't have matching curves");
wolfSSL 7:481bce714567 18637 return 0;
wolfSSL 7:481bce714567 18638 }
wolfSSL 7:481bce714567 18639 #endif
wolfSSL 7:481bce714567 18640
wolfSSL 7:481bce714567 18641 /* ECCDHE is always supported if ECC on */
wolfSSL 7:481bce714567 18642
wolfSSL 7:481bce714567 18643 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 18644 /* need to negotiate a classic suite in addition to TLS_QSH */
wolfSSL 7:481bce714567 18645 if (first == QSH_BYTE && second == TLS_QSH) {
wolfSSL 7:481bce714567 18646 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 7:481bce714567 18647 ssl->options.haveQSH = 1; /* matched TLS_QSH */
wolfSSL 7:481bce714567 18648 }
wolfSSL 7:481bce714567 18649 else {
wolfSSL 7:481bce714567 18650 WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
wolfSSL 7:481bce714567 18651 }
wolfSSL 7:481bce714567 18652 return 0;
wolfSSL 7:481bce714567 18653 }
wolfSSL 7:481bce714567 18654 #endif
wolfSSL 7:481bce714567 18655
wolfSSL 7:481bce714567 18656 return 1;
wolfSSL 7:481bce714567 18657 }
wolfSSL 7:481bce714567 18658
wolfSSL 7:481bce714567 18659 #ifndef NO_WOLFSSL_SERVER
wolfSSL 7:481bce714567 18660 static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
wolfSSL 7:481bce714567 18661 {
wolfSSL 7:481bce714567 18662 word16 i, j;
wolfSSL 7:481bce714567 18663
wolfSSL 7:481bce714567 18664 WOLFSSL_ENTER("MatchSuite");
wolfSSL 7:481bce714567 18665
wolfSSL 7:481bce714567 18666 /* & 0x1 equivalent % 2 */
wolfSSL 7:481bce714567 18667 if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
wolfSSL 7:481bce714567 18668 return MATCH_SUITE_ERROR;
wolfSSL 7:481bce714567 18669
wolfSSL 7:481bce714567 18670 if (ssl->suites == NULL)
wolfSSL 7:481bce714567 18671 return SUITES_ERROR;
wolfSSL 7:481bce714567 18672 /* start with best, if a match we are good */
wolfSSL 7:481bce714567 18673 for (i = 0; i < ssl->suites->suiteSz; i += 2)
wolfSSL 7:481bce714567 18674 for (j = 0; j < peerSuites->suiteSz; j += 2)
wolfSSL 7:481bce714567 18675 if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL 7:481bce714567 18676 ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL 7:481bce714567 18677
wolfSSL 7:481bce714567 18678 if (VerifyServerSuite(ssl, i)) {
wolfSSL 7:481bce714567 18679 int result;
wolfSSL 7:481bce714567 18680 WOLFSSL_MSG("Verified suite validity");
wolfSSL 7:481bce714567 18681 ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL 7:481bce714567 18682 ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL 7:481bce714567 18683 result = SetCipherSpecs(ssl);
wolfSSL 7:481bce714567 18684 if (result == 0)
wolfSSL 7:481bce714567 18685 PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL 7:481bce714567 18686 peerSuites->hashSigAlgoSz);
wolfSSL 7:481bce714567 18687 return result;
wolfSSL 7:481bce714567 18688 }
wolfSSL 7:481bce714567 18689 else {
wolfSSL 7:481bce714567 18690 WOLFSSL_MSG("Could not verify suite validity, continue");
wolfSSL 7:481bce714567 18691 }
wolfSSL 7:481bce714567 18692 }
wolfSSL 7:481bce714567 18693
wolfSSL 7:481bce714567 18694 return MATCH_SUITE_ERROR;
wolfSSL 7:481bce714567 18695 }
wolfSSL 7:481bce714567 18696 #endif
wolfSSL 7:481bce714567 18697
wolfSSL 7:481bce714567 18698 #ifdef OLD_HELLO_ALLOWED
wolfSSL 7:481bce714567 18699
wolfSSL 7:481bce714567 18700 /* process old style client hello, deprecate? */
wolfSSL 7:481bce714567 18701 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 18702 word32 inSz, word16 sz)
wolfSSL 7:481bce714567 18703 {
wolfSSL 7:481bce714567 18704 word32 idx = *inOutIdx;
wolfSSL 7:481bce714567 18705 word16 sessionSz;
wolfSSL 7:481bce714567 18706 word16 randomSz;
wolfSSL 7:481bce714567 18707 word16 i, j;
wolfSSL 7:481bce714567 18708 ProtocolVersion pv;
wolfSSL 7:481bce714567 18709 Suites clSuites;
wolfSSL 7:481bce714567 18710
wolfSSL 7:481bce714567 18711 (void)inSz;
wolfSSL 7:481bce714567 18712 WOLFSSL_MSG("Got old format client hello");
wolfSSL 7:481bce714567 18713 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 18714 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 18715 AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 18716 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 18717 AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 18718 #endif
wolfSSL 7:481bce714567 18719
wolfSSL 7:481bce714567 18720 /* manually hash input since different format */
wolfSSL 7:481bce714567 18721 #ifndef NO_OLD_TLS
wolfSSL 7:481bce714567 18722 #ifndef NO_MD5
wolfSSL 7:481bce714567 18723 wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
wolfSSL 7:481bce714567 18724 #endif
wolfSSL 7:481bce714567 18725 #ifndef NO_SHA
wolfSSL 7:481bce714567 18726 wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
wolfSSL 7:481bce714567 18727 #endif
wolfSSL 7:481bce714567 18728 #endif
wolfSSL 7:481bce714567 18729 #ifndef NO_SHA256
wolfSSL 7:481bce714567 18730 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 18731 int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
wolfSSL 7:481bce714567 18732 input + idx, sz);
wolfSSL 7:481bce714567 18733 if (shaRet != 0)
wolfSSL 7:481bce714567 18734 return shaRet;
wolfSSL 7:481bce714567 18735 }
wolfSSL 7:481bce714567 18736 #endif
wolfSSL 7:481bce714567 18737
wolfSSL 7:481bce714567 18738 /* does this value mean client_hello? */
wolfSSL 7:481bce714567 18739 idx++;
wolfSSL 7:481bce714567 18740
wolfSSL 7:481bce714567 18741 /* version */
wolfSSL 7:481bce714567 18742 pv.major = input[idx++];
wolfSSL 7:481bce714567 18743 pv.minor = input[idx++];
wolfSSL 7:481bce714567 18744 ssl->chVersion = pv; /* store */
wolfSSL 7:481bce714567 18745
wolfSSL 7:481bce714567 18746 if (ssl->version.minor > pv.minor) {
wolfSSL 7:481bce714567 18747 byte haveRSA = 0;
wolfSSL 7:481bce714567 18748 byte havePSK = 0;
wolfSSL 7:481bce714567 18749 if (!ssl->options.downgrade) {
wolfSSL 7:481bce714567 18750 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 7:481bce714567 18751 return VERSION_ERROR;
wolfSSL 7:481bce714567 18752 }
wolfSSL 7:481bce714567 18753 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 7:481bce714567 18754 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 7:481bce714567 18755 return VERSION_ERROR;
wolfSSL 7:481bce714567 18756 }
wolfSSL 7:481bce714567 18757 if (pv.minor == SSLv3_MINOR) {
wolfSSL 7:481bce714567 18758 /* turn off tls */
wolfSSL 7:481bce714567 18759 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 7:481bce714567 18760 ssl->options.tls = 0;
wolfSSL 7:481bce714567 18761 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 18762 ssl->version.minor = SSLv3_MINOR;
wolfSSL 7:481bce714567 18763 }
wolfSSL 7:481bce714567 18764 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 7:481bce714567 18765 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 7:481bce714567 18766 /* turn off tls 1.1+ */
wolfSSL 7:481bce714567 18767 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 18768 ssl->version.minor = TLSv1_MINOR;
wolfSSL 7:481bce714567 18769 }
wolfSSL 7:481bce714567 18770 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 7:481bce714567 18771 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 7:481bce714567 18772 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 7:481bce714567 18773 }
wolfSSL 7:481bce714567 18774 #ifndef NO_RSA
wolfSSL 7:481bce714567 18775 haveRSA = 1;
wolfSSL 7:481bce714567 18776 #endif
wolfSSL 7:481bce714567 18777 #ifndef NO_PSK
wolfSSL 7:481bce714567 18778 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 18779 #endif
wolfSSL 7:481bce714567 18780
wolfSSL 7:481bce714567 18781 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 7:481bce714567 18782 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 18783 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 18784 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 18785 }
wolfSSL 7:481bce714567 18786
wolfSSL 7:481bce714567 18787 /* suite size */
wolfSSL 7:481bce714567 18788 ato16(&input[idx], &clSuites.suiteSz);
wolfSSL 7:481bce714567 18789 idx += 2;
wolfSSL 7:481bce714567 18790
wolfSSL 7:481bce714567 18791 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 7:481bce714567 18792 return BUFFER_ERROR;
wolfSSL 7:481bce714567 18793 clSuites.hashSigAlgoSz = 0;
wolfSSL 7:481bce714567 18794
wolfSSL 7:481bce714567 18795 /* session size */
wolfSSL 7:481bce714567 18796 ato16(&input[idx], &sessionSz);
wolfSSL 7:481bce714567 18797 idx += 2;
wolfSSL 7:481bce714567 18798
wolfSSL 7:481bce714567 18799 if (sessionSz > ID_LEN)
wolfSSL 7:481bce714567 18800 return BUFFER_ERROR;
wolfSSL 7:481bce714567 18801
wolfSSL 7:481bce714567 18802 /* random size */
wolfSSL 7:481bce714567 18803 ato16(&input[idx], &randomSz);
wolfSSL 7:481bce714567 18804 idx += 2;
wolfSSL 7:481bce714567 18805
wolfSSL 7:481bce714567 18806 if (randomSz > RAN_LEN)
wolfSSL 7:481bce714567 18807 return BUFFER_ERROR;
wolfSSL 7:481bce714567 18808
wolfSSL 7:481bce714567 18809 /* suites */
wolfSSL 7:481bce714567 18810 for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL 7:481bce714567 18811 byte first = input[idx++];
wolfSSL 7:481bce714567 18812 if (!first) { /* implicit: skip sslv2 type */
wolfSSL 7:481bce714567 18813 XMEMCPY(&clSuites.suites[j], &input[idx], 2);
wolfSSL 7:481bce714567 18814 j += 2;
wolfSSL 7:481bce714567 18815 }
wolfSSL 7:481bce714567 18816 idx += 2;
wolfSSL 7:481bce714567 18817 }
wolfSSL 7:481bce714567 18818 clSuites.suiteSz = j;
wolfSSL 7:481bce714567 18819
wolfSSL 7:481bce714567 18820 /* session id */
wolfSSL 7:481bce714567 18821 if (sessionSz) {
wolfSSL 7:481bce714567 18822 XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL 7:481bce714567 18823 ssl->arrays->sessionIDSz = (byte)sessionSz;
wolfSSL 7:481bce714567 18824 idx += sessionSz;
wolfSSL 7:481bce714567 18825 ssl->options.resuming = 1;
wolfSSL 7:481bce714567 18826 }
wolfSSL 7:481bce714567 18827
wolfSSL 7:481bce714567 18828 /* random */
wolfSSL 7:481bce714567 18829 if (randomSz < RAN_LEN)
wolfSSL 7:481bce714567 18830 XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL 7:481bce714567 18831 XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL 7:481bce714567 18832 randomSz);
wolfSSL 7:481bce714567 18833 idx += randomSz;
wolfSSL 7:481bce714567 18834
wolfSSL 7:481bce714567 18835 if (ssl->options.usingCompression)
wolfSSL 7:481bce714567 18836 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 7:481bce714567 18837
wolfSSL 7:481bce714567 18838 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 7:481bce714567 18839 *inOutIdx = idx;
wolfSSL 7:481bce714567 18840
wolfSSL 7:481bce714567 18841 ssl->options.haveSessionId = 1;
wolfSSL 7:481bce714567 18842 /* DoClientHello uses same resume code */
wolfSSL 7:481bce714567 18843 if (ssl->options.resuming) { /* let's try */
wolfSSL 7:481bce714567 18844 int ret = -1;
wolfSSL 7:481bce714567 18845 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 7:481bce714567 18846 ssl->arrays->masterSecret, 1);
wolfSSL 7:481bce714567 18847 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 18848 if (ssl->options.useTicket == 1) {
wolfSSL 7:481bce714567 18849 session = &ssl->session;
wolfSSL 7:481bce714567 18850 }
wolfSSL 7:481bce714567 18851 #endif
wolfSSL 7:481bce714567 18852
wolfSSL 7:481bce714567 18853 if (!session) {
wolfSSL 7:481bce714567 18854 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 7:481bce714567 18855 ssl->options.resuming = 0;
wolfSSL 7:481bce714567 18856 } else {
wolfSSL 7:481bce714567 18857 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 7:481bce714567 18858 WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL 7:481bce714567 18859 return UNSUPPORTED_SUITE;
wolfSSL 7:481bce714567 18860 }
wolfSSL 7:481bce714567 18861
wolfSSL 7:481bce714567 18862 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 7:481bce714567 18863 RAN_LEN);
wolfSSL 7:481bce714567 18864 if (ret != 0)
wolfSSL 7:481bce714567 18865 return ret;
wolfSSL 7:481bce714567 18866
wolfSSL 7:481bce714567 18867 #ifdef NO_OLD_TLS
wolfSSL 7:481bce714567 18868 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 18869 #else
wolfSSL 7:481bce714567 18870 #ifndef NO_TLS
wolfSSL 7:481bce714567 18871 if (ssl->options.tls)
wolfSSL 7:481bce714567 18872 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 18873 #endif
wolfSSL 7:481bce714567 18874 if (!ssl->options.tls)
wolfSSL 7:481bce714567 18875 ret = DeriveKeys(ssl);
wolfSSL 7:481bce714567 18876 #endif
wolfSSL 7:481bce714567 18877 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 18878
wolfSSL 7:481bce714567 18879 return ret;
wolfSSL 7:481bce714567 18880 }
wolfSSL 7:481bce714567 18881 }
wolfSSL 7:481bce714567 18882
wolfSSL 7:481bce714567 18883 return MatchSuite(ssl, &clSuites);
wolfSSL 7:481bce714567 18884 }
wolfSSL 7:481bce714567 18885
wolfSSL 7:481bce714567 18886 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 7:481bce714567 18887
wolfSSL 7:481bce714567 18888
wolfSSL 7:481bce714567 18889 static int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 18890 word32 helloSz)
wolfSSL 7:481bce714567 18891 {
wolfSSL 7:481bce714567 18892 byte b;
wolfSSL 7:481bce714567 18893 byte bogusID = 0; /* flag for a bogus session id */
wolfSSL 7:481bce714567 18894 ProtocolVersion pv;
wolfSSL 7:481bce714567 18895 Suites clSuites;
wolfSSL 7:481bce714567 18896 word32 i = *inOutIdx;
wolfSSL 7:481bce714567 18897 word32 begin = i;
wolfSSL 7:481bce714567 18898 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 18899 Hmac cookieHmac;
wolfSSL 7:481bce714567 18900 byte peerCookie[MAX_COOKIE_LEN];
wolfSSL 7:481bce714567 18901 byte peerCookieSz = 0;
wolfSSL 7:481bce714567 18902 byte cookieType;
wolfSSL 7:481bce714567 18903 byte cookieSz = 0;
wolfSSL 7:481bce714567 18904 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 18905
wolfSSL 7:481bce714567 18906 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 18907 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 18908 if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 18909 #endif
wolfSSL 7:481bce714567 18910
wolfSSL 7:481bce714567 18911 /* protocol version, random and session id length check */
wolfSSL 7:481bce714567 18912 if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 7:481bce714567 18913 return BUFFER_ERROR;
wolfSSL 7:481bce714567 18914
wolfSSL 7:481bce714567 18915 /* protocol version */
wolfSSL 7:481bce714567 18916 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 7:481bce714567 18917 ssl->chVersion = pv; /* store */
wolfSSL 7:481bce714567 18918 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 18919 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 18920 int ret;
wolfSSL 7:481bce714567 18921 #if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 7:481bce714567 18922 #error "DTLS needs either SHA or SHA-256"
wolfSSL 7:481bce714567 18923 #endif /* NO_SHA && NO_SHA256 */
wolfSSL 7:481bce714567 18924
wolfSSL 7:481bce714567 18925 #if !defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 7:481bce714567 18926 cookieType = SHA;
wolfSSL 7:481bce714567 18927 cookieSz = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 18928 #endif /* NO_SHA */
wolfSSL 7:481bce714567 18929 #ifndef NO_SHA256
wolfSSL 7:481bce714567 18930 cookieType = SHA256;
wolfSSL 7:481bce714567 18931 cookieSz = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 18932 #endif /* NO_SHA256 */
wolfSSL 7:481bce714567 18933 ret = wc_HmacSetKey(&cookieHmac, cookieType,
wolfSSL 7:481bce714567 18934 ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 7:481bce714567 18935 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 7:481bce714567 18936 if (ret != 0) return ret;
wolfSSL 7:481bce714567 18937 ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 7:481bce714567 18938 (const byte*)ssl->buffers.dtlsCtx.peer.sa,
wolfSSL 7:481bce714567 18939 ssl->buffers.dtlsCtx.peer.sz);
wolfSSL 7:481bce714567 18940 if (ret != 0) return ret;
wolfSSL 7:481bce714567 18941 ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN);
wolfSSL 7:481bce714567 18942 if (ret != 0) return ret;
wolfSSL 7:481bce714567 18943 }
wolfSSL 7:481bce714567 18944 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 18945 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 18946
wolfSSL 7:481bce714567 18947 if ((!ssl->options.dtls && ssl->version.minor > pv.minor) ||
wolfSSL 7:481bce714567 18948 (ssl->options.dtls && ssl->version.minor != DTLS_MINOR
wolfSSL 7:481bce714567 18949 && ssl->version.minor != DTLSv1_2_MINOR && pv.minor != DTLS_MINOR
wolfSSL 7:481bce714567 18950 && pv.minor != DTLSv1_2_MINOR)) {
wolfSSL 7:481bce714567 18951
wolfSSL 7:481bce714567 18952 word16 haveRSA = 0;
wolfSSL 7:481bce714567 18953 word16 havePSK = 0;
wolfSSL 7:481bce714567 18954
wolfSSL 7:481bce714567 18955 if (!ssl->options.downgrade) {
wolfSSL 7:481bce714567 18956 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 7:481bce714567 18957 return VERSION_ERROR;
wolfSSL 7:481bce714567 18958 }
wolfSSL 7:481bce714567 18959 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 7:481bce714567 18960 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 7:481bce714567 18961 return VERSION_ERROR;
wolfSSL 7:481bce714567 18962 }
wolfSSL 7:481bce714567 18963
wolfSSL 7:481bce714567 18964 if (pv.minor == SSLv3_MINOR) {
wolfSSL 7:481bce714567 18965 /* turn off tls */
wolfSSL 7:481bce714567 18966 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 7:481bce714567 18967 ssl->options.tls = 0;
wolfSSL 7:481bce714567 18968 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 18969 ssl->version.minor = SSLv3_MINOR;
wolfSSL 7:481bce714567 18970 }
wolfSSL 7:481bce714567 18971 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 7:481bce714567 18972 /* turn off tls 1.1+ */
wolfSSL 7:481bce714567 18973 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 7:481bce714567 18974 ssl->options.tls1_1 = 0;
wolfSSL 7:481bce714567 18975 ssl->version.minor = TLSv1_MINOR;
wolfSSL 7:481bce714567 18976 }
wolfSSL 7:481bce714567 18977 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 7:481bce714567 18978 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 7:481bce714567 18979 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 7:481bce714567 18980 }
wolfSSL 7:481bce714567 18981 #ifndef NO_RSA
wolfSSL 7:481bce714567 18982 haveRSA = 1;
wolfSSL 7:481bce714567 18983 #endif
wolfSSL 7:481bce714567 18984 #ifndef NO_PSK
wolfSSL 7:481bce714567 18985 havePSK = ssl->options.havePSK;
wolfSSL 7:481bce714567 18986 #endif
wolfSSL 7:481bce714567 18987 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 7:481bce714567 18988 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 7:481bce714567 18989 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 7:481bce714567 18990 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 7:481bce714567 18991 }
wolfSSL 7:481bce714567 18992
wolfSSL 7:481bce714567 18993 /* random */
wolfSSL 7:481bce714567 18994 XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL 7:481bce714567 18995 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 18996 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 18997 int ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
wolfSSL 7:481bce714567 18998 if (ret != 0) return ret;
wolfSSL 7:481bce714567 18999 }
wolfSSL 7:481bce714567 19000 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 19001 i += RAN_LEN;
wolfSSL 7:481bce714567 19002
wolfSSL 7:481bce714567 19003 #ifdef SHOW_SECRETS
wolfSSL 7:481bce714567 19004 {
wolfSSL 7:481bce714567 19005 int j;
wolfSSL 7:481bce714567 19006 printf("client random: ");
wolfSSL 7:481bce714567 19007 for (j = 0; j < RAN_LEN; j++)
wolfSSL 7:481bce714567 19008 printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL 7:481bce714567 19009 printf("\n");
wolfSSL 7:481bce714567 19010 }
wolfSSL 7:481bce714567 19011 #endif
wolfSSL 7:481bce714567 19012
wolfSSL 7:481bce714567 19013 /* session id */
wolfSSL 7:481bce714567 19014 b = input[i++];
wolfSSL 7:481bce714567 19015
wolfSSL 7:481bce714567 19016 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 19017 if (b > 0 && b < ID_LEN) {
wolfSSL 7:481bce714567 19018 bogusID = 1;
wolfSSL 7:481bce714567 19019 WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
wolfSSL 7:481bce714567 19020 }
wolfSSL 7:481bce714567 19021 #endif
wolfSSL 7:481bce714567 19022
wolfSSL 7:481bce714567 19023 if (b == ID_LEN || bogusID) {
wolfSSL 7:481bce714567 19024 if ((i - begin) + b > helloSz)
wolfSSL 7:481bce714567 19025 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19026
wolfSSL 7:481bce714567 19027 XMEMCPY(ssl->arrays->sessionID, input + i, b);
wolfSSL 7:481bce714567 19028 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19029 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 19030 int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 7:481bce714567 19031 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19032 }
wolfSSL 7:481bce714567 19033 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 19034 ssl->arrays->sessionIDSz = b;
wolfSSL 7:481bce714567 19035 i += b;
wolfSSL 7:481bce714567 19036 ssl->options.resuming = 1; /* client wants to resume */
wolfSSL 7:481bce714567 19037 WOLFSSL_MSG("Client wants to resume session");
wolfSSL 7:481bce714567 19038 }
wolfSSL 7:481bce714567 19039 else if (b) {
wolfSSL 7:481bce714567 19040 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 7:481bce714567 19041 return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL 7:481bce714567 19042 }
wolfSSL 7:481bce714567 19043
wolfSSL 7:481bce714567 19044 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19045 /* cookie */
wolfSSL 7:481bce714567 19046 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 19047
wolfSSL 7:481bce714567 19048 if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL 7:481bce714567 19049 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19050
wolfSSL 7:481bce714567 19051 peerCookieSz = input[i++];
wolfSSL 7:481bce714567 19052
wolfSSL 7:481bce714567 19053 if (peerCookieSz) {
wolfSSL 7:481bce714567 19054 if (peerCookieSz > MAX_COOKIE_LEN)
wolfSSL 7:481bce714567 19055 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19056
wolfSSL 7:481bce714567 19057 if ((i - begin) + peerCookieSz > helloSz)
wolfSSL 7:481bce714567 19058 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19059
wolfSSL 7:481bce714567 19060 XMEMCPY(peerCookie, input + i, peerCookieSz);
wolfSSL 7:481bce714567 19061
wolfSSL 7:481bce714567 19062 i += peerCookieSz;
wolfSSL 7:481bce714567 19063 }
wolfSSL 7:481bce714567 19064 }
wolfSSL 7:481bce714567 19065 #endif
wolfSSL 7:481bce714567 19066
wolfSSL 7:481bce714567 19067 /* suites */
wolfSSL 7:481bce714567 19068 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 7:481bce714567 19069 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19070
wolfSSL 7:481bce714567 19071 ato16(&input[i], &clSuites.suiteSz);
wolfSSL 7:481bce714567 19072 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19073
wolfSSL 7:481bce714567 19074 /* suites and compression length check */
wolfSSL 7:481bce714567 19075 if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL 7:481bce714567 19076 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19077
wolfSSL 7:481bce714567 19078 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 7:481bce714567 19079 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19080
wolfSSL 7:481bce714567 19081 XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL 7:481bce714567 19082
wolfSSL 7:481bce714567 19083 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 7:481bce714567 19084 /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
wolfSSL 7:481bce714567 19085 if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
wolfSSL 7:481bce714567 19086 int ret = 0;
wolfSSL 7:481bce714567 19087
wolfSSL 7:481bce714567 19088 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
wolfSSL 7:481bce714567 19089 if (ret != SSL_SUCCESS)
wolfSSL 7:481bce714567 19090 return ret;
wolfSSL 7:481bce714567 19091 }
wolfSSL 7:481bce714567 19092 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 7:481bce714567 19093
wolfSSL 7:481bce714567 19094 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19095 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 19096 int ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 7:481bce714567 19097 input + i - OPAQUE16_LEN,
wolfSSL 7:481bce714567 19098 clSuites.suiteSz + OPAQUE16_LEN);
wolfSSL 7:481bce714567 19099 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19100 }
wolfSSL 7:481bce714567 19101 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 19102 i += clSuites.suiteSz;
wolfSSL 7:481bce714567 19103 clSuites.hashSigAlgoSz = 0;
wolfSSL 7:481bce714567 19104
wolfSSL 7:481bce714567 19105 /* compression length */
wolfSSL 7:481bce714567 19106 b = input[i++];
wolfSSL 7:481bce714567 19107
wolfSSL 7:481bce714567 19108 if ((i - begin) + b > helloSz)
wolfSSL 7:481bce714567 19109 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19110
wolfSSL 7:481bce714567 19111 if (b == 0) {
wolfSSL 7:481bce714567 19112 WOLFSSL_MSG("No compression types in list");
wolfSSL 7:481bce714567 19113 return COMPRESSION_ERROR;
wolfSSL 7:481bce714567 19114 }
wolfSSL 7:481bce714567 19115
wolfSSL 7:481bce714567 19116 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19117 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 19118 byte newCookie[MAX_COOKIE_LEN];
wolfSSL 7:481bce714567 19119 int ret;
wolfSSL 7:481bce714567 19120
wolfSSL 7:481bce714567 19121 ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 7:481bce714567 19122 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19123 ret = wc_HmacFinal(&cookieHmac, newCookie);
wolfSSL 7:481bce714567 19124 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19125
wolfSSL 7:481bce714567 19126 /* If a cookie callback is set, call it to overwrite the cookie.
wolfSSL 7:481bce714567 19127 * This should be deprecated. The code now calculates the cookie
wolfSSL 7:481bce714567 19128 * using an HMAC as expected. */
wolfSSL 7:481bce714567 19129 if (ssl->ctx->CBIOCookie != NULL &&
wolfSSL 7:481bce714567 19130 ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
wolfSSL 7:481bce714567 19131 ssl->IOCB_CookieCtx) != cookieSz) {
wolfSSL 7:481bce714567 19132 return COOKIE_ERROR;
wolfSSL 7:481bce714567 19133 }
wolfSSL 7:481bce714567 19134
wolfSSL 7:481bce714567 19135 /* Check the cookie, see if we progress the state machine. */
wolfSSL 7:481bce714567 19136 if (peerCookieSz != cookieSz ||
wolfSSL 7:481bce714567 19137 XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
wolfSSL 7:481bce714567 19138
wolfSSL 7:481bce714567 19139 /* Send newCookie to client in a HelloVerifyRequest message
wolfSSL 7:481bce714567 19140 * and let the state machine alone. */
wolfSSL 7:481bce714567 19141 ssl->msgsReceived.got_client_hello = 0;
wolfSSL 7:481bce714567 19142 ssl->keys.dtls_handshake_number = 0;
wolfSSL 7:481bce714567 19143 ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL 7:481bce714567 19144 *inOutIdx += helloSz;
wolfSSL 7:481bce714567 19145 return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
wolfSSL 7:481bce714567 19146 }
wolfSSL 7:481bce714567 19147
wolfSSL 7:481bce714567 19148 /* This was skipped in the DTLS case so we could handle the hello
wolfSSL 7:481bce714567 19149 * verify request. */
wolfSSL 7:481bce714567 19150 ret = HashInput(ssl, input + *inOutIdx, helloSz);
wolfSSL 7:481bce714567 19151 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19152 }
wolfSSL 7:481bce714567 19153 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 19154
wolfSSL 7:481bce714567 19155 {
wolfSSL 7:481bce714567 19156 /* copmression match types */
wolfSSL 7:481bce714567 19157 int matchNo = 0;
wolfSSL 7:481bce714567 19158 int matchZlib = 0;
wolfSSL 7:481bce714567 19159
wolfSSL 7:481bce714567 19160 while (b--) {
wolfSSL 7:481bce714567 19161 byte comp = input[i++];
wolfSSL 7:481bce714567 19162
wolfSSL 7:481bce714567 19163 if (comp == NO_COMPRESSION) {
wolfSSL 7:481bce714567 19164 matchNo = 1;
wolfSSL 7:481bce714567 19165 }
wolfSSL 7:481bce714567 19166 if (comp == ZLIB_COMPRESSION) {
wolfSSL 7:481bce714567 19167 matchZlib = 1;
wolfSSL 7:481bce714567 19168 }
wolfSSL 7:481bce714567 19169 }
wolfSSL 7:481bce714567 19170
wolfSSL 7:481bce714567 19171 if (ssl->options.usingCompression == 0 && matchNo) {
wolfSSL 7:481bce714567 19172 WOLFSSL_MSG("Matched No Compression");
wolfSSL 7:481bce714567 19173 } else if (ssl->options.usingCompression && matchZlib) {
wolfSSL 7:481bce714567 19174 WOLFSSL_MSG("Matched zlib Compression");
wolfSSL 7:481bce714567 19175 } else if (ssl->options.usingCompression && matchNo) {
wolfSSL 7:481bce714567 19176 WOLFSSL_MSG("Could only match no compression, turning off");
wolfSSL 7:481bce714567 19177 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 7:481bce714567 19178 } else {
wolfSSL 7:481bce714567 19179 WOLFSSL_MSG("Could not match compression");
wolfSSL 7:481bce714567 19180 return COMPRESSION_ERROR;
wolfSSL 7:481bce714567 19181 }
wolfSSL 7:481bce714567 19182 }
wolfSSL 7:481bce714567 19183
wolfSSL 7:481bce714567 19184 *inOutIdx = i;
wolfSSL 7:481bce714567 19185
wolfSSL 7:481bce714567 19186 /* tls extensions */
wolfSSL 7:481bce714567 19187 if ((i - begin) < helloSz) {
wolfSSL 7:481bce714567 19188 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 19189 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 19190 QSH_Init(ssl);
wolfSSL 7:481bce714567 19191 #endif
wolfSSL 7:481bce714567 19192 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 7:481bce714567 19193 int ret = 0;
wolfSSL 7:481bce714567 19194 #else
wolfSSL 7:481bce714567 19195 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 19196 #endif
wolfSSL 7:481bce714567 19197 /* Process the hello extension. Skip unsupported. */
wolfSSL 7:481bce714567 19198 word16 totalExtSz;
wolfSSL 7:481bce714567 19199
wolfSSL 7:481bce714567 19200 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 19201 /* auto populate extensions supported unless user defined */
wolfSSL 7:481bce714567 19202 if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
wolfSSL 7:481bce714567 19203 return ret;
wolfSSL 7:481bce714567 19204 #endif
wolfSSL 7:481bce714567 19205
wolfSSL 7:481bce714567 19206 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 7:481bce714567 19207 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19208
wolfSSL 7:481bce714567 19209 ato16(&input[i], &totalExtSz);
wolfSSL 7:481bce714567 19210 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19211
wolfSSL 7:481bce714567 19212 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 7:481bce714567 19213 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19214
wolfSSL 7:481bce714567 19215 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 7:481bce714567 19216 /* tls extensions */
wolfSSL 7:481bce714567 19217 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL 7:481bce714567 19218 totalExtSz, 1, &clSuites)))
wolfSSL 7:481bce714567 19219 return ret;
wolfSSL 7:481bce714567 19220 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 19221 if((ret=SNI_Callback(ssl)))
wolfSSL 7:481bce714567 19222 return ret;
wolfSSL 7:481bce714567 19223 #endif /*HAVE_STUNNEL*/
wolfSSL 7:481bce714567 19224
wolfSSL 7:481bce714567 19225 i += totalExtSz;
wolfSSL 7:481bce714567 19226 #else
wolfSSL 7:481bce714567 19227 while (totalExtSz) {
wolfSSL 7:481bce714567 19228 word16 extId, extSz;
wolfSSL 7:481bce714567 19229
wolfSSL 7:481bce714567 19230 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 7:481bce714567 19231 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19232
wolfSSL 7:481bce714567 19233 ato16(&input[i], &extId);
wolfSSL 7:481bce714567 19234 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19235 ato16(&input[i], &extSz);
wolfSSL 7:481bce714567 19236 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19237
wolfSSL 7:481bce714567 19238 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 7:481bce714567 19239 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19240
wolfSSL 7:481bce714567 19241 if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL 7:481bce714567 19242 ato16(&input[i], &clSuites.hashSigAlgoSz);
wolfSSL 7:481bce714567 19243 i += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19244
wolfSSL 7:481bce714567 19245 if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
wolfSSL 7:481bce714567 19246 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19247
wolfSSL 7:481bce714567 19248 XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL 7:481bce714567 19249 min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
wolfSSL 7:481bce714567 19250 i += clSuites.hashSigAlgoSz;
wolfSSL 7:481bce714567 19251
wolfSSL 7:481bce714567 19252 if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
wolfSSL 7:481bce714567 19253 clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
wolfSSL 7:481bce714567 19254 }
wolfSSL 7:481bce714567 19255 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 7:481bce714567 19256 else if (extId == HELLO_EXT_EXTMS)
wolfSSL 7:481bce714567 19257 ssl->options.haveEMS = 1;
wolfSSL 7:481bce714567 19258 #endif
wolfSSL 7:481bce714567 19259 else
wolfSSL 7:481bce714567 19260 i += extSz;
wolfSSL 7:481bce714567 19261
wolfSSL 7:481bce714567 19262 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 7:481bce714567 19263 }
wolfSSL 7:481bce714567 19264 #endif
wolfSSL 7:481bce714567 19265 *inOutIdx = i;
wolfSSL 7:481bce714567 19266 }
wolfSSL 7:481bce714567 19267 else
wolfSSL 7:481bce714567 19268 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 7:481bce714567 19269 }
wolfSSL 7:481bce714567 19270
wolfSSL 7:481bce714567 19271 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 7:481bce714567 19272 ssl->options.haveSessionId = 1;
wolfSSL 7:481bce714567 19273
wolfSSL 7:481bce714567 19274 /* ProcessOld uses same resume code */
wolfSSL 7:481bce714567 19275 if (ssl->options.resuming) {
wolfSSL 7:481bce714567 19276 int ret = -1;
wolfSSL 7:481bce714567 19277 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 7:481bce714567 19278 ssl->arrays->masterSecret, 1);
wolfSSL 7:481bce714567 19279 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 19280 if (ssl->options.useTicket == 1) {
wolfSSL 7:481bce714567 19281 session = &ssl->session;
wolfSSL 7:481bce714567 19282 } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
wolfSSL 7:481bce714567 19283 WOLFSSL_MSG("Bogus session ID without session ticket");
wolfSSL 7:481bce714567 19284 return BUFFER_ERROR;
wolfSSL 7:481bce714567 19285 }
wolfSSL 7:481bce714567 19286 #endif
wolfSSL 7:481bce714567 19287
wolfSSL 7:481bce714567 19288 if (!session) {
wolfSSL 7:481bce714567 19289 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 7:481bce714567 19290 ssl->options.resuming = 0;
wolfSSL 7:481bce714567 19291 }
wolfSSL 7:481bce714567 19292 else if (session->haveEMS != ssl->options.haveEMS) {
wolfSSL 7:481bce714567 19293 /* RFC 7627, 5.3, server-side */
wolfSSL 7:481bce714567 19294 /* if old sess didn't have EMS, but new does, full handshake */
wolfSSL 7:481bce714567 19295 if (!session->haveEMS && ssl->options.haveEMS) {
wolfSSL 7:481bce714567 19296 WOLFSSL_MSG("Attempting to resume a session that didn't "
wolfSSL 7:481bce714567 19297 "use EMS with a new session with EMS. Do full "
wolfSSL 7:481bce714567 19298 "handshake.");
wolfSSL 7:481bce714567 19299 ssl->options.resuming = 0;
wolfSSL 7:481bce714567 19300 }
wolfSSL 7:481bce714567 19301 /* if old sess used EMS, but new doesn't, MUST abort */
wolfSSL 7:481bce714567 19302 else if (session->haveEMS && !ssl->options.haveEMS) {
wolfSSL 7:481bce714567 19303 WOLFSSL_MSG("Trying to resume a session with EMS without "
wolfSSL 7:481bce714567 19304 "using EMS");
wolfSSL 7:481bce714567 19305 return EXT_MASTER_SECRET_NEEDED_E;
wolfSSL 7:481bce714567 19306 }
wolfSSL 7:481bce714567 19307 }
wolfSSL 7:481bce714567 19308 else {
wolfSSL 7:481bce714567 19309 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 7:481bce714567 19310 WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL 7:481bce714567 19311 return UNSUPPORTED_SUITE;
wolfSSL 7:481bce714567 19312 }
wolfSSL 7:481bce714567 19313
wolfSSL 7:481bce714567 19314 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 7:481bce714567 19315 RAN_LEN);
wolfSSL 7:481bce714567 19316 if (ret != 0)
wolfSSL 7:481bce714567 19317 return ret;
wolfSSL 7:481bce714567 19318
wolfSSL 7:481bce714567 19319 #ifdef NO_OLD_TLS
wolfSSL 7:481bce714567 19320 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 19321 #else
wolfSSL 7:481bce714567 19322 #ifndef NO_TLS
wolfSSL 7:481bce714567 19323 if (ssl->options.tls)
wolfSSL 7:481bce714567 19324 ret = DeriveTlsKeys(ssl);
wolfSSL 7:481bce714567 19325 #endif
wolfSSL 7:481bce714567 19326 if (!ssl->options.tls)
wolfSSL 7:481bce714567 19327 ret = DeriveKeys(ssl);
wolfSSL 7:481bce714567 19328 #endif
wolfSSL 7:481bce714567 19329 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 19330
wolfSSL 7:481bce714567 19331 return ret;
wolfSSL 7:481bce714567 19332 }
wolfSSL 7:481bce714567 19333 }
wolfSSL 7:481bce714567 19334 return MatchSuite(ssl, &clSuites);
wolfSSL 7:481bce714567 19335 }
wolfSSL 7:481bce714567 19336
wolfSSL 7:481bce714567 19337
wolfSSL 7:481bce714567 19338 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 7:481bce714567 19339
wolfSSL 7:481bce714567 19340 static int DoCertificateVerify(WOLFSSL* ssl, byte* input,
wolfSSL 7:481bce714567 19341 word32* inOutIdx, word32 size)
wolfSSL 7:481bce714567 19342 {
wolfSSL 7:481bce714567 19343 int ret = 0;
wolfSSL 7:481bce714567 19344 byte* output = NULL;
wolfSSL 7:481bce714567 19345 word32 sendSz = 0;
wolfSSL 7:481bce714567 19346 word16 sz = 0;
wolfSSL 7:481bce714567 19347 word32 sigSz = 0;
wolfSSL 7:481bce714567 19348 byte hashAlgo = sha_mac;
wolfSSL 7:481bce714567 19349 byte sigAlgo = anonymous_sa_algo;
wolfSSL 7:481bce714567 19350 word32 idx = *inOutIdx, begin = *inOutIdx;
wolfSSL 7:481bce714567 19351
wolfSSL 7:481bce714567 19352 WOLFSSL_ENTER("DoCertificateVerify");
wolfSSL 7:481bce714567 19353
wolfSSL 7:481bce714567 19354 (void)sigSz;
wolfSSL 7:481bce714567 19355 (void)output;
wolfSSL 7:481bce714567 19356 (void)sendSz;
wolfSSL 7:481bce714567 19357
wolfSSL 7:481bce714567 19358 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 19359 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 19360 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 19361 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 19362
wolfSSL 7:481bce714567 19363 /* Clear event */
wolfSSL 7:481bce714567 19364 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 19365
wolfSSL 7:481bce714567 19366 /* Check for error */
wolfSSL 7:481bce714567 19367 if (ret < 0) {
wolfSSL 7:481bce714567 19368 goto exit_dcv;
wolfSSL 7:481bce714567 19369 }
wolfSSL 7:481bce714567 19370 else {
wolfSSL 7:481bce714567 19371 /* Restore variables needed for async */
wolfSSL 7:481bce714567 19372 output = ssl->async.output;
wolfSSL 7:481bce714567 19373 sendSz = ssl->async.sendSz;
wolfSSL 7:481bce714567 19374 idx = ssl->async.idx;
wolfSSL 7:481bce714567 19375 sigSz = ssl->async.sigSz;
wolfSSL 7:481bce714567 19376 sz = ssl->async.length;
wolfSSL 7:481bce714567 19377 sigAlgo = ssl->async.sigAlgo;
wolfSSL 7:481bce714567 19378 hashAlgo = ssl->async.hashAlgo;
wolfSSL 7:481bce714567 19379
wolfSSL 7:481bce714567 19380 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 19381 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 19382 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 19383 }
wolfSSL 7:481bce714567 19384 }
wolfSSL 7:481bce714567 19385 }
wolfSSL 7:481bce714567 19386 else
wolfSSL 7:481bce714567 19387 #endif
wolfSSL 7:481bce714567 19388 {
wolfSSL 7:481bce714567 19389 /* Reset state */
wolfSSL 7:481bce714567 19390 ret = 0;
wolfSSL 7:481bce714567 19391 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 19392 }
wolfSSL 7:481bce714567 19393
wolfSSL 7:481bce714567 19394 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 19395 {
wolfSSL 7:481bce714567 19396 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 19397 {
wolfSSL 7:481bce714567 19398 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 19399 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 19400 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 19401 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 19402 AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 19403 #endif
wolfSSL 7:481bce714567 19404
wolfSSL 7:481bce714567 19405 /* Advance state and proceed */
wolfSSL 7:481bce714567 19406 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 19407 } /* case KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 19408
wolfSSL 7:481bce714567 19409 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 19410 {
wolfSSL 7:481bce714567 19411 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 19412 if ((idx - begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL 7:481bce714567 19413 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 7:481bce714567 19414 }
wolfSSL 7:481bce714567 19415
wolfSSL 7:481bce714567 19416 hashAlgo = input[idx++];
wolfSSL 7:481bce714567 19417 sigAlgo = input[idx++];
wolfSSL 7:481bce714567 19418 }
wolfSSL 7:481bce714567 19419
wolfSSL 7:481bce714567 19420 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 19421 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 7:481bce714567 19422 }
wolfSSL 7:481bce714567 19423
wolfSSL 7:481bce714567 19424 ato16(input + idx, &sz);
wolfSSL 7:481bce714567 19425 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 19426
wolfSSL 7:481bce714567 19427 if ((idx - begin) + sz > size || sz > ENCRYPT_LEN) {
wolfSSL 7:481bce714567 19428 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 7:481bce714567 19429 }
wolfSSL 7:481bce714567 19430
wolfSSL 7:481bce714567 19431 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 19432 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 7:481bce714567 19433 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 7:481bce714567 19434 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 19435
wolfSSL 7:481bce714567 19436 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 7:481bce714567 19437
wolfSSL 7:481bce714567 19438 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 19439 if (sigAlgo != ecc_dsa_sa_algo) {
wolfSSL 7:481bce714567 19440 WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL 7:481bce714567 19441 }
wolfSSL 7:481bce714567 19442
wolfSSL 7:481bce714567 19443 if (hashAlgo == sha256_mac) {
wolfSSL 7:481bce714567 19444 #ifndef NO_SHA256
wolfSSL 7:481bce714567 19445 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 7:481bce714567 19446 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 19447 #endif
wolfSSL 7:481bce714567 19448 }
wolfSSL 7:481bce714567 19449 else if (hashAlgo == sha384_mac) {
wolfSSL 7:481bce714567 19450 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 19451 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 7:481bce714567 19452 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 7:481bce714567 19453 #endif
wolfSSL 7:481bce714567 19454 }
wolfSSL 7:481bce714567 19455 else if (hashAlgo == sha512_mac) {
wolfSSL 7:481bce714567 19456 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 19457 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 7:481bce714567 19458 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 7:481bce714567 19459 #endif
wolfSSL 7:481bce714567 19460 }
wolfSSL 7:481bce714567 19461 }
wolfSSL 7:481bce714567 19462 }
wolfSSL 7:481bce714567 19463 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 19464
wolfSSL 7:481bce714567 19465 /* Advance state and proceed */
wolfSSL 7:481bce714567 19466 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 19467 } /* case KEYSHARE_BUILD */
wolfSSL 7:481bce714567 19468
wolfSSL 7:481bce714567 19469 case KEYSHARE_DO:
wolfSSL 7:481bce714567 19470 {
wolfSSL 7:481bce714567 19471 #ifndef NO_RSA
wolfSSL 7:481bce714567 19472 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 7:481bce714567 19473 WOLFSSL_MSG("Doing RSA peer cert verify");
wolfSSL 7:481bce714567 19474
wolfSSL 7:481bce714567 19475 ret = RsaVerify(ssl,
wolfSSL 7:481bce714567 19476 input + idx,
wolfSSL 7:481bce714567 19477 sz,
wolfSSL 7:481bce714567 19478 &output,
wolfSSL 7:481bce714567 19479 ssl->peerRsaKey,
wolfSSL 7:481bce714567 19480 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 19481 ssl->buffers.peerRsaKey.buffer,
wolfSSL 7:481bce714567 19482 ssl->buffers.peerRsaKey.length,
wolfSSL 7:481bce714567 19483 ssl->RsaVerifyCtx
wolfSSL 7:481bce714567 19484 #else
wolfSSL 7:481bce714567 19485 NULL, 0, NULL
wolfSSL 7:481bce714567 19486 #endif
wolfSSL 7:481bce714567 19487 );
wolfSSL 7:481bce714567 19488 if (ret >= 0) {
wolfSSL 7:481bce714567 19489 sendSz = ret;
wolfSSL 7:481bce714567 19490 ret = 0;
wolfSSL 7:481bce714567 19491 }
wolfSSL 7:481bce714567 19492 }
wolfSSL 7:481bce714567 19493 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 19494 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 19495 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 7:481bce714567 19496 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 7:481bce714567 19497
wolfSSL 7:481bce714567 19498 ret = EccVerify(ssl,
wolfSSL 7:481bce714567 19499 input + idx, sz,
wolfSSL 7:481bce714567 19500 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 7:481bce714567 19501 ssl->peerEccDsaKey,
wolfSSL 7:481bce714567 19502 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 19503 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 7:481bce714567 19504 ssl->buffers.peerEccDsaKey.length,
wolfSSL 7:481bce714567 19505 ssl->EccVerifyCtx
wolfSSL 7:481bce714567 19506 #else
wolfSSL 7:481bce714567 19507 NULL, 0, NULL
wolfSSL 7:481bce714567 19508 #endif
wolfSSL 7:481bce714567 19509 );
wolfSSL 7:481bce714567 19510 }
wolfSSL 7:481bce714567 19511 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 19512
wolfSSL 7:481bce714567 19513 /* Check for error */
wolfSSL 7:481bce714567 19514 if (ret != 0) {
wolfSSL 7:481bce714567 19515 goto exit_dcv;
wolfSSL 7:481bce714567 19516 }
wolfSSL 7:481bce714567 19517
wolfSSL 7:481bce714567 19518 /* Advance state and proceed */
wolfSSL 7:481bce714567 19519 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 19520 } /* case KEYSHARE_DO */
wolfSSL 7:481bce714567 19521
wolfSSL 7:481bce714567 19522 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 19523 {
wolfSSL 7:481bce714567 19524 #ifndef NO_RSA
wolfSSL 7:481bce714567 19525 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 7:481bce714567 19526 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 7:481bce714567 19527 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19528 byte* encodedSig = NULL;
wolfSSL 7:481bce714567 19529 #else
wolfSSL 7:481bce714567 19530 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 7:481bce714567 19531 #endif
wolfSSL 7:481bce714567 19532 int typeH = SHAh;
wolfSSL 7:481bce714567 19533
wolfSSL 7:481bce714567 19534 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 7:481bce714567 19535 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 7:481bce714567 19536
wolfSSL 7:481bce714567 19537 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19538 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL 7:481bce714567 19539 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19540 if (encodedSig == NULL) {
wolfSSL 7:481bce714567 19541 ERROR_OUT(MEMORY_E, exit_dcv);
wolfSSL 7:481bce714567 19542 }
wolfSSL 7:481bce714567 19543 #endif
wolfSSL 7:481bce714567 19544
wolfSSL 7:481bce714567 19545 if (sigAlgo != rsa_sa_algo) {
wolfSSL 7:481bce714567 19546 WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
wolfSSL 7:481bce714567 19547 }
wolfSSL 7:481bce714567 19548
wolfSSL 7:481bce714567 19549 switch (hashAlgo) {
wolfSSL 7:481bce714567 19550 #ifndef NO_SHA256
wolfSSL 7:481bce714567 19551 case sha256_mac:
wolfSSL 7:481bce714567 19552 typeH = SHA256h;
wolfSSL 7:481bce714567 19553 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 7:481bce714567 19554 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 7:481bce714567 19555 break;
wolfSSL 7:481bce714567 19556 #endif /* !NO_SHA256 */
wolfSSL 7:481bce714567 19557 #ifdef WOLFSSL_SHA384
wolfSSL 7:481bce714567 19558 case sha384_mac:
wolfSSL 7:481bce714567 19559 typeH = SHA384h;
wolfSSL 7:481bce714567 19560 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 7:481bce714567 19561 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 7:481bce714567 19562 break;
wolfSSL 7:481bce714567 19563 #endif /* WOLFSSL_SHA384 */
wolfSSL 7:481bce714567 19564 #ifdef WOLFSSL_SHA512
wolfSSL 7:481bce714567 19565 case sha512_mac:
wolfSSL 7:481bce714567 19566 typeH = SHA512h;
wolfSSL 7:481bce714567 19567 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 7:481bce714567 19568 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 7:481bce714567 19569 break;
wolfSSL 7:481bce714567 19570 #endif /* WOLFSSL_SHA512 */
wolfSSL 7:481bce714567 19571 } /* switch */
wolfSSL 7:481bce714567 19572
wolfSSL 7:481bce714567 19573 sigSz = wc_EncodeSignature(encodedSig,
wolfSSL 7:481bce714567 19574 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 7:481bce714567 19575 typeH);
wolfSSL 7:481bce714567 19576
wolfSSL 7:481bce714567 19577 if (sendSz != sigSz || !output || XMEMCMP(output,
wolfSSL 7:481bce714567 19578 encodedSig, min(sigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 7:481bce714567 19579 ret = VERIFY_CERT_ERROR;
wolfSSL 7:481bce714567 19580 }
wolfSSL 7:481bce714567 19581
wolfSSL 7:481bce714567 19582 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 7:481bce714567 19583 XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 7:481bce714567 19584 #endif
wolfSSL 7:481bce714567 19585 }
wolfSSL 7:481bce714567 19586 else {
wolfSSL 7:481bce714567 19587 if (sendSz != FINISHED_SZ || !output || XMEMCMP(output,
wolfSSL 7:481bce714567 19588 &ssl->hsHashes->certHashes, FINISHED_SZ) != 0) {
wolfSSL 7:481bce714567 19589 ret = VERIFY_CERT_ERROR;
wolfSSL 7:481bce714567 19590 }
wolfSSL 7:481bce714567 19591 }
wolfSSL 7:481bce714567 19592 }
wolfSSL 7:481bce714567 19593 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 19594
wolfSSL 7:481bce714567 19595 /* Advance state and proceed */
wolfSSL 7:481bce714567 19596 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 19597 } /* case KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 19598
wolfSSL 7:481bce714567 19599 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 19600 {
wolfSSL 7:481bce714567 19601 ssl->options.havePeerVerify = 1;
wolfSSL 7:481bce714567 19602
wolfSSL 7:481bce714567 19603 /* Set final index */
wolfSSL 7:481bce714567 19604 idx += sz;
wolfSSL 7:481bce714567 19605 *inOutIdx = idx;
wolfSSL 7:481bce714567 19606
wolfSSL 7:481bce714567 19607 /* Advance state and proceed */
wolfSSL 7:481bce714567 19608 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 19609 } /* case KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 19610
wolfSSL 7:481bce714567 19611 case KEYSHARE_END:
wolfSSL 7:481bce714567 19612 {
wolfSSL 7:481bce714567 19613 break;
wolfSSL 7:481bce714567 19614 }
wolfSSL 7:481bce714567 19615 default:
wolfSSL 7:481bce714567 19616 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 19617 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 19618
wolfSSL 7:481bce714567 19619 exit_dcv:
wolfSSL 7:481bce714567 19620
wolfSSL 7:481bce714567 19621 WOLFSSL_LEAVE("DoCertificateVerify", ret);
wolfSSL 7:481bce714567 19622
wolfSSL 7:481bce714567 19623 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 19624
wolfSSL 7:481bce714567 19625
wolfSSL 7:481bce714567 19626 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 19627 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 19628 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 19629 /* Store variables needed for async */
wolfSSL 7:481bce714567 19630 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 19631 ssl->async.output = output;
wolfSSL 7:481bce714567 19632 ssl->async.sendSz = sendSz;
wolfSSL 7:481bce714567 19633 ssl->async.idx = idx;
wolfSSL 7:481bce714567 19634 ssl->async.sigSz = sigSz;
wolfSSL 7:481bce714567 19635 ssl->async.length = sz;
wolfSSL 7:481bce714567 19636 ssl->async.sigAlgo = sigAlgo;
wolfSSL 7:481bce714567 19637 ssl->async.hashAlgo = hashAlgo;
wolfSSL 7:481bce714567 19638
wolfSSL 7:481bce714567 19639 /* Mark message as not recevied so it can process again */
wolfSSL 7:481bce714567 19640 ssl->msgsReceived.got_certificate_verify = 0;
wolfSSL 7:481bce714567 19641
wolfSSL 7:481bce714567 19642 /* Push event to queue */
wolfSSL 7:481bce714567 19643 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 19644 if (ret == 0) {
wolfSSL 7:481bce714567 19645 return WC_PENDING_E;
wolfSSL 7:481bce714567 19646 }
wolfSSL 7:481bce714567 19647 }
wolfSSL 7:481bce714567 19648 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 19649
wolfSSL 7:481bce714567 19650 /* Digest is not allocated, so do this to prevent free */
wolfSSL 7:481bce714567 19651 ssl->buffers.digest.buffer = NULL;
wolfSSL 7:481bce714567 19652 ssl->buffers.digest.length = 0;
wolfSSL 7:481bce714567 19653
wolfSSL 7:481bce714567 19654 /* Final cleanup */
wolfSSL 7:481bce714567 19655 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 19656
wolfSSL 7:481bce714567 19657 return ret;
wolfSSL 7:481bce714567 19658 }
wolfSSL 7:481bce714567 19659
wolfSSL 7:481bce714567 19660 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 7:481bce714567 19661
wolfSSL 7:481bce714567 19662 int SendServerHelloDone(WOLFSSL* ssl)
wolfSSL 7:481bce714567 19663 {
wolfSSL 7:481bce714567 19664 byte *output;
wolfSSL 7:481bce714567 19665 int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 19666 int ret;
wolfSSL 7:481bce714567 19667
wolfSSL 7:481bce714567 19668 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19669 if (ssl->options.dtls)
wolfSSL 7:481bce714567 19670 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 19671 #endif
wolfSSL 7:481bce714567 19672 /* check for available size */
wolfSSL 7:481bce714567 19673 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 19674 return ret;
wolfSSL 7:481bce714567 19675
wolfSSL 7:481bce714567 19676 /* get output buffer */
wolfSSL 7:481bce714567 19677 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 19678 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 19679
wolfSSL 7:481bce714567 19680 AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL 7:481bce714567 19681
wolfSSL 7:481bce714567 19682 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19683 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 7:481bce714567 19684 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 19685 return 0;
wolfSSL 7:481bce714567 19686 }
wolfSSL 7:481bce714567 19687
wolfSSL 7:481bce714567 19688 if (ssl->options.dtls)
wolfSSL 7:481bce714567 19689 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 19690 #endif
wolfSSL 7:481bce714567 19691
wolfSSL 7:481bce714567 19692 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 19693 if (ret != 0)
wolfSSL 7:481bce714567 19694 return ret;
wolfSSL 7:481bce714567 19695
wolfSSL 7:481bce714567 19696 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 19697 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 19698 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 19699 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 19700 AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
wolfSSL 7:481bce714567 19701 ssl->heap);
wolfSSL 7:481bce714567 19702 #endif
wolfSSL 7:481bce714567 19703 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 7:481bce714567 19704
wolfSSL 7:481bce714567 19705 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 19706
wolfSSL 7:481bce714567 19707 return SendBuffered(ssl);
wolfSSL 7:481bce714567 19708 }
wolfSSL 7:481bce714567 19709
wolfSSL 7:481bce714567 19710
wolfSSL 7:481bce714567 19711 #ifdef HAVE_SESSION_TICKET
wolfSSL 7:481bce714567 19712
wolfSSL 7:481bce714567 19713 #define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
wolfSSL 7:481bce714567 19714 WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
wolfSSL 7:481bce714567 19715 #define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
wolfSSL 7:481bce714567 19716
wolfSSL 7:481bce714567 19717 /* our ticket format */
wolfSSL 7:481bce714567 19718 typedef struct InternalTicket {
wolfSSL 7:481bce714567 19719 ProtocolVersion pv; /* version when ticket created */
wolfSSL 7:481bce714567 19720 byte suite[SUITE_LEN]; /* cipher suite when created */
wolfSSL 7:481bce714567 19721 byte msecret[SECRET_LEN]; /* master secret */
wolfSSL 7:481bce714567 19722 word32 timestamp; /* born on */
wolfSSL 7:481bce714567 19723 word16 haveEMS; /* have extended master secret */
wolfSSL 7:481bce714567 19724 } InternalTicket;
wolfSSL 7:481bce714567 19725
wolfSSL 7:481bce714567 19726 /* fit within SESSION_TICKET_LEN */
wolfSSL 7:481bce714567 19727 typedef struct ExternalTicket {
wolfSSL 7:481bce714567 19728 byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
wolfSSL 7:481bce714567 19729 byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
wolfSSL 7:481bce714567 19730 byte enc_len[LENGTH_SZ]; /* encrypted length */
wolfSSL 7:481bce714567 19731 byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
wolfSSL 7:481bce714567 19732 byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
wolfSSL 7:481bce714567 19733 /* !! if add to structure, add to TICKET_FIXED_SZ !! */
wolfSSL 7:481bce714567 19734 } ExternalTicket;
wolfSSL 7:481bce714567 19735
wolfSSL 7:481bce714567 19736 /* create a new session ticket, 0 on success */
wolfSSL 7:481bce714567 19737 static int CreateTicket(WOLFSSL* ssl)
wolfSSL 7:481bce714567 19738 {
wolfSSL 7:481bce714567 19739 InternalTicket it;
wolfSSL 7:481bce714567 19740 ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
wolfSSL 7:481bce714567 19741 int encLen;
wolfSSL 7:481bce714567 19742 int ret;
wolfSSL 7:481bce714567 19743 byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
wolfSSL 7:481bce714567 19744
wolfSSL 7:481bce714567 19745 XMEMSET(&it, 0, sizeof(it));
wolfSSL 7:481bce714567 19746
wolfSSL 7:481bce714567 19747 /* build internal */
wolfSSL 7:481bce714567 19748 it.pv.major = ssl->version.major;
wolfSSL 7:481bce714567 19749 it.pv.minor = ssl->version.minor;
wolfSSL 7:481bce714567 19750
wolfSSL 7:481bce714567 19751 it.suite[0] = ssl->options.cipherSuite0;
wolfSSL 7:481bce714567 19752 it.suite[1] = ssl->options.cipherSuite;
wolfSSL 7:481bce714567 19753
wolfSSL 7:481bce714567 19754 XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 7:481bce714567 19755 c32toa(LowResTimer(), (byte*)&it.timestamp);
wolfSSL 7:481bce714567 19756 it.haveEMS = ssl->options.haveEMS;
wolfSSL 7:481bce714567 19757
wolfSSL 7:481bce714567 19758 /* build external */
wolfSSL 7:481bce714567 19759 XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
wolfSSL 7:481bce714567 19760
wolfSSL 7:481bce714567 19761 /* encrypt */
wolfSSL 7:481bce714567 19762 encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
wolfSSL 7:481bce714567 19763 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
wolfSSL 7:481bce714567 19764 et->enc_ticket, sizeof(InternalTicket),
wolfSSL 7:481bce714567 19765 &encLen, ssl->ctx->ticketEncCtx);
wolfSSL 7:481bce714567 19766 if (ret == WOLFSSL_TICKET_RET_OK) {
wolfSSL 7:481bce714567 19767 if (encLen < (int)sizeof(InternalTicket) ||
wolfSSL 7:481bce714567 19768 encLen > WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 7:481bce714567 19769 WOLFSSL_MSG("Bad user ticket encrypt size");
wolfSSL 7:481bce714567 19770 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 7:481bce714567 19771 }
wolfSSL 7:481bce714567 19772
wolfSSL 7:481bce714567 19773 /* sanity checks on encrypt callback */
wolfSSL 7:481bce714567 19774
wolfSSL 7:481bce714567 19775 /* internal ticket can't be the same if encrypted */
wolfSSL 7:481bce714567 19776 if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
wolfSSL 7:481bce714567 19777 WOLFSSL_MSG("User ticket encrypt didn't encrypt");
wolfSSL 7:481bce714567 19778 return BAD_TICKET_ENCRYPT;
wolfSSL 7:481bce714567 19779 }
wolfSSL 7:481bce714567 19780
wolfSSL 7:481bce714567 19781 XMEMSET(zeros, 0, sizeof(zeros));
wolfSSL 7:481bce714567 19782
wolfSSL 7:481bce714567 19783 /* name */
wolfSSL 7:481bce714567 19784 if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
wolfSSL 7:481bce714567 19785 WOLFSSL_MSG("User ticket encrypt didn't set name");
wolfSSL 7:481bce714567 19786 return BAD_TICKET_ENCRYPT;
wolfSSL 7:481bce714567 19787 }
wolfSSL 7:481bce714567 19788
wolfSSL 7:481bce714567 19789 /* iv */
wolfSSL 7:481bce714567 19790 if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
wolfSSL 7:481bce714567 19791 WOLFSSL_MSG("User ticket encrypt didn't set iv");
wolfSSL 7:481bce714567 19792 return BAD_TICKET_ENCRYPT;
wolfSSL 7:481bce714567 19793 }
wolfSSL 7:481bce714567 19794
wolfSSL 7:481bce714567 19795 /* mac */
wolfSSL 7:481bce714567 19796 if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
wolfSSL 7:481bce714567 19797 WOLFSSL_MSG("User ticket encrypt didn't set mac");
wolfSSL 7:481bce714567 19798 return BAD_TICKET_ENCRYPT;
wolfSSL 7:481bce714567 19799 }
wolfSSL 7:481bce714567 19800
wolfSSL 7:481bce714567 19801 /* set size */
wolfSSL 7:481bce714567 19802 c16toa((word16)encLen, et->enc_len);
wolfSSL 7:481bce714567 19803 ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
wolfSSL 7:481bce714567 19804 if (encLen < WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 7:481bce714567 19805 /* move mac up since whole enc buffer not used */
wolfSSL 7:481bce714567 19806 XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
wolfSSL 7:481bce714567 19807 }
wolfSSL 7:481bce714567 19808 }
wolfSSL 7:481bce714567 19809
wolfSSL 7:481bce714567 19810 return ret;
wolfSSL 7:481bce714567 19811 }
wolfSSL 7:481bce714567 19812
wolfSSL 7:481bce714567 19813
wolfSSL 7:481bce714567 19814 /* Parse ticket sent by client, returns callback return value */
wolfSSL 7:481bce714567 19815 int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
wolfSSL 7:481bce714567 19816 {
wolfSSL 7:481bce714567 19817 ExternalTicket* et;
wolfSSL 7:481bce714567 19818 InternalTicket* it;
wolfSSL 7:481bce714567 19819 int ret;
wolfSSL 7:481bce714567 19820 int outLen;
wolfSSL 7:481bce714567 19821 word16 inLen;
wolfSSL 7:481bce714567 19822
wolfSSL 7:481bce714567 19823 if (len > SESSION_TICKET_LEN ||
wolfSSL 7:481bce714567 19824 len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 7:481bce714567 19825 return BAD_TICKET_MSG_SZ;
wolfSSL 7:481bce714567 19826 }
wolfSSL 7:481bce714567 19827
wolfSSL 7:481bce714567 19828 et = (ExternalTicket*)input;
wolfSSL 7:481bce714567 19829 it = (InternalTicket*)et->enc_ticket;
wolfSSL 7:481bce714567 19830
wolfSSL 7:481bce714567 19831 /* decrypt */
wolfSSL 7:481bce714567 19832 ato16(et->enc_len, &inLen);
wolfSSL 7:481bce714567 19833 if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 7:481bce714567 19834 return BAD_TICKET_MSG_SZ;
wolfSSL 7:481bce714567 19835 }
wolfSSL 7:481bce714567 19836 outLen = inLen; /* may be reduced by user padding */
wolfSSL 7:481bce714567 19837 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
wolfSSL 7:481bce714567 19838 et->enc_ticket + inLen, 0,
wolfSSL 7:481bce714567 19839 et->enc_ticket, inLen, &outLen,
wolfSSL 7:481bce714567 19840 ssl->ctx->ticketEncCtx);
wolfSSL 7:481bce714567 19841 if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
wolfSSL 7:481bce714567 19842 if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
wolfSSL 7:481bce714567 19843 WOLFSSL_MSG("Bad user ticket decrypt len");
wolfSSL 7:481bce714567 19844 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 7:481bce714567 19845 }
wolfSSL 7:481bce714567 19846
wolfSSL 7:481bce714567 19847 /* get master secret */
wolfSSL 7:481bce714567 19848 if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 7:481bce714567 19849 XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
wolfSSL 7:481bce714567 19850 /* Copy the haveExtendedMasterSecret property from the ticket to
wolfSSL 7:481bce714567 19851 * the saved session, so the property may be checked later. */
wolfSSL 7:481bce714567 19852 ssl->session.haveEMS = it->haveEMS;
wolfSSL 7:481bce714567 19853 }
wolfSSL 7:481bce714567 19854
wolfSSL 7:481bce714567 19855 return ret;
wolfSSL 7:481bce714567 19856 }
wolfSSL 7:481bce714567 19857
wolfSSL 7:481bce714567 19858
wolfSSL 7:481bce714567 19859 /* send Session Ticket */
wolfSSL 7:481bce714567 19860 int SendTicket(WOLFSSL* ssl)
wolfSSL 7:481bce714567 19861 {
wolfSSL 7:481bce714567 19862 byte* output;
wolfSSL 7:481bce714567 19863 int ret;
wolfSSL 7:481bce714567 19864 int sendSz;
wolfSSL 7:481bce714567 19865 word32 length = SESSION_HINT_SZ + LENGTH_SZ;
wolfSSL 7:481bce714567 19866 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 19867
wolfSSL 7:481bce714567 19868 if (ssl->options.createTicket) {
wolfSSL 7:481bce714567 19869 ret = CreateTicket(ssl);
wolfSSL 7:481bce714567 19870 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19871 }
wolfSSL 7:481bce714567 19872
wolfSSL 7:481bce714567 19873 length += ssl->session.ticketLen;
wolfSSL 7:481bce714567 19874 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 7:481bce714567 19875
wolfSSL 7:481bce714567 19876 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19877 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 19878 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 19879 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 7:481bce714567 19880 }
wolfSSL 7:481bce714567 19881 #endif
wolfSSL 7:481bce714567 19882 /* check for available size */
wolfSSL 7:481bce714567 19883 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 19884 return ret;
wolfSSL 7:481bce714567 19885
wolfSSL 7:481bce714567 19886 /* get output buffer */
wolfSSL 7:481bce714567 19887 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 19888 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 19889
wolfSSL 7:481bce714567 19890 AddHeaders(output, length, session_ticket, ssl);
wolfSSL 7:481bce714567 19891
wolfSSL 7:481bce714567 19892 /* hint */
wolfSSL 7:481bce714567 19893 c32toa(ssl->ctx->ticketHint, output + idx);
wolfSSL 7:481bce714567 19894 idx += SESSION_HINT_SZ;
wolfSSL 7:481bce714567 19895
wolfSSL 7:481bce714567 19896 /* length */
wolfSSL 7:481bce714567 19897 c16toa(ssl->session.ticketLen, output + idx);
wolfSSL 7:481bce714567 19898 idx += LENGTH_SZ;
wolfSSL 7:481bce714567 19899
wolfSSL 7:481bce714567 19900 /* ticket */
wolfSSL 7:481bce714567 19901 XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 7:481bce714567 19902 /* idx += ssl->session.ticketLen; */
wolfSSL 7:481bce714567 19903
wolfSSL 7:481bce714567 19904 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19905 if (ssl->options.dtls) {
wolfSSL 7:481bce714567 19906 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 7:481bce714567 19907 return ret;
wolfSSL 7:481bce714567 19908
wolfSSL 7:481bce714567 19909 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 7:481bce714567 19910 }
wolfSSL 7:481bce714567 19911 #endif
wolfSSL 7:481bce714567 19912
wolfSSL 7:481bce714567 19913 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 7:481bce714567 19914 if (ret != 0) return ret;
wolfSSL 7:481bce714567 19915 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 19916
wolfSSL 7:481bce714567 19917 return SendBuffered(ssl);
wolfSSL 7:481bce714567 19918 }
wolfSSL 7:481bce714567 19919
wolfSSL 7:481bce714567 19920 #endif /* HAVE_SESSION_TICKET */
wolfSSL 7:481bce714567 19921
wolfSSL 7:481bce714567 19922
wolfSSL 7:481bce714567 19923 #ifdef WOLFSSL_DTLS
wolfSSL 7:481bce714567 19924 static int SendHelloVerifyRequest(WOLFSSL* ssl,
wolfSSL 7:481bce714567 19925 const byte* cookie, byte cookieSz)
wolfSSL 7:481bce714567 19926 {
wolfSSL 7:481bce714567 19927 byte* output;
wolfSSL 7:481bce714567 19928 int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL 7:481bce714567 19929 int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 7:481bce714567 19930 int sendSz = length + idx;
wolfSSL 7:481bce714567 19931 int ret;
wolfSSL 7:481bce714567 19932
wolfSSL 7:481bce714567 19933 /* check for available size */
wolfSSL 7:481bce714567 19934 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 7:481bce714567 19935 return ret;
wolfSSL 7:481bce714567 19936
wolfSSL 7:481bce714567 19937 /* get output buffer */
wolfSSL 7:481bce714567 19938 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 7:481bce714567 19939 ssl->buffers.outputBuffer.length;
wolfSSL 7:481bce714567 19940
wolfSSL 7:481bce714567 19941 /* Hello Verify Request should use the same sequence number as the
wolfSSL 7:481bce714567 19942 * Client Hello. */
wolfSSL 7:481bce714567 19943 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 7:481bce714567 19944 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 7:481bce714567 19945 AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL 7:481bce714567 19946
wolfSSL 7:481bce714567 19947 #ifdef OPENSSL_EXTRA
wolfSSL 7:481bce714567 19948 output[idx++] = DTLS_MAJOR;
wolfSSL 7:481bce714567 19949 output[idx++] = DTLS_MINOR;
wolfSSL 7:481bce714567 19950 #else
wolfSSL 7:481bce714567 19951 output[idx++] = ssl->version.major;
wolfSSL 7:481bce714567 19952 output[idx++] = ssl->version.minor;
wolfSSL 7:481bce714567 19953 #endif
wolfSSL 7:481bce714567 19954
wolfSSL 7:481bce714567 19955 output[idx++] = cookieSz;
wolfSSL 7:481bce714567 19956 if (cookie == NULL || cookieSz == 0)
wolfSSL 7:481bce714567 19957 return COOKIE_ERROR;
wolfSSL 7:481bce714567 19958
wolfSSL 7:481bce714567 19959 XMEMCPY(output + idx, cookie, cookieSz);
wolfSSL 7:481bce714567 19960
wolfSSL 7:481bce714567 19961 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 19962 if (ssl->hsInfoOn)
wolfSSL 7:481bce714567 19963 AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 19964 if (ssl->toInfoOn)
wolfSSL 7:481bce714567 19965 AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
wolfSSL 7:481bce714567 19966 sendSz, ssl->heap);
wolfSSL 7:481bce714567 19967 #endif
wolfSSL 7:481bce714567 19968
wolfSSL 7:481bce714567 19969 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 7:481bce714567 19970
wolfSSL 7:481bce714567 19971 return SendBuffered(ssl);
wolfSSL 7:481bce714567 19972 }
wolfSSL 7:481bce714567 19973 #endif /* WOLFSSL_DTLS */
wolfSSL 7:481bce714567 19974
wolfSSL 7:481bce714567 19975 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 7:481bce714567 19976 word32 size)
wolfSSL 7:481bce714567 19977 {
wolfSSL 7:481bce714567 19978 int ret;
wolfSSL 7:481bce714567 19979 word32 length = 0;
wolfSSL 7:481bce714567 19980 word32 idx = *inOutIdx, begin = *inOutIdx;
wolfSSL 7:481bce714567 19981 byte* output_lcl = NULL;
wolfSSL 7:481bce714567 19982 byte** output = &output_lcl;
wolfSSL 7:481bce714567 19983
wolfSSL 7:481bce714567 19984 /* suppress possible compiler warnings */
wolfSSL 7:481bce714567 19985 (void)input;
wolfSSL 7:481bce714567 19986 (void)size;
wolfSSL 7:481bce714567 19987 (void)length;
wolfSSL 7:481bce714567 19988 (void)idx;
wolfSSL 7:481bce714567 19989 (void)output;
wolfSSL 7:481bce714567 19990
wolfSSL 7:481bce714567 19991 WOLFSSL_ENTER("DoClientKeyExchange");
wolfSSL 7:481bce714567 19992
wolfSSL 7:481bce714567 19993 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 19994 /* use async pointer for output */
wolfSSL 7:481bce714567 19995 output = &ssl->async.output;
wolfSSL 7:481bce714567 19996
wolfSSL 7:481bce714567 19997 ret = wolfAsync_EventPop(&ssl->event, WOLF_EVENT_TYPE_ASYNC_ANY);
wolfSSL 7:481bce714567 19998 if (ret != WC_NOT_PENDING_E) {
wolfSSL 7:481bce714567 19999 WOLF_EVENT_TYPE eType = ssl->event.type;
wolfSSL 7:481bce714567 20000
wolfSSL 7:481bce714567 20001 /* Clear event */
wolfSSL 7:481bce714567 20002 XMEMSET(&ssl->event, 0, sizeof(ssl->event));
wolfSSL 7:481bce714567 20003
wolfSSL 7:481bce714567 20004 /* Check for error */
wolfSSL 7:481bce714567 20005 if (ret < 0) {
wolfSSL 7:481bce714567 20006 goto exit_dcke;
wolfSSL 7:481bce714567 20007 }
wolfSSL 7:481bce714567 20008 else {
wolfSSL 7:481bce714567 20009 /* Restore variables needed for async */
wolfSSL 7:481bce714567 20010 idx = ssl->async.idx;
wolfSSL 7:481bce714567 20011 length = ssl->async.length;
wolfSSL 7:481bce714567 20012
wolfSSL 7:481bce714567 20013 /* Advance key share state if not wolfCrypt */
wolfSSL 7:481bce714567 20014 if (eType == WOLF_EVENT_TYPE_ASYNC_WOLFSSL) {
wolfSSL 7:481bce714567 20015 ssl->options.keyShareState++;
wolfSSL 7:481bce714567 20016 }
wolfSSL 7:481bce714567 20017 }
wolfSSL 7:481bce714567 20018 }
wolfSSL 7:481bce714567 20019 else
wolfSSL 7:481bce714567 20020 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 20021 {
wolfSSL 7:481bce714567 20022 /* Reset state */
wolfSSL 7:481bce714567 20023 ret = 0;
wolfSSL 7:481bce714567 20024 ssl->options.keyShareState = KEYSHARE_BEGIN;
wolfSSL 7:481bce714567 20025 }
wolfSSL 7:481bce714567 20026
wolfSSL 7:481bce714567 20027 /* Do Client Key Exchange State Machine */
wolfSSL 7:481bce714567 20028 switch(ssl->options.keyShareState)
wolfSSL 7:481bce714567 20029 {
wolfSSL 7:481bce714567 20030 case KEYSHARE_BEGIN:
wolfSSL 7:481bce714567 20031 {
wolfSSL 7:481bce714567 20032 /* Sanity checks */
wolfSSL 7:481bce714567 20033 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 7:481bce714567 20034 WOLFSSL_MSG("Client received client keyexchange, attack?");
wolfSSL 7:481bce714567 20035 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 7:481bce714567 20036 ERROR_OUT(SSL_FATAL_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20037 }
wolfSSL 7:481bce714567 20038
wolfSSL 7:481bce714567 20039 if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL 7:481bce714567 20040 WOLFSSL_MSG("Client sending keyexchange at wrong time");
wolfSSL 7:481bce714567 20041 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 7:481bce714567 20042 ERROR_OUT(OUT_OF_ORDER_E, exit_dcke);
wolfSSL 7:481bce714567 20043 }
wolfSSL 7:481bce714567 20044
wolfSSL 7:481bce714567 20045 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20046 if (ssl->options.verifyPeer && ssl->options.failNoCert) {
wolfSSL 7:481bce714567 20047 if (!ssl->options.havePeerCert) {
wolfSSL 7:481bce714567 20048 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 7:481bce714567 20049 ERROR_OUT(NO_PEER_CERT, exit_dcke);
wolfSSL 7:481bce714567 20050 }
wolfSSL 7:481bce714567 20051 }
wolfSSL 7:481bce714567 20052
wolfSSL 7:481bce714567 20053 if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) {
wolfSSL 7:481bce714567 20054 if (!ssl->options.havePeerCert &&
wolfSSL 7:481bce714567 20055 !ssl->options.usingPSK_cipher){
wolfSSL 7:481bce714567 20056 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 7:481bce714567 20057 return NO_PEER_CERT;
wolfSSL 7:481bce714567 20058 }
wolfSSL 7:481bce714567 20059 }
wolfSSL 7:481bce714567 20060 #endif /* !NO_CERTS */
wolfSSL 7:481bce714567 20061
wolfSSL 7:481bce714567 20062 #ifdef WOLFSSL_CALLBACKS
wolfSSL 7:481bce714567 20063 if (ssl->hsInfoOn) {
wolfSSL 7:481bce714567 20064 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 7:481bce714567 20065 }
wolfSSL 7:481bce714567 20066 if (ssl->toInfoOn) {
wolfSSL 7:481bce714567 20067 AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL 7:481bce714567 20068 }
wolfSSL 7:481bce714567 20069 #endif
wolfSSL 7:481bce714567 20070
wolfSSL 7:481bce714567 20071 switch (ssl->specs.kea) {
wolfSSL 7:481bce714567 20072 #ifndef NO_RSA
wolfSSL 7:481bce714567 20073 case rsa_kea:
wolfSSL 7:481bce714567 20074 {
wolfSSL 7:481bce714567 20075 if (!ssl->buffers.key->buffer) {
wolfSSL 7:481bce714567 20076 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 7:481bce714567 20077 }
wolfSSL 7:481bce714567 20078 break;
wolfSSL 7:481bce714567 20079 } /* rsa_kea */
wolfSSL 7:481bce714567 20080 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 20081 #ifndef NO_PSK
wolfSSL 7:481bce714567 20082 case psk_kea:
wolfSSL 7:481bce714567 20083 {
wolfSSL 7:481bce714567 20084 /* sanity check that PSK server callback has been set */
wolfSSL 7:481bce714567 20085 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 7:481bce714567 20086 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 7:481bce714567 20087 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20088 }
wolfSSL 7:481bce714567 20089 break;
wolfSSL 7:481bce714567 20090 }
wolfSSL 7:481bce714567 20091 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 20092 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 20093 case ntru_kea:
wolfSSL 7:481bce714567 20094 {
wolfSSL 7:481bce714567 20095 if (!ssl->buffers.key->buffer) {
wolfSSL 7:481bce714567 20096 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 7:481bce714567 20097 }
wolfSSL 7:481bce714567 20098 break;
wolfSSL 7:481bce714567 20099 }
wolfSSL 7:481bce714567 20100 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 20101 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20102 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 20103 {
wolfSSL 7:481bce714567 20104 break;
wolfSSL 7:481bce714567 20105 }
wolfSSL 7:481bce714567 20106 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20107 #ifndef NO_DH
wolfSSL 7:481bce714567 20108 case diffie_hellman_kea:
wolfSSL 7:481bce714567 20109 {
wolfSSL 7:481bce714567 20110 break;
wolfSSL 7:481bce714567 20111 }
wolfSSL 7:481bce714567 20112 #endif /* !NO_DH */
wolfSSL 7:481bce714567 20113 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20114 case dhe_psk_kea:
wolfSSL 7:481bce714567 20115 {
wolfSSL 7:481bce714567 20116 /* sanity check that PSK server callback has been set */
wolfSSL 7:481bce714567 20117 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 7:481bce714567 20118 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 7:481bce714567 20119 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20120 }
wolfSSL 7:481bce714567 20121 break;
wolfSSL 7:481bce714567 20122 }
wolfSSL 7:481bce714567 20123 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 20124 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20125 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 20126 {
wolfSSL 7:481bce714567 20127 /* sanity check that PSK server callback has been set */
wolfSSL 7:481bce714567 20128 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 7:481bce714567 20129 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 7:481bce714567 20130 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20131 }
wolfSSL 7:481bce714567 20132 break;
wolfSSL 7:481bce714567 20133 }
wolfSSL 7:481bce714567 20134 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 20135 default:
wolfSSL 7:481bce714567 20136 WOLFSSL_MSG("Bad kea type");
wolfSSL 7:481bce714567 20137 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 20138 } /* switch (ssl->specs.kea) */
wolfSSL 7:481bce714567 20139
wolfSSL 7:481bce714567 20140 /* Check for error */
wolfSSL 7:481bce714567 20141 if (ret != 0) {
wolfSSL 7:481bce714567 20142 goto exit_dcke;
wolfSSL 7:481bce714567 20143 }
wolfSSL 7:481bce714567 20144
wolfSSL 7:481bce714567 20145 /* Advance state and proceed */
wolfSSL 7:481bce714567 20146 ssl->options.keyShareState = KEYSHARE_BUILD;
wolfSSL 7:481bce714567 20147 } /* KEYSHARE_BEGIN */
wolfSSL 7:481bce714567 20148
wolfSSL 7:481bce714567 20149 case KEYSHARE_BUILD:
wolfSSL 7:481bce714567 20150 {
wolfSSL 7:481bce714567 20151 switch (ssl->specs.kea) {
wolfSSL 7:481bce714567 20152 #ifndef NO_RSA
wolfSSL 7:481bce714567 20153 case rsa_kea:
wolfSSL 7:481bce714567 20154 {
wolfSSL 7:481bce714567 20155 word32 i = 0;
wolfSSL 7:481bce714567 20156 int keySz;
wolfSSL 7:481bce714567 20157
wolfSSL 7:481bce714567 20158 ssl->sigKey = XMALLOC(sizeof(RsaKey), ssl->heap,
wolfSSL 7:481bce714567 20159 DYNAMIC_TYPE_RSA);
wolfSSL 7:481bce714567 20160 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 20161 ERROR_OUT(MEMORY_E, exit_dcke);
wolfSSL 7:481bce714567 20162 }
wolfSSL 7:481bce714567 20163 ssl->sigType = DYNAMIC_TYPE_RSA;
wolfSSL 7:481bce714567 20164
wolfSSL 7:481bce714567 20165 ret = wc_InitRsaKey_ex((RsaKey*)ssl->sigKey, ssl->heap,
wolfSSL 7:481bce714567 20166 ssl->devId);
wolfSSL 7:481bce714567 20167 if (ret != 0) {
wolfSSL 7:481bce714567 20168 goto exit_dcke;
wolfSSL 7:481bce714567 20169 }
wolfSSL 7:481bce714567 20170
wolfSSL 7:481bce714567 20171 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 20172 &i, (RsaKey*)ssl->sigKey, ssl->buffers.key->length);
wolfSSL 7:481bce714567 20173 if (ret != 0) {
wolfSSL 7:481bce714567 20174 goto exit_dcke;
wolfSSL 7:481bce714567 20175 }
wolfSSL 7:481bce714567 20176 keySz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
wolfSSL 7:481bce714567 20177 if (keySz < 0) { /* test if keySz has error */
wolfSSL 7:481bce714567 20178 ERROR_OUT(keySz, exit_dcke);
wolfSSL 7:481bce714567 20179 }
wolfSSL 7:481bce714567 20180 length = (word32)keySz;
wolfSSL 7:481bce714567 20181
wolfSSL 7:481bce714567 20182 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 7:481bce714567 20183 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 7:481bce714567 20184 ERROR_OUT(RSA_KEY_SIZE_E, exit_dcke);
wolfSSL 7:481bce714567 20185 }
wolfSSL 7:481bce714567 20186 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 7:481bce714567 20187
wolfSSL 7:481bce714567 20188 if (ssl->options.tls) {
wolfSSL 7:481bce714567 20189 word16 check;
wolfSSL 7:481bce714567 20190
wolfSSL 7:481bce714567 20191 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20192 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20193 }
wolfSSL 7:481bce714567 20194
wolfSSL 7:481bce714567 20195 ato16(input + idx, &check);
wolfSSL 7:481bce714567 20196 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20197
wolfSSL 7:481bce714567 20198 if ((word32)check != length) {
wolfSSL 7:481bce714567 20199 WOLFSSL_MSG("RSA explicit size doesn't match");
wolfSSL 7:481bce714567 20200 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20201 }
wolfSSL 7:481bce714567 20202 }
wolfSSL 7:481bce714567 20203
wolfSSL 7:481bce714567 20204 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 20205 WOLFSSL_MSG("RSA message too big");
wolfSSL 7:481bce714567 20206 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20207 }
wolfSSL 7:481bce714567 20208
wolfSSL 7:481bce714567 20209 *output = NULL;
wolfSSL 7:481bce714567 20210 break;
wolfSSL 7:481bce714567 20211 } /* rsa_kea */
wolfSSL 7:481bce714567 20212 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 20213 #ifndef NO_PSK
wolfSSL 7:481bce714567 20214 case psk_kea:
wolfSSL 7:481bce714567 20215 {
wolfSSL 7:481bce714567 20216 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 20217 word16 ci_sz;
wolfSSL 7:481bce714567 20218
wolfSSL 7:481bce714567 20219 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20220 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20221 }
wolfSSL 7:481bce714567 20222
wolfSSL 7:481bce714567 20223 ato16(input + idx, &ci_sz);
wolfSSL 7:481bce714567 20224 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20225
wolfSSL 7:481bce714567 20226 if (ci_sz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 20227 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20228 }
wolfSSL 7:481bce714567 20229
wolfSSL 7:481bce714567 20230 if ((idx - begin) + ci_sz > size) {
wolfSSL 7:481bce714567 20231 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20232 }
wolfSSL 7:481bce714567 20233
wolfSSL 7:481bce714567 20234 XMEMCPY(ssl->arrays->client_identity, input + idx, ci_sz);
wolfSSL 7:481bce714567 20235 idx += ci_sz;
wolfSSL 7:481bce714567 20236
wolfSSL 7:481bce714567 20237 ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
wolfSSL 7:481bce714567 20238 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 7:481bce714567 20239 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 7:481bce714567 20240 MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 20241
wolfSSL 7:481bce714567 20242 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 20243 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 20244 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20245 }
wolfSSL 7:481bce714567 20246
wolfSSL 7:481bce714567 20247 /* make psk pre master secret */
wolfSSL 7:481bce714567 20248 /* length of key + length 0s + length of key + key */
wolfSSL 7:481bce714567 20249 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 20250 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20251
wolfSSL 7:481bce714567 20252 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 20253 pms += ssl->arrays->psk_keySz;
wolfSSL 7:481bce714567 20254
wolfSSL 7:481bce714567 20255 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 20256 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20257
wolfSSL 7:481bce714567 20258 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 20259 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL 7:481bce714567 20260 break;
wolfSSL 7:481bce714567 20261 }
wolfSSL 7:481bce714567 20262 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 20263 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 20264 case ntru_kea:
wolfSSL 7:481bce714567 20265 {
wolfSSL 7:481bce714567 20266 word16 cipherLen;
wolfSSL 7:481bce714567 20267 word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
wolfSSL 7:481bce714567 20268
wolfSSL 7:481bce714567 20269 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20270 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20271 }
wolfSSL 7:481bce714567 20272
wolfSSL 7:481bce714567 20273 ato16(input + idx, &cipherLen);
wolfSSL 7:481bce714567 20274 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20275
wolfSSL 7:481bce714567 20276 if (cipherLen > MAX_NTRU_ENCRYPT_SZ) {
wolfSSL 7:481bce714567 20277 ERROR_OUT(NTRU_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20278 }
wolfSSL 7:481bce714567 20279
wolfSSL 7:481bce714567 20280 if ((idx - begin) + cipherLen > size) {
wolfSSL 7:481bce714567 20281 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20282 }
wolfSSL 7:481bce714567 20283
wolfSSL 7:481bce714567 20284 if (NTRU_OK != ntru_crypto_ntru_decrypt(
wolfSSL 7:481bce714567 20285 (word16) ssl->buffers.key->length,
wolfSSL 7:481bce714567 20286 ssl->buffers.key->buffer, cipherLen,
wolfSSL 7:481bce714567 20287 input + idx, &plainLen,
wolfSSL 7:481bce714567 20288 ssl->arrays->preMasterSecret)) {
wolfSSL 7:481bce714567 20289 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20290 }
wolfSSL 7:481bce714567 20291
wolfSSL 7:481bce714567 20292 if (plainLen != SECRET_LEN) {
wolfSSL 7:481bce714567 20293 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20294 }
wolfSSL 7:481bce714567 20295
wolfSSL 7:481bce714567 20296 idx += cipherLen;
wolfSSL 7:481bce714567 20297 ssl->arrays->preMasterSz = plainLen;
wolfSSL 7:481bce714567 20298 break;
wolfSSL 7:481bce714567 20299 }
wolfSSL 7:481bce714567 20300 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 20301 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20302 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 20303 {
wolfSSL 7:481bce714567 20304 ecc_key* private_key = ssl->eccTempKey;
wolfSSL 7:481bce714567 20305
wolfSSL 7:481bce714567 20306 /* handle static private key */
wolfSSL 7:481bce714567 20307 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 20308 word32 i = 0;
wolfSSL 7:481bce714567 20309
wolfSSL 7:481bce714567 20310 ssl->sigKey = XMALLOC(sizeof(ecc_key), ssl->heap,
wolfSSL 7:481bce714567 20311 DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 20312 if (ssl->sigKey == NULL) {
wolfSSL 7:481bce714567 20313 ERROR_OUT(MEMORY_E, exit_dcke);
wolfSSL 7:481bce714567 20314 }
wolfSSL 7:481bce714567 20315 ssl->sigType = DYNAMIC_TYPE_ECC;
wolfSSL 7:481bce714567 20316
wolfSSL 7:481bce714567 20317 ret = wc_ecc_init_ex((ecc_key*)ssl->sigKey, ssl->heap, ssl->devId);
wolfSSL 7:481bce714567 20318 if (ret != 0) {
wolfSSL 7:481bce714567 20319 goto exit_dcke;
wolfSSL 7:481bce714567 20320 }
wolfSSL 7:481bce714567 20321
wolfSSL 7:481bce714567 20322 ret = wc_EccPrivateKeyDecode(
wolfSSL 7:481bce714567 20323 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 20324 &i,
wolfSSL 7:481bce714567 20325 (ecc_key*)ssl->sigKey,
wolfSSL 7:481bce714567 20326 ssl->buffers.key->length);
wolfSSL 7:481bce714567 20327 if (ret == 0) {
wolfSSL 7:481bce714567 20328 private_key = (ecc_key*)ssl->sigKey;
wolfSSL 7:481bce714567 20329 if (wc_ecc_size(private_key) <
wolfSSL 7:481bce714567 20330 ssl->options.minEccKeySz) {
wolfSSL 7:481bce714567 20331 WOLFSSL_MSG("ECC key too small");
wolfSSL 7:481bce714567 20332 ERROR_OUT(ECC_KEY_SIZE_E, exit_dcke);
wolfSSL 7:481bce714567 20333 }
wolfSSL 7:481bce714567 20334 }
wolfSSL 7:481bce714567 20335 }
wolfSSL 7:481bce714567 20336
wolfSSL 7:481bce714567 20337 /* import peer ECC key */
wolfSSL 7:481bce714567 20338 if ((idx - begin) + OPAQUE8_LEN > size) {
wolfSSL 7:481bce714567 20339 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20340 }
wolfSSL 7:481bce714567 20341
wolfSSL 7:481bce714567 20342 length = input[idx++];
wolfSSL 7:481bce714567 20343
wolfSSL 7:481bce714567 20344 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 20345 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20346 }
wolfSSL 7:481bce714567 20347
wolfSSL 7:481bce714567 20348 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 20349 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 20350 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 20351 break;
wolfSSL 7:481bce714567 20352 }
wolfSSL 7:481bce714567 20353 #endif
wolfSSL 7:481bce714567 20354
wolfSSL 7:481bce714567 20355 if (!ssl->specs.static_ecdh &&
wolfSSL 7:481bce714567 20356 ssl->eccTempKeyPresent == 0) {
wolfSSL 7:481bce714567 20357 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 7:481bce714567 20358 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20359 }
wolfSSL 7:481bce714567 20360
wolfSSL 7:481bce714567 20361 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 20362 /* alloc/init on demand */
wolfSSL 7:481bce714567 20363 ssl->peerEccKey = (ecc_key*)XMALLOC(
wolfSSL 7:481bce714567 20364 sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 20365 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 20366 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 7:481bce714567 20367 ERROR_OUT(MEMORY_E, exit_dcke);
wolfSSL 7:481bce714567 20368 }
wolfSSL 7:481bce714567 20369 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 7:481bce714567 20370 ssl->devId);
wolfSSL 7:481bce714567 20371 if (ret != 0) {
wolfSSL 7:481bce714567 20372 goto exit_dcke;
wolfSSL 7:481bce714567 20373 }
wolfSSL 7:481bce714567 20374 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 7:481bce714567 20375 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 20376 ssl->peerEccKeyPresent = 0;
wolfSSL 7:481bce714567 20377 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 7:481bce714567 20378 ssl->devId);
wolfSSL 7:481bce714567 20379 if (ret != 0) {
wolfSSL 7:481bce714567 20380 goto exit_dcke;
wolfSSL 7:481bce714567 20381 }
wolfSSL 7:481bce714567 20382 }
wolfSSL 7:481bce714567 20383
wolfSSL 7:481bce714567 20384 if (wc_ecc_import_x963_ex(input + idx, length,
wolfSSL 7:481bce714567 20385 ssl->peerEccKey, private_key->dp->id)) {
wolfSSL 7:481bce714567 20386 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20387 }
wolfSSL 7:481bce714567 20388
wolfSSL 7:481bce714567 20389 ssl->peerEccKeyPresent = 1;
wolfSSL 7:481bce714567 20390 break;
wolfSSL 7:481bce714567 20391 }
wolfSSL 7:481bce714567 20392 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20393 #ifndef NO_DH
wolfSSL 7:481bce714567 20394 case diffie_hellman_kea:
wolfSSL 7:481bce714567 20395 {
wolfSSL 7:481bce714567 20396 word16 clientPubSz;
wolfSSL 7:481bce714567 20397
wolfSSL 7:481bce714567 20398 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20399 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20400 }
wolfSSL 7:481bce714567 20401
wolfSSL 7:481bce714567 20402 ato16(input + idx, &clientPubSz);
wolfSSL 7:481bce714567 20403 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20404
wolfSSL 7:481bce714567 20405 if ((idx - begin) + clientPubSz > size) {
wolfSSL 7:481bce714567 20406 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20407 }
wolfSSL 7:481bce714567 20408
wolfSSL 7:481bce714567 20409 ssl->sigLen = clientPubSz;
wolfSSL 7:481bce714567 20410 break;
wolfSSL 7:481bce714567 20411 }
wolfSSL 7:481bce714567 20412 #endif /* !NO_DH */
wolfSSL 7:481bce714567 20413 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20414 case dhe_psk_kea:
wolfSSL 7:481bce714567 20415 {
wolfSSL 7:481bce714567 20416 word16 clientSz;
wolfSSL 7:481bce714567 20417
wolfSSL 7:481bce714567 20418 /* Read in the PSK hint */
wolfSSL 7:481bce714567 20419 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20420 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20421 }
wolfSSL 7:481bce714567 20422
wolfSSL 7:481bce714567 20423 ato16(input + idx, &clientSz);
wolfSSL 7:481bce714567 20424 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20425 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 20426 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20427 }
wolfSSL 7:481bce714567 20428
wolfSSL 7:481bce714567 20429 if ((idx - begin) + clientSz > size) {
wolfSSL 7:481bce714567 20430 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20431 }
wolfSSL 7:481bce714567 20432
wolfSSL 7:481bce714567 20433 XMEMCPY(ssl->arrays->client_identity, input + idx, clientSz);
wolfSSL 7:481bce714567 20434 idx += clientSz;
wolfSSL 7:481bce714567 20435 ssl->arrays->client_identity[
wolfSSL 7:481bce714567 20436 min(clientSz, MAX_PSK_ID_LEN-1)] = 0;
wolfSSL 7:481bce714567 20437
wolfSSL 7:481bce714567 20438 /* Read in the DHE business */
wolfSSL 7:481bce714567 20439 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20440 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20441 }
wolfSSL 7:481bce714567 20442
wolfSSL 7:481bce714567 20443 ato16(input + idx, &clientSz);
wolfSSL 7:481bce714567 20444 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20445
wolfSSL 7:481bce714567 20446 if ((idx - begin) + clientSz > size) {
wolfSSL 7:481bce714567 20447 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20448 }
wolfSSL 7:481bce714567 20449
wolfSSL 7:481bce714567 20450 ssl->sigLen = clientSz;
wolfSSL 7:481bce714567 20451 break;
wolfSSL 7:481bce714567 20452 }
wolfSSL 7:481bce714567 20453 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 20454 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20455 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 20456 {
wolfSSL 7:481bce714567 20457 word16 clientSz;
wolfSSL 7:481bce714567 20458
wolfSSL 7:481bce714567 20459 /* Read in the PSK hint */
wolfSSL 7:481bce714567 20460 if ((idx - begin) + OPAQUE16_LEN > size) {
wolfSSL 7:481bce714567 20461 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20462 }
wolfSSL 7:481bce714567 20463
wolfSSL 7:481bce714567 20464 ato16(input + idx, &clientSz);
wolfSSL 7:481bce714567 20465 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20466 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 7:481bce714567 20467 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20468 }
wolfSSL 7:481bce714567 20469 if ((idx - begin) + clientSz > size) {
wolfSSL 7:481bce714567 20470 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20471 }
wolfSSL 7:481bce714567 20472
wolfSSL 7:481bce714567 20473 XMEMCPY(ssl->arrays->client_identity,
wolfSSL 7:481bce714567 20474 input + idx, clientSz);
wolfSSL 7:481bce714567 20475 idx += clientSz;
wolfSSL 7:481bce714567 20476 ssl->arrays->client_identity[
wolfSSL 7:481bce714567 20477 min(clientSz, MAX_PSK_ID_LEN-1)] = 0;
wolfSSL 7:481bce714567 20478
wolfSSL 7:481bce714567 20479 /* import peer ECC key */
wolfSSL 7:481bce714567 20480 if ((idx - begin) + OPAQUE8_LEN > size) {
wolfSSL 7:481bce714567 20481 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20482 }
wolfSSL 7:481bce714567 20483
wolfSSL 7:481bce714567 20484 length = input[idx++];
wolfSSL 7:481bce714567 20485
wolfSSL 7:481bce714567 20486 if ((idx - begin) + length > size) {
wolfSSL 7:481bce714567 20487 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20488 }
wolfSSL 7:481bce714567 20489
wolfSSL 7:481bce714567 20490 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 20491 /* if callback then use it for shared secret */
wolfSSL 7:481bce714567 20492 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 7:481bce714567 20493 break;
wolfSSL 7:481bce714567 20494 }
wolfSSL 7:481bce714567 20495 #endif
wolfSSL 7:481bce714567 20496
wolfSSL 7:481bce714567 20497 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 7:481bce714567 20498 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 7:481bce714567 20499 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20500 }
wolfSSL 7:481bce714567 20501
wolfSSL 7:481bce714567 20502 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 20503 /* alloc/init on demand */
wolfSSL 7:481bce714567 20504 ssl->peerEccKey = (ecc_key*)XMALLOC(
wolfSSL 7:481bce714567 20505 sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 7:481bce714567 20506 if (ssl->peerEccKey == NULL) {
wolfSSL 7:481bce714567 20507 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 7:481bce714567 20508 ERROR_OUT(MEMORY_E, exit_dcke);
wolfSSL 7:481bce714567 20509 }
wolfSSL 7:481bce714567 20510 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 7:481bce714567 20511 ssl->devId);
wolfSSL 7:481bce714567 20512 if (ret != 0) {
wolfSSL 7:481bce714567 20513 goto exit_dcke;
wolfSSL 7:481bce714567 20514 }
wolfSSL 7:481bce714567 20515 }
wolfSSL 7:481bce714567 20516 else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 7:481bce714567 20517 wc_ecc_free(ssl->peerEccKey);
wolfSSL 7:481bce714567 20518 ssl->peerEccKeyPresent = 0;
wolfSSL 7:481bce714567 20519 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 7:481bce714567 20520 ssl->devId);
wolfSSL 7:481bce714567 20521 if (ret != 0) {
wolfSSL 7:481bce714567 20522 goto exit_dcke;
wolfSSL 7:481bce714567 20523 }
wolfSSL 7:481bce714567 20524 }
wolfSSL 7:481bce714567 20525
wolfSSL 7:481bce714567 20526 if (wc_ecc_import_x963_ex(input + idx, length,
wolfSSL 7:481bce714567 20527 ssl->peerEccKey, ssl->eccTempKey->dp->id)) {
wolfSSL 7:481bce714567 20528 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20529 }
wolfSSL 7:481bce714567 20530
wolfSSL 7:481bce714567 20531 ssl->peerEccKeyPresent = 1;
wolfSSL 7:481bce714567 20532 break;
wolfSSL 7:481bce714567 20533 }
wolfSSL 7:481bce714567 20534 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 20535 default:
wolfSSL 7:481bce714567 20536 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 20537 } /* switch (ssl->specs.kea) */
wolfSSL 7:481bce714567 20538
wolfSSL 7:481bce714567 20539 /* Check for error */
wolfSSL 7:481bce714567 20540 if (ret != 0) {
wolfSSL 7:481bce714567 20541 goto exit_dcke;
wolfSSL 7:481bce714567 20542 }
wolfSSL 7:481bce714567 20543
wolfSSL 7:481bce714567 20544 /* Advance state and proceed */
wolfSSL 7:481bce714567 20545 ssl->options.keyShareState = KEYSHARE_DO;
wolfSSL 7:481bce714567 20546 } /* KEYSHARE_BUILD */
wolfSSL 7:481bce714567 20547
wolfSSL 7:481bce714567 20548 case KEYSHARE_DO:
wolfSSL 7:481bce714567 20549 {
wolfSSL 7:481bce714567 20550 switch (ssl->specs.kea) {
wolfSSL 7:481bce714567 20551 #ifndef NO_RSA
wolfSSL 7:481bce714567 20552 case rsa_kea:
wolfSSL 7:481bce714567 20553 {
wolfSSL 7:481bce714567 20554 ret = RsaDec(ssl,
wolfSSL 7:481bce714567 20555 input + idx,
wolfSSL 7:481bce714567 20556 length,
wolfSSL 7:481bce714567 20557 output,
wolfSSL 7:481bce714567 20558 &ssl->sigLen,
wolfSSL 7:481bce714567 20559 (RsaKey*)ssl->sigKey,
wolfSSL 7:481bce714567 20560 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 7:481bce714567 20561 ssl->buffers.key->buffer,
wolfSSL 7:481bce714567 20562 ssl->buffers.key->length,
wolfSSL 7:481bce714567 20563 ssl->RsaDecCtx
wolfSSL 7:481bce714567 20564 #else
wolfSSL 7:481bce714567 20565 NULL, 0, NULL
wolfSSL 7:481bce714567 20566 #endif
wolfSSL 7:481bce714567 20567 );
wolfSSL 7:481bce714567 20568 break;
wolfSSL 7:481bce714567 20569 } /* rsa_kea */
wolfSSL 7:481bce714567 20570 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 20571 #ifndef NO_PSK
wolfSSL 7:481bce714567 20572 case psk_kea:
wolfSSL 7:481bce714567 20573 {
wolfSSL 7:481bce714567 20574 break;
wolfSSL 7:481bce714567 20575 }
wolfSSL 7:481bce714567 20576 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 20577 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 20578 case ntru_kea:
wolfSSL 7:481bce714567 20579 {
wolfSSL 7:481bce714567 20580 break;
wolfSSL 7:481bce714567 20581 }
wolfSSL 7:481bce714567 20582 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 20583 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20584 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 20585 {
wolfSSL 7:481bce714567 20586 ecc_key* private_key = ssl->eccTempKey;
wolfSSL 7:481bce714567 20587 if (ssl->specs.static_ecdh) {
wolfSSL 7:481bce714567 20588 private_key = (ecc_key*)ssl->sigKey;
wolfSSL 7:481bce714567 20589 }
wolfSSL 7:481bce714567 20590
wolfSSL 7:481bce714567 20591 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 7:481bce714567 20592
wolfSSL 7:481bce714567 20593 /* Generate shared secret */
wolfSSL 7:481bce714567 20594 ret = EccSharedSecret(ssl,
wolfSSL 7:481bce714567 20595 private_key, ssl->peerEccKey,
wolfSSL 7:481bce714567 20596 input + idx, &length,
wolfSSL 7:481bce714567 20597 ssl->arrays->preMasterSecret,
wolfSSL 7:481bce714567 20598 &ssl->arrays->preMasterSz,
wolfSSL 7:481bce714567 20599 WOLFSSL_SERVER_END,
wolfSSL 7:481bce714567 20600 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 20601 ssl->EccSharedSecretCtx
wolfSSL 7:481bce714567 20602 #else
wolfSSL 7:481bce714567 20603 NULL
wolfSSL 7:481bce714567 20604 #endif
wolfSSL 7:481bce714567 20605 );
wolfSSL 7:481bce714567 20606 break;
wolfSSL 7:481bce714567 20607 }
wolfSSL 7:481bce714567 20608 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20609 #ifndef NO_DH
wolfSSL 7:481bce714567 20610 case diffie_hellman_kea:
wolfSSL 7:481bce714567 20611 {
wolfSSL 7:481bce714567 20612 word16 clientPubSz = (word16)ssl->sigLen;
wolfSSL 7:481bce714567 20613
wolfSSL 7:481bce714567 20614 ret = DhAgree(ssl,
wolfSSL 7:481bce714567 20615 ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 20616 ssl->buffers.serverDH_P.length,
wolfSSL 7:481bce714567 20617 ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 20618 ssl->buffers.serverDH_G.length,
wolfSSL 7:481bce714567 20619 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 7:481bce714567 20620 &ssl->buffers.serverDH_Priv.length,
wolfSSL 7:481bce714567 20621 NULL,
wolfSSL 7:481bce714567 20622 0,
wolfSSL 7:481bce714567 20623 input + idx,
wolfSSL 7:481bce714567 20624 clientPubSz,
wolfSSL 7:481bce714567 20625 ssl->arrays->preMasterSecret,
wolfSSL 7:481bce714567 20626 &ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 20627 break;
wolfSSL 7:481bce714567 20628 }
wolfSSL 7:481bce714567 20629 #endif /* !NO_DH */
wolfSSL 7:481bce714567 20630 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20631 case dhe_psk_kea:
wolfSSL 7:481bce714567 20632 {
wolfSSL 7:481bce714567 20633 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 20634 word16 clientSz = ssl->sigLen;
wolfSSL 7:481bce714567 20635
wolfSSL 7:481bce714567 20636 ret = DhAgree(ssl,
wolfSSL 7:481bce714567 20637 ssl->buffers.serverDH_P.buffer,
wolfSSL 7:481bce714567 20638 ssl->buffers.serverDH_P.length,
wolfSSL 7:481bce714567 20639 ssl->buffers.serverDH_G.buffer,
wolfSSL 7:481bce714567 20640 ssl->buffers.serverDH_G.length,
wolfSSL 7:481bce714567 20641 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 7:481bce714567 20642 &ssl->buffers.serverDH_Priv.length,
wolfSSL 7:481bce714567 20643 NULL,
wolfSSL 7:481bce714567 20644 0,
wolfSSL 7:481bce714567 20645 input + idx,
wolfSSL 7:481bce714567 20646 clientSz,
wolfSSL 7:481bce714567 20647 pms + OPAQUE16_LEN,
wolfSSL 7:481bce714567 20648 &ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 20649 break;
wolfSSL 7:481bce714567 20650 }
wolfSSL 7:481bce714567 20651 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 20652 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20653 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 20654 {
wolfSSL 7:481bce714567 20655 ssl->sigLen = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 7:481bce714567 20656
wolfSSL 7:481bce714567 20657 /* Generate shared secret */
wolfSSL 7:481bce714567 20658 ret = EccSharedSecret(ssl,
wolfSSL 7:481bce714567 20659 ssl->eccTempKey, ssl->peerEccKey,
wolfSSL 7:481bce714567 20660 input + idx, &length,
wolfSSL 7:481bce714567 20661 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 7:481bce714567 20662 &ssl->sigLen,
wolfSSL 7:481bce714567 20663 WOLFSSL_SERVER_END,
wolfSSL 7:481bce714567 20664 #ifdef HAVE_PK_CALLBACKS
wolfSSL 7:481bce714567 20665 ssl->EccSharedSecretCtx
wolfSSL 7:481bce714567 20666 #else
wolfSSL 7:481bce714567 20667 NULL
wolfSSL 7:481bce714567 20668 #endif
wolfSSL 7:481bce714567 20669 );
wolfSSL 7:481bce714567 20670 break;
wolfSSL 7:481bce714567 20671 }
wolfSSL 7:481bce714567 20672 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 20673 default:
wolfSSL 7:481bce714567 20674 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 20675 } /* switch (ssl->specs.kea) */
wolfSSL 7:481bce714567 20676
wolfSSL 7:481bce714567 20677 /* Check for error */
wolfSSL 7:481bce714567 20678 if (ret != 0) {
wolfSSL 7:481bce714567 20679 goto exit_dcke;
wolfSSL 7:481bce714567 20680 }
wolfSSL 7:481bce714567 20681
wolfSSL 7:481bce714567 20682 /* Advance state and proceed */
wolfSSL 7:481bce714567 20683 ssl->options.keyShareState = KEYSHARE_VERIFY;
wolfSSL 7:481bce714567 20684 } /* KEYSHARE_DO */
wolfSSL 7:481bce714567 20685
wolfSSL 7:481bce714567 20686 case KEYSHARE_VERIFY:
wolfSSL 7:481bce714567 20687 {
wolfSSL 7:481bce714567 20688 switch (ssl->specs.kea) {
wolfSSL 7:481bce714567 20689 #ifndef NO_RSA
wolfSSL 7:481bce714567 20690 case rsa_kea:
wolfSSL 7:481bce714567 20691 {
wolfSSL 7:481bce714567 20692 /* Add the signature length to idx */
wolfSSL 7:481bce714567 20693 idx += length;
wolfSSL 7:481bce714567 20694
wolfSSL 7:481bce714567 20695 if (ssl->sigLen == SECRET_LEN && *output != NULL) {
wolfSSL 7:481bce714567 20696 XMEMCPY(ssl->arrays->preMasterSecret, *output, SECRET_LEN);
wolfSSL 7:481bce714567 20697 if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||
wolfSSL 7:481bce714567 20698 ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {
wolfSSL 7:481bce714567 20699 ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20700 }
wolfSSL 7:481bce714567 20701 }
wolfSSL 7:481bce714567 20702 else {
wolfSSL 7:481bce714567 20703 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20704 }
wolfSSL 7:481bce714567 20705 break;
wolfSSL 7:481bce714567 20706 } /* rsa_kea */
wolfSSL 7:481bce714567 20707 #endif /* !NO_RSA */
wolfSSL 7:481bce714567 20708 #ifndef NO_PSK
wolfSSL 7:481bce714567 20709 case psk_kea:
wolfSSL 7:481bce714567 20710 {
wolfSSL 7:481bce714567 20711 break;
wolfSSL 7:481bce714567 20712 }
wolfSSL 7:481bce714567 20713 #endif /* !NO_PSK */
wolfSSL 7:481bce714567 20714 #ifdef HAVE_NTRU
wolfSSL 7:481bce714567 20715 case ntru_kea:
wolfSSL 7:481bce714567 20716 {
wolfSSL 7:481bce714567 20717 break;
wolfSSL 7:481bce714567 20718 }
wolfSSL 7:481bce714567 20719 #endif /* HAVE_NTRU */
wolfSSL 7:481bce714567 20720 #ifdef HAVE_ECC
wolfSSL 7:481bce714567 20721 case ecc_diffie_hellman_kea:
wolfSSL 7:481bce714567 20722 {
wolfSSL 7:481bce714567 20723 /* skip past the imported peer key */
wolfSSL 7:481bce714567 20724 idx += length;
wolfSSL 7:481bce714567 20725 break;
wolfSSL 7:481bce714567 20726 }
wolfSSL 7:481bce714567 20727 #endif /* HAVE_ECC */
wolfSSL 7:481bce714567 20728 #ifndef NO_DH
wolfSSL 7:481bce714567 20729 case diffie_hellman_kea:
wolfSSL 7:481bce714567 20730 {
wolfSSL 7:481bce714567 20731 word16 clientPubSz = (word16)ssl->sigLen;
wolfSSL 7:481bce714567 20732 idx += clientPubSz;
wolfSSL 7:481bce714567 20733 break;
wolfSSL 7:481bce714567 20734 }
wolfSSL 7:481bce714567 20735 #endif /* !NO_DH */
wolfSSL 7:481bce714567 20736 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20737 case dhe_psk_kea:
wolfSSL 7:481bce714567 20738 {
wolfSSL 7:481bce714567 20739 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 20740 word16 clientSz = ssl->sigLen;
wolfSSL 7:481bce714567 20741
wolfSSL 7:481bce714567 20742 idx += clientSz;
wolfSSL 7:481bce714567 20743 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 7:481bce714567 20744 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20745 pms += ssl->arrays->preMasterSz;
wolfSSL 7:481bce714567 20746
wolfSSL 7:481bce714567 20747 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 7:481bce714567 20748 * preMasterSecret here. */
wolfSSL 7:481bce714567 20749 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 7:481bce714567 20750 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 7:481bce714567 20751 MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 20752
wolfSSL 7:481bce714567 20753 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 20754 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 20755 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20756 }
wolfSSL 7:481bce714567 20757
wolfSSL 7:481bce714567 20758 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 20759 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20760
wolfSSL 7:481bce714567 20761 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 20762 ssl->arrays->preMasterSz += ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 20763 break;
wolfSSL 7:481bce714567 20764 }
wolfSSL 7:481bce714567 20765 #endif /* !NO_DH && !NO_PSK */
wolfSSL 7:481bce714567 20766 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 7:481bce714567 20767 case ecdhe_psk_kea:
wolfSSL 7:481bce714567 20768 {
wolfSSL 7:481bce714567 20769 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 7:481bce714567 20770
wolfSSL 7:481bce714567 20771 /* skip past the imported peer key */
wolfSSL 7:481bce714567 20772 idx += length;
wolfSSL 7:481bce714567 20773
wolfSSL 7:481bce714567 20774 /* Add preMasterSecret */
wolfSSL 7:481bce714567 20775 c16toa((word16)ssl->sigLen, pms);
wolfSSL 7:481bce714567 20776 ssl->arrays->preMasterSz += OPAQUE16_LEN + ssl->sigLen;
wolfSSL 7:481bce714567 20777 pms += ssl->arrays->preMasterSz;
wolfSSL 7:481bce714567 20778
wolfSSL 7:481bce714567 20779 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 7:481bce714567 20780 * preMasterSecret here. */
wolfSSL 7:481bce714567 20781 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 7:481bce714567 20782 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 7:481bce714567 20783 MAX_PSK_KEY_LEN);
wolfSSL 7:481bce714567 20784
wolfSSL 7:481bce714567 20785 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 7:481bce714567 20786 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 7:481bce714567 20787 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20788 }
wolfSSL 7:481bce714567 20789
wolfSSL 7:481bce714567 20790 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 7:481bce714567 20791 pms += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20792
wolfSSL 7:481bce714567 20793 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 7:481bce714567 20794 ssl->arrays->preMasterSz +=
wolfSSL 7:481bce714567 20795 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 7:481bce714567 20796 break;
wolfSSL 7:481bce714567 20797 }
wolfSSL 7:481bce714567 20798 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 7:481bce714567 20799 default:
wolfSSL 7:481bce714567 20800 ret = BAD_KEA_TYPE_E;
wolfSSL 7:481bce714567 20801 } /* switch (ssl->specs.kea) */
wolfSSL 7:481bce714567 20802
wolfSSL 7:481bce714567 20803 /* Check for error */
wolfSSL 7:481bce714567 20804 if (ret != 0) {
wolfSSL 7:481bce714567 20805 goto exit_dcke;
wolfSSL 7:481bce714567 20806 }
wolfSSL 7:481bce714567 20807
wolfSSL 7:481bce714567 20808 /* Advance state and proceed */
wolfSSL 7:481bce714567 20809 ssl->options.keyShareState = KEYSHARE_FINALIZE;
wolfSSL 7:481bce714567 20810 } /* KEYSHARE_VERIFY */
wolfSSL 7:481bce714567 20811
wolfSSL 7:481bce714567 20812 case KEYSHARE_FINALIZE:
wolfSSL 7:481bce714567 20813 {
wolfSSL 7:481bce714567 20814 #ifdef HAVE_QSH
wolfSSL 7:481bce714567 20815 word16 name;
wolfSSL 7:481bce714567 20816
wolfSSL 7:481bce714567 20817 if (ssl->options.haveQSH) {
wolfSSL 7:481bce714567 20818 /* extension name */
wolfSSL 7:481bce714567 20819 ato16(input + idx, &name);
wolfSSL 7:481bce714567 20820 idx += OPAQUE16_LEN;
wolfSSL 7:481bce714567 20821
wolfSSL 7:481bce714567 20822 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 7:481bce714567 20823 int qshSz;
wolfSSL 7:481bce714567 20824 /* if qshSz is larger than 0 it is the
wolfSSL 7:481bce714567 20825 length of buffer used */
wolfSSL 7:481bce714567 20826 if ((qshSz = TLSX_QSHCipher_Parse(ssl,
wolfSSL 7:481bce714567 20827 input + idx,
wolfSSL 7:481bce714567 20828 size - idx + begin, 1)) < 0) {
wolfSSL 7:481bce714567 20829 ERROR_OUT(qshSz, exit_dcke);
wolfSSL 7:481bce714567 20830 }
wolfSSL 7:481bce714567 20831 idx += qshSz;
wolfSSL 7:481bce714567 20832 }
wolfSSL 7:481bce714567 20833 else {
wolfSSL 7:481bce714567 20834 /* unknown extension sent client ignored handshake */
wolfSSL 7:481bce714567 20835 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 7:481bce714567 20836 }
wolfSSL 7:481bce714567 20837 }
wolfSSL 7:481bce714567 20838 #endif /* HAVE_QSH */
wolfSSL 7:481bce714567 20839 ret = MakeMasterSecret(ssl);
wolfSSL 7:481bce714567 20840
wolfSSL 7:481bce714567 20841 /* Check for error */
wolfSSL 7:481bce714567 20842 if (ret != 0) {
wolfSSL 7:481bce714567 20843 goto exit_dcke;
wolfSSL 7:481bce714567 20844 }
wolfSSL 7:481bce714567 20845
wolfSSL 7:481bce714567 20846 /* Advance state and proceed */
wolfSSL 7:481bce714567 20847 ssl->options.keyShareState = KEYSHARE_END;
wolfSSL 7:481bce714567 20848 } /* KEYSHARE_FINALIZE */
wolfSSL 7:481bce714567 20849
wolfSSL 7:481bce714567 20850 case KEYSHARE_END:
wolfSSL 7:481bce714567 20851 {
wolfSSL 7:481bce714567 20852 /* Set final index */
wolfSSL 7:481bce714567 20853 *inOutIdx = idx;
wolfSSL 7:481bce714567 20854
wolfSSL 7:481bce714567 20855 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 7:481bce714567 20856 #ifndef NO_CERTS
wolfSSL 7:481bce714567 20857 if (ssl->options.verifyPeer) {
wolfSSL 7:481bce714567 20858 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 7:481bce714567 20859 }
wolfSSL 7:481bce714567 20860 #endif
wolfSSL 7:481bce714567 20861 break;
wolfSSL 7:481bce714567 20862 } /* KEYSHARE_END */
wolfSSL 7:481bce714567 20863 default:
wolfSSL 7:481bce714567 20864 ret = INPUT_CASE_ERROR;
wolfSSL 7:481bce714567 20865 } /* switch(ssl->options.keyShareState) */
wolfSSL 7:481bce714567 20866
wolfSSL 7:481bce714567 20867 exit_dcke:
wolfSSL 7:481bce714567 20868
wolfSSL 7:481bce714567 20869 WOLFSSL_LEAVE("DoClientKeyExchange", ret);
wolfSSL 7:481bce714567 20870
wolfSSL 7:481bce714567 20871 /* Handle cleanup for stack variables here */
wolfSSL 7:481bce714567 20872
wolfSSL 7:481bce714567 20873
wolfSSL 7:481bce714567 20874 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 7:481bce714567 20875 /* Handle WC_PENDING_E */
wolfSSL 7:481bce714567 20876 if (ret == WC_PENDING_E) {
wolfSSL 7:481bce714567 20877 /* Store variables needed for async */
wolfSSL 7:481bce714567 20878 output_lcl = ssl->async.output;
wolfSSL 7:481bce714567 20879 XMEMSET(&ssl->async, 0, sizeof(ssl->async));
wolfSSL 7:481bce714567 20880 ssl->async.idx = idx;
wolfSSL 7:481bce714567 20881 ssl->async.length = length;
wolfSSL 7:481bce714567 20882 ssl->async.output = output_lcl;
wolfSSL 7:481bce714567 20883
wolfSSL 7:481bce714567 20884 /* Mark message as not recevied so it can process again */
wolfSSL 7:481bce714567 20885 ssl->msgsReceived.got_client_key_exchange = 0;
wolfSSL 7:481bce714567 20886
wolfSSL 7:481bce714567 20887 /* Push event to queue */
wolfSSL 7:481bce714567 20888 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, &ssl->event);
wolfSSL 7:481bce714567 20889 if (ret == 0) {
wolfSSL 7:481bce714567 20890 return WC_PENDING_E;
wolfSSL 7:481bce714567 20891 }
wolfSSL 7:481bce714567 20892 }
wolfSSL 7:481bce714567 20893 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 7:481bce714567 20894
wolfSSL 7:481bce714567 20895 /* Cleanup PMS */
wolfSSL 7:481bce714567 20896 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 7:481bce714567 20897 ssl->arrays->preMasterSz = 0;
wolfSSL 7:481bce714567 20898
wolfSSL 7:481bce714567 20899 /* Final cleanup */
wolfSSL 7:481bce714567 20900 FreeKeyExchange(ssl);
wolfSSL 7:481bce714567 20901
wolfSSL 7:481bce714567 20902 return ret;
wolfSSL 7:481bce714567 20903 }
wolfSSL 7:481bce714567 20904
wolfSSL 7:481bce714567 20905
wolfSSL 7:481bce714567 20906 #ifdef HAVE_STUNNEL
wolfSSL 7:481bce714567 20907 static int SNI_Callback(WOLFSSL* ssl)
wolfSSL 7:481bce714567 20908 {
wolfSSL 7:481bce714567 20909 /* Stunnel supports a custom sni callback to switch an SSL's ctx
wolfSSL 7:481bce714567 20910 * when SNI is received. Call it now if exists */
wolfSSL 7:481bce714567 20911 if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
wolfSSL 7:481bce714567 20912 WOLFSSL_MSG("Calling custom sni callback");
wolfSSL 7:481bce714567 20913 if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
wolfSSL 7:481bce714567 20914 == alert_fatal) {
wolfSSL 7:481bce714567 20915 WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
wolfSSL 7:481bce714567 20916 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 7:481bce714567 20917 return FATAL_ERROR;
wolfSSL 7:481bce714567 20918 }
wolfSSL 7:481bce714567 20919 }
wolfSSL 7:481bce714567 20920 return 0;
wolfSSL 7:481bce714567 20921 }
wolfSSL 7:481bce714567 20922 #endif /* HAVE_STUNNEL */
wolfSSL 7:481bce714567 20923 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 7:481bce714567 20924
wolfSSL 7:481bce714567 20925 #undef ERROR_OUT
wolfSSL 7:481bce714567 20926
wolfSSL 7:481bce714567 20927 #endif /* WOLFCRYPT_ONLY */
wolfSSL 7:481bce714567 20928