wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/internal.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:: wolfSSL
Date:: Fri Jun 05 00:11:07 2020 +0000
Revision:: 17:a5f916481144
Parent:: 16:8e0d178b1d1e

wolfSSL 4.4.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	15:117db924cf7c	1	/* internal.c
wolfSSL	15:117db924cf7c	2	*
wolfSSL	16:8e0d178b1d1e	3	* Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL	15:117db924cf7c	4	*
wolfSSL	15:117db924cf7c	5	* This file is part of wolfSSL.
wolfSSL	15:117db924cf7c	6	*
wolfSSL	15:117db924cf7c	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	15:117db924cf7c	8	* it under the terms of the GNU General Public License as published by
wolfSSL	15:117db924cf7c	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	15:117db924cf7c	10	* (at your option) any later version.
wolfSSL	15:117db924cf7c	11	*
wolfSSL	15:117db924cf7c	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	15:117db924cf7c	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	15:117db924cf7c	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	15:117db924cf7c	15	* GNU General Public License for more details.
wolfSSL	15:117db924cf7c	16	*
wolfSSL	15:117db924cf7c	17	* You should have received a copy of the GNU General Public License
wolfSSL	15:117db924cf7c	18	* along with this program; if not, write to the Free Software
wolfSSL	15:117db924cf7c	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	15:117db924cf7c	20	*/
wolfSSL	15:117db924cf7c	21
wolfSSL	15:117db924cf7c	22
wolfSSL	15:117db924cf7c	23
wolfSSL	15:117db924cf7c	24	#ifdef HAVE_CONFIG_H
wolfSSL	15:117db924cf7c	25	#include <config.h>
wolfSSL	15:117db924cf7c	26	#endif
wolfSSL	15:117db924cf7c	27
wolfSSL	15:117db924cf7c	28	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	15:117db924cf7c	29
wolfSSL	16:8e0d178b1d1e	30	/*
wolfSSL	16:8e0d178b1d1e	31	* WOLFSSL_SMALL_CERT_VERIFY:
wolfSSL	16:8e0d178b1d1e	32	* Verify the certificate signature without using DecodedCert. Doubles up
wolfSSL	16:8e0d178b1d1e	33	* on some code but allows smaller peak heap memory usage.
wolfSSL	16:8e0d178b1d1e	34	* Cannot be used with WOLFSSL_NONBLOCK_OCSP.
wolfSSL	16:8e0d178b1d1e	35	* WOLFSSL_ALT_CERT_CHAINS:
wolfSSL	16:8e0d178b1d1e	36	* Allows CA's to be presented by peer, but not part of a valid chain.
wolfSSL	16:8e0d178b1d1e	37	* Default wolfSSL behavior is to require validation of all presented peer
wolfSSL	16:8e0d178b1d1e	38	* certificates. This also allows loading intermediate CA's as trusted
wolfSSL	16:8e0d178b1d1e	39	* and ignoring no signer failures for CA's up the chain to root.
wolfSSL	16:8e0d178b1d1e	40	*/
wolfSSL	16:8e0d178b1d1e	41
wolfSSL	16:8e0d178b1d1e	42
wolfSSL	16:8e0d178b1d1e	43	#ifdef EXTERNAL_OPTS_OPENVPN
wolfSSL	16:8e0d178b1d1e	44	#error EXTERNAL_OPTS_OPENVPN should not be defined\
wolfSSL	16:8e0d178b1d1e	45	when building wolfSSL
wolfSSL	16:8e0d178b1d1e	46	#endif
wolfSSL	16:8e0d178b1d1e	47
wolfSSL	15:117db924cf7c	48	#ifndef WOLFCRYPT_ONLY
wolfSSL	15:117db924cf7c	49
wolfSSL	15:117db924cf7c	50	#include <wolfssl/internal.h>
wolfSSL	15:117db924cf7c	51	#include <wolfssl/error-ssl.h>
wolfSSL	15:117db924cf7c	52	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	15:117db924cf7c	53	#include <wolfssl/wolfcrypt/dh.h>
wolfSSL	15:117db924cf7c	54	#ifdef NO_INLINE
wolfSSL	15:117db924cf7c	55	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	15:117db924cf7c	56	#else
wolfSSL	15:117db924cf7c	57	#define WOLFSSL_MISC_INCLUDED
wolfSSL	15:117db924cf7c	58	#include <wolfcrypt/src/misc.c>
wolfSSL	15:117db924cf7c	59	#endif
wolfSSL	15:117db924cf7c	60	#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA)
wolfSSL	15:117db924cf7c	61	#include <wolfssl/wolfcrypt/srp.h>
wolfSSL	15:117db924cf7c	62	#endif
wolfSSL	15:117db924cf7c	63
wolfSSL	15:117db924cf7c	64	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	65	#include "zlib.h"
wolfSSL	15:117db924cf7c	66	#endif
wolfSSL	15:117db924cf7c	67
wolfSSL	15:117db924cf7c	68	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	69	#include "libntruencrypt/ntru_crypto.h"
wolfSSL	15:117db924cf7c	70	#endif
wolfSSL	15:117db924cf7c	71
wolfSSL	15:117db924cf7c	72	#if defined(DEBUG_WOLFSSL) \|\| defined(SHOW_SECRETS) \|\| \
wolfSSL	15:117db924cf7c	73	defined(CHACHA_AEAD_TEST) \|\| defined(WOLFSSL_SESSION_EXPORT_DEBUG)
wolfSSL	16:8e0d178b1d1e	74	#ifndef NO_STDIO_FILESYSTEM
wolfSSL	15:117db924cf7c	75	#include <stdio.h>
wolfSSL	15:117db924cf7c	76	#endif
wolfSSL	15:117db924cf7c	77	#endif
wolfSSL	15:117db924cf7c	78
wolfSSL	15:117db924cf7c	79	#ifdef __sun
wolfSSL	15:117db924cf7c	80	#include <sys/filio.h>
wolfSSL	15:117db924cf7c	81	#endif
wolfSSL	15:117db924cf7c	82
wolfSSL	15:117db924cf7c	83
wolfSSL	15:117db924cf7c	84	#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
wolfSSL	15:117db924cf7c	85
wolfSSL	15:117db924cf7c	86	#ifdef _MSC_VER
wolfSSL	15:117db924cf7c	87	/* disable for while(0) cases at the .c level for now */
wolfSSL	15:117db924cf7c	88	#pragma warning(disable:4127)
wolfSSL	15:117db924cf7c	89	#endif
wolfSSL	15:117db924cf7c	90
wolfSSL	15:117db924cf7c	91	#if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL	15:117db924cf7c	92	#error \
wolfSSL	15:117db924cf7c	93	WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL	15:117db924cf7c	94	#endif
wolfSSL	15:117db924cf7c	95
wolfSSL	15:117db924cf7c	96	#if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
wolfSSL	15:117db924cf7c	97	#error Cannot use both secure-renegotiation and renegotiation-indication
wolfSSL	15:117db924cf7c	98	#endif
wolfSSL	15:117db924cf7c	99
wolfSSL	15:117db924cf7c	100	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	101
wolfSSL	15:117db924cf7c	102	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	103	static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	104	word32);
wolfSSL	15:117db924cf7c	105	static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	106	word32);
wolfSSL	15:117db924cf7c	107	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	108	static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	109	word32);
wolfSSL	15:117db924cf7c	110	#endif
wolfSSL	15:117db924cf7c	111	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	112	static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL	15:117db924cf7c	113	word32);
wolfSSL	15:117db924cf7c	114	#endif
wolfSSL	15:117db924cf7c	115	#endif
wolfSSL	15:117db924cf7c	116
wolfSSL	15:117db924cf7c	117
wolfSSL	15:117db924cf7c	118	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	119	static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
wolfSSL	16:8e0d178b1d1e	120	#if (!defined(NO_RSA) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	121	defined(HAVE_ED448)) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	122	static int DoCertificateVerify(WOLFSSL* ssl, byte, word32, word32);
wolfSSL	15:117db924cf7c	123	#endif
wolfSSL	15:117db924cf7c	124	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	125	static int SendHelloVerifyRequest(WOLFSSL, const byte, byte);
wolfSSL	15:117db924cf7c	126	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	127	#endif
wolfSSL	15:117db924cf7c	128
wolfSSL	15:117db924cf7c	129	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	130
wolfSSL	15:117db924cf7c	131	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	132	static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	133	static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	134	#endif
wolfSSL	15:117db924cf7c	135
wolfSSL	15:117db924cf7c	136
wolfSSL	15:117db924cf7c	137	enum processReply {
wolfSSL	15:117db924cf7c	138	doProcessInit = 0,
wolfSSL	15:117db924cf7c	139	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	140	runProcessOldClientHello,
wolfSSL	15:117db924cf7c	141	#endif
wolfSSL	15:117db924cf7c	142	getRecordLayerHeader,
wolfSSL	15:117db924cf7c	143	getData,
wolfSSL	16:8e0d178b1d1e	144	verifyEncryptedMessage,
wolfSSL	15:117db924cf7c	145	decryptMessage,
wolfSSL	15:117db924cf7c	146	verifyMessage,
wolfSSL	15:117db924cf7c	147	runProcessingOneMessage
wolfSSL	15:117db924cf7c	148	};
wolfSSL	15:117db924cf7c	149
wolfSSL	15:117db924cf7c	150
wolfSSL	15:117db924cf7c	151	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	152	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_WOLFSSL_CLIENT)
wolfSSL	15:117db924cf7c	153
wolfSSL	15:117db924cf7c	154	/* Server random bytes for TLS v1.3 described downgrade protection mechanism. */
wolfSSL	15:117db924cf7c	155	static const byte tls13Downgrade[7] = {
wolfSSL	16:8e0d178b1d1e	156	0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44
wolfSSL	15:117db924cf7c	157	};
wolfSSL	15:117db924cf7c	158	#define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade)
wolfSSL	15:117db924cf7c	159
wolfSSL	15:117db924cf7c	160	#endif /* !NO_WOLFSSL_SERVER \|\| !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	161
wolfSSL	16:8e0d178b1d1e	162	#if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	15:117db924cf7c	163	static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	15:117db924cf7c	164	int padSz, int content, int verify);
wolfSSL	15:117db924cf7c	165
wolfSSL	15:117db924cf7c	166	#endif
wolfSSL	15:117db924cf7c	167
wolfSSL	15:117db924cf7c	168	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	169
wolfSSL	15:117db924cf7c	170	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	171	int QSH_Init(WOLFSSL* ssl);
wolfSSL	15:117db924cf7c	172	#endif
wolfSSL	15:117db924cf7c	173
wolfSSL	16:8e0d178b1d1e	174	#ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL	16:8e0d178b1d1e	175	int tsip_useable(const WOLFSSL *ssl);
wolfSSL	16:8e0d178b1d1e	176	int tsip_generatePremasterSecret();
wolfSSL	16:8e0d178b1d1e	177	int tsip_generateEncryptPreMasterSecret(WOLFSSL ssl, byte out, word32 *outSz);
wolfSSL	16:8e0d178b1d1e	178	#endif
wolfSSL	15:117db924cf7c	179	int IsTLS(const WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	180	{
wolfSSL	15:117db924cf7c	181	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL	15:117db924cf7c	182	return 1;
wolfSSL	15:117db924cf7c	183
wolfSSL	15:117db924cf7c	184	return 0;
wolfSSL	15:117db924cf7c	185	}
wolfSSL	15:117db924cf7c	186
wolfSSL	15:117db924cf7c	187
wolfSSL	15:117db924cf7c	188	int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	189	{
wolfSSL	15:117db924cf7c	190	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL	15:117db924cf7c	191	return 1;
wolfSSL	15:117db924cf7c	192	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	193	if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL	15:117db924cf7c	194	return 1;
wolfSSL	15:117db924cf7c	195	#endif
wolfSSL	15:117db924cf7c	196
wolfSSL	15:117db924cf7c	197	return 0;
wolfSSL	15:117db924cf7c	198	}
wolfSSL	15:117db924cf7c	199
wolfSSL	15:117db924cf7c	200	int IsAtLeastTLSv1_3(const ProtocolVersion pv)
wolfSSL	15:117db924cf7c	201	{
wolfSSL	15:117db924cf7c	202	return (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR);
wolfSSL	15:117db924cf7c	203	}
wolfSSL	15:117db924cf7c	204
wolfSSL	15:117db924cf7c	205	static WC_INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
wolfSSL	15:117db924cf7c	206	{
wolfSSL	15:117db924cf7c	207	(void)isSend;
wolfSSL	15:117db924cf7c	208
wolfSSL	15:117db924cf7c	209	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	210	/* For DTLS, epoch 0 is always not encrypted. */
wolfSSL	15:117db924cf7c	211	if (ssl->options.dtls && !isSend && ssl->keys.curEpoch == 0)
wolfSSL	15:117db924cf7c	212	return 0;
wolfSSL	15:117db924cf7c	213	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	214
wolfSSL	16:8e0d178b1d1e	215	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	216	if (isSend)
wolfSSL	16:8e0d178b1d1e	217	return ssl->encrypt.setup;
wolfSSL	16:8e0d178b1d1e	218	else
wolfSSL	16:8e0d178b1d1e	219	return ssl->decrypt.setup;
wolfSSL	16:8e0d178b1d1e	220	#else
wolfSSL	15:117db924cf7c	221	return ssl->keys.encryptionOn;
wolfSSL	16:8e0d178b1d1e	222	#endif
wolfSSL	16:8e0d178b1d1e	223	}
wolfSSL	16:8e0d178b1d1e	224
wolfSSL	16:8e0d178b1d1e	225
wolfSSL	16:8e0d178b1d1e	226	#if defined(WOLFSSL_DTLS) \|\| !defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	227	/* If SCTP is not enabled returns the state of the dtls option.
wolfSSL	15:117db924cf7c	228	* If SCTP is enabled returns dtls && !sctp. */
wolfSSL	15:117db924cf7c	229	static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	230	{
wolfSSL	15:117db924cf7c	231	int result = ssl->options.dtls;
wolfSSL	15:117db924cf7c	232
wolfSSL	15:117db924cf7c	233	if (result) {
wolfSSL	15:117db924cf7c	234	#ifdef WOLFSSL_SCTP
wolfSSL	15:117db924cf7c	235	result = !ssl->options.dtlsSctp;
wolfSSL	15:117db924cf7c	236	#endif
wolfSSL	15:117db924cf7c	237	}
wolfSSL	15:117db924cf7c	238
wolfSSL	15:117db924cf7c	239	return result;
wolfSSL	15:117db924cf7c	240	}
wolfSSL	16:8e0d178b1d1e	241	#endif /* DTLS \|\| !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	242
wolfSSL	15:117db924cf7c	243
wolfSSL	15:117db924cf7c	244	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	245	/* free all structs that where used with QSH */
wolfSSL	15:117db924cf7c	246	static int QSH_FreeAll(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	247	{
wolfSSL	15:117db924cf7c	248	QSHKey* key = ssl->QSH_Key;
wolfSSL	15:117db924cf7c	249	QSHKey* preKey = NULL;
wolfSSL	15:117db924cf7c	250	QSHSecret* secret = ssl->QSH_secret;
wolfSSL	15:117db924cf7c	251	QSHScheme* list = NULL;
wolfSSL	15:117db924cf7c	252	QSHScheme* preList = NULL;
wolfSSL	15:117db924cf7c	253
wolfSSL	15:117db924cf7c	254	/* free elements in struct */
wolfSSL	15:117db924cf7c	255	while (key) {
wolfSSL	15:117db924cf7c	256	preKey = key;
wolfSSL	15:117db924cf7c	257	if (key->pri.buffer) {
wolfSSL	15:117db924cf7c	258	ForceZero(key->pri.buffer, key->pri.length);
wolfSSL	15:117db924cf7c	259	XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL	15:117db924cf7c	260	}
wolfSSL	15:117db924cf7c	261	if (key->pub.buffer)
wolfSSL	15:117db924cf7c	262	XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	263	key = (QSHKey*)key->next;
wolfSSL	15:117db924cf7c	264
wolfSSL	15:117db924cf7c	265	/* free struct */
wolfSSL	15:117db924cf7c	266	XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL	15:117db924cf7c	267	}
wolfSSL	15:117db924cf7c	268
wolfSSL	15:117db924cf7c	269
wolfSSL	15:117db924cf7c	270	/* free all of peers QSH keys */
wolfSSL	15:117db924cf7c	271	key = ssl->peerQSHKey;
wolfSSL	15:117db924cf7c	272	while (key) {
wolfSSL	15:117db924cf7c	273	preKey = key;
wolfSSL	15:117db924cf7c	274	if (key->pri.buffer) {
wolfSSL	15:117db924cf7c	275	ForceZero(key->pri.buffer, key->pri.length);
wolfSSL	15:117db924cf7c	276	XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL	15:117db924cf7c	277	}
wolfSSL	15:117db924cf7c	278	if (key->pub.buffer)
wolfSSL	15:117db924cf7c	279	XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	280	key = (QSHKey*)key->next;
wolfSSL	15:117db924cf7c	281
wolfSSL	15:117db924cf7c	282	/* free struct */
wolfSSL	15:117db924cf7c	283	XFREE(preKey, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL	15:117db924cf7c	284	}
wolfSSL	15:117db924cf7c	285	key = NULL;
wolfSSL	15:117db924cf7c	286
wolfSSL	15:117db924cf7c	287	/* free secret information */
wolfSSL	15:117db924cf7c	288	if (secret) {
wolfSSL	15:117db924cf7c	289	/* free up the QSHScheme list in QSHSecret */
wolfSSL	15:117db924cf7c	290	if (secret->list)
wolfSSL	15:117db924cf7c	291	list = secret->list;
wolfSSL	15:117db924cf7c	292	while (list) {
wolfSSL	15:117db924cf7c	293	preList = list;
wolfSSL	15:117db924cf7c	294	if (list->PK)
wolfSSL	15:117db924cf7c	295	XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	296	list = (QSHScheme*)list->next;
wolfSSL	15:117db924cf7c	297	XFREE(preList, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL	15:117db924cf7c	298	}
wolfSSL	15:117db924cf7c	299
wolfSSL	15:117db924cf7c	300	/* free secret buffers */
wolfSSL	15:117db924cf7c	301	if (secret->SerSi) {
wolfSSL	15:117db924cf7c	302	if (secret->SerSi->buffer) {
wolfSSL	15:117db924cf7c	303	/* clear extra secret material that supplemented Master Secret*/
wolfSSL	15:117db924cf7c	304	ForceZero(secret->SerSi->buffer, secret->SerSi->length);
wolfSSL	15:117db924cf7c	305	XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	306	}
wolfSSL	15:117db924cf7c	307	XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	308	}
wolfSSL	15:117db924cf7c	309	if (secret->CliSi) {
wolfSSL	15:117db924cf7c	310	if (secret->CliSi->buffer) {
wolfSSL	15:117db924cf7c	311	/* clear extra secret material that supplemented Master Secret*/
wolfSSL	15:117db924cf7c	312	ForceZero(secret->CliSi->buffer, secret->CliSi->length);
wolfSSL	15:117db924cf7c	313	XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	314	}
wolfSSL	15:117db924cf7c	315	XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	316	}
wolfSSL	15:117db924cf7c	317	}
wolfSSL	15:117db924cf7c	318	XFREE(secret, ssl->heap, DYNAMIC_TYPE_QSH);
wolfSSL	15:117db924cf7c	319	secret = NULL;
wolfSSL	15:117db924cf7c	320
wolfSSL	15:117db924cf7c	321	return 0;
wolfSSL	15:117db924cf7c	322	}
wolfSSL	15:117db924cf7c	323	#endif
wolfSSL	15:117db924cf7c	324
wolfSSL	15:117db924cf7c	325
wolfSSL	15:117db924cf7c	326	#ifdef HAVE_NTRU
wolfSSL	16:8e0d178b1d1e	327	static WOLFSSL_GLOBAL WC_RNG* rng;
wolfSSL	16:8e0d178b1d1e	328	static WOLFSSL_GLOBAL wolfSSL_Mutex* rngMutex;
wolfSSL	15:117db924cf7c	329
wolfSSL	15:117db924cf7c	330	static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL	15:117db924cf7c	331	{
wolfSSL	15:117db924cf7c	332	int ret = 0;
wolfSSL	15:117db924cf7c	333
wolfSSL	15:117db924cf7c	334	if (rng == NULL) {
wolfSSL	15:117db924cf7c	335	if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
wolfSSL	15:117db924cf7c	336	DYNAMIC_TYPE_RNG)) == NULL)
wolfSSL	15:117db924cf7c	337	return DRBG_OUT_OF_MEMORY;
wolfSSL	15:117db924cf7c	338	wc_InitRng(rng);
wolfSSL	15:117db924cf7c	339	}
wolfSSL	15:117db924cf7c	340
wolfSSL	15:117db924cf7c	341	if (rngMutex == NULL) {
wolfSSL	15:117db924cf7c	342	if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
wolfSSL	15:117db924cf7c	343	DYNAMIC_TYPE_MUTEX)) == NULL)
wolfSSL	15:117db924cf7c	344	return DRBG_OUT_OF_MEMORY;
wolfSSL	15:117db924cf7c	345	wc_InitMutex(rngMutex);
wolfSSL	15:117db924cf7c	346	}
wolfSSL	15:117db924cf7c	347
wolfSSL	15:117db924cf7c	348	ret \|= wc_LockMutex(rngMutex);
wolfSSL	15:117db924cf7c	349	ret \|= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL	15:117db924cf7c	350	ret \|= wc_UnLockMutex(rngMutex);
wolfSSL	15:117db924cf7c	351
wolfSSL	15:117db924cf7c	352	if (ret != 0)
wolfSSL	15:117db924cf7c	353	return DRBG_ENTROPY_FAIL;
wolfSSL	15:117db924cf7c	354
wolfSSL	15:117db924cf7c	355	return DRBG_OK;
wolfSSL	15:117db924cf7c	356	}
wolfSSL	15:117db924cf7c	357	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	358
wolfSSL	15:117db924cf7c	359	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	360
wolfSSL	15:117db924cf7c	361	/* alloc user allocs to work with zlib */
wolfSSL	15:117db924cf7c	362	static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL	15:117db924cf7c	363	{
wolfSSL	15:117db924cf7c	364	(void)opaque;
wolfSSL	15:117db924cf7c	365	return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	15:117db924cf7c	366	}
wolfSSL	15:117db924cf7c	367
wolfSSL	15:117db924cf7c	368
wolfSSL	15:117db924cf7c	369	static void myFree(void* opaque, void* memory)
wolfSSL	15:117db924cf7c	370	{
wolfSSL	15:117db924cf7c	371	(void)opaque;
wolfSSL	15:117db924cf7c	372	XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	15:117db924cf7c	373	}
wolfSSL	15:117db924cf7c	374
wolfSSL	15:117db924cf7c	375
wolfSSL	15:117db924cf7c	376	/* init zlib comp/decomp streams, 0 on success */
wolfSSL	15:117db924cf7c	377	static int InitStreams(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	378	{
wolfSSL	15:117db924cf7c	379	ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	15:117db924cf7c	380	ssl->c_stream.zfree = (free_func)myFree;
wolfSSL	15:117db924cf7c	381	ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL	15:117db924cf7c	382
wolfSSL	15:117db924cf7c	383	if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL	15:117db924cf7c	384	return ZLIB_INIT_ERROR;
wolfSSL	15:117db924cf7c	385
wolfSSL	15:117db924cf7c	386	ssl->didStreamInit = 1;
wolfSSL	15:117db924cf7c	387
wolfSSL	15:117db924cf7c	388	ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	15:117db924cf7c	389	ssl->d_stream.zfree = (free_func)myFree;
wolfSSL	15:117db924cf7c	390	ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL	15:117db924cf7c	391
wolfSSL	15:117db924cf7c	392	if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL	15:117db924cf7c	393
wolfSSL	15:117db924cf7c	394	return 0;
wolfSSL	15:117db924cf7c	395	}
wolfSSL	15:117db924cf7c	396
wolfSSL	15:117db924cf7c	397
wolfSSL	15:117db924cf7c	398	static void FreeStreams(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	399	{
wolfSSL	15:117db924cf7c	400	if (ssl->didStreamInit) {
wolfSSL	15:117db924cf7c	401	deflateEnd(&ssl->c_stream);
wolfSSL	15:117db924cf7c	402	inflateEnd(&ssl->d_stream);
wolfSSL	15:117db924cf7c	403	}
wolfSSL	15:117db924cf7c	404	}
wolfSSL	15:117db924cf7c	405
wolfSSL	15:117db924cf7c	406
wolfSSL	15:117db924cf7c	407	/* compress in to out, return out size or error */
wolfSSL	15:117db924cf7c	408	static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL	15:117db924cf7c	409	{
wolfSSL	15:117db924cf7c	410	int err;
wolfSSL	15:117db924cf7c	411	int currTotal = (int)ssl->c_stream.total_out;
wolfSSL	15:117db924cf7c	412
wolfSSL	15:117db924cf7c	413	ssl->c_stream.next_in = in;
wolfSSL	15:117db924cf7c	414	ssl->c_stream.avail_in = inSz;
wolfSSL	15:117db924cf7c	415	ssl->c_stream.next_out = out;
wolfSSL	15:117db924cf7c	416	ssl->c_stream.avail_out = outSz;
wolfSSL	15:117db924cf7c	417
wolfSSL	15:117db924cf7c	418	err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL	15:117db924cf7c	419	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL	15:117db924cf7c	420
wolfSSL	15:117db924cf7c	421	return (int)ssl->c_stream.total_out - currTotal;
wolfSSL	15:117db924cf7c	422	}
wolfSSL	15:117db924cf7c	423
wolfSSL	15:117db924cf7c	424
wolfSSL	15:117db924cf7c	425	/* decompress in to out, return out size or error */
wolfSSL	15:117db924cf7c	426	static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL	15:117db924cf7c	427	{
wolfSSL	15:117db924cf7c	428	int err;
wolfSSL	15:117db924cf7c	429	int currTotal = (int)ssl->d_stream.total_out;
wolfSSL	15:117db924cf7c	430
wolfSSL	15:117db924cf7c	431	ssl->d_stream.next_in = in;
wolfSSL	15:117db924cf7c	432	ssl->d_stream.avail_in = inSz;
wolfSSL	15:117db924cf7c	433	ssl->d_stream.next_out = out;
wolfSSL	15:117db924cf7c	434	ssl->d_stream.avail_out = outSz;
wolfSSL	15:117db924cf7c	435
wolfSSL	15:117db924cf7c	436	err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL	15:117db924cf7c	437	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL	15:117db924cf7c	438
wolfSSL	15:117db924cf7c	439	return (int)ssl->d_stream.total_out - currTotal;
wolfSSL	15:117db924cf7c	440	}
wolfSSL	15:117db924cf7c	441
wolfSSL	15:117db924cf7c	442	#endif /* HAVE_LIBZ */
wolfSSL	15:117db924cf7c	443
wolfSSL	15:117db924cf7c	444
wolfSSL	15:117db924cf7c	445	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	446	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	447	/* serializes the cipher specs struct for exporting */
wolfSSL	15:117db924cf7c	448	static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	449	{
wolfSSL	15:117db924cf7c	450	word32 idx = 0;
wolfSSL	15:117db924cf7c	451	CipherSpecs* specs;
wolfSSL	15:117db924cf7c	452
wolfSSL	15:117db924cf7c	453	WOLFSSL_ENTER("ExportCipherSpecState");
wolfSSL	15:117db924cf7c	454
wolfSSL	15:117db924cf7c	455	if (exp == NULL \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	456	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	457	}
wolfSSL	15:117db924cf7c	458
wolfSSL	15:117db924cf7c	459	specs= &(ssl->specs);
wolfSSL	15:117db924cf7c	460
wolfSSL	15:117db924cf7c	461	if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL	15:117db924cf7c	462	return BUFFER_E;
wolfSSL	15:117db924cf7c	463	}
wolfSSL	15:117db924cf7c	464
wolfSSL	15:117db924cf7c	465	XMEMSET(exp, 0, DTLS_EXPORT_SPC_SZ);
wolfSSL	15:117db924cf7c	466
wolfSSL	15:117db924cf7c	467	c16toa(specs->key_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	468	c16toa(specs->iv_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	469	c16toa(specs->block_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	470	c16toa(specs->aead_mac_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	471	exp[idx++] = specs->bulk_cipher_algorithm;
wolfSSL	15:117db924cf7c	472	exp[idx++] = specs->cipher_type;
wolfSSL	15:117db924cf7c	473	exp[idx++] = specs->mac_algorithm;
wolfSSL	15:117db924cf7c	474	exp[idx++] = specs->kea;
wolfSSL	15:117db924cf7c	475	exp[idx++] = specs->sig_algo;
wolfSSL	15:117db924cf7c	476	exp[idx++] = specs->hash_size;
wolfSSL	15:117db924cf7c	477	exp[idx++] = specs->pad_size;
wolfSSL	15:117db924cf7c	478	exp[idx++] = specs->static_ecdh;
wolfSSL	15:117db924cf7c	479
wolfSSL	15:117db924cf7c	480	if (idx != DTLS_EXPORT_SPC_SZ) {
wolfSSL	15:117db924cf7c	481	WOLFSSL_MSG("DTLS_EXPORT_SPC_SZ needs updated and export version");
wolfSSL	15:117db924cf7c	482	return DTLS_EXPORT_VER_E;
wolfSSL	15:117db924cf7c	483	}
wolfSSL	15:117db924cf7c	484
wolfSSL	15:117db924cf7c	485	WOLFSSL_LEAVE("ExportCipherSpecState", idx);
wolfSSL	15:117db924cf7c	486	(void)ver;
wolfSSL	15:117db924cf7c	487	return idx;
wolfSSL	15:117db924cf7c	488	}
wolfSSL	15:117db924cf7c	489
wolfSSL	15:117db924cf7c	490
wolfSSL	15:117db924cf7c	491	/* serializes the key struct for exporting */
wolfSSL	16:8e0d178b1d1e	492	static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver,
wolfSSL	16:8e0d178b1d1e	493	byte small)
wolfSSL	15:117db924cf7c	494	{
wolfSSL	15:117db924cf7c	495	word32 idx = 0;
wolfSSL	15:117db924cf7c	496	byte sz;
wolfSSL	15:117db924cf7c	497	Keys* keys;
wolfSSL	15:117db924cf7c	498
wolfSSL	15:117db924cf7c	499	WOLFSSL_ENTER("ExportKeyState");
wolfSSL	15:117db924cf7c	500
wolfSSL	15:117db924cf7c	501	if (exp == NULL \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	502	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	503	}
wolfSSL	15:117db924cf7c	504
wolfSSL	15:117db924cf7c	505	keys = &(ssl->keys);
wolfSSL	15:117db924cf7c	506
wolfSSL	16:8e0d178b1d1e	507	if (DTLS_EXPORT_MIN_KEY_SZ > len) {
wolfSSL	16:8e0d178b1d1e	508	WOLFSSL_MSG("Buffer not large enough for minimum key struct size");
wolfSSL	16:8e0d178b1d1e	509	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	510	}
wolfSSL	16:8e0d178b1d1e	511
wolfSSL	16:8e0d178b1d1e	512	XMEMSET(exp, 0, DTLS_EXPORT_MIN_KEY_SZ);
wolfSSL	15:117db924cf7c	513
wolfSSL	15:117db924cf7c	514	c32toa(keys->peer_sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	515	c32toa(keys->peer_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	516	c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	517	c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	518
wolfSSL	15:117db924cf7c	519	c16toa(keys->peerSeq[0].nextEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	520	c16toa(keys->peerSeq[0].nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	521	c32toa(keys->peerSeq[0].nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	522	c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	523	c16toa(keys->curSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	524	c32toa(keys->curSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	525	c16toa(keys->peerSeq[0].prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	526	c32toa(keys->peerSeq[0].prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	527
wolfSSL	15:117db924cf7c	528	c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	529	c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
wolfSSL	15:117db924cf7c	530	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	531
wolfSSL	15:117db924cf7c	532	c16toa(keys->dtls_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	533	c32toa(keys->dtls_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	534	c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	535	c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	536	c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	537	c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	538	c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	539	c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	540	exp[idx++] = keys->encryptionOn;
wolfSSL	15:117db924cf7c	541	exp[idx++] = keys->decryptedCur;
wolfSSL	15:117db924cf7c	542
wolfSSL	16:8e0d178b1d1e	543	/* from here on the buffer needs checked because is variable length that
wolfSSL	16:8e0d178b1d1e	544	* can be larger than DTLS_EXPORT_MIN_KEY_SZ */
wolfSSL	15:117db924cf7c	545	{
wolfSSL	15:117db924cf7c	546	word32 i;
wolfSSL	16:8e0d178b1d1e	547	if ((OPAQUE16_LEN * 2) + idx +
wolfSSL	16:8e0d178b1d1e	548	(2 * (WOLFSSL_DTLS_WINDOW_WORDS * OPAQUE32_LEN)) > len) {
wolfSSL	16:8e0d178b1d1e	549	WOLFSSL_MSG("Buffer not large enough for WOLFSSL_DTLS_WINDOW_WORDS");
wolfSSL	16:8e0d178b1d1e	550	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	551	}
wolfSSL	15:117db924cf7c	552
wolfSSL	15:117db924cf7c	553	c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	554	for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL	15:117db924cf7c	555	c32toa(keys->peerSeq[0].window[i], exp + idx);
wolfSSL	15:117db924cf7c	556	idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	557	}
wolfSSL	15:117db924cf7c	558	c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	559	for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL	15:117db924cf7c	560	c32toa(keys->peerSeq[0].prevWindow[i], exp + idx);
wolfSSL	15:117db924cf7c	561	idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	562	}
wolfSSL	15:117db924cf7c	563	}
wolfSSL	15:117db924cf7c	564
wolfSSL	16:8e0d178b1d1e	565	if (idx >= len) {
wolfSSL	16:8e0d178b1d1e	566	WOLFSSL_MSG("Buffer not large enough for truncated hmac flag");
wolfSSL	16:8e0d178b1d1e	567	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	568	}
wolfSSL	16:8e0d178b1d1e	569
wolfSSL	15:117db924cf7c	570	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	571	sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	572	exp[idx++] = ssl->truncated_hmac;
wolfSSL	15:117db924cf7c	573	#else
wolfSSL	15:117db924cf7c	574	sz = ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	575	exp[idx++] = 0; /* no truncated hmac */
wolfSSL	15:117db924cf7c	576	#endif
wolfSSL	16:8e0d178b1d1e	577
wolfSSL	16:8e0d178b1d1e	578	sz = (small)? 0: sz;
wolfSSL	16:8e0d178b1d1e	579	if (idx + (sz * 2) + OPAQUE8_LEN > len) {
wolfSSL	16:8e0d178b1d1e	580	WOLFSSL_MSG("Buffer not large enough for MAC secret");
wolfSSL	16:8e0d178b1d1e	581	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	582	}
wolfSSL	16:8e0d178b1d1e	583
wolfSSL	15:117db924cf7c	584	exp[idx++] = sz;
wolfSSL	16:8e0d178b1d1e	585	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	586	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	587	XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	588	XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	589	#else
wolfSSL	16:8e0d178b1d1e	590	XMEMSET(exp + idx, 0, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	591	XMEMSET(exp + idx, 0, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	592	#endif
wolfSSL	16:8e0d178b1d1e	593	}
wolfSSL	16:8e0d178b1d1e	594
wolfSSL	16:8e0d178b1d1e	595	sz = (small)? 0: ssl->specs.key_size;
wolfSSL	16:8e0d178b1d1e	596	if (idx + (sz * 2) + OPAQUE8_LEN > len) {
wolfSSL	16:8e0d178b1d1e	597	WOLFSSL_MSG("Buffer not large enough for write key");
wolfSSL	16:8e0d178b1d1e	598	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	599	}
wolfSSL	16:8e0d178b1d1e	600
wolfSSL	15:117db924cf7c	601	exp[idx++] = sz;
wolfSSL	16:8e0d178b1d1e	602	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	603	XMEMCPY(exp + idx, keys->client_write_key, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	604	XMEMCPY(exp + idx, keys->server_write_key, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	605	}
wolfSSL	16:8e0d178b1d1e	606
wolfSSL	16:8e0d178b1d1e	607	sz = (small)? 0: ssl->specs.iv_size;
wolfSSL	16:8e0d178b1d1e	608	if (idx + (sz * 2) + OPAQUE8_LEN + AEAD_MAX_EXP_SZ > len) {
wolfSSL	16:8e0d178b1d1e	609	WOLFSSL_MSG("Buffer not large enough for IVs");
wolfSSL	16:8e0d178b1d1e	610	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	611	}
wolfSSL	16:8e0d178b1d1e	612
wolfSSL	16:8e0d178b1d1e	613	exp[idx++] = sz;
wolfSSL	16:8e0d178b1d1e	614	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	615	XMEMCPY(exp + idx, keys->client_write_IV, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	616	XMEMCPY(exp + idx, keys->server_write_IV, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	617	}
wolfSSL	15:117db924cf7c	618	XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
wolfSSL	15:117db924cf7c	619	idx += AEAD_MAX_EXP_SZ;
wolfSSL	15:117db924cf7c	620
wolfSSL	16:8e0d178b1d1e	621	sz = (small)? 0: AEAD_MAX_IMP_SZ;
wolfSSL	16:8e0d178b1d1e	622	if (idx + (sz * 2) + OPAQUE8_LEN > len) {
wolfSSL	16:8e0d178b1d1e	623	WOLFSSL_MSG("Buffer not large enough for imp IVs");
wolfSSL	16:8e0d178b1d1e	624	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	625	}
wolfSSL	15:117db924cf7c	626	exp[idx++] = sz;
wolfSSL	16:8e0d178b1d1e	627	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	628	XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	629	XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	630	}
wolfSSL	15:117db924cf7c	631
wolfSSL	15:117db924cf7c	632	/* DTLS_EXPORT_KEY_SZ is max value. idx size can vary */
wolfSSL	15:117db924cf7c	633	if (idx > DTLS_EXPORT_KEY_SZ) {
wolfSSL	15:117db924cf7c	634	WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version");
wolfSSL	15:117db924cf7c	635	return DTLS_EXPORT_VER_E;
wolfSSL	15:117db924cf7c	636	}
wolfSSL	15:117db924cf7c	637
wolfSSL	15:117db924cf7c	638	WOLFSSL_LEAVE("ExportKeyState", idx);
wolfSSL	15:117db924cf7c	639	(void)ver;
wolfSSL	15:117db924cf7c	640	return idx;
wolfSSL	15:117db924cf7c	641	}
wolfSSL	15:117db924cf7c	642
wolfSSL	15:117db924cf7c	643	static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	644	{
wolfSSL	15:117db924cf7c	645	word32 idx = 0;
wolfSSL	15:117db924cf7c	646	CipherSpecs* specs;
wolfSSL	15:117db924cf7c	647
wolfSSL	15:117db924cf7c	648	WOLFSSL_ENTER("ImportCipherSpecState");
wolfSSL	15:117db924cf7c	649
wolfSSL	15:117db924cf7c	650	if (exp == NULL \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	651	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	652	}
wolfSSL	15:117db924cf7c	653
wolfSSL	15:117db924cf7c	654	specs= &(ssl->specs);
wolfSSL	15:117db924cf7c	655
wolfSSL	15:117db924cf7c	656	if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL	15:117db924cf7c	657	WOLFSSL_MSG("Buffer not large enough for max spec struct size");
wolfSSL	15:117db924cf7c	658	return BUFFER_E;
wolfSSL	15:117db924cf7c	659	}
wolfSSL	15:117db924cf7c	660
wolfSSL	15:117db924cf7c	661	ato16(exp + idx, &specs->key_size); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	662	ato16(exp + idx, &specs->iv_size); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	663	ato16(exp + idx, &specs->block_size); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	664	ato16(exp + idx, &specs->aead_mac_size); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	665	specs->bulk_cipher_algorithm = exp[idx++];
wolfSSL	15:117db924cf7c	666	specs->cipher_type = exp[idx++];
wolfSSL	15:117db924cf7c	667	specs->mac_algorithm = exp[idx++];
wolfSSL	15:117db924cf7c	668	specs->kea = exp[idx++];
wolfSSL	15:117db924cf7c	669	specs->sig_algo = exp[idx++];
wolfSSL	15:117db924cf7c	670	specs->hash_size = exp[idx++];
wolfSSL	15:117db924cf7c	671	specs->pad_size = exp[idx++];
wolfSSL	15:117db924cf7c	672	specs->static_ecdh = exp[idx++];
wolfSSL	15:117db924cf7c	673
wolfSSL	15:117db924cf7c	674	WOLFSSL_LEAVE("ImportCipherSpecState", idx);
wolfSSL	15:117db924cf7c	675	(void)ver;
wolfSSL	15:117db924cf7c	676	return idx;
wolfSSL	15:117db924cf7c	677	}
wolfSSL	15:117db924cf7c	678
wolfSSL	15:117db924cf7c	679
wolfSSL	15:117db924cf7c	680	static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	681	{
wolfSSL	15:117db924cf7c	682	word32 idx = 0;
wolfSSL	15:117db924cf7c	683	byte sz;
wolfSSL	15:117db924cf7c	684	Keys* keys;
wolfSSL	15:117db924cf7c	685
wolfSSL	15:117db924cf7c	686	WOLFSSL_ENTER("ImportKeyState");
wolfSSL	15:117db924cf7c	687
wolfSSL	15:117db924cf7c	688	if (exp == NULL \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	689	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	690	}
wolfSSL	15:117db924cf7c	691
wolfSSL	15:117db924cf7c	692	keys = &(ssl->keys);
wolfSSL	15:117db924cf7c	693
wolfSSL	15:117db924cf7c	694	/* check minimum length -- includes byte used for size indicators */
wolfSSL	15:117db924cf7c	695	if (len < DTLS_EXPORT_MIN_KEY_SZ) {
wolfSSL	16:8e0d178b1d1e	696	WOLFSSL_MSG("Buffer not large enough for minimum expected size");
wolfSSL	15:117db924cf7c	697	return BUFFER_E;
wolfSSL	15:117db924cf7c	698	}
wolfSSL	15:117db924cf7c	699	ato32(exp + idx, &keys->peer_sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	700	ato32(exp + idx, &keys->peer_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	701	ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	702	ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	703
wolfSSL	15:117db924cf7c	704	ato16(exp + idx, &keys->peerSeq[0].nextEpoch); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	705	ato16(exp + idx, &keys->peerSeq[0].nextSeq_hi); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	706	ato32(exp + idx, &keys->peerSeq[0].nextSeq_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	707	ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	708	ato16(exp + idx, &keys->curSeq_hi); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	709	ato32(exp + idx, &keys->curSeq_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	710	ato16(exp + idx, &keys->peerSeq[0].prevSeq_hi); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	711	ato32(exp + idx, &keys->peerSeq[0].prevSeq_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	712
wolfSSL	15:117db924cf7c	713	ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	714	ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
wolfSSL	15:117db924cf7c	715	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	716
wolfSSL	15:117db924cf7c	717	ato16(exp + idx, &keys->dtls_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	718	ato32(exp + idx, &keys->dtls_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	719	ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	720	ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	721	ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	722	ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	723	ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	724	ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	725	keys->encryptionOn = exp[idx++];
wolfSSL	15:117db924cf7c	726	keys->decryptedCur = exp[idx++];
wolfSSL	15:117db924cf7c	727
wolfSSL	15:117db924cf7c	728	{
wolfSSL	15:117db924cf7c	729	word16 i, wordCount, wordAdj = 0;
wolfSSL	15:117db924cf7c	730
wolfSSL	15:117db924cf7c	731	/* do window */
wolfSSL	15:117db924cf7c	732	ato16(exp + idx, &wordCount);
wolfSSL	15:117db924cf7c	733	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	734
wolfSSL	15:117db924cf7c	735	if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL	15:117db924cf7c	736	wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL	15:117db924cf7c	737	wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL	15:117db924cf7c	738	}
wolfSSL	15:117db924cf7c	739
wolfSSL	15:117db924cf7c	740	XMEMSET(keys->peerSeq[0].window, 0xFF, DTLS_SEQ_SZ);
wolfSSL	15:117db924cf7c	741	for (i = 0; i < wordCount; i++) {
wolfSSL	15:117db924cf7c	742	ato32(exp + idx, &keys->peerSeq[0].window[i]);
wolfSSL	15:117db924cf7c	743	idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	744	}
wolfSSL	15:117db924cf7c	745	idx += wordAdj;
wolfSSL	15:117db924cf7c	746
wolfSSL	15:117db924cf7c	747	/* do prevWindow */
wolfSSL	15:117db924cf7c	748	ato16(exp + idx, &wordCount);
wolfSSL	15:117db924cf7c	749	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	750
wolfSSL	15:117db924cf7c	751	if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL	15:117db924cf7c	752	wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL	15:117db924cf7c	753	wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL	15:117db924cf7c	754	}
wolfSSL	15:117db924cf7c	755
wolfSSL	15:117db924cf7c	756	XMEMSET(keys->peerSeq[0].prevWindow, 0xFF, DTLS_SEQ_SZ);
wolfSSL	15:117db924cf7c	757	for (i = 0; i < wordCount; i++) {
wolfSSL	15:117db924cf7c	758	ato32(exp + idx, &keys->peerSeq[0].prevWindow[i]);
wolfSSL	15:117db924cf7c	759	idx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	760	}
wolfSSL	15:117db924cf7c	761	idx += wordAdj;
wolfSSL	15:117db924cf7c	762
wolfSSL	15:117db924cf7c	763	}
wolfSSL	15:117db924cf7c	764
wolfSSL	15:117db924cf7c	765	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	766	ssl->truncated_hmac = exp[idx++];
wolfSSL	15:117db924cf7c	767	#else
wolfSSL	15:117db924cf7c	768	idx++; /* no truncated hmac */
wolfSSL	15:117db924cf7c	769	#endif
wolfSSL	15:117db924cf7c	770	sz = exp[idx++];
wolfSSL	16:8e0d178b1d1e	771	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	772	if (sz > sizeof(keys->client_write_MAC_secret) \|\| (sz * 2) + idx > len) {
wolfSSL	16:8e0d178b1d1e	773	WOLFSSL_MSG("Buffer not large enough for MAC import");
wolfSSL	16:8e0d178b1d1e	774	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	775	}
wolfSSL	16:8e0d178b1d1e	776	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	777	XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	778	XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	779	}
wolfSSL	16:8e0d178b1d1e	780	#else
wolfSSL	16:8e0d178b1d1e	781	if (sz + idx > len) {
wolfSSL	16:8e0d178b1d1e	782	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	783	}
wolfSSL	16:8e0d178b1d1e	784	idx += sz; idx += sz;
wolfSSL	16:8e0d178b1d1e	785	#endif
wolfSSL	15:117db924cf7c	786
wolfSSL	15:117db924cf7c	787	sz = exp[idx++];
wolfSSL	16:8e0d178b1d1e	788	if (sz > sizeof(keys->client_write_key) \|\| (sz * 2) + idx > len) {
wolfSSL	16:8e0d178b1d1e	789	WOLFSSL_MSG("Buffer not large enough for key import");
wolfSSL	16:8e0d178b1d1e	790	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	791	}
wolfSSL	16:8e0d178b1d1e	792	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	793	XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	794	XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	795	}
wolfSSL	15:117db924cf7c	796
wolfSSL	15:117db924cf7c	797	sz = exp[idx++];
wolfSSL	16:8e0d178b1d1e	798	if (sz > sizeof(keys->client_write_IV) \|\| (sz * 2) + idx > len) {
wolfSSL	16:8e0d178b1d1e	799	WOLFSSL_MSG("Buffer not large enough for write IV import");
wolfSSL	16:8e0d178b1d1e	800	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	801	}
wolfSSL	16:8e0d178b1d1e	802	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	803	XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	804	XMEMCPY(keys->server_write_IV, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	805	}
wolfSSL	15:117db924cf7c	806	XMEMCPY(keys->aead_exp_IV, exp + idx, AEAD_MAX_EXP_SZ);
wolfSSL	15:117db924cf7c	807	idx += AEAD_MAX_EXP_SZ;
wolfSSL	15:117db924cf7c	808
wolfSSL	15:117db924cf7c	809	sz = exp[idx++];
wolfSSL	16:8e0d178b1d1e	810	if (sz > sizeof(keys->aead_enc_imp_IV) \|\| (sz * 2) + idx > len) {
wolfSSL	16:8e0d178b1d1e	811	WOLFSSL_MSG("Buffer not large enough for imp IV import");
wolfSSL	16:8e0d178b1d1e	812	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	813	}
wolfSSL	16:8e0d178b1d1e	814	if (sz > 0) {
wolfSSL	16:8e0d178b1d1e	815	XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	816	XMEMCPY(keys->aead_dec_imp_IV, exp + idx, sz); idx += sz;
wolfSSL	16:8e0d178b1d1e	817	}
wolfSSL	15:117db924cf7c	818
wolfSSL	15:117db924cf7c	819	WOLFSSL_LEAVE("ImportKeyState", idx);
wolfSSL	15:117db924cf7c	820	(void)ver;
wolfSSL	15:117db924cf7c	821	return idx;
wolfSSL	15:117db924cf7c	822	}
wolfSSL	15:117db924cf7c	823
wolfSSL	15:117db924cf7c	824
wolfSSL	15:117db924cf7c	825	/* copy over necessary information from Options struct to buffer
wolfSSL	15:117db924cf7c	826	* On success returns size of buffer used on failure returns a negative value */
wolfSSL	15:117db924cf7c	827	static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	828	{
wolfSSL	15:117db924cf7c	829	int idx = 0;
wolfSSL	15:117db924cf7c	830	word16 zero = 0;
wolfSSL	15:117db924cf7c	831	Options* options = &ssl->options;
wolfSSL	15:117db924cf7c	832
wolfSSL	15:117db924cf7c	833	WOLFSSL_ENTER("dtls_export_new");
wolfSSL	15:117db924cf7c	834
wolfSSL	15:117db924cf7c	835	if (exp == NULL \|\| options == NULL \|\| len < DTLS_EXPORT_OPT_SZ) {
wolfSSL	15:117db924cf7c	836	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	837	}
wolfSSL	15:117db924cf7c	838
wolfSSL	15:117db924cf7c	839	XMEMSET(exp, 0, DTLS_EXPORT_OPT_SZ);
wolfSSL	15:117db924cf7c	840
wolfSSL	15:117db924cf7c	841	/* these options are kept and sent to indicate verify status and strength
wolfSSL	15:117db924cf7c	842	* of handshake */
wolfSSL	15:117db924cf7c	843	exp[idx++] = options->sendVerify;
wolfSSL	15:117db924cf7c	844	exp[idx++] = options->verifyPeer;
wolfSSL	15:117db924cf7c	845	exp[idx++] = options->verifyNone;
wolfSSL	15:117db924cf7c	846	exp[idx++] = options->downgrade;
wolfSSL	15:117db924cf7c	847	#ifndef NO_DH
wolfSSL	15:117db924cf7c	848	c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	849	c16toa(options->maxDhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	850	c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	851	#else
wolfSSL	15:117db924cf7c	852	c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	853	c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	854	c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	855	#endif
wolfSSL	15:117db924cf7c	856	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	857	c16toa((word16)(options->minRsaKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	858	#else
wolfSSL	15:117db924cf7c	859	c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	860	#endif
wolfSSL	15:117db924cf7c	861	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	862	c16toa((word16)(options->minEccKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	863	#else
wolfSSL	15:117db924cf7c	864	c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	865	#endif
wolfSSL	15:117db924cf7c	866
wolfSSL	15:117db924cf7c	867	/* these options are kept to indicate state and behavior */
wolfSSL	15:117db924cf7c	868	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	869	exp[idx++] = options->havePSK;
wolfSSL	15:117db924cf7c	870	#else
wolfSSL	15:117db924cf7c	871	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	872	#endif
wolfSSL	15:117db924cf7c	873	exp[idx++] = options->sessionCacheOff;
wolfSSL	15:117db924cf7c	874	exp[idx++] = options->sessionCacheFlushOff;
wolfSSL	15:117db924cf7c	875	exp[idx++] = options->side;
wolfSSL	15:117db924cf7c	876	exp[idx++] = options->resuming;
wolfSSL	15:117db924cf7c	877	exp[idx++] = options->haveSessionId;
wolfSSL	15:117db924cf7c	878	exp[idx++] = options->tls;
wolfSSL	15:117db924cf7c	879	exp[idx++] = options->tls1_1;
wolfSSL	15:117db924cf7c	880	exp[idx++] = options->dtls;
wolfSSL	15:117db924cf7c	881	exp[idx++] = options->connReset;
wolfSSL	15:117db924cf7c	882	exp[idx++] = options->isClosed;
wolfSSL	15:117db924cf7c	883	exp[idx++] = options->closeNotify;
wolfSSL	15:117db924cf7c	884	exp[idx++] = options->sentNotify;
wolfSSL	15:117db924cf7c	885	exp[idx++] = options->usingCompression;
wolfSSL	15:117db924cf7c	886	exp[idx++] = options->haveRSA;
wolfSSL	15:117db924cf7c	887	exp[idx++] = options->haveECC;
wolfSSL	15:117db924cf7c	888	exp[idx++] = options->haveDH;
wolfSSL	15:117db924cf7c	889	exp[idx++] = options->haveNTRU;
wolfSSL	15:117db924cf7c	890	exp[idx++] = options->haveQSH;
wolfSSL	15:117db924cf7c	891	exp[idx++] = options->haveECDSAsig;
wolfSSL	15:117db924cf7c	892	exp[idx++] = options->haveStaticECC;
wolfSSL	15:117db924cf7c	893	exp[idx++] = options->havePeerVerify;
wolfSSL	15:117db924cf7c	894	exp[idx++] = options->usingPSK_cipher;
wolfSSL	15:117db924cf7c	895	exp[idx++] = options->usingAnon_cipher;
wolfSSL	15:117db924cf7c	896	exp[idx++] = options->sendAlertState;
wolfSSL	15:117db924cf7c	897	exp[idx++] = options->partialWrite;
wolfSSL	15:117db924cf7c	898	exp[idx++] = options->quietShutdown;
wolfSSL	15:117db924cf7c	899	exp[idx++] = options->groupMessages;
wolfSSL	15:117db924cf7c	900	#ifdef HAVE_POLY1305
wolfSSL	15:117db924cf7c	901	exp[idx++] = options->oldPoly;
wolfSSL	15:117db924cf7c	902	#else
wolfSSL	15:117db924cf7c	903	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	904	#endif
wolfSSL	15:117db924cf7c	905	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	906	exp[idx++] = options->haveAnon;
wolfSSL	15:117db924cf7c	907	#else
wolfSSL	15:117db924cf7c	908	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	909	#endif
wolfSSL	15:117db924cf7c	910	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	911	exp[idx++] = options->createTicket;
wolfSSL	15:117db924cf7c	912	exp[idx++] = options->useTicket;
wolfSSL	15:117db924cf7c	913	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	914	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	915	exp[idx++] = options->noTicketTls13;
wolfSSL	15:117db924cf7c	916	}
wolfSSL	15:117db924cf7c	917	#else
wolfSSL	15:117db924cf7c	918	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	919	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	920	}
wolfSSL	15:117db924cf7c	921	#endif
wolfSSL	15:117db924cf7c	922	#else
wolfSSL	15:117db924cf7c	923	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	924	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	925	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	926	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	927	}
wolfSSL	15:117db924cf7c	928	#endif
wolfSSL	15:117db924cf7c	929	exp[idx++] = options->processReply;
wolfSSL	15:117db924cf7c	930	exp[idx++] = options->cipherSuite0;
wolfSSL	15:117db924cf7c	931	exp[idx++] = options->cipherSuite;
wolfSSL	15:117db924cf7c	932	exp[idx++] = options->serverState;
wolfSSL	15:117db924cf7c	933	exp[idx++] = options->clientState;
wolfSSL	15:117db924cf7c	934	exp[idx++] = options->handShakeState;
wolfSSL	15:117db924cf7c	935	exp[idx++] = options->handShakeDone;
wolfSSL	15:117db924cf7c	936	exp[idx++] = options->minDowngrade;
wolfSSL	15:117db924cf7c	937	exp[idx++] = options->connectState;
wolfSSL	15:117db924cf7c	938	exp[idx++] = options->acceptState;
wolfSSL	15:117db924cf7c	939	exp[idx++] = options->asyncState;
wolfSSL	15:117db924cf7c	940
wolfSSL	15:117db924cf7c	941	/* version of connection */
wolfSSL	15:117db924cf7c	942	exp[idx++] = ssl->version.major;
wolfSSL	15:117db924cf7c	943	exp[idx++] = ssl->version.minor;
wolfSSL	15:117db924cf7c	944
wolfSSL	15:117db924cf7c	945	(void)zero;
wolfSSL	15:117db924cf7c	946
wolfSSL	15:117db924cf7c	947	/* check if changes were made and notify of need to update export version */
wolfSSL	15:117db924cf7c	948	switch (ver) {
wolfSSL	15:117db924cf7c	949	case DTLS_EXPORT_VERSION_3:
wolfSSL	15:117db924cf7c	950	if (idx != DTLS_EXPORT_OPT_SZ_3) {
wolfSSL	15:117db924cf7c	951	WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
wolfSSL	15:117db924cf7c	952	return DTLS_EXPORT_VER_E;
wolfSSL	15:117db924cf7c	953	}
wolfSSL	15:117db924cf7c	954	break;
wolfSSL	15:117db924cf7c	955
wolfSSL	15:117db924cf7c	956	case DTLS_EXPORT_VERSION:
wolfSSL	15:117db924cf7c	957	if (idx != DTLS_EXPORT_OPT_SZ) {
wolfSSL	15:117db924cf7c	958	WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of export");
wolfSSL	15:117db924cf7c	959	return DTLS_EXPORT_VER_E;
wolfSSL	15:117db924cf7c	960	}
wolfSSL	15:117db924cf7c	961	break;
wolfSSL	15:117db924cf7c	962
wolfSSL	15:117db924cf7c	963	default:
wolfSSL	15:117db924cf7c	964	WOLFSSL_MSG("New version case needs added to wolfSSL export");
wolfSSL	15:117db924cf7c	965	return DTLS_EXPORT_VER_E;
wolfSSL	15:117db924cf7c	966	}
wolfSSL	15:117db924cf7c	967
wolfSSL	15:117db924cf7c	968	WOLFSSL_LEAVE("dtls_export_new", idx);
wolfSSL	15:117db924cf7c	969
wolfSSL	15:117db924cf7c	970	return idx;
wolfSSL	15:117db924cf7c	971	}
wolfSSL	15:117db924cf7c	972
wolfSSL	15:117db924cf7c	973
wolfSSL	15:117db924cf7c	974	/* copy items from Export struct to Options struct
wolfSSL	15:117db924cf7c	975	* On success returns size of buffer used on failure returns a negative value */
wolfSSL	15:117db924cf7c	976	static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	977	{
wolfSSL	15:117db924cf7c	978	int idx = 0;
wolfSSL	15:117db924cf7c	979	Options* options = &ssl->options;
wolfSSL	15:117db924cf7c	980
wolfSSL	15:117db924cf7c	981	switch (ver) {
wolfSSL	15:117db924cf7c	982	case DTLS_EXPORT_VERSION:
wolfSSL	15:117db924cf7c	983	if (len < DTLS_EXPORT_OPT_SZ) {
wolfSSL	15:117db924cf7c	984	WOLFSSL_MSG("Sanity check on buffer size failed");
wolfSSL	15:117db924cf7c	985	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	986	}
wolfSSL	15:117db924cf7c	987	break;
wolfSSL	15:117db924cf7c	988
wolfSSL	15:117db924cf7c	989	case DTLS_EXPORT_VERSION_3:
wolfSSL	15:117db924cf7c	990	if (len < DTLS_EXPORT_OPT_SZ_3) {
wolfSSL	15:117db924cf7c	991	WOLFSSL_MSG("Sanity check on buffer size failed");
wolfSSL	15:117db924cf7c	992	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	993	}
wolfSSL	15:117db924cf7c	994	break;
wolfSSL	15:117db924cf7c	995
wolfSSL	15:117db924cf7c	996	default:
wolfSSL	15:117db924cf7c	997	WOLFSSL_MSG("Export version not supported");
wolfSSL	15:117db924cf7c	998	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	999	}
wolfSSL	15:117db924cf7c	1000
wolfSSL	15:117db924cf7c	1001	if (exp == NULL \|\| options == NULL) {
wolfSSL	15:117db924cf7c	1002	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1003	}
wolfSSL	15:117db924cf7c	1004
wolfSSL	15:117db924cf7c	1005
wolfSSL	15:117db924cf7c	1006	/* these options are kept and sent to indicate verify status and strength
wolfSSL	15:117db924cf7c	1007	* of handshake */
wolfSSL	15:117db924cf7c	1008	options->sendVerify = exp[idx++];
wolfSSL	15:117db924cf7c	1009	options->verifyPeer = exp[idx++];
wolfSSL	15:117db924cf7c	1010	options->verifyNone = exp[idx++];
wolfSSL	15:117db924cf7c	1011	options->downgrade = exp[idx++];
wolfSSL	15:117db924cf7c	1012	#ifndef NO_DH
wolfSSL	15:117db924cf7c	1013	ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1014	ato16(exp + idx, &(options->maxDhKeySz)); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1015	ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1016	#else
wolfSSL	15:117db924cf7c	1017	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1018	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1019	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1020	#endif
wolfSSL	15:117db924cf7c	1021	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	1022	ato16(exp + idx, (word16*)&(options->minRsaKeySz)); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1023	#else
wolfSSL	15:117db924cf7c	1024	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1025	#endif
wolfSSL	15:117db924cf7c	1026	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	1027	ato16(exp + idx, (word16*)&(options->minEccKeySz)); idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1028	#else
wolfSSL	15:117db924cf7c	1029	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	1030	#endif
wolfSSL	15:117db924cf7c	1031
wolfSSL	15:117db924cf7c	1032	/* these options are kept to indicate state and behavior */
wolfSSL	15:117db924cf7c	1033	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	1034	options->havePSK = exp[idx++];
wolfSSL	15:117db924cf7c	1035	#else
wolfSSL	15:117db924cf7c	1036	idx++;
wolfSSL	15:117db924cf7c	1037	#endif
wolfSSL	15:117db924cf7c	1038	options->sessionCacheOff = exp[idx++];
wolfSSL	15:117db924cf7c	1039	options->sessionCacheFlushOff = exp[idx++];
wolfSSL	15:117db924cf7c	1040	options->side = exp[idx++];
wolfSSL	15:117db924cf7c	1041	options->resuming = exp[idx++];
wolfSSL	15:117db924cf7c	1042	options->haveSessionId = exp[idx++];
wolfSSL	15:117db924cf7c	1043	options->tls = exp[idx++];
wolfSSL	15:117db924cf7c	1044	options->tls1_1 = exp[idx++];
wolfSSL	15:117db924cf7c	1045	options->dtls = exp[idx++];
wolfSSL	15:117db924cf7c	1046	options->connReset = exp[idx++];
wolfSSL	15:117db924cf7c	1047	options->isClosed = exp[idx++];
wolfSSL	15:117db924cf7c	1048	options->closeNotify = exp[idx++];
wolfSSL	15:117db924cf7c	1049	options->sentNotify = exp[idx++];
wolfSSL	15:117db924cf7c	1050	options->usingCompression = exp[idx++];
wolfSSL	15:117db924cf7c	1051	options->haveRSA = exp[idx++];
wolfSSL	15:117db924cf7c	1052	options->haveECC = exp[idx++];
wolfSSL	15:117db924cf7c	1053	options->haveDH = exp[idx++];
wolfSSL	15:117db924cf7c	1054	options->haveNTRU = exp[idx++];
wolfSSL	15:117db924cf7c	1055	options->haveQSH = exp[idx++];
wolfSSL	15:117db924cf7c	1056	options->haveECDSAsig = exp[idx++];
wolfSSL	15:117db924cf7c	1057	options->haveStaticECC = exp[idx++];
wolfSSL	15:117db924cf7c	1058	options->havePeerVerify = exp[idx++];
wolfSSL	15:117db924cf7c	1059	options->usingPSK_cipher = exp[idx++];
wolfSSL	15:117db924cf7c	1060	options->usingAnon_cipher = exp[idx++];
wolfSSL	15:117db924cf7c	1061	options->sendAlertState = exp[idx++];
wolfSSL	15:117db924cf7c	1062	options->partialWrite = exp[idx++];
wolfSSL	15:117db924cf7c	1063	options->quietShutdown = exp[idx++];
wolfSSL	15:117db924cf7c	1064	options->groupMessages = exp[idx++];
wolfSSL	15:117db924cf7c	1065	#ifdef HAVE_POLY1305
wolfSSL	15:117db924cf7c	1066	options->oldPoly = exp[idx++]; /* set when to use old rfc way of poly*/
wolfSSL	15:117db924cf7c	1067	#else
wolfSSL	15:117db924cf7c	1068	idx++;
wolfSSL	15:117db924cf7c	1069	#endif
wolfSSL	15:117db924cf7c	1070	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	1071	options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */
wolfSSL	15:117db924cf7c	1072	#else
wolfSSL	15:117db924cf7c	1073	idx++;
wolfSSL	15:117db924cf7c	1074	#endif
wolfSSL	15:117db924cf7c	1075	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	1076	options->createTicket = exp[idx++]; /* Server to create new Ticket */
wolfSSL	15:117db924cf7c	1077	options->useTicket = exp[idx++]; /* Use Ticket not session cache */
wolfSSL	15:117db924cf7c	1078	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	1079	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	1080	options->noTicketTls13 = exp[idx++];/* Server won't create new Ticket */
wolfSSL	15:117db924cf7c	1081	}
wolfSSL	15:117db924cf7c	1082	#else
wolfSSL	15:117db924cf7c	1083	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	1084	exp[idx++] = 0;
wolfSSL	15:117db924cf7c	1085	}
wolfSSL	15:117db924cf7c	1086	#endif
wolfSSL	15:117db924cf7c	1087	#else
wolfSSL	15:117db924cf7c	1088	idx++;
wolfSSL	15:117db924cf7c	1089	idx++;
wolfSSL	15:117db924cf7c	1090	if (ver > DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	1091	idx++;
wolfSSL	15:117db924cf7c	1092	}
wolfSSL	15:117db924cf7c	1093	#endif
wolfSSL	15:117db924cf7c	1094	options->processReply = exp[idx++];
wolfSSL	15:117db924cf7c	1095	options->cipherSuite0 = exp[idx++];
wolfSSL	15:117db924cf7c	1096	options->cipherSuite = exp[idx++];
wolfSSL	15:117db924cf7c	1097	options->serverState = exp[idx++];
wolfSSL	15:117db924cf7c	1098	options->clientState = exp[idx++];
wolfSSL	15:117db924cf7c	1099	options->handShakeState = exp[idx++];
wolfSSL	15:117db924cf7c	1100	options->handShakeDone = exp[idx++];
wolfSSL	15:117db924cf7c	1101	options->minDowngrade = exp[idx++];
wolfSSL	15:117db924cf7c	1102	options->connectState = exp[idx++];
wolfSSL	15:117db924cf7c	1103	options->acceptState = exp[idx++];
wolfSSL	15:117db924cf7c	1104	options->asyncState = exp[idx++];
wolfSSL	15:117db924cf7c	1105
wolfSSL	15:117db924cf7c	1106	/* version of connection */
wolfSSL	15:117db924cf7c	1107	if (ssl->version.major != exp[idx++] \|\| ssl->version.minor != exp[idx++]) {
wolfSSL	15:117db924cf7c	1108	WOLFSSL_MSG("Version mismatch ie DTLS v1 vs v1.2");
wolfSSL	15:117db924cf7c	1109	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	1110	}
wolfSSL	15:117db924cf7c	1111
wolfSSL	15:117db924cf7c	1112	return idx;
wolfSSL	15:117db924cf7c	1113	}
wolfSSL	15:117db924cf7c	1114
wolfSSL	16:8e0d178b1d1e	1115	#ifndef WOLFSSL_SESSION_EXPORT_NOPEER
wolfSSL	15:117db924cf7c	1116	static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL	15:117db924cf7c	1117	{
wolfSSL	15:117db924cf7c	1118	int idx = 0;
wolfSSL	15:117db924cf7c	1119	int ipSz = DTLS_EXPORT_IP; /* start as max size */
wolfSSL	15:117db924cf7c	1120	int fam = 0;
wolfSSL	15:117db924cf7c	1121	word16 port = 0;
wolfSSL	15:117db924cf7c	1122	char ip[DTLS_EXPORT_IP];
wolfSSL	15:117db924cf7c	1123
wolfSSL	15:117db924cf7c	1124	if (ver != DTLS_EXPORT_VERSION) {
wolfSSL	15:117db924cf7c	1125	WOLFSSL_MSG("Export version not supported");
wolfSSL	15:117db924cf7c	1126	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1127	}
wolfSSL	15:117db924cf7c	1128
wolfSSL	15:117db924cf7c	1129	if (ssl == NULL \|\| exp == NULL \|\| len < sizeof(ip) + 3 * DTLS_EXPORT_LEN) {
wolfSSL	15:117db924cf7c	1130	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1131	}
wolfSSL	15:117db924cf7c	1132
wolfSSL	15:117db924cf7c	1133	if (ssl->ctx->CBGetPeer == NULL) {
wolfSSL	15:117db924cf7c	1134	WOLFSSL_MSG("No get peer call back set");
wolfSSL	15:117db924cf7c	1135	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1136	}
wolfSSL	15:117db924cf7c	1137	if (ssl->ctx->CBGetPeer(ssl, ip, &ipSz, &port, &fam) != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	1138	WOLFSSL_MSG("Get peer callback error");
wolfSSL	15:117db924cf7c	1139	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	1140	}
wolfSSL	15:117db924cf7c	1141
wolfSSL	15:117db924cf7c	1142	/* check that ipSz/fam is not negative or too large since user can set cb */
wolfSSL	15:117db924cf7c	1143	if (ipSz < 0 \|\| ipSz > DTLS_EXPORT_IP \|\| fam < 0) {
wolfSSL	15:117db924cf7c	1144	WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback");
wolfSSL	15:117db924cf7c	1145	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	1146	}
wolfSSL	15:117db924cf7c	1147
wolfSSL	15:117db924cf7c	1148	c16toa((word16)fam, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1149	c16toa((word16)ipSz, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1150	XMEMCPY(exp + idx, ip, ipSz); idx += ipSz;
wolfSSL	15:117db924cf7c	1151	c16toa(port, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1152
wolfSSL	15:117db924cf7c	1153	return idx;
wolfSSL	15:117db924cf7c	1154	}
wolfSSL	16:8e0d178b1d1e	1155	#endif /* !WOLFSSL_SESSION_EXPORT_NOPEER */
wolfSSL	15:117db924cf7c	1156
wolfSSL	15:117db924cf7c	1157
wolfSSL	15:117db924cf7c	1158	static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
wolfSSL	15:117db924cf7c	1159	{
wolfSSL	15:117db924cf7c	1160	word16 idx = 0;
wolfSSL	15:117db924cf7c	1161	word16 ipSz;
wolfSSL	15:117db924cf7c	1162	word16 fam;
wolfSSL	15:117db924cf7c	1163	word16 port;
wolfSSL	15:117db924cf7c	1164	char ip[DTLS_EXPORT_IP];
wolfSSL	15:117db924cf7c	1165
wolfSSL	15:117db924cf7c	1166	if (ver != DTLS_EXPORT_VERSION && ver != DTLS_EXPORT_VERSION_3) {
wolfSSL	15:117db924cf7c	1167	WOLFSSL_MSG("Export version not supported");
wolfSSL	15:117db924cf7c	1168	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1169	}
wolfSSL	15:117db924cf7c	1170
wolfSSL	16:8e0d178b1d1e	1171	if (len == 0) {
wolfSSL	16:8e0d178b1d1e	1172	WOLFSSL_MSG("No peer info sent");
wolfSSL	16:8e0d178b1d1e	1173	return 0;
wolfSSL	16:8e0d178b1d1e	1174	}
wolfSSL	16:8e0d178b1d1e	1175
wolfSSL	15:117db924cf7c	1176	if (ssl == NULL \|\| buf == NULL \|\| len < 3 * DTLS_EXPORT_LEN) {
wolfSSL	15:117db924cf7c	1177	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1178	}
wolfSSL	15:117db924cf7c	1179
wolfSSL	15:117db924cf7c	1180	/* import sin family */
wolfSSL	15:117db924cf7c	1181	ato16(buf + idx, &fam); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1182
wolfSSL	15:117db924cf7c	1183	/* import ip address idx, and ipSz are unsigned but cast for enum */
wolfSSL	15:117db924cf7c	1184	ato16(buf + idx, &ipSz); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1185	if (ipSz >= sizeof(ip) \|\| (word16)(idx + ipSz + DTLS_EXPORT_LEN) > len) {
wolfSSL	15:117db924cf7c	1186	return BUFFER_E;
wolfSSL	15:117db924cf7c	1187	}
wolfSSL	15:117db924cf7c	1188	XMEMSET(ip, 0, sizeof(ip));
wolfSSL	15:117db924cf7c	1189	XMEMCPY(ip, buf + idx, ipSz); idx += ipSz;
wolfSSL	15:117db924cf7c	1190	ip[ipSz] = '\0'; /* with check that ipSz less than ip this is valid */
wolfSSL	15:117db924cf7c	1191	ato16(buf + idx, &port); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1192
wolfSSL	15:117db924cf7c	1193	/* sanity check for a function to call, then use it to import peer info */
wolfSSL	15:117db924cf7c	1194	if (ssl->ctx->CBSetPeer == NULL) {
wolfSSL	15:117db924cf7c	1195	WOLFSSL_MSG("No set peer function");
wolfSSL	15:117db924cf7c	1196	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1197	}
wolfSSL	15:117db924cf7c	1198	if (ssl->ctx->CBSetPeer(ssl, ip, ipSz, port, fam) != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	1199	WOLFSSL_MSG("Error setting peer info");
wolfSSL	15:117db924cf7c	1200	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	1201	}
wolfSSL	15:117db924cf7c	1202
wolfSSL	15:117db924cf7c	1203	return idx;
wolfSSL	15:117db924cf7c	1204	}
wolfSSL	15:117db924cf7c	1205
wolfSSL	15:117db924cf7c	1206
wolfSSL	16:8e0d178b1d1e	1207	/* WOLFSSL_LOCAL function that serializes the current WOLFSSL session state only
wolfSSL	16:8e0d178b1d1e	1208	* buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
wolfSSL	16:8e0d178b1d1e	1209	* passed in.
wolfSSL	16:8e0d178b1d1e	1210	* On success returns the size of serialized session state.*/
wolfSSL	16:8e0d178b1d1e	1211	int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	16:8e0d178b1d1e	1212	{
wolfSSL	16:8e0d178b1d1e	1213	int ret;
wolfSSL	16:8e0d178b1d1e	1214	word32 idx = 0;
wolfSSL	16:8e0d178b1d1e	1215	word32 totalLen = 0;
wolfSSL	16:8e0d178b1d1e	1216
wolfSSL	16:8e0d178b1d1e	1217	WOLFSSL_ENTER("wolfSSL_dtls_export_state_internal");
wolfSSL	16:8e0d178b1d1e	1218
wolfSSL	16:8e0d178b1d1e	1219	if (buf == NULL \|\| ssl == NULL) {
wolfSSL	16:8e0d178b1d1e	1220	WOLFSSL_LEAVE("wolfSSL_dtls_export_state_internal", BAD_FUNC_ARG);
wolfSSL	16:8e0d178b1d1e	1221	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	1222	}
wolfSSL	16:8e0d178b1d1e	1223
wolfSSL	16:8e0d178b1d1e	1224	totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */
wolfSSL	16:8e0d178b1d1e	1225	/* each of the following have a 2 byte length before data */
wolfSSL	16:8e0d178b1d1e	1226	totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_MIN_KEY_SZ;
wolfSSL	16:8e0d178b1d1e	1227	if (totalLen > sz) {
wolfSSL	16:8e0d178b1d1e	1228	WOLFSSL_LEAVE("wolfSSL_dtls_export_state_internal", BUFFER_E);
wolfSSL	16:8e0d178b1d1e	1229	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	1230	}
wolfSSL	16:8e0d178b1d1e	1231
wolfSSL	16:8e0d178b1d1e	1232	buf[idx++] = (byte)DTLS_EXPORT_STATE_PRO;
wolfSSL	16:8e0d178b1d1e	1233	buf[idx++] = ((byte)DTLS_EXPORT_STATE_PRO & 0xF0) \|
wolfSSL	16:8e0d178b1d1e	1234	((byte)DTLS_EXPORT_VERSION & 0X0F);
wolfSSL	16:8e0d178b1d1e	1235	idx += DTLS_EXPORT_LEN; /* leave room for total length */
wolfSSL	16:8e0d178b1d1e	1236
wolfSSL	16:8e0d178b1d1e	1237	/* export keys struct and dtls state -- variable length stored in ret */
wolfSSL	16:8e0d178b1d1e	1238	idx += DTLS_EXPORT_LEN; /* leave room for length */
wolfSSL	16:8e0d178b1d1e	1239	if ((ret = ExportKeyState(ssl, buf + idx, sz - idx,
wolfSSL	16:8e0d178b1d1e	1240	DTLS_EXPORT_VERSION, 1)) < 0) {
wolfSSL	16:8e0d178b1d1e	1241	WOLFSSL_LEAVE("wolfSSL_dtls_export_state_internal", ret);
wolfSSL	16:8e0d178b1d1e	1242	return ret;
wolfSSL	16:8e0d178b1d1e	1243	}
wolfSSL	16:8e0d178b1d1e	1244	c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret;
wolfSSL	16:8e0d178b1d1e	1245
wolfSSL	16:8e0d178b1d1e	1246	/* place total length of exported buffer minus 2 bytes protocol/version */
wolfSSL	16:8e0d178b1d1e	1247	c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN);
wolfSSL	16:8e0d178b1d1e	1248
wolfSSL	16:8e0d178b1d1e	1249	#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL	16:8e0d178b1d1e	1250	/* if compiled with debug options then print the version, protocol, size */
wolfSSL	16:8e0d178b1d1e	1251	{
wolfSSL	16:8e0d178b1d1e	1252	char debug[256];
wolfSSL	16:8e0d178b1d1e	1253	XSNPRINTF(debug, sizeof(debug), "Exporting DTLS session state\n"
wolfSSL	16:8e0d178b1d1e	1254	"\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL	16:8e0d178b1d1e	1255	, (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2);
wolfSSL	16:8e0d178b1d1e	1256	WOLFSSL_MSG(debug);
wolfSSL	16:8e0d178b1d1e	1257	}
wolfSSL	16:8e0d178b1d1e	1258	#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL	16:8e0d178b1d1e	1259
wolfSSL	16:8e0d178b1d1e	1260	WOLFSSL_LEAVE("wolfSSL_dtls_export_state_internal", idx);
wolfSSL	16:8e0d178b1d1e	1261	return idx;
wolfSSL	16:8e0d178b1d1e	1262	}
wolfSSL	16:8e0d178b1d1e	1263
wolfSSL	16:8e0d178b1d1e	1264
wolfSSL	15:117db924cf7c	1265	/* WOLFSSL_LOCAL function that serializes the current WOLFSSL session
wolfSSL	15:117db924cf7c	1266	* buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
wolfSSL	15:117db924cf7c	1267	* passed in.
wolfSSL	15:117db924cf7c	1268	* On success returns the size of serialized session.*/
wolfSSL	15:117db924cf7c	1269	int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	15:117db924cf7c	1270	{
wolfSSL	15:117db924cf7c	1271	int ret;
wolfSSL	15:117db924cf7c	1272	word32 idx = 0;
wolfSSL	15:117db924cf7c	1273	word32 totalLen = 0;
wolfSSL	15:117db924cf7c	1274
wolfSSL	15:117db924cf7c	1275	WOLFSSL_ENTER("wolfSSL_dtls_export_internal");
wolfSSL	15:117db924cf7c	1276
wolfSSL	15:117db924cf7c	1277	if (buf == NULL \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	1278	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BAD_FUNC_ARG);
wolfSSL	15:117db924cf7c	1279	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1280	}
wolfSSL	15:117db924cf7c	1281
wolfSSL	15:117db924cf7c	1282	totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */
wolfSSL	15:117db924cf7c	1283	/* each of the following have a 2 byte length before data */
wolfSSL	15:117db924cf7c	1284	totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ;
wolfSSL	15:117db924cf7c	1285	totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_KEY_SZ;
wolfSSL	15:117db924cf7c	1286	totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ;
wolfSSL	15:117db924cf7c	1287	totalLen += DTLS_EXPORT_LEN + ssl->buffers.dtlsCtx.peer.sz;
wolfSSL	15:117db924cf7c	1288
wolfSSL	15:117db924cf7c	1289	if (totalLen > sz) {
wolfSSL	15:117db924cf7c	1290	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BUFFER_E);
wolfSSL	15:117db924cf7c	1291	return BUFFER_E;
wolfSSL	15:117db924cf7c	1292	}
wolfSSL	15:117db924cf7c	1293
wolfSSL	15:117db924cf7c	1294	buf[idx++] = (byte)DTLS_EXPORT_PRO;
wolfSSL	15:117db924cf7c	1295	buf[idx++] = ((byte)DTLS_EXPORT_PRO & 0xF0) \|
wolfSSL	15:117db924cf7c	1296	((byte)DTLS_EXPORT_VERSION & 0X0F);
wolfSSL	15:117db924cf7c	1297
wolfSSL	15:117db924cf7c	1298	idx += DTLS_EXPORT_LEN; /* leave spot for length */
wolfSSL	15:117db924cf7c	1299
wolfSSL	15:117db924cf7c	1300	c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1301	if ((ret = dtls_export_new(ssl, buf + idx, sz - idx,
wolfSSL	15:117db924cf7c	1302	DTLS_EXPORT_VERSION)) < 0) {
wolfSSL	15:117db924cf7c	1303	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL	15:117db924cf7c	1304	return ret;
wolfSSL	15:117db924cf7c	1305	}
wolfSSL	15:117db924cf7c	1306	idx += ret;
wolfSSL	15:117db924cf7c	1307
wolfSSL	15:117db924cf7c	1308	/* export keys struct and dtls state -- variable length stored in ret */
wolfSSL	15:117db924cf7c	1309	idx += DTLS_EXPORT_LEN; /* leave room for length */
wolfSSL	15:117db924cf7c	1310	if ((ret = ExportKeyState(ssl, buf + idx, sz - idx,
wolfSSL	16:8e0d178b1d1e	1311	DTLS_EXPORT_VERSION, 0)) < 0) {
wolfSSL	15:117db924cf7c	1312	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL	15:117db924cf7c	1313	return ret;
wolfSSL	15:117db924cf7c	1314	}
wolfSSL	15:117db924cf7c	1315	c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret;
wolfSSL	15:117db924cf7c	1316
wolfSSL	15:117db924cf7c	1317	/* export of cipher specs struct */
wolfSSL	15:117db924cf7c	1318	c16toa((word16)DTLS_EXPORT_SPC_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1319	if ((ret = ExportCipherSpecState(ssl, buf + idx, sz - idx,
wolfSSL	15:117db924cf7c	1320	DTLS_EXPORT_VERSION)) < 0) {
wolfSSL	15:117db924cf7c	1321	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL	15:117db924cf7c	1322	return ret;
wolfSSL	15:117db924cf7c	1323	}
wolfSSL	15:117db924cf7c	1324	idx += ret;
wolfSSL	15:117db924cf7c	1325
wolfSSL	15:117db924cf7c	1326	/* export of dtls peer information */
wolfSSL	15:117db924cf7c	1327	idx += DTLS_EXPORT_LEN;
wolfSSL	16:8e0d178b1d1e	1328	#ifdef WOLFSSL_SESSION_EXPORT_NOPEER
wolfSSL	16:8e0d178b1d1e	1329	ret = 0; /* not saving peer port/ip information */
wolfSSL	16:8e0d178b1d1e	1330	#else
wolfSSL	15:117db924cf7c	1331	if ((ret = ExportPeerInfo(ssl, buf + idx, sz - idx,
wolfSSL	15:117db924cf7c	1332	DTLS_EXPORT_VERSION)) < 0) {
wolfSSL	15:117db924cf7c	1333	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL	15:117db924cf7c	1334	return ret;
wolfSSL	15:117db924cf7c	1335	}
wolfSSL	16:8e0d178b1d1e	1336	#endif
wolfSSL	15:117db924cf7c	1337	c16toa(ret, buf + idx - DTLS_EXPORT_LEN);
wolfSSL	15:117db924cf7c	1338	idx += ret;
wolfSSL	15:117db924cf7c	1339
wolfSSL	15:117db924cf7c	1340	/* place total length of exported buffer minus 2 bytes protocol/version */
wolfSSL	15:117db924cf7c	1341	c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN);
wolfSSL	15:117db924cf7c	1342
wolfSSL	15:117db924cf7c	1343	/* if compiled with debug options then print the version, protocol, size */
wolfSSL	15:117db924cf7c	1344	#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL	15:117db924cf7c	1345	{
wolfSSL	15:117db924cf7c	1346	char debug[256];
wolfSSL	15:117db924cf7c	1347	XSNPRINTF(debug, sizeof(debug), "Exporting DTLS session\n"
wolfSSL	15:117db924cf7c	1348	"\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL	15:117db924cf7c	1349	, (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2);
wolfSSL	15:117db924cf7c	1350	WOLFSSL_MSG(debug);
wolfSSL	15:117db924cf7c	1351	}
wolfSSL	15:117db924cf7c	1352	#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL	15:117db924cf7c	1353
wolfSSL	15:117db924cf7c	1354	WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", idx);
wolfSSL	15:117db924cf7c	1355	return idx;
wolfSSL	15:117db924cf7c	1356	}
wolfSSL	15:117db924cf7c	1357
wolfSSL	15:117db924cf7c	1358
wolfSSL	15:117db924cf7c	1359	/* On success return amount of buffer consumed */
wolfSSL	16:8e0d178b1d1e	1360	int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	16:8e0d178b1d1e	1361	{
wolfSSL	16:8e0d178b1d1e	1362	word32 idx = 0;
wolfSSL	16:8e0d178b1d1e	1363	word16 length = 0;
wolfSSL	16:8e0d178b1d1e	1364	int version;
wolfSSL	16:8e0d178b1d1e	1365	int ret;
wolfSSL	16:8e0d178b1d1e	1366
wolfSSL	16:8e0d178b1d1e	1367	WOLFSSL_ENTER("wolfSSL_dtls_import_state_internal");
wolfSSL	16:8e0d178b1d1e	1368	/* check at least enough room for protocol and length */
wolfSSL	16:8e0d178b1d1e	1369	if (sz < DTLS_EXPORT_LEN * 2 \|\| ssl == NULL) {
wolfSSL	16:8e0d178b1d1e	1370	WOLFSSL_LEAVE("wolfSSL_dtls_import_state_internal", BAD_FUNC_ARG);
wolfSSL	16:8e0d178b1d1e	1371	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	1372	}
wolfSSL	16:8e0d178b1d1e	1373
wolfSSL	16:8e0d178b1d1e	1374	if (buf[idx++] != (byte)DTLS_EXPORT_STATE_PRO \|\|
wolfSSL	16:8e0d178b1d1e	1375	(buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) {
wolfSSL	16:8e0d178b1d1e	1376	WOLFSSL_MSG("Incorrect protocol");
wolfSSL	16:8e0d178b1d1e	1377	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	1378	}
wolfSSL	16:8e0d178b1d1e	1379	version = buf[idx++] & 0x0F;
wolfSSL	16:8e0d178b1d1e	1380
wolfSSL	16:8e0d178b1d1e	1381	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	16:8e0d178b1d1e	1382	if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */
wolfSSL	16:8e0d178b1d1e	1383	WOLFSSL_MSG("Buffer size sanity check failed");
wolfSSL	16:8e0d178b1d1e	1384	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	1385	}
wolfSSL	16:8e0d178b1d1e	1386
wolfSSL	16:8e0d178b1d1e	1387	#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL	16:8e0d178b1d1e	1388	/* if compiled with debug options then print the version, protocol, size */
wolfSSL	16:8e0d178b1d1e	1389	{
wolfSSL	16:8e0d178b1d1e	1390	char debug[256];
wolfSSL	16:8e0d178b1d1e	1391	XSNPRINTF(debug, sizeof(debug), "Importing DTLS session state\n"
wolfSSL	16:8e0d178b1d1e	1392	"\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL	16:8e0d178b1d1e	1393	, (int)version, buf[0], (buf[1] >> 4), length);
wolfSSL	16:8e0d178b1d1e	1394	WOLFSSL_MSG(debug);
wolfSSL	16:8e0d178b1d1e	1395	}
wolfSSL	16:8e0d178b1d1e	1396	#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL	16:8e0d178b1d1e	1397
wolfSSL	16:8e0d178b1d1e	1398	/* perform sanity checks and extract Options information used */
wolfSSL	16:8e0d178b1d1e	1399	switch (version) {
wolfSSL	16:8e0d178b1d1e	1400	case DTLS_EXPORT_VERSION:
wolfSSL	16:8e0d178b1d1e	1401	break;
wolfSSL	16:8e0d178b1d1e	1402
wolfSSL	16:8e0d178b1d1e	1403	default:
wolfSSL	16:8e0d178b1d1e	1404	WOLFSSL_MSG("Bad export state version");
wolfSSL	16:8e0d178b1d1e	1405	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	1406
wolfSSL	16:8e0d178b1d1e	1407	}
wolfSSL	16:8e0d178b1d1e	1408
wolfSSL	16:8e0d178b1d1e	1409	/* perform sanity checks and extract Keys struct */
wolfSSL	16:8e0d178b1d1e	1410	if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL	16:8e0d178b1d1e	1411	WOLFSSL_MSG("Import Key struct error");
wolfSSL	16:8e0d178b1d1e	1412	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	1413	}
wolfSSL	16:8e0d178b1d1e	1414	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	16:8e0d178b1d1e	1415	if (length > DTLS_EXPORT_KEY_SZ \|\| length + idx > sz) {
wolfSSL	16:8e0d178b1d1e	1416	WOLFSSL_MSG("Import Key struct error");
wolfSSL	16:8e0d178b1d1e	1417	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	1418	}
wolfSSL	16:8e0d178b1d1e	1419	if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) {
wolfSSL	16:8e0d178b1d1e	1420	WOLFSSL_MSG("Import Key struct error");
wolfSSL	16:8e0d178b1d1e	1421	WOLFSSL_LEAVE("wolfSSL_dtls_import_state_internal", ret);
wolfSSL	16:8e0d178b1d1e	1422	return ret;
wolfSSL	16:8e0d178b1d1e	1423	}
wolfSSL	16:8e0d178b1d1e	1424	idx += ret;
wolfSSL	16:8e0d178b1d1e	1425
wolfSSL	16:8e0d178b1d1e	1426	WOLFSSL_LEAVE("wolfSSL_dtls_import_state_internal", ret);
wolfSSL	16:8e0d178b1d1e	1427	return ret;
wolfSSL	16:8e0d178b1d1e	1428	}
wolfSSL	16:8e0d178b1d1e	1429
wolfSSL	16:8e0d178b1d1e	1430
wolfSSL	16:8e0d178b1d1e	1431	/* On success return amount of buffer consumed */
wolfSSL	15:117db924cf7c	1432	int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	15:117db924cf7c	1433	{
wolfSSL	15:117db924cf7c	1434	word32 idx = 0;
wolfSSL	15:117db924cf7c	1435	word16 length = 0;
wolfSSL	15:117db924cf7c	1436	int version;
wolfSSL	15:117db924cf7c	1437	int ret;
wolfSSL	15:117db924cf7c	1438	int optSz;
wolfSSL	15:117db924cf7c	1439
wolfSSL	15:117db924cf7c	1440	WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
wolfSSL	15:117db924cf7c	1441	/* check at least enough room for protocol and length */
wolfSSL	15:117db924cf7c	1442	if (sz < DTLS_EXPORT_LEN * 2 \|\| ssl == NULL) {
wolfSSL	15:117db924cf7c	1443	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1444	}
wolfSSL	15:117db924cf7c	1445
wolfSSL	15:117db924cf7c	1446	/* sanity check on protocol ID and size of buffer */
wolfSSL	15:117db924cf7c	1447	if (buf[idx++] != (byte)DTLS_EXPORT_PRO \|\|
wolfSSL	15:117db924cf7c	1448	(buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) {
wolfSSL	15:117db924cf7c	1449	/* don't increment on second idx to next get version */
wolfSSL	16:8e0d178b1d1e	1450
wolfSSL	16:8e0d178b1d1e	1451	/* check if importing state only */
wolfSSL	16:8e0d178b1d1e	1452	return wolfSSL_dtls_import_state_internal(ssl, buf, sz);
wolfSSL	15:117db924cf7c	1453	}
wolfSSL	15:117db924cf7c	1454	version = buf[idx++] & 0x0F;
wolfSSL	15:117db924cf7c	1455
wolfSSL	15:117db924cf7c	1456	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1457	if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */
wolfSSL	15:117db924cf7c	1458	return BUFFER_E;
wolfSSL	15:117db924cf7c	1459	}
wolfSSL	15:117db924cf7c	1460
wolfSSL	15:117db924cf7c	1461	/* if compiled with debug options then print the version, protocol, size */
wolfSSL	15:117db924cf7c	1462	#ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL	15:117db924cf7c	1463	{
wolfSSL	15:117db924cf7c	1464	char debug[256];
wolfSSL	15:117db924cf7c	1465	XSNPRINTF(debug, sizeof(debug), "Importing DTLS session\n"
wolfSSL	15:117db924cf7c	1466	"\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL	15:117db924cf7c	1467	, (int)version, buf[0], (buf[1] >> 4), length);
wolfSSL	15:117db924cf7c	1468	WOLFSSL_MSG(debug);
wolfSSL	15:117db924cf7c	1469	}
wolfSSL	15:117db924cf7c	1470	#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL	15:117db924cf7c	1471
wolfSSL	15:117db924cf7c	1472	/* perform sanity checks and extract Options information used */
wolfSSL	15:117db924cf7c	1473	switch (version) {
wolfSSL	15:117db924cf7c	1474	case DTLS_EXPORT_VERSION:
wolfSSL	15:117db924cf7c	1475	optSz = DTLS_EXPORT_OPT_SZ;
wolfSSL	15:117db924cf7c	1476	break;
wolfSSL	15:117db924cf7c	1477
wolfSSL	15:117db924cf7c	1478	case DTLS_EXPORT_VERSION_3:
wolfSSL	15:117db924cf7c	1479	WOLFSSL_MSG("Importing older version 3");
wolfSSL	15:117db924cf7c	1480	optSz = DTLS_EXPORT_OPT_SZ_3;
wolfSSL	15:117db924cf7c	1481	break;
wolfSSL	15:117db924cf7c	1482
wolfSSL	15:117db924cf7c	1483	default:
wolfSSL	15:117db924cf7c	1484	WOLFSSL_MSG("Bad export version");
wolfSSL	15:117db924cf7c	1485	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	1486
wolfSSL	15:117db924cf7c	1487	}
wolfSSL	15:117db924cf7c	1488
wolfSSL	15:117db924cf7c	1489	if (DTLS_EXPORT_LEN + optSz + idx > sz) {
wolfSSL	15:117db924cf7c	1490	WOLFSSL_MSG("Import Options struct error");
wolfSSL	15:117db924cf7c	1491	return BUFFER_E;
wolfSSL	15:117db924cf7c	1492	}
wolfSSL	15:117db924cf7c	1493	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1494	if (length != optSz) {
wolfSSL	15:117db924cf7c	1495	WOLFSSL_MSG("Import Options struct error");
wolfSSL	15:117db924cf7c	1496	return BUFFER_E;
wolfSSL	15:117db924cf7c	1497	}
wolfSSL	15:117db924cf7c	1498	if ((ret = dtls_export_load(ssl, buf + idx, length, version)) < 0) {
wolfSSL	15:117db924cf7c	1499	WOLFSSL_MSG("Import Options struct error");
wolfSSL	15:117db924cf7c	1500	return ret;
wolfSSL	15:117db924cf7c	1501	}
wolfSSL	15:117db924cf7c	1502	idx += length;
wolfSSL	15:117db924cf7c	1503
wolfSSL	15:117db924cf7c	1504	/* perform sanity checks and extract Keys struct */
wolfSSL	15:117db924cf7c	1505	if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL	15:117db924cf7c	1506	WOLFSSL_MSG("Import Key struct error");
wolfSSL	15:117db924cf7c	1507	return BUFFER_E;
wolfSSL	15:117db924cf7c	1508	}
wolfSSL	15:117db924cf7c	1509	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1510	if (length > DTLS_EXPORT_KEY_SZ \|\| length + idx > sz) {
wolfSSL	15:117db924cf7c	1511	WOLFSSL_MSG("Import Key struct error");
wolfSSL	15:117db924cf7c	1512	return BUFFER_E;
wolfSSL	15:117db924cf7c	1513	}
wolfSSL	15:117db924cf7c	1514	if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) {
wolfSSL	15:117db924cf7c	1515	WOLFSSL_MSG("Import Key struct error");
wolfSSL	15:117db924cf7c	1516	return ret;
wolfSSL	15:117db924cf7c	1517	}
wolfSSL	15:117db924cf7c	1518	idx += ret;
wolfSSL	15:117db924cf7c	1519
wolfSSL	15:117db924cf7c	1520	/* perform sanity checks and extract CipherSpecs struct */
wolfSSL	15:117db924cf7c	1521	if (DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ + idx > sz) {
wolfSSL	15:117db924cf7c	1522	WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL	15:117db924cf7c	1523	return BUFFER_E;
wolfSSL	15:117db924cf7c	1524	}
wolfSSL	15:117db924cf7c	1525	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1526	if ( length != DTLS_EXPORT_SPC_SZ) {
wolfSSL	15:117db924cf7c	1527	WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL	15:117db924cf7c	1528	return BUFFER_E;
wolfSSL	15:117db924cf7c	1529	}
wolfSSL	15:117db924cf7c	1530	if ((ret = ImportCipherSpecState(ssl, buf + idx, length, version)) < 0) {
wolfSSL	15:117db924cf7c	1531	WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL	15:117db924cf7c	1532	return ret;
wolfSSL	15:117db924cf7c	1533	}
wolfSSL	15:117db924cf7c	1534	idx += ret;
wolfSSL	15:117db924cf7c	1535
wolfSSL	15:117db924cf7c	1536	/* perform sanity checks and extract DTLS peer info */
wolfSSL	15:117db924cf7c	1537	if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL	15:117db924cf7c	1538	WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL	15:117db924cf7c	1539	return BUFFER_E;
wolfSSL	15:117db924cf7c	1540	}
wolfSSL	15:117db924cf7c	1541	ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL	15:117db924cf7c	1542	if (idx + length > sz) {
wolfSSL	15:117db924cf7c	1543	WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL	15:117db924cf7c	1544	return BUFFER_E;
wolfSSL	15:117db924cf7c	1545	}
wolfSSL	15:117db924cf7c	1546	if ((ret = ImportPeerInfo(ssl, buf + idx, length, version)) < 0) {
wolfSSL	15:117db924cf7c	1547	WOLFSSL_MSG("Import Peer Addr error");
wolfSSL	15:117db924cf7c	1548	return ret;
wolfSSL	15:117db924cf7c	1549	}
wolfSSL	15:117db924cf7c	1550	idx += ret;
wolfSSL	15:117db924cf7c	1551
wolfSSL	15:117db924cf7c	1552	SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	15:117db924cf7c	1553
wolfSSL	15:117db924cf7c	1554	/* set hmac function to use when verifying */
wolfSSL	15:117db924cf7c	1555	if (ssl->options.tls == 1 \|\| ssl->options.tls1_1 == 1 \|\|
wolfSSL	15:117db924cf7c	1556	ssl->options.dtls == 1) {
wolfSSL	15:117db924cf7c	1557	ssl->hmac = TLS_hmac;
wolfSSL	15:117db924cf7c	1558	}
wolfSSL	15:117db924cf7c	1559
wolfSSL	15:117db924cf7c	1560	/* make sure is a valid suite used */
wolfSSL	15:117db924cf7c	1561	if (wolfSSL_get_cipher(ssl) == NULL) {
wolfSSL	15:117db924cf7c	1562	WOLFSSL_MSG("Can not match cipher suite imported");
wolfSSL	15:117db924cf7c	1563	return MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	1564	}
wolfSSL	15:117db924cf7c	1565
wolfSSL	15:117db924cf7c	1566	/* do not allow stream ciphers with DTLS, except for NULL cipher */
wolfSSL	15:117db924cf7c	1567	if (ssl->specs.cipher_type == stream &&
wolfSSL	15:117db924cf7c	1568	ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null) {
wolfSSL	15:117db924cf7c	1569	WOLFSSL_MSG("Can not import stream ciphers for DTLS");
wolfSSL	15:117db924cf7c	1570	return SANITY_CIPHER_E;
wolfSSL	15:117db924cf7c	1571	}
wolfSSL	15:117db924cf7c	1572
wolfSSL	15:117db924cf7c	1573	return idx;
wolfSSL	15:117db924cf7c	1574	}
wolfSSL	15:117db924cf7c	1575	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	1576	#endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL	15:117db924cf7c	1577
wolfSSL	15:117db924cf7c	1578
wolfSSL	15:117db924cf7c	1579	void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
wolfSSL	15:117db924cf7c	1580	{
wolfSSL	15:117db924cf7c	1581	method->version = pv;
wolfSSL	15:117db924cf7c	1582	method->side = WOLFSSL_CLIENT_END;
wolfSSL	15:117db924cf7c	1583	method->downgrade = 0;
wolfSSL	15:117db924cf7c	1584	}
wolfSSL	15:117db924cf7c	1585
wolfSSL	16:8e0d178b1d1e	1586	#if defined(OPENSSL_EXTRA) \|\| defined(WOLFSSL_EITHER_SIDE)
wolfSSL	16:8e0d178b1d1e	1587	int InitSSL_Side(WOLFSSL* ssl, word16 side)
wolfSSL	16:8e0d178b1d1e	1588	{
wolfSSL	16:8e0d178b1d1e	1589	if (ssl == NULL)
wolfSSL	16:8e0d178b1d1e	1590	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	1591
wolfSSL	16:8e0d178b1d1e	1592	/* set side */
wolfSSL	16:8e0d178b1d1e	1593	ssl->options.side = side;
wolfSSL	16:8e0d178b1d1e	1594
wolfSSL	16:8e0d178b1d1e	1595	/* reset options that are side specific */
wolfSSL	16:8e0d178b1d1e	1596	#ifdef HAVE_NTRU
wolfSSL	16:8e0d178b1d1e	1597	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	1598	ssl->options.haveNTRU = 1; /* always on client side */
wolfSSL	16:8e0d178b1d1e	1599	/* server can turn on by loading key */
wolfSSL	16:8e0d178b1d1e	1600	}
wolfSSL	16:8e0d178b1d1e	1601	#endif
wolfSSL	16:8e0d178b1d1e	1602	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	1603	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	1604	ssl->options.haveECDSAsig = 1; /* always on client side */
wolfSSL	16:8e0d178b1d1e	1605	ssl->options.haveECC = 1; /* server turns on with ECC key cert */
wolfSSL	16:8e0d178b1d1e	1606	ssl->options.haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL	16:8e0d178b1d1e	1607	}
wolfSSL	16:8e0d178b1d1e	1608	#elif defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	1609	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	1610	ssl->options.haveECDSAsig = 1; /* always on client side */
wolfSSL	16:8e0d178b1d1e	1611	ssl->options.haveECC = 1; /* server turns on with ECC key cert */
wolfSSL	16:8e0d178b1d1e	1612	}
wolfSSL	16:8e0d178b1d1e	1613	#endif
wolfSSL	16:8e0d178b1d1e	1614
wolfSSL	16:8e0d178b1d1e	1615	#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL	16:8e0d178b1d1e	1616	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	1617	if ((ssl->ctx->method->version.major == SSLv3_MAJOR) &&
wolfSSL	16:8e0d178b1d1e	1618	(ssl->ctx->method->version.minor >= TLSv1_MINOR)) {
wolfSSL	16:8e0d178b1d1e	1619	ssl->options.haveEMS = 1;
wolfSSL	16:8e0d178b1d1e	1620	}
wolfSSL	16:8e0d178b1d1e	1621	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	1622	if (ssl->ctx->method->version.major == DTLS_MAJOR)
wolfSSL	16:8e0d178b1d1e	1623	ssl->options.haveEMS = 1;
wolfSSL	16:8e0d178b1d1e	1624	#endif /* WOLFSSL_DTLS */
wolfSSL	16:8e0d178b1d1e	1625	}
wolfSSL	16:8e0d178b1d1e	1626	#endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
wolfSSL	16:8e0d178b1d1e	1627
wolfSSL	16:8e0d178b1d1e	1628	#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	16:8e0d178b1d1e	1629	if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	16:8e0d178b1d1e	1630	int ret;
wolfSSL	16:8e0d178b1d1e	1631	ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL	16:8e0d178b1d1e	1632	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	1633	WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL	16:8e0d178b1d1e	1634	return ret;
wolfSSL	16:8e0d178b1d1e	1635	}
wolfSSL	16:8e0d178b1d1e	1636	}
wolfSSL	16:8e0d178b1d1e	1637	#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL	16:8e0d178b1d1e	1638
wolfSSL	16:8e0d178b1d1e	1639	return InitSSL_Suites(ssl);
wolfSSL	16:8e0d178b1d1e	1640	}
wolfSSL	16:8e0d178b1d1e	1641	#endif /* OPENSSL_EXTRA \|\| WOLFSSL_EITHER_SIDE */
wolfSSL	15:117db924cf7c	1642
wolfSSL	15:117db924cf7c	1643	/* Initialize SSL context, return 0 on success */
wolfSSL	15:117db924cf7c	1644	int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
wolfSSL	15:117db924cf7c	1645	{
wolfSSL	15:117db924cf7c	1646	int ret = 0;
wolfSSL	15:117db924cf7c	1647
wolfSSL	15:117db924cf7c	1648	XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
wolfSSL	15:117db924cf7c	1649
wolfSSL	15:117db924cf7c	1650	ctx->method = method;
wolfSSL	15:117db924cf7c	1651	ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL	15:117db924cf7c	1652	ctx->heap = ctx; /* defaults to self */
wolfSSL	15:117db924cf7c	1653	ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
wolfSSL	15:117db924cf7c	1654	ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; /* current default: TLSv1_MINOR */
wolfSSL	15:117db924cf7c	1655
wolfSSL	15:117db924cf7c	1656	if (wc_InitMutex(&ctx->countMutex) < 0) {
wolfSSL	15:117db924cf7c	1657	WOLFSSL_MSG("Mutex error on CTX init");
wolfSSL	15:117db924cf7c	1658	ctx->err = CTX_INIT_MUTEX_E;
wolfSSL	15:117db924cf7c	1659	return BAD_MUTEX_E;
wolfSSL	15:117db924cf7c	1660	}
wolfSSL	15:117db924cf7c	1661
wolfSSL	15:117db924cf7c	1662	#ifndef NO_DH
wolfSSL	15:117db924cf7c	1663	ctx->minDhKeySz = MIN_DHKEY_SZ;
wolfSSL	15:117db924cf7c	1664	ctx->maxDhKeySz = MAX_DHKEY_SZ;
wolfSSL	15:117db924cf7c	1665	#endif
wolfSSL	15:117db924cf7c	1666	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	1667	ctx->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL	15:117db924cf7c	1668	#endif
wolfSSL	15:117db924cf7c	1669	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	1670	ctx->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL	15:117db924cf7c	1671	ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL	15:117db924cf7c	1672	#endif
wolfSSL	16:8e0d178b1d1e	1673	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	1674	ctx->verifyDepth = MAX_CHAIN_DEPTH;
wolfSSL	16:8e0d178b1d1e	1675	#endif
wolfSSL	15:117db924cf7c	1676	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	1677	ctx->cbioFlag = WOLFSSL_CBIO_NONE;
wolfSSL	15:117db924cf7c	1678	#endif
wolfSSL	15:117db924cf7c	1679
wolfSSL	15:117db924cf7c	1680	#ifndef WOLFSSL_USER_IO
wolfSSL	15:117db924cf7c	1681	#ifdef MICRIUM
wolfSSL	15:117db924cf7c	1682	ctx->CBIORecv = MicriumReceive;
wolfSSL	15:117db924cf7c	1683	ctx->CBIOSend = MicriumSend;
wolfSSL	15:117db924cf7c	1684	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	1685	if (method->version.major == DTLS_MAJOR) {
wolfSSL	15:117db924cf7c	1686	ctx->CBIORecv = MicriumReceiveFrom;
wolfSSL	15:117db924cf7c	1687	ctx->CBIOSend = MicriumSendTo;
wolfSSL	15:117db924cf7c	1688	}
wolfSSL	15:117db924cf7c	1689	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	1690	#error Micrium port does not support DTLS session export yet
wolfSSL	15:117db924cf7c	1691	#endif
wolfSSL	15:117db924cf7c	1692	#endif
wolfSSL	16:8e0d178b1d1e	1693	#elif defined WOLFSSL_UIP
wolfSSL	16:8e0d178b1d1e	1694	ctx->CBIORecv = uIPReceive;
wolfSSL	16:8e0d178b1d1e	1695	ctx->CBIOSend = uIPSend;
wolfSSL	16:8e0d178b1d1e	1696	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	1697	if (method->version.major == DTLS_MAJOR) {
wolfSSL	16:8e0d178b1d1e	1698	ctx->CBIOSendTo = uIPSendTo;
wolfSSL	16:8e0d178b1d1e	1699	ctx->CBIORecvFrom = uIPRecvFrom;
wolfSSL	16:8e0d178b1d1e	1700	}
wolfSSL	16:8e0d178b1d1e	1701	#endif
wolfSSL	15:117db924cf7c	1702	#else
wolfSSL	15:117db924cf7c	1703	ctx->CBIORecv = EmbedReceive;
wolfSSL	15:117db924cf7c	1704	ctx->CBIOSend = EmbedSend;
wolfSSL	15:117db924cf7c	1705	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	1706	if (method->version.major == DTLS_MAJOR) {
wolfSSL	15:117db924cf7c	1707	ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL	15:117db924cf7c	1708	ctx->CBIOSend = EmbedSendTo;
wolfSSL	15:117db924cf7c	1709	}
wolfSSL	15:117db924cf7c	1710	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	1711	ctx->CBGetPeer = EmbedGetPeer;
wolfSSL	15:117db924cf7c	1712	ctx->CBSetPeer = EmbedSetPeer;
wolfSSL	15:117db924cf7c	1713	#endif
wolfSSL	15:117db924cf7c	1714	#endif
wolfSSL	15:117db924cf7c	1715	#endif /* MICRIUM */
wolfSSL	15:117db924cf7c	1716	#endif /* WOLFSSL_USER_IO */
wolfSSL	15:117db924cf7c	1717
wolfSSL	15:117db924cf7c	1718	#ifdef HAVE_NETX
wolfSSL	15:117db924cf7c	1719	ctx->CBIORecv = NetX_Receive;
wolfSSL	15:117db924cf7c	1720	ctx->CBIOSend = NetX_Send;
wolfSSL	16:8e0d178b1d1e	1721	#elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
wolfSSL	16:8e0d178b1d1e	1722	ctx->CBIORecv = Mynewt_Receive;
wolfSSL	16:8e0d178b1d1e	1723	ctx->CBIOSend = Mynewt_Send;
wolfSSL	16:8e0d178b1d1e	1724	#elif defined(WOLFSSL_GNRC)
wolfSSL	16:8e0d178b1d1e	1725	ctx->CBIORecv = GNRC_ReceiveFrom;
wolfSSL	16:8e0d178b1d1e	1726	ctx->CBIOSend = GNRC_SendTo;
wolfSSL	15:117db924cf7c	1727	#endif
wolfSSL	15:117db924cf7c	1728
wolfSSL	15:117db924cf7c	1729	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	1730	if (method->side == WOLFSSL_CLIENT_END)
wolfSSL	15:117db924cf7c	1731	ctx->haveNTRU = 1; /* always on client side */
wolfSSL	15:117db924cf7c	1732	/* server can turn on by loading key */
wolfSSL	15:117db924cf7c	1733	#endif
wolfSSL	15:117db924cf7c	1734	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	1735	if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	1736	ctx->haveECDSAsig = 1; /* always on client side */
wolfSSL	15:117db924cf7c	1737	ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL	15:117db924cf7c	1738	ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL	15:117db924cf7c	1739	}
wolfSSL	16:8e0d178b1d1e	1740	#elif defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	1741	if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	1742	ctx->haveECDSAsig = 1; /* always on client side */
wolfSSL	15:117db924cf7c	1743	ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL	15:117db924cf7c	1744	}
wolfSSL	15:117db924cf7c	1745	#endif
wolfSSL	15:117db924cf7c	1746
wolfSSL	15:117db924cf7c	1747	ctx->devId = INVALID_DEVID;
wolfSSL	15:117db924cf7c	1748
wolfSSL	16:8e0d178b1d1e	1749	#if defined(WOLFSSL_DTLS)
wolfSSL	16:8e0d178b1d1e	1750	#ifdef WOLFSSL_SCTP
wolfSSL	16:8e0d178b1d1e	1751	ctx->dtlsMtuSz = MAX_RECORD_SIZE;
wolfSSL	16:8e0d178b1d1e	1752	#elif defined(WOLFSSL_DTLS_MTU)
wolfSSL	16:8e0d178b1d1e	1753	ctx->dtlsMtuSz = MAX_MTU;
wolfSSL	16:8e0d178b1d1e	1754	#endif
wolfSSL	15:117db924cf7c	1755	#endif
wolfSSL	15:117db924cf7c	1756
wolfSSL	15:117db924cf7c	1757	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	1758	ctx->cm = wolfSSL_CertManagerNew_ex(heap);
wolfSSL	15:117db924cf7c	1759	if (ctx->cm == NULL) {
wolfSSL	15:117db924cf7c	1760	WOLFSSL_MSG("Bad Cert Manager New");
wolfSSL	15:117db924cf7c	1761	return BAD_CERT_MANAGER_ERROR;
wolfSSL	15:117db924cf7c	1762	}
wolfSSL	15:117db924cf7c	1763	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	1764	/* setup WOLFSSL_X509_STORE */
wolfSSL	15:117db924cf7c	1765	ctx->x509_store.cm = ctx->cm;
wolfSSL	15:117db924cf7c	1766	#endif
wolfSSL	15:117db924cf7c	1767	#endif
wolfSSL	15:117db924cf7c	1768
wolfSSL	15:117db924cf7c	1769	#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL	15:117db924cf7c	1770	if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	1771	if ((method->version.major == SSLv3_MAJOR) &&
wolfSSL	15:117db924cf7c	1772	(method->version.minor >= TLSv1_MINOR)) {
wolfSSL	15:117db924cf7c	1773
wolfSSL	15:117db924cf7c	1774	ctx->haveEMS = 1;
wolfSSL	15:117db924cf7c	1775	}
wolfSSL	15:117db924cf7c	1776	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	1777	if (method->version.major == DTLS_MAJOR)
wolfSSL	15:117db924cf7c	1778	ctx->haveEMS = 1;
wolfSSL	15:117db924cf7c	1779	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	1780	}
wolfSSL	15:117db924cf7c	1781	#endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	1782
wolfSSL	15:117db924cf7c	1783	#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	1784	ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
wolfSSL	15:117db924cf7c	1785	#endif
wolfSSL	15:117db924cf7c	1786
wolfSSL	15:117db924cf7c	1787	#ifdef HAVE_WOLF_EVENT
wolfSSL	15:117db924cf7c	1788	ret = wolfEventQueue_Init(&ctx->event_queue);
wolfSSL	15:117db924cf7c	1789	#endif /* HAVE_WOLF_EVENT */
wolfSSL	15:117db924cf7c	1790
wolfSSL	15:117db924cf7c	1791	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	1792	ctx->maxEarlyDataSz = MAX_EARLY_DATA_SZ;
wolfSSL	15:117db924cf7c	1793	#endif
wolfSSL	15:117db924cf7c	1794
wolfSSL	15:117db924cf7c	1795	ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
wolfSSL	15:117db924cf7c	1796	ctx->verifyDepth = MAX_CHAIN_DEPTH;
wolfSSL	15:117db924cf7c	1797
wolfSSL	15:117db924cf7c	1798	return ret;
wolfSSL	15:117db924cf7c	1799	}
wolfSSL	15:117db924cf7c	1800
wolfSSL	15:117db924cf7c	1801
wolfSSL	15:117db924cf7c	1802	/* In case contexts are held in array and don't want to free actual ctx */
wolfSSL	15:117db924cf7c	1803	void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL	15:117db924cf7c	1804	{
wolfSSL	16:8e0d178b1d1e	1805	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && \
wolfSSL	16:8e0d178b1d1e	1806	defined(HAVE_TLS_EXTENSIONS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	1807	int i;
wolfSSL	15:117db924cf7c	1808	#endif
wolfSSL	15:117db924cf7c	1809
wolfSSL	15:117db924cf7c	1810	#ifdef HAVE_WOLF_EVENT
wolfSSL	15:117db924cf7c	1811	wolfEventQueue_Free(&ctx->event_queue);
wolfSSL	15:117db924cf7c	1812	#endif /* HAVE_WOLF_EVENT */
wolfSSL	15:117db924cf7c	1813
wolfSSL	16:8e0d178b1d1e	1814	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	16:8e0d178b1d1e	1815	if (ctx->onHeap == 1) {
wolfSSL	16:8e0d178b1d1e	1816	XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL	16:8e0d178b1d1e	1817	}
wolfSSL	16:8e0d178b1d1e	1818	else {
wolfSSL	16:8e0d178b1d1e	1819	XFREE(ctx->method, NULL, DYNAMIC_TYPE_METHOD);
wolfSSL	16:8e0d178b1d1e	1820	}
wolfSSL	16:8e0d178b1d1e	1821	#else
wolfSSL	15:117db924cf7c	1822	XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL	16:8e0d178b1d1e	1823	#endif
wolfSSL	16:8e0d178b1d1e	1824	ctx->method = NULL;
wolfSSL	16:8e0d178b1d1e	1825	if (ctx->suites) {
wolfSSL	15:117db924cf7c	1826	XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	16:8e0d178b1d1e	1827	ctx->suites = NULL;
wolfSSL	16:8e0d178b1d1e	1828	}
wolfSSL	15:117db924cf7c	1829
wolfSSL	15:117db924cf7c	1830	#ifndef NO_DH
wolfSSL	15:117db924cf7c	1831	XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	1832	ctx->serverDH_G.buffer = NULL;
wolfSSL	15:117db924cf7c	1833	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	1834	ctx->serverDH_P.buffer = NULL;
wolfSSL	15:117db924cf7c	1835	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	1836
wolfSSL	15:117db924cf7c	1837	#ifdef SINGLE_THREADED
wolfSSL	15:117db924cf7c	1838	if (ctx->rng) {
wolfSSL	15:117db924cf7c	1839	wc_FreeRng(ctx->rng);
wolfSSL	15:117db924cf7c	1840	XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL	16:8e0d178b1d1e	1841	ctx->rng = NULL;
wolfSSL	15:117db924cf7c	1842	}
wolfSSL	15:117db924cf7c	1843	#endif /* SINGLE_THREADED */
wolfSSL	15:117db924cf7c	1844
wolfSSL	15:117db924cf7c	1845	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	1846	FreeDer(&ctx->privateKey);
wolfSSL	15:117db924cf7c	1847	FreeDer(&ctx->certificate);
wolfSSL	15:117db924cf7c	1848	#ifdef KEEP_OUR_CERT
wolfSSL	15:117db924cf7c	1849	if (ctx->ourCert && ctx->ownOurCert) {
wolfSSL	15:117db924cf7c	1850	FreeX509(ctx->ourCert);
wolfSSL	15:117db924cf7c	1851	XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	1852	ctx->ourCert = NULL;
wolfSSL	15:117db924cf7c	1853	}
wolfSSL	15:117db924cf7c	1854	#endif /* KEEP_OUR_CERT */
wolfSSL	15:117db924cf7c	1855	FreeDer(&ctx->certChain);
wolfSSL	15:117db924cf7c	1856	wolfSSL_CertManagerFree(ctx->cm);
wolfSSL	16:8e0d178b1d1e	1857	ctx->cm = NULL;
wolfSSL	15:117db924cf7c	1858	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	1859	/* ctx->cm was free'd so cm of x509 store should now be NULL */
wolfSSL	15:117db924cf7c	1860	if (ctx->x509_store_pt != NULL) {
wolfSSL	15:117db924cf7c	1861	ctx->x509_store_pt->cm = NULL;
wolfSSL	15:117db924cf7c	1862	}
wolfSSL	15:117db924cf7c	1863	wolfSSL_X509_STORE_free(ctx->x509_store_pt);
wolfSSL	15:117db924cf7c	1864	while (ctx->ca_names != NULL) {
wolfSSL	15:117db924cf7c	1865	WOLFSSL_STACK *next = ctx->ca_names->next;
wolfSSL	15:117db924cf7c	1866	wolfSSL_X509_NAME_free(ctx->ca_names->data.name);
wolfSSL	15:117db924cf7c	1867	XFREE(ctx->ca_names, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	15:117db924cf7c	1868	ctx->ca_names = next;
wolfSSL	15:117db924cf7c	1869	}
wolfSSL	15:117db924cf7c	1870	#endif
wolfSSL	15:117db924cf7c	1871	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	1872	while (ctx->x509Chain != NULL) {
wolfSSL	15:117db924cf7c	1873	WOLFSSL_STACK *next = ctx->x509Chain->next;
wolfSSL	15:117db924cf7c	1874	wolfSSL_X509_free(ctx->x509Chain->data.x509);
wolfSSL	15:117db924cf7c	1875	XFREE(ctx->x509Chain, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	15:117db924cf7c	1876	ctx->x509Chain = next;
wolfSSL	15:117db924cf7c	1877	}
wolfSSL	15:117db924cf7c	1878	#endif
wolfSSL	15:117db924cf7c	1879	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	1880
wolfSSL	15:117db924cf7c	1881	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	1882	TLSX_FreeAll(ctx->extensions, ctx->heap);
wolfSSL	15:117db924cf7c	1883
wolfSSL	15:117db924cf7c	1884	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	1885	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	1886	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	1887	if (ctx->certOcspRequest) {
wolfSSL	15:117db924cf7c	1888	FreeOcspRequest(ctx->certOcspRequest);
wolfSSL	15:117db924cf7c	1889	XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	1890	}
wolfSSL	15:117db924cf7c	1891	#endif
wolfSSL	15:117db924cf7c	1892
wolfSSL	15:117db924cf7c	1893	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	1894	for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
wolfSSL	15:117db924cf7c	1895	if (ctx->chainOcspRequest[i]) {
wolfSSL	15:117db924cf7c	1896	FreeOcspRequest(ctx->chainOcspRequest[i]);
wolfSSL	15:117db924cf7c	1897	XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	16:8e0d178b1d1e	1898	ctx->chainOcspRequest[i] = NULL;
wolfSSL	15:117db924cf7c	1899	}
wolfSSL	15:117db924cf7c	1900	}
wolfSSL	15:117db924cf7c	1901	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	15:117db924cf7c	1902	#endif /* !NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	1903
wolfSSL	15:117db924cf7c	1904	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	15:117db924cf7c	1905	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	1906	if(ctx->alpn_cli_protos) {
wolfSSL	15:117db924cf7c	1907	XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	16:8e0d178b1d1e	1908	ctx->alpn_cli_protos = NULL;
wolfSSL	16:8e0d178b1d1e	1909	}
wolfSSL	15:117db924cf7c	1910	#endif
wolfSSL	15:117db924cf7c	1911	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	15:117db924cf7c	1912	if (ctx->heap != NULL) {
wolfSSL	15:117db924cf7c	1913	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	16:8e0d178b1d1e	1914	/* avoid dereferencing a test value */
wolfSSL	15:117db924cf7c	1915	if (ctx->heap != (void*)WOLFSSL_HEAP_TEST)
wolfSSL	15:117db924cf7c	1916	#endif
wolfSSL	15:117db924cf7c	1917	{
wolfSSL	15:117db924cf7c	1918	WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap);
wolfSSL	15:117db924cf7c	1919	wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex);
wolfSSL	15:117db924cf7c	1920	}
wolfSSL	15:117db924cf7c	1921	}
wolfSSL	15:117db924cf7c	1922	#endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL	15:117db924cf7c	1923	}
wolfSSL	15:117db924cf7c	1924
wolfSSL	15:117db924cf7c	1925
wolfSSL	15:117db924cf7c	1926	void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
wolfSSL	15:117db924cf7c	1927	{
wolfSSL	16:8e0d178b1d1e	1928	int refCount;
wolfSSL	16:8e0d178b1d1e	1929
wolfSSL	16:8e0d178b1d1e	1930	/* decrement CTX reference count */
wolfSSL	16:8e0d178b1d1e	1931	if ((refCount = SSL_CTX_RefCount(ctx, -1)) < 0) {
wolfSSL	15:117db924cf7c	1932	/* check error state, if mutex error code then mutex init failed but
wolfSSL	15:117db924cf7c	1933	* CTX was still malloc'd */
wolfSSL	15:117db924cf7c	1934	if (ctx->err == CTX_INIT_MUTEX_E) {
wolfSSL	15:117db924cf7c	1935	SSL_CtxResourceFree(ctx);
wolfSSL	15:117db924cf7c	1936	XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL	15:117db924cf7c	1937	}
wolfSSL	15:117db924cf7c	1938	return;
wolfSSL	15:117db924cf7c	1939	}
wolfSSL	16:8e0d178b1d1e	1940
wolfSSL	16:8e0d178b1d1e	1941	if (refCount == 0) {
wolfSSL	16:8e0d178b1d1e	1942	void* heap = ctx->heap;
wolfSSL	15:117db924cf7c	1943	WOLFSSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL	15:117db924cf7c	1944	SSL_CtxResourceFree(ctx);
wolfSSL	15:117db924cf7c	1945	wc_FreeMutex(&ctx->countMutex);
wolfSSL	16:8e0d178b1d1e	1946	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	16:8e0d178b1d1e	1947	if (ctx->onHeap == 0) {
wolfSSL	16:8e0d178b1d1e	1948	heap = NULL;
wolfSSL	16:8e0d178b1d1e	1949	}
wolfSSL	16:8e0d178b1d1e	1950	#endif
wolfSSL	16:8e0d178b1d1e	1951	XFREE(ctx, heap, DYNAMIC_TYPE_CTX);
wolfSSL	16:8e0d178b1d1e	1952	(void)heap; /* not used in some builds */
wolfSSL	15:117db924cf7c	1953	}
wolfSSL	15:117db924cf7c	1954	else {
wolfSSL	15:117db924cf7c	1955	(void)ctx;
wolfSSL	15:117db924cf7c	1956	WOLFSSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL	15:117db924cf7c	1957	}
wolfSSL	15:117db924cf7c	1958	}
wolfSSL	15:117db924cf7c	1959
wolfSSL	15:117db924cf7c	1960
wolfSSL	15:117db924cf7c	1961	/* Set cipher pointers to null */
wolfSSL	15:117db924cf7c	1962	void InitCiphers(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	1963	{
wolfSSL	15:117db924cf7c	1964	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	1965	ssl->encrypt.arc4 = NULL;
wolfSSL	15:117db924cf7c	1966	ssl->decrypt.arc4 = NULL;
wolfSSL	15:117db924cf7c	1967	#endif
wolfSSL	15:117db924cf7c	1968	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	1969	ssl->encrypt.des3 = NULL;
wolfSSL	15:117db924cf7c	1970	ssl->decrypt.des3 = NULL;
wolfSSL	15:117db924cf7c	1971	#endif
wolfSSL	15:117db924cf7c	1972	#ifdef BUILD_AES
wolfSSL	15:117db924cf7c	1973	ssl->encrypt.aes = NULL;
wolfSSL	15:117db924cf7c	1974	ssl->decrypt.aes = NULL;
wolfSSL	15:117db924cf7c	1975	#endif
wolfSSL	15:117db924cf7c	1976	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	1977	ssl->encrypt.cam = NULL;
wolfSSL	15:117db924cf7c	1978	ssl->decrypt.cam = NULL;
wolfSSL	15:117db924cf7c	1979	#endif
wolfSSL	15:117db924cf7c	1980	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	1981	ssl->encrypt.hc128 = NULL;
wolfSSL	15:117db924cf7c	1982	ssl->decrypt.hc128 = NULL;
wolfSSL	15:117db924cf7c	1983	#endif
wolfSSL	15:117db924cf7c	1984	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	1985	ssl->encrypt.rabbit = NULL;
wolfSSL	15:117db924cf7c	1986	ssl->decrypt.rabbit = NULL;
wolfSSL	15:117db924cf7c	1987	#endif
wolfSSL	15:117db924cf7c	1988	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	1989	ssl->encrypt.chacha = NULL;
wolfSSL	15:117db924cf7c	1990	ssl->decrypt.chacha = NULL;
wolfSSL	15:117db924cf7c	1991	#endif
wolfSSL	16:8e0d178b1d1e	1992	#if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
wolfSSL	15:117db924cf7c	1993	ssl->auth.poly1305 = NULL;
wolfSSL	15:117db924cf7c	1994	#endif
wolfSSL	15:117db924cf7c	1995	ssl->encrypt.setup = 0;
wolfSSL	15:117db924cf7c	1996	ssl->decrypt.setup = 0;
wolfSSL	15:117db924cf7c	1997	#ifdef HAVE_ONE_TIME_AUTH
wolfSSL	15:117db924cf7c	1998	ssl->auth.setup = 0;
wolfSSL	15:117db924cf7c	1999	#endif
wolfSSL	15:117db924cf7c	2000	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	2001	ssl->encrypt.idea = NULL;
wolfSSL	15:117db924cf7c	2002	ssl->decrypt.idea = NULL;
wolfSSL	15:117db924cf7c	2003	#endif
wolfSSL	15:117db924cf7c	2004	}
wolfSSL	15:117db924cf7c	2005
wolfSSL	15:117db924cf7c	2006
wolfSSL	15:117db924cf7c	2007	/* Free ciphers */
wolfSSL	15:117db924cf7c	2008	void FreeCiphers(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	2009	{
wolfSSL	15:117db924cf7c	2010	(void)ssl;
wolfSSL	15:117db924cf7c	2011	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	2012	wc_Arc4Free(ssl->encrypt.arc4);
wolfSSL	15:117db924cf7c	2013	wc_Arc4Free(ssl->decrypt.arc4);
wolfSSL	15:117db924cf7c	2014	XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2015	XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2016	#endif
wolfSSL	15:117db924cf7c	2017	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	2018	wc_Des3Free(ssl->encrypt.des3);
wolfSSL	15:117db924cf7c	2019	wc_Des3Free(ssl->decrypt.des3);
wolfSSL	15:117db924cf7c	2020	XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2021	XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2022	#endif
wolfSSL	16:8e0d178b1d1e	2023	#if defined(BUILD_AES) \|\| defined(BUILD_AESGCM) /* See: InitKeys() in keys.c
wolfSSL	16:8e0d178b1d1e	2024	* on addition of BUILD_AESGCM
wolfSSL	16:8e0d178b1d1e	2025	* check (enc->aes, dec->aes) */
wolfSSL	15:117db924cf7c	2026	wc_AesFree(ssl->encrypt.aes);
wolfSSL	15:117db924cf7c	2027	wc_AesFree(ssl->decrypt.aes);
wolfSSL	16:8e0d178b1d1e	2028	#if (defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)) && \
wolfSSL	16:8e0d178b1d1e	2029	!defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	2030	XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	2031	XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	2032	#endif
wolfSSL	15:117db924cf7c	2033	XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2034	XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2035	#endif
wolfSSL	16:8e0d178b1d1e	2036	#ifdef CIPHER_NONCE
wolfSSL	16:8e0d178b1d1e	2037	XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	16:8e0d178b1d1e	2038	XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	16:8e0d178b1d1e	2039	#endif
wolfSSL	15:117db924cf7c	2040	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	2041	XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2042	XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2043	#endif
wolfSSL	15:117db924cf7c	2044	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	2045	XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2046	XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2047	#endif
wolfSSL	15:117db924cf7c	2048	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	2049	XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2050	XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2051	#endif
wolfSSL	15:117db924cf7c	2052	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	2053	XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2054	XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2055	#endif
wolfSSL	16:8e0d178b1d1e	2056	#if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
wolfSSL	15:117db924cf7c	2057	XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2058	#endif
wolfSSL	15:117db924cf7c	2059	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	2060	XFREE(ssl->encrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2061	XFREE(ssl->decrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	15:117db924cf7c	2062	#endif
wolfSSL	16:8e0d178b1d1e	2063	#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
wolfSSL	16:8e0d178b1d1e	2064	wc_HmacFree(ssl->encrypt.hmac);
wolfSSL	16:8e0d178b1d1e	2065	wc_HmacFree(ssl->decrypt.hmac);
wolfSSL	16:8e0d178b1d1e	2066	XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	16:8e0d178b1d1e	2067	XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	16:8e0d178b1d1e	2068	#endif
wolfSSL	15:117db924cf7c	2069	}
wolfSSL	15:117db924cf7c	2070
wolfSSL	15:117db924cf7c	2071
wolfSSL	15:117db924cf7c	2072	void InitCipherSpecs(CipherSpecs* cs)
wolfSSL	15:117db924cf7c	2073	{
wolfSSL	15:117db924cf7c	2074	XMEMSET(cs, 0, sizeof(CipherSpecs));
wolfSSL	15:117db924cf7c	2075
wolfSSL	15:117db924cf7c	2076	cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL	15:117db924cf7c	2077	cs->cipher_type = INVALID_BYTE;
wolfSSL	15:117db924cf7c	2078	cs->mac_algorithm = INVALID_BYTE;
wolfSSL	15:117db924cf7c	2079	cs->kea = INVALID_BYTE;
wolfSSL	15:117db924cf7c	2080	cs->sig_algo = INVALID_BYTE;
wolfSSL	15:117db924cf7c	2081	}
wolfSSL	15:117db924cf7c	2082
wolfSSL	16:8e0d178b1d1e	2083	#if defined(USE_ECDSA_KEYSZ_HASH_ALGO) \|\| (defined(WOLFSSL_TLS13) && \
wolfSSL	16:8e0d178b1d1e	2084	defined(HAVE_ECC))
wolfSSL	16:8e0d178b1d1e	2085	static int GetMacDigestSize(byte macAlgo)
wolfSSL	16:8e0d178b1d1e	2086	{
wolfSSL	16:8e0d178b1d1e	2087	switch (macAlgo) {
wolfSSL	16:8e0d178b1d1e	2088	#ifndef NO_SHA
wolfSSL	16:8e0d178b1d1e	2089	case sha_mac:
wolfSSL	16:8e0d178b1d1e	2090	return WC_SHA_DIGEST_SIZE;
wolfSSL	16:8e0d178b1d1e	2091	#endif
wolfSSL	16:8e0d178b1d1e	2092	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	2093	case sha256_mac:
wolfSSL	16:8e0d178b1d1e	2094	return WC_SHA256_DIGEST_SIZE;
wolfSSL	16:8e0d178b1d1e	2095	#endif
wolfSSL	16:8e0d178b1d1e	2096	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	2097	case sha384_mac:
wolfSSL	16:8e0d178b1d1e	2098	return WC_SHA384_DIGEST_SIZE;
wolfSSL	16:8e0d178b1d1e	2099	#endif
wolfSSL	16:8e0d178b1d1e	2100	#ifdef WOLFSSL_SHA512
wolfSSL	16:8e0d178b1d1e	2101	case sha512_mac:
wolfSSL	16:8e0d178b1d1e	2102	return WC_SHA512_DIGEST_SIZE;
wolfSSL	16:8e0d178b1d1e	2103	#endif
wolfSSL	16:8e0d178b1d1e	2104	default:
wolfSSL	16:8e0d178b1d1e	2105	break;
wolfSSL	16:8e0d178b1d1e	2106	}
wolfSSL	16:8e0d178b1d1e	2107	return NOT_COMPILED_IN;
wolfSSL	16:8e0d178b1d1e	2108	}
wolfSSL	16:8e0d178b1d1e	2109	#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
wolfSSL	16:8e0d178b1d1e	2110
wolfSSL	16:8e0d178b1d1e	2111	static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, byte sigAlgo,
wolfSSL	16:8e0d178b1d1e	2112	int keySz, word16* inOutIdx)
wolfSSL	16:8e0d178b1d1e	2113	{
wolfSSL	16:8e0d178b1d1e	2114	int addSigAlgo = 1;
wolfSSL	16:8e0d178b1d1e	2115
wolfSSL	16:8e0d178b1d1e	2116	#ifdef USE_ECDSA_KEYSZ_HASH_ALGO
wolfSSL	16:8e0d178b1d1e	2117	if (sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	2118	int digestSz = GetMacDigestSize(macAlgo);
wolfSSL	16:8e0d178b1d1e	2119	/* do not add sig/algos with digest size larger than key size */
wolfSSL	16:8e0d178b1d1e	2120	if (digestSz <= 0 \|\| (keySz > 0 && digestSz > keySz)) {
wolfSSL	16:8e0d178b1d1e	2121	addSigAlgo = 0;
wolfSSL	16:8e0d178b1d1e	2122	}
wolfSSL	16:8e0d178b1d1e	2123	}
wolfSSL	16:8e0d178b1d1e	2124	#else
wolfSSL	16:8e0d178b1d1e	2125	(void)keySz;
wolfSSL	16:8e0d178b1d1e	2126	#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
wolfSSL	16:8e0d178b1d1e	2127
wolfSSL	16:8e0d178b1d1e	2128	if (addSigAlgo) {
wolfSSL	16:8e0d178b1d1e	2129	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	2130	if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL	16:8e0d178b1d1e	2131	/* RSA PSS is sig then mac */
wolfSSL	16:8e0d178b1d1e	2132	suites->hashSigAlgo[*inOutIdx] = sigAlgo;
wolfSSL	16:8e0d178b1d1e	2133	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2134	suites->hashSigAlgo[*inOutIdx] = macAlgo;
wolfSSL	16:8e0d178b1d1e	2135	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2136	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	2137	/* Add the certificate algorithm as well */
wolfSSL	16:8e0d178b1d1e	2138	suites->hashSigAlgo[*inOutIdx] = sigAlgo;
wolfSSL	16:8e0d178b1d1e	2139	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2140	suites->hashSigAlgo[*inOutIdx] = PSS_RSAE_TO_PSS_PSS(macAlgo);
wolfSSL	16:8e0d178b1d1e	2141	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2142	#endif
wolfSSL	16:8e0d178b1d1e	2143	}
wolfSSL	16:8e0d178b1d1e	2144	else
wolfSSL	16:8e0d178b1d1e	2145	#endif
wolfSSL	16:8e0d178b1d1e	2146	{
wolfSSL	16:8e0d178b1d1e	2147	suites->hashSigAlgo[*inOutIdx] = macAlgo;
wolfSSL	16:8e0d178b1d1e	2148	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2149	suites->hashSigAlgo[*inOutIdx] = sigAlgo;
wolfSSL	16:8e0d178b1d1e	2150	*inOutIdx += 1;
wolfSSL	16:8e0d178b1d1e	2151	}
wolfSSL	16:8e0d178b1d1e	2152	}
wolfSSL	16:8e0d178b1d1e	2153	}
wolfSSL	16:8e0d178b1d1e	2154
wolfSSL	15:117db924cf7c	2155	void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
wolfSSL	15:117db924cf7c	2156	int haveAnon, int tls1_2, int keySz)
wolfSSL	15:117db924cf7c	2157	{
wolfSSL	16:8e0d178b1d1e	2158	word16 idx = 0;
wolfSSL	15:117db924cf7c	2159
wolfSSL	15:117db924cf7c	2160	(void)tls1_2;
wolfSSL	15:117db924cf7c	2161	(void)keySz;
wolfSSL	15:117db924cf7c	2162
wolfSSL	16:8e0d178b1d1e	2163	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	2164	if (haveECDSAsig) {
wolfSSL	16:8e0d178b1d1e	2165	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	2166	#ifdef WOLFSSL_SHA512
wolfSSL	16:8e0d178b1d1e	2167	AddSuiteHashSigAlgo(suites, sha512_mac, ecc_dsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2168	#endif
wolfSSL	16:8e0d178b1d1e	2169	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	2170	AddSuiteHashSigAlgo(suites, sha384_mac, ecc_dsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2171	#endif
wolfSSL	16:8e0d178b1d1e	2172	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	2173	AddSuiteHashSigAlgo(suites, sha256_mac, ecc_dsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2174	#endif
wolfSSL	16:8e0d178b1d1e	2175	#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) \|\| \
wolfSSL	16:8e0d178b1d1e	2176	defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	16:8e0d178b1d1e	2177	AddSuiteHashSigAlgo(suites, sha_mac, ecc_dsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2178	#endif
wolfSSL	16:8e0d178b1d1e	2179	#endif
wolfSSL	16:8e0d178b1d1e	2180	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	2181	AddSuiteHashSigAlgo(suites, ED25519_SA_MAJOR, ED25519_SA_MINOR, keySz,
wolfSSL	16:8e0d178b1d1e	2182	&idx);
wolfSSL	16:8e0d178b1d1e	2183	#endif
wolfSSL	16:8e0d178b1d1e	2184	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	2185	AddSuiteHashSigAlgo(suites, ED448_SA_MAJOR, ED448_SA_MINOR, keySz,
wolfSSL	16:8e0d178b1d1e	2186	&idx);
wolfSSL	16:8e0d178b1d1e	2187	#endif
wolfSSL	16:8e0d178b1d1e	2188	}
wolfSSL	16:8e0d178b1d1e	2189	#endif /* HAVE_ECC \|\| HAVE_ED25519 \|\| defined(HAVE_ED448 */
wolfSSL	15:117db924cf7c	2190
wolfSSL	15:117db924cf7c	2191	if (haveRSAsig) {
wolfSSL	16:8e0d178b1d1e	2192	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	2193	if (tls1_2) {
wolfSSL	15:117db924cf7c	2194	#ifdef WOLFSSL_SHA512
wolfSSL	16:8e0d178b1d1e	2195	AddSuiteHashSigAlgo(suites, sha512_mac, rsa_pss_sa_algo, keySz,
wolfSSL	16:8e0d178b1d1e	2196	&idx);
wolfSSL	15:117db924cf7c	2197	#endif
wolfSSL	15:117db924cf7c	2198	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	2199	AddSuiteHashSigAlgo(suites, sha384_mac, rsa_pss_sa_algo, keySz,
wolfSSL	16:8e0d178b1d1e	2200	&idx);
wolfSSL	15:117db924cf7c	2201	#endif
wolfSSL	15:117db924cf7c	2202	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	2203	AddSuiteHashSigAlgo(suites, sha256_mac, rsa_pss_sa_algo, keySz,
wolfSSL	16:8e0d178b1d1e	2204	&idx);
wolfSSL	16:8e0d178b1d1e	2205	#endif
wolfSSL	16:8e0d178b1d1e	2206	}
wolfSSL	16:8e0d178b1d1e	2207	#endif
wolfSSL	16:8e0d178b1d1e	2208	#ifdef WOLFSSL_SHA512
wolfSSL	16:8e0d178b1d1e	2209	AddSuiteHashSigAlgo(suites, sha512_mac, rsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2210	#endif
wolfSSL	16:8e0d178b1d1e	2211	#ifdef WOLFSSL_SHA384
wolfSSL	16:8e0d178b1d1e	2212	AddSuiteHashSigAlgo(suites, sha384_mac, rsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2213	#endif
wolfSSL	16:8e0d178b1d1e	2214	#ifndef NO_SHA256
wolfSSL	16:8e0d178b1d1e	2215	AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2216	#endif
wolfSSL	16:8e0d178b1d1e	2217	#ifdef WOLFSSL_SHA224
wolfSSL	16:8e0d178b1d1e	2218	AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2219	#endif
wolfSSL	16:8e0d178b1d1e	2220	#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) \|\| \
wolfSSL	16:8e0d178b1d1e	2221	defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	16:8e0d178b1d1e	2222	AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx);
wolfSSL	16:8e0d178b1d1e	2223	#endif
wolfSSL	15:117db924cf7c	2224	}
wolfSSL	15:117db924cf7c	2225
wolfSSL	15:117db924cf7c	2226	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	2227	if (haveAnon) {
wolfSSL	16:8e0d178b1d1e	2228	AddSuiteHashSigAlgo(suites, sha_mac, anonymous_sa_algo, keySz, &idx);
wolfSSL	15:117db924cf7c	2229	}
wolfSSL	15:117db924cf7c	2230	#endif
wolfSSL	15:117db924cf7c	2231
wolfSSL	15:117db924cf7c	2232	(void)haveAnon;
wolfSSL	15:117db924cf7c	2233	(void)haveECDSAsig;
wolfSSL	16:8e0d178b1d1e	2234	suites->hashSigAlgoSz = idx;
wolfSSL	15:117db924cf7c	2235	}
wolfSSL	15:117db924cf7c	2236
wolfSSL	15:117db924cf7c	2237	void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
wolfSSL	15:117db924cf7c	2238	word16 havePSK, word16 haveDH, word16 haveNTRU,
wolfSSL	15:117db924cf7c	2239	word16 haveECDSAsig, word16 haveECC,
wolfSSL	15:117db924cf7c	2240	word16 haveStaticECC, int side)
wolfSSL	15:117db924cf7c	2241	{
wolfSSL	15:117db924cf7c	2242	word16 idx = 0;
wolfSSL	15:117db924cf7c	2243	int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL	15:117db924cf7c	2244	int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	2245	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2246	int tls1_3 = IsAtLeastTLSv1_3(pv);
wolfSSL	15:117db924cf7c	2247	#endif
wolfSSL	15:117db924cf7c	2248	int dtls = 0;
wolfSSL	15:117db924cf7c	2249	int haveRSAsig = 1;
wolfSSL	15:117db924cf7c	2250
wolfSSL	15:117db924cf7c	2251	(void)tls; /* shut up compiler */
wolfSSL	15:117db924cf7c	2252	(void)tls1_2;
wolfSSL	15:117db924cf7c	2253	(void)dtls;
wolfSSL	15:117db924cf7c	2254	(void)haveDH;
wolfSSL	15:117db924cf7c	2255	(void)havePSK;
wolfSSL	15:117db924cf7c	2256	(void)haveNTRU;
wolfSSL	15:117db924cf7c	2257	(void)haveStaticECC;
wolfSSL	15:117db924cf7c	2258	(void)haveECC;
wolfSSL	15:117db924cf7c	2259	(void)side;
wolfSSL	15:117db924cf7c	2260	(void)haveRSA; /* some builds won't read */
wolfSSL	15:117db924cf7c	2261	(void)haveRSAsig; /* non ecc builds won't read */
wolfSSL	15:117db924cf7c	2262
wolfSSL	15:117db924cf7c	2263	if (suites == NULL) {
wolfSSL	15:117db924cf7c	2264	WOLFSSL_MSG("InitSuites pointer error");
wolfSSL	15:117db924cf7c	2265	return;
wolfSSL	15:117db924cf7c	2266	}
wolfSSL	15:117db924cf7c	2267
wolfSSL	15:117db924cf7c	2268	if (suites->setSuites)
wolfSSL	15:117db924cf7c	2269	return; /* trust user settings, don't override */
wolfSSL	15:117db924cf7c	2270
wolfSSL	15:117db924cf7c	2271	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	2272	#ifdef BUILD_TLS_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2273	if (tls1_3) {
wolfSSL	15:117db924cf7c	2274	suites->suites[idx++] = TLS13_BYTE;
wolfSSL	15:117db924cf7c	2275	suites->suites[idx++] = TLS_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2276	}
wolfSSL	15:117db924cf7c	2277	#endif
wolfSSL	15:117db924cf7c	2278
wolfSSL	15:117db924cf7c	2279	#ifdef BUILD_TLS_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2280	if (tls1_3) {
wolfSSL	15:117db924cf7c	2281	suites->suites[idx++] = TLS13_BYTE;
wolfSSL	15:117db924cf7c	2282	suites->suites[idx++] = TLS_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2283	}
wolfSSL	15:117db924cf7c	2284	#endif
wolfSSL	15:117db924cf7c	2285
wolfSSL	15:117db924cf7c	2286	#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2287	if (tls1_3) {
wolfSSL	15:117db924cf7c	2288	suites->suites[idx++] = TLS13_BYTE;
wolfSSL	15:117db924cf7c	2289	suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2290	}
wolfSSL	15:117db924cf7c	2291	#endif
wolfSSL	15:117db924cf7c	2292
wolfSSL	15:117db924cf7c	2293	#ifdef BUILD_TLS_AES_128_CCM_SHA256
wolfSSL	15:117db924cf7c	2294	if (tls1_3) {
wolfSSL	15:117db924cf7c	2295	suites->suites[idx++] = TLS13_BYTE;
wolfSSL	15:117db924cf7c	2296	suites->suites[idx++] = TLS_AES_128_CCM_SHA256;
wolfSSL	15:117db924cf7c	2297	}
wolfSSL	15:117db924cf7c	2298	#endif
wolfSSL	15:117db924cf7c	2299
wolfSSL	15:117db924cf7c	2300	#ifdef BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL	15:117db924cf7c	2301	if (tls1_3) {
wolfSSL	15:117db924cf7c	2302	suites->suites[idx++] = TLS13_BYTE;
wolfSSL	15:117db924cf7c	2303	suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256;
wolfSSL	15:117db924cf7c	2304	}
wolfSSL	15:117db924cf7c	2305	#endif
wolfSSL	16:8e0d178b1d1e	2306
wolfSSL	16:8e0d178b1d1e	2307	#ifdef HAVE_NULL_CIPHER
wolfSSL	16:8e0d178b1d1e	2308	#ifdef BUILD_TLS_SHA256_SHA256
wolfSSL	16:8e0d178b1d1e	2309	if (tls1_3) {
wolfSSL	16:8e0d178b1d1e	2310	suites->suites[idx++] = ECC_BYTE;
wolfSSL	16:8e0d178b1d1e	2311	suites->suites[idx++] = TLS_SHA256_SHA256;
wolfSSL	16:8e0d178b1d1e	2312	}
wolfSSL	16:8e0d178b1d1e	2313	#endif
wolfSSL	16:8e0d178b1d1e	2314
wolfSSL	16:8e0d178b1d1e	2315	#ifdef BUILD_TLS_SHA384_SHA384
wolfSSL	16:8e0d178b1d1e	2316	if (tls1_3) {
wolfSSL	16:8e0d178b1d1e	2317	suites->suites[idx++] = ECC_BYTE;
wolfSSL	16:8e0d178b1d1e	2318	suites->suites[idx++] = TLS_SHA384_SHA384;
wolfSSL	16:8e0d178b1d1e	2319	}
wolfSSL	16:8e0d178b1d1e	2320	#endif
wolfSSL	16:8e0d178b1d1e	2321	#endif
wolfSSL	15:117db924cf7c	2322	#endif /* WOLFSSL_TLS13 */
wolfSSL	15:117db924cf7c	2323
wolfSSL	15:117db924cf7c	2324	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	2325
wolfSSL	16:8e0d178b1d1e	2326	#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	2327	if (side == WOLFSSL_SERVER_END && haveStaticECC) {
wolfSSL	15:117db924cf7c	2328	haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL	15:117db924cf7c	2329	}
wolfSSL	15:117db924cf7c	2330
wolfSSL	15:117db924cf7c	2331	if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
wolfSSL	15:117db924cf7c	2332	haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL	15:117db924cf7c	2333	}
wolfSSL	15:117db924cf7c	2334	#endif /* !NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	2335
wolfSSL	15:117db924cf7c	2336	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	2337	if (pv.major == DTLS_MAJOR) {
wolfSSL	15:117db924cf7c	2338	dtls = 1;
wolfSSL	15:117db924cf7c	2339	tls = 1;
wolfSSL	16:8e0d178b1d1e	2340	/* May be dead assignments dependent upon configuration */
wolfSSL	15:117db924cf7c	2341	(void) dtls;
wolfSSL	15:117db924cf7c	2342	(void) tls;
wolfSSL	15:117db924cf7c	2343	tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	2344	}
wolfSSL	15:117db924cf7c	2345	#endif
wolfSSL	15:117db924cf7c	2346
wolfSSL	15:117db924cf7c	2347	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	15:117db924cf7c	2348	if (side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	2349	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2350	suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL	15:117db924cf7c	2351	}
wolfSSL	15:117db924cf7c	2352	#endif
wolfSSL	15:117db924cf7c	2353
wolfSSL	15:117db924cf7c	2354	#ifdef BUILD_TLS_QSH
wolfSSL	15:117db924cf7c	2355	if (tls) {
wolfSSL	15:117db924cf7c	2356	suites->suites[idx++] = QSH_BYTE;
wolfSSL	15:117db924cf7c	2357	suites->suites[idx++] = TLS_QSH;
wolfSSL	15:117db924cf7c	2358	}
wolfSSL	15:117db924cf7c	2359	#endif
wolfSSL	15:117db924cf7c	2360
wolfSSL	15:117db924cf7c	2361	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2362	if (tls && haveNTRU && haveRSA) {
wolfSSL	15:117db924cf7c	2363	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2364	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2365	}
wolfSSL	15:117db924cf7c	2366	#endif
wolfSSL	15:117db924cf7c	2367
wolfSSL	15:117db924cf7c	2368	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2369	if (tls && haveNTRU && haveRSA) {
wolfSSL	15:117db924cf7c	2370	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2371	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2372	}
wolfSSL	15:117db924cf7c	2373	#endif
wolfSSL	15:117db924cf7c	2374
wolfSSL	15:117db924cf7c	2375	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	2376	if (!dtls && tls && haveNTRU && haveRSA) {
wolfSSL	15:117db924cf7c	2377	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2378	suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	2379	}
wolfSSL	15:117db924cf7c	2380	#endif
wolfSSL	15:117db924cf7c	2381
wolfSSL	15:117db924cf7c	2382	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2383	if (tls && haveNTRU && haveRSA) {
wolfSSL	15:117db924cf7c	2384	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2385	suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2386	}
wolfSSL	15:117db924cf7c	2387	#endif
wolfSSL	15:117db924cf7c	2388
wolfSSL	15:117db924cf7c	2389	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2390	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2391	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2392	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2393	}
wolfSSL	15:117db924cf7c	2394	#endif
wolfSSL	15:117db924cf7c	2395
wolfSSL	15:117db924cf7c	2396	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2397	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2398	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2399	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2400	}
wolfSSL	15:117db924cf7c	2401	#endif
wolfSSL	15:117db924cf7c	2402
wolfSSL	15:117db924cf7c	2403	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2404	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2405	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2406	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2407	}
wolfSSL	15:117db924cf7c	2408	#endif
wolfSSL	15:117db924cf7c	2409
wolfSSL	15:117db924cf7c	2410	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2411	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2412	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2413	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2414	}
wolfSSL	15:117db924cf7c	2415	#endif
wolfSSL	15:117db924cf7c	2416
wolfSSL	15:117db924cf7c	2417	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2418	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2419	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2420	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2421	}
wolfSSL	15:117db924cf7c	2422	#endif
wolfSSL	15:117db924cf7c	2423
wolfSSL	15:117db924cf7c	2424	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2425	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2426	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2427	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2428	}
wolfSSL	15:117db924cf7c	2429	#endif
wolfSSL	15:117db924cf7c	2430
wolfSSL	15:117db924cf7c	2431	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2432	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2433	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2434	suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2435	}
wolfSSL	15:117db924cf7c	2436	#endif
wolfSSL	15:117db924cf7c	2437
wolfSSL	15:117db924cf7c	2438	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2439	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2440	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2441	suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2442	}
wolfSSL	15:117db924cf7c	2443	#endif
wolfSSL	15:117db924cf7c	2444
wolfSSL	15:117db924cf7c	2445	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2446	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2447	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2448	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2449	}
wolfSSL	15:117db924cf7c	2450	#endif
wolfSSL	15:117db924cf7c	2451
wolfSSL	15:117db924cf7c	2452	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2453	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2454	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2455	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2456	}
wolfSSL	15:117db924cf7c	2457	#endif
wolfSSL	15:117db924cf7c	2458
wolfSSL	15:117db924cf7c	2459	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2460	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2461	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2462	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2463	}
wolfSSL	15:117db924cf7c	2464	#endif
wolfSSL	15:117db924cf7c	2465
wolfSSL	15:117db924cf7c	2466	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2467	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2468	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2469	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2470	}
wolfSSL	15:117db924cf7c	2471	#endif
wolfSSL	15:117db924cf7c	2472
wolfSSL	15:117db924cf7c	2473	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2474	if (tls1_2 && haveDH && havePSK) {
wolfSSL	15:117db924cf7c	2475	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2476	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2477	}
wolfSSL	15:117db924cf7c	2478	#endif
wolfSSL	15:117db924cf7c	2479
wolfSSL	15:117db924cf7c	2480	#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2481	if (tls1_2 && haveDH) {
wolfSSL	15:117db924cf7c	2482	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2483	suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2484	}
wolfSSL	15:117db924cf7c	2485	#endif
wolfSSL	15:117db924cf7c	2486
wolfSSL	15:117db924cf7c	2487	#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2488	if (tls1_2 && haveDH) {
wolfSSL	15:117db924cf7c	2489	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2490	suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2491	}
wolfSSL	15:117db924cf7c	2492	#endif
wolfSSL	15:117db924cf7c	2493
wolfSSL	15:117db924cf7c	2494	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2495	if (tls1_2 && haveDH && havePSK) {
wolfSSL	15:117db924cf7c	2496	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2497	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2498	}
wolfSSL	15:117db924cf7c	2499	#endif
wolfSSL	15:117db924cf7c	2500
wolfSSL	15:117db924cf7c	2501	#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	15:117db924cf7c	2502	if (tls1_2 && havePSK) {
wolfSSL	15:117db924cf7c	2503	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2504	suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL	15:117db924cf7c	2505	}
wolfSSL	15:117db924cf7c	2506	#endif
wolfSSL	15:117db924cf7c	2507
wolfSSL	15:117db924cf7c	2508	#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	15:117db924cf7c	2509	if (tls1_2 && havePSK) {
wolfSSL	15:117db924cf7c	2510	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2511	suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL	15:117db924cf7c	2512	}
wolfSSL	15:117db924cf7c	2513	#endif
wolfSSL	15:117db924cf7c	2514
wolfSSL	15:117db924cf7c	2515	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2516	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2517	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2518	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2519	}
wolfSSL	15:117db924cf7c	2520	#endif
wolfSSL	15:117db924cf7c	2521
wolfSSL	15:117db924cf7c	2522	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2523	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2524	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2525	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2526	}
wolfSSL	15:117db924cf7c	2527	#endif
wolfSSL	15:117db924cf7c	2528
wolfSSL	15:117db924cf7c	2529	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2530	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2531	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2532	suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2533	}
wolfSSL	15:117db924cf7c	2534	#endif
wolfSSL	15:117db924cf7c	2535
wolfSSL	15:117db924cf7c	2536	/* Place as higher priority for MYSQL */
wolfSSL	15:117db924cf7c	2537	#if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL	15:117db924cf7c	2538	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2539	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2540	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2541	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2542	}
wolfSSL	15:117db924cf7c	2543	#endif
wolfSSL	15:117db924cf7c	2544	#endif
wolfSSL	15:117db924cf7c	2545
wolfSSL	15:117db924cf7c	2546	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	2547	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2548	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2549	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2550	}
wolfSSL	15:117db924cf7c	2551	#endif
wolfSSL	15:117db924cf7c	2552
wolfSSL	15:117db924cf7c	2553	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	2554	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2555	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2556	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2557	}
wolfSSL	15:117db924cf7c	2558	#endif
wolfSSL	15:117db924cf7c	2559
wolfSSL	15:117db924cf7c	2560	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	2561	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2562	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2563	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2564	}
wolfSSL	15:117db924cf7c	2565	#endif
wolfSSL	15:117db924cf7c	2566
wolfSSL	15:117db924cf7c	2567	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	15:117db924cf7c	2568	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2569	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2570	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2571	}
wolfSSL	15:117db924cf7c	2572	#endif
wolfSSL	15:117db924cf7c	2573
wolfSSL	15:117db924cf7c	2574	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	2575	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2576	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2577	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2578	}
wolfSSL	15:117db924cf7c	2579	#endif
wolfSSL	15:117db924cf7c	2580
wolfSSL	15:117db924cf7c	2581	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	2582	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2583	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2584	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2585	}
wolfSSL	15:117db924cf7c	2586	#endif
wolfSSL	15:117db924cf7c	2587
wolfSSL	15:117db924cf7c	2588	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	2589	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2590	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2591	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2592	}
wolfSSL	15:117db924cf7c	2593	#endif
wolfSSL	15:117db924cf7c	2594
wolfSSL	15:117db924cf7c	2595	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	15:117db924cf7c	2596	if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2597	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2598	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2599	}
wolfSSL	15:117db924cf7c	2600	#endif
wolfSSL	15:117db924cf7c	2601
wolfSSL	15:117db924cf7c	2602	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2603	if (tls && haveECC) {
wolfSSL	15:117db924cf7c	2604	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2605	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2606	}
wolfSSL	15:117db924cf7c	2607	#endif
wolfSSL	15:117db924cf7c	2608
wolfSSL	15:117db924cf7c	2609	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2610	if (tls && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2611	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2612	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2613	}
wolfSSL	15:117db924cf7c	2614	#endif
wolfSSL	15:117db924cf7c	2615
wolfSSL	15:117db924cf7c	2616	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2617	if (tls && haveECC) {
wolfSSL	15:117db924cf7c	2618	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2619	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2620	}
wolfSSL	15:117db924cf7c	2621	#endif
wolfSSL	15:117db924cf7c	2622
wolfSSL	15:117db924cf7c	2623	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2624	if (tls && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2625	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2626	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2627	}
wolfSSL	15:117db924cf7c	2628	#endif
wolfSSL	15:117db924cf7c	2629
wolfSSL	15:117db924cf7c	2630	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	2631	if (!dtls && tls && haveECC) {
wolfSSL	15:117db924cf7c	2632	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2633	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	2634	}
wolfSSL	15:117db924cf7c	2635	#endif
wolfSSL	15:117db924cf7c	2636
wolfSSL	15:117db924cf7c	2637	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	2638	if (!dtls && tls && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2639	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2640	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	2641	}
wolfSSL	15:117db924cf7c	2642	#endif
wolfSSL	15:117db924cf7c	2643
wolfSSL	15:117db924cf7c	2644	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2645	if (tls && haveECC) {
wolfSSL	15:117db924cf7c	2646	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2647	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2648	}
wolfSSL	15:117db924cf7c	2649	#endif
wolfSSL	15:117db924cf7c	2650
wolfSSL	15:117db924cf7c	2651	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2652	if (tls && haveECC && haveStaticECC) {
wolfSSL	15:117db924cf7c	2653	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2654	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2655	}
wolfSSL	15:117db924cf7c	2656	#endif
wolfSSL	15:117db924cf7c	2657
wolfSSL	15:117db924cf7c	2658	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2659	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2660	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2661	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2662	}
wolfSSL	15:117db924cf7c	2663	#endif
wolfSSL	15:117db924cf7c	2664
wolfSSL	15:117db924cf7c	2665	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2666	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2667	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2668	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2669	}
wolfSSL	15:117db924cf7c	2670	#endif
wolfSSL	15:117db924cf7c	2671
wolfSSL	15:117db924cf7c	2672	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2673	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2674	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2675	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2676	}
wolfSSL	15:117db924cf7c	2677	#endif
wolfSSL	15:117db924cf7c	2678
wolfSSL	15:117db924cf7c	2679	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2680	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2681	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2682	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2683	}
wolfSSL	15:117db924cf7c	2684	#endif
wolfSSL	15:117db924cf7c	2685
wolfSSL	15:117db924cf7c	2686	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	2687	if (!dtls && tls && haveRSA) {
wolfSSL	15:117db924cf7c	2688	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2689	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	2690	}
wolfSSL	15:117db924cf7c	2691	#endif
wolfSSL	15:117db924cf7c	2692
wolfSSL	15:117db924cf7c	2693	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	2694	if (!dtls && tls && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2695	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2696	suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	2697	}
wolfSSL	15:117db924cf7c	2698	#endif
wolfSSL	15:117db924cf7c	2699
wolfSSL	15:117db924cf7c	2700	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2701	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2702	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2703	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2704	}
wolfSSL	15:117db924cf7c	2705	#endif
wolfSSL	15:117db924cf7c	2706
wolfSSL	15:117db924cf7c	2707	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2708	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	15:117db924cf7c	2709	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2710	suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2711	}
wolfSSL	15:117db924cf7c	2712	#endif
wolfSSL	15:117db924cf7c	2713
wolfSSL	15:117db924cf7c	2714	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	2715	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2716	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2717	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
wolfSSL	15:117db924cf7c	2718	}
wolfSSL	15:117db924cf7c	2719	#endif
wolfSSL	15:117db924cf7c	2720
wolfSSL	15:117db924cf7c	2721	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	2722	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2723	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2724	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL	15:117db924cf7c	2725	}
wolfSSL	15:117db924cf7c	2726	#endif
wolfSSL	15:117db924cf7c	2727
wolfSSL	15:117db924cf7c	2728	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	2729	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2730	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2731	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL	15:117db924cf7c	2732	}
wolfSSL	15:117db924cf7c	2733	#endif
wolfSSL	15:117db924cf7c	2734
wolfSSL	15:117db924cf7c	2735	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	2736	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2737	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2738	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL	15:117db924cf7c	2739	}
wolfSSL	15:117db924cf7c	2740	#endif
wolfSSL	15:117db924cf7c	2741
wolfSSL	15:117db924cf7c	2742	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	2743	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2744	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2745	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL	15:117db924cf7c	2746	}
wolfSSL	15:117db924cf7c	2747	#endif
wolfSSL	15:117db924cf7c	2748
wolfSSL	15:117db924cf7c	2749	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2750	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2751	if (tls1_2 && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	2752	#else
wolfSSL	16:8e0d178b1d1e	2753	if (tls && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	2754	#endif
wolfSSL	16:8e0d178b1d1e	2755	{
wolfSSL	15:117db924cf7c	2756	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2757	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	15:117db924cf7c	2758	}
wolfSSL	15:117db924cf7c	2759	#endif
wolfSSL	15:117db924cf7c	2760
wolfSSL	15:117db924cf7c	2761	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2762	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2763	if (tls1_2 && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	2764	#else
wolfSSL	16:8e0d178b1d1e	2765	if (tls && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	2766	#endif
wolfSSL	16:8e0d178b1d1e	2767	{
wolfSSL	15:117db924cf7c	2768	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2769	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2770	}
wolfSSL	15:117db924cf7c	2771	#endif
wolfSSL	15:117db924cf7c	2772
wolfSSL	15:117db924cf7c	2773	/* Place as higher priority for MYSQL testing */
wolfSSL	15:117db924cf7c	2774	#if !defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL	15:117db924cf7c	2775	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2776	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2777	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2778	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2779	}
wolfSSL	15:117db924cf7c	2780	#endif
wolfSSL	15:117db924cf7c	2781	#endif
wolfSSL	15:117db924cf7c	2782
wolfSSL	15:117db924cf7c	2783	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2784	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2785	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2786	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2787	}
wolfSSL	15:117db924cf7c	2788	#endif
wolfSSL	15:117db924cf7c	2789
wolfSSL	15:117db924cf7c	2790	#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	2791	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	2792	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2793	suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	2794	}
wolfSSL	15:117db924cf7c	2795	#endif
wolfSSL	15:117db924cf7c	2796
wolfSSL	15:117db924cf7c	2797	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2798	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2799	if (tls1_2 && haveRSA)
wolfSSL	16:8e0d178b1d1e	2800	#else
wolfSSL	16:8e0d178b1d1e	2801	if (tls && haveRSA)
wolfSSL	16:8e0d178b1d1e	2802	#endif
wolfSSL	16:8e0d178b1d1e	2803	{
wolfSSL	15:117db924cf7c	2804	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2805	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	15:117db924cf7c	2806	}
wolfSSL	15:117db924cf7c	2807	#endif
wolfSSL	15:117db924cf7c	2808
wolfSSL	15:117db924cf7c	2809	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2810	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2811	if (tls1_2 && haveRSA)
wolfSSL	16:8e0d178b1d1e	2812	#else
wolfSSL	16:8e0d178b1d1e	2813	if (tls && haveRSA)
wolfSSL	16:8e0d178b1d1e	2814	#endif
wolfSSL	16:8e0d178b1d1e	2815	{
wolfSSL	15:117db924cf7c	2816	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2817	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2818	}
wolfSSL	15:117db924cf7c	2819	#endif
wolfSSL	15:117db924cf7c	2820
wolfSSL	15:117db924cf7c	2821	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2822	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2823	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2824	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2825	}
wolfSSL	15:117db924cf7c	2826	#endif
wolfSSL	15:117db924cf7c	2827
wolfSSL	15:117db924cf7c	2828	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2829	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2830	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2831	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2832	}
wolfSSL	15:117db924cf7c	2833	#endif
wolfSSL	15:117db924cf7c	2834
wolfSSL	15:117db924cf7c	2835	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2836	if (tls1_2 && haveECC) {
wolfSSL	15:117db924cf7c	2837	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2838	suites->suites[idx++] =
wolfSSL	15:117db924cf7c	2839	TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2840	}
wolfSSL	15:117db924cf7c	2841	#endif
wolfSSL	15:117db924cf7c	2842
wolfSSL	15:117db924cf7c	2843	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2844	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2845	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2846	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2847	}
wolfSSL	15:117db924cf7c	2848	#endif
wolfSSL	15:117db924cf7c	2849
wolfSSL	15:117db924cf7c	2850	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	15:117db924cf7c	2851	if (tls1_2 && haveRSA) {
wolfSSL	15:117db924cf7c	2852	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2853	suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2854	}
wolfSSL	15:117db924cf7c	2855	#endif
wolfSSL	15:117db924cf7c	2856
wolfSSL	15:117db924cf7c	2857	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	2858	if (tls && haveECC) {
wolfSSL	15:117db924cf7c	2859	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2860	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
wolfSSL	15:117db924cf7c	2861	}
wolfSSL	15:117db924cf7c	2862	#endif
wolfSSL	15:117db924cf7c	2863
wolfSSL	16:8e0d178b1d1e	2864	#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
wolfSSL	16:8e0d178b1d1e	2865	if (tls && haveRSA) {
wolfSSL	16:8e0d178b1d1e	2866	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	16:8e0d178b1d1e	2867	suites->suites[idx++] = TLS_RSA_WITH_NULL_MD5;
wolfSSL	16:8e0d178b1d1e	2868	}
wolfSSL	16:8e0d178b1d1e	2869	#endif
wolfSSL	16:8e0d178b1d1e	2870
wolfSSL	15:117db924cf7c	2871	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	2872	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	2873	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2874	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL	15:117db924cf7c	2875	}
wolfSSL	15:117db924cf7c	2876	#endif
wolfSSL	15:117db924cf7c	2877
wolfSSL	15:117db924cf7c	2878	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	2879	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2880	if (tls1_2 && haveRSA)
wolfSSL	16:8e0d178b1d1e	2881	#else
wolfSSL	16:8e0d178b1d1e	2882	if (tls && haveRSA)
wolfSSL	16:8e0d178b1d1e	2883	#endif
wolfSSL	16:8e0d178b1d1e	2884	{
wolfSSL	15:117db924cf7c	2885	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2886	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL	15:117db924cf7c	2887	}
wolfSSL	15:117db924cf7c	2888	#endif
wolfSSL	15:117db924cf7c	2889
wolfSSL	15:117db924cf7c	2890	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	15:117db924cf7c	2891	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	2892	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2893	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL	15:117db924cf7c	2894	}
wolfSSL	15:117db924cf7c	2895	#endif
wolfSSL	15:117db924cf7c	2896
wolfSSL	15:117db924cf7c	2897	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	2898	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2899	if (tls1_2 && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	2900	#else
wolfSSL	16:8e0d178b1d1e	2901	if (tls && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	2902	#endif
wolfSSL	16:8e0d178b1d1e	2903	{
wolfSSL	15:117db924cf7c	2904	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2905	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2906	}
wolfSSL	15:117db924cf7c	2907	#endif
wolfSSL	15:117db924cf7c	2908
wolfSSL	15:117db924cf7c	2909	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	2910	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2911	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	2912	#else
wolfSSL	16:8e0d178b1d1e	2913	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	2914	#endif
wolfSSL	16:8e0d178b1d1e	2915	{
wolfSSL	15:117db924cf7c	2916	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2917	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL	15:117db924cf7c	2918	}
wolfSSL	15:117db924cf7c	2919	#endif
wolfSSL	15:117db924cf7c	2920
wolfSSL	15:117db924cf7c	2921	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2922	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2923	if (tls1_2 && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	2924	#else
wolfSSL	16:8e0d178b1d1e	2925	if (tls && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	2926	#endif
wolfSSL	16:8e0d178b1d1e	2927	{
wolfSSL	15:117db924cf7c	2928	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2929	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2930	}
wolfSSL	15:117db924cf7c	2931	#endif
wolfSSL	15:117db924cf7c	2932
wolfSSL	15:117db924cf7c	2933	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	2934	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2935	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	2936	#else
wolfSSL	16:8e0d178b1d1e	2937	if (tls1 && havePSK)
wolfSSL	16:8e0d178b1d1e	2938	#endif
wolfSSL	16:8e0d178b1d1e	2939	{
wolfSSL	15:117db924cf7c	2940	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2941	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	2942	}
wolfSSL	15:117db924cf7c	2943	#endif
wolfSSL	15:117db924cf7c	2944
wolfSSL	15:117db924cf7c	2945	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	15:117db924cf7c	2946	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	2947	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	2948	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL	15:117db924cf7c	2949	}
wolfSSL	15:117db924cf7c	2950	#endif
wolfSSL	15:117db924cf7c	2951
wolfSSL	15:117db924cf7c	2952	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	2953	if (tls && haveDH && havePSK) {
wolfSSL	15:117db924cf7c	2954	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2955	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
wolfSSL	15:117db924cf7c	2956	}
wolfSSL	15:117db924cf7c	2957	#endif
wolfSSL	15:117db924cf7c	2958
wolfSSL	15:117db924cf7c	2959	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	15:117db924cf7c	2960	if (tls && haveDH && havePSK) {
wolfSSL	15:117db924cf7c	2961	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	2962	suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
wolfSSL	15:117db924cf7c	2963	}
wolfSSL	15:117db924cf7c	2964	#endif
wolfSSL	15:117db924cf7c	2965
wolfSSL	15:117db924cf7c	2966	#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	2967	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2968	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	2969	#else
wolfSSL	16:8e0d178b1d1e	2970	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	2971	#endif
wolfSSL	16:8e0d178b1d1e	2972	{
wolfSSL	15:117db924cf7c	2973	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2974	suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2975	}
wolfSSL	15:117db924cf7c	2976	#endif
wolfSSL	15:117db924cf7c	2977
wolfSSL	15:117db924cf7c	2978	#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	2979	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2980	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	2981	#else
wolfSSL	16:8e0d178b1d1e	2982	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	2983	#endif
wolfSSL	16:8e0d178b1d1e	2984	{
wolfSSL	15:117db924cf7c	2985	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2986	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2987	}
wolfSSL	15:117db924cf7c	2988	#endif
wolfSSL	15:117db924cf7c	2989
wolfSSL	15:117db924cf7c	2990	#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	2991	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	2992	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	2993	#else
wolfSSL	16:8e0d178b1d1e	2994	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	2995	#endif
wolfSSL	16:8e0d178b1d1e	2996	{
wolfSSL	15:117db924cf7c	2997	suites->suites[idx++] = CHACHA_BYTE;
wolfSSL	15:117db924cf7c	2998	suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL	15:117db924cf7c	2999	}
wolfSSL	15:117db924cf7c	3000	#endif
wolfSSL	15:117db924cf7c	3001
wolfSSL	15:117db924cf7c	3002	#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	3003	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3004	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	3005	#else
wolfSSL	16:8e0d178b1d1e	3006	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	3007	#endif
wolfSSL	16:8e0d178b1d1e	3008	{
wolfSSL	15:117db924cf7c	3009	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3010	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	3011	}
wolfSSL	15:117db924cf7c	3012	#endif
wolfSSL	15:117db924cf7c	3013
wolfSSL	15:117db924cf7c	3014	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	15:117db924cf7c	3015	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	3016	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3017	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
wolfSSL	15:117db924cf7c	3018	}
wolfSSL	15:117db924cf7c	3019	#endif
wolfSSL	15:117db924cf7c	3020
wolfSSL	15:117db924cf7c	3021	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	15:117db924cf7c	3022	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	3023	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3024	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
wolfSSL	15:117db924cf7c	3025	}
wolfSSL	15:117db924cf7c	3026	#endif
wolfSSL	15:117db924cf7c	3027
wolfSSL	15:117db924cf7c	3028	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	15:117db924cf7c	3029	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	3030	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3031	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL	15:117db924cf7c	3032	}
wolfSSL	15:117db924cf7c	3033	#endif
wolfSSL	15:117db924cf7c	3034
wolfSSL	15:117db924cf7c	3035	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	15:117db924cf7c	3036	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	3037	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3038	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL	15:117db924cf7c	3039	}
wolfSSL	15:117db924cf7c	3040	#endif
wolfSSL	15:117db924cf7c	3041
wolfSSL	15:117db924cf7c	3042	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	16:8e0d178b1d1e	3043	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3044	if (tls1_2 && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	3045	#else
wolfSSL	16:8e0d178b1d1e	3046	if (tls && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	3047	#endif
wolfSSL	16:8e0d178b1d1e	3048	{
wolfSSL	15:117db924cf7c	3049	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3050	suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
wolfSSL	15:117db924cf7c	3051	}
wolfSSL	15:117db924cf7c	3052	#endif
wolfSSL	15:117db924cf7c	3053
wolfSSL	15:117db924cf7c	3054	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	16:8e0d178b1d1e	3055	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3056	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	3057	#else
wolfSSL	16:8e0d178b1d1e	3058	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	3059	#endif
wolfSSL	16:8e0d178b1d1e	3060	{
wolfSSL	15:117db924cf7c	3061	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3062	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
wolfSSL	15:117db924cf7c	3063	}
wolfSSL	15:117db924cf7c	3064	#endif
wolfSSL	15:117db924cf7c	3065
wolfSSL	15:117db924cf7c	3066	#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	3067	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3068	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	3069	#else
wolfSSL	16:8e0d178b1d1e	3070	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	3071	#endif
wolfSSL	16:8e0d178b1d1e	3072	{
wolfSSL	15:117db924cf7c	3073	suites->suites[idx++] = ECC_BYTE;
wolfSSL	15:117db924cf7c	3074	suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
wolfSSL	15:117db924cf7c	3075	}
wolfSSL	15:117db924cf7c	3076	#endif
wolfSSL	15:117db924cf7c	3077
wolfSSL	15:117db924cf7c	3078	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	3079	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3080	if (tls1_2 && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	3081	#else
wolfSSL	16:8e0d178b1d1e	3082	if (tls && haveDH && havePSK)
wolfSSL	16:8e0d178b1d1e	3083	#endif
wolfSSL	16:8e0d178b1d1e	3084	{
wolfSSL	15:117db924cf7c	3085	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3086	suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
wolfSSL	15:117db924cf7c	3087	}
wolfSSL	15:117db924cf7c	3088	#endif
wolfSSL	15:117db924cf7c	3089
wolfSSL	15:117db924cf7c	3090	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	3091	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3092	if (tls1_2 && havePSK)
wolfSSL	16:8e0d178b1d1e	3093	#else
wolfSSL	16:8e0d178b1d1e	3094	if (tls && havePSK)
wolfSSL	16:8e0d178b1d1e	3095	#endif
wolfSSL	16:8e0d178b1d1e	3096	{
wolfSSL	15:117db924cf7c	3097	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3098	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL	15:117db924cf7c	3099	}
wolfSSL	15:117db924cf7c	3100	#endif
wolfSSL	15:117db924cf7c	3101
wolfSSL	15:117db924cf7c	3102	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	15:117db924cf7c	3103	if (tls && havePSK) {
wolfSSL	15:117db924cf7c	3104	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3105	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL	15:117db924cf7c	3106	}
wolfSSL	15:117db924cf7c	3107	#endif
wolfSSL	15:117db924cf7c	3108
wolfSSL	15:117db924cf7c	3109	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	15:117db924cf7c	3110	if (!dtls && haveRSA) {
wolfSSL	15:117db924cf7c	3111	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3112	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL	15:117db924cf7c	3113	}
wolfSSL	15:117db924cf7c	3114	#endif
wolfSSL	15:117db924cf7c	3115
wolfSSL	15:117db924cf7c	3116	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	15:117db924cf7c	3117	if (!dtls && haveRSA) {
wolfSSL	15:117db924cf7c	3118	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3119	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL	15:117db924cf7c	3120	}
wolfSSL	15:117db924cf7c	3121	#endif
wolfSSL	15:117db924cf7c	3122
wolfSSL	15:117db924cf7c	3123	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	15:117db924cf7c	3124	if (haveRSA ) {
wolfSSL	15:117db924cf7c	3125	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3126	suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	15:117db924cf7c	3127	}
wolfSSL	15:117db924cf7c	3128	#endif
wolfSSL	15:117db924cf7c	3129
wolfSSL	15:117db924cf7c	3130	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	15:117db924cf7c	3131	if (!dtls && tls && haveRSA) {
wolfSSL	15:117db924cf7c	3132	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3133	suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL	15:117db924cf7c	3134	}
wolfSSL	15:117db924cf7c	3135	#endif
wolfSSL	15:117db924cf7c	3136
wolfSSL	15:117db924cf7c	3137	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	15:117db924cf7c	3138	if (!dtls && tls && haveRSA) {
wolfSSL	15:117db924cf7c	3139	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3140	suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL	15:117db924cf7c	3141	}
wolfSSL	15:117db924cf7c	3142	#endif
wolfSSL	15:117db924cf7c	3143
wolfSSL	15:117db924cf7c	3144	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	15:117db924cf7c	3145	if (!dtls && tls && haveRSA) {
wolfSSL	15:117db924cf7c	3146	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3147	suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL	15:117db924cf7c	3148	}
wolfSSL	15:117db924cf7c	3149	#endif
wolfSSL	15:117db924cf7c	3150
wolfSSL	15:117db924cf7c	3151	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	15:117db924cf7c	3152	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	3153	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3154	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	15:117db924cf7c	3155	}
wolfSSL	15:117db924cf7c	3156	#endif
wolfSSL	15:117db924cf7c	3157
wolfSSL	15:117db924cf7c	3158	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	15:117db924cf7c	3159	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	3160	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3161	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	15:117db924cf7c	3162	}
wolfSSL	15:117db924cf7c	3163	#endif
wolfSSL	15:117db924cf7c	3164
wolfSSL	15:117db924cf7c	3165	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	15:117db924cf7c	3166	if (tls && haveRSA) {
wolfSSL	15:117db924cf7c	3167	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3168	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	15:117db924cf7c	3169	}
wolfSSL	15:117db924cf7c	3170	#endif
wolfSSL	15:117db924cf7c	3171
wolfSSL	15:117db924cf7c	3172	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	15:117db924cf7c	3173	if (tls && haveDH && haveRSA) {
wolfSSL	15:117db924cf7c	3174	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3175	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	15:117db924cf7c	3176	}
wolfSSL	15:117db924cf7c	3177	#endif
wolfSSL	15:117db924cf7c	3178
wolfSSL	15:117db924cf7c	3179	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	3180	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3181	if (tls1_2 && haveRSA)
wolfSSL	16:8e0d178b1d1e	3182	#else
wolfSSL	16:8e0d178b1d1e	3183	if (tls && haveRSA)
wolfSSL	16:8e0d178b1d1e	3184	#endif
wolfSSL	16:8e0d178b1d1e	3185	{
wolfSSL	15:117db924cf7c	3186	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3187	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	3188	}
wolfSSL	15:117db924cf7c	3189	#endif
wolfSSL	15:117db924cf7c	3190
wolfSSL	15:117db924cf7c	3191	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	3192	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3193	if (tls1_2 && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	3194	#else
wolfSSL	16:8e0d178b1d1e	3195	if (tls && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	3196	#endif
wolfSSL	16:8e0d178b1d1e	3197	{
wolfSSL	15:117db924cf7c	3198	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3199	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	15:117db924cf7c	3200	}
wolfSSL	15:117db924cf7c	3201	#endif
wolfSSL	15:117db924cf7c	3202
wolfSSL	15:117db924cf7c	3203	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	3204	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3205	if (tls1_2 && haveRSA)
wolfSSL	16:8e0d178b1d1e	3206	#else
wolfSSL	16:8e0d178b1d1e	3207	if (tls && haveRSA)
wolfSSL	16:8e0d178b1d1e	3208	#endif
wolfSSL	16:8e0d178b1d1e	3209	{
wolfSSL	15:117db924cf7c	3210	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3211	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	15:117db924cf7c	3212	}
wolfSSL	15:117db924cf7c	3213	#endif
wolfSSL	15:117db924cf7c	3214
wolfSSL	15:117db924cf7c	3215	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	3216	#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
wolfSSL	16:8e0d178b1d1e	3217	if (tls1_2 && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	3218	#else
wolfSSL	16:8e0d178b1d1e	3219	if (tls && haveDH && haveRSA)
wolfSSL	16:8e0d178b1d1e	3220	#endif
wolfSSL	16:8e0d178b1d1e	3221	{
wolfSSL	15:117db924cf7c	3222	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3223	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	15:117db924cf7c	3224	}
wolfSSL	15:117db924cf7c	3225	#endif
wolfSSL	15:117db924cf7c	3226
wolfSSL	15:117db924cf7c	3227	#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	15:117db924cf7c	3228	if (haveRSA) {
wolfSSL	15:117db924cf7c	3229	suites->suites[idx++] = CIPHER_BYTE;
wolfSSL	15:117db924cf7c	3230	suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA;
wolfSSL	15:117db924cf7c	3231	}
wolfSSL	15:117db924cf7c	3232	#endif
wolfSSL	15:117db924cf7c	3233
wolfSSL	15:117db924cf7c	3234	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	3235
wolfSSL	15:117db924cf7c	3236	suites->suiteSz = idx;
wolfSSL	15:117db924cf7c	3237
wolfSSL	16:8e0d178b1d1e	3238	InitSuitesHashSigAlgo(suites, haveECDSAsig \| haveECC, haveRSAsig \| haveRSA,
wolfSSL	16:8e0d178b1d1e	3239	0, tls1_2, keySz);
wolfSSL	15:117db924cf7c	3240	}
wolfSSL	15:117db924cf7c	3241
wolfSSL	15:117db924cf7c	3242	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_CERTS) \|\| \
wolfSSL	15:117db924cf7c	3243	(!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) \|\| defined(HAVE_ECC)))
wolfSSL	15:117db924cf7c	3244
wolfSSL	15:117db924cf7c	3245	/* Decode the signature algorithm.
wolfSSL	15:117db924cf7c	3246	*
wolfSSL	15:117db924cf7c	3247	* input The encoded signature algorithm.
wolfSSL	15:117db924cf7c	3248	* hashalgo The hash algorithm.
wolfSSL	15:117db924cf7c	3249	* hsType The signature type.
wolfSSL	15:117db924cf7c	3250	*/
wolfSSL	15:117db924cf7c	3251	static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)
wolfSSL	15:117db924cf7c	3252	{
wolfSSL	15:117db924cf7c	3253	switch (input[0]) {
wolfSSL	15:117db924cf7c	3254	case NEW_SA_MAJOR:
wolfSSL	15:117db924cf7c	3255	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	3256	/* ED25519: 0x0807 */
wolfSSL	15:117db924cf7c	3257	if (input[1] == ED25519_SA_MINOR) {
wolfSSL	15:117db924cf7c	3258	*hsType = ed25519_sa_algo;
wolfSSL	15:117db924cf7c	3259	/* Hash performed as part of sign/verify operation. */
wolfSSL	15:117db924cf7c	3260	*hashAlgo = sha512_mac;
wolfSSL	15:117db924cf7c	3261	}
wolfSSL	16:8e0d178b1d1e	3262	else
wolfSSL	16:8e0d178b1d1e	3263	#endif
wolfSSL	16:8e0d178b1d1e	3264	#ifdef HAVE_ED448
wolfSSL	15:117db924cf7c	3265	/* ED448: 0x0808 */
wolfSSL	16:8e0d178b1d1e	3266	if (input[1] == ED448_SA_MINOR) {
wolfSSL	16:8e0d178b1d1e	3267	*hsType = ed448_sa_algo;
wolfSSL	16:8e0d178b1d1e	3268	/* Hash performed as part of sign/verify operation. */
wolfSSL	16:8e0d178b1d1e	3269	*hashAlgo = sha512_mac;
wolfSSL	16:8e0d178b1d1e	3270	}
wolfSSL	16:8e0d178b1d1e	3271	else
wolfSSL	16:8e0d178b1d1e	3272	#endif
wolfSSL	16:8e0d178b1d1e	3273	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	3274	/* PSS PSS signatures: 0x080[9-b] */
wolfSSL	16:8e0d178b1d1e	3275	if (input[1] >= pss_sha256 && input[1] <= pss_sha512) {
wolfSSL	16:8e0d178b1d1e	3276	*hsType = rsa_pss_pss_algo;
wolfSSL	16:8e0d178b1d1e	3277	*hashAlgo = PSS_PSS_HASH_TO_MAC(input[1]);
wolfSSL	16:8e0d178b1d1e	3278	}
wolfSSL	16:8e0d178b1d1e	3279	else
wolfSSL	16:8e0d178b1d1e	3280	#endif
wolfSSL	16:8e0d178b1d1e	3281	{
wolfSSL	16:8e0d178b1d1e	3282	*hsType = input[0];
wolfSSL	16:8e0d178b1d1e	3283	*hashAlgo = input[1];
wolfSSL	16:8e0d178b1d1e	3284	}
wolfSSL	15:117db924cf7c	3285	break;
wolfSSL	15:117db924cf7c	3286	default:
wolfSSL	15:117db924cf7c	3287	*hashAlgo = input[0];
wolfSSL	15:117db924cf7c	3288	*hsType = input[1];
wolfSSL	15:117db924cf7c	3289	break;
wolfSSL	15:117db924cf7c	3290	}
wolfSSL	15:117db924cf7c	3291	}
wolfSSL	15:117db924cf7c	3292	#endif /* !NO_WOLFSSL_SERVER \|\| !NO_CERTS */
wolfSSL	15:117db924cf7c	3293
wolfSSL	15:117db924cf7c	3294	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	3295	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_WOLFSSL_CLIENT)
wolfSSL	15:117db924cf7c	3296	#if !defined(NO_DH) \|\| defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	3297	defined(HAVE_CURVE448) \|\| (!defined(NO_RSA) && defined(WC_RSA_PSS))
wolfSSL	15:117db924cf7c	3298
wolfSSL	15:117db924cf7c	3299	static enum wc_HashType HashAlgoToType(int hashAlgo)
wolfSSL	15:117db924cf7c	3300	{
wolfSSL	15:117db924cf7c	3301	switch (hashAlgo) {
wolfSSL	15:117db924cf7c	3302	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3303	case sha512_mac:
wolfSSL	15:117db924cf7c	3304	return WC_HASH_TYPE_SHA512;
wolfSSL	15:117db924cf7c	3305	#endif
wolfSSL	15:117db924cf7c	3306	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3307	case sha384_mac:
wolfSSL	15:117db924cf7c	3308	return WC_HASH_TYPE_SHA384;
wolfSSL	15:117db924cf7c	3309	#endif
wolfSSL	15:117db924cf7c	3310	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3311	case sha256_mac:
wolfSSL	15:117db924cf7c	3312	return WC_HASH_TYPE_SHA256;
wolfSSL	15:117db924cf7c	3313	#endif
wolfSSL	16:8e0d178b1d1e	3314	#ifdef WOLFSSL_SHA224
wolfSSL	16:8e0d178b1d1e	3315	case sha224_mac:
wolfSSL	16:8e0d178b1d1e	3316	return WC_HASH_TYPE_SHA224;
wolfSSL	16:8e0d178b1d1e	3317	#endif
wolfSSL	15:117db924cf7c	3318	#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) \|\| \
wolfSSL	15:117db924cf7c	3319	defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	15:117db924cf7c	3320	case sha_mac:
wolfSSL	15:117db924cf7c	3321	return WC_HASH_TYPE_SHA;
wolfSSL	15:117db924cf7c	3322	#endif
wolfSSL	15:117db924cf7c	3323	default:
wolfSSL	15:117db924cf7c	3324	WOLFSSL_MSG("Bad hash sig algo");
wolfSSL	15:117db924cf7c	3325	break;
wolfSSL	15:117db924cf7c	3326	}
wolfSSL	15:117db924cf7c	3327
wolfSSL	15:117db924cf7c	3328	return WC_HASH_TYPE_NONE;
wolfSSL	15:117db924cf7c	3329	}
wolfSSL	15:117db924cf7c	3330	#endif /* !NO_DH \|\| HAVE_ECC \|\| (!NO_RSA && WC_RSA_PSS) */
wolfSSL	15:117db924cf7c	3331	#endif /* !NO_WOLFSSL_SERVER \|\| !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	3332	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	3333
wolfSSL	15:117db924cf7c	3334	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	3335
wolfSSL	15:117db924cf7c	3336	void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
wolfSSL	15:117db924cf7c	3337	{
wolfSSL	15:117db924cf7c	3338	(void)dynamicFlag;
wolfSSL	15:117db924cf7c	3339
wolfSSL	15:117db924cf7c	3340	if (name != NULL) {
wolfSSL	15:117db924cf7c	3341	name->name = name->staticName;
wolfSSL	15:117db924cf7c	3342	name->dynamicName = 0;
wolfSSL	16:8e0d178b1d1e	3343	name->sz = 0;
wolfSSL	15:117db924cf7c	3344	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3345	XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL	15:117db924cf7c	3346	XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL	15:117db924cf7c	3347	XMEMSET(&name->extra, 0, sizeof(name->extra));
wolfSSL	15:117db924cf7c	3348	name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
wolfSSL	15:117db924cf7c	3349	name->cnEntry.nid = ASN_COMMON_NAME;
wolfSSL	15:117db924cf7c	3350	name->x509 = NULL;
wolfSSL	15:117db924cf7c	3351	#endif /* OPENSSL_EXTRA */
wolfSSL	15:117db924cf7c	3352	}
wolfSSL	15:117db924cf7c	3353	}
wolfSSL	15:117db924cf7c	3354
wolfSSL	15:117db924cf7c	3355
wolfSSL	15:117db924cf7c	3356	void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
wolfSSL	15:117db924cf7c	3357	{
wolfSSL	15:117db924cf7c	3358	if (name != NULL) {
wolfSSL	16:8e0d178b1d1e	3359	if (name->dynamicName) {
wolfSSL	15:117db924cf7c	3360	XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL	16:8e0d178b1d1e	3361	name->name = NULL;
wolfSSL	16:8e0d178b1d1e	3362	}
wolfSSL	15:117db924cf7c	3363	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3364	{
wolfSSL	15:117db924cf7c	3365	int i;
wolfSSL	15:117db924cf7c	3366	if (name->fullName.fullName != NULL) {
wolfSSL	15:117db924cf7c	3367	XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
wolfSSL	15:117db924cf7c	3368	name->fullName.fullName = NULL;
wolfSSL	15:117db924cf7c	3369	}
wolfSSL	15:117db924cf7c	3370	for (i = 0; i < MAX_NAME_ENTRIES; i++) {
wolfSSL	15:117db924cf7c	3371	/* free ASN1 string data */
wolfSSL	15:117db924cf7c	3372	if (name->extra[i].set && name->extra[i].data.data != NULL) {
wolfSSL	15:117db924cf7c	3373	XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL	15:117db924cf7c	3374	}
wolfSSL	15:117db924cf7c	3375	}
wolfSSL	16:8e0d178b1d1e	3376	wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object);
wolfSSL	15:117db924cf7c	3377	}
wolfSSL	15:117db924cf7c	3378	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	15:117db924cf7c	3379	}
wolfSSL	15:117db924cf7c	3380	(void)heap;
wolfSSL	15:117db924cf7c	3381	}
wolfSSL	15:117db924cf7c	3382
wolfSSL	15:117db924cf7c	3383
wolfSSL	15:117db924cf7c	3384	/* Initialize wolfSSL X509 type */
wolfSSL	15:117db924cf7c	3385	void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
wolfSSL	15:117db924cf7c	3386	{
wolfSSL	15:117db924cf7c	3387	if (x509 == NULL) {
wolfSSL	15:117db924cf7c	3388	WOLFSSL_MSG("Null parameter passed in!");
wolfSSL	15:117db924cf7c	3389	return;
wolfSSL	15:117db924cf7c	3390	}
wolfSSL	15:117db924cf7c	3391
wolfSSL	15:117db924cf7c	3392	XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
wolfSSL	15:117db924cf7c	3393
wolfSSL	15:117db924cf7c	3394	x509->heap = heap;
wolfSSL	15:117db924cf7c	3395	InitX509Name(&x509->issuer, 0);
wolfSSL	15:117db924cf7c	3396	InitX509Name(&x509->subject, 0);
wolfSSL	15:117db924cf7c	3397	x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL	16:8e0d178b1d1e	3398	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3399	x509->refCount = 1;
wolfSSL	16:8e0d178b1d1e	3400	(void)wc_InitMutex(&x509->refMutex);
wolfSSL	16:8e0d178b1d1e	3401	#endif
wolfSSL	15:117db924cf7c	3402	}
wolfSSL	15:117db924cf7c	3403
wolfSSL	15:117db924cf7c	3404
wolfSSL	15:117db924cf7c	3405	/* Free wolfSSL X509 type */
wolfSSL	15:117db924cf7c	3406	void FreeX509(WOLFSSL_X509* x509)
wolfSSL	15:117db924cf7c	3407	{
wolfSSL	15:117db924cf7c	3408	if (x509 == NULL)
wolfSSL	15:117db924cf7c	3409	return;
wolfSSL	15:117db924cf7c	3410
wolfSSL	15:117db924cf7c	3411	FreeX509Name(&x509->issuer, x509->heap);
wolfSSL	15:117db924cf7c	3412	FreeX509Name(&x509->subject, x509->heap);
wolfSSL	16:8e0d178b1d1e	3413	if (x509->pubKey.buffer) {
wolfSSL	15:117db924cf7c	3414	XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	3415	x509->pubKey.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	3416	}
wolfSSL	15:117db924cf7c	3417	FreeDer(&x509->derCert);
wolfSSL	15:117db924cf7c	3418	XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	16:8e0d178b1d1e	3419	x509->sig.buffer = NULL;
wolfSSL	15:117db924cf7c	3420	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	3421	XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	3422	x509->authKeyId = NULL;
wolfSSL	15:117db924cf7c	3423	XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	3424	x509->subjKeyId = NULL;
wolfSSL	15:117db924cf7c	3425	if (x509->authInfo != NULL) {
wolfSSL	15:117db924cf7c	3426	XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	3427	x509->authInfo = NULL;
wolfSSL	16:8e0d178b1d1e	3428	}
wolfSSL	16:8e0d178b1d1e	3429	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	3430	if (x509->authInfoCaIssuer != NULL) {
wolfSSL	16:8e0d178b1d1e	3431	XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	3432	}
wolfSSL	16:8e0d178b1d1e	3433	if (x509->ext_sk != NULL) {
wolfSSL	16:8e0d178b1d1e	3434	wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk);
wolfSSL	16:8e0d178b1d1e	3435	}
wolfSSL	16:8e0d178b1d1e	3436	#endif /* OPENSSL_ALL \|\| WOLFSSL_QT */
wolfSSL	16:8e0d178b1d1e	3437	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	3438	/* Free serialNumber that was set by wolfSSL_X509_get_serialNumber */
wolfSSL	16:8e0d178b1d1e	3439	if (x509->serialNumber != NULL) {
wolfSSL	16:8e0d178b1d1e	3440	wolfSSL_ASN1_INTEGER_free(x509->serialNumber);
wolfSSL	16:8e0d178b1d1e	3441	}
wolfSSL	16:8e0d178b1d1e	3442	#endif
wolfSSL	15:117db924cf7c	3443	if (x509->extKeyUsageSrc != NULL) {
wolfSSL	15:117db924cf7c	3444	XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	3445	x509->extKeyUsageSrc= NULL;
wolfSSL	15:117db924cf7c	3446	}
wolfSSL	15:117db924cf7c	3447	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	16:8e0d178b1d1e	3448	#if defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3449	if (x509->algor.algorithm) {
wolfSSL	16:8e0d178b1d1e	3450	wolfSSL_ASN1_OBJECT_free(x509->algor.algorithm);
wolfSSL	16:8e0d178b1d1e	3451	x509->algor.algorithm = NULL;
wolfSSL	16:8e0d178b1d1e	3452	}
wolfSSL	16:8e0d178b1d1e	3453	if (x509->key.algor) {
wolfSSL	16:8e0d178b1d1e	3454	wolfSSL_X509_ALGOR_free(x509->key.algor);
wolfSSL	16:8e0d178b1d1e	3455	x509->key.algor = NULL;
wolfSSL	16:8e0d178b1d1e	3456	}
wolfSSL	16:8e0d178b1d1e	3457	if (x509->key.pkey) {
wolfSSL	16:8e0d178b1d1e	3458	wolfSSL_EVP_PKEY_free(x509->key.pkey);
wolfSSL	16:8e0d178b1d1e	3459	x509->key.pkey = NULL;
wolfSSL	16:8e0d178b1d1e	3460	}
wolfSSL	16:8e0d178b1d1e	3461	#endif /* OPENSSL_ALL */
wolfSSL	16:8e0d178b1d1e	3462	if (x509->altNames) {
wolfSSL	15:117db924cf7c	3463	FreeAltNames(x509->altNames, x509->heap);
wolfSSL	16:8e0d178b1d1e	3464	x509->altNames = NULL;
wolfSSL	16:8e0d178b1d1e	3465	}
wolfSSL	16:8e0d178b1d1e	3466
wolfSSL	16:8e0d178b1d1e	3467	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	3468	wc_FreeMutex(&x509->refMutex);
wolfSSL	16:8e0d178b1d1e	3469	#endif
wolfSSL	15:117db924cf7c	3470	}
wolfSSL	15:117db924cf7c	3471
wolfSSL	15:117db924cf7c	3472
wolfSSL	15:117db924cf7c	3473	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_WOLFSSL_CLIENT)
wolfSSL	16:8e0d178b1d1e	3474	#if !defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	3475	/* Encode the signature algorithm into buffer.
wolfSSL	15:117db924cf7c	3476	*
wolfSSL	15:117db924cf7c	3477	* hashalgo The hash algorithm.
wolfSSL	15:117db924cf7c	3478	* hsType The signature type.
wolfSSL	15:117db924cf7c	3479	* output The buffer to encode into.
wolfSSL	15:117db924cf7c	3480	*/
wolfSSL	15:117db924cf7c	3481	static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
wolfSSL	15:117db924cf7c	3482	{
wolfSSL	15:117db924cf7c	3483	switch (hsType) {
wolfSSL	15:117db924cf7c	3484	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	3485	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	3486	output[0] = hashAlgo;
wolfSSL	15:117db924cf7c	3487	output[1] = ecc_dsa_sa_algo;
wolfSSL	15:117db924cf7c	3488	break;
wolfSSL	15:117db924cf7c	3489	#endif
wolfSSL	15:117db924cf7c	3490	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	3491	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	3492	output[0] = ED25519_SA_MAJOR;
wolfSSL	15:117db924cf7c	3493	output[1] = ED25519_SA_MINOR;
wolfSSL	15:117db924cf7c	3494	(void)hashAlgo;
wolfSSL	15:117db924cf7c	3495	break;
wolfSSL	15:117db924cf7c	3496	#endif
wolfSSL	16:8e0d178b1d1e	3497	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	3498	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	3499	output[0] = ED448_SA_MAJOR;
wolfSSL	16:8e0d178b1d1e	3500	output[1] = ED448_SA_MINOR;
wolfSSL	16:8e0d178b1d1e	3501	(void)hashAlgo;
wolfSSL	16:8e0d178b1d1e	3502	break;
wolfSSL	16:8e0d178b1d1e	3503	#endif
wolfSSL	15:117db924cf7c	3504	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	3505	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	3506	output[0] = hashAlgo;
wolfSSL	15:117db924cf7c	3507	output[1] = rsa_sa_algo;
wolfSSL	15:117db924cf7c	3508	break;
wolfSSL	15:117db924cf7c	3509	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	3510	/* PSS signatures: 0x080[4-6] */
wolfSSL	15:117db924cf7c	3511	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	3512	output[0] = rsa_pss_sa_algo;
wolfSSL	15:117db924cf7c	3513	output[1] = hashAlgo;
wolfSSL	15:117db924cf7c	3514	break;
wolfSSL	15:117db924cf7c	3515	#endif
wolfSSL	15:117db924cf7c	3516	#endif
wolfSSL	15:117db924cf7c	3517	}
wolfSSL	15:117db924cf7c	3518	(void)hashAlgo;
wolfSSL	15:117db924cf7c	3519	(void)output;
wolfSSL	15:117db924cf7c	3520	}
wolfSSL	16:8e0d178b1d1e	3521	#endif
wolfSSL	15:117db924cf7c	3522
wolfSSL	15:117db924cf7c	3523	#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	3524	static void SetDigest(WOLFSSL* ssl, int hashAlgo)
wolfSSL	15:117db924cf7c	3525	{
wolfSSL	15:117db924cf7c	3526	switch (hashAlgo) {
wolfSSL	15:117db924cf7c	3527	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	3528	case sha_mac:
wolfSSL	15:117db924cf7c	3529	ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL	15:117db924cf7c	3530	ssl->buffers.digest.length = WC_SHA_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	3531	break;
wolfSSL	15:117db924cf7c	3532	#endif /* !NO_SHA */
wolfSSL	15:117db924cf7c	3533	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3534	case sha256_mac:
wolfSSL	15:117db924cf7c	3535	ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL	15:117db924cf7c	3536	ssl->buffers.digest.length = WC_SHA256_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	3537	break;
wolfSSL	15:117db924cf7c	3538	#endif /* !NO_SHA256 */
wolfSSL	15:117db924cf7c	3539	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3540	case sha384_mac:
wolfSSL	15:117db924cf7c	3541	ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL	15:117db924cf7c	3542	ssl->buffers.digest.length = WC_SHA384_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	3543	break;
wolfSSL	15:117db924cf7c	3544	#endif /* WOLFSSL_SHA384 */
wolfSSL	15:117db924cf7c	3545	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3546	case sha512_mac:
wolfSSL	15:117db924cf7c	3547	ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL	15:117db924cf7c	3548	ssl->buffers.digest.length = WC_SHA512_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	3549	break;
wolfSSL	15:117db924cf7c	3550	#endif /* WOLFSSL_SHA512 */
wolfSSL	15:117db924cf7c	3551	} /* switch */
wolfSSL	15:117db924cf7c	3552	}
wolfSSL	15:117db924cf7c	3553	#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	3554	#endif /* !NO_WOLFSSL_SERVER \|\| !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	3555	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	3556
wolfSSL	16:8e0d178b1d1e	3557	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	3558	static word32 MacSize(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	3559	{
wolfSSL	16:8e0d178b1d1e	3560	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	16:8e0d178b1d1e	3561	word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL	16:8e0d178b1d1e	3562	: ssl->specs.hash_size;
wolfSSL	16:8e0d178b1d1e	3563	#else
wolfSSL	16:8e0d178b1d1e	3564	word32 digestSz = ssl->specs.hash_size;
wolfSSL	16:8e0d178b1d1e	3565	#endif
wolfSSL	16:8e0d178b1d1e	3566
wolfSSL	16:8e0d178b1d1e	3567	return digestSz;
wolfSSL	16:8e0d178b1d1e	3568	}
wolfSSL	16:8e0d178b1d1e	3569	#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
wolfSSL	16:8e0d178b1d1e	3570
wolfSSL	15:117db924cf7c	3571	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	3572	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	3573	#if !defined(NO_WOLFSSL_SERVER) \|\| (!defined(NO_WOLFSSL_CLIENT) && \
wolfSSL	16:8e0d178b1d1e	3574	!defined(WOLFSSL_NO_CLIENT_AUTH))
wolfSSL	15:117db924cf7c	3575	static int TypeHash(int hashAlgo)
wolfSSL	15:117db924cf7c	3576	{
wolfSSL	15:117db924cf7c	3577	switch (hashAlgo) {
wolfSSL	15:117db924cf7c	3578	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3579	case sha512_mac:
wolfSSL	15:117db924cf7c	3580	return SHA512h;
wolfSSL	15:117db924cf7c	3581	#endif
wolfSSL	15:117db924cf7c	3582	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3583	case sha384_mac:
wolfSSL	15:117db924cf7c	3584	return SHA384h;
wolfSSL	15:117db924cf7c	3585	#endif
wolfSSL	15:117db924cf7c	3586	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3587	case sha256_mac:
wolfSSL	15:117db924cf7c	3588	return SHA256h;
wolfSSL	15:117db924cf7c	3589	#endif
wolfSSL	16:8e0d178b1d1e	3590	#ifdef WOLFSSL_SHA224
wolfSSL	16:8e0d178b1d1e	3591	case sha224_mac:
wolfSSL	16:8e0d178b1d1e	3592	return SHA224h;
wolfSSL	16:8e0d178b1d1e	3593	#endif
wolfSSL	15:117db924cf7c	3594	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	3595	case sha_mac:
wolfSSL	15:117db924cf7c	3596	return SHAh;
wolfSSL	15:117db924cf7c	3597	#endif
wolfSSL	15:117db924cf7c	3598	}
wolfSSL	15:117db924cf7c	3599
wolfSSL	15:117db924cf7c	3600	return 0;
wolfSSL	15:117db924cf7c	3601	}
wolfSSL	15:117db924cf7c	3602	#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	3603	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	3604
wolfSSL	15:117db924cf7c	3605	#if defined(WC_RSA_PSS)
wolfSSL	15:117db924cf7c	3606	int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf)
wolfSSL	15:117db924cf7c	3607	{
wolfSSL	15:117db924cf7c	3608	switch (hashAlgo) {
wolfSSL	15:117db924cf7c	3609	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	3610	case sha512_mac:
wolfSSL	15:117db924cf7c	3611	*hashType = WC_HASH_TYPE_SHA512;
wolfSSL	15:117db924cf7c	3612	if (mgf != NULL)
wolfSSL	15:117db924cf7c	3613	*mgf = WC_MGF1SHA512;
wolfSSL	15:117db924cf7c	3614	break;
wolfSSL	15:117db924cf7c	3615	#endif
wolfSSL	15:117db924cf7c	3616	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	3617	case sha384_mac:
wolfSSL	15:117db924cf7c	3618	*hashType = WC_HASH_TYPE_SHA384;
wolfSSL	15:117db924cf7c	3619	if (mgf != NULL)
wolfSSL	15:117db924cf7c	3620	*mgf = WC_MGF1SHA384;
wolfSSL	15:117db924cf7c	3621	break;
wolfSSL	15:117db924cf7c	3622	#endif
wolfSSL	15:117db924cf7c	3623	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	3624	case sha256_mac:
wolfSSL	15:117db924cf7c	3625	*hashType = WC_HASH_TYPE_SHA256;
wolfSSL	15:117db924cf7c	3626	if (mgf != NULL)
wolfSSL	15:117db924cf7c	3627	*mgf = WC_MGF1SHA256;
wolfSSL	15:117db924cf7c	3628	break;
wolfSSL	15:117db924cf7c	3629	#endif
wolfSSL	15:117db924cf7c	3630	default:
wolfSSL	15:117db924cf7c	3631	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	3632	}
wolfSSL	15:117db924cf7c	3633
wolfSSL	15:117db924cf7c	3634	return 0;
wolfSSL	15:117db924cf7c	3635	}
wolfSSL	15:117db924cf7c	3636	#endif
wolfSSL	15:117db924cf7c	3637
wolfSSL	16:8e0d178b1d1e	3638	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	3639	int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	15:117db924cf7c	3640	word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL	15:117db924cf7c	3641	DerBuffer* keyBufInfo)
wolfSSL	15:117db924cf7c	3642	{
wolfSSL	15:117db924cf7c	3643	int ret;
wolfSSL	15:117db924cf7c	3644	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3645	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	3646	word32 keySz = 0;
wolfSSL	15:117db924cf7c	3647
wolfSSL	15:117db924cf7c	3648	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	3649	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	3650	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	3651	}
wolfSSL	15:117db924cf7c	3652	#endif
wolfSSL	15:117db924cf7c	3653
wolfSSL	15:117db924cf7c	3654	(void)ssl;
wolfSSL	15:117db924cf7c	3655	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	3656	(void)sigAlgo;
wolfSSL	15:117db924cf7c	3657	(void)hashAlgo;
wolfSSL	15:117db924cf7c	3658
wolfSSL	15:117db924cf7c	3659	WOLFSSL_ENTER("RsaSign");
wolfSSL	15:117db924cf7c	3660
wolfSSL	15:117db924cf7c	3661	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3662	/* initialize event */
wolfSSL	16:8e0d178b1d1e	3663	if (key) {
wolfSSL	16:8e0d178b1d1e	3664	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	16:8e0d178b1d1e	3665	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	3666	return ret;
wolfSSL	16:8e0d178b1d1e	3667	}
wolfSSL	15:117db924cf7c	3668	#endif
wolfSSL	15:117db924cf7c	3669
wolfSSL	15:117db924cf7c	3670	#if defined(WC_RSA_PSS)
wolfSSL	15:117db924cf7c	3671	if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL	15:117db924cf7c	3672	enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL	15:117db924cf7c	3673	int mgf = 0;
wolfSSL	15:117db924cf7c	3674
wolfSSL	15:117db924cf7c	3675	ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL	15:117db924cf7c	3676	if (ret != 0)
wolfSSL	15:117db924cf7c	3677	return ret;
wolfSSL	15:117db924cf7c	3678
wolfSSL	15:117db924cf7c	3679	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	15:117db924cf7c	3680	if (ssl->ctx->RsaPssSignCb) {
wolfSSL	15:117db924cf7c	3681	void* ctx = wolfSSL_GetRsaPssSignCtx(ssl);
wolfSSL	15:117db924cf7c	3682	ret = ssl->ctx->RsaPssSignCb(ssl, in, inSz, out, outSz,
wolfSSL	15:117db924cf7c	3683	TypeHash(hashAlgo), mgf,
wolfSSL	15:117db924cf7c	3684	keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	3685	}
wolfSSL	15:117db924cf7c	3686	else
wolfSSL	15:117db924cf7c	3687	#endif
wolfSSL	15:117db924cf7c	3688	{
wolfSSL	15:117db924cf7c	3689	ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, key,
wolfSSL	15:117db924cf7c	3690	ssl->rng);
wolfSSL	15:117db924cf7c	3691	}
wolfSSL	15:117db924cf7c	3692	}
wolfSSL	15:117db924cf7c	3693	else
wolfSSL	15:117db924cf7c	3694	#endif
wolfSSL	15:117db924cf7c	3695	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	15:117db924cf7c	3696	if (ssl->ctx->RsaSignCb) {
wolfSSL	15:117db924cf7c	3697	void* ctx = wolfSSL_GetRsaSignCtx(ssl);
wolfSSL	15:117db924cf7c	3698	ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL	15:117db924cf7c	3699	ctx);
wolfSSL	15:117db924cf7c	3700	}
wolfSSL	15:117db924cf7c	3701	else
wolfSSL	15:117db924cf7c	3702	#endif /HAVE_PK_CALLBACKS /
wolfSSL	15:117db924cf7c	3703	ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL	15:117db924cf7c	3704
wolfSSL	15:117db924cf7c	3705	/* Handle async pending response */
wolfSSL	15:117db924cf7c	3706	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	3707	if (key && ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	3708	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	3709	}
wolfSSL	15:117db924cf7c	3710	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	3711
wolfSSL	15:117db924cf7c	3712	/* For positive response return in outSz */
wolfSSL	15:117db924cf7c	3713	if (ret > 0) {
wolfSSL	15:117db924cf7c	3714	*outSz = ret;
wolfSSL	15:117db924cf7c	3715	ret = 0;
wolfSSL	15:117db924cf7c	3716	}
wolfSSL	15:117db924cf7c	3717
wolfSSL	15:117db924cf7c	3718	WOLFSSL_LEAVE("RsaSign", ret);
wolfSSL	15:117db924cf7c	3719
wolfSSL	15:117db924cf7c	3720	return ret;
wolfSSL	15:117db924cf7c	3721	}
wolfSSL	16:8e0d178b1d1e	3722	#endif
wolfSSL	15:117db924cf7c	3723
wolfSSL	15:117db924cf7c	3724	int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
wolfSSL	15:117db924cf7c	3725	int hashAlgo, RsaKey* key, buffer* keyBufInfo)
wolfSSL	15:117db924cf7c	3726	{
wolfSSL	15:117db924cf7c	3727	int ret;
wolfSSL	15:117db924cf7c	3728	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3729	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	3730	word32 keySz = 0;
wolfSSL	15:117db924cf7c	3731
wolfSSL	15:117db924cf7c	3732	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	3733	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	3734	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	3735	}
wolfSSL	15:117db924cf7c	3736	#endif
wolfSSL	15:117db924cf7c	3737
wolfSSL	15:117db924cf7c	3738	(void)ssl;
wolfSSL	15:117db924cf7c	3739	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	3740	(void)sigAlgo;
wolfSSL	15:117db924cf7c	3741	(void)hashAlgo;
wolfSSL	15:117db924cf7c	3742
wolfSSL	15:117db924cf7c	3743	WOLFSSL_ENTER("RsaVerify");
wolfSSL	15:117db924cf7c	3744
wolfSSL	15:117db924cf7c	3745	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3746	/* initialize event */
wolfSSL	15:117db924cf7c	3747	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	3748	if (ret != 0)
wolfSSL	15:117db924cf7c	3749	return ret;
wolfSSL	15:117db924cf7c	3750	#endif
wolfSSL	15:117db924cf7c	3751
wolfSSL	15:117db924cf7c	3752	#if defined(WC_RSA_PSS)
wolfSSL	15:117db924cf7c	3753	if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL	15:117db924cf7c	3754	enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL	15:117db924cf7c	3755	int mgf = 0;
wolfSSL	15:117db924cf7c	3756
wolfSSL	15:117db924cf7c	3757	ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL	15:117db924cf7c	3758	if (ret != 0)
wolfSSL	15:117db924cf7c	3759	return ret;
wolfSSL	15:117db924cf7c	3760	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3761	if (ssl->ctx->RsaPssVerifyCb) {
wolfSSL	15:117db924cf7c	3762	void* ctx = wolfSSL_GetRsaPssVerifyCtx(ssl);
wolfSSL	15:117db924cf7c	3763	ret = ssl->ctx->RsaPssVerifyCb(ssl, in, inSz, out,
wolfSSL	15:117db924cf7c	3764	TypeHash(hashAlgo), mgf,
wolfSSL	15:117db924cf7c	3765	keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	3766	}
wolfSSL	15:117db924cf7c	3767	else
wolfSSL	15:117db924cf7c	3768	#endif /HAVE_PK_CALLBACKS /
wolfSSL	15:117db924cf7c	3769	ret = wc_RsaPSS_VerifyInline(in, inSz, out, hashType, mgf, key);
wolfSSL	15:117db924cf7c	3770	}
wolfSSL	15:117db924cf7c	3771	else
wolfSSL	15:117db924cf7c	3772	#endif
wolfSSL	15:117db924cf7c	3773	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3774	if (ssl->ctx->RsaVerifyCb) {
wolfSSL	15:117db924cf7c	3775	void* ctx = wolfSSL_GetRsaVerifyCtx(ssl);
wolfSSL	15:117db924cf7c	3776	ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	3777	}
wolfSSL	15:117db924cf7c	3778	else
wolfSSL	15:117db924cf7c	3779	#endif /HAVE_PK_CALLBACKS /
wolfSSL	15:117db924cf7c	3780	{
wolfSSL	15:117db924cf7c	3781	ret = wc_RsaSSL_VerifyInline(in, inSz, out, key);
wolfSSL	15:117db924cf7c	3782	}
wolfSSL	15:117db924cf7c	3783
wolfSSL	15:117db924cf7c	3784	/* Handle async pending response */
wolfSSL	15:117db924cf7c	3785	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3786	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	3787	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	3788	}
wolfSSL	15:117db924cf7c	3789	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	3790
wolfSSL	15:117db924cf7c	3791	WOLFSSL_LEAVE("RsaVerify", ret);
wolfSSL	15:117db924cf7c	3792
wolfSSL	15:117db924cf7c	3793	return ret;
wolfSSL	15:117db924cf7c	3794	}
wolfSSL	15:117db924cf7c	3795
wolfSSL	15:117db924cf7c	3796	/* Verify RSA signature, 0 on success */
wolfSSL	15:117db924cf7c	3797	/* This function is used to check the sign result */
wolfSSL	15:117db924cf7c	3798	int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
wolfSSL	15:117db924cf7c	3799	const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key,
wolfSSL	15:117db924cf7c	3800	DerBuffer* keyBufInfo)
wolfSSL	15:117db924cf7c	3801	{
wolfSSL	15:117db924cf7c	3802	byte* out = NULL; /* inline result */
wolfSSL	15:117db924cf7c	3803	int ret;
wolfSSL	15:117db924cf7c	3804	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3805	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	3806	word32 keySz = 0;
wolfSSL	15:117db924cf7c	3807
wolfSSL	15:117db924cf7c	3808	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	3809	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	3810	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	3811	}
wolfSSL	15:117db924cf7c	3812	#endif
wolfSSL	15:117db924cf7c	3813
wolfSSL	15:117db924cf7c	3814	(void)ssl;
wolfSSL	15:117db924cf7c	3815	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	3816	(void)sigAlgo;
wolfSSL	15:117db924cf7c	3817	(void)hashAlgo;
wolfSSL	15:117db924cf7c	3818
wolfSSL	15:117db924cf7c	3819	WOLFSSL_ENTER("VerifyRsaSign");
wolfSSL	15:117db924cf7c	3820
wolfSSL	15:117db924cf7c	3821	if (verifySig == NULL \|\| plain == NULL) {
wolfSSL	15:117db924cf7c	3822	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	3823	}
wolfSSL	15:117db924cf7c	3824
wolfSSL	15:117db924cf7c	3825	if (sigSz > ENCRYPT_LEN) {
wolfSSL	15:117db924cf7c	3826	WOLFSSL_MSG("Signature buffer too big");
wolfSSL	15:117db924cf7c	3827	return BUFFER_E;
wolfSSL	15:117db924cf7c	3828	}
wolfSSL	15:117db924cf7c	3829
wolfSSL	15:117db924cf7c	3830	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3831	/* initialize event */
wolfSSL	15:117db924cf7c	3832	if (key) {
wolfSSL	15:117db924cf7c	3833	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	3834	if (ret != 0)
wolfSSL	15:117db924cf7c	3835	return ret;
wolfSSL	15:117db924cf7c	3836	}
wolfSSL	15:117db924cf7c	3837	#endif
wolfSSL	15:117db924cf7c	3838
wolfSSL	15:117db924cf7c	3839	#if defined(WC_RSA_PSS)
wolfSSL	15:117db924cf7c	3840	if (sigAlgo == rsa_pss_sa_algo) {
wolfSSL	15:117db924cf7c	3841	enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL	15:117db924cf7c	3842	int mgf = 0;
wolfSSL	15:117db924cf7c	3843
wolfSSL	15:117db924cf7c	3844	ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
wolfSSL	15:117db924cf7c	3845	if (ret != 0)
wolfSSL	15:117db924cf7c	3846	return ret;
wolfSSL	15:117db924cf7c	3847	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3848	if (ssl->ctx->RsaPssSignCheckCb) {
wolfSSL	15:117db924cf7c	3849	/* The key buffer includes private/public portion,
wolfSSL	15:117db924cf7c	3850	but only public is used */
wolfSSL	15:117db924cf7c	3851	/* If HSM hardware is checking the signature result you can
wolfSSL	15:117db924cf7c	3852	optionally skip the sign check and return 0 */
wolfSSL	15:117db924cf7c	3853	/* The ctx here is the RsaSignCtx set using wolfSSL_SetRsaSignCtx */
wolfSSL	15:117db924cf7c	3854	void* ctx = wolfSSL_GetRsaPssSignCtx(ssl);
wolfSSL	15:117db924cf7c	3855	ret = ssl->ctx->RsaPssSignCheckCb(ssl, verifySig, sigSz, &out,
wolfSSL	15:117db924cf7c	3856	TypeHash(hashAlgo), mgf,
wolfSSL	15:117db924cf7c	3857	keyBuf, keySz, ctx);
wolfSSL	16:8e0d178b1d1e	3858	if (ret > 0) {
wolfSSL	16:8e0d178b1d1e	3859	ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret,
wolfSSL	16:8e0d178b1d1e	3860	hashType);
wolfSSL	16:8e0d178b1d1e	3861	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	3862	ret = VERIFY_CERT_ERROR;
wolfSSL	16:8e0d178b1d1e	3863	}
wolfSSL	15:117db924cf7c	3864	}
wolfSSL	15:117db924cf7c	3865	else
wolfSSL	15:117db924cf7c	3866	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	3867	{
wolfSSL	15:117db924cf7c	3868	ret = wc_RsaPSS_VerifyInline(verifySig, sigSz, &out, hashType, mgf,
wolfSSL	15:117db924cf7c	3869	key);
wolfSSL	16:8e0d178b1d1e	3870	if (ret > 0) {
wolfSSL	16:8e0d178b1d1e	3871	#ifdef HAVE_SELFTEST
wolfSSL	16:8e0d178b1d1e	3872	ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret,
wolfSSL	16:8e0d178b1d1e	3873	hashType);
wolfSSL	16:8e0d178b1d1e	3874	#else
wolfSSL	16:8e0d178b1d1e	3875	ret = wc_RsaPSS_CheckPadding_ex(plain, plainSz, out, ret,
wolfSSL	16:8e0d178b1d1e	3876	hashType, -1,
wolfSSL	16:8e0d178b1d1e	3877	mp_count_bits(&key->n));
wolfSSL	16:8e0d178b1d1e	3878	#endif
wolfSSL	16:8e0d178b1d1e	3879	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	3880	ret = VERIFY_CERT_ERROR;
wolfSSL	16:8e0d178b1d1e	3881	}
wolfSSL	16:8e0d178b1d1e	3882	}
wolfSSL	16:8e0d178b1d1e	3883
wolfSSL	15:117db924cf7c	3884	}
wolfSSL	15:117db924cf7c	3885	else
wolfSSL	15:117db924cf7c	3886	#endif /* WC_RSA_PSS */
wolfSSL	15:117db924cf7c	3887	{
wolfSSL	15:117db924cf7c	3888	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3889	if (ssl->ctx->RsaSignCheckCb) {
wolfSSL	15:117db924cf7c	3890	/* The key buffer includes private/public portion,
wolfSSL	15:117db924cf7c	3891	but only public is used */
wolfSSL	15:117db924cf7c	3892	/* If HSM hardware is checking the signature result you can
wolfSSL	15:117db924cf7c	3893	optionally skip the sign check and return 0 */
wolfSSL	15:117db924cf7c	3894	/* The ctx here is the RsaSignCtx set using wolfSSL_SetRsaSignCtx */
wolfSSL	15:117db924cf7c	3895	void* ctx = wolfSSL_GetRsaSignCtx(ssl);
wolfSSL	15:117db924cf7c	3896	ret = ssl->ctx->RsaSignCheckCb(ssl, verifySig, sigSz, &out,
wolfSSL	15:117db924cf7c	3897	keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	3898	}
wolfSSL	15:117db924cf7c	3899	else
wolfSSL	15:117db924cf7c	3900	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	3901	{
wolfSSL	15:117db924cf7c	3902	ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
wolfSSL	15:117db924cf7c	3903	}
wolfSSL	15:117db924cf7c	3904
wolfSSL	15:117db924cf7c	3905	if (ret > 0) {
wolfSSL	15:117db924cf7c	3906	if (ret != (int)plainSz \|\| !out \|\|
wolfSSL	15:117db924cf7c	3907	XMEMCMP(plain, out, plainSz) != 0) {
wolfSSL	15:117db924cf7c	3908	WOLFSSL_MSG("RSA Signature verification failed");
wolfSSL	15:117db924cf7c	3909	ret = RSA_SIGN_FAULT;
wolfSSL	15:117db924cf7c	3910	} else {
wolfSSL	15:117db924cf7c	3911	ret = 0; /* RSA reset */
wolfSSL	15:117db924cf7c	3912	}
wolfSSL	15:117db924cf7c	3913	}
wolfSSL	15:117db924cf7c	3914	}
wolfSSL	15:117db924cf7c	3915
wolfSSL	15:117db924cf7c	3916	/* Handle async pending response */
wolfSSL	15:117db924cf7c	3917	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3918	if (key && ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	3919	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	3920	}
wolfSSL	15:117db924cf7c	3921	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	3922
wolfSSL	15:117db924cf7c	3923	WOLFSSL_LEAVE("VerifyRsaSign", ret);
wolfSSL	15:117db924cf7c	3924
wolfSSL	15:117db924cf7c	3925	return ret;
wolfSSL	15:117db924cf7c	3926	}
wolfSSL	15:117db924cf7c	3927
wolfSSL	15:117db924cf7c	3928	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	3929
wolfSSL	16:8e0d178b1d1e	3930	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	3931	int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
wolfSSL	15:117db924cf7c	3932	RsaKey* key, DerBuffer* keyBufInfo)
wolfSSL	15:117db924cf7c	3933	{
wolfSSL	15:117db924cf7c	3934	int ret;
wolfSSL	15:117db924cf7c	3935	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3936	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	3937	word32 keySz = 0;
wolfSSL	15:117db924cf7c	3938
wolfSSL	15:117db924cf7c	3939	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	3940	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	3941	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	3942	}
wolfSSL	15:117db924cf7c	3943	#endif
wolfSSL	15:117db924cf7c	3944
wolfSSL	15:117db924cf7c	3945	(void)ssl;
wolfSSL	15:117db924cf7c	3946	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	3947
wolfSSL	15:117db924cf7c	3948	WOLFSSL_ENTER("RsaDec");
wolfSSL	15:117db924cf7c	3949
wolfSSL	15:117db924cf7c	3950	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3951	/* initialize event */
wolfSSL	15:117db924cf7c	3952	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	3953	if (ret != 0)
wolfSSL	15:117db924cf7c	3954	return ret;
wolfSSL	15:117db924cf7c	3955	#endif
wolfSSL	15:117db924cf7c	3956
wolfSSL	15:117db924cf7c	3957	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3958	if (ssl->ctx->RsaDecCb) {
wolfSSL	15:117db924cf7c	3959	void* ctx = wolfSSL_GetRsaDecCtx(ssl);
wolfSSL	15:117db924cf7c	3960	ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	3961	}
wolfSSL	15:117db924cf7c	3962	else
wolfSSL	15:117db924cf7c	3963	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	3964	{
wolfSSL	15:117db924cf7c	3965	#ifdef WC_RSA_BLINDING
wolfSSL	15:117db924cf7c	3966	ret = wc_RsaSetRNG(key, ssl->rng);
wolfSSL	15:117db924cf7c	3967	if (ret != 0)
wolfSSL	15:117db924cf7c	3968	return ret;
wolfSSL	15:117db924cf7c	3969	#endif
wolfSSL	15:117db924cf7c	3970	ret = wc_RsaPrivateDecryptInline(in, inSz, out, key);
wolfSSL	15:117db924cf7c	3971	}
wolfSSL	15:117db924cf7c	3972
wolfSSL	15:117db924cf7c	3973	/* Handle async pending response */
wolfSSL	15:117db924cf7c	3974	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	3975	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	3976	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	3977	}
wolfSSL	15:117db924cf7c	3978	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	3979
wolfSSL	15:117db924cf7c	3980	/* For positive response return in outSz */
wolfSSL	15:117db924cf7c	3981	if (ret > 0) {
wolfSSL	15:117db924cf7c	3982	*outSz = ret;
wolfSSL	15:117db924cf7c	3983	ret = 0;
wolfSSL	15:117db924cf7c	3984	}
wolfSSL	15:117db924cf7c	3985
wolfSSL	15:117db924cf7c	3986	WOLFSSL_LEAVE("RsaDec", ret);
wolfSSL	15:117db924cf7c	3987
wolfSSL	15:117db924cf7c	3988	return ret;
wolfSSL	15:117db924cf7c	3989	}
wolfSSL	16:8e0d178b1d1e	3990	#endif /* !NO_WOLFSSL_SERVER) \|\| !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	3991
wolfSSL	15:117db924cf7c	3992	int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
wolfSSL	15:117db924cf7c	3993	RsaKey* key, buffer* keyBufInfo)
wolfSSL	15:117db924cf7c	3994	{
wolfSSL	15:117db924cf7c	3995	int ret;
wolfSSL	15:117db924cf7c	3996	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	3997	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	3998	word32 keySz = 0;
wolfSSL	15:117db924cf7c	3999
wolfSSL	15:117db924cf7c	4000	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	4001	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	4002	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	4003	}
wolfSSL	15:117db924cf7c	4004	#endif
wolfSSL	15:117db924cf7c	4005
wolfSSL	15:117db924cf7c	4006	(void)ssl;
wolfSSL	15:117db924cf7c	4007	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	4008
wolfSSL	15:117db924cf7c	4009	WOLFSSL_ENTER("RsaEnc");
wolfSSL	15:117db924cf7c	4010
wolfSSL	15:117db924cf7c	4011	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4012	/* initialize event */
wolfSSL	15:117db924cf7c	4013	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4014	if (ret != 0)
wolfSSL	15:117db924cf7c	4015	return ret;
wolfSSL	15:117db924cf7c	4016	#endif
wolfSSL	15:117db924cf7c	4017
wolfSSL	15:117db924cf7c	4018	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4019	if (ssl->ctx->RsaEncCb) {
wolfSSL	15:117db924cf7c	4020	void* ctx = wolfSSL_GetRsaEncCtx(ssl);
wolfSSL	15:117db924cf7c	4021	ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz, ctx);
wolfSSL	15:117db924cf7c	4022	}
wolfSSL	15:117db924cf7c	4023	else
wolfSSL	15:117db924cf7c	4024	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4025	{
wolfSSL	15:117db924cf7c	4026	ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL	15:117db924cf7c	4027	}
wolfSSL	15:117db924cf7c	4028
wolfSSL	15:117db924cf7c	4029	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4030	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4031	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4032	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4033	}
wolfSSL	15:117db924cf7c	4034	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4035
wolfSSL	15:117db924cf7c	4036	/* For positive response return in outSz */
wolfSSL	15:117db924cf7c	4037	if (ret > 0) {
wolfSSL	15:117db924cf7c	4038	*outSz = ret;
wolfSSL	15:117db924cf7c	4039	ret = 0;
wolfSSL	15:117db924cf7c	4040	}
wolfSSL	15:117db924cf7c	4041
wolfSSL	15:117db924cf7c	4042	WOLFSSL_LEAVE("RsaEnc", ret);
wolfSSL	15:117db924cf7c	4043
wolfSSL	15:117db924cf7c	4044	return ret;
wolfSSL	15:117db924cf7c	4045	}
wolfSSL	15:117db924cf7c	4046
wolfSSL	15:117db924cf7c	4047	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	4048
wolfSSL	15:117db924cf7c	4049	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	4050
wolfSSL	15:117db924cf7c	4051	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	4052
wolfSSL	15:117db924cf7c	4053	int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	15:117db924cf7c	4054	word32* outSz, ecc_key* key, DerBuffer* keyBufInfo)
wolfSSL	15:117db924cf7c	4055	{
wolfSSL	15:117db924cf7c	4056	int ret;
wolfSSL	15:117db924cf7c	4057	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4058	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	4059	word32 keySz = 0;
wolfSSL	15:117db924cf7c	4060
wolfSSL	15:117db924cf7c	4061	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	4062	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	4063	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	4064	}
wolfSSL	15:117db924cf7c	4065	#endif
wolfSSL	15:117db924cf7c	4066
wolfSSL	15:117db924cf7c	4067	(void)ssl;
wolfSSL	15:117db924cf7c	4068	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	4069
wolfSSL	15:117db924cf7c	4070	WOLFSSL_ENTER("EccSign");
wolfSSL	15:117db924cf7c	4071
wolfSSL	15:117db924cf7c	4072	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4073	/* initialize event */
wolfSSL	16:8e0d178b1d1e	4074	if (key) {
wolfSSL	16:8e0d178b1d1e	4075	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	16:8e0d178b1d1e	4076	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	4077	return ret;
wolfSSL	16:8e0d178b1d1e	4078	}
wolfSSL	15:117db924cf7c	4079	#endif
wolfSSL	15:117db924cf7c	4080
wolfSSL	15:117db924cf7c	4081	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	15:117db924cf7c	4082	if (ssl->ctx->EccSignCb) {
wolfSSL	15:117db924cf7c	4083	void* ctx = wolfSSL_GetEccSignCtx(ssl);
wolfSSL	15:117db924cf7c	4084	ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL	15:117db924cf7c	4085	keySz, ctx);
wolfSSL	15:117db924cf7c	4086	}
wolfSSL	15:117db924cf7c	4087	else
wolfSSL	15:117db924cf7c	4088	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4089	{
wolfSSL	15:117db924cf7c	4090	ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key);
wolfSSL	15:117db924cf7c	4091	}
wolfSSL	15:117db924cf7c	4092
wolfSSL	15:117db924cf7c	4093	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4094	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4095	if (key && ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4096	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4097	}
wolfSSL	15:117db924cf7c	4098	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4099
wolfSSL	15:117db924cf7c	4100	WOLFSSL_LEAVE("EccSign", ret);
wolfSSL	15:117db924cf7c	4101
wolfSSL	15:117db924cf7c	4102	return ret;
wolfSSL	15:117db924cf7c	4103	}
wolfSSL	15:117db924cf7c	4104
wolfSSL	15:117db924cf7c	4105	int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
wolfSSL	15:117db924cf7c	4106	word32 outSz, ecc_key* key, buffer* keyBufInfo)
wolfSSL	15:117db924cf7c	4107	{
wolfSSL	15:117db924cf7c	4108	int ret;
wolfSSL	15:117db924cf7c	4109	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4110	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	4111	word32 keySz = 0;
wolfSSL	15:117db924cf7c	4112
wolfSSL	15:117db924cf7c	4113	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	4114	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	4115	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	4116	}
wolfSSL	15:117db924cf7c	4117	#endif
wolfSSL	15:117db924cf7c	4118
wolfSSL	15:117db924cf7c	4119	(void)ssl;
wolfSSL	15:117db924cf7c	4120	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	4121
wolfSSL	15:117db924cf7c	4122	WOLFSSL_ENTER("EccVerify");
wolfSSL	15:117db924cf7c	4123
wolfSSL	15:117db924cf7c	4124	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4125	/* initialize event */
wolfSSL	15:117db924cf7c	4126	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4127	if (ret != 0)
wolfSSL	15:117db924cf7c	4128	return ret;
wolfSSL	15:117db924cf7c	4129	#endif
wolfSSL	15:117db924cf7c	4130
wolfSSL	15:117db924cf7c	4131	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4132	if (ssl->ctx->EccVerifyCb) {
wolfSSL	15:117db924cf7c	4133	void* ctx = wolfSSL_GetEccVerifyCtx(ssl);
wolfSSL	15:117db924cf7c	4134	ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL	15:117db924cf7c	4135	&ssl->eccVerifyRes, ctx);
wolfSSL	15:117db924cf7c	4136	}
wolfSSL	15:117db924cf7c	4137	else
wolfSSL	15:117db924cf7c	4138	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4139	{
wolfSSL	15:117db924cf7c	4140	ret = wc_ecc_verify_hash(in, inSz, out, outSz, &ssl->eccVerifyRes, key);
wolfSSL	15:117db924cf7c	4141	}
wolfSSL	15:117db924cf7c	4142
wolfSSL	15:117db924cf7c	4143	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4144	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4145	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4146	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4147	}
wolfSSL	15:117db924cf7c	4148	else
wolfSSL	15:117db924cf7c	4149	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4150	{
wolfSSL	15:117db924cf7c	4151	ret = (ret != 0 \|\| ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL	15:117db924cf7c	4152	}
wolfSSL	15:117db924cf7c	4153
wolfSSL	15:117db924cf7c	4154	WOLFSSL_LEAVE("EccVerify", ret);
wolfSSL	15:117db924cf7c	4155
wolfSSL	15:117db924cf7c	4156	return ret;
wolfSSL	15:117db924cf7c	4157	}
wolfSSL	15:117db924cf7c	4158
wolfSSL	15:117db924cf7c	4159	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4160	/* Gets ECC key for shared secret callback testing
wolfSSL	15:117db924cf7c	4161	* Client side: returns peer key
wolfSSL	15:117db924cf7c	4162	* Server side: returns private key
wolfSSL	15:117db924cf7c	4163	*/
wolfSSL	15:117db924cf7c	4164	static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
wolfSSL	15:117db924cf7c	4165	{
wolfSSL	15:117db924cf7c	4166	int ret = NO_PEER_KEY;
wolfSSL	15:117db924cf7c	4167	ecc_key* tmpKey = NULL;
wolfSSL	15:117db924cf7c	4168
wolfSSL	15:117db924cf7c	4169	if (ssl == NULL \|\| otherKey == NULL) {
wolfSSL	15:117db924cf7c	4170	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	4171	}
wolfSSL	15:117db924cf7c	4172
wolfSSL	15:117db924cf7c	4173	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	4174	if (ssl->specs.static_ecdh) {
wolfSSL	15:117db924cf7c	4175	if (!ssl->peerEccDsaKey \|\| !ssl->peerEccDsaKeyPresent \|\|
wolfSSL	15:117db924cf7c	4176	!ssl->peerEccDsaKey->dp) {
wolfSSL	15:117db924cf7c	4177	return NO_PEER_KEY;
wolfSSL	15:117db924cf7c	4178	}
wolfSSL	15:117db924cf7c	4179	tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
wolfSSL	15:117db924cf7c	4180	}
wolfSSL	15:117db924cf7c	4181	else {
wolfSSL	15:117db924cf7c	4182	if (!ssl->peerEccKey \|\| !ssl->peerEccKeyPresent \|\|
wolfSSL	15:117db924cf7c	4183	!ssl->peerEccKey->dp) {
wolfSSL	15:117db924cf7c	4184	return NO_PEER_KEY;
wolfSSL	15:117db924cf7c	4185	}
wolfSSL	15:117db924cf7c	4186	tmpKey = (struct ecc_key*)ssl->peerEccKey;
wolfSSL	15:117db924cf7c	4187	}
wolfSSL	15:117db924cf7c	4188	}
wolfSSL	15:117db924cf7c	4189	else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	4190	if (ssl->specs.static_ecdh) {
wolfSSL	15:117db924cf7c	4191	if (ssl->hsKey == NULL) {
wolfSSL	15:117db924cf7c	4192	return NO_PRIVATE_KEY;
wolfSSL	15:117db924cf7c	4193	}
wolfSSL	15:117db924cf7c	4194	tmpKey = (struct ecc_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	4195	}
wolfSSL	15:117db924cf7c	4196	else {
wolfSSL	15:117db924cf7c	4197	if (!ssl->eccTempKeyPresent) {
wolfSSL	15:117db924cf7c	4198	return NO_PRIVATE_KEY;
wolfSSL	15:117db924cf7c	4199	}
wolfSSL	15:117db924cf7c	4200	tmpKey = (struct ecc_key*)ssl->eccTempKey;
wolfSSL	15:117db924cf7c	4201	}
wolfSSL	15:117db924cf7c	4202	}
wolfSSL	15:117db924cf7c	4203
wolfSSL	15:117db924cf7c	4204	if (tmpKey) {
wolfSSL	15:117db924cf7c	4205	*otherKey = tmpKey;
wolfSSL	15:117db924cf7c	4206	ret = 0;
wolfSSL	15:117db924cf7c	4207	}
wolfSSL	15:117db924cf7c	4208
wolfSSL	15:117db924cf7c	4209	return ret;
wolfSSL	15:117db924cf7c	4210	}
wolfSSL	15:117db924cf7c	4211	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4212
wolfSSL	15:117db924cf7c	4213	int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
wolfSSL	15:117db924cf7c	4214	byte* pubKeyDer, word32* pubKeySz, byte* out, word32* outlen,
wolfSSL	15:117db924cf7c	4215	int side)
wolfSSL	15:117db924cf7c	4216	{
wolfSSL	15:117db924cf7c	4217	int ret;
wolfSSL	15:117db924cf7c	4218	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4219	ecc_key* otherKey = NULL;
wolfSSL	15:117db924cf7c	4220	#endif
wolfSSL	15:117db924cf7c	4221	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4222	WC_ASYNC_DEV* asyncDev = &priv_key->asyncDev;
wolfSSL	15:117db924cf7c	4223	#endif
wolfSSL	15:117db924cf7c	4224
wolfSSL	15:117db924cf7c	4225	(void)ssl;
wolfSSL	15:117db924cf7c	4226	(void)pubKeyDer;
wolfSSL	15:117db924cf7c	4227	(void)pubKeySz;
wolfSSL	15:117db924cf7c	4228	(void)side;
wolfSSL	15:117db924cf7c	4229
wolfSSL	15:117db924cf7c	4230	WOLFSSL_ENTER("EccSharedSecret");
wolfSSL	15:117db924cf7c	4231
wolfSSL	15:117db924cf7c	4232	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4233	if (ssl->ctx->EccSharedSecretCb) {
wolfSSL	15:117db924cf7c	4234	ret = EccGetKey(ssl, &otherKey);
wolfSSL	15:117db924cf7c	4235	if (ret != 0)
wolfSSL	15:117db924cf7c	4236	return ret;
wolfSSL	15:117db924cf7c	4237	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4238	asyncDev = &otherKey->asyncDev;
wolfSSL	15:117db924cf7c	4239	#endif
wolfSSL	15:117db924cf7c	4240	}
wolfSSL	15:117db924cf7c	4241	#endif
wolfSSL	15:117db924cf7c	4242
wolfSSL	15:117db924cf7c	4243	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4244	/* initialize event */
wolfSSL	15:117db924cf7c	4245	ret = wolfSSL_AsyncInit(ssl, asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4246	if (ret != 0)
wolfSSL	15:117db924cf7c	4247	return ret;
wolfSSL	15:117db924cf7c	4248	#endif
wolfSSL	15:117db924cf7c	4249
wolfSSL	15:117db924cf7c	4250	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4251	if (ssl->ctx->EccSharedSecretCb) {
wolfSSL	15:117db924cf7c	4252	void* ctx = wolfSSL_GetEccSharedSecretCtx(ssl);
wolfSSL	15:117db924cf7c	4253	ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL	15:117db924cf7c	4254	pubKeySz, out, outlen, side, ctx);
wolfSSL	15:117db924cf7c	4255	}
wolfSSL	15:117db924cf7c	4256	else
wolfSSL	15:117db924cf7c	4257	#endif
wolfSSL	15:117db924cf7c	4258	{
wolfSSL	15:117db924cf7c	4259	ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
wolfSSL	15:117db924cf7c	4260	}
wolfSSL	15:117db924cf7c	4261
wolfSSL	15:117db924cf7c	4262	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4263	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4264	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4265	ret = wolfSSL_AsyncPush(ssl, asyncDev);
wolfSSL	15:117db924cf7c	4266	}
wolfSSL	15:117db924cf7c	4267	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4268
wolfSSL	15:117db924cf7c	4269	WOLFSSL_LEAVE("EccSharedSecret", ret);
wolfSSL	15:117db924cf7c	4270
wolfSSL	15:117db924cf7c	4271	return ret;
wolfSSL	15:117db924cf7c	4272	}
wolfSSL	15:117db924cf7c	4273
wolfSSL	15:117db924cf7c	4274	int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
wolfSSL	15:117db924cf7c	4275	{
wolfSSL	15:117db924cf7c	4276	int ret = 0;
wolfSSL	15:117db924cf7c	4277	int keySz = 0;
wolfSSL	15:117db924cf7c	4278	int ecc_curve = ECC_CURVE_DEF;
wolfSSL	15:117db924cf7c	4279
wolfSSL	15:117db924cf7c	4280	WOLFSSL_ENTER("EccMakeKey");
wolfSSL	15:117db924cf7c	4281
wolfSSL	15:117db924cf7c	4282	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4283	/* initialize event */
wolfSSL	15:117db924cf7c	4284	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	4285	if (ret != 0)
wolfSSL	15:117db924cf7c	4286	return ret;
wolfSSL	15:117db924cf7c	4287	#endif
wolfSSL	15:117db924cf7c	4288
wolfSSL	15:117db924cf7c	4289	/* get key size */
wolfSSL	15:117db924cf7c	4290	if (peer == NULL) {
wolfSSL	15:117db924cf7c	4291	keySz = ssl->eccTempKeySz;
wolfSSL	15:117db924cf7c	4292	}
wolfSSL	15:117db924cf7c	4293	else {
wolfSSL	15:117db924cf7c	4294	keySz = peer->dp->size;
wolfSSL	15:117db924cf7c	4295	}
wolfSSL	15:117db924cf7c	4296
wolfSSL	15:117db924cf7c	4297	/* get curve type */
wolfSSL	15:117db924cf7c	4298	if (ssl->ecdhCurveOID > 0) {
wolfSSL	15:117db924cf7c	4299	ecc_curve = wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL);
wolfSSL	15:117db924cf7c	4300	}
wolfSSL	15:117db924cf7c	4301
wolfSSL	15:117db924cf7c	4302	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4303	if (ssl->ctx->EccKeyGenCb) {
wolfSSL	15:117db924cf7c	4304	void* ctx = wolfSSL_GetEccKeyGenCtx(ssl);
wolfSSL	15:117db924cf7c	4305	ret = ssl->ctx->EccKeyGenCb(ssl, key, keySz, ecc_curve, ctx);
wolfSSL	15:117db924cf7c	4306	}
wolfSSL	15:117db924cf7c	4307	else
wolfSSL	15:117db924cf7c	4308	#endif
wolfSSL	15:117db924cf7c	4309	{
wolfSSL	15:117db924cf7c	4310	ret = wc_ecc_make_key_ex(ssl->rng, keySz, key, ecc_curve);
wolfSSL	15:117db924cf7c	4311	}
wolfSSL	15:117db924cf7c	4312
wolfSSL	15:117db924cf7c	4313	/* make sure the curve is set for TLS */
wolfSSL	15:117db924cf7c	4314	if (ret == 0 && key->dp) {
wolfSSL	15:117db924cf7c	4315	ssl->ecdhCurveOID = key->dp->oidSum;
wolfSSL	16:8e0d178b1d1e	4316	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	4317	ssl->namedGroup = 0;
wolfSSL	16:8e0d178b1d1e	4318	#endif
wolfSSL	15:117db924cf7c	4319	}
wolfSSL	15:117db924cf7c	4320
wolfSSL	15:117db924cf7c	4321	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4322	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4323	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4324	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4325	}
wolfSSL	15:117db924cf7c	4326	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4327
wolfSSL	15:117db924cf7c	4328	WOLFSSL_LEAVE("EccMakeKey", ret);
wolfSSL	15:117db924cf7c	4329
wolfSSL	15:117db924cf7c	4330	return ret;
wolfSSL	15:117db924cf7c	4331	}
wolfSSL	15:117db924cf7c	4332	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	4333
wolfSSL	15:117db924cf7c	4334	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	4335	/* Check whether the key contains a public key.
wolfSSL	15:117db924cf7c	4336	* If not then pull it out of the leaf certificate.
wolfSSL	15:117db924cf7c	4337	*
wolfSSL	15:117db924cf7c	4338	* ssl SSL/TLS object.
wolfSSL	15:117db924cf7c	4339	* returns MEMORY_E when unable to allocate memory, a parsing error, otherwise
wolfSSL	15:117db924cf7c	4340	* 0 on success.
wolfSSL	15:117db924cf7c	4341	*/
wolfSSL	15:117db924cf7c	4342	int Ed25519CheckPubKey(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	4343	{
wolfSSL	15:117db924cf7c	4344	ed25519_key* key = (ed25519_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	4345	int ret = 0;
wolfSSL	15:117db924cf7c	4346
wolfSSL	15:117db924cf7c	4347	/* Public key required for signing. */
wolfSSL	15:117db924cf7c	4348	if (!key->pubKeySet) {
wolfSSL	15:117db924cf7c	4349	DerBuffer* leaf = ssl->buffers.certificate;
wolfSSL	15:117db924cf7c	4350	DecodedCert* cert = (DecodedCert)XMALLOC(sizeof(cert),
wolfSSL	15:117db924cf7c	4351	ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	4352	if (cert == NULL)
wolfSSL	15:117db924cf7c	4353	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	4354
wolfSSL	15:117db924cf7c	4355	if (ret == 0) {
wolfSSL	15:117db924cf7c	4356	InitDecodedCert(cert, leaf->buffer, leaf->length, ssl->heap);
wolfSSL	15:117db924cf7c	4357	ret = DecodeToKey(cert, 0);
wolfSSL	15:117db924cf7c	4358	}
wolfSSL	15:117db924cf7c	4359	if (ret == 0) {
wolfSSL	15:117db924cf7c	4360	ret = wc_ed25519_import_public(cert->publicKey, cert->pubKeySize,
wolfSSL	15:117db924cf7c	4361	key);
wolfSSL	15:117db924cf7c	4362	}
wolfSSL	15:117db924cf7c	4363	if (cert != NULL) {
wolfSSL	15:117db924cf7c	4364	FreeDecodedCert(cert);
wolfSSL	15:117db924cf7c	4365	XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	4366	}
wolfSSL	15:117db924cf7c	4367	}
wolfSSL	15:117db924cf7c	4368
wolfSSL	15:117db924cf7c	4369	return ret;
wolfSSL	15:117db924cf7c	4370	}
wolfSSL	15:117db924cf7c	4371
wolfSSL	16:8e0d178b1d1e	4372	/* Sign the data using EdDSA and key using Ed25519.
wolfSSL	15:117db924cf7c	4373	*
wolfSSL	15:117db924cf7c	4374	* ssl SSL object.
wolfSSL	15:117db924cf7c	4375	* in Data or message to sign.
wolfSSL	15:117db924cf7c	4376	* inSz Length of the data.
wolfSSL	15:117db924cf7c	4377	* out Buffer to hold signature.
wolfSSL	15:117db924cf7c	4378	* outSz On entry, size of the buffer. On exit, the size of the signature.
wolfSSL	16:8e0d178b1d1e	4379	* key The private Ed25519 key data.
wolfSSL	15:117db924cf7c	4380	* keySz The length of the private key data in bytes.
wolfSSL	15:117db924cf7c	4381	* ctx The callback context.
wolfSSL	15:117db924cf7c	4382	* returns 0 on success, otherwise the value is an error.
wolfSSL	15:117db924cf7c	4383	*/
wolfSSL	15:117db924cf7c	4384	int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	15:117db924cf7c	4385	word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo)
wolfSSL	15:117db924cf7c	4386	{
wolfSSL	15:117db924cf7c	4387	int ret;
wolfSSL	15:117db924cf7c	4388	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4389	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	4390	word32 keySz = 0;
wolfSSL	15:117db924cf7c	4391
wolfSSL	15:117db924cf7c	4392	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	4393	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	4394	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	4395	}
wolfSSL	15:117db924cf7c	4396	#endif
wolfSSL	15:117db924cf7c	4397
wolfSSL	15:117db924cf7c	4398	(void)ssl;
wolfSSL	15:117db924cf7c	4399	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	4400
wolfSSL	15:117db924cf7c	4401	WOLFSSL_ENTER("Ed25519Sign");
wolfSSL	15:117db924cf7c	4402
wolfSSL	15:117db924cf7c	4403	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4404	/* initialize event */
wolfSSL	15:117db924cf7c	4405	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4406	if (ret != 0)
wolfSSL	15:117db924cf7c	4407	return ret;
wolfSSL	15:117db924cf7c	4408	#endif
wolfSSL	15:117db924cf7c	4409
wolfSSL	15:117db924cf7c	4410	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	15:117db924cf7c	4411	if (ssl->ctx->Ed25519SignCb) {
wolfSSL	15:117db924cf7c	4412	void* ctx = wolfSSL_GetEd25519SignCtx(ssl);
wolfSSL	15:117db924cf7c	4413	ret = ssl->ctx->Ed25519SignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL	15:117db924cf7c	4414	keySz, ctx);
wolfSSL	15:117db924cf7c	4415	}
wolfSSL	15:117db924cf7c	4416	else
wolfSSL	15:117db924cf7c	4417	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4418	{
wolfSSL	15:117db924cf7c	4419	ret = wc_ed25519_sign_msg(in, inSz, out, outSz, key);
wolfSSL	15:117db924cf7c	4420	}
wolfSSL	15:117db924cf7c	4421
wolfSSL	15:117db924cf7c	4422	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4423	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4424	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4425	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4426	}
wolfSSL	15:117db924cf7c	4427	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4428
wolfSSL	15:117db924cf7c	4429	WOLFSSL_LEAVE("Ed25519Sign", ret);
wolfSSL	15:117db924cf7c	4430
wolfSSL	15:117db924cf7c	4431	return ret;
wolfSSL	15:117db924cf7c	4432	}
wolfSSL	15:117db924cf7c	4433
wolfSSL	16:8e0d178b1d1e	4434	/* Verify the data using EdDSA and key using Ed25519.
wolfSSL	15:117db924cf7c	4435	*
wolfSSL	15:117db924cf7c	4436	* ssl SSL object.
wolfSSL	15:117db924cf7c	4437	* in Signature data.
wolfSSL	15:117db924cf7c	4438	* inSz Length of the signature data in bytes.
wolfSSL	15:117db924cf7c	4439	* msg Message to verify.
wolfSSL	15:117db924cf7c	4440	* outSz Length of message in bytes.
wolfSSL	16:8e0d178b1d1e	4441	* key The public Ed25519 key data.
wolfSSL	15:117db924cf7c	4442	* keySz The length of the private key data in bytes.
wolfSSL	15:117db924cf7c	4443	* ctx The callback context.
wolfSSL	15:117db924cf7c	4444	* returns 0 on success, otherwise the value is an error.
wolfSSL	15:117db924cf7c	4445	*/
wolfSSL	15:117db924cf7c	4446	int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
wolfSSL	15:117db924cf7c	4447	word32 msgSz, ed25519_key* key, buffer* keyBufInfo)
wolfSSL	15:117db924cf7c	4448	{
wolfSSL	15:117db924cf7c	4449	int ret;
wolfSSL	15:117db924cf7c	4450	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4451	const byte* keyBuf = NULL;
wolfSSL	15:117db924cf7c	4452	word32 keySz = 0;
wolfSSL	15:117db924cf7c	4453
wolfSSL	15:117db924cf7c	4454	if (keyBufInfo) {
wolfSSL	15:117db924cf7c	4455	keyBuf = keyBufInfo->buffer;
wolfSSL	15:117db924cf7c	4456	keySz = keyBufInfo->length;
wolfSSL	15:117db924cf7c	4457	}
wolfSSL	15:117db924cf7c	4458	#endif
wolfSSL	15:117db924cf7c	4459
wolfSSL	15:117db924cf7c	4460	(void)ssl;
wolfSSL	15:117db924cf7c	4461	(void)keyBufInfo;
wolfSSL	15:117db924cf7c	4462
wolfSSL	15:117db924cf7c	4463	WOLFSSL_ENTER("Ed25519Verify");
wolfSSL	15:117db924cf7c	4464
wolfSSL	15:117db924cf7c	4465	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4466	/* initialize event */
wolfSSL	15:117db924cf7c	4467	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4468	if (ret != 0)
wolfSSL	15:117db924cf7c	4469	return ret;
wolfSSL	15:117db924cf7c	4470	#endif
wolfSSL	15:117db924cf7c	4471
wolfSSL	15:117db924cf7c	4472	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4473	if (ssl->ctx->Ed25519VerifyCb) {
wolfSSL	15:117db924cf7c	4474	void* ctx = wolfSSL_GetEd25519VerifyCtx(ssl);
wolfSSL	15:117db924cf7c	4475	ret = ssl->ctx->Ed25519VerifyCb(ssl, in, inSz, msg, msgSz, keyBuf,
wolfSSL	15:117db924cf7c	4476	keySz, &ssl->eccVerifyRes, ctx);
wolfSSL	15:117db924cf7c	4477	}
wolfSSL	15:117db924cf7c	4478	else
wolfSSL	15:117db924cf7c	4479	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4480	{
wolfSSL	15:117db924cf7c	4481	ret = wc_ed25519_verify_msg(in, inSz, msg, msgSz,
wolfSSL	15:117db924cf7c	4482	&ssl->eccVerifyRes, key);
wolfSSL	15:117db924cf7c	4483	}
wolfSSL	15:117db924cf7c	4484
wolfSSL	15:117db924cf7c	4485	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4486	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4487	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4488	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4489	}
wolfSSL	15:117db924cf7c	4490	else
wolfSSL	15:117db924cf7c	4491	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4492	{
wolfSSL	15:117db924cf7c	4493	ret = (ret != 0 \|\| ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL	15:117db924cf7c	4494	}
wolfSSL	15:117db924cf7c	4495
wolfSSL	15:117db924cf7c	4496	WOLFSSL_LEAVE("Ed25519Verify", ret);
wolfSSL	15:117db924cf7c	4497
wolfSSL	15:117db924cf7c	4498	return ret;
wolfSSL	15:117db924cf7c	4499	}
wolfSSL	15:117db924cf7c	4500	#endif /* HAVE_ED25519 */
wolfSSL	15:117db924cf7c	4501
wolfSSL	15:117db924cf7c	4502	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	4503
wolfSSL	15:117db924cf7c	4504	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	4505	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4506	/* Gets X25519 key for shared secret callback testing
wolfSSL	15:117db924cf7c	4507	* Client side: returns peer key
wolfSSL	15:117db924cf7c	4508	* Server side: returns private key
wolfSSL	15:117db924cf7c	4509	*/
wolfSSL	15:117db924cf7c	4510	static int X25519GetKey(WOLFSSL* ssl, curve25519_key** otherKey)
wolfSSL	15:117db924cf7c	4511	{
wolfSSL	15:117db924cf7c	4512	int ret = NO_PEER_KEY;
wolfSSL	15:117db924cf7c	4513	struct curve25519_key* tmpKey = NULL;
wolfSSL	15:117db924cf7c	4514
wolfSSL	15:117db924cf7c	4515	if (ssl == NULL \|\| otherKey == NULL) {
wolfSSL	15:117db924cf7c	4516	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	4517	}
wolfSSL	15:117db924cf7c	4518
wolfSSL	15:117db924cf7c	4519	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	4520	if (!ssl->peerX25519Key \|\| !ssl->peerX25519KeyPresent \|\|
wolfSSL	15:117db924cf7c	4521	!ssl->peerX25519Key->dp) {
wolfSSL	15:117db924cf7c	4522	return NO_PEER_KEY;
wolfSSL	15:117db924cf7c	4523	}
wolfSSL	15:117db924cf7c	4524	tmpKey = (struct curve25519_key*)ssl->peerX25519Key;
wolfSSL	15:117db924cf7c	4525	}
wolfSSL	15:117db924cf7c	4526	else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	4527	if (!ssl->eccTempKeyPresent) {
wolfSSL	15:117db924cf7c	4528	return NO_PRIVATE_KEY;
wolfSSL	15:117db924cf7c	4529	}
wolfSSL	15:117db924cf7c	4530	tmpKey = (struct curve25519_key*)ssl->eccTempKey;
wolfSSL	15:117db924cf7c	4531	}
wolfSSL	15:117db924cf7c	4532
wolfSSL	15:117db924cf7c	4533	if (tmpKey) {
wolfSSL	15:117db924cf7c	4534	otherKey = (curve25519_key )tmpKey;
wolfSSL	15:117db924cf7c	4535	ret = 0;
wolfSSL	15:117db924cf7c	4536	}
wolfSSL	15:117db924cf7c	4537
wolfSSL	15:117db924cf7c	4538	return ret;
wolfSSL	15:117db924cf7c	4539	}
wolfSSL	15:117db924cf7c	4540	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	4541
wolfSSL	15:117db924cf7c	4542	static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key,
wolfSSL	15:117db924cf7c	4543	curve25519_key* pub_key, byte* pubKeyDer, word32* pubKeySz,
wolfSSL	15:117db924cf7c	4544	byte* out, word32* outlen, int side)
wolfSSL	15:117db924cf7c	4545	{
wolfSSL	15:117db924cf7c	4546	int ret;
wolfSSL	15:117db924cf7c	4547
wolfSSL	15:117db924cf7c	4548	(void)ssl;
wolfSSL	15:117db924cf7c	4549	(void)pubKeyDer;
wolfSSL	15:117db924cf7c	4550	(void)pubKeySz;
wolfSSL	15:117db924cf7c	4551	(void)side;
wolfSSL	15:117db924cf7c	4552
wolfSSL	15:117db924cf7c	4553	WOLFSSL_ENTER("X25519SharedSecret");
wolfSSL	15:117db924cf7c	4554
wolfSSL	15:117db924cf7c	4555	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4556	/* initialize event */
wolfSSL	15:117db924cf7c	4557	ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	4558	if (ret != 0)
wolfSSL	15:117db924cf7c	4559	return ret;
wolfSSL	15:117db924cf7c	4560	#endif
wolfSSL	15:117db924cf7c	4561
wolfSSL	15:117db924cf7c	4562	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4563	if (ssl->ctx->X25519SharedSecretCb) {
wolfSSL	15:117db924cf7c	4564	curve25519_key* otherKey = NULL;
wolfSSL	15:117db924cf7c	4565
wolfSSL	15:117db924cf7c	4566	ret = X25519GetKey(ssl, &otherKey);
wolfSSL	15:117db924cf7c	4567	if (ret == 0) {
wolfSSL	15:117db924cf7c	4568	void* ctx = wolfSSL_GetX25519SharedSecretCtx(ssl);
wolfSSL	15:117db924cf7c	4569	ret = ssl->ctx->X25519SharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL	15:117db924cf7c	4570	pubKeySz, out, outlen, side, ctx);
wolfSSL	15:117db924cf7c	4571	}
wolfSSL	15:117db924cf7c	4572	}
wolfSSL	15:117db924cf7c	4573	else
wolfSSL	15:117db924cf7c	4574	#endif
wolfSSL	15:117db924cf7c	4575	{
wolfSSL	15:117db924cf7c	4576	ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen,
wolfSSL	15:117db924cf7c	4577	EC25519_LITTLE_ENDIAN);
wolfSSL	15:117db924cf7c	4578	}
wolfSSL	15:117db924cf7c	4579
wolfSSL	15:117db924cf7c	4580	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4581	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4582	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4583	ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev);
wolfSSL	15:117db924cf7c	4584	}
wolfSSL	15:117db924cf7c	4585	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4586
wolfSSL	15:117db924cf7c	4587	WOLFSSL_LEAVE("X25519SharedSecret", ret);
wolfSSL	15:117db924cf7c	4588
wolfSSL	15:117db924cf7c	4589	return ret;
wolfSSL	15:117db924cf7c	4590	}
wolfSSL	15:117db924cf7c	4591
wolfSSL	15:117db924cf7c	4592	static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key,
wolfSSL	15:117db924cf7c	4593	curve25519_key* peer)
wolfSSL	15:117db924cf7c	4594	{
wolfSSL	15:117db924cf7c	4595	int ret = 0;
wolfSSL	15:117db924cf7c	4596
wolfSSL	15:117db924cf7c	4597	(void)peer;
wolfSSL	15:117db924cf7c	4598
wolfSSL	15:117db924cf7c	4599	WOLFSSL_ENTER("X25519MakeKey");
wolfSSL	15:117db924cf7c	4600
wolfSSL	15:117db924cf7c	4601	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4602	/* initialize event */
wolfSSL	15:117db924cf7c	4603	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	4604	if (ret != 0)
wolfSSL	15:117db924cf7c	4605	return ret;
wolfSSL	15:117db924cf7c	4606	#endif
wolfSSL	15:117db924cf7c	4607
wolfSSL	15:117db924cf7c	4608	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4609	if (ssl->ctx->X25519KeyGenCb) {
wolfSSL	15:117db924cf7c	4610	void* ctx = wolfSSL_GetX25519KeyGenCtx(ssl);
wolfSSL	15:117db924cf7c	4611	ret = ssl->ctx->X25519KeyGenCb(ssl, key, CURVE25519_KEYSIZE, ctx);
wolfSSL	15:117db924cf7c	4612	}
wolfSSL	15:117db924cf7c	4613	else
wolfSSL	15:117db924cf7c	4614	#endif
wolfSSL	15:117db924cf7c	4615	{
wolfSSL	15:117db924cf7c	4616	ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key);
wolfSSL	15:117db924cf7c	4617	}
wolfSSL	15:117db924cf7c	4618
wolfSSL	15:117db924cf7c	4619	if (ret == 0) {
wolfSSL	15:117db924cf7c	4620	ssl->ecdhCurveOID = ECC_X25519_OID;
wolfSSL	16:8e0d178b1d1e	4621	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	4622	ssl->namedGroup = 0;
wolfSSL	16:8e0d178b1d1e	4623	#endif
wolfSSL	15:117db924cf7c	4624	}
wolfSSL	15:117db924cf7c	4625
wolfSSL	15:117db924cf7c	4626	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4627	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4628	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4629	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	15:117db924cf7c	4630	}
wolfSSL	15:117db924cf7c	4631	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4632
wolfSSL	15:117db924cf7c	4633	WOLFSSL_LEAVE("X25519MakeKey", ret);
wolfSSL	15:117db924cf7c	4634
wolfSSL	15:117db924cf7c	4635	return ret;
wolfSSL	15:117db924cf7c	4636	}
wolfSSL	15:117db924cf7c	4637	#endif /* HAVE_CURVE25519 */
wolfSSL	15:117db924cf7c	4638
wolfSSL	16:8e0d178b1d1e	4639	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	4640	/* Check whether the key contains a public key.
wolfSSL	16:8e0d178b1d1e	4641	* If not then pull it out of the leaf certificate.
wolfSSL	16:8e0d178b1d1e	4642	*
wolfSSL	16:8e0d178b1d1e	4643	* ssl SSL/TLS object.
wolfSSL	16:8e0d178b1d1e	4644	* returns MEMORY_E when unable to allocate memory, a parsing error, otherwise
wolfSSL	16:8e0d178b1d1e	4645	* 0 on success.
wolfSSL	16:8e0d178b1d1e	4646	*/
wolfSSL	16:8e0d178b1d1e	4647	int Ed448CheckPubKey(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	4648	{
wolfSSL	16:8e0d178b1d1e	4649	ed448_key* key = (ed448_key*)ssl->hsKey;
wolfSSL	16:8e0d178b1d1e	4650	int ret = 0;
wolfSSL	16:8e0d178b1d1e	4651
wolfSSL	16:8e0d178b1d1e	4652	/* Public key required for signing. */
wolfSSL	16:8e0d178b1d1e	4653	if (!key->pubKeySet) {
wolfSSL	16:8e0d178b1d1e	4654	DerBuffer* leaf = ssl->buffers.certificate;
wolfSSL	16:8e0d178b1d1e	4655	DecodedCert* cert = (DecodedCert)XMALLOC(sizeof(cert), ssl->heap,
wolfSSL	16:8e0d178b1d1e	4656	DYNAMIC_TYPE_DCERT);
wolfSSL	16:8e0d178b1d1e	4657	if (cert == NULL)
wolfSSL	16:8e0d178b1d1e	4658	ret = MEMORY_E;
wolfSSL	16:8e0d178b1d1e	4659
wolfSSL	16:8e0d178b1d1e	4660	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	4661	InitDecodedCert(cert, leaf->buffer, leaf->length, ssl->heap);
wolfSSL	16:8e0d178b1d1e	4662	ret = DecodeToKey(cert, 0);
wolfSSL	16:8e0d178b1d1e	4663	}
wolfSSL	16:8e0d178b1d1e	4664	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	4665	ret = wc_ed448_import_public(cert->publicKey, cert->pubKeySize,
wolfSSL	16:8e0d178b1d1e	4666	key);
wolfSSL	16:8e0d178b1d1e	4667	}
wolfSSL	16:8e0d178b1d1e	4668	if (cert != NULL) {
wolfSSL	16:8e0d178b1d1e	4669	FreeDecodedCert(cert);
wolfSSL	16:8e0d178b1d1e	4670	XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	16:8e0d178b1d1e	4671	}
wolfSSL	16:8e0d178b1d1e	4672	}
wolfSSL	16:8e0d178b1d1e	4673
wolfSSL	16:8e0d178b1d1e	4674	return ret;
wolfSSL	16:8e0d178b1d1e	4675	}
wolfSSL	16:8e0d178b1d1e	4676
wolfSSL	16:8e0d178b1d1e	4677	/* Sign the data using EdDSA and key using Ed448.
wolfSSL	16:8e0d178b1d1e	4678	*
wolfSSL	16:8e0d178b1d1e	4679	* ssl SSL object.
wolfSSL	16:8e0d178b1d1e	4680	* in Data or message to sign.
wolfSSL	16:8e0d178b1d1e	4681	* inSz Length of the data.
wolfSSL	16:8e0d178b1d1e	4682	* out Buffer to hold signature.
wolfSSL	16:8e0d178b1d1e	4683	* outSz On entry, size of the buffer. On exit, the size of the signature.
wolfSSL	16:8e0d178b1d1e	4684	* key The private Ed448 key data.
wolfSSL	16:8e0d178b1d1e	4685	* keySz The length of the private key data in bytes.
wolfSSL	16:8e0d178b1d1e	4686	* ctx The callback context.
wolfSSL	16:8e0d178b1d1e	4687	* returns 0 on success, otherwise the value is an error.
wolfSSL	16:8e0d178b1d1e	4688	*/
wolfSSL	16:8e0d178b1d1e	4689	int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL	16:8e0d178b1d1e	4690	word32* outSz, ed448_key* key, DerBuffer* keyBufInfo)
wolfSSL	16:8e0d178b1d1e	4691	{
wolfSSL	16:8e0d178b1d1e	4692	int ret;
wolfSSL	16:8e0d178b1d1e	4693	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4694	const byte* keyBuf = NULL;
wolfSSL	16:8e0d178b1d1e	4695	word32 keySz = 0;
wolfSSL	16:8e0d178b1d1e	4696
wolfSSL	16:8e0d178b1d1e	4697	if (keyBufInfo) {
wolfSSL	16:8e0d178b1d1e	4698	keyBuf = keyBufInfo->buffer;
wolfSSL	16:8e0d178b1d1e	4699	keySz = keyBufInfo->length;
wolfSSL	16:8e0d178b1d1e	4700	}
wolfSSL	16:8e0d178b1d1e	4701	#endif
wolfSSL	16:8e0d178b1d1e	4702
wolfSSL	16:8e0d178b1d1e	4703	(void)ssl;
wolfSSL	16:8e0d178b1d1e	4704	(void)keyBufInfo;
wolfSSL	16:8e0d178b1d1e	4705
wolfSSL	16:8e0d178b1d1e	4706	WOLFSSL_ENTER("Ed448Sign");
wolfSSL	16:8e0d178b1d1e	4707
wolfSSL	16:8e0d178b1d1e	4708	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4709	/* initialize event */
wolfSSL	16:8e0d178b1d1e	4710	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	16:8e0d178b1d1e	4711	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	4712	return ret;
wolfSSL	16:8e0d178b1d1e	4713	#endif
wolfSSL	16:8e0d178b1d1e	4714
wolfSSL	16:8e0d178b1d1e	4715	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	16:8e0d178b1d1e	4716	if (ssl->ctx->Ed448SignCb) {
wolfSSL	16:8e0d178b1d1e	4717	void* ctx = wolfSSL_GetEd448SignCtx(ssl);
wolfSSL	16:8e0d178b1d1e	4718	ret = ssl->ctx->Ed448SignCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL	16:8e0d178b1d1e	4719	ctx);
wolfSSL	16:8e0d178b1d1e	4720	}
wolfSSL	16:8e0d178b1d1e	4721	else
wolfSSL	16:8e0d178b1d1e	4722	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	16:8e0d178b1d1e	4723	{
wolfSSL	16:8e0d178b1d1e	4724	ret = wc_ed448_sign_msg(in, inSz, out, outSz, key, NULL, 0);
wolfSSL	16:8e0d178b1d1e	4725	}
wolfSSL	16:8e0d178b1d1e	4726
wolfSSL	16:8e0d178b1d1e	4727	/* Handle async pending response */
wolfSSL	16:8e0d178b1d1e	4728	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4729	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	4730	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	16:8e0d178b1d1e	4731	}
wolfSSL	16:8e0d178b1d1e	4732	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	16:8e0d178b1d1e	4733
wolfSSL	16:8e0d178b1d1e	4734	WOLFSSL_LEAVE("Ed448Sign", ret);
wolfSSL	16:8e0d178b1d1e	4735
wolfSSL	16:8e0d178b1d1e	4736	return ret;
wolfSSL	16:8e0d178b1d1e	4737	}
wolfSSL	16:8e0d178b1d1e	4738
wolfSSL	16:8e0d178b1d1e	4739	/* Verify the data using EdDSA and key using Ed448.
wolfSSL	16:8e0d178b1d1e	4740	*
wolfSSL	16:8e0d178b1d1e	4741	* ssl SSL object.
wolfSSL	16:8e0d178b1d1e	4742	* in Signature data.
wolfSSL	16:8e0d178b1d1e	4743	* inSz Length of the signature data in bytes.
wolfSSL	16:8e0d178b1d1e	4744	* msg Message to verify.
wolfSSL	16:8e0d178b1d1e	4745	* outSz Length of message in bytes.
wolfSSL	16:8e0d178b1d1e	4746	* key The public Ed448 key data.
wolfSSL	16:8e0d178b1d1e	4747	* keySz The length of the private key data in bytes.
wolfSSL	16:8e0d178b1d1e	4748	* ctx The callback context.
wolfSSL	16:8e0d178b1d1e	4749	* returns 0 on success, otherwise the value is an error.
wolfSSL	16:8e0d178b1d1e	4750	*/
wolfSSL	16:8e0d178b1d1e	4751	int Ed448Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg,
wolfSSL	16:8e0d178b1d1e	4752	word32 msgSz, ed448_key* key, buffer* keyBufInfo)
wolfSSL	16:8e0d178b1d1e	4753	{
wolfSSL	16:8e0d178b1d1e	4754	int ret;
wolfSSL	16:8e0d178b1d1e	4755	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4756	const byte* keyBuf = NULL;
wolfSSL	16:8e0d178b1d1e	4757	word32 keySz = 0;
wolfSSL	16:8e0d178b1d1e	4758
wolfSSL	16:8e0d178b1d1e	4759	if (keyBufInfo) {
wolfSSL	16:8e0d178b1d1e	4760	keyBuf = keyBufInfo->buffer;
wolfSSL	16:8e0d178b1d1e	4761	keySz = keyBufInfo->length;
wolfSSL	16:8e0d178b1d1e	4762	}
wolfSSL	16:8e0d178b1d1e	4763	#endif
wolfSSL	16:8e0d178b1d1e	4764
wolfSSL	16:8e0d178b1d1e	4765	(void)ssl;
wolfSSL	16:8e0d178b1d1e	4766	(void)keyBufInfo;
wolfSSL	16:8e0d178b1d1e	4767
wolfSSL	16:8e0d178b1d1e	4768	WOLFSSL_ENTER("Ed448Verify");
wolfSSL	16:8e0d178b1d1e	4769
wolfSSL	16:8e0d178b1d1e	4770	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4771	/* initialize event */
wolfSSL	16:8e0d178b1d1e	4772	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	16:8e0d178b1d1e	4773	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	4774	return ret;
wolfSSL	16:8e0d178b1d1e	4775	#endif
wolfSSL	16:8e0d178b1d1e	4776
wolfSSL	16:8e0d178b1d1e	4777	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4778	if (ssl->ctx->Ed448VerifyCb) {
wolfSSL	16:8e0d178b1d1e	4779	void* ctx = wolfSSL_GetEd448VerifyCtx(ssl);
wolfSSL	16:8e0d178b1d1e	4780	ret = ssl->ctx->Ed448VerifyCb(ssl, in, inSz, msg, msgSz, keyBuf, keySz,
wolfSSL	16:8e0d178b1d1e	4781	&ssl->eccVerifyRes, ctx);
wolfSSL	16:8e0d178b1d1e	4782	}
wolfSSL	16:8e0d178b1d1e	4783	else
wolfSSL	16:8e0d178b1d1e	4784	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	16:8e0d178b1d1e	4785	{
wolfSSL	16:8e0d178b1d1e	4786	ret = wc_ed448_verify_msg(in, inSz, msg, msgSz, &ssl->eccVerifyRes, key,
wolfSSL	16:8e0d178b1d1e	4787	NULL, 0);
wolfSSL	16:8e0d178b1d1e	4788	}
wolfSSL	16:8e0d178b1d1e	4789
wolfSSL	16:8e0d178b1d1e	4790	/* Handle async pending response */
wolfSSL	16:8e0d178b1d1e	4791	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4792	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	4793	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	16:8e0d178b1d1e	4794	}
wolfSSL	16:8e0d178b1d1e	4795	else
wolfSSL	16:8e0d178b1d1e	4796	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	16:8e0d178b1d1e	4797	{
wolfSSL	16:8e0d178b1d1e	4798	ret = (ret != 0 \|\| ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL	16:8e0d178b1d1e	4799	}
wolfSSL	16:8e0d178b1d1e	4800
wolfSSL	16:8e0d178b1d1e	4801	WOLFSSL_LEAVE("Ed448Verify", ret);
wolfSSL	16:8e0d178b1d1e	4802
wolfSSL	16:8e0d178b1d1e	4803	return ret;
wolfSSL	16:8e0d178b1d1e	4804	}
wolfSSL	16:8e0d178b1d1e	4805	#endif /* HAVE_ED448 */
wolfSSL	16:8e0d178b1d1e	4806
wolfSSL	16:8e0d178b1d1e	4807	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	4808	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4809	/* Gets X448 key for shared secret callback testing
wolfSSL	16:8e0d178b1d1e	4810	* Client side: returns peer key
wolfSSL	16:8e0d178b1d1e	4811	* Server side: returns private key
wolfSSL	16:8e0d178b1d1e	4812	*/
wolfSSL	16:8e0d178b1d1e	4813	static int X448GetKey(WOLFSSL* ssl, curve448_key** otherKey)
wolfSSL	16:8e0d178b1d1e	4814	{
wolfSSL	16:8e0d178b1d1e	4815	int ret = NO_PEER_KEY;
wolfSSL	16:8e0d178b1d1e	4816	struct curve448_key* tmpKey = NULL;
wolfSSL	16:8e0d178b1d1e	4817
wolfSSL	16:8e0d178b1d1e	4818	if (ssl == NULL \|\| otherKey == NULL) {
wolfSSL	16:8e0d178b1d1e	4819	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	4820	}
wolfSSL	16:8e0d178b1d1e	4821
wolfSSL	16:8e0d178b1d1e	4822	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	4823	if (!ssl->peerX448Key \|\| !ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	4824	return NO_PEER_KEY;
wolfSSL	16:8e0d178b1d1e	4825	}
wolfSSL	16:8e0d178b1d1e	4826	tmpKey = (struct curve448_key*)ssl->peerX448Key;
wolfSSL	16:8e0d178b1d1e	4827	}
wolfSSL	16:8e0d178b1d1e	4828	else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	16:8e0d178b1d1e	4829	if (!ssl->eccTempKeyPresent) {
wolfSSL	16:8e0d178b1d1e	4830	return NO_PRIVATE_KEY;
wolfSSL	16:8e0d178b1d1e	4831	}
wolfSSL	16:8e0d178b1d1e	4832	tmpKey = (struct curve448_key*)ssl->eccTempKey;
wolfSSL	16:8e0d178b1d1e	4833	}
wolfSSL	16:8e0d178b1d1e	4834
wolfSSL	16:8e0d178b1d1e	4835	if (tmpKey) {
wolfSSL	16:8e0d178b1d1e	4836	otherKey = (curve448_key )tmpKey;
wolfSSL	16:8e0d178b1d1e	4837	ret = 0;
wolfSSL	16:8e0d178b1d1e	4838	}
wolfSSL	16:8e0d178b1d1e	4839
wolfSSL	16:8e0d178b1d1e	4840	return ret;
wolfSSL	16:8e0d178b1d1e	4841	}
wolfSSL	16:8e0d178b1d1e	4842	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	16:8e0d178b1d1e	4843
wolfSSL	16:8e0d178b1d1e	4844	static int X448SharedSecret(WOLFSSL* ssl, curve448_key* priv_key,
wolfSSL	16:8e0d178b1d1e	4845	curve448_key* pub_key, byte* pubKeyDer,
wolfSSL	16:8e0d178b1d1e	4846	word32* pubKeySz, byte* out, word32* outlen,
wolfSSL	16:8e0d178b1d1e	4847	int side)
wolfSSL	16:8e0d178b1d1e	4848	{
wolfSSL	16:8e0d178b1d1e	4849	int ret;
wolfSSL	16:8e0d178b1d1e	4850
wolfSSL	16:8e0d178b1d1e	4851	(void)ssl;
wolfSSL	16:8e0d178b1d1e	4852	(void)pubKeyDer;
wolfSSL	16:8e0d178b1d1e	4853	(void)pubKeySz;
wolfSSL	16:8e0d178b1d1e	4854	(void)side;
wolfSSL	16:8e0d178b1d1e	4855
wolfSSL	16:8e0d178b1d1e	4856	WOLFSSL_ENTER("X448SharedSecret");
wolfSSL	16:8e0d178b1d1e	4857
wolfSSL	16:8e0d178b1d1e	4858	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4859	/* initialize event */
wolfSSL	16:8e0d178b1d1e	4860	ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	16:8e0d178b1d1e	4861	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	4862	return ret;
wolfSSL	16:8e0d178b1d1e	4863	#endif
wolfSSL	16:8e0d178b1d1e	4864
wolfSSL	16:8e0d178b1d1e	4865	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4866	if (ssl->ctx->X448SharedSecretCb) {
wolfSSL	16:8e0d178b1d1e	4867	curve448_key* otherKey = NULL;
wolfSSL	16:8e0d178b1d1e	4868
wolfSSL	16:8e0d178b1d1e	4869	ret = X448GetKey(ssl, &otherKey);
wolfSSL	16:8e0d178b1d1e	4870	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	4871	void* ctx = wolfSSL_GetX448SharedSecretCtx(ssl);
wolfSSL	16:8e0d178b1d1e	4872	ret = ssl->ctx->X448SharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL	16:8e0d178b1d1e	4873	pubKeySz, out, outlen, side, ctx);
wolfSSL	16:8e0d178b1d1e	4874	}
wolfSSL	16:8e0d178b1d1e	4875	}
wolfSSL	16:8e0d178b1d1e	4876	else
wolfSSL	16:8e0d178b1d1e	4877	#endif
wolfSSL	16:8e0d178b1d1e	4878	{
wolfSSL	16:8e0d178b1d1e	4879	ret = wc_curve448_shared_secret_ex(priv_key, pub_key, out, outlen,
wolfSSL	16:8e0d178b1d1e	4880	EC448_LITTLE_ENDIAN);
wolfSSL	16:8e0d178b1d1e	4881	}
wolfSSL	16:8e0d178b1d1e	4882
wolfSSL	16:8e0d178b1d1e	4883	/* Handle async pending response */
wolfSSL	16:8e0d178b1d1e	4884	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4885	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	4886	ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev);
wolfSSL	16:8e0d178b1d1e	4887	}
wolfSSL	16:8e0d178b1d1e	4888	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	16:8e0d178b1d1e	4889
wolfSSL	16:8e0d178b1d1e	4890	WOLFSSL_LEAVE("X448SharedSecret", ret);
wolfSSL	16:8e0d178b1d1e	4891
wolfSSL	16:8e0d178b1d1e	4892	return ret;
wolfSSL	16:8e0d178b1d1e	4893	}
wolfSSL	16:8e0d178b1d1e	4894
wolfSSL	16:8e0d178b1d1e	4895	static int X448MakeKey(WOLFSSL* ssl, curve448_key* key, curve448_key* peer)
wolfSSL	16:8e0d178b1d1e	4896	{
wolfSSL	16:8e0d178b1d1e	4897	int ret = 0;
wolfSSL	16:8e0d178b1d1e	4898
wolfSSL	16:8e0d178b1d1e	4899	(void)peer;
wolfSSL	16:8e0d178b1d1e	4900
wolfSSL	16:8e0d178b1d1e	4901	WOLFSSL_ENTER("X448MakeKey");
wolfSSL	16:8e0d178b1d1e	4902
wolfSSL	16:8e0d178b1d1e	4903	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4904	/* initialize event */
wolfSSL	16:8e0d178b1d1e	4905	ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	16:8e0d178b1d1e	4906	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	4907	return ret;
wolfSSL	16:8e0d178b1d1e	4908	#endif
wolfSSL	16:8e0d178b1d1e	4909
wolfSSL	16:8e0d178b1d1e	4910	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	4911	if (ssl->ctx->X448KeyGenCb) {
wolfSSL	16:8e0d178b1d1e	4912	void* ctx = wolfSSL_GetX448KeyGenCtx(ssl);
wolfSSL	16:8e0d178b1d1e	4913	ret = ssl->ctx->X448KeyGenCb(ssl, key, CURVE448_KEY_SIZE, ctx);
wolfSSL	16:8e0d178b1d1e	4914	}
wolfSSL	16:8e0d178b1d1e	4915	else
wolfSSL	16:8e0d178b1d1e	4916	#endif
wolfSSL	16:8e0d178b1d1e	4917	{
wolfSSL	16:8e0d178b1d1e	4918	ret = wc_curve448_make_key(ssl->rng, CURVE448_KEY_SIZE, key);
wolfSSL	16:8e0d178b1d1e	4919	}
wolfSSL	16:8e0d178b1d1e	4920
wolfSSL	16:8e0d178b1d1e	4921	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	4922	ssl->ecdhCurveOID = ECC_X448_OID;
wolfSSL	16:8e0d178b1d1e	4923	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	4924	ssl->namedGroup = 0;
wolfSSL	16:8e0d178b1d1e	4925	#endif
wolfSSL	16:8e0d178b1d1e	4926	}
wolfSSL	16:8e0d178b1d1e	4927
wolfSSL	16:8e0d178b1d1e	4928	/* Handle async pending response */
wolfSSL	16:8e0d178b1d1e	4929	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	4930	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	4931	ret = wolfSSL_AsyncPush(ssl, &key->asyncDev);
wolfSSL	16:8e0d178b1d1e	4932	}
wolfSSL	16:8e0d178b1d1e	4933	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	16:8e0d178b1d1e	4934
wolfSSL	16:8e0d178b1d1e	4935	WOLFSSL_LEAVE("X448MakeKey", ret);
wolfSSL	16:8e0d178b1d1e	4936
wolfSSL	16:8e0d178b1d1e	4937	return ret;
wolfSSL	16:8e0d178b1d1e	4938	}
wolfSSL	16:8e0d178b1d1e	4939	#endif /* HAVE_CURVE448 */
wolfSSL	16:8e0d178b1d1e	4940
wolfSSL	15:117db924cf7c	4941	#if !defined(NO_CERTS) \|\| !defined(NO_PSK)
wolfSSL	15:117db924cf7c	4942	#if !defined(NO_DH)
wolfSSL	15:117db924cf7c	4943
wolfSSL	15:117db924cf7c	4944	int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	15:117db924cf7c	4945	byte* priv, word32* privSz,
wolfSSL	15:117db924cf7c	4946	byte* pub, word32* pubSz)
wolfSSL	15:117db924cf7c	4947	{
wolfSSL	15:117db924cf7c	4948	int ret;
wolfSSL	15:117db924cf7c	4949
wolfSSL	15:117db924cf7c	4950	WOLFSSL_ENTER("DhGenKeyPair");
wolfSSL	15:117db924cf7c	4951
wolfSSL	15:117db924cf7c	4952	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4953	/* initialize event */
wolfSSL	15:117db924cf7c	4954	ret = wolfSSL_AsyncInit(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	4955	if (ret != 0)
wolfSSL	15:117db924cf7c	4956	return ret;
wolfSSL	15:117db924cf7c	4957	#endif
wolfSSL	15:117db924cf7c	4958
wolfSSL	15:117db924cf7c	4959	ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, priv, privSz, pub, pubSz);
wolfSSL	15:117db924cf7c	4960
wolfSSL	15:117db924cf7c	4961	/* Handle async pending response */
wolfSSL	15:117db924cf7c	4962	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4963	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	4964	ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev);
wolfSSL	15:117db924cf7c	4965	}
wolfSSL	15:117db924cf7c	4966	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	4967
wolfSSL	15:117db924cf7c	4968	WOLFSSL_LEAVE("DhGenKeyPair", ret);
wolfSSL	15:117db924cf7c	4969
wolfSSL	15:117db924cf7c	4970	return ret;
wolfSSL	15:117db924cf7c	4971	}
wolfSSL	15:117db924cf7c	4972
wolfSSL	15:117db924cf7c	4973	int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL	15:117db924cf7c	4974	const byte* priv, word32 privSz,
wolfSSL	15:117db924cf7c	4975	const byte* otherPub, word32 otherPubSz,
wolfSSL	15:117db924cf7c	4976	byte* agree, word32* agreeSz)
wolfSSL	15:117db924cf7c	4977	{
wolfSSL	15:117db924cf7c	4978	int ret;
wolfSSL	15:117db924cf7c	4979
wolfSSL	15:117db924cf7c	4980	(void)ssl;
wolfSSL	15:117db924cf7c	4981
wolfSSL	15:117db924cf7c	4982	WOLFSSL_ENTER("DhAgree");
wolfSSL	15:117db924cf7c	4983
wolfSSL	15:117db924cf7c	4984	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	4985	/* initialize event */
wolfSSL	15:117db924cf7c	4986	ret = wolfSSL_AsyncInit(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	4987	if (ret != 0)
wolfSSL	15:117db924cf7c	4988	return ret;
wolfSSL	15:117db924cf7c	4989	#endif
wolfSSL	15:117db924cf7c	4990
wolfSSL	15:117db924cf7c	4991	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	4992	if (ssl->ctx->DhAgreeCb) {
wolfSSL	15:117db924cf7c	4993	void* ctx = wolfSSL_GetDhAgreeCtx(ssl);
wolfSSL	15:117db924cf7c	4994
wolfSSL	15:117db924cf7c	4995	WOLFSSL_MSG("Calling DhAgree Callback Function");
wolfSSL	15:117db924cf7c	4996	ret = ssl->ctx->DhAgreeCb(ssl, dhKey, priv, privSz,
wolfSSL	15:117db924cf7c	4997	otherPub, otherPubSz, agree, agreeSz, ctx);
wolfSSL	15:117db924cf7c	4998	}
wolfSSL	15:117db924cf7c	4999	else
wolfSSL	15:117db924cf7c	5000	#endif
wolfSSL	15:117db924cf7c	5001	{
wolfSSL	16:8e0d178b1d1e	5002	#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	5003	ret = wc_DhCheckPubValue(ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	5004	ssl->buffers.serverDH_P.length, otherPub, otherPubSz);
wolfSSL	16:8e0d178b1d1e	5005	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	5006	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	5007	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	5008	#endif
wolfSSL	16:8e0d178b1d1e	5009	}
wolfSSL	16:8e0d178b1d1e	5010	else
wolfSSL	16:8e0d178b1d1e	5011	#endif
wolfSSL	16:8e0d178b1d1e	5012	{
wolfSSL	16:8e0d178b1d1e	5013	ret = wc_DhAgree(dhKey, agree, agreeSz, priv, privSz, otherPub,
wolfSSL	16:8e0d178b1d1e	5014	otherPubSz);
wolfSSL	16:8e0d178b1d1e	5015	}
wolfSSL	15:117db924cf7c	5016	}
wolfSSL	15:117db924cf7c	5017
wolfSSL	15:117db924cf7c	5018	/* Handle async pending response */
wolfSSL	15:117db924cf7c	5019	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	5020	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	5021	ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev);
wolfSSL	15:117db924cf7c	5022	}
wolfSSL	15:117db924cf7c	5023	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	5024
wolfSSL	15:117db924cf7c	5025	WOLFSSL_LEAVE("DhAgree", ret);
wolfSSL	15:117db924cf7c	5026
wolfSSL	15:117db924cf7c	5027	return ret;
wolfSSL	15:117db924cf7c	5028	}
wolfSSL	15:117db924cf7c	5029	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	5030	#endif /* !NO_CERTS \|\| !NO_PSK */
wolfSSL	15:117db924cf7c	5031
wolfSSL	15:117db924cf7c	5032	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	5033
wolfSSL	15:117db924cf7c	5034
wolfSSL	15:117db924cf7c	5035	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	5036	int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	5037	{
wolfSSL	16:8e0d178b1d1e	5038	int pkcbset = 0;
wolfSSL	16:8e0d178b1d1e	5039	(void)ssl;
wolfSSL	16:8e0d178b1d1e	5040
wolfSSL	16:8e0d178b1d1e	5041	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448) \|\| \
wolfSSL	16:8e0d178b1d1e	5042	!defined(NO_RSA)
wolfSSL	16:8e0d178b1d1e	5043	if (0
wolfSSL	16:8e0d178b1d1e	5044	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	5045	\|\| (ssl->ctx->EccSignCb != NULL &&
wolfSSL	16:8e0d178b1d1e	5046	ssl->buffers.keyType == ecc_dsa_sa_algo)
wolfSSL	16:8e0d178b1d1e	5047	#endif
wolfSSL	16:8e0d178b1d1e	5048	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	5049	\|\| (ssl->ctx->Ed25519SignCb != NULL &&
wolfSSL	16:8e0d178b1d1e	5050	ssl->buffers.keyType == ed25519_sa_algo)
wolfSSL	16:8e0d178b1d1e	5051	#endif
wolfSSL	16:8e0d178b1d1e	5052	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	5053	\|\| (ssl->ctx->Ed448SignCb != NULL &&
wolfSSL	16:8e0d178b1d1e	5054	ssl->buffers.keyType == ed448_sa_algo)
wolfSSL	16:8e0d178b1d1e	5055	#endif
wolfSSL	16:8e0d178b1d1e	5056	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	5057	\|\| (ssl->ctx->RsaSignCb != NULL && ssl->buffers.keyType == rsa_sa_algo)
wolfSSL	16:8e0d178b1d1e	5058	\|\| (ssl->ctx->RsaDecCb != NULL && ssl->buffers.keyType == rsa_kea)
wolfSSL	16:8e0d178b1d1e	5059	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	5060	\|\| (ssl->ctx->RsaPssSignCb != NULL &&
wolfSSL	16:8e0d178b1d1e	5061	ssl->buffers.keyType == rsa_pss_sa_algo)
wolfSSL	16:8e0d178b1d1e	5062	#endif
wolfSSL	16:8e0d178b1d1e	5063	#endif
wolfSSL	16:8e0d178b1d1e	5064	) {
wolfSSL	16:8e0d178b1d1e	5065	pkcbset = 1;
wolfSSL	16:8e0d178b1d1e	5066	}
wolfSSL	16:8e0d178b1d1e	5067	#endif
wolfSSL	16:8e0d178b1d1e	5068	return pkcbset;
wolfSSL	16:8e0d178b1d1e	5069	}
wolfSSL	16:8e0d178b1d1e	5070
wolfSSL	15:117db924cf7c	5071	int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx)
wolfSSL	15:117db924cf7c	5072	{
wolfSSL	15:117db924cf7c	5073	int pkcbset = 0;
wolfSSL	15:117db924cf7c	5074	(void)ctx;
wolfSSL	16:8e0d178b1d1e	5075	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448) \|\| \
wolfSSL	16:8e0d178b1d1e	5076	!defined(NO_RSA)
wolfSSL	15:117db924cf7c	5077	if (0
wolfSSL	15:117db924cf7c	5078	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	5079	\|\| ctx->EccSignCb != NULL
wolfSSL	15:117db924cf7c	5080	#endif
wolfSSL	15:117db924cf7c	5081	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	5082	\|\| ctx->Ed25519SignCb != NULL
wolfSSL	15:117db924cf7c	5083	#endif
wolfSSL	16:8e0d178b1d1e	5084	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	5085	\|\| ctx->Ed448SignCb != NULL
wolfSSL	16:8e0d178b1d1e	5086	#endif
wolfSSL	15:117db924cf7c	5087	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	5088	\|\| ctx->RsaSignCb != NULL
wolfSSL	15:117db924cf7c	5089	\|\| ctx->RsaDecCb != NULL
wolfSSL	15:117db924cf7c	5090	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	5091	\|\| ctx->RsaPssSignCb != NULL
wolfSSL	15:117db924cf7c	5092	#endif
wolfSSL	15:117db924cf7c	5093	#endif
wolfSSL	15:117db924cf7c	5094	) {
wolfSSL	15:117db924cf7c	5095	pkcbset = 1;
wolfSSL	15:117db924cf7c	5096	}
wolfSSL	15:117db924cf7c	5097	#endif
wolfSSL	15:117db924cf7c	5098	return pkcbset;
wolfSSL	15:117db924cf7c	5099	}
wolfSSL	15:117db924cf7c	5100	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	5101
wolfSSL	16:8e0d178b1d1e	5102
wolfSSL	16:8e0d178b1d1e	5103	int InitSSL_Suites(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	5104	{
wolfSSL	16:8e0d178b1d1e	5105	int keySz = 0;
wolfSSL	16:8e0d178b1d1e	5106	byte havePSK = 0;
wolfSSL	16:8e0d178b1d1e	5107	byte haveAnon = 0;
wolfSSL	16:8e0d178b1d1e	5108	byte haveRSA = 0;
wolfSSL	16:8e0d178b1d1e	5109	byte haveMcast = 0;
wolfSSL	16:8e0d178b1d1e	5110
wolfSSL	16:8e0d178b1d1e	5111	(void)haveAnon; /* Squash unused var warnings */
wolfSSL	16:8e0d178b1d1e	5112	(void)haveMcast;
wolfSSL	16:8e0d178b1d1e	5113
wolfSSL	16:8e0d178b1d1e	5114	if (!ssl)
wolfSSL	16:8e0d178b1d1e	5115	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	5116
wolfSSL	16:8e0d178b1d1e	5117	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	5118	haveRSA = 1;
wolfSSL	16:8e0d178b1d1e	5119	#endif
wolfSSL	16:8e0d178b1d1e	5120	#ifndef NO_PSK
wolfSSL	16:8e0d178b1d1e	5121	havePSK = (byte)ssl->options.havePSK;
wolfSSL	16:8e0d178b1d1e	5122	#endif /* NO_PSK */
wolfSSL	16:8e0d178b1d1e	5123	#ifdef HAVE_ANON
wolfSSL	16:8e0d178b1d1e	5124	haveAnon = (byte)ssl->options.haveAnon;
wolfSSL	16:8e0d178b1d1e	5125	#endif /* HAVE_ANON*/
wolfSSL	16:8e0d178b1d1e	5126	#ifdef WOLFSSL_MULTICAST
wolfSSL	16:8e0d178b1d1e	5127	haveMcast = (byte)ssl->options.haveMcast;
wolfSSL	16:8e0d178b1d1e	5128	#endif /* WOLFSSL_MULTICAST */
wolfSSL	16:8e0d178b1d1e	5129
wolfSSL	16:8e0d178b1d1e	5130	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	16:8e0d178b1d1e	5131	if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	16:8e0d178b1d1e	5132	ssl->options.maxEarlyDataSz = ssl->ctx->maxEarlyDataSz;
wolfSSL	16:8e0d178b1d1e	5133	#endif
wolfSSL	16:8e0d178b1d1e	5134	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	5135	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	5136	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	16:8e0d178b1d1e	5137	ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END \|\|
wolfSSL	16:8e0d178b1d1e	5138	ssl->buffers.keyType == ed25519_sa_algo \|\|
wolfSSL	16:8e0d178b1d1e	5139	ssl->buffers.keyType == ed448_sa_algo;
wolfSSL	16:8e0d178b1d1e	5140	#endif
wolfSSL	16:8e0d178b1d1e	5141
wolfSSL	16:8e0d178b1d1e	5142	#ifndef NO_CERTS
wolfSSL	16:8e0d178b1d1e	5143	keySz = ssl->buffers.keySz;
wolfSSL	16:8e0d178b1d1e	5144	#endif
wolfSSL	16:8e0d178b1d1e	5145
wolfSSL	16:8e0d178b1d1e	5146	/* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL	16:8e0d178b1d1e	5147	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	16:8e0d178b1d1e	5148	InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL	16:8e0d178b1d1e	5149	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	16:8e0d178b1d1e	5150	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	16:8e0d178b1d1e	5151	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	16:8e0d178b1d1e	5152	}
wolfSSL	16:8e0d178b1d1e	5153	else {
wolfSSL	16:8e0d178b1d1e	5154	InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL	16:8e0d178b1d1e	5155	TRUE, ssl->options.haveNTRU,
wolfSSL	16:8e0d178b1d1e	5156	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	16:8e0d178b1d1e	5157	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	16:8e0d178b1d1e	5158	}
wolfSSL	16:8e0d178b1d1e	5159
wolfSSL	16:8e0d178b1d1e	5160	#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
wolfSSL	16:8e0d178b1d1e	5161	/* make sure server has cert and key unless using PSK, Anon, or
wolfSSL	16:8e0d178b1d1e	5162	* Multicast. This should be true even if just switching ssl ctx */
wolfSSL	16:8e0d178b1d1e	5163	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	16:8e0d178b1d1e	5164	!havePSK && !haveAnon && !haveMcast) {
wolfSSL	16:8e0d178b1d1e	5165
wolfSSL	16:8e0d178b1d1e	5166	/* server certificate must be loaded */
wolfSSL	16:8e0d178b1d1e	5167	if (!ssl->buffers.certificate \|\| !ssl->buffers.certificate->buffer) {
wolfSSL	16:8e0d178b1d1e	5168	WOLFSSL_MSG("Server missing certificate");
wolfSSL	16:8e0d178b1d1e	5169	return NO_PRIVATE_KEY;
wolfSSL	16:8e0d178b1d1e	5170	}
wolfSSL	16:8e0d178b1d1e	5171
wolfSSL	16:8e0d178b1d1e	5172	/* allow no private key if using PK callbacks and CB is set */
wolfSSL	16:8e0d178b1d1e	5173	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	5174	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
wolfSSL	16:8e0d178b1d1e	5175	WOLFSSL_MSG("Using PK for server private key");
wolfSSL	16:8e0d178b1d1e	5176	}
wolfSSL	16:8e0d178b1d1e	5177	else
wolfSSL	16:8e0d178b1d1e	5178	#endif
wolfSSL	16:8e0d178b1d1e	5179	if (!ssl->buffers.key \|\| !ssl->buffers.key->buffer) {
wolfSSL	16:8e0d178b1d1e	5180	WOLFSSL_MSG("Server missing private key");
wolfSSL	16:8e0d178b1d1e	5181	return NO_PRIVATE_KEY;
wolfSSL	16:8e0d178b1d1e	5182	}
wolfSSL	16:8e0d178b1d1e	5183	}
wolfSSL	16:8e0d178b1d1e	5184	#endif
wolfSSL	16:8e0d178b1d1e	5185
wolfSSL	16:8e0d178b1d1e	5186	return WOLFSSL_SUCCESS;
wolfSSL	16:8e0d178b1d1e	5187	}
wolfSSL	16:8e0d178b1d1e	5188
wolfSSL	16:8e0d178b1d1e	5189	/* returns new reference count. Arg incr positive=up or negative=down */
wolfSSL	16:8e0d178b1d1e	5190	int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr)
wolfSSL	16:8e0d178b1d1e	5191	{
wolfSSL	16:8e0d178b1d1e	5192	int refCount;
wolfSSL	16:8e0d178b1d1e	5193
wolfSSL	16:8e0d178b1d1e	5194	if (ctx == NULL) {
wolfSSL	16:8e0d178b1d1e	5195	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	5196	}
wolfSSL	16:8e0d178b1d1e	5197
wolfSSL	16:8e0d178b1d1e	5198	if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL	16:8e0d178b1d1e	5199	WOLFSSL_MSG("Couldn't lock CTX count mutex");
wolfSSL	16:8e0d178b1d1e	5200	return BAD_MUTEX_E;
wolfSSL	16:8e0d178b1d1e	5201	}
wolfSSL	16:8e0d178b1d1e	5202
wolfSSL	16:8e0d178b1d1e	5203	ctx->refCount += incr;
wolfSSL	16:8e0d178b1d1e	5204	/* make sure refCount is never negative */
wolfSSL	16:8e0d178b1d1e	5205	if (ctx->refCount < 0) {
wolfSSL	16:8e0d178b1d1e	5206	ctx->refCount = 0;
wolfSSL	16:8e0d178b1d1e	5207	}
wolfSSL	16:8e0d178b1d1e	5208	refCount = ctx->refCount;
wolfSSL	16:8e0d178b1d1e	5209
wolfSSL	16:8e0d178b1d1e	5210	wc_UnLockMutex(&ctx->countMutex);
wolfSSL	16:8e0d178b1d1e	5211
wolfSSL	16:8e0d178b1d1e	5212	return refCount;
wolfSSL	16:8e0d178b1d1e	5213	}
wolfSSL	16:8e0d178b1d1e	5214
wolfSSL	15:117db924cf7c	5215	/* This function inherits a WOLFSSL_CTX's fields into an SSL object.
wolfSSL	15:117db924cf7c	5216	It is used during initialization and to switch an ssl's CTX with
wolfSSL	15:117db924cf7c	5217	wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK
wolfSSL	15:117db924cf7c	5218	unless writeDup is on.
wolfSSL	15:117db924cf7c	5219
wolfSSL	15:117db924cf7c	5220	ssl object to initialize
wolfSSL	15:117db924cf7c	5221	ctx parent factory
wolfSSL	15:117db924cf7c	5222	writeDup flag indicating this is a write dup only
wolfSSL	15:117db924cf7c	5223
wolfSSL	15:117db924cf7c	5224	WOLFSSL_SUCCESS return value on success */
wolfSSL	15:117db924cf7c	5225	int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL	15:117db924cf7c	5226	{
wolfSSL	16:8e0d178b1d1e	5227	int ret;
wolfSSL	15:117db924cf7c	5228	byte newSSL;
wolfSSL	15:117db924cf7c	5229
wolfSSL	15:117db924cf7c	5230	if (!ssl \|\| !ctx)
wolfSSL	15:117db924cf7c	5231	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	5232
wolfSSL	16:8e0d178b1d1e	5233	#ifndef SINGLE_THREADED
wolfSSL	15:117db924cf7c	5234	if (ssl->suites == NULL && !writeDup)
wolfSSL	15:117db924cf7c	5235	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	5236	#endif
wolfSSL	15:117db924cf7c	5237
wolfSSL	15:117db924cf7c	5238	newSSL = ssl->ctx == NULL; /* Assign after null check */
wolfSSL	15:117db924cf7c	5239
wolfSSL	15:117db924cf7c	5240	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	5241	if (ctx->server_hint[0] && ssl->arrays == NULL && !writeDup) {
wolfSSL	15:117db924cf7c	5242	return BAD_FUNC_ARG; /* needed for copy below */
wolfSSL	15:117db924cf7c	5243	}
wolfSSL	15:117db924cf7c	5244	#endif
wolfSSL	15:117db924cf7c	5245
wolfSSL	15:117db924cf7c	5246	/* decrement previous CTX reference count if exists.
wolfSSL	15:117db924cf7c	5247	* This should only happen if switching ctxs!*/
wolfSSL	15:117db924cf7c	5248	if (!newSSL) {
wolfSSL	15:117db924cf7c	5249	WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL	15:117db924cf7c	5250	wolfSSL_CTX_free(ssl->ctx);
wolfSSL	15:117db924cf7c	5251	}
wolfSSL	15:117db924cf7c	5252
wolfSSL	15:117db924cf7c	5253	/* increment CTX reference count */
wolfSSL	16:8e0d178b1d1e	5254	if ((ret = SSL_CTX_RefCount(ctx, 1)) < 0) {
wolfSSL	16:8e0d178b1d1e	5255	return ret;
wolfSSL	16:8e0d178b1d1e	5256	}
wolfSSL	16:8e0d178b1d1e	5257	ret = WOLFSSL_SUCCESS; /* set default ret */
wolfSSL	16:8e0d178b1d1e	5258
wolfSSL	15:117db924cf7c	5259	ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL	15:117db924cf7c	5260	ssl->version = ctx->method->version;
wolfSSL	15:117db924cf7c	5261
wolfSSL	15:117db924cf7c	5262	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	5263	ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL	15:117db924cf7c	5264	ssl->ecdhCurveOID = ctx->ecdhCurveOID;
wolfSSL	15:117db924cf7c	5265	#endif
wolfSSL	16:8e0d178b1d1e	5266	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	5267	ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL	15:117db924cf7c	5268	#endif
wolfSSL	15:117db924cf7c	5269
wolfSSL	15:117db924cf7c	5270	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	5271	ssl->options.mask = ctx->mask;
wolfSSL	15:117db924cf7c	5272	ssl->CBIS = ctx->CBIS;
wolfSSL	15:117db924cf7c	5273	#endif
wolfSSL	15:117db924cf7c	5274	ssl->timeout = ctx->timeout;
wolfSSL	15:117db924cf7c	5275	ssl->verifyCallback = ctx->verifyCallback;
wolfSSL	15:117db924cf7c	5276	ssl->options.side = ctx->method->side;
wolfSSL	15:117db924cf7c	5277	ssl->options.downgrade = ctx->method->downgrade;
wolfSSL	15:117db924cf7c	5278	ssl->options.minDowngrade = ctx->minDowngrade;
wolfSSL	15:117db924cf7c	5279
wolfSSL	15:117db924cf7c	5280	ssl->options.haveDH = ctx->haveDH;
wolfSSL	15:117db924cf7c	5281	ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL	15:117db924cf7c	5282	ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL	15:117db924cf7c	5283	ssl->options.haveECC = ctx->haveECC;
wolfSSL	15:117db924cf7c	5284	ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL	15:117db924cf7c	5285
wolfSSL	15:117db924cf7c	5286	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	5287	ssl->options.havePSK = ctx->havePSK;
wolfSSL	15:117db924cf7c	5288	ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL	15:117db924cf7c	5289	ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL	16:8e0d178b1d1e	5290	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	5291	ssl->options.client_psk_tls13_cb = ctx->client_psk_tls13_cb;
wolfSSL	16:8e0d178b1d1e	5292	ssl->options.server_psk_tls13_cb = ctx->server_psk_tls13_cb;
wolfSSL	16:8e0d178b1d1e	5293	#endif
wolfSSL	15:117db924cf7c	5294	#endif /* NO_PSK */
wolfSSL	15:117db924cf7c	5295	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	5296	if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	15:117db924cf7c	5297	ssl->options.maxEarlyDataSz = ctx->maxEarlyDataSz;
wolfSSL	15:117db924cf7c	5298	#endif
wolfSSL	15:117db924cf7c	5299
wolfSSL	15:117db924cf7c	5300	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	5301	ssl->options.haveAnon = ctx->haveAnon;
wolfSSL	15:117db924cf7c	5302	#endif
wolfSSL	15:117db924cf7c	5303	#ifndef NO_DH
wolfSSL	15:117db924cf7c	5304	ssl->options.minDhKeySz = ctx->minDhKeySz;
wolfSSL	15:117db924cf7c	5305	ssl->options.maxDhKeySz = ctx->maxDhKeySz;
wolfSSL	15:117db924cf7c	5306	#endif
wolfSSL	15:117db924cf7c	5307	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	5308	ssl->options.minRsaKeySz = ctx->minRsaKeySz;
wolfSSL	15:117db924cf7c	5309	#endif
wolfSSL	15:117db924cf7c	5310	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	5311	ssl->options.minEccKeySz = ctx->minEccKeySz;
wolfSSL	15:117db924cf7c	5312	#endif
wolfSSL	16:8e0d178b1d1e	5313	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	5314	ssl->options.verifyDepth = ctx->verifyDepth;
wolfSSL	15:117db924cf7c	5315	#endif
wolfSSL	15:117db924cf7c	5316
wolfSSL	15:117db924cf7c	5317	ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL	15:117db924cf7c	5318	ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL	15:117db924cf7c	5319	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	5320	ssl->options.internalCacheOff = ctx->internalCacheOff;
wolfSSL	15:117db924cf7c	5321	#endif
wolfSSL	15:117db924cf7c	5322
wolfSSL	15:117db924cf7c	5323	ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL	15:117db924cf7c	5324	ssl->options.verifyNone = ctx->verifyNone;
wolfSSL	15:117db924cf7c	5325	ssl->options.failNoCert = ctx->failNoCert;
wolfSSL	15:117db924cf7c	5326	ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
wolfSSL	15:117db924cf7c	5327	ssl->options.sendVerify = ctx->sendVerify;
wolfSSL	15:117db924cf7c	5328
wolfSSL	15:117db924cf7c	5329	ssl->options.partialWrite = ctx->partialWrite;
wolfSSL	15:117db924cf7c	5330	ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL	15:117db924cf7c	5331	ssl->options.groupMessages = ctx->groupMessages;
wolfSSL	15:117db924cf7c	5332
wolfSSL	15:117db924cf7c	5333	#ifndef NO_DH
wolfSSL	16:8e0d178b1d1e	5334	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL	16:8e0d178b1d1e	5335	!defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	5336	ssl->options.dhKeyTested = ctx->dhKeyTested;
wolfSSL	16:8e0d178b1d1e	5337	#endif
wolfSSL	15:117db924cf7c	5338	ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL	15:117db924cf7c	5339	ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL	15:117db924cf7c	5340	#endif
wolfSSL	15:117db924cf7c	5341
wolfSSL	15:117db924cf7c	5342	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	5343	/* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL	15:117db924cf7c	5344	ssl->buffers.certificate = ctx->certificate;
wolfSSL	15:117db924cf7c	5345	ssl->buffers.certChain = ctx->certChain;
wolfSSL	15:117db924cf7c	5346	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	5347	ssl->buffers.certChainCnt = ctx->certChainCnt;
wolfSSL	15:117db924cf7c	5348	#endif
wolfSSL	16:8e0d178b1d1e	5349	ssl->buffers.key = ctx->privateKey;
wolfSSL	16:8e0d178b1d1e	5350	ssl->buffers.keyType = ctx->privateKeyType;
wolfSSL	16:8e0d178b1d1e	5351	ssl->buffers.keyId = ctx->privateKeyId;
wolfSSL	16:8e0d178b1d1e	5352	ssl->buffers.keySz = ctx->privateKeySz;
wolfSSL	16:8e0d178b1d1e	5353	ssl->buffers.keyDevId = ctx->privateKeyDevId;
wolfSSL	16:8e0d178b1d1e	5354	#endif
wolfSSL	16:8e0d178b1d1e	5355	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	5356	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	5357	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	15:117db924cf7c	5358	ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END \|\|
wolfSSL	16:8e0d178b1d1e	5359	ssl->buffers.keyType == ed25519_sa_algo \|\|
wolfSSL	16:8e0d178b1d1e	5360	ssl->buffers.keyType == ed448_sa_algo;
wolfSSL	15:117db924cf7c	5361	#endif
wolfSSL	15:117db924cf7c	5362
wolfSSL	15:117db924cf7c	5363
wolfSSL	15:117db924cf7c	5364	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	5365	ssl->devId = ctx->devId;
wolfSSL	15:117db924cf7c	5366	#endif
wolfSSL	15:117db924cf7c	5367
wolfSSL	15:117db924cf7c	5368	if (writeDup == 0) {
wolfSSL	15:117db924cf7c	5369	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	5370	if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL	15:117db924cf7c	5371	XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint,
wolfSSL	15:117db924cf7c	5372	sizeof(ssl->arrays->server_hint));
wolfSSL	15:117db924cf7c	5373	ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	5374	}
wolfSSL	15:117db924cf7c	5375	#endif /* NO_PSK */
wolfSSL	15:117db924cf7c	5376
wolfSSL	16:8e0d178b1d1e	5377	if (ctx->suites) {
wolfSSL	16:8e0d178b1d1e	5378	#ifndef SINGLE_THREADED
wolfSSL	15:117db924cf7c	5379	ssl->suites = ctx->suites;
wolfSSL	16:8e0d178b1d1e	5380	#else
wolfSSL	16:8e0d178b1d1e	5381	ssl->suites = ctx->suites;
wolfSSL	16:8e0d178b1d1e	5382	#endif
wolfSSL	16:8e0d178b1d1e	5383	}
wolfSSL	16:8e0d178b1d1e	5384	else {
wolfSSL	15:117db924cf7c	5385	XMEMSET(ssl->suites, 0, sizeof(Suites));
wolfSSL	16:8e0d178b1d1e	5386	}
wolfSSL	16:8e0d178b1d1e	5387
wolfSSL	16:8e0d178b1d1e	5388	if (ssl->options.side != WOLFSSL_NEITHER_END) {
wolfSSL	16:8e0d178b1d1e	5389	/* Defer initializing suites until accept or connect */
wolfSSL	16:8e0d178b1d1e	5390	ret = InitSSL_Suites(ssl);
wolfSSL	16:8e0d178b1d1e	5391	}
wolfSSL	15:117db924cf7c	5392	} /* writeDup check */
wolfSSL	15:117db924cf7c	5393
wolfSSL	15:117db924cf7c	5394	#ifdef WOLFSSL_SESSION_EXPORT
wolfSSL	15:117db924cf7c	5395	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	5396	ssl->dtls_export = ctx->dtls_export; /* export function for session */
wolfSSL	15:117db924cf7c	5397	#endif
wolfSSL	15:117db924cf7c	5398	#endif
wolfSSL	15:117db924cf7c	5399
wolfSSL	15:117db924cf7c	5400	ssl->CBIORecv = ctx->CBIORecv;
wolfSSL	15:117db924cf7c	5401	ssl->CBIOSend = ctx->CBIOSend;
wolfSSL	15:117db924cf7c	5402	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	5403	ssl->readAhead = ctx->readAhead;
wolfSSL	15:117db924cf7c	5404	#endif
wolfSSL	15:117db924cf7c	5405	ssl->verifyDepth = ctx->verifyDepth;
wolfSSL	15:117db924cf7c	5406
wolfSSL	16:8e0d178b1d1e	5407	return ret;
wolfSSL	15:117db924cf7c	5408	}
wolfSSL	15:117db924cf7c	5409
wolfSSL	15:117db924cf7c	5410	int InitHandshakeHashes(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	5411	{
wolfSSL	15:117db924cf7c	5412	int ret;
wolfSSL	15:117db924cf7c	5413
wolfSSL	15:117db924cf7c	5414	/* make sure existing handshake hashes are free'd */
wolfSSL	15:117db924cf7c	5415	if (ssl->hsHashes != NULL) {
wolfSSL	15:117db924cf7c	5416	FreeHandshakeHashes(ssl);
wolfSSL	15:117db924cf7c	5417	}
wolfSSL	15:117db924cf7c	5418
wolfSSL	15:117db924cf7c	5419	/* allocate handshake hashes */
wolfSSL	15:117db924cf7c	5420	ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
wolfSSL	15:117db924cf7c	5421	DYNAMIC_TYPE_HASHES);
wolfSSL	15:117db924cf7c	5422	if (ssl->hsHashes == NULL) {
wolfSSL	15:117db924cf7c	5423	WOLFSSL_MSG("HS_Hashes Memory error");
wolfSSL	15:117db924cf7c	5424	return MEMORY_E;
wolfSSL	15:117db924cf7c	5425	}
wolfSSL	15:117db924cf7c	5426	XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes));
wolfSSL	15:117db924cf7c	5427
wolfSSL	15:117db924cf7c	5428	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	5429	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	5430	ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	5431	if (ret != 0)
wolfSSL	15:117db924cf7c	5432	return ret;
wolfSSL	16:8e0d178b1d1e	5433	#if defined(WOLFSSL_HASH_FLAGS) \|\| defined(WOLF_CRYPTO_CB)
wolfSSL	16:8e0d178b1d1e	5434	wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
wolfSSL	16:8e0d178b1d1e	5435	#endif
wolfSSL	15:117db924cf7c	5436	#endif
wolfSSL	15:117db924cf7c	5437	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	5438	ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	5439	if (ret != 0)
wolfSSL	15:117db924cf7c	5440	return ret;
wolfSSL	16:8e0d178b1d1e	5441	#if defined(WOLFSSL_HASH_FLAGS) \|\| defined(WOLF_CRYPTO_CB)
wolfSSL	16:8e0d178b1d1e	5442	wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
wolfSSL	16:8e0d178b1d1e	5443	#endif
wolfSSL	15:117db924cf7c	5444	#endif
wolfSSL	15:117db924cf7c	5445	#endif /* !NO_OLD_TLS */
wolfSSL	15:117db924cf7c	5446	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	5447	ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	5448	if (ret != 0)
wolfSSL	15:117db924cf7c	5449	return ret;
wolfSSL	16:8e0d178b1d1e	5450	#if defined(WOLFSSL_HASH_FLAGS) \|\| defined(WOLF_CRYPTO_CB)
wolfSSL	16:8e0d178b1d1e	5451	wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
wolfSSL	16:8e0d178b1d1e	5452	#endif
wolfSSL	15:117db924cf7c	5453	#endif
wolfSSL	15:117db924cf7c	5454	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	5455	ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	5456	if (ret != 0)
wolfSSL	15:117db924cf7c	5457	return ret;
wolfSSL	16:8e0d178b1d1e	5458	#if defined(WOLFSSL_HASH_FLAGS) \|\| defined(WOLF_CRYPTO_CB)
wolfSSL	16:8e0d178b1d1e	5459	wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
wolfSSL	16:8e0d178b1d1e	5460	#endif
wolfSSL	15:117db924cf7c	5461	#endif
wolfSSL	15:117db924cf7c	5462	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	5463	ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	5464	if (ret != 0)
wolfSSL	15:117db924cf7c	5465	return ret;
wolfSSL	16:8e0d178b1d1e	5466	#if defined(WOLFSSL_HASH_FLAGS) \|\| defined(WOLF_CRYPTO_CB)
wolfSSL	16:8e0d178b1d1e	5467	wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
wolfSSL	16:8e0d178b1d1e	5468	#endif
wolfSSL	15:117db924cf7c	5469	#endif
wolfSSL	15:117db924cf7c	5470
wolfSSL	15:117db924cf7c	5471	return ret;
wolfSSL	15:117db924cf7c	5472	}
wolfSSL	15:117db924cf7c	5473
wolfSSL	15:117db924cf7c	5474	void FreeHandshakeHashes(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	5475	{
wolfSSL	15:117db924cf7c	5476	if (ssl->hsHashes) {
wolfSSL	15:117db924cf7c	5477	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	5478	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	5479	wc_Md5Free(&ssl->hsHashes->hashMd5);
wolfSSL	15:117db924cf7c	5480	#endif
wolfSSL	15:117db924cf7c	5481	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	5482	wc_ShaFree(&ssl->hsHashes->hashSha);
wolfSSL	15:117db924cf7c	5483	#endif
wolfSSL	15:117db924cf7c	5484	#endif /* !NO_OLD_TLS */
wolfSSL	15:117db924cf7c	5485	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	5486	wc_Sha256Free(&ssl->hsHashes->hashSha256);
wolfSSL	15:117db924cf7c	5487	#endif
wolfSSL	15:117db924cf7c	5488	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	5489	wc_Sha384Free(&ssl->hsHashes->hashSha384);
wolfSSL	15:117db924cf7c	5490	#endif
wolfSSL	15:117db924cf7c	5491	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	5492	wc_Sha512Free(&ssl->hsHashes->hashSha512);
wolfSSL	15:117db924cf7c	5493	#endif
wolfSSL	16:8e0d178b1d1e	5494	#if (defined(HAVE_ED25519) \|\| defined(HAVE_ED448)) && \
wolfSSL	16:8e0d178b1d1e	5495	!defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	5496	if (ssl->hsHashes->messages != NULL) {
wolfSSL	15:117db924cf7c	5497	XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	15:117db924cf7c	5498	ssl->hsHashes->messages = NULL;
wolfSSL	15:117db924cf7c	5499	}
wolfSSL	15:117db924cf7c	5500	#endif
wolfSSL	15:117db924cf7c	5501
wolfSSL	15:117db924cf7c	5502	XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	15:117db924cf7c	5503	ssl->hsHashes = NULL;
wolfSSL	15:117db924cf7c	5504	}
wolfSSL	15:117db924cf7c	5505	}
wolfSSL	15:117db924cf7c	5506
wolfSSL	15:117db924cf7c	5507
wolfSSL	15:117db924cf7c	5508	/* init everything to 0, NULL, default values before calling anything that may
wolfSSL	15:117db924cf7c	5509	fail so that destructor has a "good" state to cleanup
wolfSSL	15:117db924cf7c	5510
wolfSSL	15:117db924cf7c	5511	ssl object to initialize
wolfSSL	15:117db924cf7c	5512	ctx parent factory
wolfSSL	15:117db924cf7c	5513	writeDup flag indicating this is a write dup only
wolfSSL	15:117db924cf7c	5514
wolfSSL	15:117db924cf7c	5515	0 on success */
wolfSSL	15:117db924cf7c	5516	int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL	15:117db924cf7c	5517	{
wolfSSL	15:117db924cf7c	5518	int ret;
wolfSSL	15:117db924cf7c	5519
wolfSSL	15:117db924cf7c	5520	XMEMSET(ssl, 0, sizeof(WOLFSSL));
wolfSSL	15:117db924cf7c	5521
wolfSSL	15:117db924cf7c	5522	#if defined(WOLFSSL_STATIC_MEMORY)
wolfSSL	15:117db924cf7c	5523	if (ctx->heap != NULL) {
wolfSSL	15:117db924cf7c	5524	WOLFSSL_HEAP_HINT* ssl_hint;
wolfSSL	15:117db924cf7c	5525	WOLFSSL_HEAP_HINT* ctx_hint;
wolfSSL	15:117db924cf7c	5526
wolfSSL	16:8e0d178b1d1e	5527	/* avoid dereferencing a test value */
wolfSSL	15:117db924cf7c	5528	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	5529	if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL	15:117db924cf7c	5530	ssl->heap = ctx->heap;
wolfSSL	15:117db924cf7c	5531	}
wolfSSL	15:117db924cf7c	5532	else {
wolfSSL	15:117db924cf7c	5533	#endif
wolfSSL	15:117db924cf7c	5534	ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT),
wolfSSL	15:117db924cf7c	5535	ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	5536	if (ssl->heap == NULL) {
wolfSSL	15:117db924cf7c	5537	return MEMORY_E;
wolfSSL	15:117db924cf7c	5538	}
wolfSSL	15:117db924cf7c	5539	XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL	15:117db924cf7c	5540	ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL	15:117db924cf7c	5541	ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
wolfSSL	15:117db924cf7c	5542
wolfSSL	15:117db924cf7c	5543	/* lock and check IO count / handshake count */
wolfSSL	15:117db924cf7c	5544	if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL	15:117db924cf7c	5545	WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL	15:117db924cf7c	5546	XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	5547	ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL	15:117db924cf7c	5548	return BAD_MUTEX_E;
wolfSSL	15:117db924cf7c	5549	}
wolfSSL	15:117db924cf7c	5550	if (ctx_hint->memory->maxHa > 0 &&
wolfSSL	15:117db924cf7c	5551	ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
wolfSSL	15:117db924cf7c	5552	WOLFSSL_MSG("At max number of handshakes for static memory");
wolfSSL	15:117db924cf7c	5553	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5554	XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	5555	ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL	15:117db924cf7c	5556	return MEMORY_E;
wolfSSL	15:117db924cf7c	5557	}
wolfSSL	15:117db924cf7c	5558
wolfSSL	15:117db924cf7c	5559	if (ctx_hint->memory->maxIO > 0 &&
wolfSSL	15:117db924cf7c	5560	ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
wolfSSL	15:117db924cf7c	5561	WOLFSSL_MSG("At max number of IO allowed for static memory");
wolfSSL	15:117db924cf7c	5562	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5563	XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	5564	ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL	15:117db924cf7c	5565	return MEMORY_E;
wolfSSL	15:117db924cf7c	5566	}
wolfSSL	15:117db924cf7c	5567	ctx_hint->memory->curIO++;
wolfSSL	15:117db924cf7c	5568	ctx_hint->memory->curHa++;
wolfSSL	15:117db924cf7c	5569	ssl_hint->memory = ctx_hint->memory;
wolfSSL	15:117db924cf7c	5570	ssl_hint->haFlag = 1;
wolfSSL	15:117db924cf7c	5571	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5572
wolfSSL	15:117db924cf7c	5573	/* check if tracking stats */
wolfSSL	15:117db924cf7c	5574	if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
wolfSSL	15:117db924cf7c	5575	ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC(
wolfSSL	15:117db924cf7c	5576	sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	5577	if (ssl_hint->stats == NULL) {
wolfSSL	15:117db924cf7c	5578	return MEMORY_E;
wolfSSL	15:117db924cf7c	5579	}
wolfSSL	15:117db924cf7c	5580	XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL	15:117db924cf7c	5581	}
wolfSSL	15:117db924cf7c	5582
wolfSSL	15:117db924cf7c	5583	/* check if using fixed IO buffers */
wolfSSL	15:117db924cf7c	5584	if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL	15:117db924cf7c	5585	if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL	15:117db924cf7c	5586	WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL	15:117db924cf7c	5587	return BAD_MUTEX_E;
wolfSSL	15:117db924cf7c	5588	}
wolfSSL	15:117db924cf7c	5589	if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
wolfSSL	15:117db924cf7c	5590	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5591	return MEMORY_E;
wolfSSL	15:117db924cf7c	5592	}
wolfSSL	15:117db924cf7c	5593	if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
wolfSSL	15:117db924cf7c	5594	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5595	return MEMORY_E;
wolfSSL	15:117db924cf7c	5596	}
wolfSSL	15:117db924cf7c	5597	if (ssl_hint->outBuf == NULL \|\| ssl_hint->inBuf == NULL) {
wolfSSL	15:117db924cf7c	5598	WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
wolfSSL	15:117db924cf7c	5599	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5600	return MEMORY_E;
wolfSSL	15:117db924cf7c	5601	}
wolfSSL	15:117db924cf7c	5602	wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL	15:117db924cf7c	5603	}
wolfSSL	15:117db924cf7c	5604	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	5605	}
wolfSSL	15:117db924cf7c	5606	#endif
wolfSSL	15:117db924cf7c	5607	}
wolfSSL	15:117db924cf7c	5608	else {
wolfSSL	15:117db924cf7c	5609	ssl->heap = ctx->heap;
wolfSSL	15:117db924cf7c	5610	}
wolfSSL	15:117db924cf7c	5611	#else
wolfSSL	15:117db924cf7c	5612	ssl->heap = ctx->heap; /* carry over user heap without static memory */
wolfSSL	15:117db924cf7c	5613	#endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL	15:117db924cf7c	5614
wolfSSL	15:117db924cf7c	5615	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	15:117db924cf7c	5616	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	15:117db924cf7c	5617
wolfSSL	15:117db924cf7c	5618	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	15:117db924cf7c	5619	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	15:117db924cf7c	5620
wolfSSL	15:117db924cf7c	5621	#ifdef KEEP_PEER_CERT
wolfSSL	15:117db924cf7c	5622	InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL	15:117db924cf7c	5623	#endif
wolfSSL	15:117db924cf7c	5624
wolfSSL	15:117db924cf7c	5625	ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL	15:117db924cf7c	5626	ssl->wfd = -1;
wolfSSL	15:117db924cf7c	5627	ssl->devId = ctx->devId; /* device for async HW (from wolfAsync_DevOpen) */
wolfSSL	15:117db924cf7c	5628
wolfSSL	15:117db924cf7c	5629	ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL	15:117db924cf7c	5630	ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL	15:117db924cf7c	5631
wolfSSL	15:117db924cf7c	5632	#ifdef HAVE_NETX
wolfSSL	15:117db924cf7c	5633	ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL	15:117db924cf7c	5634	ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL	16:8e0d178b1d1e	5635	#elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
wolfSSL	16:8e0d178b1d1e	5636	ssl->mnCtx = mynewt_ctx_new();
wolfSSL	16:8e0d178b1d1e	5637	if(!ssl->mnCtx) {
wolfSSL	16:8e0d178b1d1e	5638	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	5639	}
wolfSSL	16:8e0d178b1d1e	5640	ssl->IOCB_ReadCtx = ssl->mnCtx; /* default Mynewt IO ctx, same for read */
wolfSSL	16:8e0d178b1d1e	5641	ssl->IOCB_WriteCtx = ssl->mnCtx; /* and write */
wolfSSL	16:8e0d178b1d1e	5642	#elif defined (WOLFSSL_GNRC)
wolfSSL	16:8e0d178b1d1e	5643	ssl->IOCB_ReadCtx = ssl->gnrcCtx;
wolfSSL	16:8e0d178b1d1e	5644	ssl->IOCB_WriteCtx = ssl->gnrcCtx;
wolfSSL	16:8e0d178b1d1e	5645	#endif
wolfSSL	15:117db924cf7c	5646	/* initialize states */
wolfSSL	15:117db924cf7c	5647	ssl->options.serverState = NULL_STATE;
wolfSSL	15:117db924cf7c	5648	ssl->options.clientState = NULL_STATE;
wolfSSL	15:117db924cf7c	5649	ssl->options.connectState = CONNECT_BEGIN;
wolfSSL	15:117db924cf7c	5650	ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL	15:117db924cf7c	5651	ssl->options.handShakeState = NULL_STATE;
wolfSSL	15:117db924cf7c	5652	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	5653	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	5654	ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL	15:117db924cf7c	5655	ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL	15:117db924cf7c	5656	ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL	16:8e0d178b1d1e	5657	#ifndef NO_DH
wolfSSL	16:8e0d178b1d1e	5658	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL	16:8e0d178b1d1e	5659	!defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	5660	ssl->options.dhDoKeyTest = 1;
wolfSSL	16:8e0d178b1d1e	5661	#endif
wolfSSL	16:8e0d178b1d1e	5662	#endif
wolfSSL	15:117db924cf7c	5663
wolfSSL	15:117db924cf7c	5664	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	5665	#ifdef WOLFSSL_SCTP
wolfSSL	15:117db924cf7c	5666	ssl->options.dtlsSctp = ctx->dtlsSctp;
wolfSSL	16:8e0d178b1d1e	5667	#endif
wolfSSL	16:8e0d178b1d1e	5668	#if defined(WOLFSSL_SCTP) \|\| defined(WOLFSSL_DTLS_MTU)
wolfSSL	15:117db924cf7c	5669	ssl->dtlsMtuSz = ctx->dtlsMtuSz;
wolfSSL	15:117db924cf7c	5670	ssl->dtls_expected_rx = ssl->dtlsMtuSz;
wolfSSL	15:117db924cf7c	5671	#else
wolfSSL	15:117db924cf7c	5672	ssl->dtls_expected_rx = MAX_MTU;
wolfSSL	15:117db924cf7c	5673	#endif
wolfSSL	15:117db924cf7c	5674	ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL	15:117db924cf7c	5675	ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL	15:117db924cf7c	5676	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	15:117db924cf7c	5677	ssl->buffers.dtlsCtx.rfd = -1;
wolfSSL	15:117db924cf7c	5678	ssl->buffers.dtlsCtx.wfd = -1;
wolfSSL	15:117db924cf7c	5679	#endif
wolfSSL	15:117db924cf7c	5680
wolfSSL	16:8e0d178b1d1e	5681	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	5682	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	5683	ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL	15:117db924cf7c	5684	#elif !defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	5685	ssl->hmac = TLS_hmac;
wolfSSL	15:117db924cf7c	5686	#endif
wolfSSL	16:8e0d178b1d1e	5687	#endif
wolfSSL	15:117db924cf7c	5688
wolfSSL	15:117db924cf7c	5689
wolfSSL	15:117db924cf7c	5690	ssl->cipher.ssl = ssl;
wolfSSL	15:117db924cf7c	5691
wolfSSL	15:117db924cf7c	5692	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	5693	ssl->options.haveEMS = ctx->haveEMS;
wolfSSL	15:117db924cf7c	5694	#endif
wolfSSL	15:117db924cf7c	5695	ssl->options.useClientOrder = ctx->useClientOrder;
wolfSSL	16:8e0d178b1d1e	5696	ssl->options.mutualAuth = ctx->mutualAuth;
wolfSSL	15:117db924cf7c	5697
wolfSSL	15:117db924cf7c	5698	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	5699	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	5700	ssl->options.noTicketTls13 = ctx->noTicketTls13;
wolfSSL	15:117db924cf7c	5701	#endif
wolfSSL	15:117db924cf7c	5702	ssl->options.noPskDheKe = ctx->noPskDheKe;
wolfSSL	15:117db924cf7c	5703	#if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	5704	ssl->options.postHandshakeAuth = ctx->postHandshakeAuth;
wolfSSL	15:117db924cf7c	5705	#endif
wolfSSL	15:117db924cf7c	5706
wolfSSL	15:117db924cf7c	5707	if (ctx->numGroups > 0) {
wolfSSL	15:117db924cf7c	5708	XMEMCPY(ssl->group, ctx->group, sizeof(ctx->group) ctx->numGroups);
wolfSSL	15:117db924cf7c	5709	ssl->numGroups = ctx->numGroups;
wolfSSL	15:117db924cf7c	5710	}
wolfSSL	15:117db924cf7c	5711	#endif
wolfSSL	15:117db924cf7c	5712
wolfSSL	15:117db924cf7c	5713	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	5714	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	15:117db924cf7c	5715	ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL	15:117db924cf7c	5716	#endif
wolfSSL	15:117db924cf7c	5717	#ifdef HAVE_ALPN
wolfSSL	15:117db924cf7c	5718	ssl->alpn_client_list = NULL;
wolfSSL	15:117db924cf7c	5719	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	5720	ssl->alpnSelect = ctx->alpnSelect;
wolfSSL	15:117db924cf7c	5721	ssl->alpnSelectArg = ctx->alpnSelectArg;
wolfSSL	15:117db924cf7c	5722	#endif
wolfSSL	15:117db924cf7c	5723	#endif
wolfSSL	15:117db924cf7c	5724	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	15:117db924cf7c	5725	ssl->options.userCurves = ctx->userCurves;
wolfSSL	15:117db924cf7c	5726	#endif
wolfSSL	15:117db924cf7c	5727	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	15:117db924cf7c	5728
wolfSSL	16:8e0d178b1d1e	5729	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	5730	ssl->options.disallowEncThenMac = ctx->disallowEncThenMac;
wolfSSL	16:8e0d178b1d1e	5731	#endif
wolfSSL	16:8e0d178b1d1e	5732
wolfSSL	15:117db924cf7c	5733	/* default alert state (none) */
wolfSSL	15:117db924cf7c	5734	ssl->alert_history.last_rx.code = -1;
wolfSSL	15:117db924cf7c	5735	ssl->alert_history.last_rx.level = -1;
wolfSSL	15:117db924cf7c	5736	ssl->alert_history.last_tx.code = -1;
wolfSSL	15:117db924cf7c	5737	ssl->alert_history.last_tx.level = -1;
wolfSSL	15:117db924cf7c	5738
wolfSSL	15:117db924cf7c	5739	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	5740	/* copy over application session context ID */
wolfSSL	15:117db924cf7c	5741	ssl->sessionCtxSz = ctx->sessionCtxSz;
wolfSSL	15:117db924cf7c	5742	XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz);
wolfSSL	15:117db924cf7c	5743	ssl->cbioFlag = ctx->cbioFlag;
wolfSSL	16:8e0d178b1d1e	5744
wolfSSL	15:117db924cf7c	5745	#endif
wolfSSL	15:117db924cf7c	5746
wolfSSL	15:117db924cf7c	5747	InitCiphers(ssl);
wolfSSL	15:117db924cf7c	5748	InitCipherSpecs(&ssl->specs);
wolfSSL	15:117db924cf7c	5749
wolfSSL	15:117db924cf7c	5750	/* all done with init, now can return errors, call other stuff */
wolfSSL	15:117db924cf7c	5751
wolfSSL	15:117db924cf7c	5752	if (!writeDup) {
wolfSSL	15:117db924cf7c	5753	/* arrays */
wolfSSL	15:117db924cf7c	5754	ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL	15:117db924cf7c	5755	DYNAMIC_TYPE_ARRAYS);
wolfSSL	15:117db924cf7c	5756	if (ssl->arrays == NULL) {
wolfSSL	15:117db924cf7c	5757	WOLFSSL_MSG("Arrays Memory error");
wolfSSL	15:117db924cf7c	5758	return MEMORY_E;
wolfSSL	15:117db924cf7c	5759	}
wolfSSL	15:117db924cf7c	5760	XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL	16:8e0d178b1d1e	5761	#if defined(WOLFSSL_TLS13) \|\| defined(WOLFSSL_SNIFFER)
wolfSSL	16:8e0d178b1d1e	5762	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	5763	ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
wolfSSL	15:117db924cf7c	5764	DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	5765	if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL	15:117db924cf7c	5766	return MEMORY_E;
wolfSSL	15:117db924cf7c	5767	}
wolfSSL	15:117db924cf7c	5768	XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
wolfSSL	16:8e0d178b1d1e	5769	#endif
wolfSSL	16:8e0d178b1d1e	5770
wolfSSL	16:8e0d178b1d1e	5771	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	5772	if ((ssl->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	5773	sizeof(WOLFSSL_X509_VERIFY_PARAM),
wolfSSL	16:8e0d178b1d1e	5774	ssl->heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
wolfSSL	16:8e0d178b1d1e	5775	WOLFSSL_MSG("ssl->param memory error");
wolfSSL	16:8e0d178b1d1e	5776	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	5777	}
wolfSSL	16:8e0d178b1d1e	5778	XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
wolfSSL	16:8e0d178b1d1e	5779	#endif
wolfSSL	16:8e0d178b1d1e	5780
wolfSSL	16:8e0d178b1d1e	5781	#ifdef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	5782	if (ctx->suites == NULL)
wolfSSL	16:8e0d178b1d1e	5783	#endif
wolfSSL	16:8e0d178b1d1e	5784	{
wolfSSL	16:8e0d178b1d1e	5785	/* suites */
wolfSSL	16:8e0d178b1d1e	5786	ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL	16:8e0d178b1d1e	5787	DYNAMIC_TYPE_SUITES);
wolfSSL	16:8e0d178b1d1e	5788	if (ssl->suites == NULL) {
wolfSSL	16:8e0d178b1d1e	5789	WOLFSSL_MSG("Suites Memory error");
wolfSSL	16:8e0d178b1d1e	5790	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	5791	}
wolfSSL	16:8e0d178b1d1e	5792	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	5793	ssl->suites->stack = NULL;
wolfSSL	16:8e0d178b1d1e	5794	#endif
wolfSSL	16:8e0d178b1d1e	5795	#ifdef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	5796	ssl->options.ownSuites = 1;
wolfSSL	16:8e0d178b1d1e	5797	#endif
wolfSSL	16:8e0d178b1d1e	5798	}
wolfSSL	16:8e0d178b1d1e	5799	#ifdef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	5800	else {
wolfSSL	16:8e0d178b1d1e	5801	ssl->options.ownSuites = 0;
wolfSSL	16:8e0d178b1d1e	5802	}
wolfSSL	16:8e0d178b1d1e	5803	#endif
wolfSSL	15:117db924cf7c	5804	}
wolfSSL	15:117db924cf7c	5805
wolfSSL	15:117db924cf7c	5806	/* Initialize SSL with the appropriate fields from it's ctx */
wolfSSL	15:117db924cf7c	5807	/* requires valid arrays and suites unless writeDup ing */
wolfSSL	15:117db924cf7c	5808	if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS)
wolfSSL	15:117db924cf7c	5809	return ret;
wolfSSL	15:117db924cf7c	5810
wolfSSL	15:117db924cf7c	5811	ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL	15:117db924cf7c	5812
wolfSSL	15:117db924cf7c	5813	#ifdef SINGLE_THREADED
wolfSSL	15:117db924cf7c	5814	ssl->rng = ctx->rng; /* CTX may have one, if so use it */
wolfSSL	15:117db924cf7c	5815	#endif
wolfSSL	15:117db924cf7c	5816
wolfSSL	15:117db924cf7c	5817	if (ssl->rng == NULL) {
wolfSSL	15:117db924cf7c	5818	/* RNG */
wolfSSL	15:117db924cf7c	5819	ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap,DYNAMIC_TYPE_RNG);
wolfSSL	15:117db924cf7c	5820	if (ssl->rng == NULL) {
wolfSSL	15:117db924cf7c	5821	WOLFSSL_MSG("RNG Memory error");
wolfSSL	15:117db924cf7c	5822	return MEMORY_E;
wolfSSL	15:117db924cf7c	5823	}
wolfSSL	15:117db924cf7c	5824	XMEMSET(ssl->rng, 0, sizeof(WC_RNG));
wolfSSL	15:117db924cf7c	5825	ssl->options.weOwnRng = 1;
wolfSSL	15:117db924cf7c	5826
wolfSSL	15:117db924cf7c	5827	/* FIPS RNG API does not accept a heap hint */
wolfSSL	15:117db924cf7c	5828	#ifndef HAVE_FIPS
wolfSSL	15:117db924cf7c	5829	if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap, ssl->devId)) != 0) {
wolfSSL	15:117db924cf7c	5830	WOLFSSL_MSG("RNG Init error");
wolfSSL	15:117db924cf7c	5831	return ret;
wolfSSL	15:117db924cf7c	5832	}
wolfSSL	15:117db924cf7c	5833	#else
wolfSSL	15:117db924cf7c	5834	if ( (ret = wc_InitRng(ssl->rng)) != 0) {
wolfSSL	15:117db924cf7c	5835	WOLFSSL_MSG("RNG Init error");
wolfSSL	15:117db924cf7c	5836	return ret;
wolfSSL	15:117db924cf7c	5837	}
wolfSSL	15:117db924cf7c	5838	#endif
wolfSSL	15:117db924cf7c	5839	}
wolfSSL	15:117db924cf7c	5840
wolfSSL	15:117db924cf7c	5841	#ifdef HAVE_WRITE_DUP
wolfSSL	15:117db924cf7c	5842	if (writeDup) {
wolfSSL	15:117db924cf7c	5843	/* all done */
wolfSSL	15:117db924cf7c	5844	return 0;
wolfSSL	15:117db924cf7c	5845	}
wolfSSL	15:117db924cf7c	5846	#endif
wolfSSL	15:117db924cf7c	5847
wolfSSL	15:117db924cf7c	5848	/* hsHashes */
wolfSSL	15:117db924cf7c	5849	ret = InitHandshakeHashes(ssl);
wolfSSL	15:117db924cf7c	5850	if (ret != 0)
wolfSSL	15:117db924cf7c	5851	return ret;
wolfSSL	15:117db924cf7c	5852
wolfSSL	15:117db924cf7c	5853	#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	5854	if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	5855	ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL	15:117db924cf7c	5856	if (ret != 0) {
wolfSSL	15:117db924cf7c	5857	WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL	15:117db924cf7c	5858	return ret;
wolfSSL	15:117db924cf7c	5859	}
wolfSSL	15:117db924cf7c	5860	}
wolfSSL	15:117db924cf7c	5861	#endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	5862
wolfSSL	15:117db924cf7c	5863	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	15:117db924cf7c	5864	ssl->sessionSecretCb = NULL;
wolfSSL	15:117db924cf7c	5865	ssl->sessionSecretCtx = NULL;
wolfSSL	16:8e0d178b1d1e	5866	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	5867	ssl->tls13SecretCb = NULL;
wolfSSL	16:8e0d178b1d1e	5868	ssl->tls13SecretCtx = NULL;
wolfSSL	16:8e0d178b1d1e	5869	#endif
wolfSSL	15:117db924cf7c	5870	#endif
wolfSSL	15:117db924cf7c	5871
wolfSSL	15:117db924cf7c	5872	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	5873	ssl->session.ticket = ssl->session.staticTicket;
wolfSSL	15:117db924cf7c	5874	#endif
wolfSSL	15:117db924cf7c	5875
wolfSSL	15:117db924cf7c	5876	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	5877	if (ctx->haveMcast) {
wolfSSL	15:117db924cf7c	5878	int i;
wolfSSL	15:117db924cf7c	5879
wolfSSL	15:117db924cf7c	5880	ssl->options.haveMcast = 1;
wolfSSL	15:117db924cf7c	5881	ssl->options.mcastID = ctx->mcastID;
wolfSSL	15:117db924cf7c	5882
wolfSSL	15:117db924cf7c	5883	/* Force the state to look like handshake has completed. */
wolfSSL	15:117db924cf7c	5884	/* Keying material is supplied externally. */
wolfSSL	15:117db924cf7c	5885	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	5886	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	5887	ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL	15:117db924cf7c	5888	ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL	15:117db924cf7c	5889	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	15:117db924cf7c	5890	ssl->options.handShakeDone = 1;
wolfSSL	15:117db924cf7c	5891
wolfSSL	15:117db924cf7c	5892	for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++)
wolfSSL	15:117db924cf7c	5893	ssl->keys.peerSeq[i].peerId = INVALID_PEER_ID;
wolfSSL	15:117db924cf7c	5894	}
wolfSSL	15:117db924cf7c	5895	#endif
wolfSSL	15:117db924cf7c	5896
wolfSSL	15:117db924cf7c	5897	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	5898	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	5899	int useSecureReneg = ssl->ctx->useSecureReneg;
wolfSSL	16:8e0d178b1d1e	5900	/* use secure renegotiation by default (not recommend) */
wolfSSL	15:117db924cf7c	5901	#ifdef WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
wolfSSL	16:8e0d178b1d1e	5902	useSecureReneg = 1;
wolfSSL	16:8e0d178b1d1e	5903	#endif
wolfSSL	16:8e0d178b1d1e	5904	if (useSecureReneg) {
wolfSSL	16:8e0d178b1d1e	5905	ret = wolfSSL_UseSecureRenegotiation(ssl);
wolfSSL	16:8e0d178b1d1e	5906	if (ret != WOLFSSL_SUCCESS)
wolfSSL	16:8e0d178b1d1e	5907	return ret;
wolfSSL	16:8e0d178b1d1e	5908	}
wolfSSL	16:8e0d178b1d1e	5909	}
wolfSSL	16:8e0d178b1d1e	5910	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	15:117db924cf7c	5911
wolfSSL	15:117db924cf7c	5912	return 0;
wolfSSL	15:117db924cf7c	5913	}
wolfSSL	15:117db924cf7c	5914
wolfSSL	15:117db924cf7c	5915
wolfSSL	15:117db924cf7c	5916	/* free use of temporary arrays */
wolfSSL	15:117db924cf7c	5917	void FreeArrays(WOLFSSL* ssl, int keep)
wolfSSL	15:117db924cf7c	5918	{
wolfSSL	15:117db924cf7c	5919	if (ssl->arrays) {
wolfSSL	15:117db924cf7c	5920	if (keep) {
wolfSSL	15:117db924cf7c	5921	/* keeps session id for user retrieval */
wolfSSL	15:117db924cf7c	5922	XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL	15:117db924cf7c	5923	ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL	15:117db924cf7c	5924	}
wolfSSL	15:117db924cf7c	5925	if (ssl->arrays->preMasterSecret) {
wolfSSL	15:117db924cf7c	5926	XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	5927	ssl->arrays->preMasterSecret = NULL;
wolfSSL	15:117db924cf7c	5928	}
wolfSSL	15:117db924cf7c	5929	XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	15:117db924cf7c	5930	ssl->arrays->pendingMsg = NULL;
wolfSSL	15:117db924cf7c	5931	ForceZero(ssl->arrays, sizeof(Arrays)); /* clear arrays struct */
wolfSSL	15:117db924cf7c	5932	}
wolfSSL	15:117db924cf7c	5933	XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	15:117db924cf7c	5934	ssl->arrays = NULL;
wolfSSL	15:117db924cf7c	5935	}
wolfSSL	15:117db924cf7c	5936
wolfSSL	15:117db924cf7c	5937	void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL	15:117db924cf7c	5938	{
wolfSSL	15:117db924cf7c	5939	if (ssl && pKey && *pKey) {
wolfSSL	15:117db924cf7c	5940	switch (type) {
wolfSSL	15:117db924cf7c	5941	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	5942	case DYNAMIC_TYPE_RSA:
wolfSSL	15:117db924cf7c	5943	wc_FreeRsaKey((RsaKey)pKey);
wolfSSL	15:117db924cf7c	5944	break;
wolfSSL	15:117db924cf7c	5945	#endif /* ! NO_RSA */
wolfSSL	15:117db924cf7c	5946	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	5947	case DYNAMIC_TYPE_ECC:
wolfSSL	15:117db924cf7c	5948	wc_ecc_free((ecc_key)pKey);
wolfSSL	15:117db924cf7c	5949	break;
wolfSSL	15:117db924cf7c	5950	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	5951	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	5952	case DYNAMIC_TYPE_ED25519:
wolfSSL	15:117db924cf7c	5953	wc_ed25519_free((ed25519_key)pKey);
wolfSSL	15:117db924cf7c	5954	break;
wolfSSL	16:8e0d178b1d1e	5955	#endif /* HAVE_ED25519 */
wolfSSL	15:117db924cf7c	5956	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	5957	case DYNAMIC_TYPE_CURVE25519:
wolfSSL	15:117db924cf7c	5958	wc_curve25519_free((curve25519_key)pKey);
wolfSSL	15:117db924cf7c	5959	break;
wolfSSL	15:117db924cf7c	5960	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	5961	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	5962	case DYNAMIC_TYPE_ED448:
wolfSSL	16:8e0d178b1d1e	5963	wc_ed448_free((ed448_key)pKey);
wolfSSL	16:8e0d178b1d1e	5964	break;
wolfSSL	16:8e0d178b1d1e	5965	#endif /* HAVE_ED448 */
wolfSSL	16:8e0d178b1d1e	5966	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	5967	case DYNAMIC_TYPE_CURVE448:
wolfSSL	16:8e0d178b1d1e	5968	wc_curve448_free((curve448_key)pKey);
wolfSSL	16:8e0d178b1d1e	5969	break;
wolfSSL	16:8e0d178b1d1e	5970	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	5971	#ifndef NO_DH
wolfSSL	15:117db924cf7c	5972	case DYNAMIC_TYPE_DH:
wolfSSL	15:117db924cf7c	5973	wc_FreeDhKey((DhKey)pKey);
wolfSSL	15:117db924cf7c	5974	break;
wolfSSL	15:117db924cf7c	5975	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	5976	default:
wolfSSL	15:117db924cf7c	5977	break;
wolfSSL	15:117db924cf7c	5978	}
wolfSSL	15:117db924cf7c	5979	XFREE(*pKey, ssl->heap, type);
wolfSSL	15:117db924cf7c	5980
wolfSSL	15:117db924cf7c	5981	/* Reset pointer */
wolfSSL	15:117db924cf7c	5982	*pKey = NULL;
wolfSSL	15:117db924cf7c	5983	}
wolfSSL	15:117db924cf7c	5984	}
wolfSSL	15:117db924cf7c	5985
wolfSSL	15:117db924cf7c	5986	int AllocKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL	15:117db924cf7c	5987	{
wolfSSL	15:117db924cf7c	5988	int ret = BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	5989	int sz = 0;
wolfSSL	15:117db924cf7c	5990
wolfSSL	15:117db924cf7c	5991	if (ssl == NULL \|\| pKey == NULL) {
wolfSSL	15:117db924cf7c	5992	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	5993	}
wolfSSL	15:117db924cf7c	5994
wolfSSL	15:117db924cf7c	5995	/* Sanity check key destination */
wolfSSL	15:117db924cf7c	5996	if (*pKey != NULL) {
wolfSSL	15:117db924cf7c	5997	WOLFSSL_MSG("Key already present!");
wolfSSL	15:117db924cf7c	5998	return BAD_STATE_E;
wolfSSL	15:117db924cf7c	5999	}
wolfSSL	15:117db924cf7c	6000
wolfSSL	15:117db924cf7c	6001	/* Determine size */
wolfSSL	15:117db924cf7c	6002	switch (type) {
wolfSSL	15:117db924cf7c	6003	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6004	case DYNAMIC_TYPE_RSA:
wolfSSL	15:117db924cf7c	6005	sz = sizeof(RsaKey);
wolfSSL	15:117db924cf7c	6006	break;
wolfSSL	15:117db924cf7c	6007	#endif /* ! NO_RSA */
wolfSSL	15:117db924cf7c	6008	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6009	case DYNAMIC_TYPE_ECC:
wolfSSL	15:117db924cf7c	6010	sz = sizeof(ecc_key);
wolfSSL	15:117db924cf7c	6011	break;
wolfSSL	15:117db924cf7c	6012	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6013	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	6014	case DYNAMIC_TYPE_ED25519:
wolfSSL	15:117db924cf7c	6015	sz = sizeof(ed25519_key);
wolfSSL	15:117db924cf7c	6016	break;
wolfSSL	15:117db924cf7c	6017	#endif /* HAVE_ED25519 */
wolfSSL	15:117db924cf7c	6018	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6019	case DYNAMIC_TYPE_CURVE25519:
wolfSSL	15:117db924cf7c	6020	sz = sizeof(curve25519_key);
wolfSSL	15:117db924cf7c	6021	break;
wolfSSL	15:117db924cf7c	6022	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	6023	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6024	case DYNAMIC_TYPE_ED448:
wolfSSL	16:8e0d178b1d1e	6025	sz = sizeof(ed448_key);
wolfSSL	16:8e0d178b1d1e	6026	break;
wolfSSL	16:8e0d178b1d1e	6027	#endif /* HAVE_ED448 */
wolfSSL	16:8e0d178b1d1e	6028	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6029	case DYNAMIC_TYPE_CURVE448:
wolfSSL	16:8e0d178b1d1e	6030	sz = sizeof(curve448_key);
wolfSSL	16:8e0d178b1d1e	6031	break;
wolfSSL	16:8e0d178b1d1e	6032	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6033	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6034	case DYNAMIC_TYPE_DH:
wolfSSL	15:117db924cf7c	6035	sz = sizeof(DhKey);
wolfSSL	15:117db924cf7c	6036	break;
wolfSSL	15:117db924cf7c	6037	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	6038	default:
wolfSSL	15:117db924cf7c	6039	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	6040	}
wolfSSL	15:117db924cf7c	6041
wolfSSL	15:117db924cf7c	6042	if (sz == 0) {
wolfSSL	15:117db924cf7c	6043	return NOT_COMPILED_IN;
wolfSSL	15:117db924cf7c	6044	}
wolfSSL	15:117db924cf7c	6045
wolfSSL	16:8e0d178b1d1e	6046	/* Allocate memory for key */
wolfSSL	15:117db924cf7c	6047	*pKey = XMALLOC(sz, ssl->heap, type);
wolfSSL	15:117db924cf7c	6048	if (*pKey == NULL) {
wolfSSL	15:117db924cf7c	6049	return MEMORY_E;
wolfSSL	15:117db924cf7c	6050	}
wolfSSL	15:117db924cf7c	6051
wolfSSL	15:117db924cf7c	6052	/* Initialize key */
wolfSSL	15:117db924cf7c	6053	switch (type) {
wolfSSL	15:117db924cf7c	6054	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6055	case DYNAMIC_TYPE_RSA:
wolfSSL	15:117db924cf7c	6056	ret = wc_InitRsaKey_ex((RsaKey)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6057	break;
wolfSSL	15:117db924cf7c	6058	#endif /* ! NO_RSA */
wolfSSL	15:117db924cf7c	6059	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6060	case DYNAMIC_TYPE_ECC:
wolfSSL	15:117db924cf7c	6061	ret = wc_ecc_init_ex((ecc_key)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6062	break;
wolfSSL	15:117db924cf7c	6063	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6064	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	6065	case DYNAMIC_TYPE_ED25519:
wolfSSL	15:117db924cf7c	6066	wc_ed25519_init((ed25519_key)pKey);
wolfSSL	15:117db924cf7c	6067	ret = 0;
wolfSSL	15:117db924cf7c	6068	break;
wolfSSL	15:117db924cf7c	6069	#endif /* HAVE_CURVE25519 */
wolfSSL	15:117db924cf7c	6070	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6071	case DYNAMIC_TYPE_CURVE25519:
wolfSSL	15:117db924cf7c	6072	wc_curve25519_init((curve25519_key)pKey);
wolfSSL	15:117db924cf7c	6073	ret = 0;
wolfSSL	15:117db924cf7c	6074	break;
wolfSSL	15:117db924cf7c	6075	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	6076	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6077	case DYNAMIC_TYPE_ED448:
wolfSSL	16:8e0d178b1d1e	6078	wc_ed448_init((ed448_key)pKey);
wolfSSL	16:8e0d178b1d1e	6079	ret = 0;
wolfSSL	16:8e0d178b1d1e	6080	break;
wolfSSL	16:8e0d178b1d1e	6081	#endif /* HAVE_CURVE448 */
wolfSSL	16:8e0d178b1d1e	6082	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6083	case DYNAMIC_TYPE_CURVE448:
wolfSSL	16:8e0d178b1d1e	6084	wc_curve448_init((curve448_key)pKey);
wolfSSL	16:8e0d178b1d1e	6085	ret = 0;
wolfSSL	16:8e0d178b1d1e	6086	break;
wolfSSL	16:8e0d178b1d1e	6087	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6088	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6089	case DYNAMIC_TYPE_DH:
wolfSSL	15:117db924cf7c	6090	ret = wc_InitDhKey_ex((DhKey)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6091	break;
wolfSSL	15:117db924cf7c	6092	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	6093	default:
wolfSSL	15:117db924cf7c	6094	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	6095	}
wolfSSL	15:117db924cf7c	6096
wolfSSL	15:117db924cf7c	6097	/* On error free handshake key */
wolfSSL	15:117db924cf7c	6098	if (ret != 0) {
wolfSSL	15:117db924cf7c	6099	FreeKey(ssl, type, pKey);
wolfSSL	15:117db924cf7c	6100	}
wolfSSL	15:117db924cf7c	6101
wolfSSL	15:117db924cf7c	6102	return ret;
wolfSSL	15:117db924cf7c	6103	}
wolfSSL	15:117db924cf7c	6104
wolfSSL	15:117db924cf7c	6105	#if !defined(NO_RSA) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	6106	defined(HAVE_CURVE25519) \|\| defined(HHAVE_ED448) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	6107	static int ReuseKey(WOLFSSL* ssl, int type, void* pKey)
wolfSSL	15:117db924cf7c	6108	{
wolfSSL	15:117db924cf7c	6109	int ret = 0;
wolfSSL	15:117db924cf7c	6110
wolfSSL	15:117db924cf7c	6111	(void)ssl;
wolfSSL	15:117db924cf7c	6112
wolfSSL	15:117db924cf7c	6113	switch (type) {
wolfSSL	15:117db924cf7c	6114	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6115	case DYNAMIC_TYPE_RSA:
wolfSSL	15:117db924cf7c	6116	wc_FreeRsaKey((RsaKey*)pKey);
wolfSSL	15:117db924cf7c	6117	ret = wc_InitRsaKey_ex((RsaKey*)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6118	break;
wolfSSL	15:117db924cf7c	6119	#endif /* ! NO_RSA */
wolfSSL	15:117db924cf7c	6120	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6121	case DYNAMIC_TYPE_ECC:
wolfSSL	15:117db924cf7c	6122	wc_ecc_free((ecc_key*)pKey);
wolfSSL	15:117db924cf7c	6123	ret = wc_ecc_init_ex((ecc_key*)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6124	break;
wolfSSL	15:117db924cf7c	6125	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6126	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	6127	case DYNAMIC_TYPE_ED25519:
wolfSSL	15:117db924cf7c	6128	wc_ed25519_free((ed25519_key*)pKey);
wolfSSL	15:117db924cf7c	6129	ret = wc_ed25519_init((ed25519_key*)pKey);
wolfSSL	15:117db924cf7c	6130	break;
wolfSSL	15:117db924cf7c	6131	#endif /* HAVE_CURVE25519 */
wolfSSL	15:117db924cf7c	6132	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6133	case DYNAMIC_TYPE_CURVE25519:
wolfSSL	15:117db924cf7c	6134	wc_curve25519_free((curve25519_key*)pKey);
wolfSSL	15:117db924cf7c	6135	ret = wc_curve25519_init((curve25519_key*)pKey);
wolfSSL	15:117db924cf7c	6136	break;
wolfSSL	15:117db924cf7c	6137	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	6138	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6139	case DYNAMIC_TYPE_ED448:
wolfSSL	16:8e0d178b1d1e	6140	wc_ed448_free((ed448_key*)pKey);
wolfSSL	16:8e0d178b1d1e	6141	ret = wc_ed448_init((ed448_key*)pKey);
wolfSSL	16:8e0d178b1d1e	6142	break;
wolfSSL	16:8e0d178b1d1e	6143	#endif /* HAVE_CURVE448 */
wolfSSL	16:8e0d178b1d1e	6144	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6145	case DYNAMIC_TYPE_CURVE448:
wolfSSL	16:8e0d178b1d1e	6146	wc_curve448_free((curve448_key*)pKey);
wolfSSL	16:8e0d178b1d1e	6147	ret = wc_curve448_init((curve448_key*)pKey);
wolfSSL	16:8e0d178b1d1e	6148	break;
wolfSSL	16:8e0d178b1d1e	6149	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6150	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6151	case DYNAMIC_TYPE_DH:
wolfSSL	15:117db924cf7c	6152	wc_FreeDhKey((DhKey*)pKey);
wolfSSL	15:117db924cf7c	6153	ret = wc_InitDhKey_ex((DhKey*)pKey, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	6154	break;
wolfSSL	15:117db924cf7c	6155	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	6156	default:
wolfSSL	15:117db924cf7c	6157	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	6158	}
wolfSSL	15:117db924cf7c	6159
wolfSSL	15:117db924cf7c	6160	return ret;
wolfSSL	15:117db924cf7c	6161	}
wolfSSL	15:117db924cf7c	6162	#endif
wolfSSL	15:117db924cf7c	6163
wolfSSL	15:117db924cf7c	6164	void FreeKeyExchange(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	6165	{
wolfSSL	15:117db924cf7c	6166	/* Cleanup signature buffer */
wolfSSL	15:117db924cf7c	6167	if (ssl->buffers.sig.buffer) {
wolfSSL	15:117db924cf7c	6168	XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	6169	ssl->buffers.sig.buffer = NULL;
wolfSSL	15:117db924cf7c	6170	ssl->buffers.sig.length = 0;
wolfSSL	15:117db924cf7c	6171	}
wolfSSL	15:117db924cf7c	6172
wolfSSL	15:117db924cf7c	6173	/* Cleanup digest buffer */
wolfSSL	15:117db924cf7c	6174	if (ssl->buffers.digest.buffer) {
wolfSSL	15:117db924cf7c	6175	XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL	15:117db924cf7c	6176	ssl->buffers.digest.buffer = NULL;
wolfSSL	15:117db924cf7c	6177	ssl->buffers.digest.length = 0;
wolfSSL	15:117db924cf7c	6178	}
wolfSSL	15:117db924cf7c	6179
wolfSSL	15:117db924cf7c	6180	/* Free handshake key */
wolfSSL	15:117db924cf7c	6181	FreeKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	15:117db924cf7c	6182
wolfSSL	15:117db924cf7c	6183	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6184	/* Free temp DH key */
wolfSSL	15:117db924cf7c	6185	FreeKey(ssl, DYNAMIC_TYPE_DH, (void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	6186	#endif
wolfSSL	15:117db924cf7c	6187
wolfSSL	15:117db924cf7c	6188	/* Cleanup async */
wolfSSL	15:117db924cf7c	6189	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	6190	if (ssl->async.freeArgs) {
wolfSSL	15:117db924cf7c	6191	ssl->async.freeArgs(ssl, ssl->async.args);
wolfSSL	15:117db924cf7c	6192	ssl->async.freeArgs = NULL;
wolfSSL	15:117db924cf7c	6193	}
wolfSSL	15:117db924cf7c	6194	#endif
wolfSSL	15:117db924cf7c	6195	}
wolfSSL	15:117db924cf7c	6196
wolfSSL	16:8e0d178b1d1e	6197
wolfSSL	16:8e0d178b1d1e	6198	/* Free up all memory used by Suites structure from WOLFSSL */
wolfSSL	16:8e0d178b1d1e	6199	void FreeSuites(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	6200	{
wolfSSL	16:8e0d178b1d1e	6201	#ifdef SINGLE_THREADED
wolfSSL	16:8e0d178b1d1e	6202	if (ssl->options.ownSuites)
wolfSSL	16:8e0d178b1d1e	6203	#endif
wolfSSL	16:8e0d178b1d1e	6204	{
wolfSSL	16:8e0d178b1d1e	6205	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	6206	wolfSSL_sk_SSL_CIPHER_free(ssl->suites->stack);
wolfSSL	16:8e0d178b1d1e	6207	#endif
wolfSSL	16:8e0d178b1d1e	6208	XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	16:8e0d178b1d1e	6209	}
wolfSSL	16:8e0d178b1d1e	6210	ssl->suites = NULL;
wolfSSL	16:8e0d178b1d1e	6211	}
wolfSSL	16:8e0d178b1d1e	6212
wolfSSL	16:8e0d178b1d1e	6213
wolfSSL	15:117db924cf7c	6214	/* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL	15:117db924cf7c	6215	void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	6216	{
wolfSSL	15:117db924cf7c	6217	/* Note: any resources used during the handshake should be released in the
wolfSSL	15:117db924cf7c	6218	* function FreeHandshakeResources(). Be careful with the special cases
wolfSSL	15:117db924cf7c	6219	* like the RNG which may optionally be kept for the whole session. (For
wolfSSL	15:117db924cf7c	6220	* example with the RNG, it isn't used beyond the handshake except when
wolfSSL	15:117db924cf7c	6221	* using stream ciphers where it is retained. */
wolfSSL	15:117db924cf7c	6222
wolfSSL	15:117db924cf7c	6223	FreeCiphers(ssl);
wolfSSL	15:117db924cf7c	6224	FreeArrays(ssl, 0);
wolfSSL	15:117db924cf7c	6225	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	6226	if (ssl->options.weOwnRng) {
wolfSSL	15:117db924cf7c	6227	wc_FreeRng(ssl->rng);
wolfSSL	15:117db924cf7c	6228	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	15:117db924cf7c	6229	}
wolfSSL	16:8e0d178b1d1e	6230	FreeSuites(ssl);
wolfSSL	15:117db924cf7c	6231	FreeHandshakeHashes(ssl);
wolfSSL	15:117db924cf7c	6232	XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL	15:117db924cf7c	6233
wolfSSL	15:117db924cf7c	6234	/* clear keys struct after session */
wolfSSL	15:117db924cf7c	6235	ForceZero(&ssl->keys, sizeof(Keys));
wolfSSL	15:117db924cf7c	6236
wolfSSL	16:8e0d178b1d1e	6237	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	6238	if (ssl->options.tls1_3) {
wolfSSL	16:8e0d178b1d1e	6239	ForceZero(&ssl->clientSecret, sizeof(ssl->clientSecret));
wolfSSL	16:8e0d178b1d1e	6240	ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret));
wolfSSL	16:8e0d178b1d1e	6241	}
wolfSSL	16:8e0d178b1d1e	6242	#endif
wolfSSL	16:8e0d178b1d1e	6243
wolfSSL	15:117db924cf7c	6244	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6245	if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL	15:117db924cf7c	6246	ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL	15:117db924cf7c	6247	ssl->buffers.serverDH_Priv.length);
wolfSSL	15:117db924cf7c	6248	}
wolfSSL	15:117db924cf7c	6249	XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL	15:117db924cf7c	6250	XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6251	/* parameters (p,g) may be owned by ctx */
wolfSSL	15:117db924cf7c	6252	if (ssl->buffers.weOwnDH) {
wolfSSL	15:117db924cf7c	6253	XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6254	XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6255	}
wolfSSL	15:117db924cf7c	6256	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	6257	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	6258	ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL	15:117db924cf7c	6259	wolfSSL_UnloadCertsKeys(ssl);
wolfSSL	15:117db924cf7c	6260	#endif
wolfSSL	15:117db924cf7c	6261	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6262	FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL	15:117db924cf7c	6263	ssl->peerRsaKeyPresent = 0;
wolfSSL	15:117db924cf7c	6264	#endif
wolfSSL	16:8e0d178b1d1e	6265	#ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL	16:8e0d178b1d1e	6266	XFREE(ssl->peerTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	16:8e0d178b1d1e	6267	#endif
wolfSSL	15:117db924cf7c	6268	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	6269	ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL	15:117db924cf7c	6270	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	6271	ShrinkOutputBuffer(ssl);
wolfSSL	15:117db924cf7c	6272	#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	6273	XFREE(ssl->buffers.tls13CookieSecret.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	6274	DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL	15:117db924cf7c	6275	#endif
wolfSSL	15:117db924cf7c	6276	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	6277	DtlsMsgPoolReset(ssl);
wolfSSL	15:117db924cf7c	6278	if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL	15:117db924cf7c	6279	DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL	15:117db924cf7c	6280	ssl->dtls_rx_msg_list = NULL;
wolfSSL	15:117db924cf7c	6281	ssl->dtls_rx_msg_list_sz = 0;
wolfSSL	15:117db924cf7c	6282	}
wolfSSL	15:117db924cf7c	6283	XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL	15:117db924cf7c	6284	ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL	15:117db924cf7c	6285	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	6286	XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	6287	DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL	15:117db924cf7c	6288	#endif
wolfSSL	15:117db924cf7c	6289	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	6290	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	6291	if (ssl->biord != ssl->biowr) /* only free write if different */
wolfSSL	15:117db924cf7c	6292	wolfSSL_BIO_free(ssl->biowr);
wolfSSL	15:117db924cf7c	6293	wolfSSL_BIO_free(ssl->biord); /* always free read bio */
wolfSSL	16:8e0d178b1d1e	6294	ssl->biowr = NULL;
wolfSSL	16:8e0d178b1d1e	6295	ssl->biord = NULL;
wolfSSL	15:117db924cf7c	6296	#endif
wolfSSL	15:117db924cf7c	6297	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	6298	FreeStreams(ssl);
wolfSSL	15:117db924cf7c	6299	#endif
wolfSSL	15:117db924cf7c	6300	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6301	FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	6302	ssl->peerEccKeyPresent = 0;
wolfSSL	15:117db924cf7c	6303	FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL	15:117db924cf7c	6304	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	15:117db924cf7c	6305	#endif
wolfSSL	16:8e0d178b1d1e	6306	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\|defined(HAVE_CURVE448)
wolfSSL	16:8e0d178b1d1e	6307	{
wolfSSL	16:8e0d178b1d1e	6308	int dtype = 0;
wolfSSL	15:117db924cf7c	6309	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6310	dtype = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	6311	#endif
wolfSSL	15:117db924cf7c	6312	#ifdef HAVE_CURVE25519
wolfSSL	16:8e0d178b1d1e	6313	if (ssl->peerX25519KeyPresent
wolfSSL	15:117db924cf7c	6314	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	6315	\|\| ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519
wolfSSL	15:117db924cf7c	6316	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	6317	)
wolfSSL	16:8e0d178b1d1e	6318	{
wolfSSL	15:117db924cf7c	6319	dtype = DYNAMIC_TYPE_CURVE25519;
wolfSSL	16:8e0d178b1d1e	6320	}
wolfSSL	15:117db924cf7c	6321	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	6322	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6323	if (ssl->peerX448KeyPresent
wolfSSL	16:8e0d178b1d1e	6324	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	6325	\|\| ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE448
wolfSSL	16:8e0d178b1d1e	6326	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	6327	)
wolfSSL	16:8e0d178b1d1e	6328	{
wolfSSL	16:8e0d178b1d1e	6329	dtype = DYNAMIC_TYPE_CURVE448;
wolfSSL	16:8e0d178b1d1e	6330	}
wolfSSL	16:8e0d178b1d1e	6331	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6332	FreeKey(ssl, dtype, (void**)&ssl->eccTempKey);
wolfSSL	15:117db924cf7c	6333	ssl->eccTempKeyPresent = 0;
wolfSSL	15:117db924cf7c	6334	}
wolfSSL	16:8e0d178b1d1e	6335	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6336	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6337	FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	6338	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	6339	#endif
wolfSSL	15:117db924cf7c	6340	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	6341	FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
wolfSSL	15:117db924cf7c	6342	ssl->peerEd25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	6343	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	6344	if (ssl->buffers.peerEd25519Key.buffer != NULL) {
wolfSSL	15:117db924cf7c	6345	XFREE(ssl->buffers.peerEd25519Key.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	6346	DYNAMIC_TYPE_ED25519);
wolfSSL	15:117db924cf7c	6347	ssl->buffers.peerEd25519Key.buffer = NULL;
wolfSSL	15:117db924cf7c	6348	}
wolfSSL	15:117db924cf7c	6349	#endif
wolfSSL	15:117db924cf7c	6350	#endif
wolfSSL	16:8e0d178b1d1e	6351	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6352	FreeKey(ssl, DYNAMIC_TYPE_CURVE448, (void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	6353	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6354	#endif
wolfSSL	16:8e0d178b1d1e	6355	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6356	FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key);
wolfSSL	16:8e0d178b1d1e	6357	ssl->peerEd448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6358	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	6359	if (ssl->buffers.peerEd448Key.buffer != NULL) {
wolfSSL	16:8e0d178b1d1e	6360	XFREE(ssl->buffers.peerEd448Key.buffer, ssl->heap,
wolfSSL	16:8e0d178b1d1e	6361	DYNAMIC_TYPE_ED448);
wolfSSL	16:8e0d178b1d1e	6362	ssl->buffers.peerEd448Key.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	6363	}
wolfSSL	16:8e0d178b1d1e	6364	#endif
wolfSSL	16:8e0d178b1d1e	6365	#endif
wolfSSL	15:117db924cf7c	6366	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	6367	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6368	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	15:117db924cf7c	6369	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6370	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6371	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	15:117db924cf7c	6372	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	6373	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	6374	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	6375	TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL	15:117db924cf7c	6376
wolfSSL	15:117db924cf7c	6377	#ifdef HAVE_ALPN
wolfSSL	15:117db924cf7c	6378	if (ssl->alpn_client_list != NULL) {
wolfSSL	15:117db924cf7c	6379	XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
wolfSSL	15:117db924cf7c	6380	ssl->alpn_client_list = NULL;
wolfSSL	15:117db924cf7c	6381	}
wolfSSL	15:117db924cf7c	6382	#endif
wolfSSL	15:117db924cf7c	6383	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	16:8e0d178b1d1e	6384	#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
wolfSSL	16:8e0d178b1d1e	6385	if (ssl->mnCtx) {
wolfSSL	16:8e0d178b1d1e	6386	mynewt_ctx_clear(ssl->mnCtx);
wolfSSL	16:8e0d178b1d1e	6387	ssl->mnCtx = NULL;
wolfSSL	16:8e0d178b1d1e	6388	}
wolfSSL	16:8e0d178b1d1e	6389	#endif
wolfSSL	15:117db924cf7c	6390	#ifdef HAVE_NETX
wolfSSL	15:117db924cf7c	6391	if (ssl->nxCtx.nxPacket)
wolfSSL	15:117db924cf7c	6392	nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL	15:117db924cf7c	6393	#endif
wolfSSL	15:117db924cf7c	6394	#ifdef KEEP_PEER_CERT
wolfSSL	15:117db924cf7c	6395	FreeX509(&ssl->peerCert);
wolfSSL	15:117db924cf7c	6396	#endif
wolfSSL	15:117db924cf7c	6397
wolfSSL	15:117db924cf7c	6398	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	6399	if (ssl->session.isDynamic) {
wolfSSL	15:117db924cf7c	6400	XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL	15:117db924cf7c	6401	ssl->session.ticket = ssl->session.staticTicket;
wolfSSL	15:117db924cf7c	6402	ssl->session.isDynamic = 0;
wolfSSL	15:117db924cf7c	6403	ssl->session.ticketLen = 0;
wolfSSL	15:117db924cf7c	6404	}
wolfSSL	15:117db924cf7c	6405	#endif
wolfSSL	15:117db924cf7c	6406	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	6407	wolfSSL_SESSION_free(ssl->extSession);
wolfSSL	15:117db924cf7c	6408	#endif
wolfSSL	15:117db924cf7c	6409	#ifdef HAVE_WRITE_DUP
wolfSSL	15:117db924cf7c	6410	if (ssl->dupWrite) {
wolfSSL	15:117db924cf7c	6411	FreeWriteDup(ssl);
wolfSSL	15:117db924cf7c	6412	}
wolfSSL	15:117db924cf7c	6413	#endif
wolfSSL	16:8e0d178b1d1e	6414	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	6415	if (ssl->param) {
wolfSSL	16:8e0d178b1d1e	6416	XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL	16:8e0d178b1d1e	6417	}
wolfSSL	16:8e0d178b1d1e	6418	#endif
wolfSSL	15:117db924cf7c	6419	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	15:117db924cf7c	6420	while (ssl->certReqCtx != NULL) {
wolfSSL	15:117db924cf7c	6421	CertReqCtx* curr = ssl->certReqCtx;
wolfSSL	15:117db924cf7c	6422	ssl->certReqCtx = curr->next;
wolfSSL	15:117db924cf7c	6423	XFREE(curr, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	15:117db924cf7c	6424	}
wolfSSL	15:117db924cf7c	6425	#endif
wolfSSL	15:117db924cf7c	6426
wolfSSL	15:117db924cf7c	6427	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	15:117db924cf7c	6428	/* check if using fixed io buffers and free them */
wolfSSL	15:117db924cf7c	6429	if (ssl->heap != NULL) {
wolfSSL	15:117db924cf7c	6430	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	6431	/* avoid dereferencing a test value */
wolfSSL	15:117db924cf7c	6432	if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL	15:117db924cf7c	6433	#endif
wolfSSL	15:117db924cf7c	6434	WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL	15:117db924cf7c	6435	WOLFSSL_HEAP* ctx_heap;
wolfSSL	15:117db924cf7c	6436	void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap;
wolfSSL	15:117db924cf7c	6437
wolfSSL	15:117db924cf7c	6438	ctx_heap = ssl_hint->memory;
wolfSSL	15:117db924cf7c	6439	if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL	15:117db924cf7c	6440	WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL	15:117db924cf7c	6441	}
wolfSSL	15:117db924cf7c	6442	ctx_heap->curIO--;
wolfSSL	15:117db924cf7c	6443	if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
wolfSSL	15:117db924cf7c	6444	WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL	15:117db924cf7c	6445	}
wolfSSL	15:117db924cf7c	6446	if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
wolfSSL	15:117db924cf7c	6447	WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL	15:117db924cf7c	6448	}
wolfSSL	15:117db924cf7c	6449	if (ssl_hint->haFlag) { /* check if handshake count has been decreased*/
wolfSSL	15:117db924cf7c	6450	ctx_heap->curHa--;
wolfSSL	15:117db924cf7c	6451	}
wolfSSL	15:117db924cf7c	6452	wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL	15:117db924cf7c	6453
wolfSSL	15:117db924cf7c	6454	/* check if tracking stats */
wolfSSL	15:117db924cf7c	6455	if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
wolfSSL	15:117db924cf7c	6456	XFREE(ssl_hint->stats, heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	6457	}
wolfSSL	15:117db924cf7c	6458	XFREE(ssl->heap, heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	6459	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	6460	}
wolfSSL	15:117db924cf7c	6461	#endif
wolfSSL	15:117db924cf7c	6462	}
wolfSSL	15:117db924cf7c	6463	#endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL	16:8e0d178b1d1e	6464	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	6465	wolfSSL_sk_CIPHER_free(ssl->supportedCiphers);
wolfSSL	16:8e0d178b1d1e	6466	wolfSSL_sk_X509_free(ssl->peerCertChain);
wolfSSL	16:8e0d178b1d1e	6467	#endif
wolfSSL	15:117db924cf7c	6468	}
wolfSSL	15:117db924cf7c	6469
wolfSSL	15:117db924cf7c	6470	/* Free any handshake resources no longer needed */
wolfSSL	15:117db924cf7c	6471	void FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	6472	{
wolfSSL	15:117db924cf7c	6473
wolfSSL	15:117db924cf7c	6474	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	6475	if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL	15:117db924cf7c	6476	WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
wolfSSL	15:117db924cf7c	6477	return;
wolfSSL	15:117db924cf7c	6478	}
wolfSSL	15:117db924cf7c	6479	#endif
wolfSSL	15:117db924cf7c	6480
wolfSSL	15:117db924cf7c	6481	/* input buffer */
wolfSSL	15:117db924cf7c	6482	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	6483	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	15:117db924cf7c	6484
wolfSSL	16:8e0d178b1d1e	6485	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	16:8e0d178b1d1e	6486	if (!ssl->options.tls1_3)
wolfSSL	16:8e0d178b1d1e	6487	#endif
wolfSSL	16:8e0d178b1d1e	6488	{
wolfSSL	16:8e0d178b1d1e	6489	#ifndef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	6490	/* free suites unless using compatibility layer */
wolfSSL	16:8e0d178b1d1e	6491	FreeSuites(ssl);
wolfSSL	16:8e0d178b1d1e	6492	#endif
wolfSSL	16:8e0d178b1d1e	6493	/* hsHashes */
wolfSSL	16:8e0d178b1d1e	6494	FreeHandshakeHashes(ssl);
wolfSSL	16:8e0d178b1d1e	6495	}
wolfSSL	15:117db924cf7c	6496
wolfSSL	15:117db924cf7c	6497	/* RNG */
wolfSSL	16:8e0d178b1d1e	6498	if (ssl->options.tls1_1 == 0
wolfSSL	16:8e0d178b1d1e	6499	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	6500	\|\| ssl->specs.cipher_type == stream
wolfSSL	16:8e0d178b1d1e	6501	#endif
wolfSSL	16:8e0d178b1d1e	6502	#if defined(WOLFSSL_TLS13)
wolfSSL	16:8e0d178b1d1e	6503	#if !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	16:8e0d178b1d1e	6504	\|\| ssl->options.tls1_3
wolfSSL	16:8e0d178b1d1e	6505	#elif !defined(HAVE_SESSION_TICKET)
wolfSSL	16:8e0d178b1d1e	6506	\|\| (ssl->options.tls1_3 && ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL	16:8e0d178b1d1e	6507	#endif
wolfSSL	16:8e0d178b1d1e	6508	#endif
wolfSSL	16:8e0d178b1d1e	6509	) {
wolfSSL	15:117db924cf7c	6510	if (ssl->options.weOwnRng) {
wolfSSL	15:117db924cf7c	6511	wc_FreeRng(ssl->rng);
wolfSSL	15:117db924cf7c	6512	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	15:117db924cf7c	6513	ssl->rng = NULL;
wolfSSL	15:117db924cf7c	6514	ssl->options.weOwnRng = 0;
wolfSSL	15:117db924cf7c	6515	}
wolfSSL	15:117db924cf7c	6516	}
wolfSSL	15:117db924cf7c	6517
wolfSSL	15:117db924cf7c	6518	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	6519	/* DTLS_POOL */
wolfSSL	15:117db924cf7c	6520	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	6521	DtlsMsgPoolReset(ssl);
wolfSSL	15:117db924cf7c	6522	DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL	15:117db924cf7c	6523	ssl->dtls_rx_msg_list = NULL;
wolfSSL	15:117db924cf7c	6524	ssl->dtls_rx_msg_list_sz = 0;
wolfSSL	15:117db924cf7c	6525	}
wolfSSL	15:117db924cf7c	6526	#endif
wolfSSL	15:117db924cf7c	6527
wolfSSL	16:8e0d178b1d1e	6528	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
wolfSSL	16:8e0d178b1d1e	6529	defined(HAVE_SESSION_TICKET)
wolfSSL	16:8e0d178b1d1e	6530	if (!ssl->options.tls1_3)
wolfSSL	16:8e0d178b1d1e	6531	#endif
wolfSSL	16:8e0d178b1d1e	6532	/* arrays */
wolfSSL	16:8e0d178b1d1e	6533	if (ssl->options.saveArrays == 0)
wolfSSL	16:8e0d178b1d1e	6534	FreeArrays(ssl, 1);
wolfSSL	16:8e0d178b1d1e	6535
wolfSSL	16:8e0d178b1d1e	6536	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	16:8e0d178b1d1e	6537	if (!ssl->options.tls1_3 \|\| ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	16:8e0d178b1d1e	6538	#endif
wolfSSL	16:8e0d178b1d1e	6539	{
wolfSSL	15:117db924cf7c	6540	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	6541	/* peerRsaKey */
wolfSSL	16:8e0d178b1d1e	6542	FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL	16:8e0d178b1d1e	6543	ssl->peerRsaKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6544	#endif
wolfSSL	16:8e0d178b1d1e	6545	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	6546	FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL	16:8e0d178b1d1e	6547	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6548	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	6549	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	6550	FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key);
wolfSSL	16:8e0d178b1d1e	6551	ssl->peerEd25519KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6552	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	6553	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6554	FreeKey(ssl, DYNAMIC_TYPE_ED448, (void**)&ssl->peerEd448Key);
wolfSSL	16:8e0d178b1d1e	6555	ssl->peerEd448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6556	#endif /* HAVE_ED448 */
wolfSSL	16:8e0d178b1d1e	6557	}
wolfSSL	15:117db924cf7c	6558
wolfSSL	15:117db924cf7c	6559	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6560	FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	6561	ssl->peerEccKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6562	#endif
wolfSSL	16:8e0d178b1d1e	6563	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	6564	{
wolfSSL	15:117db924cf7c	6565	int dtype;
wolfSSL	15:117db924cf7c	6566	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6567	dtype = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	6568	#endif
wolfSSL	15:117db924cf7c	6569	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6570	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6571	if (ssl->peerX25519KeyPresent \|\|
wolfSSL	15:117db924cf7c	6572	ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519)
wolfSSL	15:117db924cf7c	6573	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6574	{
wolfSSL	15:117db924cf7c	6575	dtype = DYNAMIC_TYPE_CURVE25519;
wolfSSL	15:117db924cf7c	6576	}
wolfSSL	15:117db924cf7c	6577	#endif /* HAVE_CURVE25519 */
wolfSSL	16:8e0d178b1d1e	6578	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6579	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	6580	if (ssl->peerX448KeyPresent \|\|
wolfSSL	16:8e0d178b1d1e	6581	ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE448)
wolfSSL	16:8e0d178b1d1e	6582	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	6583	{
wolfSSL	16:8e0d178b1d1e	6584	dtype = DYNAMIC_TYPE_CURVE448;
wolfSSL	16:8e0d178b1d1e	6585	}
wolfSSL	16:8e0d178b1d1e	6586	#endif /* HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6587	FreeKey(ssl, dtype, (void**)&ssl->eccTempKey);
wolfSSL	15:117db924cf7c	6588	ssl->eccTempKeyPresent = 0;
wolfSSL	15:117db924cf7c	6589	}
wolfSSL	16:8e0d178b1d1e	6590	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	6591	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	6592	FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	6593	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	6594	#endif
wolfSSL	16:8e0d178b1d1e	6595	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	6596	FreeKey(ssl, DYNAMIC_TYPE_CURVE448, (void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	6597	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	6598	#endif
wolfSSL	16:8e0d178b1d1e	6599
wolfSSL	15:117db924cf7c	6600	#ifndef NO_DH
wolfSSL	15:117db924cf7c	6601	if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL	15:117db924cf7c	6602	ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL	15:117db924cf7c	6603	ssl->buffers.serverDH_Priv.length);
wolfSSL	15:117db924cf7c	6604	}
wolfSSL	15:117db924cf7c	6605	XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL	15:117db924cf7c	6606	ssl->buffers.serverDH_Priv.buffer = NULL;
wolfSSL	15:117db924cf7c	6607	XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6608	ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL	15:117db924cf7c	6609	/* parameters (p,g) may be owned by ctx */
wolfSSL	15:117db924cf7c	6610	if (ssl->buffers.weOwnDH) {
wolfSSL	15:117db924cf7c	6611	XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6612	ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL	15:117db924cf7c	6613	XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	6614	ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL	15:117db924cf7c	6615	}
wolfSSL	15:117db924cf7c	6616	#endif /* !NO_DH */
wolfSSL	16:8e0d178b1d1e	6617
wolfSSL	15:117db924cf7c	6618	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	6619	wolfSSL_UnloadCertsKeys(ssl);
wolfSSL	15:117db924cf7c	6620	#endif
wolfSSL	15:117db924cf7c	6621	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	6622	#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	16:8e0d178b1d1e	6623	if (!ssl->options.tls1_3 \|\| ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	16:8e0d178b1d1e	6624	#endif
wolfSSL	16:8e0d178b1d1e	6625	{
wolfSSL	15:117db924cf7c	6626	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	6627	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	15:117db924cf7c	6628	ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL	15:117db924cf7c	6629	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	6630	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	6631	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	15:117db924cf7c	6632	ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL	15:117db924cf7c	6633	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	6634	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	6635	XFREE(ssl->buffers.peerEd25519Key.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	6636	DYNAMIC_TYPE_ED25519);
wolfSSL	15:117db924cf7c	6637	ssl->buffers.peerEd25519Key.buffer = NULL;
wolfSSL	15:117db924cf7c	6638	#endif
wolfSSL	16:8e0d178b1d1e	6639	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	6640	XFREE(ssl->buffers.peerEd448Key.buffer, ssl->heap, DYNAMIC_TYPE_ED448);
wolfSSL	16:8e0d178b1d1e	6641	ssl->buffers.peerEd448Key.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	6642	#endif
wolfSSL	16:8e0d178b1d1e	6643	}
wolfSSL	15:117db924cf7c	6644	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	6645
wolfSSL	15:117db924cf7c	6646	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	6647	QSH_FreeAll(ssl);
wolfSSL	15:117db924cf7c	6648	#endif
wolfSSL	15:117db924cf7c	6649
wolfSSL	15:117db924cf7c	6650	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	6651	if (ssl->session.isDynamic) {
wolfSSL	15:117db924cf7c	6652	XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL	15:117db924cf7c	6653	ssl->session.ticket = ssl->session.staticTicket;
wolfSSL	15:117db924cf7c	6654	ssl->session.isDynamic = 0;
wolfSSL	15:117db924cf7c	6655	ssl->session.ticketLen = 0;
wolfSSL	15:117db924cf7c	6656	}
wolfSSL	15:117db924cf7c	6657	#endif
wolfSSL	15:117db924cf7c	6658
wolfSSL	16:8e0d178b1d1e	6659	#if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
wolfSSL	16:8e0d178b1d1e	6660	!defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL	16:8e0d178b1d1e	6661	/* Some extensions need to be kept for post-handshake querying. */
wolfSSL	16:8e0d178b1d1e	6662	TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL	16:8e0d178b1d1e	6663	ssl->extensions = NULL;
wolfSSL	16:8e0d178b1d1e	6664	#endif
wolfSSL	16:8e0d178b1d1e	6665
wolfSSL	15:117db924cf7c	6666	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	15:117db924cf7c	6667	/* when done with handshake decrement current handshake count */
wolfSSL	15:117db924cf7c	6668	if (ssl->heap != NULL) {
wolfSSL	15:117db924cf7c	6669	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	6670	/* avoid dereferencing a test value */
wolfSSL	15:117db924cf7c	6671	if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL	15:117db924cf7c	6672	#endif
wolfSSL	15:117db924cf7c	6673	WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL	15:117db924cf7c	6674	WOLFSSL_HEAP* ctx_heap;
wolfSSL	15:117db924cf7c	6675
wolfSSL	15:117db924cf7c	6676	ctx_heap = ssl_hint->memory;
wolfSSL	15:117db924cf7c	6677	if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL	15:117db924cf7c	6678	WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL	15:117db924cf7c	6679	}
wolfSSL	15:117db924cf7c	6680	ctx_heap->curHa--;
wolfSSL	15:117db924cf7c	6681	ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */
wolfSSL	15:117db924cf7c	6682	wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL	15:117db924cf7c	6683	#ifdef WOLFSSL_HEAP_TEST
wolfSSL	15:117db924cf7c	6684	}
wolfSSL	15:117db924cf7c	6685	#endif
wolfSSL	15:117db924cf7c	6686	}
wolfSSL	15:117db924cf7c	6687	#endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL	15:117db924cf7c	6688	}
wolfSSL	15:117db924cf7c	6689
wolfSSL	15:117db924cf7c	6690
wolfSSL	15:117db924cf7c	6691	/* heap argument is the heap hint used when creating SSL */
wolfSSL	15:117db924cf7c	6692	void FreeSSL(WOLFSSL* ssl, void* heap)
wolfSSL	15:117db924cf7c	6693	{
wolfSSL	15:117db924cf7c	6694	if (ssl->ctx) {
wolfSSL	16:8e0d178b1d1e	6695	FreeSSL_Ctx(ssl->ctx); /* will decrement and free underlying CTX if 0 */
wolfSSL	15:117db924cf7c	6696	}
wolfSSL	15:117db924cf7c	6697	SSL_ResourceFree(ssl);
wolfSSL	15:117db924cf7c	6698	XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
wolfSSL	15:117db924cf7c	6699	(void)heap;
wolfSSL	15:117db924cf7c	6700	}
wolfSSL	15:117db924cf7c	6701
wolfSSL	15:117db924cf7c	6702	#if !defined(NO_OLD_TLS) \|\| defined(WOLFSSL_DTLS) \|\| \
wolfSSL	15:117db924cf7c	6703	((defined(HAVE_CHACHA) \|\| defined(HAVE_AESCCM) \|\| defined(HAVE_AESGCM)) \
wolfSSL	15:117db924cf7c	6704	&& defined(HAVE_AEAD))
wolfSSL	16:8e0d178b1d1e	6705
wolfSSL	16:8e0d178b1d1e	6706	#if defined(WOLFSSL_DTLS) \|\| !defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	6707	static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL	15:117db924cf7c	6708	{
wolfSSL	15:117db924cf7c	6709	if (verify) {
wolfSSL	15:117db924cf7c	6710	seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL	15:117db924cf7c	6711	seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL	15:117db924cf7c	6712	if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL	15:117db924cf7c	6713	/* handle rollover */
wolfSSL	15:117db924cf7c	6714	ssl->keys.peer_sequence_number_hi++;
wolfSSL	15:117db924cf7c	6715	}
wolfSSL	15:117db924cf7c	6716	}
wolfSSL	15:117db924cf7c	6717	else {
wolfSSL	15:117db924cf7c	6718	seq[0] = ssl->keys.sequence_number_hi;
wolfSSL	15:117db924cf7c	6719	seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL	15:117db924cf7c	6720	if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL	15:117db924cf7c	6721	/* handle rollover */
wolfSSL	15:117db924cf7c	6722	ssl->keys.sequence_number_hi++;
wolfSSL	15:117db924cf7c	6723	}
wolfSSL	15:117db924cf7c	6724	}
wolfSSL	15:117db924cf7c	6725	}
wolfSSL	16:8e0d178b1d1e	6726	#endif /* WOLFSSL_DTLS \|\| !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	6727
wolfSSL	15:117db924cf7c	6728
wolfSSL	15:117db924cf7c	6729	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	6730	static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL	15:117db924cf7c	6731	{
wolfSSL	15:117db924cf7c	6732	if (order == PREV_ORDER) {
wolfSSL	15:117db924cf7c	6733	/* Previous epoch case */
wolfSSL	15:117db924cf7c	6734	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	6735	#ifdef WOLFSSL_MULTICAST
wolfSSL	16:8e0d178b1d1e	6736	seq[0] = (((word32)ssl->keys.dtls_epoch - 1) << 16) \|
wolfSSL	15:117db924cf7c	6737	(ssl->options.mcastID << 8) \|
wolfSSL	15:117db924cf7c	6738	(ssl->keys.dtls_prev_sequence_number_hi & 0xFF);
wolfSSL	15:117db924cf7c	6739	#endif
wolfSSL	15:117db924cf7c	6740	}
wolfSSL	15:117db924cf7c	6741	else
wolfSSL	16:8e0d178b1d1e	6742	seq[0] = (((word32)ssl->keys.dtls_epoch - 1) << 16) \|
wolfSSL	15:117db924cf7c	6743	(ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL	15:117db924cf7c	6744	seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL	15:117db924cf7c	6745	}
wolfSSL	15:117db924cf7c	6746	else if (order == PEER_ORDER) {
wolfSSL	15:117db924cf7c	6747	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	6748	#ifdef WOLFSSL_MULTICAST
wolfSSL	16:8e0d178b1d1e	6749	seq[0] = ((word32)ssl->keys.curEpoch << 16) \|
wolfSSL	15:117db924cf7c	6750	(ssl->keys.curPeerId << 8) \|
wolfSSL	15:117db924cf7c	6751	(ssl->keys.curSeq_hi & 0xFF);
wolfSSL	15:117db924cf7c	6752	#endif
wolfSSL	15:117db924cf7c	6753	}
wolfSSL	15:117db924cf7c	6754	else
wolfSSL	16:8e0d178b1d1e	6755	seq[0] = ((word32)ssl->keys.curEpoch << 16) \|
wolfSSL	15:117db924cf7c	6756	(ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL	15:117db924cf7c	6757	seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL	15:117db924cf7c	6758	}
wolfSSL	15:117db924cf7c	6759	else {
wolfSSL	15:117db924cf7c	6760	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	6761	#ifdef WOLFSSL_MULTICAST
wolfSSL	16:8e0d178b1d1e	6762	seq[0] = ((word32)ssl->keys.dtls_epoch << 16) \|
wolfSSL	15:117db924cf7c	6763	(ssl->options.mcastID << 8) \|
wolfSSL	15:117db924cf7c	6764	(ssl->keys.dtls_sequence_number_hi & 0xFF);
wolfSSL	15:117db924cf7c	6765	#endif
wolfSSL	15:117db924cf7c	6766	}
wolfSSL	15:117db924cf7c	6767	else
wolfSSL	16:8e0d178b1d1e	6768	seq[0] = ((word32)ssl->keys.dtls_epoch << 16) \|
wolfSSL	15:117db924cf7c	6769	(ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL	15:117db924cf7c	6770	seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL	15:117db924cf7c	6771	}
wolfSSL	15:117db924cf7c	6772	}
wolfSSL	15:117db924cf7c	6773
wolfSSL	15:117db924cf7c	6774	static WC_INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order)
wolfSSL	15:117db924cf7c	6775	{
wolfSSL	15:117db924cf7c	6776	word32 seq;
wolfSSL	15:117db924cf7c	6777
wolfSSL	15:117db924cf7c	6778	if (order == PREV_ORDER) {
wolfSSL	15:117db924cf7c	6779	seq = ssl->keys.dtls_prev_sequence_number_lo++;
wolfSSL	15:117db924cf7c	6780	if (seq > ssl->keys.dtls_prev_sequence_number_lo) {
wolfSSL	15:117db924cf7c	6781	/* handle rollover */
wolfSSL	15:117db924cf7c	6782	ssl->keys.dtls_prev_sequence_number_hi++;
wolfSSL	15:117db924cf7c	6783	}
wolfSSL	15:117db924cf7c	6784	}
wolfSSL	15:117db924cf7c	6785	else if (order == PEER_ORDER) {
wolfSSL	15:117db924cf7c	6786	seq = ssl->keys.peer_sequence_number_lo++;
wolfSSL	15:117db924cf7c	6787	if (seq > ssl->keys.peer_sequence_number_lo) {
wolfSSL	15:117db924cf7c	6788	/* handle rollover */
wolfSSL	15:117db924cf7c	6789	ssl->keys.peer_sequence_number_hi++;
wolfSSL	15:117db924cf7c	6790	}
wolfSSL	15:117db924cf7c	6791	}
wolfSSL	15:117db924cf7c	6792	else {
wolfSSL	15:117db924cf7c	6793	seq = ssl->keys.dtls_sequence_number_lo++;
wolfSSL	15:117db924cf7c	6794	if (seq > ssl->keys.dtls_sequence_number_lo) {
wolfSSL	15:117db924cf7c	6795	/* handle rollover */
wolfSSL	15:117db924cf7c	6796	ssl->keys.dtls_sequence_number_hi++;
wolfSSL	15:117db924cf7c	6797	}
wolfSSL	15:117db924cf7c	6798	}
wolfSSL	15:117db924cf7c	6799	}
wolfSSL	15:117db924cf7c	6800	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	6801
wolfSSL	16:8e0d178b1d1e	6802	#if defined(WOLFSSL_DTLS) \|\| !defined(WOLFSSL_NO_TLS12)
wolfSSL	15:117db924cf7c	6803	static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL	15:117db924cf7c	6804	{
wolfSSL	15:117db924cf7c	6805	word32 seq[2] = {0, 0};
wolfSSL	15:117db924cf7c	6806
wolfSSL	15:117db924cf7c	6807	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	6808	GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL	15:117db924cf7c	6809	}
wolfSSL	15:117db924cf7c	6810	else {
wolfSSL	15:117db924cf7c	6811	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	6812	DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL	15:117db924cf7c	6813	#endif
wolfSSL	15:117db924cf7c	6814	}
wolfSSL	15:117db924cf7c	6815
wolfSSL	15:117db924cf7c	6816	c32toa(seq[0], out);
wolfSSL	15:117db924cf7c	6817	c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL	15:117db924cf7c	6818	}
wolfSSL	16:8e0d178b1d1e	6819	#endif /* WOLFSSL_DTLS \|\| !WOLFSSL_NO_TLS12 */
wolfSSL	16:8e0d178b1d1e	6820	#endif /* !NO_OLD_TLS \|\| WOLFSSL_DTLS \|\|
wolfSSL	16:8e0d178b1d1e	6821	* ((HAVE_CHACHA \|\| HAVE_AESCCM \|\| HAVE_AESGCM) && HAVE_AEAD) */
wolfSSL	15:117db924cf7c	6822
wolfSSL	15:117db924cf7c	6823	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	6824
wolfSSL	15:117db924cf7c	6825	/* functions for managing DTLS datagram reordering */
wolfSSL	15:117db924cf7c	6826
wolfSSL	15:117db924cf7c	6827	/* Need to allocate space for the handshake message header. The hashing
wolfSSL	15:117db924cf7c	6828	* routines assume the message pointer is still within the buffer that
wolfSSL	15:117db924cf7c	6829	* has the headers, and will include those headers in the hash. The store
wolfSSL	15:117db924cf7c	6830	* routines need to take that into account as well. New will allocate
wolfSSL	15:117db924cf7c	6831	* extra space for the headers. */
wolfSSL	15:117db924cf7c	6832	DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL	15:117db924cf7c	6833	{
wolfSSL	16:8e0d178b1d1e	6834	DtlsMsg* msg;
wolfSSL	15:117db924cf7c	6835
wolfSSL	15:117db924cf7c	6836	(void)heap;
wolfSSL	15:117db924cf7c	6837	msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	15:117db924cf7c	6838
wolfSSL	15:117db924cf7c	6839	if (msg != NULL) {
wolfSSL	15:117db924cf7c	6840	XMEMSET(msg, 0, sizeof(DtlsMsg));
wolfSSL	15:117db924cf7c	6841	msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	15:117db924cf7c	6842	heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL	15:117db924cf7c	6843	if (msg->buf != NULL) {
wolfSSL	15:117db924cf7c	6844	msg->sz = sz;
wolfSSL	15:117db924cf7c	6845	msg->type = no_shake;
wolfSSL	15:117db924cf7c	6846	msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	6847	}
wolfSSL	15:117db924cf7c	6848	else {
wolfSSL	15:117db924cf7c	6849	XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	15:117db924cf7c	6850	msg = NULL;
wolfSSL	15:117db924cf7c	6851	}
wolfSSL	15:117db924cf7c	6852	}
wolfSSL	15:117db924cf7c	6853
wolfSSL	15:117db924cf7c	6854	return msg;
wolfSSL	15:117db924cf7c	6855	}
wolfSSL	15:117db924cf7c	6856
wolfSSL	15:117db924cf7c	6857	void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL	15:117db924cf7c	6858	{
wolfSSL	15:117db924cf7c	6859	(void)heap;
wolfSSL	15:117db924cf7c	6860
wolfSSL	15:117db924cf7c	6861	if (item != NULL) {
wolfSSL	15:117db924cf7c	6862	DtlsFrag* cur = item->fragList;
wolfSSL	15:117db924cf7c	6863	while (cur != NULL) {
wolfSSL	15:117db924cf7c	6864	DtlsFrag* next = cur->next;
wolfSSL	15:117db924cf7c	6865	XFREE(cur, heap, DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL	15:117db924cf7c	6866	cur = next;
wolfSSL	15:117db924cf7c	6867	}
wolfSSL	15:117db924cf7c	6868	if (item->buf != NULL)
wolfSSL	15:117db924cf7c	6869	XFREE(item->buf, heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL	15:117db924cf7c	6870	XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	15:117db924cf7c	6871	}
wolfSSL	15:117db924cf7c	6872	}
wolfSSL	15:117db924cf7c	6873
wolfSSL	15:117db924cf7c	6874
wolfSSL	15:117db924cf7c	6875	void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL	15:117db924cf7c	6876	{
wolfSSL	15:117db924cf7c	6877	DtlsMsg* next;
wolfSSL	15:117db924cf7c	6878	while (head) {
wolfSSL	15:117db924cf7c	6879	next = head->next;
wolfSSL	15:117db924cf7c	6880	DtlsMsgDelete(head, heap);
wolfSSL	15:117db924cf7c	6881	head = next;
wolfSSL	15:117db924cf7c	6882	}
wolfSSL	15:117db924cf7c	6883	}
wolfSSL	15:117db924cf7c	6884
wolfSSL	15:117db924cf7c	6885
wolfSSL	15:117db924cf7c	6886	/* Create a DTLS Fragment from begin - end, adjust new begin and bytesLeft */
wolfSSL	15:117db924cf7c	6887	static DtlsFrag* CreateFragment(word32* begin, word32 end, const byte* data,
wolfSSL	15:117db924cf7c	6888	byte* buf, word32* bytesLeft, void* heap)
wolfSSL	15:117db924cf7c	6889	{
wolfSSL	15:117db924cf7c	6890	DtlsFrag* newFrag;
wolfSSL	15:117db924cf7c	6891	word32 added = end - *begin + 1;
wolfSSL	15:117db924cf7c	6892
wolfSSL	15:117db924cf7c	6893	(void)heap;
wolfSSL	15:117db924cf7c	6894	newFrag = (DtlsFrag*)XMALLOC(sizeof(DtlsFrag), heap,
wolfSSL	15:117db924cf7c	6895	DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL	15:117db924cf7c	6896	if (newFrag != NULL) {
wolfSSL	15:117db924cf7c	6897	newFrag->next = NULL;
wolfSSL	15:117db924cf7c	6898	newFrag->begin = *begin;
wolfSSL	15:117db924cf7c	6899	newFrag->end = end;
wolfSSL	15:117db924cf7c	6900
wolfSSL	15:117db924cf7c	6901	XMEMCPY(buf + *begin, data, added);
wolfSSL	15:117db924cf7c	6902	*bytesLeft -= added;
wolfSSL	15:117db924cf7c	6903	*begin = newFrag->end + 1;
wolfSSL	15:117db924cf7c	6904	}
wolfSSL	15:117db924cf7c	6905
wolfSSL	15:117db924cf7c	6906	return newFrag;
wolfSSL	15:117db924cf7c	6907	}
wolfSSL	15:117db924cf7c	6908
wolfSSL	15:117db924cf7c	6909
wolfSSL	15:117db924cf7c	6910	int DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL	15:117db924cf7c	6911	word32 fragOffset, word32 fragSz, void* heap)
wolfSSL	15:117db924cf7c	6912	{
wolfSSL	15:117db924cf7c	6913	if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
wolfSSL	15:117db924cf7c	6914	(fragOffset + fragSz) <= msg->sz) {
wolfSSL	15:117db924cf7c	6915	DtlsFrag* cur = msg->fragList;
wolfSSL	15:117db924cf7c	6916	DtlsFrag* prev = cur;
wolfSSL	15:117db924cf7c	6917	DtlsFrag* newFrag;
wolfSSL	15:117db924cf7c	6918	word32 bytesLeft = fragSz; /* could be overlapping fragment */
wolfSSL	15:117db924cf7c	6919	word32 startOffset = fragOffset;
wolfSSL	15:117db924cf7c	6920	word32 added;
wolfSSL	15:117db924cf7c	6921
wolfSSL	15:117db924cf7c	6922	msg->seq = seq;
wolfSSL	15:117db924cf7c	6923	msg->type = type;
wolfSSL	15:117db924cf7c	6924
wolfSSL	15:117db924cf7c	6925	if (fragOffset == 0) {
wolfSSL	15:117db924cf7c	6926	XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	15:117db924cf7c	6927	DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL	15:117db924cf7c	6928	c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL	15:117db924cf7c	6929	}
wolfSSL	15:117db924cf7c	6930
wolfSSL	16:8e0d178b1d1e	6931	/* if no message data, just return */
wolfSSL	15:117db924cf7c	6932	if (fragSz == 0)
wolfSSL	15:117db924cf7c	6933	return 0;
wolfSSL	15:117db924cf7c	6934
wolfSSL	15:117db924cf7c	6935	/* if list is empty add full fragment to front */
wolfSSL	15:117db924cf7c	6936	if (cur == NULL) {
wolfSSL	15:117db924cf7c	6937	newFrag = CreateFragment(&fragOffset, fragOffset + fragSz - 1, data,
wolfSSL	15:117db924cf7c	6938	msg->msg, &bytesLeft, heap);
wolfSSL	15:117db924cf7c	6939	if (newFrag == NULL)
wolfSSL	15:117db924cf7c	6940	return MEMORY_E;
wolfSSL	15:117db924cf7c	6941
wolfSSL	15:117db924cf7c	6942	msg->fragSz = fragSz;
wolfSSL	15:117db924cf7c	6943	msg->fragList = newFrag;
wolfSSL	15:117db924cf7c	6944
wolfSSL	15:117db924cf7c	6945	return 0;
wolfSSL	15:117db924cf7c	6946	}
wolfSSL	15:117db924cf7c	6947
wolfSSL	15:117db924cf7c	6948	/* add to front if before current front, up to next->begin */
wolfSSL	15:117db924cf7c	6949	if (fragOffset < cur->begin) {
wolfSSL	15:117db924cf7c	6950	word32 end = fragOffset + fragSz - 1;
wolfSSL	15:117db924cf7c	6951
wolfSSL	15:117db924cf7c	6952	if (end >= cur->begin)
wolfSSL	15:117db924cf7c	6953	end = cur->begin - 1;
wolfSSL	15:117db924cf7c	6954
wolfSSL	15:117db924cf7c	6955	added = end - fragOffset + 1;
wolfSSL	15:117db924cf7c	6956	newFrag = CreateFragment(&fragOffset, end, data, msg->msg,
wolfSSL	15:117db924cf7c	6957	&bytesLeft, heap);
wolfSSL	15:117db924cf7c	6958	if (newFrag == NULL)
wolfSSL	15:117db924cf7c	6959	return MEMORY_E;
wolfSSL	15:117db924cf7c	6960
wolfSSL	15:117db924cf7c	6961	msg->fragSz += added;
wolfSSL	15:117db924cf7c	6962
wolfSSL	15:117db924cf7c	6963	newFrag->next = cur;
wolfSSL	15:117db924cf7c	6964	msg->fragList = newFrag;
wolfSSL	15:117db924cf7c	6965	}
wolfSSL	15:117db924cf7c	6966
wolfSSL	15:117db924cf7c	6967	/* while we have bytes left, try to find a gap to fill */
wolfSSL	15:117db924cf7c	6968	while (bytesLeft > 0) {
wolfSSL	15:117db924cf7c	6969	/* get previous packet in list */
wolfSSL	15:117db924cf7c	6970	while (cur && (fragOffset >= cur->begin)) {
wolfSSL	15:117db924cf7c	6971	prev = cur;
wolfSSL	15:117db924cf7c	6972	cur = cur->next;
wolfSSL	15:117db924cf7c	6973	}
wolfSSL	15:117db924cf7c	6974
wolfSSL	15:117db924cf7c	6975	/* don't add duplicate data */
wolfSSL	15:117db924cf7c	6976	if (prev->end >= fragOffset) {
wolfSSL	15:117db924cf7c	6977	if ( (fragOffset + bytesLeft - 1) <= prev->end)
wolfSSL	15:117db924cf7c	6978	return 0;
wolfSSL	15:117db924cf7c	6979	fragOffset = prev->end + 1;
wolfSSL	15:117db924cf7c	6980	bytesLeft = startOffset + fragSz - fragOffset;
wolfSSL	15:117db924cf7c	6981	}
wolfSSL	15:117db924cf7c	6982
wolfSSL	15:117db924cf7c	6983	if (cur == NULL)
wolfSSL	15:117db924cf7c	6984	/* we're at the end */
wolfSSL	15:117db924cf7c	6985	added = bytesLeft;
wolfSSL	15:117db924cf7c	6986	else
wolfSSL	15:117db924cf7c	6987	/* we're in between two frames */
wolfSSL	15:117db924cf7c	6988	added = min(bytesLeft, cur->begin - fragOffset);
wolfSSL	15:117db924cf7c	6989
wolfSSL	15:117db924cf7c	6990	/* data already there */
wolfSSL	15:117db924cf7c	6991	if (added == 0)
wolfSSL	15:117db924cf7c	6992	continue;
wolfSSL	15:117db924cf7c	6993
wolfSSL	15:117db924cf7c	6994	newFrag = CreateFragment(&fragOffset, fragOffset + added - 1,
wolfSSL	15:117db924cf7c	6995	data + fragOffset - startOffset,
wolfSSL	15:117db924cf7c	6996	msg->msg, &bytesLeft, heap);
wolfSSL	15:117db924cf7c	6997	if (newFrag == NULL)
wolfSSL	15:117db924cf7c	6998	return MEMORY_E;
wolfSSL	15:117db924cf7c	6999
wolfSSL	15:117db924cf7c	7000	msg->fragSz += added;
wolfSSL	15:117db924cf7c	7001
wolfSSL	15:117db924cf7c	7002	newFrag->next = prev->next;
wolfSSL	15:117db924cf7c	7003	prev->next = newFrag;
wolfSSL	15:117db924cf7c	7004	}
wolfSSL	15:117db924cf7c	7005	}
wolfSSL	15:117db924cf7c	7006
wolfSSL	15:117db924cf7c	7007	return 0;
wolfSSL	15:117db924cf7c	7008	}
wolfSSL	15:117db924cf7c	7009
wolfSSL	15:117db924cf7c	7010
wolfSSL	15:117db924cf7c	7011	DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL	15:117db924cf7c	7012	{
wolfSSL	15:117db924cf7c	7013	while (head != NULL && head->seq != seq) {
wolfSSL	15:117db924cf7c	7014	head = head->next;
wolfSSL	15:117db924cf7c	7015	}
wolfSSL	15:117db924cf7c	7016	return head;
wolfSSL	15:117db924cf7c	7017	}
wolfSSL	15:117db924cf7c	7018
wolfSSL	15:117db924cf7c	7019
wolfSSL	15:117db924cf7c	7020	void DtlsMsgStore(WOLFSSL* ssl, word32 seq, const byte* data,
wolfSSL	15:117db924cf7c	7021	word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL	15:117db924cf7c	7022	{
wolfSSL	15:117db924cf7c	7023	/* See if seq exists in the list. If it isn't in the list, make
wolfSSL	15:117db924cf7c	7024	* a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL	15:117db924cf7c	7025	* starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL	15:117db924cf7c	7026	* the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL	15:117db924cf7c	7027	* data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL	15:117db924cf7c	7028	* msg->fragSz. Insertions take into account data already in the list
wolfSSL	15:117db924cf7c	7029	* in case there are overlaps in the handshake message due to retransmit
wolfSSL	15:117db924cf7c	7030	* messages. The new item should be inserted into the list in its
wolfSSL	15:117db924cf7c	7031	* proper position.
wolfSSL	15:117db924cf7c	7032	*
wolfSSL	15:117db924cf7c	7033	* 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL	15:117db924cf7c	7034	* list, create new item and insert into list. Either case, keep
wolfSSL	15:117db924cf7c	7035	* pointer to item.
wolfSSL	15:117db924cf7c	7036	* 2. Copy the data from the message to the stored message where it
wolfSSL	15:117db924cf7c	7037	* belongs without overlaps.
wolfSSL	15:117db924cf7c	7038	*/
wolfSSL	15:117db924cf7c	7039
wolfSSL	15:117db924cf7c	7040	DtlsMsg* head = ssl->dtls_rx_msg_list;
wolfSSL	15:117db924cf7c	7041
wolfSSL	15:117db924cf7c	7042	if (head != NULL) {
wolfSSL	15:117db924cf7c	7043	DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL	15:117db924cf7c	7044	if (cur == NULL) {
wolfSSL	15:117db924cf7c	7045	cur = DtlsMsgNew(dataSz, heap);
wolfSSL	15:117db924cf7c	7046	if (cur != NULL) {
wolfSSL	15:117db924cf7c	7047	if (DtlsMsgSet(cur, seq, data, type,
wolfSSL	15:117db924cf7c	7048	fragOffset, fragSz, heap) < 0) {
wolfSSL	15:117db924cf7c	7049	DtlsMsgDelete(cur, heap);
wolfSSL	15:117db924cf7c	7050	}
wolfSSL	15:117db924cf7c	7051	else {
wolfSSL	15:117db924cf7c	7052	ssl->dtls_rx_msg_list_sz++;
wolfSSL	15:117db924cf7c	7053	head = DtlsMsgInsert(head, cur);
wolfSSL	15:117db924cf7c	7054	}
wolfSSL	15:117db924cf7c	7055	}
wolfSSL	15:117db924cf7c	7056	}
wolfSSL	15:117db924cf7c	7057	else {
wolfSSL	15:117db924cf7c	7058	/* If this fails, the data is just dropped. */
wolfSSL	15:117db924cf7c	7059	DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
wolfSSL	15:117db924cf7c	7060	}
wolfSSL	15:117db924cf7c	7061	}
wolfSSL	15:117db924cf7c	7062	else {
wolfSSL	15:117db924cf7c	7063	head = DtlsMsgNew(dataSz, heap);
wolfSSL	15:117db924cf7c	7064	if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
wolfSSL	15:117db924cf7c	7065	DtlsMsgDelete(head, heap);
wolfSSL	15:117db924cf7c	7066	head = NULL;
wolfSSL	15:117db924cf7c	7067	}
wolfSSL	15:117db924cf7c	7068	else {
wolfSSL	15:117db924cf7c	7069	ssl->dtls_rx_msg_list_sz++;
wolfSSL	15:117db924cf7c	7070	}
wolfSSL	15:117db924cf7c	7071	}
wolfSSL	15:117db924cf7c	7072
wolfSSL	15:117db924cf7c	7073	ssl->dtls_rx_msg_list = head;
wolfSSL	15:117db924cf7c	7074	}
wolfSSL	15:117db924cf7c	7075
wolfSSL	15:117db924cf7c	7076
wolfSSL	15:117db924cf7c	7077	/* DtlsMsgInsert() is an in-order insert. */
wolfSSL	15:117db924cf7c	7078	DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL	15:117db924cf7c	7079	{
wolfSSL	15:117db924cf7c	7080	if (head == NULL \|\| item->seq < head->seq) {
wolfSSL	15:117db924cf7c	7081	item->next = head;
wolfSSL	15:117db924cf7c	7082	head = item;
wolfSSL	15:117db924cf7c	7083	}
wolfSSL	15:117db924cf7c	7084	else if (head->next == NULL) {
wolfSSL	15:117db924cf7c	7085	head->next = item;
wolfSSL	15:117db924cf7c	7086	}
wolfSSL	15:117db924cf7c	7087	else {
wolfSSL	15:117db924cf7c	7088	DtlsMsg* cur = head->next;
wolfSSL	15:117db924cf7c	7089	DtlsMsg* prev = head;
wolfSSL	15:117db924cf7c	7090	while (cur) {
wolfSSL	15:117db924cf7c	7091	if (item->seq < cur->seq) {
wolfSSL	15:117db924cf7c	7092	item->next = cur;
wolfSSL	15:117db924cf7c	7093	prev->next = item;
wolfSSL	15:117db924cf7c	7094	break;
wolfSSL	15:117db924cf7c	7095	}
wolfSSL	15:117db924cf7c	7096	prev = cur;
wolfSSL	15:117db924cf7c	7097	cur = cur->next;
wolfSSL	15:117db924cf7c	7098	}
wolfSSL	15:117db924cf7c	7099	if (cur == NULL) {
wolfSSL	15:117db924cf7c	7100	prev->next = item;
wolfSSL	15:117db924cf7c	7101	}
wolfSSL	15:117db924cf7c	7102	}
wolfSSL	15:117db924cf7c	7103
wolfSSL	15:117db924cf7c	7104	return head;
wolfSSL	15:117db924cf7c	7105	}
wolfSSL	15:117db924cf7c	7106
wolfSSL	15:117db924cf7c	7107
wolfSSL	15:117db924cf7c	7108	/* DtlsMsgPoolSave() adds the message to the end of the stored transmit list. */
wolfSSL	15:117db924cf7c	7109	int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz)
wolfSSL	15:117db924cf7c	7110	{
wolfSSL	15:117db924cf7c	7111	DtlsMsg* item;
wolfSSL	15:117db924cf7c	7112	int ret = 0;
wolfSSL	15:117db924cf7c	7113
wolfSSL	16:8e0d178b1d1e	7114	WOLFSSL_ENTER("DtlsMsgPoolSave()");
wolfSSL	16:8e0d178b1d1e	7115
wolfSSL	16:8e0d178b1d1e	7116	if (ssl->dtls_tx_msg_list_sz > DTLS_POOL_SZ) {
wolfSSL	16:8e0d178b1d1e	7117	WOLFSSL_ERROR(DTLS_POOL_SZ_E);
wolfSSL	15:117db924cf7c	7118	return DTLS_POOL_SZ_E;
wolfSSL	16:8e0d178b1d1e	7119	}
wolfSSL	15:117db924cf7c	7120
wolfSSL	15:117db924cf7c	7121	item = DtlsMsgNew(dataSz, ssl->heap);
wolfSSL	15:117db924cf7c	7122
wolfSSL	15:117db924cf7c	7123	if (item != NULL) {
wolfSSL	15:117db924cf7c	7124	DtlsMsg* cur = ssl->dtls_tx_msg_list;
wolfSSL	15:117db924cf7c	7125
wolfSSL	15:117db924cf7c	7126	XMEMCPY(item->buf, data, dataSz);
wolfSSL	15:117db924cf7c	7127	item->sz = dataSz;
wolfSSL	15:117db924cf7c	7128	item->seq = ssl->keys.dtls_epoch;
wolfSSL	15:117db924cf7c	7129
wolfSSL	15:117db924cf7c	7130	if (cur == NULL)
wolfSSL	15:117db924cf7c	7131	ssl->dtls_tx_msg_list = item;
wolfSSL	15:117db924cf7c	7132	else {
wolfSSL	15:117db924cf7c	7133	while (cur->next)
wolfSSL	15:117db924cf7c	7134	cur = cur->next;
wolfSSL	15:117db924cf7c	7135	cur->next = item;
wolfSSL	15:117db924cf7c	7136	}
wolfSSL	15:117db924cf7c	7137	ssl->dtls_tx_msg_list_sz++;
wolfSSL	15:117db924cf7c	7138	}
wolfSSL	15:117db924cf7c	7139	else
wolfSSL	15:117db924cf7c	7140	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	7141
wolfSSL	16:8e0d178b1d1e	7142	WOLFSSL_LEAVE("DtlsMsgPoolSave()", ret);
wolfSSL	15:117db924cf7c	7143	return ret;
wolfSSL	15:117db924cf7c	7144	}
wolfSSL	15:117db924cf7c	7145
wolfSSL	15:117db924cf7c	7146
wolfSSL	15:117db924cf7c	7147	/* DtlsMsgPoolTimeout() updates the timeout time. */
wolfSSL	15:117db924cf7c	7148	int DtlsMsgPoolTimeout(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7149	{
wolfSSL	15:117db924cf7c	7150	int result = -1;
wolfSSL	15:117db924cf7c	7151	if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL	15:117db924cf7c	7152	ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL	15:117db924cf7c	7153	result = 0;
wolfSSL	15:117db924cf7c	7154	}
wolfSSL	16:8e0d178b1d1e	7155	WOLFSSL_LEAVE("DtlsMsgPoolTimeout()", result);
wolfSSL	15:117db924cf7c	7156	return result;
wolfSSL	15:117db924cf7c	7157	}
wolfSSL	15:117db924cf7c	7158
wolfSSL	15:117db924cf7c	7159
wolfSSL	15:117db924cf7c	7160	/* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
wolfSSL	15:117db924cf7c	7161	* value. */
wolfSSL	15:117db924cf7c	7162	void DtlsMsgPoolReset(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7163	{
wolfSSL	16:8e0d178b1d1e	7164	WOLFSSL_ENTER("DtlsMsgPoolReset()");
wolfSSL	15:117db924cf7c	7165	if (ssl->dtls_tx_msg_list) {
wolfSSL	15:117db924cf7c	7166	DtlsMsgListDelete(ssl->dtls_tx_msg_list, ssl->heap);
wolfSSL	15:117db924cf7c	7167	ssl->dtls_tx_msg_list = NULL;
wolfSSL	16:8e0d178b1d1e	7168	ssl->dtls_tx_msg = NULL;
wolfSSL	15:117db924cf7c	7169	ssl->dtls_tx_msg_list_sz = 0;
wolfSSL	15:117db924cf7c	7170	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	15:117db924cf7c	7171	}
wolfSSL	15:117db924cf7c	7172	}
wolfSSL	15:117db924cf7c	7173
wolfSSL	15:117db924cf7c	7174
wolfSSL	15:117db924cf7c	7175	int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
wolfSSL	15:117db924cf7c	7176	{
wolfSSL	15:117db924cf7c	7177	/**
wolfSSL	15:117db924cf7c	7178	* only the first message from previous flight should be valid
wolfSSL	15:117db924cf7c	7179	* to be used for triggering retransmission of whole DtlsMsgPool.
wolfSSL	15:117db924cf7c	7180	* change cipher suite type is not verified here
wolfSSL	15:117db924cf7c	7181	*/
wolfSSL	15:117db924cf7c	7182	return ((fragOffset == 0) &&
wolfSSL	15:117db924cf7c	7183	(((ssl->options.side == WOLFSSL_SERVER_END) &&
wolfSSL	15:117db924cf7c	7184	((type == client_hello) \|\|
wolfSSL	15:117db924cf7c	7185	((ssl->options.verifyPeer) && (type == certificate)) \|\|
wolfSSL	15:117db924cf7c	7186	((!ssl->options.verifyPeer) && (type == client_key_exchange)))) \|\|
wolfSSL	15:117db924cf7c	7187	((ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL	15:117db924cf7c	7188	(type == server_hello))));
wolfSSL	15:117db924cf7c	7189	}
wolfSSL	15:117db924cf7c	7190
wolfSSL	15:117db924cf7c	7191
wolfSSL	15:117db924cf7c	7192	/* DtlsMsgPoolSend() will send the stored transmit list. The stored list is
wolfSSL	15:117db924cf7c	7193	* updated with new sequence numbers, and will be re-encrypted if needed. */
wolfSSL	15:117db924cf7c	7194	int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
wolfSSL	15:117db924cf7c	7195	{
wolfSSL	15:117db924cf7c	7196	int ret = 0;
wolfSSL	16:8e0d178b1d1e	7197	DtlsMsg* pool;
wolfSSL	16:8e0d178b1d1e	7198
wolfSSL	16:8e0d178b1d1e	7199	WOLFSSL_ENTER("DtlsMsgPoolSend()");
wolfSSL	16:8e0d178b1d1e	7200
wolfSSL	16:8e0d178b1d1e	7201	pool = ssl->dtls_tx_msg == NULL ? ssl->dtls_tx_msg_list : ssl->dtls_tx_msg;
wolfSSL	15:117db924cf7c	7202
wolfSSL	15:117db924cf7c	7203	if (pool != NULL) {
wolfSSL	16:8e0d178b1d1e	7204	if ((ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	16:8e0d178b1d1e	7205	!(ssl->options.acceptState == SERVER_HELLO_DONE \|\|
wolfSSL	16:8e0d178b1d1e	7206	ssl->options.acceptState == ACCEPT_FINISHED_DONE \|\|
wolfSSL	16:8e0d178b1d1e	7207	ssl->options.acceptState == ACCEPT_THIRD_REPLY_DONE)) \|\|
wolfSSL	16:8e0d178b1d1e	7208	(ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL	16:8e0d178b1d1e	7209	!(ssl->options.connectState == CLIENT_HELLO_SENT \|\|
wolfSSL	16:8e0d178b1d1e	7210	ssl->options.connectState == HELLO_AGAIN_REPLY \|\|
wolfSSL	16:8e0d178b1d1e	7211	ssl->options.connectState == FINISHED_DONE \|\|
wolfSSL	16:8e0d178b1d1e	7212	ssl->options.connectState == SECOND_REPLY_DONE))) {
wolfSSL	16:8e0d178b1d1e	7213
wolfSSL	16:8e0d178b1d1e	7214	WOLFSSL_ERROR(DTLS_RETX_OVER_TX);
wolfSSL	16:8e0d178b1d1e	7215	ssl->error = DTLS_RETX_OVER_TX;
wolfSSL	16:8e0d178b1d1e	7216	return WOLFSSL_FATAL_ERROR;
wolfSSL	16:8e0d178b1d1e	7217	}
wolfSSL	15:117db924cf7c	7218
wolfSSL	15:117db924cf7c	7219	while (pool != NULL) {
wolfSSL	15:117db924cf7c	7220	if (pool->seq == 0) {
wolfSSL	15:117db924cf7c	7221	DtlsRecordLayerHeader* dtls;
wolfSSL	15:117db924cf7c	7222	int epochOrder;
wolfSSL	15:117db924cf7c	7223
wolfSSL	15:117db924cf7c	7224	dtls = (DtlsRecordLayerHeader*)pool->buf;
wolfSSL	15:117db924cf7c	7225	/* If the stored record's epoch is 0, and the currently set
wolfSSL	15:117db924cf7c	7226	* epoch is 0, use the "current order" sequence number.
wolfSSL	15:117db924cf7c	7227	* If the stored record's epoch is 0 and the currently set
wolfSSL	15:117db924cf7c	7228	* epoch is not 0, the stored record is considered a "previous
wolfSSL	15:117db924cf7c	7229	* order" sequence number. */
wolfSSL	15:117db924cf7c	7230	epochOrder = (ssl->keys.dtls_epoch == 0) ?
wolfSSL	15:117db924cf7c	7231	CUR_ORDER : PREV_ORDER;
wolfSSL	15:117db924cf7c	7232
wolfSSL	15:117db924cf7c	7233	WriteSEQ(ssl, epochOrder, dtls->sequence_number);
wolfSSL	15:117db924cf7c	7234	DtlsSEQIncrement(ssl, epochOrder);
wolfSSL	16:8e0d178b1d1e	7235	if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0) {
wolfSSL	16:8e0d178b1d1e	7236	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	7237	return ret;
wolfSSL	16:8e0d178b1d1e	7238	}
wolfSSL	15:117db924cf7c	7239
wolfSSL	15:117db924cf7c	7240	XMEMCPY(ssl->buffers.outputBuffer.buffer,
wolfSSL	15:117db924cf7c	7241	pool->buf, pool->sz);
wolfSSL	15:117db924cf7c	7242	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	7243	ssl->buffers.outputBuffer.length = pool->sz;
wolfSSL	15:117db924cf7c	7244	}
wolfSSL	15:117db924cf7c	7245	else if (pool->seq == ssl->keys.dtls_epoch) {
wolfSSL	15:117db924cf7c	7246	byte* input;
wolfSSL	15:117db924cf7c	7247	byte* output;
wolfSSL	15:117db924cf7c	7248	int inputSz, sendSz;
wolfSSL	15:117db924cf7c	7249
wolfSSL	15:117db924cf7c	7250	input = pool->buf;
wolfSSL	15:117db924cf7c	7251	inputSz = pool->sz;
wolfSSL	15:117db924cf7c	7252	sendSz = inputSz + MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	7253
wolfSSL	16:8e0d178b1d1e	7254	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	16:8e0d178b1d1e	7255	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	7256	return ret;
wolfSSL	16:8e0d178b1d1e	7257	}
wolfSSL	15:117db924cf7c	7258
wolfSSL	15:117db924cf7c	7259	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	7260	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	7261	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	15:117db924cf7c	7262	handshake, 0, 0, 0);
wolfSSL	16:8e0d178b1d1e	7263	if (sendSz < 0) {
wolfSSL	16:8e0d178b1d1e	7264	WOLFSSL_ERROR(BUILD_MSG_ERROR);
wolfSSL	15:117db924cf7c	7265	return BUILD_MSG_ERROR;
wolfSSL	16:8e0d178b1d1e	7266	}
wolfSSL	15:117db924cf7c	7267
wolfSSL	15:117db924cf7c	7268	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	7269	}
wolfSSL	15:117db924cf7c	7270
wolfSSL	15:117db924cf7c	7271	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	7272	if (ret < 0) {
wolfSSL	16:8e0d178b1d1e	7273	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	7274	return ret;
wolfSSL	15:117db924cf7c	7275	}
wolfSSL	15:117db924cf7c	7276
wolfSSL	15:117db924cf7c	7277	/**
wolfSSL	16:8e0d178b1d1e	7278	* on server side, retransmission is being triggered only by sending
wolfSSL	15:117db924cf7c	7279	* first message of given flight, in order to trigger client
wolfSSL	15:117db924cf7c	7280	* to retransmit its whole flight. Sending the whole previous flight
wolfSSL	16:8e0d178b1d1e	7281	* could lead to retransmission of previous client flight for each
wolfSSL	15:117db924cf7c	7282	* server message from previous flight. Therefore one message should
wolfSSL	15:117db924cf7c	7283	* be enough to do the trick.
wolfSSL	15:117db924cf7c	7284	*/
wolfSSL	15:117db924cf7c	7285	if (sendOnlyFirstPacket &&
wolfSSL	15:117db924cf7c	7286	ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	7287
wolfSSL	15:117db924cf7c	7288	pool = NULL;
wolfSSL	15:117db924cf7c	7289	}
wolfSSL	15:117db924cf7c	7290	else
wolfSSL	15:117db924cf7c	7291	pool = pool->next;
wolfSSL	16:8e0d178b1d1e	7292	ssl->dtls_tx_msg = pool;
wolfSSL	16:8e0d178b1d1e	7293	}
wolfSSL	16:8e0d178b1d1e	7294	}
wolfSSL	16:8e0d178b1d1e	7295
wolfSSL	16:8e0d178b1d1e	7296	WOLFSSL_LEAVE("DtlsMsgPoolSend()", ret);
wolfSSL	15:117db924cf7c	7297	return ret;
wolfSSL	15:117db924cf7c	7298	}
wolfSSL	15:117db924cf7c	7299
wolfSSL	15:117db924cf7c	7300	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	7301
wolfSSL	15:117db924cf7c	7302	#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	7303
wolfSSL	15:117db924cf7c	7304	ProtocolVersion MakeSSLv3(void)
wolfSSL	15:117db924cf7c	7305	{
wolfSSL	15:117db924cf7c	7306	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	7307	pv.major = SSLv3_MAJOR;
wolfSSL	15:117db924cf7c	7308	pv.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	7309
wolfSSL	15:117db924cf7c	7310	return pv;
wolfSSL	15:117db924cf7c	7311	}
wolfSSL	15:117db924cf7c	7312
wolfSSL	15:117db924cf7c	7313	#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
wolfSSL	15:117db924cf7c	7314
wolfSSL	15:117db924cf7c	7315
wolfSSL	15:117db924cf7c	7316	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7317
wolfSSL	15:117db924cf7c	7318	ProtocolVersion MakeDTLSv1(void)
wolfSSL	15:117db924cf7c	7319	{
wolfSSL	15:117db924cf7c	7320	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	7321	pv.major = DTLS_MAJOR;
wolfSSL	15:117db924cf7c	7322	pv.minor = DTLS_MINOR;
wolfSSL	15:117db924cf7c	7323
wolfSSL	15:117db924cf7c	7324	return pv;
wolfSSL	15:117db924cf7c	7325	}
wolfSSL	15:117db924cf7c	7326
wolfSSL	15:117db924cf7c	7327	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	7328
wolfSSL	15:117db924cf7c	7329	ProtocolVersion MakeDTLSv1_2(void)
wolfSSL	15:117db924cf7c	7330	{
wolfSSL	15:117db924cf7c	7331	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	7332	pv.major = DTLS_MAJOR;
wolfSSL	15:117db924cf7c	7333	pv.minor = DTLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	7334
wolfSSL	15:117db924cf7c	7335	return pv;
wolfSSL	15:117db924cf7c	7336	}
wolfSSL	15:117db924cf7c	7337
wolfSSL	15:117db924cf7c	7338	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	7339
wolfSSL	15:117db924cf7c	7340	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	7341
wolfSSL	15:117db924cf7c	7342
wolfSSL	16:8e0d178b1d1e	7343	#ifndef NO_ASN_TIME
wolfSSL	15:117db924cf7c	7344	#if defined(USER_TICKS)
wolfSSL	15:117db924cf7c	7345	#if 0
wolfSSL	15:117db924cf7c	7346	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7347	{
wolfSSL	15:117db924cf7c	7348	/*
wolfSSL	15:117db924cf7c	7349	write your own clock tick function if don't want time(0)
wolfSSL	15:117db924cf7c	7350	needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL	15:117db924cf7c	7351	*/
wolfSSL	15:117db924cf7c	7352	}
wolfSSL	15:117db924cf7c	7353	#endif
wolfSSL	15:117db924cf7c	7354
wolfSSL	15:117db924cf7c	7355	#elif defined(TIME_OVERRIDES)
wolfSSL	15:117db924cf7c	7356
wolfSSL	15:117db924cf7c	7357	/* use same asn time overrides unless user wants tick override above */
wolfSSL	15:117db924cf7c	7358
wolfSSL	15:117db924cf7c	7359	#ifndef HAVE_TIME_T_TYPE
wolfSSL	15:117db924cf7c	7360	typedef long time_t;
wolfSSL	15:117db924cf7c	7361	#endif
wolfSSL	15:117db924cf7c	7362	extern time_t XTIME(time_t * timer);
wolfSSL	15:117db924cf7c	7363
wolfSSL	15:117db924cf7c	7364	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7365	{
wolfSSL	15:117db924cf7c	7366	return (word32) XTIME(0);
wolfSSL	15:117db924cf7c	7367	}
wolfSSL	15:117db924cf7c	7368
wolfSSL	15:117db924cf7c	7369	#elif defined(USE_WINDOWS_API)
wolfSSL	15:117db924cf7c	7370
wolfSSL	15:117db924cf7c	7371	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7372	{
wolfSSL	15:117db924cf7c	7373	static int init = 0;
wolfSSL	15:117db924cf7c	7374	static LARGE_INTEGER freq;
wolfSSL	15:117db924cf7c	7375	LARGE_INTEGER count;
wolfSSL	15:117db924cf7c	7376
wolfSSL	15:117db924cf7c	7377	if (!init) {
wolfSSL	15:117db924cf7c	7378	QueryPerformanceFrequency(&freq);
wolfSSL	15:117db924cf7c	7379	init = 1;
wolfSSL	15:117db924cf7c	7380	}
wolfSSL	15:117db924cf7c	7381
wolfSSL	15:117db924cf7c	7382	QueryPerformanceCounter(&count);
wolfSSL	15:117db924cf7c	7383
wolfSSL	15:117db924cf7c	7384	return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL	15:117db924cf7c	7385	}
wolfSSL	15:117db924cf7c	7386
wolfSSL	15:117db924cf7c	7387	#elif defined(HAVE_RTP_SYS)
wolfSSL	15:117db924cf7c	7388
wolfSSL	15:117db924cf7c	7389	#include "rtptime.h"
wolfSSL	15:117db924cf7c	7390
wolfSSL	15:117db924cf7c	7391	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7392	{
wolfSSL	15:117db924cf7c	7393	return (word32)rtp_get_system_sec();
wolfSSL	15:117db924cf7c	7394	}
wolfSSL	15:117db924cf7c	7395
wolfSSL	16:8e0d178b1d1e	7396	#elif defined(WOLFSSL_DEOS)
wolfSSL	16:8e0d178b1d1e	7397
wolfSSL	16:8e0d178b1d1e	7398	word32 LowResTimer(void)
wolfSSL	16:8e0d178b1d1e	7399	{
wolfSSL	16:8e0d178b1d1e	7400	const uint32_t systemTickTimeInHz = 1000000 / systemTickInMicroseconds();
wolfSSL	16:8e0d178b1d1e	7401	uint32_t *systemTickPtr = systemTickPointer();
wolfSSL	16:8e0d178b1d1e	7402
wolfSSL	16:8e0d178b1d1e	7403	return (word32) *systemTickPtr/systemTickTimeInHz;
wolfSSL	16:8e0d178b1d1e	7404	}
wolfSSL	15:117db924cf7c	7405
wolfSSL	15:117db924cf7c	7406	#elif defined(MICRIUM)
wolfSSL	15:117db924cf7c	7407
wolfSSL	15:117db924cf7c	7408	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7409	{
wolfSSL	15:117db924cf7c	7410	OS_TICK ticks = 0;
wolfSSL	15:117db924cf7c	7411	OS_ERR err;
wolfSSL	15:117db924cf7c	7412
wolfSSL	15:117db924cf7c	7413	ticks = OSTimeGet(&err);
wolfSSL	15:117db924cf7c	7414
wolfSSL	15:117db924cf7c	7415	return (word32) (ticks / OSCfg_TickRate_Hz);
wolfSSL	15:117db924cf7c	7416	}
wolfSSL	15:117db924cf7c	7417
wolfSSL	15:117db924cf7c	7418
wolfSSL	15:117db924cf7c	7419	#elif defined(MICROCHIP_TCPIP_V5)
wolfSSL	15:117db924cf7c	7420
wolfSSL	15:117db924cf7c	7421	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7422	{
wolfSSL	15:117db924cf7c	7423	return (word32) (TickGet() / TICKS_PER_SECOND);
wolfSSL	15:117db924cf7c	7424	}
wolfSSL	15:117db924cf7c	7425
wolfSSL	15:117db924cf7c	7426
wolfSSL	15:117db924cf7c	7427	#elif defined(MICROCHIP_TCPIP)
wolfSSL	15:117db924cf7c	7428
wolfSSL	15:117db924cf7c	7429	#if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL	15:117db924cf7c	7430
wolfSSL	15:117db924cf7c	7431	#include <system/tmr/sys_tmr.h>
wolfSSL	15:117db924cf7c	7432
wolfSSL	15:117db924cf7c	7433	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7434	{
wolfSSL	15:117db924cf7c	7435	return (word32) (SYS_TMR_TickCountGet() /
wolfSSL	15:117db924cf7c	7436	SYS_TMR_TickCounterFrequencyGet());
wolfSSL	15:117db924cf7c	7437	}
wolfSSL	15:117db924cf7c	7438
wolfSSL	15:117db924cf7c	7439	#else
wolfSSL	15:117db924cf7c	7440
wolfSSL	15:117db924cf7c	7441	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7442	{
wolfSSL	15:117db924cf7c	7443	return (word32) (SYS_TICK_Get() / SYS_TICK_TicksPerSecondGet());
wolfSSL	15:117db924cf7c	7444	}
wolfSSL	15:117db924cf7c	7445
wolfSSL	15:117db924cf7c	7446	#endif
wolfSSL	15:117db924cf7c	7447
wolfSSL	15:117db924cf7c	7448	#elif defined(FREESCALE_MQX) \|\| defined(FREESCALE_KSDK_MQX)
wolfSSL	15:117db924cf7c	7449
wolfSSL	15:117db924cf7c	7450	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7451	{
wolfSSL	15:117db924cf7c	7452	TIME_STRUCT mqxTime;
wolfSSL	15:117db924cf7c	7453
wolfSSL	15:117db924cf7c	7454	_time_get_elapsed(&mqxTime);
wolfSSL	15:117db924cf7c	7455
wolfSSL	15:117db924cf7c	7456	return (word32) mqxTime.SECONDS;
wolfSSL	15:117db924cf7c	7457	}
wolfSSL	15:117db924cf7c	7458	#elif defined(FREESCALE_FREE_RTOS) \|\| defined(FREESCALE_KSDK_FREERTOS)
wolfSSL	15:117db924cf7c	7459
wolfSSL	15:117db924cf7c	7460	#include "include/task.h"
wolfSSL	15:117db924cf7c	7461
wolfSSL	15:117db924cf7c	7462	unsigned int LowResTimer(void)
wolfSSL	15:117db924cf7c	7463	{
wolfSSL	15:117db924cf7c	7464	return (unsigned int)(((float)xTaskGetTickCount())/configTICK_RATE_HZ);
wolfSSL	15:117db924cf7c	7465	}
wolfSSL	15:117db924cf7c	7466
wolfSSL	16:8e0d178b1d1e	7467	#elif defined(FREERTOS)
wolfSSL	16:8e0d178b1d1e	7468
wolfSSL	16:8e0d178b1d1e	7469	#include "task.h"
wolfSSL	16:8e0d178b1d1e	7470
wolfSSL	16:8e0d178b1d1e	7471	unsigned int LowResTimer(void)
wolfSSL	16:8e0d178b1d1e	7472	{
wolfSSL	16:8e0d178b1d1e	7473	return (unsigned int)(((float)xTaskGetTickCount())/configTICK_RATE_HZ);
wolfSSL	16:8e0d178b1d1e	7474	}
wolfSSL	16:8e0d178b1d1e	7475
wolfSSL	15:117db924cf7c	7476	#elif defined(FREESCALE_KSDK_BM)
wolfSSL	15:117db924cf7c	7477
wolfSSL	15:117db924cf7c	7478	#include "lwip/sys.h" /* lwIP */
wolfSSL	15:117db924cf7c	7479	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7480	{
wolfSSL	15:117db924cf7c	7481	return sys_now()/1000;
wolfSSL	15:117db924cf7c	7482	}
wolfSSL	15:117db924cf7c	7483
wolfSSL	15:117db924cf7c	7484	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	15:117db924cf7c	7485
wolfSSL	15:117db924cf7c	7486	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7487	{
wolfSSL	15:117db924cf7c	7488	return (word32) Seconds_get();
wolfSSL	15:117db924cf7c	7489	}
wolfSSL	15:117db924cf7c	7490	#elif defined(WOLFSSL_XILINX)
wolfSSL	15:117db924cf7c	7491	#include "xrtcpsu.h"
wolfSSL	15:117db924cf7c	7492
wolfSSL	15:117db924cf7c	7493	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7494	{
wolfSSL	15:117db924cf7c	7495	XRtcPsu_Config* con;
wolfSSL	15:117db924cf7c	7496	XRtcPsu rtc;
wolfSSL	15:117db924cf7c	7497
wolfSSL	15:117db924cf7c	7498	con = XRtcPsu_LookupConfig(XPAR_XRTCPSU_0_DEVICE_ID);
wolfSSL	15:117db924cf7c	7499	if (con != NULL) {
wolfSSL	15:117db924cf7c	7500	if (XRtcPsu_CfgInitialize(&rtc, con, con->BaseAddr)
wolfSSL	15:117db924cf7c	7501	== XST_SUCCESS) {
wolfSSL	15:117db924cf7c	7502	return (word32)XRtcPsu_GetCurrentTime(&rtc);
wolfSSL	15:117db924cf7c	7503	}
wolfSSL	15:117db924cf7c	7504	else {
wolfSSL	15:117db924cf7c	7505	WOLFSSL_MSG("Unable to initialize RTC");
wolfSSL	15:117db924cf7c	7506	}
wolfSSL	15:117db924cf7c	7507	}
wolfSSL	15:117db924cf7c	7508
wolfSSL	15:117db924cf7c	7509	return 0;
wolfSSL	15:117db924cf7c	7510	}
wolfSSL	15:117db924cf7c	7511
wolfSSL	15:117db924cf7c	7512	#elif defined(WOLFSSL_UTASKER)
wolfSSL	15:117db924cf7c	7513
wolfSSL	15:117db924cf7c	7514	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7515	{
wolfSSL	15:117db924cf7c	7516	return (word32)(uTaskerSystemTick / TICK_RESOLUTION);
wolfSSL	15:117db924cf7c	7517	}
wolfSSL	15:117db924cf7c	7518
wolfSSL	15:117db924cf7c	7519	#elif defined(WOLFSSL_NUCLEUS_1_2)
wolfSSL	15:117db924cf7c	7520
wolfSSL	15:117db924cf7c	7521	#define NU_TICKS_PER_SECOND 100
wolfSSL	15:117db924cf7c	7522
wolfSSL	15:117db924cf7c	7523	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7524	{
wolfSSL	15:117db924cf7c	7525	/* returns number of 10ms ticks, so 100 ticks/sec */
wolfSSL	15:117db924cf7c	7526	return NU_Retrieve_Clock() / NU_TICKS_PER_SECOND;
wolfSSL	15:117db924cf7c	7527	}
wolfSSL	16:8e0d178b1d1e	7528	#elif defined(WOLFSSL_APACHE_MYNEWT)
wolfSSL	16:8e0d178b1d1e	7529
wolfSSL	16:8e0d178b1d1e	7530	#include "os/os_time.h"
wolfSSL	16:8e0d178b1d1e	7531	word32 LowResTimer(void)
wolfSSL	16:8e0d178b1d1e	7532	{
wolfSSL	16:8e0d178b1d1e	7533	word32 now;
wolfSSL	16:8e0d178b1d1e	7534	struct os_timeval tv;
wolfSSL	16:8e0d178b1d1e	7535	os_gettimeofday(&tv, NULL);
wolfSSL	16:8e0d178b1d1e	7536	now = (word32)tv.tv_sec;
wolfSSL	16:8e0d178b1d1e	7537	return now;
wolfSSL	16:8e0d178b1d1e	7538	}
wolfSSL	16:8e0d178b1d1e	7539
wolfSSL	16:8e0d178b1d1e	7540	#elif defined(WOLFSSL_ZEPHYR)
wolfSSL	16:8e0d178b1d1e	7541
wolfSSL	16:8e0d178b1d1e	7542	word32 LowResTimer(void)
wolfSSL	16:8e0d178b1d1e	7543	{
wolfSSL	16:8e0d178b1d1e	7544	return k_uptime_get() / 1000;
wolfSSL	16:8e0d178b1d1e	7545	}
wolfSSL	15:117db924cf7c	7546
wolfSSL	15:117db924cf7c	7547	#else
wolfSSL	15:117db924cf7c	7548	/* Posix style time */
wolfSSL	16:8e0d178b1d1e	7549	#if !defined(USER_TIME) && !defined(USE_WOLF_TM)
wolfSSL	15:117db924cf7c	7550	#include <time.h>
wolfSSL	15:117db924cf7c	7551	#endif
wolfSSL	15:117db924cf7c	7552
wolfSSL	15:117db924cf7c	7553	word32 LowResTimer(void)
wolfSSL	15:117db924cf7c	7554	{
wolfSSL	15:117db924cf7c	7555	return (word32)XTIME(0);
wolfSSL	15:117db924cf7c	7556	}
wolfSSL	15:117db924cf7c	7557	#endif
wolfSSL	16:8e0d178b1d1e	7558	#endif /* !NO_ASN_TIME */
wolfSSL	16:8e0d178b1d1e	7559	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	7560	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	7561	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	16:8e0d178b1d1e	7562	/* Store the message for use with CertificateVerify using EdDSA.
wolfSSL	15:117db924cf7c	7563	*
wolfSSL	15:117db924cf7c	7564	* ssl SSL/TLS object.
wolfSSL	15:117db924cf7c	7565	* data Message to store.
wolfSSL	15:117db924cf7c	7566	* sz Size of message to store.
wolfSSL	15:117db924cf7c	7567	* returns MEMORY_E if not able to reallocate, otherwise 0.
wolfSSL	15:117db924cf7c	7568	*/
wolfSSL	16:8e0d178b1d1e	7569	static int EdDSA_Update(WOLFSSL* ssl, const byte* data, int sz)
wolfSSL	15:117db924cf7c	7570	{
wolfSSL	15:117db924cf7c	7571	int ret = 0;
wolfSSL	15:117db924cf7c	7572	byte* msgs;
wolfSSL	15:117db924cf7c	7573
wolfSSL	15:117db924cf7c	7574	if (ssl->options.cacheMessages) {
wolfSSL	15:117db924cf7c	7575	msgs = (byte*)XREALLOC(ssl->hsHashes->messages,
wolfSSL	15:117db924cf7c	7576	ssl->hsHashes->length + sz,
wolfSSL	15:117db924cf7c	7577	ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	15:117db924cf7c	7578	if (msgs == NULL)
wolfSSL	15:117db924cf7c	7579	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	7580	if (ret == 0) {
wolfSSL	15:117db924cf7c	7581	ssl->hsHashes->messages = msgs;
wolfSSL	15:117db924cf7c	7582	XMEMCPY(msgs + ssl->hsHashes->length, data, sz);
wolfSSL	15:117db924cf7c	7583	ssl->hsHashes->prevLen = ssl->hsHashes->length;
wolfSSL	15:117db924cf7c	7584	ssl->hsHashes->length += sz;
wolfSSL	15:117db924cf7c	7585	}
wolfSSL	15:117db924cf7c	7586	}
wolfSSL	15:117db924cf7c	7587
wolfSSL	15:117db924cf7c	7588	return ret;
wolfSSL	15:117db924cf7c	7589	}
wolfSSL	16:8e0d178b1d1e	7590	#endif /* (HAVE_ED25519 \|\| HAVE_ED448) && !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	7591
wolfSSL	15:117db924cf7c	7592	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	7593	int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wolfSSL	15:117db924cf7c	7594	{
wolfSSL	15:117db924cf7c	7595	int ret = 0;
wolfSSL	15:117db924cf7c	7596
wolfSSL	15:117db924cf7c	7597	(void)output;
wolfSSL	15:117db924cf7c	7598	(void)sz;
wolfSSL	15:117db924cf7c	7599
wolfSSL	15:117db924cf7c	7600	if (ssl->hsHashes == NULL)
wolfSSL	15:117db924cf7c	7601	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	7602
wolfSSL	15:117db924cf7c	7603	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	7604	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	7605	ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	7606	#endif
wolfSSL	15:117db924cf7c	7607	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	7608	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	7609	wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
wolfSSL	15:117db924cf7c	7610	#endif
wolfSSL	15:117db924cf7c	7611	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	7612	wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
wolfSSL	15:117db924cf7c	7613	#endif
wolfSSL	15:117db924cf7c	7614	#endif /* NO_OLD_TLS */
wolfSSL	15:117db924cf7c	7615
wolfSSL	15:117db924cf7c	7616	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	7617	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	7618	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
wolfSSL	15:117db924cf7c	7619	if (ret != 0)
wolfSSL	15:117db924cf7c	7620	return ret;
wolfSSL	15:117db924cf7c	7621	#endif
wolfSSL	15:117db924cf7c	7622	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	7623	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
wolfSSL	15:117db924cf7c	7624	if (ret != 0)
wolfSSL	15:117db924cf7c	7625	return ret;
wolfSSL	15:117db924cf7c	7626	#endif
wolfSSL	15:117db924cf7c	7627	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	7628	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
wolfSSL	15:117db924cf7c	7629	if (ret != 0)
wolfSSL	15:117db924cf7c	7630	return ret;
wolfSSL	15:117db924cf7c	7631	#endif
wolfSSL	16:8e0d178b1d1e	7632	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	7633	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	7634	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	16:8e0d178b1d1e	7635	ret = EdDSA_Update(ssl, output, sz);
wolfSSL	15:117db924cf7c	7636	if (ret != 0)
wolfSSL	15:117db924cf7c	7637	return ret;
wolfSSL	15:117db924cf7c	7638	#endif
wolfSSL	15:117db924cf7c	7639	}
wolfSSL	15:117db924cf7c	7640
wolfSSL	15:117db924cf7c	7641	return ret;
wolfSSL	15:117db924cf7c	7642	}
wolfSSL	15:117db924cf7c	7643	#endif /* NO_CERTS */
wolfSSL	15:117db924cf7c	7644
wolfSSL	15:117db924cf7c	7645
wolfSSL	15:117db924cf7c	7646	/* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL	15:117db924cf7c	7647	int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL	15:117db924cf7c	7648	{
wolfSSL	15:117db924cf7c	7649	int ret = 0;
wolfSSL	15:117db924cf7c	7650	const byte* adj;
wolfSSL	15:117db924cf7c	7651
wolfSSL	16:8e0d178b1d1e	7652	if (ssl->hsHashes == NULL)
wolfSSL	16:8e0d178b1d1e	7653	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	7654
wolfSSL	15:117db924cf7c	7655	adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL	15:117db924cf7c	7656	sz -= RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	7657
wolfSSL	15:117db924cf7c	7658	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	7659	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	7660	ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	7661	#endif
wolfSSL	15:117db924cf7c	7662	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7663	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7664	adj += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	7665	sz -= DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	7666	}
wolfSSL	15:117db924cf7c	7667	#endif
wolfSSL	15:117db924cf7c	7668	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	7669	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	7670	wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL	15:117db924cf7c	7671	#endif
wolfSSL	15:117db924cf7c	7672	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	7673	wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL	15:117db924cf7c	7674	#endif
wolfSSL	15:117db924cf7c	7675	#endif
wolfSSL	15:117db924cf7c	7676
wolfSSL	15:117db924cf7c	7677	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	7678	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	7679	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL	15:117db924cf7c	7680	if (ret != 0)
wolfSSL	15:117db924cf7c	7681	return ret;
wolfSSL	15:117db924cf7c	7682	#endif
wolfSSL	15:117db924cf7c	7683	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	7684	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL	15:117db924cf7c	7685	if (ret != 0)
wolfSSL	15:117db924cf7c	7686	return ret;
wolfSSL	15:117db924cf7c	7687	#endif
wolfSSL	15:117db924cf7c	7688	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	7689	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL	15:117db924cf7c	7690	if (ret != 0)
wolfSSL	15:117db924cf7c	7691	return ret;
wolfSSL	15:117db924cf7c	7692	#endif
wolfSSL	16:8e0d178b1d1e	7693	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	7694	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	7695	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	16:8e0d178b1d1e	7696	ret = EdDSA_Update(ssl, adj, sz);
wolfSSL	15:117db924cf7c	7697	if (ret != 0)
wolfSSL	15:117db924cf7c	7698	return ret;
wolfSSL	15:117db924cf7c	7699	#endif
wolfSSL	15:117db924cf7c	7700	}
wolfSSL	15:117db924cf7c	7701
wolfSSL	15:117db924cf7c	7702	return ret;
wolfSSL	15:117db924cf7c	7703	}
wolfSSL	15:117db924cf7c	7704
wolfSSL	15:117db924cf7c	7705
wolfSSL	15:117db924cf7c	7706	/* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL	15:117db924cf7c	7707	int HashInput(WOLFSSL* ssl, const byte* input, int sz)
wolfSSL	15:117db924cf7c	7708	{
wolfSSL	15:117db924cf7c	7709	int ret = 0;
wolfSSL	15:117db924cf7c	7710	const byte* adj;
wolfSSL	15:117db924cf7c	7711
wolfSSL	15:117db924cf7c	7712	adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	7713	sz += HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	7714
wolfSSL	15:117db924cf7c	7715	(void)adj;
wolfSSL	15:117db924cf7c	7716
wolfSSL	15:117db924cf7c	7717	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7718	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7719	adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	7720	sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	7721	}
wolfSSL	15:117db924cf7c	7722	#endif
wolfSSL	15:117db924cf7c	7723
wolfSSL	15:117db924cf7c	7724	if (ssl->hsHashes == NULL) {
wolfSSL	15:117db924cf7c	7725	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	7726	}
wolfSSL	15:117db924cf7c	7727
wolfSSL	15:117db924cf7c	7728	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	7729	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	7730	wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL	15:117db924cf7c	7731	#endif
wolfSSL	15:117db924cf7c	7732	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	7733	wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL	15:117db924cf7c	7734	#endif
wolfSSL	15:117db924cf7c	7735	#endif
wolfSSL	15:117db924cf7c	7736
wolfSSL	15:117db924cf7c	7737	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	7738	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	7739	ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL	15:117db924cf7c	7740	if (ret != 0)
wolfSSL	15:117db924cf7c	7741	return ret;
wolfSSL	15:117db924cf7c	7742	#endif
wolfSSL	15:117db924cf7c	7743	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	7744	ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL	15:117db924cf7c	7745	if (ret != 0)
wolfSSL	15:117db924cf7c	7746	return ret;
wolfSSL	15:117db924cf7c	7747	#endif
wolfSSL	15:117db924cf7c	7748	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	7749	ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL	15:117db924cf7c	7750	if (ret != 0)
wolfSSL	15:117db924cf7c	7751	return ret;
wolfSSL	15:117db924cf7c	7752	#endif
wolfSSL	16:8e0d178b1d1e	7753	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	7754	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	7755	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	16:8e0d178b1d1e	7756	ret = EdDSA_Update(ssl, adj, sz);
wolfSSL	15:117db924cf7c	7757	if (ret != 0)
wolfSSL	15:117db924cf7c	7758	return ret;
wolfSSL	15:117db924cf7c	7759	#endif
wolfSSL	15:117db924cf7c	7760	}
wolfSSL	15:117db924cf7c	7761
wolfSSL	15:117db924cf7c	7762	return ret;
wolfSSL	15:117db924cf7c	7763	}
wolfSSL	15:117db924cf7c	7764
wolfSSL	15:117db924cf7c	7765
wolfSSL	15:117db924cf7c	7766	/* add record layer header for message */
wolfSSL	15:117db924cf7c	7767	static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7768	{
wolfSSL	15:117db924cf7c	7769	RecordLayerHeader* rl;
wolfSSL	15:117db924cf7c	7770
wolfSSL	15:117db924cf7c	7771	/* record layer header */
wolfSSL	15:117db924cf7c	7772	rl = (RecordLayerHeader*)output;
wolfSSL	15:117db924cf7c	7773	if (rl == NULL) {
wolfSSL	15:117db924cf7c	7774	return;
wolfSSL	15:117db924cf7c	7775	}
wolfSSL	15:117db924cf7c	7776	rl->type = type;
wolfSSL	15:117db924cf7c	7777	rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL	15:117db924cf7c	7778	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	7779	if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	7780	#ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	7781	rl->pvMinor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	7782	#else
wolfSSL	15:117db924cf7c	7783	rl->pvMinor = TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	7784	#endif
wolfSSL	15:117db924cf7c	7785	}
wolfSSL	15:117db924cf7c	7786	else
wolfSSL	15:117db924cf7c	7787	#endif
wolfSSL	15:117db924cf7c	7788	rl->pvMinor = ssl->version.minor;
wolfSSL	15:117db924cf7c	7789
wolfSSL	15:117db924cf7c	7790	#ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
wolfSSL	15:117db924cf7c	7791	if (ssl->options.side == WOLFSSL_CLIENT_END
wolfSSL	15:117db924cf7c	7792	&& ssl->options.connectState == CONNECT_BEGIN
wolfSSL	15:117db924cf7c	7793	&& !ssl->options.resuming) {
wolfSSL	15:117db924cf7c	7794	rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
wolfSSL	15:117db924cf7c	7795	: ssl->version.minor;
wolfSSL	15:117db924cf7c	7796	}
wolfSSL	15:117db924cf7c	7797	#endif
wolfSSL	15:117db924cf7c	7798
wolfSSL	15:117db924cf7c	7799	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7800	c16toa((word16)length, rl->length);
wolfSSL	15:117db924cf7c	7801	}
wolfSSL	15:117db924cf7c	7802	else {
wolfSSL	15:117db924cf7c	7803	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7804	DtlsRecordLayerHeader* dtls;
wolfSSL	15:117db924cf7c	7805
wolfSSL	15:117db924cf7c	7806	/* dtls record layer header extensions */
wolfSSL	15:117db924cf7c	7807	dtls = (DtlsRecordLayerHeader*)output;
wolfSSL	15:117db924cf7c	7808	WriteSEQ(ssl, 0, dtls->sequence_number);
wolfSSL	15:117db924cf7c	7809	c16toa((word16)length, dtls->length);
wolfSSL	15:117db924cf7c	7810	#endif
wolfSSL	15:117db924cf7c	7811	}
wolfSSL	15:117db924cf7c	7812	}
wolfSSL	15:117db924cf7c	7813
wolfSSL	15:117db924cf7c	7814
wolfSSL	16:8e0d178b1d1e	7815	#if !defined(WOLFSSL_NO_TLS12) \|\| (defined(HAVE_SESSION_TICKET) && \
wolfSSL	16:8e0d178b1d1e	7816	!defined(NO_WOLFSSL_SERVER))
wolfSSL	15:117db924cf7c	7817	/* add handshake header for message */
wolfSSL	15:117db924cf7c	7818	static void AddHandShakeHeader(byte* output, word32 length,
wolfSSL	15:117db924cf7c	7819	word32 fragOffset, word32 fragLength,
wolfSSL	15:117db924cf7c	7820	byte type, WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7821	{
wolfSSL	15:117db924cf7c	7822	HandShakeHeader* hs;
wolfSSL	15:117db924cf7c	7823	(void)fragOffset;
wolfSSL	15:117db924cf7c	7824	(void)fragLength;
wolfSSL	15:117db924cf7c	7825	(void)ssl;
wolfSSL	15:117db924cf7c	7826
wolfSSL	15:117db924cf7c	7827	/* handshake header */
wolfSSL	15:117db924cf7c	7828	hs = (HandShakeHeader*)output;
wolfSSL	15:117db924cf7c	7829	if (hs == NULL)
wolfSSL	15:117db924cf7c	7830	return;
wolfSSL	15:117db924cf7c	7831
wolfSSL	15:117db924cf7c	7832	hs->type = type;
wolfSSL	15:117db924cf7c	7833	c32to24(length, hs->length); /* type and length same for each */
wolfSSL	15:117db924cf7c	7834	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7835	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7836	DtlsHandShakeHeader* dtls;
wolfSSL	15:117db924cf7c	7837
wolfSSL	15:117db924cf7c	7838	/* dtls handshake header extensions */
wolfSSL	15:117db924cf7c	7839	dtls = (DtlsHandShakeHeader*)output;
wolfSSL	15:117db924cf7c	7840	c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL	15:117db924cf7c	7841	c32to24(fragOffset, dtls->fragment_offset);
wolfSSL	15:117db924cf7c	7842	c32to24(fragLength, dtls->fragment_length);
wolfSSL	15:117db924cf7c	7843	}
wolfSSL	15:117db924cf7c	7844	#endif
wolfSSL	15:117db924cf7c	7845	}
wolfSSL	15:117db924cf7c	7846
wolfSSL	15:117db924cf7c	7847	/* add both headers for handshake message */
wolfSSL	15:117db924cf7c	7848	static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7849	{
wolfSSL	15:117db924cf7c	7850	word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	7851	word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	7852
wolfSSL	15:117db924cf7c	7853	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7854	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7855	lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	7856	outputAdj += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	7857	}
wolfSSL	15:117db924cf7c	7858	#endif
wolfSSL	15:117db924cf7c	7859
wolfSSL	15:117db924cf7c	7860	AddRecordHeader(output, length + lengthAdj, handshake, ssl);
wolfSSL	15:117db924cf7c	7861	AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
wolfSSL	15:117db924cf7c	7862	}
wolfSSL	16:8e0d178b1d1e	7863	#endif /* !WOLFSSL_NO_TLS12 \|\| (HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER) */
wolfSSL	15:117db924cf7c	7864
wolfSSL	15:117db924cf7c	7865
wolfSSL	15:117db924cf7c	7866	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	7867	#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_SERVER) \|\| \
wolfSSL	16:8e0d178b1d1e	7868	!defined(WOLFSSL_NO_CLIENT_AUTH))
wolfSSL	15:117db924cf7c	7869	static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
wolfSSL	15:117db924cf7c	7870	word32 length, byte type, WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7871	{
wolfSSL	15:117db924cf7c	7872	word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	7873	word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	7874	(void)fragSz;
wolfSSL	15:117db924cf7c	7875
wolfSSL	15:117db924cf7c	7876	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7877	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7878	lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	7879	outputAdj += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	7880	}
wolfSSL	15:117db924cf7c	7881	#endif
wolfSSL	15:117db924cf7c	7882
wolfSSL	15:117db924cf7c	7883	AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
wolfSSL	15:117db924cf7c	7884	AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
wolfSSL	15:117db924cf7c	7885	}
wolfSSL	15:117db924cf7c	7886	#endif /* NO_CERTS */
wolfSSL	15:117db924cf7c	7887	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	7888
wolfSSL	15:117db924cf7c	7889
wolfSSL	15:117db924cf7c	7890	/* return bytes received, -1 on error */
wolfSSL	15:117db924cf7c	7891	static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL	15:117db924cf7c	7892	{
wolfSSL	15:117db924cf7c	7893	int recvd;
wolfSSL	15:117db924cf7c	7894
wolfSSL	15:117db924cf7c	7895	if (ssl->CBIORecv == NULL) {
wolfSSL	15:117db924cf7c	7896	WOLFSSL_MSG("Your IO Recv callback is null, please set");
wolfSSL	15:117db924cf7c	7897	return -1;
wolfSSL	15:117db924cf7c	7898	}
wolfSSL	15:117db924cf7c	7899
wolfSSL	15:117db924cf7c	7900	retry:
wolfSSL	15:117db924cf7c	7901	recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL	16:8e0d178b1d1e	7902	if (recvd < 0) {
wolfSSL	15:117db924cf7c	7903	switch (recvd) {
wolfSSL	15:117db924cf7c	7904	case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL	16:8e0d178b1d1e	7905	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_APACHE_HTTPD)
wolfSSL	16:8e0d178b1d1e	7906	if (ssl->biord) {
wolfSSL	16:8e0d178b1d1e	7907	/* If retry and read flags are set, return WANT_READ */
wolfSSL	16:8e0d178b1d1e	7908	if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
wolfSSL	16:8e0d178b1d1e	7909	(ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
wolfSSL	16:8e0d178b1d1e	7910	return WANT_READ;
wolfSSL	16:8e0d178b1d1e	7911	}
wolfSSL	16:8e0d178b1d1e	7912	}
wolfSSL	16:8e0d178b1d1e	7913	#endif
wolfSSL	15:117db924cf7c	7914	return -1;
wolfSSL	15:117db924cf7c	7915
wolfSSL	15:117db924cf7c	7916	case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL	15:117db924cf7c	7917	return WANT_READ;
wolfSSL	15:117db924cf7c	7918
wolfSSL	15:117db924cf7c	7919	case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	15:117db924cf7c	7920	#ifdef USE_WINDOWS_API
wolfSSL	15:117db924cf7c	7921	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	7922	goto retry;
wolfSSL	15:117db924cf7c	7923	}
wolfSSL	15:117db924cf7c	7924	#endif
wolfSSL	15:117db924cf7c	7925	ssl->options.connReset = 1;
wolfSSL	15:117db924cf7c	7926	return -1;
wolfSSL	15:117db924cf7c	7927
wolfSSL	15:117db924cf7c	7928	case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	15:117db924cf7c	7929	/* see if we got our timeout */
wolfSSL	15:117db924cf7c	7930	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	7931	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	7932	struct itimerval timeout;
wolfSSL	15:117db924cf7c	7933	getitimer(ITIMER_REAL, &timeout);
wolfSSL	15:117db924cf7c	7934	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	15:117db924cf7c	7935	timeout.it_value.tv_usec == 0) {
wolfSSL	15:117db924cf7c	7936	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	15:117db924cf7c	7937	"recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	15:117db924cf7c	7938	ssl->timeoutInfo.timeoutName[
wolfSSL	15:117db924cf7c	7939	MAX_TIMEOUT_NAME_SZ] = '\0';
wolfSSL	15:117db924cf7c	7940
wolfSSL	15:117db924cf7c	7941	WOLFSSL_MSG("Got our timeout");
wolfSSL	15:117db924cf7c	7942	return WANT_READ;
wolfSSL	15:117db924cf7c	7943	}
wolfSSL	15:117db924cf7c	7944	}
wolfSSL	15:117db924cf7c	7945	#endif
wolfSSL	15:117db924cf7c	7946	goto retry;
wolfSSL	15:117db924cf7c	7947
wolfSSL	15:117db924cf7c	7948	case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL	15:117db924cf7c	7949	ssl->options.isClosed = 1;
wolfSSL	15:117db924cf7c	7950	return -1;
wolfSSL	15:117db924cf7c	7951
wolfSSL	16:8e0d178b1d1e	7952	case WOLFSSL_CBIO_ERR_TIMEOUT:
wolfSSL	15:117db924cf7c	7953	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	7954	if (IsDtlsNotSctpMode(ssl) &&
wolfSSL	15:117db924cf7c	7955	!ssl->options.handShakeDone &&
wolfSSL	15:117db924cf7c	7956	DtlsMsgPoolTimeout(ssl) == 0 &&
wolfSSL	15:117db924cf7c	7957	DtlsMsgPoolSend(ssl, 0) == 0) {
wolfSSL	15:117db924cf7c	7958
wolfSSL	16:8e0d178b1d1e	7959	/* retry read for DTLS during handshake only */
wolfSSL	15:117db924cf7c	7960	goto retry;
wolfSSL	15:117db924cf7c	7961	}
wolfSSL	16:8e0d178b1d1e	7962	#endif
wolfSSL	15:117db924cf7c	7963	return -1;
wolfSSL	15:117db924cf7c	7964
wolfSSL	15:117db924cf7c	7965	default:
wolfSSL	16:8e0d178b1d1e	7966	WOLFSSL_MSG("Unexpected recv return code");
wolfSSL	15:117db924cf7c	7967	return recvd;
wolfSSL	15:117db924cf7c	7968	}
wolfSSL	16:8e0d178b1d1e	7969	}
wolfSSL	15:117db924cf7c	7970
wolfSSL	15:117db924cf7c	7971	return recvd;
wolfSSL	15:117db924cf7c	7972	}
wolfSSL	15:117db924cf7c	7973
wolfSSL	15:117db924cf7c	7974
wolfSSL	15:117db924cf7c	7975	/* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL	15:117db924cf7c	7976	void ShrinkOutputBuffer(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	7977	{
wolfSSL	15:117db924cf7c	7978	WOLFSSL_MSG("Shrinking output buffer\n");
wolfSSL	15:117db924cf7c	7979	XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL	15:117db924cf7c	7980	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	15:117db924cf7c	7981	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	15:117db924cf7c	7982	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	15:117db924cf7c	7983	ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL	15:117db924cf7c	7984	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	15:117db924cf7c	7985	}
wolfSSL	15:117db924cf7c	7986
wolfSSL	15:117db924cf7c	7987
wolfSSL	15:117db924cf7c	7988	/* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL	15:117db924cf7c	7989	/* forced free means cleaning up */
wolfSSL	15:117db924cf7c	7990	void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
wolfSSL	15:117db924cf7c	7991	{
wolfSSL	15:117db924cf7c	7992	int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	7993	ssl->buffers.inputBuffer.idx;
wolfSSL	15:117db924cf7c	7994	if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL	15:117db924cf7c	7995	return;
wolfSSL	15:117db924cf7c	7996
wolfSSL	15:117db924cf7c	7997	WOLFSSL_MSG("Shrinking input buffer\n");
wolfSSL	15:117db924cf7c	7998
wolfSSL	15:117db924cf7c	7999	if (!forcedFree && usedLength > 0)
wolfSSL	15:117db924cf7c	8000	XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL	15:117db924cf7c	8001	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	8002	usedLength);
wolfSSL	15:117db924cf7c	8003
wolfSSL	15:117db924cf7c	8004	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	15:117db924cf7c	8005	ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	8006	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	15:117db924cf7c	8007	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	15:117db924cf7c	8008	ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL	15:117db924cf7c	8009	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	15:117db924cf7c	8010	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	8011	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	15:117db924cf7c	8012	}
wolfSSL	15:117db924cf7c	8013
wolfSSL	15:117db924cf7c	8014	int SendBuffered(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	8015	{
wolfSSL	15:117db924cf7c	8016	if (ssl->CBIOSend == NULL) {
wolfSSL	15:117db924cf7c	8017	WOLFSSL_MSG("Your IO Send callback is null, please set");
wolfSSL	15:117db924cf7c	8018	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	8019	}
wolfSSL	15:117db924cf7c	8020
wolfSSL	15:117db924cf7c	8021	#ifdef WOLFSSL_DEBUG_TLS
wolfSSL	15:117db924cf7c	8022	if (ssl->buffers.outputBuffer.idx == 0) {
wolfSSL	15:117db924cf7c	8023	WOLFSSL_MSG("Data to send");
wolfSSL	15:117db924cf7c	8024	WOLFSSL_BUFFER(ssl->buffers.outputBuffer.buffer,
wolfSSL	15:117db924cf7c	8025	ssl->buffers.outputBuffer.length);
wolfSSL	15:117db924cf7c	8026	}
wolfSSL	15:117db924cf7c	8027	#endif
wolfSSL	15:117db924cf7c	8028
wolfSSL	15:117db924cf7c	8029	while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	15:117db924cf7c	8030	int sent = ssl->CBIOSend(ssl,
wolfSSL	15:117db924cf7c	8031	(char*)ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	8032	ssl->buffers.outputBuffer.idx,
wolfSSL	15:117db924cf7c	8033	(int)ssl->buffers.outputBuffer.length,
wolfSSL	15:117db924cf7c	8034	ssl->IOCB_WriteCtx);
wolfSSL	15:117db924cf7c	8035	if (sent < 0) {
wolfSSL	15:117db924cf7c	8036	switch (sent) {
wolfSSL	15:117db924cf7c	8037
wolfSSL	15:117db924cf7c	8038	case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL	15:117db924cf7c	8039	return WANT_WRITE;
wolfSSL	15:117db924cf7c	8040
wolfSSL	15:117db924cf7c	8041	case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	15:117db924cf7c	8042	ssl->options.connReset = 1;
wolfSSL	15:117db924cf7c	8043	break;
wolfSSL	15:117db924cf7c	8044
wolfSSL	15:117db924cf7c	8045	case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	15:117db924cf7c	8046	/* see if we got our timeout */
wolfSSL	15:117db924cf7c	8047	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	8048	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	8049	struct itimerval timeout;
wolfSSL	15:117db924cf7c	8050	getitimer(ITIMER_REAL, &timeout);
wolfSSL	15:117db924cf7c	8051	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	15:117db924cf7c	8052	timeout.it_value.tv_usec == 0) {
wolfSSL	15:117db924cf7c	8053	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	15:117db924cf7c	8054	"send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	15:117db924cf7c	8055	ssl->timeoutInfo.timeoutName[
wolfSSL	15:117db924cf7c	8056	MAX_TIMEOUT_NAME_SZ] = '\0';
wolfSSL	15:117db924cf7c	8057
wolfSSL	15:117db924cf7c	8058	WOLFSSL_MSG("Got our timeout");
wolfSSL	15:117db924cf7c	8059	return WANT_WRITE;
wolfSSL	15:117db924cf7c	8060	}
wolfSSL	15:117db924cf7c	8061	}
wolfSSL	15:117db924cf7c	8062	#endif
wolfSSL	15:117db924cf7c	8063	continue;
wolfSSL	15:117db924cf7c	8064
wolfSSL	15:117db924cf7c	8065	case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL	15:117db924cf7c	8066	ssl->options.connReset = 1; /* treat same as reset */
wolfSSL	15:117db924cf7c	8067	break;
wolfSSL	15:117db924cf7c	8068
wolfSSL	15:117db924cf7c	8069	default:
wolfSSL	15:117db924cf7c	8070	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	8071	}
wolfSSL	15:117db924cf7c	8072
wolfSSL	15:117db924cf7c	8073	return SOCKET_ERROR_E;
wolfSSL	15:117db924cf7c	8074	}
wolfSSL	15:117db924cf7c	8075
wolfSSL	15:117db924cf7c	8076	if (sent > (int)ssl->buffers.outputBuffer.length) {
wolfSSL	15:117db924cf7c	8077	WOLFSSL_MSG("SendBuffered() out of bounds read");
wolfSSL	15:117db924cf7c	8078	return SEND_OOB_READ_E;
wolfSSL	15:117db924cf7c	8079	}
wolfSSL	15:117db924cf7c	8080
wolfSSL	15:117db924cf7c	8081	ssl->buffers.outputBuffer.idx += sent;
wolfSSL	15:117db924cf7c	8082	ssl->buffers.outputBuffer.length -= sent;
wolfSSL	15:117db924cf7c	8083	}
wolfSSL	15:117db924cf7c	8084
wolfSSL	15:117db924cf7c	8085	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	8086
wolfSSL	15:117db924cf7c	8087	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	8088	ShrinkOutputBuffer(ssl);
wolfSSL	15:117db924cf7c	8089
wolfSSL	15:117db924cf7c	8090	return 0;
wolfSSL	15:117db924cf7c	8091	}
wolfSSL	15:117db924cf7c	8092
wolfSSL	15:117db924cf7c	8093
wolfSSL	15:117db924cf7c	8094	/* Grow the output buffer */
wolfSSL	15:117db924cf7c	8095	static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
wolfSSL	15:117db924cf7c	8096	{
wolfSSL	15:117db924cf7c	8097	byte* tmp;
wolfSSL	15:117db924cf7c	8098	#if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8099	byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL	15:117db924cf7c	8100	RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	8101	byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL	15:117db924cf7c	8102	#else
wolfSSL	15:117db924cf7c	8103	const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL	15:117db924cf7c	8104	#endif
wolfSSL	15:117db924cf7c	8105
wolfSSL	15:117db924cf7c	8106	#if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8107	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	15:117db924cf7c	8108	the header, if the user wants encrypted alignment they need
wolfSSL	15:117db924cf7c	8109	to define their alignment requirement */
wolfSSL	15:117db924cf7c	8110
wolfSSL	15:117db924cf7c	8111	if (align) {
wolfSSL	15:117db924cf7c	8112	while (align < hdrSz)
wolfSSL	15:117db924cf7c	8113	align *= 2;
wolfSSL	15:117db924cf7c	8114	}
wolfSSL	15:117db924cf7c	8115	#endif
wolfSSL	15:117db924cf7c	8116
wolfSSL	15:117db924cf7c	8117	tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL	15:117db924cf7c	8118	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	15:117db924cf7c	8119	WOLFSSL_MSG("growing output buffer\n");
wolfSSL	15:117db924cf7c	8120
wolfSSL	15:117db924cf7c	8121	if (tmp == NULL)
wolfSSL	15:117db924cf7c	8122	return MEMORY_E;
wolfSSL	15:117db924cf7c	8123
wolfSSL	15:117db924cf7c	8124	#if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8125	if (align)
wolfSSL	15:117db924cf7c	8126	tmp += align - hdrSz;
wolfSSL	15:117db924cf7c	8127	#endif
wolfSSL	15:117db924cf7c	8128
wolfSSL	16:8e0d178b1d1e	8129	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	16:8e0d178b1d1e	8130	/* can be from IO memory pool which does not need copy if same buffer */
wolfSSL	16:8e0d178b1d1e	8131	if (ssl->buffers.outputBuffer.length &&
wolfSSL	16:8e0d178b1d1e	8132	tmp == ssl->buffers.outputBuffer.buffer) {
wolfSSL	16:8e0d178b1d1e	8133	ssl->buffers.outputBuffer.bufferSize =
wolfSSL	16:8e0d178b1d1e	8134	size + ssl->buffers.outputBuffer.length;
wolfSSL	16:8e0d178b1d1e	8135	return 0;
wolfSSL	16:8e0d178b1d1e	8136	}
wolfSSL	16:8e0d178b1d1e	8137	#endif
wolfSSL	16:8e0d178b1d1e	8138
wolfSSL	15:117db924cf7c	8139	if (ssl->buffers.outputBuffer.length)
wolfSSL	15:117db924cf7c	8140	XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL	15:117db924cf7c	8141	ssl->buffers.outputBuffer.length);
wolfSSL	15:117db924cf7c	8142
wolfSSL	15:117db924cf7c	8143	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	8144	XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL	15:117db924cf7c	8145	ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL	15:117db924cf7c	8146	DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	15:117db924cf7c	8147	ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL	15:117db924cf7c	8148
wolfSSL	15:117db924cf7c	8149	#if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8150	if (align)
wolfSSL	15:117db924cf7c	8151	ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL	15:117db924cf7c	8152	else
wolfSSL	15:117db924cf7c	8153	#endif
wolfSSL	15:117db924cf7c	8154	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	15:117db924cf7c	8155
wolfSSL	15:117db924cf7c	8156	ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL	15:117db924cf7c	8157	ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL	15:117db924cf7c	8158	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	8159	return 0;
wolfSSL	15:117db924cf7c	8160	}
wolfSSL	15:117db924cf7c	8161
wolfSSL	15:117db924cf7c	8162
wolfSSL	15:117db924cf7c	8163	/* Grow the input buffer, should only be to read cert or big app data */
wolfSSL	15:117db924cf7c	8164	int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
wolfSSL	15:117db924cf7c	8165	{
wolfSSL	15:117db924cf7c	8166	byte* tmp;
wolfSSL	15:117db924cf7c	8167	#if defined(WOLFSSL_DTLS) \|\| WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8168	byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
wolfSSL	15:117db924cf7c	8169	byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	8170	#else
wolfSSL	15:117db924cf7c	8171	const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL	15:117db924cf7c	8172	#endif
wolfSSL	15:117db924cf7c	8173
wolfSSL	15:117db924cf7c	8174	#if defined(WOLFSSL_DTLS) \|\| WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8175	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	15:117db924cf7c	8176	the dtls record header, if the user wants encrypted alignment they need
wolfSSL	15:117db924cf7c	8177	to define their alignment requirement. in tls we read record header
wolfSSL	15:117db924cf7c	8178	to get size of record and put actual data back at front, so don't need */
wolfSSL	15:117db924cf7c	8179
wolfSSL	15:117db924cf7c	8180	if (align) {
wolfSSL	15:117db924cf7c	8181	while (align < hdrSz)
wolfSSL	15:117db924cf7c	8182	align *= 2;
wolfSSL	15:117db924cf7c	8183	}
wolfSSL	15:117db924cf7c	8184	#endif
wolfSSL	15:117db924cf7c	8185
wolfSSL	15:117db924cf7c	8186	if (usedLength < 0 \|\| size < 0) {
wolfSSL	15:117db924cf7c	8187	WOLFSSL_MSG("GrowInputBuffer() called with negative number");
wolfSSL	15:117db924cf7c	8188	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	8189	}
wolfSSL	15:117db924cf7c	8190
wolfSSL	15:117db924cf7c	8191	tmp = (byte*)XMALLOC(size + usedLength + align,
wolfSSL	15:117db924cf7c	8192	ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	8193	WOLFSSL_MSG("growing input buffer\n");
wolfSSL	15:117db924cf7c	8194
wolfSSL	15:117db924cf7c	8195	if (tmp == NULL)
wolfSSL	15:117db924cf7c	8196	return MEMORY_E;
wolfSSL	15:117db924cf7c	8197
wolfSSL	15:117db924cf7c	8198	#if defined(WOLFSSL_DTLS) \|\| WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8199	if (align)
wolfSSL	15:117db924cf7c	8200	tmp += align - hdrSz;
wolfSSL	15:117db924cf7c	8201	#endif
wolfSSL	15:117db924cf7c	8202
wolfSSL	16:8e0d178b1d1e	8203	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	16:8e0d178b1d1e	8204	/* can be from IO memory pool which does not need copy if same buffer */
wolfSSL	16:8e0d178b1d1e	8205	if (usedLength && tmp == ssl->buffers.inputBuffer.buffer) {
wolfSSL	16:8e0d178b1d1e	8206	ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL	16:8e0d178b1d1e	8207	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	16:8e0d178b1d1e	8208	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	16:8e0d178b1d1e	8209	return 0;
wolfSSL	16:8e0d178b1d1e	8210	}
wolfSSL	16:8e0d178b1d1e	8211	#endif
wolfSSL	16:8e0d178b1d1e	8212
wolfSSL	15:117db924cf7c	8213	if (usedLength)
wolfSSL	15:117db924cf7c	8214	XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL	15:117db924cf7c	8215	ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL	15:117db924cf7c	8216
wolfSSL	15:117db924cf7c	8217	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	8218	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	15:117db924cf7c	8219	ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	8220
wolfSSL	15:117db924cf7c	8221	ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL	15:117db924cf7c	8222	#if defined(WOLFSSL_DTLS) \|\| WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL	15:117db924cf7c	8223	if (align)
wolfSSL	15:117db924cf7c	8224	ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL	15:117db924cf7c	8225	else
wolfSSL	15:117db924cf7c	8226	#endif
wolfSSL	15:117db924cf7c	8227	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	15:117db924cf7c	8228
wolfSSL	15:117db924cf7c	8229	ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL	15:117db924cf7c	8230	ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL	15:117db924cf7c	8231	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	8232	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	15:117db924cf7c	8233
wolfSSL	15:117db924cf7c	8234	return 0;
wolfSSL	15:117db924cf7c	8235	}
wolfSSL	15:117db924cf7c	8236
wolfSSL	15:117db924cf7c	8237
wolfSSL	15:117db924cf7c	8238	/* check available size into output buffer, make room if needed */
wolfSSL	15:117db924cf7c	8239	int CheckAvailableSize(WOLFSSL *ssl, int size)
wolfSSL	15:117db924cf7c	8240	{
wolfSSL	15:117db924cf7c	8241	if (size < 0) {
wolfSSL	15:117db924cf7c	8242	WOLFSSL_MSG("CheckAvailableSize() called with negative number");
wolfSSL	15:117db924cf7c	8243	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	8244	}
wolfSSL	15:117db924cf7c	8245
wolfSSL	15:117db924cf7c	8246	if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL	15:117db924cf7c	8247	< (word32)size) {
wolfSSL	15:117db924cf7c	8248	if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL	15:117db924cf7c	8249	return MEMORY_E;
wolfSSL	15:117db924cf7c	8250	}
wolfSSL	15:117db924cf7c	8251
wolfSSL	15:117db924cf7c	8252	return 0;
wolfSSL	15:117db924cf7c	8253	}
wolfSSL	15:117db924cf7c	8254
wolfSSL	15:117db924cf7c	8255
wolfSSL	15:117db924cf7c	8256	/* do all verify and sanity checks on record header */
wolfSSL	15:117db924cf7c	8257	static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	8258	RecordLayerHeader* rh, word16 *size)
wolfSSL	15:117db924cf7c	8259	{
wolfSSL	15:117db924cf7c	8260	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	8261	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	8262	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	8263	ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
wolfSSL	15:117db924cf7c	8264	ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	8265	#endif
wolfSSL	15:117db924cf7c	8266	XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL	15:117db924cf7c	8267	*inOutIdx += RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	8268	ato16(rh->length, size);
wolfSSL	15:117db924cf7c	8269	}
wolfSSL	15:117db924cf7c	8270	else {
wolfSSL	15:117db924cf7c	8271	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	8272	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	8273	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	8274	ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	8275	FUZZ_HEAD, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	8276	#endif
wolfSSL	15:117db924cf7c	8277	/* type and version in same sport */
wolfSSL	15:117db924cf7c	8278	XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL	15:117db924cf7c	8279	*inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL	15:117db924cf7c	8280	ato16(input + *inOutIdx, &ssl->keys.curEpoch);
wolfSSL	15:117db924cf7c	8281	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	8282	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	8283	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	8284	ssl->keys.curPeerId = input[*inOutIdx];
wolfSSL	15:117db924cf7c	8285	ssl->keys.curSeq_hi = input[*inOutIdx+1];
wolfSSL	15:117db924cf7c	8286	#endif
wolfSSL	15:117db924cf7c	8287	}
wolfSSL	15:117db924cf7c	8288	else
wolfSSL	15:117db924cf7c	8289	ato16(input + *inOutIdx, &ssl->keys.curSeq_hi);
wolfSSL	15:117db924cf7c	8290	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	8291	ato32(input + *inOutIdx, &ssl->keys.curSeq_lo);
wolfSSL	15:117db924cf7c	8292	inOutIdx += OPAQUE32_LEN; / advance past rest of seq */
wolfSSL	15:117db924cf7c	8293	ato16(input + *inOutIdx, size);
wolfSSL	15:117db924cf7c	8294	*inOutIdx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	8295	#endif
wolfSSL	15:117db924cf7c	8296	}
wolfSSL	15:117db924cf7c	8297
wolfSSL	15:117db924cf7c	8298	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	8299	if (IsDtlsNotSctpMode(ssl) && !DtlsCheckWindow(ssl)) {
wolfSSL	16:8e0d178b1d1e	8300	WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR);
wolfSSL	15:117db924cf7c	8301	return SEQUENCE_ERROR;
wolfSSL	15:117db924cf7c	8302	}
wolfSSL	15:117db924cf7c	8303	#endif
wolfSSL	15:117db924cf7c	8304
wolfSSL	15:117db924cf7c	8305	/* catch version mismatch */
wolfSSL	15:117db924cf7c	8306	#ifndef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	8307	if (rh->pvMajor != ssl->version.major \|\| rh->pvMinor != ssl->version.minor)
wolfSSL	15:117db924cf7c	8308	#else
wolfSSL	15:117db924cf7c	8309	if (rh->pvMajor != ssl->version.major \|\|
wolfSSL	15:117db924cf7c	8310	(rh->pvMinor != ssl->version.minor &&
wolfSSL	15:117db924cf7c	8311	#ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	8312	(!IsAtLeastTLSv1_3(ssl->version) \|\| rh->pvMinor != TLSv1_MINOR)
wolfSSL	15:117db924cf7c	8313	#else
wolfSSL	15:117db924cf7c	8314	(!IsAtLeastTLSv1_3(ssl->version) \|\| rh->pvMinor != TLSv1_2_MINOR)
wolfSSL	15:117db924cf7c	8315	#endif
wolfSSL	15:117db924cf7c	8316	))
wolfSSL	15:117db924cf7c	8317	#endif
wolfSSL	15:117db924cf7c	8318	{
wolfSSL	15:117db924cf7c	8319	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	15:117db924cf7c	8320	ssl->options.acceptState < ACCEPT_FIRST_REPLY_DONE)
wolfSSL	15:117db924cf7c	8321
wolfSSL	15:117db924cf7c	8322	WOLFSSL_MSG("Client attempting to connect with different version");
wolfSSL	15:117db924cf7c	8323	else if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL	15:117db924cf7c	8324	ssl->options.downgrade &&
wolfSSL	15:117db924cf7c	8325	ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL	15:117db924cf7c	8326	WOLFSSL_MSG("Server attempting to accept with different version");
wolfSSL	15:117db924cf7c	8327	else if (ssl->options.dtls && rh->type == handshake)
wolfSSL	15:117db924cf7c	8328	/* Check the DTLS handshake message RH version later. */
wolfSSL	15:117db924cf7c	8329	WOLFSSL_MSG("DTLS handshake, skip RH version number check");
wolfSSL	15:117db924cf7c	8330	else {
wolfSSL	15:117db924cf7c	8331	WOLFSSL_MSG("SSL version error");
wolfSSL	16:8e0d178b1d1e	8332	/* send alert per RFC5246 Appendix E. Backward Compatibility */
wolfSSL	16:8e0d178b1d1e	8333	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	8334	#ifdef WOLFSSL_MYSQL_COMPATIBLE
wolfSSL	16:8e0d178b1d1e	8335	SendAlert(ssl, alert_fatal, wc_protocol_version);
wolfSSL	16:8e0d178b1d1e	8336	#else
wolfSSL	16:8e0d178b1d1e	8337	SendAlert(ssl, alert_fatal, protocol_version);
wolfSSL	16:8e0d178b1d1e	8338	#endif
wolfSSL	16:8e0d178b1d1e	8339	}
wolfSSL	15:117db924cf7c	8340	return VERSION_ERROR; /* only use requested version */
wolfSSL	15:117db924cf7c	8341	}
wolfSSL	15:117db924cf7c	8342	}
wolfSSL	15:117db924cf7c	8343
wolfSSL	15:117db924cf7c	8344	/* record layer length check */
wolfSSL	15:117db924cf7c	8345	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	15:117db924cf7c	8346	if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
wolfSSL	15:117db924cf7c	8347	SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL	15:117db924cf7c	8348	return LENGTH_ERROR;
wolfSSL	15:117db924cf7c	8349	}
wolfSSL	15:117db924cf7c	8350	#else
wolfSSL	15:117db924cf7c	8351	if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	15:117db924cf7c	8352	return LENGTH_ERROR;
wolfSSL	15:117db924cf7c	8353	#endif
wolfSSL	15:117db924cf7c	8354
wolfSSL	15:117db924cf7c	8355	/* verify record type here as well */
wolfSSL	15:117db924cf7c	8356	switch (rh->type) {
wolfSSL	15:117db924cf7c	8357	case handshake:
wolfSSL	15:117db924cf7c	8358	case change_cipher_spec:
wolfSSL	15:117db924cf7c	8359	case application_data:
wolfSSL	15:117db924cf7c	8360	case alert:
wolfSSL	15:117db924cf7c	8361	break;
wolfSSL	15:117db924cf7c	8362	case no_type:
wolfSSL	15:117db924cf7c	8363	default:
wolfSSL	15:117db924cf7c	8364	WOLFSSL_MSG("Unknown Record Type");
wolfSSL	15:117db924cf7c	8365	return UNKNOWN_RECORD_TYPE;
wolfSSL	15:117db924cf7c	8366	}
wolfSSL	15:117db924cf7c	8367
wolfSSL	15:117db924cf7c	8368	/* haven't decrypted this record yet */
wolfSSL	15:117db924cf7c	8369	ssl->keys.decryptedCur = 0;
wolfSSL	15:117db924cf7c	8370
wolfSSL	15:117db924cf7c	8371	return 0;
wolfSSL	15:117db924cf7c	8372	}
wolfSSL	15:117db924cf7c	8373
wolfSSL	15:117db924cf7c	8374	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	8375	static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	8376	byte type, word32 size, word32 totalSz)
wolfSSL	15:117db924cf7c	8377	{
wolfSSL	15:117db924cf7c	8378	const byte ptr = input + inOutIdx;
wolfSSL	15:117db924cf7c	8379	(void)ssl;
wolfSSL	15:117db924cf7c	8380
wolfSSL	15:117db924cf7c	8381	*inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	8382	if (*inOutIdx > totalSz)
wolfSSL	15:117db924cf7c	8383	return BUFFER_E;
wolfSSL	15:117db924cf7c	8384
wolfSSL	15:117db924cf7c	8385	*type = ptr[0];
wolfSSL	15:117db924cf7c	8386	c24to32(&ptr[1], size);
wolfSSL	15:117db924cf7c	8387
wolfSSL	15:117db924cf7c	8388	return 0;
wolfSSL	15:117db924cf7c	8389	}
wolfSSL	15:117db924cf7c	8390	#endif
wolfSSL	15:117db924cf7c	8391
wolfSSL	15:117db924cf7c	8392	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	8393	static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	8394	word32* inOutIdx, byte type, word32 size,
wolfSSL	15:117db924cf7c	8395	word32 fragOffset, word32 fragSz,
wolfSSL	15:117db924cf7c	8396	word32 totalSz)
wolfSSL	15:117db924cf7c	8397	{
wolfSSL	15:117db924cf7c	8398	word32 idx = *inOutIdx;
wolfSSL	15:117db924cf7c	8399
wolfSSL	15:117db924cf7c	8400	*inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	8401	if (*inOutIdx > totalSz) {
wolfSSL	16:8e0d178b1d1e	8402	WOLFSSL_ERROR(BUFFER_E);
wolfSSL	16:8e0d178b1d1e	8403	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	8404	}
wolfSSL	15:117db924cf7c	8405
wolfSSL	15:117db924cf7c	8406	*type = input[idx++];
wolfSSL	15:117db924cf7c	8407	c24to32(input + idx, size);
wolfSSL	15:117db924cf7c	8408	idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	8409
wolfSSL	15:117db924cf7c	8410	ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL	15:117db924cf7c	8411	idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL	15:117db924cf7c	8412
wolfSSL	15:117db924cf7c	8413	c24to32(input + idx, fragOffset);
wolfSSL	15:117db924cf7c	8414	idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL	15:117db924cf7c	8415	c24to32(input + idx, fragSz);
wolfSSL	15:117db924cf7c	8416
wolfSSL	15:117db924cf7c	8417	if (ssl->curRL.pvMajor != ssl->version.major \|\|
wolfSSL	15:117db924cf7c	8418	ssl->curRL.pvMinor != ssl->version.minor) {
wolfSSL	15:117db924cf7c	8419
wolfSSL	16:8e0d178b1d1e	8420	if (type != client_hello && type != hello_verify_request) {
wolfSSL	16:8e0d178b1d1e	8421	WOLFSSL_ERROR(VERSION_ERROR);
wolfSSL	15:117db924cf7c	8422	return VERSION_ERROR;
wolfSSL	16:8e0d178b1d1e	8423	}
wolfSSL	15:117db924cf7c	8424	else {
wolfSSL	15:117db924cf7c	8425	WOLFSSL_MSG("DTLS Handshake ignoring hello or verify version");
wolfSSL	15:117db924cf7c	8426	}
wolfSSL	15:117db924cf7c	8427	}
wolfSSL	15:117db924cf7c	8428	return 0;
wolfSSL	15:117db924cf7c	8429	}
wolfSSL	15:117db924cf7c	8430	#endif
wolfSSL	15:117db924cf7c	8431
wolfSSL	15:117db924cf7c	8432
wolfSSL	15:117db924cf7c	8433	#if !defined(NO_OLD_TLS) \|\| \
wolfSSL	15:117db924cf7c	8434	(defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	15:117db924cf7c	8435	/* fill with MD5 pad size since biggest required */
wolfSSL	15:117db924cf7c	8436	static const byte PAD1[PAD_MD5] =
wolfSSL	15:117db924cf7c	8437	{ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	15:117db924cf7c	8438	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	15:117db924cf7c	8439	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	15:117db924cf7c	8440	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	15:117db924cf7c	8441	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	15:117db924cf7c	8442	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL	15:117db924cf7c	8443	};
wolfSSL	15:117db924cf7c	8444	static const byte PAD2[PAD_MD5] =
wolfSSL	15:117db924cf7c	8445	{ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	15:117db924cf7c	8446	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	15:117db924cf7c	8447	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	15:117db924cf7c	8448	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	15:117db924cf7c	8449	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	15:117db924cf7c	8450	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL	15:117db924cf7c	8451	};
wolfSSL	15:117db924cf7c	8452	#endif /* !NO_OLD_TLS \|\| (NO_OLD_TLS && WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL	15:117db924cf7c	8453
wolfSSL	15:117db924cf7c	8454	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	8455
wolfSSL	15:117db924cf7c	8456	/* calculate MD5 hash for finished */
wolfSSL	15:117db924cf7c	8457	#ifdef WOLFSSL_TI_HASH
wolfSSL	15:117db924cf7c	8458	#include <wolfssl/wolfcrypt/hash.h>
wolfSSL	15:117db924cf7c	8459	#endif
wolfSSL	15:117db924cf7c	8460
wolfSSL	15:117db924cf7c	8461	static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	15:117db924cf7c	8462	{
wolfSSL	15:117db924cf7c	8463	int ret;
wolfSSL	15:117db924cf7c	8464	byte md5_result[WC_MD5_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	8465	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	8466	wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	8467	if (md5 == NULL)
wolfSSL	15:117db924cf7c	8468	return MEMORY_E;
wolfSSL	15:117db924cf7c	8469	#else
wolfSSL	15:117db924cf7c	8470	wc_Md5 md5[1];
wolfSSL	15:117db924cf7c	8471	#endif
wolfSSL	15:117db924cf7c	8472
wolfSSL	15:117db924cf7c	8473	/* make md5 inner */
wolfSSL	15:117db924cf7c	8474	ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5);
wolfSSL	15:117db924cf7c	8475	if (ret == 0)
wolfSSL	15:117db924cf7c	8476	ret = wc_Md5Update(md5, sender, SIZEOF_SENDER);
wolfSSL	15:117db924cf7c	8477	if (ret == 0)
wolfSSL	15:117db924cf7c	8478	ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	8479	if (ret == 0)
wolfSSL	15:117db924cf7c	8480	ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL	15:117db924cf7c	8481	if (ret == 0)
wolfSSL	15:117db924cf7c	8482	ret = wc_Md5Final(md5, md5_result);
wolfSSL	15:117db924cf7c	8483
wolfSSL	15:117db924cf7c	8484	/* make md5 outer */
wolfSSL	15:117db924cf7c	8485	if (ret == 0) {
wolfSSL	15:117db924cf7c	8486	ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	8487	if (ret == 0) {
wolfSSL	15:117db924cf7c	8488	ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	8489	if (ret == 0)
wolfSSL	15:117db924cf7c	8490	ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL	15:117db924cf7c	8491	if (ret == 0)
wolfSSL	15:117db924cf7c	8492	ret = wc_Md5Update(md5, md5_result, WC_MD5_DIGEST_SIZE);
wolfSSL	15:117db924cf7c	8493	if (ret == 0)
wolfSSL	15:117db924cf7c	8494	ret = wc_Md5Final(md5, hashes->md5);
wolfSSL	15:117db924cf7c	8495	wc_Md5Free(md5);
wolfSSL	15:117db924cf7c	8496	}
wolfSSL	15:117db924cf7c	8497	}
wolfSSL	15:117db924cf7c	8498
wolfSSL	15:117db924cf7c	8499	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	8500	XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	8501	#endif
wolfSSL	15:117db924cf7c	8502
wolfSSL	15:117db924cf7c	8503	return ret;
wolfSSL	15:117db924cf7c	8504	}
wolfSSL	15:117db924cf7c	8505
wolfSSL	15:117db924cf7c	8506
wolfSSL	15:117db924cf7c	8507	/* calculate SHA hash for finished */
wolfSSL	15:117db924cf7c	8508	static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	15:117db924cf7c	8509	{
wolfSSL	15:117db924cf7c	8510	int ret;
wolfSSL	15:117db924cf7c	8511	byte sha_result[WC_SHA_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	8512	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	8513	wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	8514	if (sha == NULL)
wolfSSL	15:117db924cf7c	8515	return MEMORY_E;
wolfSSL	15:117db924cf7c	8516	#else
wolfSSL	15:117db924cf7c	8517	wc_Sha sha[1];
wolfSSL	15:117db924cf7c	8518	#endif
wolfSSL	15:117db924cf7c	8519	/* make sha inner */
wolfSSL	15:117db924cf7c	8520	ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL	15:117db924cf7c	8521	if (ret == 0)
wolfSSL	15:117db924cf7c	8522	ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER);
wolfSSL	15:117db924cf7c	8523	if (ret == 0)
wolfSSL	15:117db924cf7c	8524	ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	8525	if (ret == 0)
wolfSSL	15:117db924cf7c	8526	ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL	15:117db924cf7c	8527	if (ret == 0)
wolfSSL	15:117db924cf7c	8528	ret = wc_ShaFinal(sha, sha_result);
wolfSSL	15:117db924cf7c	8529
wolfSSL	15:117db924cf7c	8530	/* make sha outer */
wolfSSL	15:117db924cf7c	8531	if (ret == 0) {
wolfSSL	15:117db924cf7c	8532	ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	8533	if (ret == 0) {
wolfSSL	15:117db924cf7c	8534	ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	8535	if (ret == 0)
wolfSSL	15:117db924cf7c	8536	ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL	15:117db924cf7c	8537	if (ret == 0)
wolfSSL	15:117db924cf7c	8538	ret = wc_ShaUpdate(sha, sha_result, WC_SHA_DIGEST_SIZE);
wolfSSL	15:117db924cf7c	8539	if (ret == 0)
wolfSSL	15:117db924cf7c	8540	ret = wc_ShaFinal(sha, hashes->sha);
wolfSSL	15:117db924cf7c	8541	wc_ShaFree(sha);
wolfSSL	15:117db924cf7c	8542	}
wolfSSL	15:117db924cf7c	8543	}
wolfSSL	15:117db924cf7c	8544
wolfSSL	15:117db924cf7c	8545	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	8546	XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	8547	#endif
wolfSSL	15:117db924cf7c	8548
wolfSSL	15:117db924cf7c	8549	return ret;
wolfSSL	15:117db924cf7c	8550	}
wolfSSL	15:117db924cf7c	8551	#endif
wolfSSL	15:117db924cf7c	8552
wolfSSL	15:117db924cf7c	8553	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	8554
wolfSSL	15:117db924cf7c	8555	/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
wolfSSL	15:117db924cf7c	8556	static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	15:117db924cf7c	8557	{
wolfSSL	15:117db924cf7c	8558	int ret = 0;
wolfSSL	15:117db924cf7c	8559
wolfSSL	15:117db924cf7c	8560	if (ssl == NULL)
wolfSSL	15:117db924cf7c	8561	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	8562
wolfSSL	15:117db924cf7c	8563	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	8564	if (ssl->options.tls) {
wolfSSL	15:117db924cf7c	8565	ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL	15:117db924cf7c	8566	}
wolfSSL	15:117db924cf7c	8567	#endif
wolfSSL	15:117db924cf7c	8568	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	8569	if (!ssl->options.tls) {
wolfSSL	15:117db924cf7c	8570	ret = BuildMD5(ssl, hashes, sender);
wolfSSL	15:117db924cf7c	8571	if (ret == 0) {
wolfSSL	15:117db924cf7c	8572	ret = BuildSHA(ssl, hashes, sender);
wolfSSL	15:117db924cf7c	8573	}
wolfSSL	15:117db924cf7c	8574	}
wolfSSL	15:117db924cf7c	8575	#endif
wolfSSL	15:117db924cf7c	8576
wolfSSL	15:117db924cf7c	8577	return ret;
wolfSSL	15:117db924cf7c	8578	}
wolfSSL	15:117db924cf7c	8579
wolfSSL	15:117db924cf7c	8580	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	8581
wolfSSL	15:117db924cf7c	8582	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_WOLFSSL_CLIENT)
wolfSSL	15:117db924cf7c	8583	/* cipher requirements */
wolfSSL	15:117db924cf7c	8584	enum {
wolfSSL	15:117db924cf7c	8585	REQUIRES_RSA,
wolfSSL	15:117db924cf7c	8586	REQUIRES_DHE,
wolfSSL	15:117db924cf7c	8587	REQUIRES_ECC,
wolfSSL	15:117db924cf7c	8588	REQUIRES_ECC_STATIC,
wolfSSL	15:117db924cf7c	8589	REQUIRES_PSK,
wolfSSL	15:117db924cf7c	8590	REQUIRES_NTRU,
wolfSSL	16:8e0d178b1d1e	8591	REQUIRES_RSA_SIG,
wolfSSL	16:8e0d178b1d1e	8592	REQUIRES_AEAD
wolfSSL	15:117db924cf7c	8593	};
wolfSSL	15:117db924cf7c	8594
wolfSSL	15:117db924cf7c	8595
wolfSSL	15:117db924cf7c	8596
wolfSSL	15:117db924cf7c	8597	/* Does this cipher suite (first, second) have the requirement
wolfSSL	15:117db924cf7c	8598	an ephemeral key exchange will still require the key for signing
wolfSSL	15:117db924cf7c	8599	the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL	15:117db924cf7c	8600	static int CipherRequires(byte first, byte second, int requirement)
wolfSSL	15:117db924cf7c	8601	{
wolfSSL	15:117db924cf7c	8602
wolfSSL	15:117db924cf7c	8603	(void)requirement;
wolfSSL	15:117db924cf7c	8604
wolfSSL	15:117db924cf7c	8605	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	8606
wolfSSL	15:117db924cf7c	8607	#ifdef HAVE_CHACHA
wolfSSL	15:117db924cf7c	8608	if (first == CHACHA_BYTE) {
wolfSSL	15:117db924cf7c	8609
wolfSSL	15:117db924cf7c	8610	switch (second) {
wolfSSL	15:117db924cf7c	8611	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8612	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8613	return 1;
wolfSSL	15:117db924cf7c	8614	break;
wolfSSL	15:117db924cf7c	8615
wolfSSL	15:117db924cf7c	8616	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8617	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8618	return 1;
wolfSSL	15:117db924cf7c	8619	break;
wolfSSL	15:117db924cf7c	8620
wolfSSL	15:117db924cf7c	8621	case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8622	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8623	return 1;
wolfSSL	15:117db924cf7c	8624	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	8625	return 1;
wolfSSL	15:117db924cf7c	8626	break;
wolfSSL	15:117db924cf7c	8627
wolfSSL	15:117db924cf7c	8628	case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8629	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8630	return 1;
wolfSSL	15:117db924cf7c	8631	break;
wolfSSL	15:117db924cf7c	8632
wolfSSL	15:117db924cf7c	8633	case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8634	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8635	return 1;
wolfSSL	15:117db924cf7c	8636	break;
wolfSSL	15:117db924cf7c	8637
wolfSSL	15:117db924cf7c	8638	case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8639	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8640	return 1;
wolfSSL	15:117db924cf7c	8641	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	8642	return 1;
wolfSSL	15:117db924cf7c	8643	break;
wolfSSL	15:117db924cf7c	8644
wolfSSL	15:117db924cf7c	8645
wolfSSL	15:117db924cf7c	8646	case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8647	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8648	return 1;
wolfSSL	15:117db924cf7c	8649	break;
wolfSSL	15:117db924cf7c	8650
wolfSSL	15:117db924cf7c	8651	case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8652	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8653	return 1;
wolfSSL	15:117db924cf7c	8654	break;
wolfSSL	15:117db924cf7c	8655
wolfSSL	15:117db924cf7c	8656	case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL	15:117db924cf7c	8657	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8658	return 1;
wolfSSL	15:117db924cf7c	8659	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	8660	return 1;
wolfSSL	15:117db924cf7c	8661	break;
wolfSSL	15:117db924cf7c	8662	}
wolfSSL	16:8e0d178b1d1e	8663
wolfSSL	16:8e0d178b1d1e	8664	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8665	return 1;
wolfSSL	16:8e0d178b1d1e	8666
wolfSSL	15:117db924cf7c	8667	}
wolfSSL	15:117db924cf7c	8668	#endif /* HAVE_CHACHA */
wolfSSL	15:117db924cf7c	8669
wolfSSL	15:117db924cf7c	8670	/* ECC extensions */
wolfSSL	15:117db924cf7c	8671	if (first == ECC_BYTE) {
wolfSSL	15:117db924cf7c	8672
wolfSSL	15:117db924cf7c	8673	switch (second) {
wolfSSL	16:8e0d178b1d1e	8674	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	8675	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	8676	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	8677	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8678	return 1;
wolfSSL	15:117db924cf7c	8679	break;
wolfSSL	15:117db924cf7c	8680
wolfSSL	15:117db924cf7c	8681	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	8682	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8683	return 1;
wolfSSL	15:117db924cf7c	8684	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8685	return 1;
wolfSSL	15:117db924cf7c	8686	break;
wolfSSL	15:117db924cf7c	8687
wolfSSL	15:117db924cf7c	8688	#ifndef NO_DES3
wolfSSL	15:117db924cf7c	8689	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	8690	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8691	return 1;
wolfSSL	15:117db924cf7c	8692	break;
wolfSSL	15:117db924cf7c	8693
wolfSSL	15:117db924cf7c	8694	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	8695	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8696	return 1;
wolfSSL	15:117db924cf7c	8697	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8698	return 1;
wolfSSL	15:117db924cf7c	8699	break;
wolfSSL	15:117db924cf7c	8700	#endif /* !NO_DES3 */
wolfSSL	15:117db924cf7c	8701
wolfSSL	15:117db924cf7c	8702	#ifndef NO_RC4
wolfSSL	15:117db924cf7c	8703	case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8704	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8705	return 1;
wolfSSL	15:117db924cf7c	8706	break;
wolfSSL	15:117db924cf7c	8707
wolfSSL	15:117db924cf7c	8708	case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8709	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8710	return 1;
wolfSSL	15:117db924cf7c	8711	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8712	return 1;
wolfSSL	15:117db924cf7c	8713	break;
wolfSSL	15:117db924cf7c	8714	#endif /* !NO_RC4 */
wolfSSL	15:117db924cf7c	8715	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	8716
wolfSSL	15:117db924cf7c	8717	#ifndef NO_DES3
wolfSSL	15:117db924cf7c	8718	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	8719	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8720	return 1;
wolfSSL	15:117db924cf7c	8721	break;
wolfSSL	15:117db924cf7c	8722
wolfSSL	15:117db924cf7c	8723	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	8724	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8725	return 1;
wolfSSL	15:117db924cf7c	8726	break;
wolfSSL	15:117db924cf7c	8727	#endif /* !NO_DES3 */
wolfSSL	15:117db924cf7c	8728	#ifndef NO_RC4
wolfSSL	15:117db924cf7c	8729	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8730	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8731	return 1;
wolfSSL	15:117db924cf7c	8732	break;
wolfSSL	15:117db924cf7c	8733
wolfSSL	15:117db924cf7c	8734	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8735	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8736	return 1;
wolfSSL	15:117db924cf7c	8737	break;
wolfSSL	15:117db924cf7c	8738	#endif /* !NO_RC4 */
wolfSSL	15:117db924cf7c	8739	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	8740	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	8741	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8742	return 1;
wolfSSL	15:117db924cf7c	8743	break;
wolfSSL	15:117db924cf7c	8744
wolfSSL	15:117db924cf7c	8745	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	8746	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8747	return 1;
wolfSSL	15:117db924cf7c	8748	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8749	return 1;
wolfSSL	15:117db924cf7c	8750	break;
wolfSSL	15:117db924cf7c	8751	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	8752
wolfSSL	15:117db924cf7c	8753	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	8754	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8755	return 1;
wolfSSL	15:117db924cf7c	8756	break;
wolfSSL	15:117db924cf7c	8757
wolfSSL	15:117db924cf7c	8758	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	8759	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8760	return 1;
wolfSSL	15:117db924cf7c	8761	break;
wolfSSL	15:117db924cf7c	8762
wolfSSL	15:117db924cf7c	8763	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	8764	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8765	return 1;
wolfSSL	15:117db924cf7c	8766	break;
wolfSSL	15:117db924cf7c	8767
wolfSSL	15:117db924cf7c	8768	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	8769	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8770	return 1;
wolfSSL	15:117db924cf7c	8771	break;
wolfSSL	15:117db924cf7c	8772
wolfSSL	15:117db924cf7c	8773	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	8774	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8775	return 1;
wolfSSL	16:8e0d178b1d1e	8776	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8777	return 1;
wolfSSL	15:117db924cf7c	8778	break;
wolfSSL	15:117db924cf7c	8779
wolfSSL	15:117db924cf7c	8780	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	8781	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8782	return 1;
wolfSSL	16:8e0d178b1d1e	8783	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8784	return 1;
wolfSSL	15:117db924cf7c	8785	break;
wolfSSL	15:117db924cf7c	8786
wolfSSL	15:117db924cf7c	8787	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	8788	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8789	return 1;
wolfSSL	16:8e0d178b1d1e	8790	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8791	return 1;
wolfSSL	15:117db924cf7c	8792	break;
wolfSSL	15:117db924cf7c	8793
wolfSSL	15:117db924cf7c	8794	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	8795	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8796	return 1;
wolfSSL	16:8e0d178b1d1e	8797	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8798	return 1;
wolfSSL	16:8e0d178b1d1e	8799	break;
wolfSSL	16:8e0d178b1d1e	8800	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	8801
wolfSSL	15:117db924cf7c	8802	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	8803	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	8804	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	8805	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8806	return 1;
wolfSSL	16:8e0d178b1d1e	8807	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8808	return 1;
wolfSSL	15:117db924cf7c	8809	break;
wolfSSL	15:117db924cf7c	8810
wolfSSL	15:117db924cf7c	8811	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	8812	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8813	return 1;
wolfSSL	16:8e0d178b1d1e	8814	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8815	return 1;
wolfSSL	15:117db924cf7c	8816	break;
wolfSSL	15:117db924cf7c	8817
wolfSSL	15:117db924cf7c	8818	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	8819	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8820	return 1;
wolfSSL	15:117db924cf7c	8821	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8822	return 1;
wolfSSL	16:8e0d178b1d1e	8823	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8824	return 1;
wolfSSL	15:117db924cf7c	8825	break;
wolfSSL	15:117db924cf7c	8826
wolfSSL	15:117db924cf7c	8827	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	8828	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8829	return 1;
wolfSSL	15:117db924cf7c	8830	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8831	return 1;
wolfSSL	16:8e0d178b1d1e	8832	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8833	return 1;
wolfSSL	16:8e0d178b1d1e	8834	break;
wolfSSL	16:8e0d178b1d1e	8835	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	8836	#ifdef HAVE_AESCCM
wolfSSL	15:117db924cf7c	8837	case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL	15:117db924cf7c	8838	case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL	15:117db924cf7c	8839	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8840	return 1;
wolfSSL	15:117db924cf7c	8841	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8842	return 1;
wolfSSL	16:8e0d178b1d1e	8843	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8844	return 1;
wolfSSL	15:117db924cf7c	8845	break;
wolfSSL	15:117db924cf7c	8846	#endif /* HAVE_AESCCM */
wolfSSL	16:8e0d178b1d1e	8847	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	8848
wolfSSL	15:117db924cf7c	8849	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	8850	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	8851	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8852	return 1;
wolfSSL	15:117db924cf7c	8853	break;
wolfSSL	15:117db924cf7c	8854
wolfSSL	15:117db924cf7c	8855	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	8856	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	8857	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	8858	return 1;
wolfSSL	15:117db924cf7c	8859	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8860	return 1;
wolfSSL	15:117db924cf7c	8861	break;
wolfSSL	16:8e0d178b1d1e	8862	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	8863	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	8864
wolfSSL	16:8e0d178b1d1e	8865	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	8866	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
wolfSSL	15:117db924cf7c	8867	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL	15:117db924cf7c	8868	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL	15:117db924cf7c	8869	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8870	return 1;
wolfSSL	16:8e0d178b1d1e	8871	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8872	return 1;
wolfSSL	15:117db924cf7c	8873	break;
wolfSSL	15:117db924cf7c	8874
wolfSSL	15:117db924cf7c	8875	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	8876	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	8877	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8878	return 1;
wolfSSL	15:117db924cf7c	8879	break;
wolfSSL	15:117db924cf7c	8880
wolfSSL	15:117db924cf7c	8881	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	8882	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	8883	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8884	return 1;
wolfSSL	15:117db924cf7c	8885	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	15:117db924cf7c	8886	return 1;
wolfSSL	15:117db924cf7c	8887	break;
wolfSSL	16:8e0d178b1d1e	8888	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	8889
wolfSSL	15:117db924cf7c	8890	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	8891	case TLS_PSK_WITH_AES_128_CCM:
wolfSSL	15:117db924cf7c	8892	case TLS_PSK_WITH_AES_256_CCM:
wolfSSL	15:117db924cf7c	8893	case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL	15:117db924cf7c	8894	case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL	15:117db924cf7c	8895	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8896	return 1;
wolfSSL	16:8e0d178b1d1e	8897	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8898	return 1;
wolfSSL	15:117db924cf7c	8899	break;
wolfSSL	15:117db924cf7c	8900
wolfSSL	15:117db924cf7c	8901	case TLS_DHE_PSK_WITH_AES_128_CCM:
wolfSSL	15:117db924cf7c	8902	case TLS_DHE_PSK_WITH_AES_256_CCM:
wolfSSL	15:117db924cf7c	8903	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8904	return 1;
wolfSSL	15:117db924cf7c	8905	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	8906	return 1;
wolfSSL	16:8e0d178b1d1e	8907	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	8908	return 1;
wolfSSL	15:117db924cf7c	8909	break;
wolfSSL	15:117db924cf7c	8910	#endif /* !NO_PSK */
wolfSSL	16:8e0d178b1d1e	8911	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	8912	case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL	15:117db924cf7c	8913	if (requirement == REQUIRES_ECC)
wolfSSL	15:117db924cf7c	8914	return 1;
wolfSSL	15:117db924cf7c	8915	break;
wolfSSL	15:117db924cf7c	8916
wolfSSL	15:117db924cf7c	8917	case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL	15:117db924cf7c	8918	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8919	return 1;
wolfSSL	15:117db924cf7c	8920	break;
wolfSSL	15:117db924cf7c	8921
wolfSSL	15:117db924cf7c	8922	case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	8923	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	8924	return 1;
wolfSSL	15:117db924cf7c	8925	break;
wolfSSL	16:8e0d178b1d1e	8926	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	16:8e0d178b1d1e	8927
wolfSSL	16:8e0d178b1d1e	8928	#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
wolfSSL	16:8e0d178b1d1e	8929	case TLS_SHA256_SHA256:
wolfSSL	16:8e0d178b1d1e	8930	break;
wolfSSL	16:8e0d178b1d1e	8931	case TLS_SHA384_SHA384:
wolfSSL	16:8e0d178b1d1e	8932	break;
wolfSSL	16:8e0d178b1d1e	8933	#endif
wolfSSL	16:8e0d178b1d1e	8934
wolfSSL	15:117db924cf7c	8935	default:
wolfSSL	15:117db924cf7c	8936	WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL	15:117db924cf7c	8937	return 0;
wolfSSL	15:117db924cf7c	8938	} /* switch */
wolfSSL	15:117db924cf7c	8939	} /* if */
wolfSSL	15:117db924cf7c	8940
wolfSSL	15:117db924cf7c	8941	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	8942
wolfSSL	15:117db924cf7c	8943	/* Distinct TLS v1.3 cipher suites with cipher and digest only. */
wolfSSL	15:117db924cf7c	8944	if (first == TLS13_BYTE) {
wolfSSL	15:117db924cf7c	8945
wolfSSL	15:117db924cf7c	8946	switch (second) {
wolfSSL	15:117db924cf7c	8947	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	8948	case TLS_AES_128_GCM_SHA256:
wolfSSL	15:117db924cf7c	8949	case TLS_AES_256_GCM_SHA384:
wolfSSL	15:117db924cf7c	8950	case TLS_CHACHA20_POLY1305_SHA256:
wolfSSL	15:117db924cf7c	8951	case TLS_AES_128_CCM_SHA256:
wolfSSL	15:117db924cf7c	8952	case TLS_AES_128_CCM_8_SHA256:
wolfSSL	15:117db924cf7c	8953	break;
wolfSSL	15:117db924cf7c	8954	#endif
wolfSSL	15:117db924cf7c	8955
wolfSSL	15:117db924cf7c	8956	default:
wolfSSL	15:117db924cf7c	8957	WOLFSSL_MSG("Unsupported cipher suite, CipherRequires "
wolfSSL	15:117db924cf7c	8958	"TLS v1.3");
wolfSSL	15:117db924cf7c	8959	return 0;
wolfSSL	15:117db924cf7c	8960	}
wolfSSL	15:117db924cf7c	8961	}
wolfSSL	15:117db924cf7c	8962
wolfSSL	15:117db924cf7c	8963	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	8964
wolfSSL	15:117db924cf7c	8965	if (first != ECC_BYTE && first != CHACHA_BYTE &&
wolfSSL	15:117db924cf7c	8966	first != TLS13_BYTE) { /* normal suites */
wolfSSL	15:117db924cf7c	8967	switch (second) {
wolfSSL	15:117db924cf7c	8968
wolfSSL	15:117db924cf7c	8969	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	8970	#ifndef NO_RC4
wolfSSL	15:117db924cf7c	8971	case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8972	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8973	return 1;
wolfSSL	15:117db924cf7c	8974	break;
wolfSSL	15:117db924cf7c	8975
wolfSSL	15:117db924cf7c	8976	case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL	15:117db924cf7c	8977	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8978	return 1;
wolfSSL	15:117db924cf7c	8979	break;
wolfSSL	15:117db924cf7c	8980	#endif /* NO_RC4 */
wolfSSL	15:117db924cf7c	8981
wolfSSL	15:117db924cf7c	8982	case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	8983	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8984	return 1;
wolfSSL	15:117db924cf7c	8985	break;
wolfSSL	15:117db924cf7c	8986
wolfSSL	15:117db924cf7c	8987	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	8988	case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL	15:117db924cf7c	8989	if (requirement == REQUIRES_NTRU)
wolfSSL	15:117db924cf7c	8990	return 1;
wolfSSL	15:117db924cf7c	8991	break;
wolfSSL	15:117db924cf7c	8992	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	8993
wolfSSL	15:117db924cf7c	8994	case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	8995	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	8996	return 1;
wolfSSL	15:117db924cf7c	8997	break;
wolfSSL	15:117db924cf7c	8998
wolfSSL	15:117db924cf7c	8999	case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9000	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9001	return 1;
wolfSSL	15:117db924cf7c	9002	break;
wolfSSL	15:117db924cf7c	9003
wolfSSL	15:117db924cf7c	9004	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	9005	case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	15:117db924cf7c	9006	if (requirement == REQUIRES_NTRU)
wolfSSL	15:117db924cf7c	9007	return 1;
wolfSSL	15:117db924cf7c	9008	break;
wolfSSL	15:117db924cf7c	9009	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	9010
wolfSSL	15:117db924cf7c	9011	case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9012	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9013	return 1;
wolfSSL	15:117db924cf7c	9014	break;
wolfSSL	15:117db924cf7c	9015
wolfSSL	15:117db924cf7c	9016	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	9017	case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9018	if (requirement == REQUIRES_NTRU)
wolfSSL	15:117db924cf7c	9019	return 1;
wolfSSL	15:117db924cf7c	9020	break;
wolfSSL	15:117db924cf7c	9021	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	9022
wolfSSL	15:117db924cf7c	9023	case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9024	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9025	return 1;
wolfSSL	15:117db924cf7c	9026	break;
wolfSSL	15:117db924cf7c	9027
wolfSSL	16:8e0d178b1d1e	9028	case TLS_RSA_WITH_NULL_MD5 :
wolfSSL	15:117db924cf7c	9029	case TLS_RSA_WITH_NULL_SHA :
wolfSSL	15:117db924cf7c	9030	case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL	15:117db924cf7c	9031	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9032	return 1;
wolfSSL	15:117db924cf7c	9033	break;
wolfSSL	15:117db924cf7c	9034
wolfSSL	15:117db924cf7c	9035	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	9036	case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9037	if (requirement == REQUIRES_NTRU)
wolfSSL	15:117db924cf7c	9038	return 1;
wolfSSL	15:117db924cf7c	9039	break;
wolfSSL	15:117db924cf7c	9040	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	9041
wolfSSL	15:117db924cf7c	9042	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	9043	case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL	15:117db924cf7c	9044	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9045	return 1;
wolfSSL	15:117db924cf7c	9046	break;
wolfSSL	15:117db924cf7c	9047	#endif /* HAVE_IDEA */
wolfSSL	15:117db924cf7c	9048	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	9049
wolfSSL	15:117db924cf7c	9050	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	9051	case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL	16:8e0d178b1d1e	9052	if (requirement == REQUIRES_PSK)
wolfSSL	16:8e0d178b1d1e	9053	return 1;
wolfSSL	16:8e0d178b1d1e	9054	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9055	return 1;
wolfSSL	16:8e0d178b1d1e	9056	break;
wolfSSL	16:8e0d178b1d1e	9057
wolfSSL	15:117db924cf7c	9058	case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL	16:8e0d178b1d1e	9059	if (requirement == REQUIRES_PSK)
wolfSSL	16:8e0d178b1d1e	9060	return 1;
wolfSSL	16:8e0d178b1d1e	9061	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9062	return 1;
wolfSSL	16:8e0d178b1d1e	9063	break;
wolfSSL	16:8e0d178b1d1e	9064
wolfSSL	15:117db924cf7c	9065	case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9066	case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	9067	case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9068	case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9069	case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL	15:117db924cf7c	9070	case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL	15:117db924cf7c	9071	case TLS_PSK_WITH_NULL_SHA :
wolfSSL	15:117db924cf7c	9072	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	9073	return 1;
wolfSSL	15:117db924cf7c	9074	break;
wolfSSL	15:117db924cf7c	9075
wolfSSL	15:117db924cf7c	9076	case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	9077	case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL	16:8e0d178b1d1e	9078	if (requirement == REQUIRES_DHE)
wolfSSL	16:8e0d178b1d1e	9079	return 1;
wolfSSL	16:8e0d178b1d1e	9080	if (requirement == REQUIRES_PSK)
wolfSSL	16:8e0d178b1d1e	9081	return 1;
wolfSSL	16:8e0d178b1d1e	9082	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9083	return 1;
wolfSSL	16:8e0d178b1d1e	9084	break;
wolfSSL	16:8e0d178b1d1e	9085
wolfSSL	15:117db924cf7c	9086	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9087	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL	15:117db924cf7c	9088	case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL	15:117db924cf7c	9089	case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL	15:117db924cf7c	9090	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9091	return 1;
wolfSSL	15:117db924cf7c	9092	if (requirement == REQUIRES_PSK)
wolfSSL	15:117db924cf7c	9093	return 1;
wolfSSL	15:117db924cf7c	9094	break;
wolfSSL	15:117db924cf7c	9095	#endif /* NO_PSK */
wolfSSL	15:117db924cf7c	9096
wolfSSL	15:117db924cf7c	9097	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	9098	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9099	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9100	return 1;
wolfSSL	15:117db924cf7c	9101	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9102	return 1;
wolfSSL	15:117db924cf7c	9103	break;
wolfSSL	15:117db924cf7c	9104
wolfSSL	15:117db924cf7c	9105	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9106	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9107	return 1;
wolfSSL	15:117db924cf7c	9108	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9109	return 1;
wolfSSL	15:117db924cf7c	9110	break;
wolfSSL	15:117db924cf7c	9111
wolfSSL	15:117db924cf7c	9112	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9113	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9114	return 1;
wolfSSL	15:117db924cf7c	9115	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9116	return 1;
wolfSSL	15:117db924cf7c	9117	break;
wolfSSL	15:117db924cf7c	9118
wolfSSL	15:117db924cf7c	9119	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9120	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9121	return 1;
wolfSSL	15:117db924cf7c	9122	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9123	return 1;
wolfSSL	15:117db924cf7c	9124	break;
wolfSSL	15:117db924cf7c	9125
wolfSSL	15:117db924cf7c	9126	#ifndef NO_HC128
wolfSSL	15:117db924cf7c	9127	case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL	15:117db924cf7c	9128	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9129	return 1;
wolfSSL	15:117db924cf7c	9130	break;
wolfSSL	15:117db924cf7c	9131
wolfSSL	15:117db924cf7c	9132	case TLS_RSA_WITH_HC_128_SHA :
wolfSSL	15:117db924cf7c	9133	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9134	return 1;
wolfSSL	15:117db924cf7c	9135	break;
wolfSSL	15:117db924cf7c	9136	#endif /* NO_HC128 */
wolfSSL	15:117db924cf7c	9137
wolfSSL	15:117db924cf7c	9138	#ifndef NO_RABBIT
wolfSSL	15:117db924cf7c	9139	case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL	15:117db924cf7c	9140	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9141	return 1;
wolfSSL	15:117db924cf7c	9142	break;
wolfSSL	15:117db924cf7c	9143	#endif /* !NO_RABBIT */
wolfSSL	15:117db924cf7c	9144
wolfSSL	15:117db924cf7c	9145	case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	9146	case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	9147	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9148	return 1;
wolfSSL	16:8e0d178b1d1e	9149	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9150	return 1;
wolfSSL	15:117db924cf7c	9151	break;
wolfSSL	15:117db924cf7c	9152
wolfSSL	15:117db924cf7c	9153	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	15:117db924cf7c	9154	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	15:117db924cf7c	9155	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9156	return 1;
wolfSSL	15:117db924cf7c	9157	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9158	return 1;
wolfSSL	16:8e0d178b1d1e	9159	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9160	return 1;
wolfSSL	15:117db924cf7c	9161	break;
wolfSSL	15:117db924cf7c	9162
wolfSSL	15:117db924cf7c	9163	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	9164	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9165	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9166	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9167	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9168	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9169	return 1;
wolfSSL	15:117db924cf7c	9170	break;
wolfSSL	15:117db924cf7c	9171
wolfSSL	15:117db924cf7c	9172	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9173	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	15:117db924cf7c	9174	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9175	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	15:117db924cf7c	9176	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9177	return 1;
wolfSSL	15:117db924cf7c	9178	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	9179	return 1;
wolfSSL	15:117db924cf7c	9180	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9181	return 1;
wolfSSL	15:117db924cf7c	9182	break;
wolfSSL	15:117db924cf7c	9183	#endif /* HAVE_CAMELLIA */
wolfSSL	15:117db924cf7c	9184
wolfSSL	15:117db924cf7c	9185	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	15:117db924cf7c	9186	if (requirement == REQUIRES_RSA)
wolfSSL	15:117db924cf7c	9187	return 1;
wolfSSL	15:117db924cf7c	9188	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	15:117db924cf7c	9189	return 1;
wolfSSL	15:117db924cf7c	9190	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9191	return 1;
wolfSSL	15:117db924cf7c	9192	break;
wolfSSL	15:117db924cf7c	9193	#endif
wolfSSL	15:117db924cf7c	9194	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	9195	case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL	15:117db924cf7c	9196	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9197	return 1;
wolfSSL	15:117db924cf7c	9198	break;
wolfSSL	15:117db924cf7c	9199	case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
wolfSSL	15:117db924cf7c	9200	if (requirement == REQUIRES_DHE)
wolfSSL	15:117db924cf7c	9201	return 1;
wolfSSL	16:8e0d178b1d1e	9202	if (requirement == REQUIRES_AEAD)
wolfSSL	16:8e0d178b1d1e	9203	return 1;
wolfSSL	15:117db924cf7c	9204	break;
wolfSSL	15:117db924cf7c	9205	#endif
wolfSSL	15:117db924cf7c	9206	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	9207	case WDM_WITH_NULL_SHA256 :
wolfSSL	15:117db924cf7c	9208	break;
wolfSSL	15:117db924cf7c	9209	#endif
wolfSSL	15:117db924cf7c	9210
wolfSSL	15:117db924cf7c	9211	default:
wolfSSL	15:117db924cf7c	9212	WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL	15:117db924cf7c	9213	return 0;
wolfSSL	15:117db924cf7c	9214	} /* switch */
wolfSSL	15:117db924cf7c	9215	} /* if ECC / Normal suites else */
wolfSSL	15:117db924cf7c	9216
wolfSSL	15:117db924cf7c	9217	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	9218
wolfSSL	15:117db924cf7c	9219	return 0;
wolfSSL	15:117db924cf7c	9220	}
wolfSSL	15:117db924cf7c	9221
wolfSSL	15:117db924cf7c	9222	#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	9223
wolfSSL	15:117db924cf7c	9224
wolfSSL	15:117db924cf7c	9225	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	9226
wolfSSL	15:117db924cf7c	9227
wolfSSL	15:117db924cf7c	9228	/* Match names with wildcards, each wildcard can represent a single name
wolfSSL	16:8e0d178b1d1e	9229	component or fragment but not multiple names, i.e.,
wolfSSL	15:117db924cf7c	9230	*.z.com matches y.z.com but not x.y.z.com
wolfSSL	15:117db924cf7c	9231
wolfSSL	15:117db924cf7c	9232	return 1 on success */
wolfSSL	15:117db924cf7c	9233	int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL	15:117db924cf7c	9234	{
wolfSSL	15:117db924cf7c	9235	int ret = 0;
wolfSSL	15:117db924cf7c	9236	char p, s;
wolfSSL	15:117db924cf7c	9237
wolfSSL	15:117db924cf7c	9238	if (pattern == NULL \|\| str == NULL \|\| len <= 0)
wolfSSL	15:117db924cf7c	9239	return 0;
wolfSSL	15:117db924cf7c	9240
wolfSSL	15:117db924cf7c	9241	while (len > 0) {
wolfSSL	15:117db924cf7c	9242
wolfSSL	15:117db924cf7c	9243	p = (char)XTOLOWER((unsigned char)*pattern++);
wolfSSL	15:117db924cf7c	9244	if (p == '\0')
wolfSSL	15:117db924cf7c	9245	break;
wolfSSL	15:117db924cf7c	9246
wolfSSL	15:117db924cf7c	9247	if (p == '*') {
wolfSSL	15:117db924cf7c	9248	while (--len > 0 &&
wolfSSL	15:117db924cf7c	9249	(p = (char)XTOLOWER((unsigned char)pattern++)) == '') {
wolfSSL	15:117db924cf7c	9250	}
wolfSSL	15:117db924cf7c	9251
wolfSSL	15:117db924cf7c	9252	if (len == 0)
wolfSSL	15:117db924cf7c	9253	p = '\0';
wolfSSL	15:117db924cf7c	9254
wolfSSL	15:117db924cf7c	9255	while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
wolfSSL	15:117db924cf7c	9256	if (s == p)
wolfSSL	15:117db924cf7c	9257	break;
wolfSSL	15:117db924cf7c	9258	if (s == '.')
wolfSSL	15:117db924cf7c	9259	return 0;
wolfSSL	15:117db924cf7c	9260	str++;
wolfSSL	15:117db924cf7c	9261	}
wolfSSL	15:117db924cf7c	9262	}
wolfSSL	15:117db924cf7c	9263	else {
wolfSSL	15:117db924cf7c	9264	if (p != (char)XTOLOWER((unsigned char) *str))
wolfSSL	15:117db924cf7c	9265	return 0;
wolfSSL	15:117db924cf7c	9266	}
wolfSSL	15:117db924cf7c	9267
wolfSSL	15:117db924cf7c	9268
wolfSSL	15:117db924cf7c	9269	if (len > 0) {
wolfSSL	15:117db924cf7c	9270	str++;
wolfSSL	15:117db924cf7c	9271	len--;
wolfSSL	15:117db924cf7c	9272	}
wolfSSL	15:117db924cf7c	9273	}
wolfSSL	15:117db924cf7c	9274
wolfSSL	15:117db924cf7c	9275	if (*str == '\0' && len == 0) {
wolfSSL	15:117db924cf7c	9276	ret = 1; /* success */
wolfSSL	15:117db924cf7c	9277	}
wolfSSL	15:117db924cf7c	9278
wolfSSL	15:117db924cf7c	9279	return ret;
wolfSSL	15:117db924cf7c	9280	}
wolfSSL	15:117db924cf7c	9281
wolfSSL	15:117db924cf7c	9282
wolfSSL	15:117db924cf7c	9283	/* try to find an altName match to domain, return 1 on success */
wolfSSL	15:117db924cf7c	9284	int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL	15:117db924cf7c	9285	{
wolfSSL	15:117db924cf7c	9286	int match = 0;
wolfSSL	15:117db924cf7c	9287	DNS_entry* altName = NULL;
wolfSSL	15:117db924cf7c	9288
wolfSSL	15:117db924cf7c	9289	WOLFSSL_MSG("Checking AltNames");
wolfSSL	15:117db924cf7c	9290
wolfSSL	15:117db924cf7c	9291	if (dCert)
wolfSSL	15:117db924cf7c	9292	altName = dCert->altNames;
wolfSSL	15:117db924cf7c	9293
wolfSSL	15:117db924cf7c	9294	while (altName) {
wolfSSL	15:117db924cf7c	9295	WOLFSSL_MSG("\tindividual AltName check");
wolfSSL	15:117db924cf7c	9296
wolfSSL	15:117db924cf7c	9297	if (MatchDomainName(altName->name, altName->len, domain)){
wolfSSL	15:117db924cf7c	9298	match = 1;
wolfSSL	15:117db924cf7c	9299	break;
wolfSSL	15:117db924cf7c	9300	}
wolfSSL	15:117db924cf7c	9301
wolfSSL	15:117db924cf7c	9302	altName = altName->next;
wolfSSL	15:117db924cf7c	9303	}
wolfSSL	15:117db924cf7c	9304
wolfSSL	15:117db924cf7c	9305	return match;
wolfSSL	15:117db924cf7c	9306	}
wolfSSL	15:117db924cf7c	9307
wolfSSL	15:117db924cf7c	9308	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	9309	/* Check that alternative names, if they exists, match the domain.
wolfSSL	15:117db924cf7c	9310	* Fail if there are wild patterns and they didn't match.
wolfSSL	15:117db924cf7c	9311	* Check the common name if no alternative names matched.
wolfSSL	15:117db924cf7c	9312	*
wolfSSL	15:117db924cf7c	9313	* dCert Decoded cert to get the alternative names from.
wolfSSL	15:117db924cf7c	9314	* domain Domain name to compare against.
wolfSSL	15:117db924cf7c	9315	* checkCN Whether to check the common name.
wolfSSL	15:117db924cf7c	9316	* returns whether there was a problem in matching.
wolfSSL	15:117db924cf7c	9317	*/
wolfSSL	15:117db924cf7c	9318	static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
wolfSSL	15:117db924cf7c	9319	{
wolfSSL	15:117db924cf7c	9320	int match;
wolfSSL	15:117db924cf7c	9321	DNS_entry* altName = NULL;
wolfSSL	15:117db924cf7c	9322
wolfSSL	15:117db924cf7c	9323	WOLFSSL_MSG("Checking AltNames");
wolfSSL	15:117db924cf7c	9324
wolfSSL	15:117db924cf7c	9325	if (dCert)
wolfSSL	15:117db924cf7c	9326	altName = dCert->altNames;
wolfSSL	15:117db924cf7c	9327
wolfSSL	15:117db924cf7c	9328	*checkCN = altName == NULL;
wolfSSL	15:117db924cf7c	9329	match = 0;
wolfSSL	15:117db924cf7c	9330	while (altName) {
wolfSSL	15:117db924cf7c	9331	WOLFSSL_MSG("\tindividual AltName check");
wolfSSL	15:117db924cf7c	9332
wolfSSL	15:117db924cf7c	9333	if (MatchDomainName(altName->name, altName->len, domain)) {
wolfSSL	15:117db924cf7c	9334	match = 1;
wolfSSL	15:117db924cf7c	9335	*checkCN = 0;
wolfSSL	15:117db924cf7c	9336	break;
wolfSSL	15:117db924cf7c	9337	}
wolfSSL	15:117db924cf7c	9338	/* No matches and wild pattern match failed. */
wolfSSL	16:8e0d178b1d1e	9339	else if (altName->name && altName->len >=1 &&
wolfSSL	16:8e0d178b1d1e	9340	altName->name[0] == '*' && match == 0) {
wolfSSL	15:117db924cf7c	9341	match = -1;
wolfSSL	16:8e0d178b1d1e	9342	}
wolfSSL	15:117db924cf7c	9343
wolfSSL	15:117db924cf7c	9344	altName = altName->next;
wolfSSL	15:117db924cf7c	9345	}
wolfSSL	15:117db924cf7c	9346
wolfSSL	15:117db924cf7c	9347	return match != -1;
wolfSSL	15:117db924cf7c	9348	}
wolfSSL	15:117db924cf7c	9349
wolfSSL	15:117db924cf7c	9350	/* Check the domain name matches the subject alternative name or the subject
wolfSSL	15:117db924cf7c	9351	* name.
wolfSSL	15:117db924cf7c	9352	*
wolfSSL	15:117db924cf7c	9353	* dcert Decoded certificate.
wolfSSL	15:117db924cf7c	9354	* domainName The domain name.
wolfSSL	15:117db924cf7c	9355	* domainNameLen The length of the domain name.
wolfSSL	15:117db924cf7c	9356	* returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
wolfSSL	15:117db924cf7c	9357	*/
wolfSSL	15:117db924cf7c	9358	int CheckHostName(DecodedCert* dCert, char *domainName, size_t domainNameLen)
wolfSSL	15:117db924cf7c	9359	{
wolfSSL	15:117db924cf7c	9360	int checkCN;
wolfSSL	15:117db924cf7c	9361
wolfSSL	15:117db924cf7c	9362	/* Assume name is NUL terminated. */
wolfSSL	15:117db924cf7c	9363	(void)domainNameLen;
wolfSSL	15:117db924cf7c	9364
wolfSSL	15:117db924cf7c	9365	if (CheckForAltNames(dCert, domainName, &checkCN) == 0) {
wolfSSL	15:117db924cf7c	9366	WOLFSSL_MSG("DomainName match on alt names failed too");
wolfSSL	15:117db924cf7c	9367	return DOMAIN_NAME_MISMATCH;
wolfSSL	15:117db924cf7c	9368	}
wolfSSL	15:117db924cf7c	9369	if (checkCN == 1) {
wolfSSL	15:117db924cf7c	9370	if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
wolfSSL	15:117db924cf7c	9371	domainName) == 0) {
wolfSSL	15:117db924cf7c	9372	WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL	15:117db924cf7c	9373	return DOMAIN_NAME_MISMATCH;
wolfSSL	15:117db924cf7c	9374	}
wolfSSL	15:117db924cf7c	9375	}
wolfSSL	15:117db924cf7c	9376
wolfSSL	15:117db924cf7c	9377	return 0;
wolfSSL	15:117db924cf7c	9378	}
wolfSSL	16:8e0d178b1d1e	9379
wolfSSL	16:8e0d178b1d1e	9380	int CheckIPAddr(DecodedCert* dCert, char* ipasc)
wolfSSL	16:8e0d178b1d1e	9381	{
wolfSSL	16:8e0d178b1d1e	9382	WOLFSSL_MSG("Checking IPAddr");
wolfSSL	16:8e0d178b1d1e	9383
wolfSSL	16:8e0d178b1d1e	9384	return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc));
wolfSSL	16:8e0d178b1d1e	9385	}
wolfSSL	15:117db924cf7c	9386	#endif
wolfSSL	15:117db924cf7c	9387
wolfSSL	15:117db924cf7c	9388	#ifdef SESSION_CERTS
wolfSSL	15:117db924cf7c	9389	static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
wolfSSL	15:117db924cf7c	9390	byte* certBuf, word32 certSz)
wolfSSL	15:117db924cf7c	9391	{
wolfSSL	15:117db924cf7c	9392	if (chain->count < MAX_CHAIN_DEPTH &&
wolfSSL	15:117db924cf7c	9393	certSz < MAX_X509_SIZE) {
wolfSSL	15:117db924cf7c	9394	chain->certs[chain->count].length = certSz;
wolfSSL	15:117db924cf7c	9395	XMEMCPY(chain->certs[chain->count].buffer, certBuf, certSz);
wolfSSL	15:117db924cf7c	9396	chain->count++;
wolfSSL	15:117db924cf7c	9397	}
wolfSSL	15:117db924cf7c	9398	else {
wolfSSL	15:117db924cf7c	9399	WOLFSSL_MSG("Couldn't store chain cert for session");
wolfSSL	15:117db924cf7c	9400	}
wolfSSL	15:117db924cf7c	9401	}
wolfSSL	15:117db924cf7c	9402	#endif
wolfSSL	15:117db924cf7c	9403
wolfSSL	15:117db924cf7c	9404	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS) \|\| \
wolfSSL	15:117db924cf7c	9405	defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	9406	/* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL	16:8e0d178b1d1e	9407	/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
wolfSSL	16:8e0d178b1d1e	9408	* altNames pointers could be free'd by second x509 still active by first */
wolfSSL	15:117db924cf7c	9409	int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
wolfSSL	15:117db924cf7c	9410	{
wolfSSL	15:117db924cf7c	9411	int ret = 0;
wolfSSL	15:117db924cf7c	9412
wolfSSL	15:117db924cf7c	9413	if (x509 == NULL \|\| dCert == NULL \|\|
wolfSSL	15:117db924cf7c	9414	dCert->subjectCNLen < 0)
wolfSSL	15:117db924cf7c	9415	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	9416
wolfSSL	15:117db924cf7c	9417	x509->version = dCert->version + 1;
wolfSSL	15:117db924cf7c	9418
wolfSSL	15:117db924cf7c	9419	XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL	15:117db924cf7c	9420	x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	15:117db924cf7c	9421	x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL	15:117db924cf7c	9422	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	9423	if (dCert->issuerName.fullName != NULL) {
wolfSSL	15:117db924cf7c	9424	XMEMCPY(&x509->issuer.fullName,
wolfSSL	15:117db924cf7c	9425	&dCert->issuerName, sizeof(DecodedName));
wolfSSL	15:117db924cf7c	9426	x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL	15:117db924cf7c	9427	dCert->issuerName.fullNameLen, x509->heap,
wolfSSL	15:117db924cf7c	9428	DYNAMIC_TYPE_X509);
wolfSSL	15:117db924cf7c	9429	if (x509->issuer.fullName.fullName != NULL)
wolfSSL	15:117db924cf7c	9430	XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL	15:117db924cf7c	9431	dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL	15:117db924cf7c	9432	}
wolfSSL	15:117db924cf7c	9433	x509->issuer.x509 = x509;
wolfSSL	15:117db924cf7c	9434	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	15:117db924cf7c	9435
wolfSSL	15:117db924cf7c	9436	XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL	15:117db924cf7c	9437	x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	15:117db924cf7c	9438	x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL	15:117db924cf7c	9439	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	9440	if (dCert->subjectName.fullName != NULL) {
wolfSSL	15:117db924cf7c	9441	XMEMCPY(&x509->subject.fullName,
wolfSSL	15:117db924cf7c	9442	&dCert->subjectName, sizeof(DecodedName));
wolfSSL	15:117db924cf7c	9443	x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL	15:117db924cf7c	9444	dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL	15:117db924cf7c	9445	if (x509->subject.fullName.fullName != NULL)
wolfSSL	15:117db924cf7c	9446	XMEMCPY(x509->subject.fullName.fullName,
wolfSSL	15:117db924cf7c	9447	dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL	15:117db924cf7c	9448	}
wolfSSL	15:117db924cf7c	9449	x509->subject.x509 = x509;
wolfSSL	15:117db924cf7c	9450	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	15:117db924cf7c	9451	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX)
wolfSSL	16:8e0d178b1d1e	9452	x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
wolfSSL	16:8e0d178b1d1e	9453	XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
wolfSSL	16:8e0d178b1d1e	9454	#ifdef WOLFSSL_CERT_EXT
wolfSSL	16:8e0d178b1d1e	9455	x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
wolfSSL	16:8e0d178b1d1e	9456	XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
wolfSSL	16:8e0d178b1d1e	9457	#endif
wolfSSL	15:117db924cf7c	9458	#endif
wolfSSL	15:117db924cf7c	9459
wolfSSL	15:117db924cf7c	9460	XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL	15:117db924cf7c	9461	x509->serialSz = dCert->serialSz;
wolfSSL	15:117db924cf7c	9462	if (dCert->subjectCN && dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL	15:117db924cf7c	9463	XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL	15:117db924cf7c	9464	x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL	15:117db924cf7c	9465	}
wolfSSL	15:117db924cf7c	9466	else
wolfSSL	15:117db924cf7c	9467	x509->subjectCN[0] = '\0';
wolfSSL	15:117db924cf7c	9468
wolfSSL	15:117db924cf7c	9469	#ifdef WOLFSSL_SEP
wolfSSL	15:117db924cf7c	9470	{
wolfSSL	15:117db924cf7c	9471	int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	15:117db924cf7c	9472	if (minSz > 0) {
wolfSSL	15:117db924cf7c	9473	x509->deviceTypeSz = minSz;
wolfSSL	15:117db924cf7c	9474	XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL	15:117db924cf7c	9475	}
wolfSSL	15:117db924cf7c	9476	else
wolfSSL	15:117db924cf7c	9477	x509->deviceTypeSz = 0;
wolfSSL	15:117db924cf7c	9478	minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	15:117db924cf7c	9479	if (minSz > 0) {
wolfSSL	15:117db924cf7c	9480	x509->hwTypeSz = minSz;
wolfSSL	15:117db924cf7c	9481	XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL	15:117db924cf7c	9482	}
wolfSSL	15:117db924cf7c	9483	else
wolfSSL	15:117db924cf7c	9484	x509->hwTypeSz = 0;
wolfSSL	15:117db924cf7c	9485	minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	15:117db924cf7c	9486	if (minSz > 0) {
wolfSSL	15:117db924cf7c	9487	x509->hwSerialNumSz = minSz;
wolfSSL	15:117db924cf7c	9488	XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL	15:117db924cf7c	9489	}
wolfSSL	15:117db924cf7c	9490	else
wolfSSL	15:117db924cf7c	9491	x509->hwSerialNumSz = 0;
wolfSSL	15:117db924cf7c	9492	}
wolfSSL	15:117db924cf7c	9493	#endif /* WOLFSSL_SEP */
wolfSSL	15:117db924cf7c	9494	{
wolfSSL	16:8e0d178b1d1e	9495	int minSz;
wolfSSL	16:8e0d178b1d1e	9496	if (dCert->beforeDateLen > 0) {
wolfSSL	16:8e0d178b1d1e	9497	minSz = min(dCert->beforeDate[1], MAX_DATE_SZ);
wolfSSL	16:8e0d178b1d1e	9498	x509->notBefore.type = dCert->beforeDate[0];
wolfSSL	16:8e0d178b1d1e	9499	x509->notBefore.length = minSz;
wolfSSL	16:8e0d178b1d1e	9500	XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
wolfSSL	16:8e0d178b1d1e	9501	}
wolfSSL	16:8e0d178b1d1e	9502	else
wolfSSL	16:8e0d178b1d1e	9503	x509->notBefore.length = 0;
wolfSSL	16:8e0d178b1d1e	9504	if (dCert->afterDateLen > 0) {
wolfSSL	16:8e0d178b1d1e	9505	minSz = min(dCert->afterDate[1], MAX_DATE_SZ);
wolfSSL	16:8e0d178b1d1e	9506	x509->notAfter.type = dCert->afterDate[0];
wolfSSL	16:8e0d178b1d1e	9507	x509->notAfter.length = minSz;
wolfSSL	16:8e0d178b1d1e	9508	XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
wolfSSL	16:8e0d178b1d1e	9509	}
wolfSSL	16:8e0d178b1d1e	9510	else
wolfSSL	16:8e0d178b1d1e	9511	x509->notAfter.length = 0;
wolfSSL	15:117db924cf7c	9512	}
wolfSSL	15:117db924cf7c	9513
wolfSSL	15:117db924cf7c	9514	if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL	15:117db924cf7c	9515	x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	9516	dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	9517	if (x509->pubKey.buffer != NULL) {
wolfSSL	15:117db924cf7c	9518	x509->pubKeyOID = dCert->keyOID;
wolfSSL	15:117db924cf7c	9519	x509->pubKey.length = dCert->pubKeySize;
wolfSSL	15:117db924cf7c	9520	XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL	15:117db924cf7c	9521	}
wolfSSL	15:117db924cf7c	9522	else
wolfSSL	15:117db924cf7c	9523	ret = MEMORY_E;
wolfSSL	16:8e0d178b1d1e	9524	#if defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	9525	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	9526	x509->key.pubKeyOID = dCert->keyOID;
wolfSSL	16:8e0d178b1d1e	9527
wolfSSL	16:8e0d178b1d1e	9528	if (!x509->key.algor) {
wolfSSL	16:8e0d178b1d1e	9529	x509->key.algor = wolfSSL_X509_ALGOR_new();
wolfSSL	16:8e0d178b1d1e	9530	} else {
wolfSSL	16:8e0d178b1d1e	9531	wolfSSL_ASN1_OBJECT_free(x509->key.algor->algorithm);
wolfSSL	16:8e0d178b1d1e	9532	}
wolfSSL	16:8e0d178b1d1e	9533	if (!(x509->key.algor->algorithm =
wolfSSL	16:8e0d178b1d1e	9534	wolfSSL_OBJ_nid2obj(dCert->keyOID))) {
wolfSSL	16:8e0d178b1d1e	9535	ret = PUBLIC_KEY_E;
wolfSSL	16:8e0d178b1d1e	9536	}
wolfSSL	16:8e0d178b1d1e	9537
wolfSSL	16:8e0d178b1d1e	9538	wolfSSL_EVP_PKEY_free(x509->key.pkey);
wolfSSL	16:8e0d178b1d1e	9539	if (!(x509->key.pkey = wolfSSL_d2i_PUBKEY(NULL,
wolfSSL	16:8e0d178b1d1e	9540	&dCert->publicKey,
wolfSSL	16:8e0d178b1d1e	9541	dCert->pubKeySize))) {
wolfSSL	16:8e0d178b1d1e	9542	ret = PUBLIC_KEY_E;
wolfSSL	16:8e0d178b1d1e	9543	}
wolfSSL	16:8e0d178b1d1e	9544	}
wolfSSL	16:8e0d178b1d1e	9545	#endif
wolfSSL	15:117db924cf7c	9546	}
wolfSSL	15:117db924cf7c	9547
wolfSSL	15:117db924cf7c	9548	if (dCert->signature != NULL && dCert->sigLength != 0 &&
wolfSSL	15:117db924cf7c	9549	dCert->sigLength <= MAX_ENCODED_SIG_SZ) {
wolfSSL	15:117db924cf7c	9550	x509->sig.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	9551	dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	9552	if (x509->sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	9553	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9554	}
wolfSSL	15:117db924cf7c	9555	else {
wolfSSL	15:117db924cf7c	9556	XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL	15:117db924cf7c	9557	x509->sig.length = dCert->sigLength;
wolfSSL	15:117db924cf7c	9558	x509->sigOID = dCert->signatureOID;
wolfSSL	15:117db924cf7c	9559	}
wolfSSL	16:8e0d178b1d1e	9560	#if defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	9561	wolfSSL_ASN1_OBJECT_free(x509->algor.algorithm);
wolfSSL	16:8e0d178b1d1e	9562	if (!(x509->algor.algorithm =
wolfSSL	16:8e0d178b1d1e	9563	wolfSSL_OBJ_nid2obj(dCert->signatureOID))) {
wolfSSL	16:8e0d178b1d1e	9564	ret = PUBLIC_KEY_E;
wolfSSL	16:8e0d178b1d1e	9565	}
wolfSSL	16:8e0d178b1d1e	9566	#endif
wolfSSL	15:117db924cf7c	9567	}
wolfSSL	15:117db924cf7c	9568
wolfSSL	15:117db924cf7c	9569	/* store cert for potential retrieval */
wolfSSL	15:117db924cf7c	9570	if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
wolfSSL	15:117db924cf7c	9571	XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
wolfSSL	15:117db924cf7c	9572	}
wolfSSL	15:117db924cf7c	9573	else {
wolfSSL	15:117db924cf7c	9574	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9575	}
wolfSSL	15:117db924cf7c	9576
wolfSSL	15:117db924cf7c	9577	x509->altNames = dCert->altNames;
wolfSSL	15:117db924cf7c	9578	dCert->weOwnAltNames = 0;
wolfSSL	15:117db924cf7c	9579	x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL	15:117db924cf7c	9580
wolfSSL	15:117db924cf7c	9581	#if (defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL	15:117db924cf7c	9582	!defined(IGNORE_NAME_CONSTRAINTS)
wolfSSL	15:117db924cf7c	9583	/* add copies of alternate emails from dCert to X509 */
wolfSSL	15:117db924cf7c	9584	if (dCert->altEmailNames != NULL) {
wolfSSL	15:117db924cf7c	9585	DNS_entry* cur = dCert->altEmailNames;
wolfSSL	15:117db924cf7c	9586
wolfSSL	15:117db924cf7c	9587	while (cur != NULL) {
wolfSSL	15:117db924cf7c	9588	if (cur->type == ASN_RFC822_TYPE) {
wolfSSL	15:117db924cf7c	9589	DNS_entry* dnsEntry;
wolfSSL	15:117db924cf7c	9590	int strLen = cur->len;
wolfSSL	15:117db924cf7c	9591
wolfSSL	15:117db924cf7c	9592	dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap,
wolfSSL	15:117db924cf7c	9593	DYNAMIC_TYPE_ALTNAME);
wolfSSL	15:117db924cf7c	9594	if (dnsEntry == NULL) {
wolfSSL	15:117db924cf7c	9595	WOLFSSL_MSG("\tOut of Memory");
wolfSSL	15:117db924cf7c	9596	return MEMORY_E;
wolfSSL	15:117db924cf7c	9597	}
wolfSSL	15:117db924cf7c	9598
wolfSSL	15:117db924cf7c	9599	dnsEntry->type = ASN_RFC822_TYPE;
wolfSSL	15:117db924cf7c	9600	dnsEntry->name = (char*)XMALLOC(strLen + 1, x509->heap,
wolfSSL	15:117db924cf7c	9601	DYNAMIC_TYPE_ALTNAME);
wolfSSL	15:117db924cf7c	9602	if (dnsEntry->name == NULL) {
wolfSSL	15:117db924cf7c	9603	WOLFSSL_MSG("\tOut of Memory");
wolfSSL	15:117db924cf7c	9604	XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME);
wolfSSL	15:117db924cf7c	9605	return MEMORY_E;
wolfSSL	15:117db924cf7c	9606	}
wolfSSL	15:117db924cf7c	9607	dnsEntry->len = strLen;
wolfSSL	15:117db924cf7c	9608	XMEMCPY(dnsEntry->name, cur->name, strLen);
wolfSSL	15:117db924cf7c	9609	dnsEntry->name[strLen] = '\0';
wolfSSL	15:117db924cf7c	9610
wolfSSL	15:117db924cf7c	9611	dnsEntry->next = x509->altNames;
wolfSSL	15:117db924cf7c	9612	x509->altNames = dnsEntry;
wolfSSL	15:117db924cf7c	9613	}
wolfSSL	15:117db924cf7c	9614	cur = cur->next;
wolfSSL	15:117db924cf7c	9615	}
wolfSSL	15:117db924cf7c	9616	}
wolfSSL	15:117db924cf7c	9617	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	15:117db924cf7c	9618
wolfSSL	15:117db924cf7c	9619	x509->isCa = dCert->isCA;
wolfSSL	15:117db924cf7c	9620	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	9621	x509->pathLength = dCert->pathLength;
wolfSSL	15:117db924cf7c	9622	x509->keyUsage = dCert->extKeyUsage;
wolfSSL	15:117db924cf7c	9623
wolfSSL	15:117db924cf7c	9624	x509->CRLdistSet = dCert->extCRLdistSet;
wolfSSL	15:117db924cf7c	9625	x509->CRLdistCrit = dCert->extCRLdistCrit;
wolfSSL	15:117db924cf7c	9626	x509->CRLInfo = dCert->extCrlInfo;
wolfSSL	15:117db924cf7c	9627	x509->CRLInfoSz = dCert->extCrlInfoSz;
wolfSSL	15:117db924cf7c	9628	x509->authInfoSet = dCert->extAuthInfoSet;
wolfSSL	15:117db924cf7c	9629	x509->authInfoCrit = dCert->extAuthInfoCrit;
wolfSSL	15:117db924cf7c	9630	if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
wolfSSL	15:117db924cf7c	9631	x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
wolfSSL	15:117db924cf7c	9632	DYNAMIC_TYPE_X509_EXT);
wolfSSL	15:117db924cf7c	9633	if (x509->authInfo != NULL) {
wolfSSL	15:117db924cf7c	9634	XMEMCPY(x509->authInfo, dCert->extAuthInfo, dCert->extAuthInfoSz);
wolfSSL	15:117db924cf7c	9635	x509->authInfoSz = dCert->extAuthInfoSz;
wolfSSL	15:117db924cf7c	9636	}
wolfSSL	15:117db924cf7c	9637	else {
wolfSSL	15:117db924cf7c	9638	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9639	}
wolfSSL	15:117db924cf7c	9640	}
wolfSSL	16:8e0d178b1d1e	9641	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	9642	if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) {
wolfSSL	16:8e0d178b1d1e	9643	x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap,
wolfSSL	16:8e0d178b1d1e	9644	DYNAMIC_TYPE_X509_EXT);
wolfSSL	16:8e0d178b1d1e	9645	if (x509->authInfoCaIssuer != NULL) {
wolfSSL	16:8e0d178b1d1e	9646	XMEMCPY(x509->authInfoCaIssuer, dCert->extAuthInfoCaIssuer, dCert->extAuthInfoCaIssuerSz);
wolfSSL	16:8e0d178b1d1e	9647	x509->authInfoCaIssuerSz = dCert->extAuthInfoCaIssuerSz;
wolfSSL	16:8e0d178b1d1e	9648	}
wolfSSL	16:8e0d178b1d1e	9649	else {
wolfSSL	16:8e0d178b1d1e	9650	ret = MEMORY_E;
wolfSSL	16:8e0d178b1d1e	9651	}
wolfSSL	16:8e0d178b1d1e	9652	}
wolfSSL	16:8e0d178b1d1e	9653	#endif
wolfSSL	15:117db924cf7c	9654	x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL	15:117db924cf7c	9655	x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL	15:117db924cf7c	9656	x509->basicConstPlSet = dCert->pathLengthSet;
wolfSSL	15:117db924cf7c	9657	x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL	15:117db924cf7c	9658	x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL	15:117db924cf7c	9659	x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL	15:117db924cf7c	9660	x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL	15:117db924cf7c	9661	if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL	15:117db924cf7c	9662	x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
wolfSSL	15:117db924cf7c	9663	DYNAMIC_TYPE_X509_EXT);
wolfSSL	15:117db924cf7c	9664	if (x509->authKeyId != NULL) {
wolfSSL	15:117db924cf7c	9665	XMEMCPY(x509->authKeyId,
wolfSSL	15:117db924cf7c	9666	dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL	15:117db924cf7c	9667	x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL	15:117db924cf7c	9668	}
wolfSSL	15:117db924cf7c	9669	else
wolfSSL	15:117db924cf7c	9670	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9671	}
wolfSSL	15:117db924cf7c	9672	x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL	15:117db924cf7c	9673	x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL	15:117db924cf7c	9674	if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL	15:117db924cf7c	9675	x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap,
wolfSSL	15:117db924cf7c	9676	DYNAMIC_TYPE_X509_EXT);
wolfSSL	15:117db924cf7c	9677	if (x509->subjKeyId != NULL) {
wolfSSL	15:117db924cf7c	9678	XMEMCPY(x509->subjKeyId,
wolfSSL	15:117db924cf7c	9679	dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL	15:117db924cf7c	9680	x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL	15:117db924cf7c	9681	}
wolfSSL	15:117db924cf7c	9682	else
wolfSSL	15:117db924cf7c	9683	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9684	}
wolfSSL	15:117db924cf7c	9685	x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL	15:117db924cf7c	9686	x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL	15:117db924cf7c	9687	if (dCert->extExtKeyUsageSrc != NULL && dCert->extExtKeyUsageSz > 0) {
wolfSSL	15:117db924cf7c	9688	x509->extKeyUsageSrc = (byte*)XMALLOC(dCert->extExtKeyUsageSz,
wolfSSL	15:117db924cf7c	9689	x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL	15:117db924cf7c	9690	if (x509->extKeyUsageSrc != NULL) {
wolfSSL	15:117db924cf7c	9691	XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
wolfSSL	15:117db924cf7c	9692	dCert->extExtKeyUsageSz);
wolfSSL	15:117db924cf7c	9693	x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
wolfSSL	15:117db924cf7c	9694	x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
wolfSSL	15:117db924cf7c	9695	x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
wolfSSL	15:117db924cf7c	9696	}
wolfSSL	15:117db924cf7c	9697	else {
wolfSSL	15:117db924cf7c	9698	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	9699	}
wolfSSL	15:117db924cf7c	9700	}
wolfSSL	16:8e0d178b1d1e	9701	#if defined(WOLFSSL_SEP) \|\| defined(WOLFSSL_QT)
wolfSSL	15:117db924cf7c	9702	x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL	15:117db924cf7c	9703	x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL	16:8e0d178b1d1e	9704	#endif /* WOLFSSL_SEP \|\| WOLFSSL_QT */
wolfSSL	15:117db924cf7c	9705	#ifdef WOLFSSL_CERT_EXT
wolfSSL	15:117db924cf7c	9706	{
wolfSSL	15:117db924cf7c	9707	int i;
wolfSSL	15:117db924cf7c	9708	for (i = 0; i < dCert->extCertPoliciesNb && i < MAX_CERTPOL_NB; i++)
wolfSSL	15:117db924cf7c	9709	XMEMCPY(x509->certPolicies[i], dCert->extCertPolicies[i],
wolfSSL	15:117db924cf7c	9710	MAX_CERTPOL_SZ);
wolfSSL	15:117db924cf7c	9711	x509->certPoliciesNb = dCert->extCertPoliciesNb;
wolfSSL	15:117db924cf7c	9712	}
wolfSSL	15:117db924cf7c	9713	#endif /* WOLFSSL_CERT_EXT */
wolfSSL	15:117db924cf7c	9714	#endif /* OPENSSL_EXTRA \|\| OPENSSL_EXTRA_X509_SMALL */
wolfSSL	16:8e0d178b1d1e	9715	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	9716	x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL	16:8e0d178b1d1e	9717	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	9718
wolfSSL	15:117db924cf7c	9719	return ret;
wolfSSL	15:117db924cf7c	9720	}
wolfSSL	15:117db924cf7c	9721
wolfSSL	15:117db924cf7c	9722	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
wolfSSL	15:117db924cf7c	9723
wolfSSL	15:117db924cf7c	9724	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \|\| \
wolfSSL	15:117db924cf7c	9725	(defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
wolfSSL	15:117db924cf7c	9726	static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	9727	word32 status_length)
wolfSSL	15:117db924cf7c	9728	{
wolfSSL	15:117db924cf7c	9729	int ret = 0;
wolfSSL	15:117db924cf7c	9730	OcspRequest* request;
wolfSSL	15:117db924cf7c	9731
wolfSSL	15:117db924cf7c	9732	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	9733	CertStatus* status;
wolfSSL	15:117db924cf7c	9734	OcspResponse* response;
wolfSSL	15:117db924cf7c	9735	#else
wolfSSL	15:117db924cf7c	9736	CertStatus status[1];
wolfSSL	15:117db924cf7c	9737	OcspResponse response[1];
wolfSSL	15:117db924cf7c	9738	#endif
wolfSSL	15:117db924cf7c	9739
wolfSSL	15:117db924cf7c	9740	do {
wolfSSL	15:117db924cf7c	9741	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	9742	if (ssl->status_request) {
wolfSSL	15:117db924cf7c	9743	request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions);
wolfSSL	15:117db924cf7c	9744	ssl->status_request = 0;
wolfSSL	15:117db924cf7c	9745	break;
wolfSSL	15:117db924cf7c	9746	}
wolfSSL	15:117db924cf7c	9747	#endif
wolfSSL	15:117db924cf7c	9748
wolfSSL	15:117db924cf7c	9749	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	9750	if (ssl->status_request_v2) {
wolfSSL	15:117db924cf7c	9751	request = (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions,
wolfSSL	15:117db924cf7c	9752	WOLFSSL_CSR2_OCSP, 0);
wolfSSL	15:117db924cf7c	9753	ssl->status_request_v2 = 0;
wolfSSL	15:117db924cf7c	9754	break;
wolfSSL	15:117db924cf7c	9755	}
wolfSSL	15:117db924cf7c	9756	#endif
wolfSSL	15:117db924cf7c	9757
wolfSSL	15:117db924cf7c	9758	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	9759	} while(0);
wolfSSL	15:117db924cf7c	9760
wolfSSL	15:117db924cf7c	9761	if (request == NULL)
wolfSSL	15:117db924cf7c	9762	return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */
wolfSSL	15:117db924cf7c	9763
wolfSSL	15:117db924cf7c	9764	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	9765	status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL	15:117db924cf7c	9766	DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	9767	response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL	15:117db924cf7c	9768	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	9769
wolfSSL	15:117db924cf7c	9770	if (status == NULL \|\| response == NULL) {
wolfSSL	15:117db924cf7c	9771	if (status)
wolfSSL	15:117db924cf7c	9772	XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	9773	if (response)
wolfSSL	15:117db924cf7c	9774	XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	9775
wolfSSL	15:117db924cf7c	9776	return MEMORY_ERROR;
wolfSSL	15:117db924cf7c	9777	}
wolfSSL	15:117db924cf7c	9778	#endif
wolfSSL	15:117db924cf7c	9779
wolfSSL	15:117db924cf7c	9780	InitOcspResponse(response, status, input +*inOutIdx, status_length);
wolfSSL	15:117db924cf7c	9781
wolfSSL	15:117db924cf7c	9782	if (OcspResponseDecode(response, ssl->ctx->cm, ssl->heap, 0) != 0)
wolfSSL	15:117db924cf7c	9783	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	9784	else if (CompareOcspReqResp(request, response) != 0)
wolfSSL	15:117db924cf7c	9785	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	9786	else if (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL	15:117db924cf7c	9787	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	9788	else if (response->status->status == CERT_REVOKED)
wolfSSL	15:117db924cf7c	9789	ret = OCSP_CERT_REVOKED;
wolfSSL	15:117db924cf7c	9790	else if (response->status->status != CERT_GOOD)
wolfSSL	15:117db924cf7c	9791	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	9792
wolfSSL	15:117db924cf7c	9793	*inOutIdx += status_length;
wolfSSL	15:117db924cf7c	9794
wolfSSL	15:117db924cf7c	9795	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	9796	XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	9797	XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	9798	#endif
wolfSSL	15:117db924cf7c	9799
wolfSSL	15:117db924cf7c	9800	return ret;
wolfSSL	15:117db924cf7c	9801	}
wolfSSL	15:117db924cf7c	9802	#endif
wolfSSL	15:117db924cf7c	9803
wolfSSL	15:117db924cf7c	9804
wolfSSL	15:117db924cf7c	9805
wolfSSL	15:117db924cf7c	9806	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	9807
wolfSSL	15:117db924cf7c	9808	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	9809	static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz,
wolfSSL	15:117db924cf7c	9810	const unsigned char* hash, unsigned int hashSz,
wolfSSL	15:117db924cf7c	9811	const unsigned char* keyDer, unsigned int keySz,
wolfSSL	15:117db924cf7c	9812	int* result, void* ctx)
wolfSSL	15:117db924cf7c	9813	{
wolfSSL	15:117db924cf7c	9814	int ret = NOT_COMPILED_IN;
wolfSSL	15:117db924cf7c	9815	WOLFSSL* ssl = (WOLFSSL*)ctx;
wolfSSL	15:117db924cf7c	9816
wolfSSL	15:117db924cf7c	9817	if (ssl && ssl->ctx->EccVerifyCb) {
wolfSSL	15:117db924cf7c	9818	ret = ssl->ctx->EccVerifyCb(ssl, sig, sigSz, hash, hashSz,
wolfSSL	15:117db924cf7c	9819	keyDer, keySz, result, ssl->EccVerifyCtx);
wolfSSL	15:117db924cf7c	9820	}
wolfSSL	15:117db924cf7c	9821	return ret;
wolfSSL	15:117db924cf7c	9822	}
wolfSSL	15:117db924cf7c	9823	#endif
wolfSSL	15:117db924cf7c	9824	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	9825	static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz,
wolfSSL	15:117db924cf7c	9826	unsigned char** out, const unsigned char* keyDer, unsigned int keySz,
wolfSSL	15:117db924cf7c	9827	void* ctx)
wolfSSL	15:117db924cf7c	9828	{
wolfSSL	15:117db924cf7c	9829	int ret = NOT_COMPILED_IN;
wolfSSL	15:117db924cf7c	9830	WOLFSSL* ssl = (WOLFSSL*)ctx;
wolfSSL	15:117db924cf7c	9831
wolfSSL	15:117db924cf7c	9832	if (ssl && ssl->ctx->RsaVerifyCb) {
wolfSSL	15:117db924cf7c	9833	ret = ssl->ctx->RsaVerifyCb(ssl, sig, sigSz, out, keyDer, keySz,
wolfSSL	15:117db924cf7c	9834	ssl->RsaVerifyCtx);
wolfSSL	15:117db924cf7c	9835	}
wolfSSL	15:117db924cf7c	9836	return ret;
wolfSSL	15:117db924cf7c	9837	}
wolfSSL	15:117db924cf7c	9838	#endif
wolfSSL	15:117db924cf7c	9839
wolfSSL	15:117db924cf7c	9840	int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx)
wolfSSL	15:117db924cf7c	9841	{
wolfSSL	15:117db924cf7c	9842	if (ssl == NULL \|\| sigCtx == NULL)
wolfSSL	15:117db924cf7c	9843	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	9844
wolfSSL	15:117db924cf7c	9845	/* only setup the verify callback if a PK is set */
wolfSSL	15:117db924cf7c	9846	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	9847	if (ssl->ctx->EccVerifyCb) {
wolfSSL	15:117db924cf7c	9848	sigCtx->pkCbEcc = SigPkCbEccVerify;
wolfSSL	15:117db924cf7c	9849	sigCtx->pkCtxEcc = ssl;
wolfSSL	15:117db924cf7c	9850	}
wolfSSL	15:117db924cf7c	9851	#endif
wolfSSL	15:117db924cf7c	9852	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	9853	/* only setup the verify callback if a PK is set */
wolfSSL	15:117db924cf7c	9854	if (ssl->ctx->RsaVerifyCb) {
wolfSSL	15:117db924cf7c	9855	sigCtx->pkCbRsa = SigPkCbRsaVerify;
wolfSSL	15:117db924cf7c	9856	sigCtx->pkCtxRsa = ssl;
wolfSSL	15:117db924cf7c	9857	}
wolfSSL	15:117db924cf7c	9858	#endif
wolfSSL	15:117db924cf7c	9859
wolfSSL	15:117db924cf7c	9860	return 0;
wolfSSL	15:117db924cf7c	9861	}
wolfSSL	15:117db924cf7c	9862
wolfSSL	15:117db924cf7c	9863	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	9864
wolfSSL	15:117db924cf7c	9865
wolfSSL	16:8e0d178b1d1e	9866	#if !defined(NO_WOLFSSL_CLIENT) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	9867	static void DoCertFatalAlert(WOLFSSL* ssl, int ret)
wolfSSL	16:8e0d178b1d1e	9868	{
wolfSSL	16:8e0d178b1d1e	9869	int alertWhy;
wolfSSL	16:8e0d178b1d1e	9870	if (ssl == NULL \|\| ret == 0) {
wolfSSL	16:8e0d178b1d1e	9871	return;
wolfSSL	16:8e0d178b1d1e	9872	}
wolfSSL	16:8e0d178b1d1e	9873
wolfSSL	16:8e0d178b1d1e	9874	/* Determine alert reason */
wolfSSL	16:8e0d178b1d1e	9875	alertWhy = bad_certificate;
wolfSSL	16:8e0d178b1d1e	9876	if (ret == ASN_AFTER_DATE_E \|\| ret == ASN_BEFORE_DATE_E) {
wolfSSL	16:8e0d178b1d1e	9877	alertWhy = certificate_expired;
wolfSSL	16:8e0d178b1d1e	9878	}
wolfSSL	16:8e0d178b1d1e	9879	#if (defined(OPENSSL_ALL) \|\| defined(WOLFSSL_APACHE_HTTPD))
wolfSSL	16:8e0d178b1d1e	9880	else if (ret == CRL_CERT_REVOKED) {
wolfSSL	16:8e0d178b1d1e	9881	alertWhy = certificate_revoked;
wolfSSL	16:8e0d178b1d1e	9882	}
wolfSSL	16:8e0d178b1d1e	9883	#endif
wolfSSL	16:8e0d178b1d1e	9884	else if (ret == NO_PEER_CERT) {
wolfSSL	15:117db924cf7c	9885	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	9886	if (ssl->options.tls1_3) {
wolfSSL	16:8e0d178b1d1e	9887	alertWhy = certificate_required;
wolfSSL	16:8e0d178b1d1e	9888	}
wolfSSL	16:8e0d178b1d1e	9889	else
wolfSSL	16:8e0d178b1d1e	9890	#endif
wolfSSL	16:8e0d178b1d1e	9891	{
wolfSSL	16:8e0d178b1d1e	9892	alertWhy = handshake_failure;
wolfSSL	16:8e0d178b1d1e	9893	}
wolfSSL	16:8e0d178b1d1e	9894	}
wolfSSL	16:8e0d178b1d1e	9895
wolfSSL	16:8e0d178b1d1e	9896	/* send fatal alert and mark connection closed */
wolfSSL	16:8e0d178b1d1e	9897	SendAlert(ssl, alert_fatal, alertWhy); /* try to send */
wolfSSL	16:8e0d178b1d1e	9898	ssl->options.isClosed = 1;
wolfSSL	16:8e0d178b1d1e	9899	}
wolfSSL	16:8e0d178b1d1e	9900
wolfSSL	16:8e0d178b1d1e	9901	/* WOLFSSL_ALWAYS_VERIFY_CB: Use verify callback for success or failure cases */
wolfSSL	16:8e0d178b1d1e	9902	/* WOLFSSL_VERIFY_CB_ALL_CERTS: Issue callback for all intermediate certificates */
wolfSSL	16:8e0d178b1d1e	9903
wolfSSL	16:8e0d178b1d1e	9904	/* Callback is issued for certificate presented in TLS Certificate (11) packet.
wolfSSL	16:8e0d178b1d1e	9905	* The intermediates are done first then peer leaf cert last. Use the
wolfSSL	16:8e0d178b1d1e	9906	* store->error_depth member to determine index (0=peer, >1 intermediates)
wolfSSL	16:8e0d178b1d1e	9907	*/
wolfSSL	16:8e0d178b1d1e	9908
wolfSSL	16:8e0d178b1d1e	9909	int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
wolfSSL	16:8e0d178b1d1e	9910	ProcPeerCertArgs* args)
wolfSSL	16:8e0d178b1d1e	9911	{
wolfSSL	16:8e0d178b1d1e	9912	int verify_ok = 0, use_cb = 0;
wolfSSL	16:8e0d178b1d1e	9913	void *heap = (ssl != NULL) ? ssl->heap : cm->heap;
wolfSSL	16:8e0d178b1d1e	9914
wolfSSL	16:8e0d178b1d1e	9915	/* Determine if verify was okay */
wolfSSL	16:8e0d178b1d1e	9916	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	9917	verify_ok = 1;
wolfSSL	16:8e0d178b1d1e	9918	}
wolfSSL	16:8e0d178b1d1e	9919
wolfSSL	16:8e0d178b1d1e	9920	/* Determine if verify callback should be used */
wolfSSL	16:8e0d178b1d1e	9921	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	9922	if ((ssl != NULL) && (!ssl->options.verifyNone)) {
wolfSSL	16:8e0d178b1d1e	9923	use_cb = 1; /* always report errors */
wolfSSL	16:8e0d178b1d1e	9924	}
wolfSSL	16:8e0d178b1d1e	9925	}
wolfSSL	16:8e0d178b1d1e	9926	#ifdef WOLFSSL_ALWAYS_VERIFY_CB
wolfSSL	16:8e0d178b1d1e	9927	/* always use verify callback on peer leaf cert */
wolfSSL	16:8e0d178b1d1e	9928	if (args->certIdx == 0) {
wolfSSL	16:8e0d178b1d1e	9929	use_cb = 1;
wolfSSL	16:8e0d178b1d1e	9930	}
wolfSSL	16:8e0d178b1d1e	9931	#endif
wolfSSL	16:8e0d178b1d1e	9932	#ifdef WOLFSSL_VERIFY_CB_ALL_CERTS
wolfSSL	16:8e0d178b1d1e	9933	/* perform verify callback on other intermediate certs (not just peer) */
wolfSSL	16:8e0d178b1d1e	9934	if (args->certIdx > 0) {
wolfSSL	16:8e0d178b1d1e	9935	use_cb = 1;
wolfSSL	16:8e0d178b1d1e	9936	}
wolfSSL	16:8e0d178b1d1e	9937	#endif
wolfSSL	16:8e0d178b1d1e	9938	#if defined(OPENSSL_EXTRA)
wolfSSL	16:8e0d178b1d1e	9939	/* perform domain name check on the peer certificate */
wolfSSL	16:8e0d178b1d1e	9940	if (args->dCertInit && args->dCert && (ssl != NULL) &&
wolfSSL	16:8e0d178b1d1e	9941	ssl->param && ssl->param->hostName[0]) {
wolfSSL	16:8e0d178b1d1e	9942	/* If altNames names is present, then subject common name is ignored */
wolfSSL	16:8e0d178b1d1e	9943	if (args->dCert->altNames != NULL) {
wolfSSL	16:8e0d178b1d1e	9944	if (CheckAltNames(args->dCert, ssl->param->hostName) == 0 ) {
wolfSSL	16:8e0d178b1d1e	9945	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	9946	ret = DOMAIN_NAME_MISMATCH;
wolfSSL	16:8e0d178b1d1e	9947	}
wolfSSL	16:8e0d178b1d1e	9948	}
wolfSSL	16:8e0d178b1d1e	9949	}
wolfSSL	16:8e0d178b1d1e	9950	else {
wolfSSL	16:8e0d178b1d1e	9951	if (args->dCert->subjectCN) {
wolfSSL	16:8e0d178b1d1e	9952	if (MatchDomainName(args->dCert->subjectCN,
wolfSSL	16:8e0d178b1d1e	9953	args->dCert->subjectCNLen,
wolfSSL	16:8e0d178b1d1e	9954	ssl->param->hostName) == 0) {
wolfSSL	16:8e0d178b1d1e	9955	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	9956	ret = DOMAIN_NAME_MISMATCH;
wolfSSL	16:8e0d178b1d1e	9957	}
wolfSSL	16:8e0d178b1d1e	9958	}
wolfSSL	16:8e0d178b1d1e	9959	}
wolfSSL	16:8e0d178b1d1e	9960	}
wolfSSL	16:8e0d178b1d1e	9961	}
wolfSSL	16:8e0d178b1d1e	9962
wolfSSL	16:8e0d178b1d1e	9963	/* perform IP address check on the peer certificate */
wolfSSL	16:8e0d178b1d1e	9964	if ((args->dCertInit != 0) && (args->dCert != NULL) && (ssl != NULL) &&
wolfSSL	16:8e0d178b1d1e	9965	(ssl->param != NULL) && (XSTRLEN(ssl->param->ipasc) > 0)) {
wolfSSL	16:8e0d178b1d1e	9966	if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) {
wolfSSL	16:8e0d178b1d1e	9967	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	9968	ret = IPADDR_MISMATCH;
wolfSSL	16:8e0d178b1d1e	9969	}
wolfSSL	16:8e0d178b1d1e	9970	}
wolfSSL	16:8e0d178b1d1e	9971	}
wolfSSL	16:8e0d178b1d1e	9972	#endif
wolfSSL	16:8e0d178b1d1e	9973	/* if verify callback has been set */
wolfSSL	16:8e0d178b1d1e	9974	if ((use_cb && (ssl != NULL) && ((ssl->verifyCallback != NULL)
wolfSSL	16:8e0d178b1d1e	9975	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	9976	\|\| (ssl->ctx->verifyCertCb != NULL)
wolfSSL	16:8e0d178b1d1e	9977	#endif
wolfSSL	16:8e0d178b1d1e	9978	))
wolfSSL	16:8e0d178b1d1e	9979	#ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL	16:8e0d178b1d1e	9980	\|\| (cm->verifyCallback != NULL)
wolfSSL	16:8e0d178b1d1e	9981	#endif
wolfSSL	16:8e0d178b1d1e	9982	) {
wolfSSL	16:8e0d178b1d1e	9983	int verifyFail = 0;
wolfSSL	16:8e0d178b1d1e	9984	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	9985	WOLFSSL_X509_STORE_CTX* store;
wolfSSL	16:8e0d178b1d1e	9986	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	9987	WOLFSSL_X509* x509;
wolfSSL	16:8e0d178b1d1e	9988	#endif
wolfSSL	16:8e0d178b1d1e	9989	char* domain = NULL;
wolfSSL	16:8e0d178b1d1e	9990	#else
wolfSSL	16:8e0d178b1d1e	9991	WOLFSSL_X509_STORE_CTX store[1];
wolfSSL	16:8e0d178b1d1e	9992	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	9993	WOLFSSL_X509 x509[1];
wolfSSL	16:8e0d178b1d1e	9994	#endif
wolfSSL	16:8e0d178b1d1e	9995	char domain[ASN_NAME_MAX];
wolfSSL	16:8e0d178b1d1e	9996	#endif
wolfSSL	16:8e0d178b1d1e	9997
wolfSSL	16:8e0d178b1d1e	9998	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	9999	store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	10000	sizeof(WOLFSSL_X509_STORE_CTX), heap, DYNAMIC_TYPE_X509_STORE);
wolfSSL	16:8e0d178b1d1e	10001	if (store == NULL) {
wolfSSL	16:8e0d178b1d1e	10002	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	10003	}
wolfSSL	16:8e0d178b1d1e	10004	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10005	x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL	16:8e0d178b1d1e	10006	DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10007	if (x509 == NULL) {
wolfSSL	16:8e0d178b1d1e	10008	XFREE(store, heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10009	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	10010	}
wolfSSL	16:8e0d178b1d1e	10011	#endif
wolfSSL	16:8e0d178b1d1e	10012	domain = (char*)XMALLOC(ASN_NAME_MAX, heap, DYNAMIC_TYPE_STRING);
wolfSSL	16:8e0d178b1d1e	10013	if (domain == NULL) {
wolfSSL	16:8e0d178b1d1e	10014	XFREE(store, heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10015	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10016	XFREE(x509, heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10017	#endif
wolfSSL	16:8e0d178b1d1e	10018	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	10019	}
wolfSSL	16:8e0d178b1d1e	10020	#endif /* WOLFSSL_SMALL_STACK */
wolfSSL	16:8e0d178b1d1e	10021
wolfSSL	16:8e0d178b1d1e	10022	XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
wolfSSL	16:8e0d178b1d1e	10023	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10024	XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
wolfSSL	16:8e0d178b1d1e	10025	#endif
wolfSSL	16:8e0d178b1d1e	10026	domain[0] = '\0';
wolfSSL	16:8e0d178b1d1e	10027
wolfSSL	16:8e0d178b1d1e	10028	/* build subject CN as string to return in store */
wolfSSL	16:8e0d178b1d1e	10029	if (args->dCertInit && args->dCert && args->dCert->subjectCN) {
wolfSSL	16:8e0d178b1d1e	10030	int subjectCNLen = args->dCert->subjectCNLen;
wolfSSL	16:8e0d178b1d1e	10031	if (subjectCNLen > ASN_NAME_MAX-1)
wolfSSL	16:8e0d178b1d1e	10032	subjectCNLen = ASN_NAME_MAX-1;
wolfSSL	16:8e0d178b1d1e	10033	if (subjectCNLen > 0) {
wolfSSL	16:8e0d178b1d1e	10034	XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen);
wolfSSL	16:8e0d178b1d1e	10035	domain[subjectCNLen] = '\0';
wolfSSL	16:8e0d178b1d1e	10036	}
wolfSSL	16:8e0d178b1d1e	10037	}
wolfSSL	16:8e0d178b1d1e	10038
wolfSSL	16:8e0d178b1d1e	10039	store->error = ret;
wolfSSL	16:8e0d178b1d1e	10040	store->error_depth = args->certIdx;
wolfSSL	16:8e0d178b1d1e	10041	store->discardSessionCerts = 0;
wolfSSL	16:8e0d178b1d1e	10042	store->domain = domain;
wolfSSL	16:8e0d178b1d1e	10043	store->userCtx = (ssl != NULL) ? ssl->verifyCbCtx : cm;
wolfSSL	16:8e0d178b1d1e	10044	store->certs = args->certs;
wolfSSL	16:8e0d178b1d1e	10045	store->totalCerts = args->totalCerts;
wolfSSL	16:8e0d178b1d1e	10046	#if defined(HAVE_EX_DATA) \|\| defined(FORTRESS)
wolfSSL	16:8e0d178b1d1e	10047	if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl)
wolfSSL	16:8e0d178b1d1e	10048	!= WOLFSSL_SUCCESS) {
wolfSSL	16:8e0d178b1d1e	10049	WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX");
wolfSSL	16:8e0d178b1d1e	10050	}
wolfSSL	16:8e0d178b1d1e	10051	#endif
wolfSSL	16:8e0d178b1d1e	10052
wolfSSL	16:8e0d178b1d1e	10053	if (ssl != NULL) {
wolfSSL	16:8e0d178b1d1e	10054	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	16:8e0d178b1d1e	10055	if (ssl->ctx->x509_store_pt != NULL) {
wolfSSL	16:8e0d178b1d1e	10056	store->store = ssl->ctx->x509_store_pt;
wolfSSL	16:8e0d178b1d1e	10057	}
wolfSSL	16:8e0d178b1d1e	10058	else {
wolfSSL	16:8e0d178b1d1e	10059	store->store = &ssl->ctx->x509_store;
wolfSSL	16:8e0d178b1d1e	10060	}
wolfSSL	16:8e0d178b1d1e	10061	#if defined(OPENSSL_EXTRA)
wolfSSL	16:8e0d178b1d1e	10062	store->depth = args->count;
wolfSSL	16:8e0d178b1d1e	10063	store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	10064	sizeof(WOLFSSL_X509_VERIFY_PARAM),
wolfSSL	16:8e0d178b1d1e	10065	heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL	16:8e0d178b1d1e	10066	if (store->param == NULL) {
wolfSSL	16:8e0d178b1d1e	10067	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	10068	XFREE(domain, heap, DYNAMIC_TYPE_STRING);
wolfSSL	16:8e0d178b1d1e	10069	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10070	XFREE(x509, heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10071	#endif
wolfSSL	16:8e0d178b1d1e	10072	XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
wolfSSL	16:8e0d178b1d1e	10073	#endif
wolfSSL	16:8e0d178b1d1e	10074	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	10075	}
wolfSSL	16:8e0d178b1d1e	10076	XMEMSET(store->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
wolfSSL	16:8e0d178b1d1e	10077	/* Overwrite with non-default param values in SSL */
wolfSSL	16:8e0d178b1d1e	10078	if (ssl->param) {
wolfSSL	16:8e0d178b1d1e	10079	if (ssl->param->check_time)
wolfSSL	16:8e0d178b1d1e	10080	store->param->check_time = ssl->param->check_time;
wolfSSL	16:8e0d178b1d1e	10081
wolfSSL	16:8e0d178b1d1e	10082	if (ssl->param->flags)
wolfSSL	16:8e0d178b1d1e	10083	store->param->flags = ssl->param->flags;
wolfSSL	16:8e0d178b1d1e	10084
wolfSSL	16:8e0d178b1d1e	10085	if (ssl->param->hostName[0])
wolfSSL	16:8e0d178b1d1e	10086	XMEMCPY(store->param->hostName, ssl->param->hostName,
wolfSSL	16:8e0d178b1d1e	10087	WOLFSSL_HOST_NAME_MAX);
wolfSSL	16:8e0d178b1d1e	10088
wolfSSL	16:8e0d178b1d1e	10089	}
wolfSSL	16:8e0d178b1d1e	10090	#endif /* defined(OPENSSL_EXTRA) */
wolfSSL	16:8e0d178b1d1e	10091	#endif /* defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)*/
wolfSSL	16:8e0d178b1d1e	10092	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10093	#ifdef KEEP_PEER_CERT
wolfSSL	16:8e0d178b1d1e	10094	if (args->certIdx == 0) {
wolfSSL	16:8e0d178b1d1e	10095	store->current_cert = &ssl->peerCert; /* use existing X509 */
wolfSSL	16:8e0d178b1d1e	10096	}
wolfSSL	16:8e0d178b1d1e	10097	else
wolfSSL	16:8e0d178b1d1e	10098	#endif
wolfSSL	16:8e0d178b1d1e	10099	{
wolfSSL	16:8e0d178b1d1e	10100	InitX509(x509, 0, heap);
wolfSSL	16:8e0d178b1d1e	10101	if (CopyDecodedToX509(x509, args->dCert) == 0) {
wolfSSL	16:8e0d178b1d1e	10102	store->current_cert = x509;
wolfSSL	16:8e0d178b1d1e	10103	}
wolfSSL	16:8e0d178b1d1e	10104	else {
wolfSSL	16:8e0d178b1d1e	10105	FreeX509(x509);
wolfSSL	16:8e0d178b1d1e	10106	}
wolfSSL	16:8e0d178b1d1e	10107	}
wolfSSL	16:8e0d178b1d1e	10108	#endif
wolfSSL	16:8e0d178b1d1e	10109	#ifdef SESSION_CERTS
wolfSSL	16:8e0d178b1d1e	10110	store->sesChain = &ssl->session.chain;
wolfSSL	16:8e0d178b1d1e	10111	#endif
wolfSSL	16:8e0d178b1d1e	10112	}
wolfSSL	16:8e0d178b1d1e	10113	#ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL	16:8e0d178b1d1e	10114	/* non-zero return code indicates failure override */
wolfSSL	16:8e0d178b1d1e	10115	if ((cm != NULL) && (cm->verifyCallback != NULL)) {
wolfSSL	16:8e0d178b1d1e	10116	store->userCtx = cm;
wolfSSL	16:8e0d178b1d1e	10117	if (cm->verifyCallback(verify_ok, store)) {
wolfSSL	16:8e0d178b1d1e	10118	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	10119	WOLFSSL_MSG("Verify CM callback overriding error!");
wolfSSL	16:8e0d178b1d1e	10120	ret = 0;
wolfSSL	16:8e0d178b1d1e	10121	}
wolfSSL	16:8e0d178b1d1e	10122	}
wolfSSL	16:8e0d178b1d1e	10123	else {
wolfSSL	16:8e0d178b1d1e	10124	verifyFail = 1;
wolfSSL	16:8e0d178b1d1e	10125	}
wolfSSL	16:8e0d178b1d1e	10126	}
wolfSSL	16:8e0d178b1d1e	10127	#endif
wolfSSL	16:8e0d178b1d1e	10128
wolfSSL	16:8e0d178b1d1e	10129	if (ssl != NULL) {
wolfSSL	16:8e0d178b1d1e	10130	#ifdef OPENSSL_ALL
wolfSSL	16:8e0d178b1d1e	10131	/* non-zero return code indicates failure override */
wolfSSL	16:8e0d178b1d1e	10132	if (ssl->ctx->verifyCertCb) {
wolfSSL	16:8e0d178b1d1e	10133	if (ssl->ctx->verifyCertCb(store, ssl->ctx->verifyCertCbArg)) {
wolfSSL	16:8e0d178b1d1e	10134	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	10135	WOLFSSL_MSG("Verify Cert callback overriding error!");
wolfSSL	16:8e0d178b1d1e	10136	ret = 0;
wolfSSL	16:8e0d178b1d1e	10137	}
wolfSSL	16:8e0d178b1d1e	10138	}
wolfSSL	16:8e0d178b1d1e	10139	else {
wolfSSL	16:8e0d178b1d1e	10140	verifyFail = 1;
wolfSSL	16:8e0d178b1d1e	10141	}
wolfSSL	16:8e0d178b1d1e	10142	}
wolfSSL	16:8e0d178b1d1e	10143	#endif
wolfSSL	16:8e0d178b1d1e	10144
wolfSSL	16:8e0d178b1d1e	10145	/* non-zero return code indicates failure override */
wolfSSL	16:8e0d178b1d1e	10146	if (ssl->verifyCallback) {
wolfSSL	16:8e0d178b1d1e	10147	if (ssl->verifyCallback(verify_ok, store)) {
wolfSSL	16:8e0d178b1d1e	10148	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	10149	WOLFSSL_MSG("Verify callback overriding error!");
wolfSSL	16:8e0d178b1d1e	10150	ret = 0;
wolfSSL	16:8e0d178b1d1e	10151	}
wolfSSL	16:8e0d178b1d1e	10152	}
wolfSSL	16:8e0d178b1d1e	10153	else {
wolfSSL	16:8e0d178b1d1e	10154	verifyFail = 1;
wolfSSL	16:8e0d178b1d1e	10155	}
wolfSSL	16:8e0d178b1d1e	10156	}
wolfSSL	16:8e0d178b1d1e	10157	}
wolfSSL	16:8e0d178b1d1e	10158
wolfSSL	16:8e0d178b1d1e	10159	if (verifyFail) {
wolfSSL	16:8e0d178b1d1e	10160	/* induce error if one not present */
wolfSSL	16:8e0d178b1d1e	10161	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	10162	ret = VERIFY_CERT_ERROR;
wolfSSL	16:8e0d178b1d1e	10163	}
wolfSSL	16:8e0d178b1d1e	10164
wolfSSL	16:8e0d178b1d1e	10165	/* mark as verify error */
wolfSSL	16:8e0d178b1d1e	10166	args->verifyErr = 1;
wolfSSL	16:8e0d178b1d1e	10167	}
wolfSSL	16:8e0d178b1d1e	10168	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10169	if (args->certIdx > 0)
wolfSSL	16:8e0d178b1d1e	10170	FreeX509(x509);
wolfSSL	16:8e0d178b1d1e	10171	#endif
wolfSSL	16:8e0d178b1d1e	10172	#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL	16:8e0d178b1d1e	10173	wolfSSL_sk_X509_free(store->chain);
wolfSSL	16:8e0d178b1d1e	10174	store->chain = NULL;
wolfSSL	16:8e0d178b1d1e	10175	#endif
wolfSSL	16:8e0d178b1d1e	10176	#ifdef SESSION_CERTS
wolfSSL	16:8e0d178b1d1e	10177	if ((ssl != NULL) && (store->discardSessionCerts)) {
wolfSSL	16:8e0d178b1d1e	10178	WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL	16:8e0d178b1d1e	10179	ssl->session.chain.count = 0;
wolfSSL	16:8e0d178b1d1e	10180	#ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL	16:8e0d178b1d1e	10181	ssl->session.altChain.count = 0;
wolfSSL	16:8e0d178b1d1e	10182	#endif
wolfSSL	16:8e0d178b1d1e	10183	}
wolfSSL	16:8e0d178b1d1e	10184	#endif /* SESSION_CERTS */
wolfSSL	16:8e0d178b1d1e	10185	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	10186	if ((ssl != NULL) && (store->param)) {
wolfSSL	16:8e0d178b1d1e	10187	XFREE(store->param, heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL	16:8e0d178b1d1e	10188	}
wolfSSL	16:8e0d178b1d1e	10189	#endif
wolfSSL	16:8e0d178b1d1e	10190	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	10191	XFREE(domain, heap, DYNAMIC_TYPE_STRING);
wolfSSL	16:8e0d178b1d1e	10192	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10193	XFREE(x509, heap, DYNAMIC_TYPE_X509);
wolfSSL	16:8e0d178b1d1e	10194	#endif
wolfSSL	16:8e0d178b1d1e	10195	XFREE(store, heap, DYNAMIC_TYPE_X509_STORE);
wolfSSL	16:8e0d178b1d1e	10196	#endif
wolfSSL	16:8e0d178b1d1e	10197	}
wolfSSL	16:8e0d178b1d1e	10198
wolfSSL	16:8e0d178b1d1e	10199	(void)heap;
wolfSSL	16:8e0d178b1d1e	10200
wolfSSL	16:8e0d178b1d1e	10201	return ret;
wolfSSL	16:8e0d178b1d1e	10202	}
wolfSSL	15:117db924cf7c	10203
wolfSSL	15:117db924cf7c	10204	static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	10205	{
wolfSSL	15:117db924cf7c	10206	ProcPeerCertArgs* args = (ProcPeerCertArgs*)pArgs;
wolfSSL	15:117db924cf7c	10207
wolfSSL	15:117db924cf7c	10208	(void)ssl;
wolfSSL	15:117db924cf7c	10209
wolfSSL	15:117db924cf7c	10210	if (args->certs) {
wolfSSL	15:117db924cf7c	10211	XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	10212	args->certs = NULL;
wolfSSL	15:117db924cf7c	10213	}
wolfSSL	15:117db924cf7c	10214	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	10215	if (args->exts) {
wolfSSL	15:117db924cf7c	10216	XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT);
wolfSSL	15:117db924cf7c	10217	args->exts = NULL;
wolfSSL	15:117db924cf7c	10218	}
wolfSSL	15:117db924cf7c	10219	#endif
wolfSSL	15:117db924cf7c	10220	if (args->dCert) {
wolfSSL	15:117db924cf7c	10221	if (args->dCertInit) {
wolfSSL	15:117db924cf7c	10222	FreeDecodedCert(args->dCert);
wolfSSL	15:117db924cf7c	10223	args->dCertInit = 0;
wolfSSL	15:117db924cf7c	10224	}
wolfSSL	15:117db924cf7c	10225	XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	10226	args->dCert = NULL;
wolfSSL	15:117db924cf7c	10227	}
wolfSSL	15:117db924cf7c	10228	}
wolfSSL	15:117db924cf7c	10229
wolfSSL	16:8e0d178b1d1e	10230	static int ProcessPeerCertParse(WOLFSSL* ssl, ProcPeerCertArgs* args,
wolfSSL	16:8e0d178b1d1e	10231	int certType, int verify, byte** pSubjectHash, int* pAlreadySigner)
wolfSSL	16:8e0d178b1d1e	10232	{
wolfSSL	16:8e0d178b1d1e	10233	int ret = 0;
wolfSSL	16:8e0d178b1d1e	10234	buffer* cert;
wolfSSL	16:8e0d178b1d1e	10235	byte* subjectHash = NULL;
wolfSSL	16:8e0d178b1d1e	10236	int alreadySigner = 0;
wolfSSL	16:8e0d178b1d1e	10237	#ifdef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	16:8e0d178b1d1e	10238	int sigRet = 0;
wolfSSL	16:8e0d178b1d1e	10239	#endif
wolfSSL	16:8e0d178b1d1e	10240
wolfSSL	16:8e0d178b1d1e	10241	if (ssl == NULL \|\| args == NULL)
wolfSSL	16:8e0d178b1d1e	10242	return BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	10243
wolfSSL	16:8e0d178b1d1e	10244	/* check to make sure certificate index is valid */
wolfSSL	16:8e0d178b1d1e	10245	if (args->certIdx > args->count)
wolfSSL	16:8e0d178b1d1e	10246	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	10247
wolfSSL	16:8e0d178b1d1e	10248	/* check if returning from non-blocking OCSP */
wolfSSL	16:8e0d178b1d1e	10249	/* skip this section because cert is already initialized and parsed */
wolfSSL	16:8e0d178b1d1e	10250	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	16:8e0d178b1d1e	10251	if (args->lastErr == OCSP_WANT_READ) {
wolfSSL	16:8e0d178b1d1e	10252	args->lastErr = 0; /* clear error */
wolfSSL	16:8e0d178b1d1e	10253	return 0;
wolfSSL	16:8e0d178b1d1e	10254	}
wolfSSL	16:8e0d178b1d1e	10255	#endif
wolfSSL	16:8e0d178b1d1e	10256
wolfSSL	16:8e0d178b1d1e	10257	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	16:8e0d178b1d1e	10258	/* we have trusted peer */
wolfSSL	16:8e0d178b1d1e	10259	if (args->haveTrustPeer) {
wolfSSL	16:8e0d178b1d1e	10260	return 0;
wolfSSL	16:8e0d178b1d1e	10261	}
wolfSSL	16:8e0d178b1d1e	10262	#endif
wolfSSL	16:8e0d178b1d1e	10263
wolfSSL	16:8e0d178b1d1e	10264	/* get certificate buffer */
wolfSSL	16:8e0d178b1d1e	10265	cert = &args->certs[args->certIdx];
wolfSSL	16:8e0d178b1d1e	10266
wolfSSL	16:8e0d178b1d1e	10267	#ifdef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	16:8e0d178b1d1e	10268	if (verify == VERIFY) {
wolfSSL	16:8e0d178b1d1e	10269	/* for small cert verify, release decoded cert during signature check to
wolfSSL	16:8e0d178b1d1e	10270	reduce peak memory usage */
wolfSSL	16:8e0d178b1d1e	10271	if (args->dCert != NULL) {
wolfSSL	16:8e0d178b1d1e	10272	if (args->dCertInit) {
wolfSSL	16:8e0d178b1d1e	10273	FreeDecodedCert(args->dCert);
wolfSSL	16:8e0d178b1d1e	10274	args->dCertInit = 0;
wolfSSL	16:8e0d178b1d1e	10275	}
wolfSSL	16:8e0d178b1d1e	10276	XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	16:8e0d178b1d1e	10277	args->dCert = NULL;
wolfSSL	16:8e0d178b1d1e	10278	}
wolfSSL	16:8e0d178b1d1e	10279
wolfSSL	16:8e0d178b1d1e	10280	/* perform cert parsing and signature check */
wolfSSL	16:8e0d178b1d1e	10281	sigRet = CheckCertSignature(cert->buffer, cert->length,
wolfSSL	16:8e0d178b1d1e	10282	ssl->heap, ssl->ctx->cm);
wolfSSL	16:8e0d178b1d1e	10283	/* fail on errors here after the ParseCertRelative call, so dCert is populated */
wolfSSL	16:8e0d178b1d1e	10284
wolfSSL	16:8e0d178b1d1e	10285	/* verify name only in ParseCertRelative below, signature check done */
wolfSSL	16:8e0d178b1d1e	10286	verify = VERIFY_NAME;
wolfSSL	16:8e0d178b1d1e	10287	}
wolfSSL	16:8e0d178b1d1e	10288	#endif /* WOLFSSL_SMALL_CERT_VERIFY */
wolfSSL	16:8e0d178b1d1e	10289
wolfSSL	16:8e0d178b1d1e	10290	/* make sure the decoded cert structure is allocated and initialized */
wolfSSL	16:8e0d178b1d1e	10291	if (!args->dCertInit
wolfSSL	16:8e0d178b1d1e	10292	#ifdef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	16:8e0d178b1d1e	10293	\|\| args->dCert == NULL
wolfSSL	16:8e0d178b1d1e	10294	#endif
wolfSSL	16:8e0d178b1d1e	10295	) {
wolfSSL	16:8e0d178b1d1e	10296	#ifdef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	16:8e0d178b1d1e	10297	if (args->dCert == NULL) {
wolfSSL	16:8e0d178b1d1e	10298	args->dCert = (DecodedCert*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	10299	sizeof(DecodedCert), ssl->heap,
wolfSSL	16:8e0d178b1d1e	10300	DYNAMIC_TYPE_DCERT);
wolfSSL	16:8e0d178b1d1e	10301	if (args->dCert == NULL) {
wolfSSL	16:8e0d178b1d1e	10302	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	10303	}
wolfSSL	16:8e0d178b1d1e	10304	}
wolfSSL	16:8e0d178b1d1e	10305	#endif
wolfSSL	16:8e0d178b1d1e	10306
wolfSSL	16:8e0d178b1d1e	10307	InitDecodedCert(args->dCert, cert->buffer, cert->length, ssl->heap);
wolfSSL	16:8e0d178b1d1e	10308
wolfSSL	16:8e0d178b1d1e	10309	args->dCertInit = 1;
wolfSSL	16:8e0d178b1d1e	10310	args->dCert->sigCtx.devId = ssl->devId;
wolfSSL	16:8e0d178b1d1e	10311	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	10312	args->dCert->sigCtx.asyncCtx = ssl;
wolfSSL	16:8e0d178b1d1e	10313	#endif
wolfSSL	16:8e0d178b1d1e	10314
wolfSSL	16:8e0d178b1d1e	10315	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	10316	/* setup the PK callback context */
wolfSSL	16:8e0d178b1d1e	10317	ret = InitSigPkCb(ssl, &args->dCert->sigCtx);
wolfSSL	16:8e0d178b1d1e	10318	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	10319	return ret;
wolfSSL	16:8e0d178b1d1e	10320	#endif
wolfSSL	16:8e0d178b1d1e	10321	}
wolfSSL	16:8e0d178b1d1e	10322
wolfSSL	16:8e0d178b1d1e	10323	/* Parse Certificate */
wolfSSL	16:8e0d178b1d1e	10324	ret = ParseCertRelative(args->dCert, certType, verify, ssl->ctx->cm);
wolfSSL	16:8e0d178b1d1e	10325	/* perform below checks for date failure cases */
wolfSSL	16:8e0d178b1d1e	10326	if (ret == 0 \|\| ret == ASN_BEFORE_DATE_E \|\| ret == ASN_AFTER_DATE_E) {
wolfSSL	16:8e0d178b1d1e	10327	/* get subject and determine if already loaded */
wolfSSL	16:8e0d178b1d1e	10328	#ifndef NO_SKID
wolfSSL	16:8e0d178b1d1e	10329	if (args->dCert->extAuthKeyIdSet)
wolfSSL	16:8e0d178b1d1e	10330	subjectHash = args->dCert->extSubjKeyId;
wolfSSL	16:8e0d178b1d1e	10331	else
wolfSSL	16:8e0d178b1d1e	10332	#endif
wolfSSL	16:8e0d178b1d1e	10333	subjectHash = args->dCert->subjectHash;
wolfSSL	16:8e0d178b1d1e	10334	alreadySigner = AlreadySigner(ssl->ctx->cm, subjectHash);
wolfSSL	16:8e0d178b1d1e	10335	}
wolfSSL	16:8e0d178b1d1e	10336
wolfSSL	16:8e0d178b1d1e	10337	#ifdef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	16:8e0d178b1d1e	10338	/* get signature check failures from above */
wolfSSL	16:8e0d178b1d1e	10339	if (ret == 0)
wolfSSL	16:8e0d178b1d1e	10340	ret = sigRet;
wolfSSL	16:8e0d178b1d1e	10341	#endif
wolfSSL	16:8e0d178b1d1e	10342
wolfSSL	16:8e0d178b1d1e	10343	if (pSubjectHash)
wolfSSL	16:8e0d178b1d1e	10344	*pSubjectHash = subjectHash;
wolfSSL	16:8e0d178b1d1e	10345	if (pAlreadySigner)
wolfSSL	16:8e0d178b1d1e	10346	*pAlreadySigner = alreadySigner;
wolfSSL	16:8e0d178b1d1e	10347
wolfSSL	16:8e0d178b1d1e	10348	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	10349	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	10350	ret = wolfSSL_AsyncPush(ssl,
wolfSSL	16:8e0d178b1d1e	10351	args->dCert->sigCtx.asyncDev);
wolfSSL	16:8e0d178b1d1e	10352	}
wolfSSL	16:8e0d178b1d1e	10353	#endif
wolfSSL	16:8e0d178b1d1e	10354
wolfSSL	16:8e0d178b1d1e	10355	return ret;
wolfSSL	16:8e0d178b1d1e	10356	}
wolfSSL	16:8e0d178b1d1e	10357
wolfSSL	16:8e0d178b1d1e	10358	/* Check key sizes for certs. Is redundant check since
wolfSSL	16:8e0d178b1d1e	10359	ProcessBuffer also performs this check. */
wolfSSL	16:8e0d178b1d1e	10360	static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
wolfSSL	16:8e0d178b1d1e	10361	{
wolfSSL	16:8e0d178b1d1e	10362	int ret = 0;
wolfSSL	16:8e0d178b1d1e	10363
wolfSSL	16:8e0d178b1d1e	10364	if (ssl->options.verifyNone) {
wolfSSL	16:8e0d178b1d1e	10365	return ret;
wolfSSL	16:8e0d178b1d1e	10366	}
wolfSSL	16:8e0d178b1d1e	10367
wolfSSL	16:8e0d178b1d1e	10368	switch (args->dCert->keyOID) {
wolfSSL	16:8e0d178b1d1e	10369	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	10370	case RSAk:
wolfSSL	16:8e0d178b1d1e	10371	if (ssl->options.minRsaKeySz < 0 \|\|
wolfSSL	16:8e0d178b1d1e	10372	args->dCert->pubKeySize <
wolfSSL	16:8e0d178b1d1e	10373	(word16)ssl->options.minRsaKeySz) {
wolfSSL	16:8e0d178b1d1e	10374	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	10375	"RSA key size in cert chain error");
wolfSSL	16:8e0d178b1d1e	10376	ret = RSA_KEY_SIZE_E;
wolfSSL	16:8e0d178b1d1e	10377	}
wolfSSL	16:8e0d178b1d1e	10378	break;
wolfSSL	16:8e0d178b1d1e	10379	#endif /* !NO_RSA */
wolfSSL	16:8e0d178b1d1e	10380	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	10381	case ECDSAk:
wolfSSL	16:8e0d178b1d1e	10382	if (ssl->options.minEccKeySz < 0 \|\|
wolfSSL	16:8e0d178b1d1e	10383	args->dCert->pubKeySize <
wolfSSL	16:8e0d178b1d1e	10384	(word16)ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	10385	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	10386	"ECC key size in cert chain error");
wolfSSL	16:8e0d178b1d1e	10387	ret = ECC_KEY_SIZE_E;
wolfSSL	16:8e0d178b1d1e	10388	}
wolfSSL	16:8e0d178b1d1e	10389	break;
wolfSSL	16:8e0d178b1d1e	10390	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	10391	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	10392	case ED25519k:
wolfSSL	16:8e0d178b1d1e	10393	if (ssl->options.minEccKeySz < 0 \|\|
wolfSSL	16:8e0d178b1d1e	10394	ED25519_KEY_SIZE < (word16)ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	10395	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	10396	"ECC key size in cert chain error");
wolfSSL	16:8e0d178b1d1e	10397	ret = ECC_KEY_SIZE_E;
wolfSSL	16:8e0d178b1d1e	10398	}
wolfSSL	16:8e0d178b1d1e	10399	break;
wolfSSL	16:8e0d178b1d1e	10400	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	10401	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	10402	case ED448k:
wolfSSL	16:8e0d178b1d1e	10403	if (ssl->options.minEccKeySz < 0 \|\|
wolfSSL	16:8e0d178b1d1e	10404	ED448_KEY_SIZE < (word16)ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	10405	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	10406	"ECC key size in cert chain error");
wolfSSL	16:8e0d178b1d1e	10407	ret = ECC_KEY_SIZE_E;
wolfSSL	16:8e0d178b1d1e	10408	}
wolfSSL	16:8e0d178b1d1e	10409	break;
wolfSSL	16:8e0d178b1d1e	10410	#endif /* HAVE_ED448 */
wolfSSL	16:8e0d178b1d1e	10411	default:
wolfSSL	16:8e0d178b1d1e	10412	WOLFSSL_MSG("Key size not checked");
wolfSSL	16:8e0d178b1d1e	10413	/* key not being checked for size if not in
wolfSSL	16:8e0d178b1d1e	10414	switch */
wolfSSL	16:8e0d178b1d1e	10415	break;
wolfSSL	16:8e0d178b1d1e	10416	}
wolfSSL	16:8e0d178b1d1e	10417
wolfSSL	16:8e0d178b1d1e	10418	return ret;
wolfSSL	16:8e0d178b1d1e	10419	}
wolfSSL	16:8e0d178b1d1e	10420
wolfSSL	15:117db924cf7c	10421	int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	10422	word32 totalSz)
wolfSSL	15:117db924cf7c	10423	{
wolfSSL	15:117db924cf7c	10424	int ret = 0;
wolfSSL	15:117db924cf7c	10425	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	10426	ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	10427	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	10428	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	10429	#elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	10430	ProcPeerCertArgs* args = ssl->nonblockarg;
wolfSSL	16:8e0d178b1d1e	10431	#elif defined(WOLFSSL_SMALL_STACK)
wolfSSL	16:8e0d178b1d1e	10432	ProcPeerCertArgs* args = NULL;
wolfSSL	15:117db924cf7c	10433	#else
wolfSSL	15:117db924cf7c	10434	ProcPeerCertArgs args[1];
wolfSSL	15:117db924cf7c	10435	#endif
wolfSSL	16:8e0d178b1d1e	10436	byte* subjectHash = NULL;
wolfSSL	16:8e0d178b1d1e	10437	int alreadySigner = 0;
wolfSSL	15:117db924cf7c	10438
wolfSSL	15:117db924cf7c	10439	WOLFSSL_ENTER("ProcessPeerCerts");
wolfSSL	15:117db924cf7c	10440
wolfSSL	15:117db924cf7c	10441	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	10442	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	10443	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	10444	/* Check for error */
wolfSSL	15:117db924cf7c	10445	if (ret < 0)
wolfSSL	15:117db924cf7c	10446	goto exit_ppc;
wolfSSL	15:117db924cf7c	10447	}
wolfSSL	15:117db924cf7c	10448	else
wolfSSL	15:117db924cf7c	10449	#elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	10450	if (args == NULL) {
wolfSSL	15:117db924cf7c	10451	args = (ProcPeerCertArgs*)XMALLOC(
wolfSSL	15:117db924cf7c	10452	sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	15:117db924cf7c	10453	if (args == NULL) {
wolfSSL	15:117db924cf7c	10454	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	15:117db924cf7c	10455	}
wolfSSL	15:117db924cf7c	10456	}
wolfSSL	15:117db924cf7c	10457	if (ssl->nonblockarg == NULL) /* new args */
wolfSSL	16:8e0d178b1d1e	10458	#elif defined(WOLFSSL_SMALL_STACK)
wolfSSL	16:8e0d178b1d1e	10459	args = (ProcPeerCertArgs*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	10460	sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	10461	if (args == NULL) {
wolfSSL	16:8e0d178b1d1e	10462	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	16:8e0d178b1d1e	10463	}
wolfSSL	15:117db924cf7c	10464	#endif
wolfSSL	15:117db924cf7c	10465	{
wolfSSL	15:117db924cf7c	10466	/* Reset state */
wolfSSL	15:117db924cf7c	10467	ret = 0;
wolfSSL	15:117db924cf7c	10468	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	10469	XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
wolfSSL	15:117db924cf7c	10470	args->idx = *inOutIdx;
wolfSSL	15:117db924cf7c	10471	args->begin = *inOutIdx;
wolfSSL	15:117db924cf7c	10472	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	10473	ssl->async.freeArgs = FreeProcPeerCertArgs;
wolfSSL	15:117db924cf7c	10474	#elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	10475	ssl->nonblockarg = args;
wolfSSL	15:117db924cf7c	10476	#endif
wolfSSL	15:117db924cf7c	10477	}
wolfSSL	15:117db924cf7c	10478
wolfSSL	15:117db924cf7c	10479	switch (ssl->options.asyncState)
wolfSSL	15:117db924cf7c	10480	{
wolfSSL	15:117db924cf7c	10481	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	10482	{
wolfSSL	15:117db924cf7c	10483	word32 listSz;
wolfSSL	15:117db924cf7c	10484
wolfSSL	15:117db924cf7c	10485	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	10486	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	10487	AddPacketName(ssl, "Certificate");
wolfSSL	15:117db924cf7c	10488	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	10489	AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	10490	#endif
wolfSSL	15:117db924cf7c	10491
wolfSSL	15:117db924cf7c	10492	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	10493	if (ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	10494	byte ctxSz;
wolfSSL	15:117db924cf7c	10495
wolfSSL	15:117db924cf7c	10496	/* Certificate Request Context */
wolfSSL	15:117db924cf7c	10497	if ((args->idx - args->begin) + OPAQUE8_LEN > totalSz)
wolfSSL	16:8e0d178b1d1e	10498	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10499	ctxSz = *(input + args->idx);
wolfSSL	15:117db924cf7c	10500	args->idx++;
wolfSSL	15:117db924cf7c	10501	if ((args->idx - args->begin) + ctxSz > totalSz)
wolfSSL	16:8e0d178b1d1e	10502	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10503	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	10504	/* Must be empty when received from server. */
wolfSSL	15:117db924cf7c	10505	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	10506	if (ctxSz != 0) {
wolfSSL	16:8e0d178b1d1e	10507	ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc);
wolfSSL	15:117db924cf7c	10508	}
wolfSSL	15:117db924cf7c	10509	}
wolfSSL	15:117db924cf7c	10510	#endif
wolfSSL	15:117db924cf7c	10511	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	10512	/* Must contain value sent in request. */
wolfSSL	15:117db924cf7c	10513	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	10514	if (ssl->options.handShakeState != HANDSHAKE_DONE &&
wolfSSL	15:117db924cf7c	10515	ctxSz != 0) {
wolfSSL	16:8e0d178b1d1e	10516	ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc);
wolfSSL	15:117db924cf7c	10517	}
wolfSSL	15:117db924cf7c	10518	else if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL	15:117db924cf7c	10519	#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
wolfSSL	15:117db924cf7c	10520	CertReqCtx* curr = ssl->certReqCtx;
wolfSSL	15:117db924cf7c	10521	CertReqCtx* prev = NULL;
wolfSSL	15:117db924cf7c	10522	while (curr != NULL) {
wolfSSL	15:117db924cf7c	10523	if ((ctxSz == curr->len) &&
wolfSSL	15:117db924cf7c	10524	XMEMCMP(&curr->ctx, input + args->idx, ctxSz)
wolfSSL	15:117db924cf7c	10525	== 0) {
wolfSSL	15:117db924cf7c	10526	if (prev != NULL)
wolfSSL	15:117db924cf7c	10527	prev->next = curr->next;
wolfSSL	15:117db924cf7c	10528	else
wolfSSL	15:117db924cf7c	10529	ssl->certReqCtx = curr->next;
wolfSSL	15:117db924cf7c	10530	XFREE(curr, ssl->heap,
wolfSSL	15:117db924cf7c	10531	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	15:117db924cf7c	10532	break;
wolfSSL	15:117db924cf7c	10533	}
wolfSSL	15:117db924cf7c	10534	prev = curr;
wolfSSL	15:117db924cf7c	10535	curr = curr->next;
wolfSSL	15:117db924cf7c	10536	}
wolfSSL	15:117db924cf7c	10537	if (curr == NULL)
wolfSSL	15:117db924cf7c	10538	#endif
wolfSSL	16:8e0d178b1d1e	10539	ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc);
wolfSSL	15:117db924cf7c	10540	}
wolfSSL	15:117db924cf7c	10541	}
wolfSSL	15:117db924cf7c	10542	#endif
wolfSSL	15:117db924cf7c	10543	args->idx += ctxSz;
wolfSSL	15:117db924cf7c	10544
wolfSSL	16:8e0d178b1d1e	10545	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	10546	/* allocate buffer for cert extensions */
wolfSSL	16:8e0d178b1d1e	10547	args->exts = (buffer)XMALLOC(sizeof(buffer)
wolfSSL	16:8e0d178b1d1e	10548	(ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_CERT_EXT);
wolfSSL	16:8e0d178b1d1e	10549	if (args->exts == NULL) {
wolfSSL	16:8e0d178b1d1e	10550	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	16:8e0d178b1d1e	10551	}
wolfSSL	16:8e0d178b1d1e	10552	#else
wolfSSL	15:117db924cf7c	10553	/* allocate buffer for cert extensions */
wolfSSL	15:117db924cf7c	10554	args->exts = (buffer)XMALLOC(sizeof(buffer) MAX_CHAIN_DEPTH,
wolfSSL	15:117db924cf7c	10555	ssl->heap, DYNAMIC_TYPE_CERT_EXT);
wolfSSL	15:117db924cf7c	10556	if (args->exts == NULL) {
wolfSSL	15:117db924cf7c	10557	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	15:117db924cf7c	10558	}
wolfSSL	16:8e0d178b1d1e	10559	#endif
wolfSSL	15:117db924cf7c	10560	}
wolfSSL	15:117db924cf7c	10561	#endif
wolfSSL	15:117db924cf7c	10562
wolfSSL	15:117db924cf7c	10563	/* allocate buffer for certs */
wolfSSL	15:117db924cf7c	10564	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	10565	args->certs = (buffer)XMALLOC(sizeof(buffer)
wolfSSL	15:117db924cf7c	10566	(ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	10567	if (args->certs == NULL) {
wolfSSL	15:117db924cf7c	10568	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	15:117db924cf7c	10569	}
wolfSSL	15:117db924cf7c	10570	XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1));
wolfSSL	15:117db924cf7c	10571	#else
wolfSSL	15:117db924cf7c	10572	args->certs = (buffer)XMALLOC(sizeof(buffer) MAX_CHAIN_DEPTH,
wolfSSL	15:117db924cf7c	10573	ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	10574	if (args->certs == NULL) {
wolfSSL	15:117db924cf7c	10575	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	15:117db924cf7c	10576	}
wolfSSL	15:117db924cf7c	10577	XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH);
wolfSSL	15:117db924cf7c	10578	#endif /* OPENSSL_EXTRA */
wolfSSL	16:8e0d178b1d1e	10579
wolfSSL	15:117db924cf7c	10580	/* Certificate List */
wolfSSL	15:117db924cf7c	10581	if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
wolfSSL	15:117db924cf7c	10582	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10583	}
wolfSSL	15:117db924cf7c	10584	c24to32(input + args->idx, &listSz);
wolfSSL	15:117db924cf7c	10585	args->idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	10586	if (listSz > MAX_CERTIFICATE_SZ) {
wolfSSL	15:117db924cf7c	10587	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10588	}
wolfSSL	15:117db924cf7c	10589	if ((args->idx - args->begin) + listSz != totalSz) {
wolfSSL	15:117db924cf7c	10590	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10591	}
wolfSSL	15:117db924cf7c	10592
wolfSSL	15:117db924cf7c	10593	WOLFSSL_MSG("Loading peer's cert chain");
wolfSSL	15:117db924cf7c	10594	/* first put cert chain into buffer so can verify top down
wolfSSL	15:117db924cf7c	10595	we're sent bottom up */
wolfSSL	15:117db924cf7c	10596	while (listSz) {
wolfSSL	15:117db924cf7c	10597	word32 certSz;
wolfSSL	15:117db924cf7c	10598
wolfSSL	16:8e0d178b1d1e	10599	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	10600	if (args->totalCerts > ssl->verifyDepth) {
wolfSSL	15:117db924cf7c	10601	ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL	15:117db924cf7c	10602	ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10603	}
wolfSSL	15:117db924cf7c	10604	#else
wolfSSL	15:117db924cf7c	10605	if (args->totalCerts >= ssl->verifyDepth \|\|
wolfSSL	15:117db924cf7c	10606	args->totalCerts >= MAX_CHAIN_DEPTH) {
wolfSSL	15:117db924cf7c	10607	ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10608	}
wolfSSL	15:117db924cf7c	10609	#endif
wolfSSL	15:117db924cf7c	10610
wolfSSL	15:117db924cf7c	10611	if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) {
wolfSSL	15:117db924cf7c	10612	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10613	}
wolfSSL	15:117db924cf7c	10614
wolfSSL	15:117db924cf7c	10615	c24to32(input + args->idx, &certSz);
wolfSSL	15:117db924cf7c	10616	args->idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	10617
wolfSSL	15:117db924cf7c	10618	if ((args->idx - args->begin) + certSz > totalSz) {
wolfSSL	15:117db924cf7c	10619	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	10620	}
wolfSSL	15:117db924cf7c	10621
wolfSSL	15:117db924cf7c	10622	args->certs[args->totalCerts].length = certSz;
wolfSSL	15:117db924cf7c	10623	args->certs[args->totalCerts].buffer = input + args->idx;
wolfSSL	15:117db924cf7c	10624
wolfSSL	15:117db924cf7c	10625	#ifdef SESSION_CERTS
wolfSSL	15:117db924cf7c	10626	AddSessionCertToChain(&ssl->session.chain,
wolfSSL	15:117db924cf7c	10627	input + args->idx, certSz);
wolfSSL	15:117db924cf7c	10628	#endif /* SESSION_CERTS */
wolfSSL	15:117db924cf7c	10629
wolfSSL	15:117db924cf7c	10630	args->idx += certSz;
wolfSSL	15:117db924cf7c	10631	listSz -= certSz + CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	10632
wolfSSL	15:117db924cf7c	10633	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	10634	/* Extensions */
wolfSSL	15:117db924cf7c	10635	if (ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	10636	word16 extSz;
wolfSSL	15:117db924cf7c	10637
wolfSSL	16:8e0d178b1d1e	10638	if ((args->idx - args->begin) + OPAQUE16_LEN > totalSz) {
wolfSSL	16:8e0d178b1d1e	10639	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	16:8e0d178b1d1e	10640	}
wolfSSL	15:117db924cf7c	10641	ato16(input + args->idx, &extSz);
wolfSSL	15:117db924cf7c	10642	args->idx += OPAQUE16_LEN;
wolfSSL	16:8e0d178b1d1e	10643	if ((args->idx - args->begin) + extSz > totalSz) {
wolfSSL	16:8e0d178b1d1e	10644	ERROR_OUT(BUFFER_ERROR, exit_ppc);
wolfSSL	16:8e0d178b1d1e	10645	}
wolfSSL	15:117db924cf7c	10646	/* Store extension data info for later processing. */
wolfSSL	15:117db924cf7c	10647	args->exts[args->totalCerts].length = extSz;
wolfSSL	15:117db924cf7c	10648	args->exts[args->totalCerts].buffer = input + args->idx;
wolfSSL	15:117db924cf7c	10649	args->idx += extSz;
wolfSSL	15:117db924cf7c	10650	listSz -= extSz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	10651	ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
wolfSSL	15:117db924cf7c	10652	args->exts[args->totalCerts].length, certificate, NULL);
wolfSSL	16:8e0d178b1d1e	10653	if (ret < 0) {
wolfSSL	16:8e0d178b1d1e	10654	ERROR_OUT(ret, exit_ppc);
wolfSSL	16:8e0d178b1d1e	10655	}
wolfSSL	15:117db924cf7c	10656	}
wolfSSL	15:117db924cf7c	10657	#endif
wolfSSL	15:117db924cf7c	10658
wolfSSL	15:117db924cf7c	10659	args->totalCerts++;
wolfSSL	15:117db924cf7c	10660	WOLFSSL_MSG("\tPut another cert into chain");
wolfSSL	15:117db924cf7c	10661	} /* while (listSz) */
wolfSSL	15:117db924cf7c	10662
wolfSSL	15:117db924cf7c	10663	args->count = args->totalCerts;
wolfSSL	16:8e0d178b1d1e	10664	args->certIdx = 0; /* select peer cert (first one) */
wolfSSL	16:8e0d178b1d1e	10665
wolfSSL	16:8e0d178b1d1e	10666	if (args->count == 0 && ssl->options.mutualAuth &&
wolfSSL	16:8e0d178b1d1e	10667	ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	16:8e0d178b1d1e	10668	ret = NO_PEER_CERT;
wolfSSL	16:8e0d178b1d1e	10669	DoCertFatalAlert(ssl, ret);
wolfSSL	16:8e0d178b1d1e	10670	}
wolfSSL	15:117db924cf7c	10671
wolfSSL	15:117db924cf7c	10672	args->dCertInit = 0;
wolfSSL	16:8e0d178b1d1e	10673	#ifndef WOLFSSL_SMALL_CERT_VERIFY
wolfSSL	15:117db924cf7c	10674	args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL	15:117db924cf7c	10675	DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	10676	if (args->dCert == NULL) {
wolfSSL	15:117db924cf7c	10677	ERROR_OUT(MEMORY_E, exit_ppc);
wolfSSL	15:117db924cf7c	10678	}
wolfSSL	16:8e0d178b1d1e	10679	XMEMSET(args->dCert, 0, sizeof(DecodedCert));
wolfSSL	16:8e0d178b1d1e	10680	#endif
wolfSSL	15:117db924cf7c	10681
wolfSSL	15:117db924cf7c	10682	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	10683	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	10684	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	10685	FALL_THROUGH;
wolfSSL	15:117db924cf7c	10686
wolfSSL	15:117db924cf7c	10687	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	10688	{
wolfSSL	15:117db924cf7c	10689	if (args->count > 0) {
wolfSSL	16:8e0d178b1d1e	10690
wolfSSL	16:8e0d178b1d1e	10691	/* check for trusted peer and get untrustedDepth */
wolfSSL	16:8e0d178b1d1e	10692	#if defined(WOLFSSL_TRUST_PEER_CERT) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	10693	if (args->certIdx == 0) {
wolfSSL	16:8e0d178b1d1e	10694	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	15:117db924cf7c	10695	TrustedPeerCert* tp;
wolfSSL	16:8e0d178b1d1e	10696	int matchType = WC_MATCH_NAME;
wolfSSL	16:8e0d178b1d1e	10697	#endif
wolfSSL	16:8e0d178b1d1e	10698
wolfSSL	16:8e0d178b1d1e	10699	ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, NO_VERIFY,
wolfSSL	16:8e0d178b1d1e	10700	&subjectHash, &alreadySigner);
wolfSSL	15:117db924cf7c	10701	if (ret != 0)
wolfSSL	15:117db924cf7c	10702	goto exit_ppc;
wolfSSL	15:117db924cf7c	10703
wolfSSL	16:8e0d178b1d1e	10704	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	10705	/* Determine untrusted depth */
wolfSSL	16:8e0d178b1d1e	10706	if (!alreadySigner && (!args->dCert \|\|
wolfSSL	16:8e0d178b1d1e	10707	!args->dCertInit \|\| !args->dCert->selfSigned)) {
wolfSSL	16:8e0d178b1d1e	10708	args->untrustedDepth = 1;
wolfSSL	16:8e0d178b1d1e	10709	}
wolfSSL	16:8e0d178b1d1e	10710	#endif
wolfSSL	16:8e0d178b1d1e	10711
wolfSSL	16:8e0d178b1d1e	10712	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	16:8e0d178b1d1e	10713	#ifndef NO_SKID
wolfSSL	16:8e0d178b1d1e	10714	if (args->dCert->extAuthKeyIdSet)
wolfSSL	16:8e0d178b1d1e	10715	matchType = WC_MATCH_SKID;
wolfSSL	16:8e0d178b1d1e	10716	#endif
wolfSSL	16:8e0d178b1d1e	10717	tp = GetTrustedPeer(ssl->ctx->cm, subjectHash, matchType);
wolfSSL	15:117db924cf7c	10718	WOLFSSL_MSG("Checking for trusted peer cert");
wolfSSL	15:117db924cf7c	10719
wolfSSL	16:8e0d178b1d1e	10720	if (tp && MatchTrustedPeer(tp, args->dCert)) {
wolfSSL	16:8e0d178b1d1e	10721	WOLFSSL_MSG("Found matching trusted peer cert");
wolfSSL	16:8e0d178b1d1e	10722	args->haveTrustPeer = 1;
wolfSSL	16:8e0d178b1d1e	10723	}
wolfSSL	16:8e0d178b1d1e	10724	else if (tp == NULL) {
wolfSSL	15:117db924cf7c	10725	/* no trusted peer cert */
wolfSSL	16:8e0d178b1d1e	10726	WOLFSSL_MSG("No matching trusted peer cert. Checking CAs");
wolfSSL	16:8e0d178b1d1e	10727	}
wolfSSL	16:8e0d178b1d1e	10728	else {
wolfSSL	16:8e0d178b1d1e	10729	WOLFSSL_MSG("Trusted peer cert did not match!");
wolfSSL	16:8e0d178b1d1e	10730	}
wolfSSL	16:8e0d178b1d1e	10731	if (!args->haveTrustPeer)
wolfSSL	16:8e0d178b1d1e	10732	#endif
wolfSSL	16:8e0d178b1d1e	10733	{
wolfSSL	16:8e0d178b1d1e	10734	/* free cert if not trusted peer */
wolfSSL	15:117db924cf7c	10735	FreeDecodedCert(args->dCert);
wolfSSL	15:117db924cf7c	10736	args->dCertInit = 0;
wolfSSL	16:8e0d178b1d1e	10737	}
wolfSSL	16:8e0d178b1d1e	10738	}
wolfSSL	16:8e0d178b1d1e	10739	#endif /* WOLFSSL_TRUST_PEER_CERT \|\| OPENSSL_EXTRA */
wolfSSL	16:8e0d178b1d1e	10740
wolfSSL	16:8e0d178b1d1e	10741	/* check certificate up to peer's first */
wolfSSL	15:117db924cf7c	10742	/* do not verify chain if trusted peer cert found */
wolfSSL	15:117db924cf7c	10743	while (args->count > 1
wolfSSL	15:117db924cf7c	10744	#ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL	16:8e0d178b1d1e	10745	&& !args->haveTrustPeer
wolfSSL	15:117db924cf7c	10746	#endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL	15:117db924cf7c	10747	) {
wolfSSL	16:8e0d178b1d1e	10748	int skipAddCA = 0;
wolfSSL	16:8e0d178b1d1e	10749
wolfSSL	16:8e0d178b1d1e	10750	/* select last certificate */
wolfSSL	15:117db924cf7c	10751	args->certIdx = args->count - 1;
wolfSSL	16:8e0d178b1d1e	10752
wolfSSL	16:8e0d178b1d1e	10753	ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
wolfSSL	16:8e0d178b1d1e	10754	!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
wolfSSL	16:8e0d178b1d1e	10755	&subjectHash, &alreadySigner);
wolfSSL	15:117db924cf7c	10756	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	10757	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	10758	goto exit_ppc;
wolfSSL	16:8e0d178b1d1e	10759	#endif
wolfSSL	16:8e0d178b1d1e	10760	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	10761	ret = ProcessPeerCertCheckKey(ssl, args);
wolfSSL	16:8e0d178b1d1e	10762	}
wolfSSL	15:117db924cf7c	10763
wolfSSL	15:117db924cf7c	10764	if (ret == 0 && args->dCert->isCA == 0) {
wolfSSL	15:117db924cf7c	10765	WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL	15:117db924cf7c	10766	}
wolfSSL	15:117db924cf7c	10767	else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL	16:8e0d178b1d1e	10768	WOLFSSL_MSG("Chain cert not verified by option, "
wolfSSL	16:8e0d178b1d1e	10769	"not adding as CA");
wolfSSL	16:8e0d178b1d1e	10770	}
wolfSSL	16:8e0d178b1d1e	10771	else if (ret == 0) {
wolfSSL	15:117db924cf7c	10772	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	10773	if (args->certIdx > args->untrustedDepth) {
wolfSSL	16:8e0d178b1d1e	10774	args->untrustedDepth = (char)args->certIdx + 1;
wolfSSL	16:8e0d178b1d1e	10775	}
wolfSSL	16:8e0d178b1d1e	10776	#endif
wolfSSL	16:8e0d178b1d1e	10777
wolfSSL	16:8e0d178b1d1e	10778	if (alreadySigner) {
wolfSSL	16:8e0d178b1d1e	10779	WOLFSSL_MSG("Verified CA from chain and already had it");
wolfSSL	16:8e0d178b1d1e	10780	}
wolfSSL	15:117db924cf7c	10781	}
wolfSSL	15:117db924cf7c	10782	else {
wolfSSL	16:8e0d178b1d1e	10783	WOLFSSL_MSG("Failed to verify CA from chain");
wolfSSL	16:8e0d178b1d1e	10784	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	16:8e0d178b1d1e	10785	ssl->peerVerifyRet = X509_V_ERR_INVALID_CA;
wolfSSL	16:8e0d178b1d1e	10786	#endif
wolfSSL	16:8e0d178b1d1e	10787	}
wolfSSL	15:117db924cf7c	10788
wolfSSL	15:117db924cf7c	10789	#if defined(HAVE_OCSP) \|\| defined(HAVE_CRL)
wolfSSL	15:117db924cf7c	10790	if (ret == 0) {
wolfSSL	15:117db924cf7c	10791	int doCrlLookup = 1;
wolfSSL	15:117db924cf7c	10792	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	10793	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	10794	if (ssl->status_request_v2) {
wolfSSL	15:117db924cf7c	10795	ret = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL	15:117db924cf7c	10796	args->dCert, 0, ssl->heap);
wolfSSL	15:117db924cf7c	10797	}
wolfSSL	15:117db924cf7c	10798	else /* skips OCSP and force CRL check */
wolfSSL	15:117db924cf7c	10799	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	15:117db924cf7c	10800	if (ssl->ctx->cm->ocspEnabled &&
wolfSSL	15:117db924cf7c	10801	ssl->ctx->cm->ocspCheckAll) {
wolfSSL	15:117db924cf7c	10802	WOLFSSL_MSG("Doing Non Leaf OCSP check");
wolfSSL	15:117db924cf7c	10803	ret = CheckCertOCSP_ex(ssl->ctx->cm->ocsp,
wolfSSL	15:117db924cf7c	10804	args->dCert, NULL, ssl);
wolfSSL	15:117db924cf7c	10805	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	10806	if (ret == OCSP_WANT_READ) {
wolfSSL	15:117db924cf7c	10807	args->lastErr = ret;
wolfSSL	15:117db924cf7c	10808	goto exit_ppc;
wolfSSL	15:117db924cf7c	10809	}
wolfSSL	15:117db924cf7c	10810	#endif
wolfSSL	15:117db924cf7c	10811	doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL	15:117db924cf7c	10812	if (ret != 0) {
wolfSSL	15:117db924cf7c	10813	doCrlLookup = 0;
wolfSSL	15:117db924cf7c	10814	WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL	15:117db924cf7c	10815	}
wolfSSL	15:117db924cf7c	10816	}
wolfSSL	15:117db924cf7c	10817	#endif /* HAVE_OCSP */
wolfSSL	15:117db924cf7c	10818
wolfSSL	15:117db924cf7c	10819	#ifdef HAVE_CRL
wolfSSL	15:117db924cf7c	10820	if (ret == 0 && doCrlLookup &&
wolfSSL	15:117db924cf7c	10821	ssl->ctx->cm->crlEnabled &&
wolfSSL	15:117db924cf7c	10822	ssl->ctx->cm->crlCheckAll) {
wolfSSL	15:117db924cf7c	10823	WOLFSSL_MSG("Doing Non Leaf CRL check");
wolfSSL	15:117db924cf7c	10824	ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL	15:117db924cf7c	10825	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	10826	if (ret == OCSP_WANT_READ) {
wolfSSL	15:117db924cf7c	10827	args->lastErr = ret;
wolfSSL	15:117db924cf7c	10828	goto exit_ppc;
wolfSSL	15:117db924cf7c	10829	}
wolfSSL	15:117db924cf7c	10830	#endif
wolfSSL	15:117db924cf7c	10831	if (ret != 0) {
wolfSSL	15:117db924cf7c	10832	WOLFSSL_MSG("\tCRL check not ok");
wolfSSL	15:117db924cf7c	10833	}
wolfSSL	15:117db924cf7c	10834	}
wolfSSL	15:117db924cf7c	10835	#endif /* HAVE_CRL */
wolfSSL	15:117db924cf7c	10836	(void)doCrlLookup;
wolfSSL	15:117db924cf7c	10837	}
wolfSSL	15:117db924cf7c	10838	#endif /* HAVE_OCSP \|\| HAVE_CRL */
wolfSSL	15:117db924cf7c	10839
wolfSSL	16:8e0d178b1d1e	10840	/* Do verify callback */
wolfSSL	16:8e0d178b1d1e	10841	ret = DoVerifyCallback(ssl->ctx->cm, ssl, ret, args);
wolfSSL	16:8e0d178b1d1e	10842
wolfSSL	16:8e0d178b1d1e	10843	#ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL	16:8e0d178b1d1e	10844	/* For alternate cert chain, its okay for a CA cert to fail
wolfSSL	16:8e0d178b1d1e	10845	with ASN_NO_SIGNER_E here. The "alternate" certificate
wolfSSL	16:8e0d178b1d1e	10846	chain mode only requires that the peer certificate
wolfSSL	16:8e0d178b1d1e	10847	validate to a trusted CA */
wolfSSL	16:8e0d178b1d1e	10848	if (ret != 0 && args->dCert->isCA) {
wolfSSL	16:8e0d178b1d1e	10849	if (ret == ASN_NO_SIGNER_E) {
wolfSSL	16:8e0d178b1d1e	10850	if (!ssl->options.usingAltCertChain) {
wolfSSL	16:8e0d178b1d1e	10851	WOLFSSL_MSG("Trying alternate cert chain");
wolfSSL	16:8e0d178b1d1e	10852	ssl->options.usingAltCertChain = 1;
wolfSSL	16:8e0d178b1d1e	10853	}
wolfSSL	16:8e0d178b1d1e	10854
wolfSSL	16:8e0d178b1d1e	10855	ret = 0; /* clear error and continue */
wolfSSL	16:8e0d178b1d1e	10856	}
wolfSSL	16:8e0d178b1d1e	10857
wolfSSL	16:8e0d178b1d1e	10858	/* do not add to certificate manager */
wolfSSL	16:8e0d178b1d1e	10859	skipAddCA = 1;
wolfSSL	16:8e0d178b1d1e	10860	}
wolfSSL	16:8e0d178b1d1e	10861	#endif /* WOLFSSL_ALT_CERT_CHAINS */
wolfSSL	16:8e0d178b1d1e	10862
wolfSSL	16:8e0d178b1d1e	10863	/* If valid CA then add to Certificate Manager */
wolfSSL	16:8e0d178b1d1e	10864	if (ret == 0 && args->dCert->isCA &&
wolfSSL	16:8e0d178b1d1e	10865	!ssl->options.verifyNone && !skipAddCA) {
wolfSSL	16:8e0d178b1d1e	10866	buffer* cert = &args->certs[args->certIdx];
wolfSSL	16:8e0d178b1d1e	10867
wolfSSL	16:8e0d178b1d1e	10868	/* Is valid CA */
wolfSSL	16:8e0d178b1d1e	10869	#if defined(SESSION_CERTS) && defined(WOLFSSL_ALT_CERT_CHAINS)
wolfSSL	16:8e0d178b1d1e	10870	/* if using alternate chain, store the cert used */
wolfSSL	16:8e0d178b1d1e	10871	if (ssl->options.usingAltCertChain) {
wolfSSL	16:8e0d178b1d1e	10872	AddSessionCertToChain(&ssl->session.altChain,
wolfSSL	16:8e0d178b1d1e	10873	cert->buffer, cert->length);
wolfSSL	16:8e0d178b1d1e	10874	}
wolfSSL	16:8e0d178b1d1e	10875	#endif /* SESSION_CERTS && WOLFSSL_ALT_CERT_CHAINS */
wolfSSL	16:8e0d178b1d1e	10876	if (!alreadySigner) {
wolfSSL	16:8e0d178b1d1e	10877	DerBuffer* add = NULL;
wolfSSL	16:8e0d178b1d1e	10878	ret = AllocDer(&add, cert->length, CA_TYPE, ssl->heap);
wolfSSL	16:8e0d178b1d1e	10879	if (ret < 0)
wolfSSL	16:8e0d178b1d1e	10880	goto exit_ppc;
wolfSSL	16:8e0d178b1d1e	10881
wolfSSL	16:8e0d178b1d1e	10882	XMEMCPY(add->buffer, cert->buffer, cert->length);
wolfSSL	16:8e0d178b1d1e	10883
wolfSSL	16:8e0d178b1d1e	10884	/* CA already verified above in ParseCertRelative */
wolfSSL	16:8e0d178b1d1e	10885	WOLFSSL_MSG("Adding CA from chain");
wolfSSL	16:8e0d178b1d1e	10886	ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA,
wolfSSL	16:8e0d178b1d1e	10887	NO_VERIFY);
wolfSSL	16:8e0d178b1d1e	10888	if (ret == WOLFSSL_SUCCESS) {
wolfSSL	16:8e0d178b1d1e	10889	ret = 0;
wolfSSL	16:8e0d178b1d1e	10890	}
wolfSSL	16:8e0d178b1d1e	10891	}
wolfSSL	16:8e0d178b1d1e	10892	}
wolfSSL	16:8e0d178b1d1e	10893
wolfSSL	16:8e0d178b1d1e	10894	/* Handle error codes */
wolfSSL	15:117db924cf7c	10895	if (ret != 0) {
wolfSSL	15:117db924cf7c	10896	if (!ssl->options.verifyNone) {
wolfSSL	16:8e0d178b1d1e	10897	DoCertFatalAlert(ssl, ret);
wolfSSL	16:8e0d178b1d1e	10898	}
wolfSSL	16:8e0d178b1d1e	10899	ssl->error = ret; /* Report SSL error */
wolfSSL	16:8e0d178b1d1e	10900
wolfSSL	16:8e0d178b1d1e	10901	if (args->lastErr == 0) {
wolfSSL	16:8e0d178b1d1e	10902	args->lastErr = ret; /* save error from last time */
wolfSSL	16:8e0d178b1d1e	10903	ret = 0; /* reset error */
wolfSSL	16:8e0d178b1d1e	10904	}
wolfSSL	15:117db924cf7c	10905	}
wolfSSL	15:117db924cf7c	10906
wolfSSL	15:117db924cf7c	10907	FreeDecodedCert(args->dCert);
wolfSSL	15:117db924cf7c	10908	args->dCertInit = 0;
wolfSSL	15:117db924cf7c	10909	args->count--;
wolfSSL	16:8e0d178b1d1e	10910	} /* while (count > 0 && !args->haveTrustPeer) */
wolfSSL	15:117db924cf7c	10911	} /* if (count > 0) */
wolfSSL	15:117db924cf7c	10912
wolfSSL	15:117db924cf7c	10913	/* Check for error */
wolfSSL	15:117db924cf7c	10914	if (ret != 0) {
wolfSSL	15:117db924cf7c	10915	goto exit_ppc;
wolfSSL	15:117db924cf7c	10916	}
wolfSSL	15:117db924cf7c	10917
wolfSSL	15:117db924cf7c	10918	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	10919	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	10920	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	10921	FALL_THROUGH;
wolfSSL	15:117db924cf7c	10922
wolfSSL	15:117db924cf7c	10923	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	10924	{
wolfSSL	15:117db924cf7c	10925	/* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL	15:117db924cf7c	10926	if (args->count > 0) {
wolfSSL	15:117db924cf7c	10927	WOLFSSL_MSG("Verifying Peer's cert");
wolfSSL	15:117db924cf7c	10928
wolfSSL	16:8e0d178b1d1e	10929	/* select peer cert (first one) */
wolfSSL	15:117db924cf7c	10930	args->certIdx = 0;
wolfSSL	16:8e0d178b1d1e	10931
wolfSSL	16:8e0d178b1d1e	10932	ret = ProcessPeerCertParse(ssl, args, CERT_TYPE,
wolfSSL	16:8e0d178b1d1e	10933	!ssl->options.verifyNone ? VERIFY : NO_VERIFY,
wolfSSL	16:8e0d178b1d1e	10934	&subjectHash, &alreadySigner);
wolfSSL	16:8e0d178b1d1e	10935	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	10936	if (ret == WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	10937	goto exit_ppc;
wolfSSL	16:8e0d178b1d1e	10938	#endif
wolfSSL	15:117db924cf7c	10939	if (ret == 0) {
wolfSSL	15:117db924cf7c	10940	WOLFSSL_MSG("Verified Peer's cert");
wolfSSL	16:8e0d178b1d1e	10941	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	10942	ssl->peerVerifyRet = X509_V_OK;
wolfSSL	15:117db924cf7c	10943	#endif
wolfSSL	15:117db924cf7c	10944	#if defined(SESSION_CERTS) && defined(WOLFSSL_ALT_CERT_CHAINS)
wolfSSL	16:8e0d178b1d1e	10945	/* if using alternate chain, store the cert used */
wolfSSL	15:117db924cf7c	10946	if (ssl->options.usingAltCertChain) {
wolfSSL	16:8e0d178b1d1e	10947	buffer* cert = &args->certs[args->certIdx];
wolfSSL	15:117db924cf7c	10948	AddSessionCertToChain(&ssl->session.altChain,
wolfSSL	15:117db924cf7c	10949	cert->buffer, cert->length);
wolfSSL	15:117db924cf7c	10950	}
wolfSSL	15:117db924cf7c	10951	#endif /* SESSION_CERTS && WOLFSSL_ALT_CERT_CHAINS */
wolfSSL	16:8e0d178b1d1e	10952
wolfSSL	16:8e0d178b1d1e	10953	/* check if fatal error */
wolfSSL	16:8e0d178b1d1e	10954	if (args->verifyErr) {
wolfSSL	16:8e0d178b1d1e	10955	args->fatal = 1;
wolfSSL	16:8e0d178b1d1e	10956	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	10957	ret = args->lastErr;
wolfSSL	16:8e0d178b1d1e	10958	}
wolfSSL	16:8e0d178b1d1e	10959	}
wolfSSL	16:8e0d178b1d1e	10960	else {
wolfSSL	16:8e0d178b1d1e	10961	args->fatal = 0;
wolfSSL	16:8e0d178b1d1e	10962	}
wolfSSL	15:117db924cf7c	10963	}
wolfSSL	15:117db924cf7c	10964	else if (ret == ASN_PARSE_E \|\| ret == BUFFER_E) {
wolfSSL	15:117db924cf7c	10965	WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
wolfSSL	16:8e0d178b1d1e	10966	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	10967	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	15:117db924cf7c	10968	ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL	15:117db924cf7c	10969	#endif
wolfSSL	15:117db924cf7c	10970	args->fatal = 1;
wolfSSL	15:117db924cf7c	10971	}
wolfSSL	15:117db924cf7c	10972	else {
wolfSSL	15:117db924cf7c	10973	WOLFSSL_MSG("Failed to verify Peer's cert");
wolfSSL	16:8e0d178b1d1e	10974	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	10975	ssl->peerVerifyRet = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
wolfSSL	15:117db924cf7c	10976	#endif
wolfSSL	15:117db924cf7c	10977	if (ssl->verifyCallback) {
wolfSSL	15:117db924cf7c	10978	WOLFSSL_MSG(
wolfSSL	15:117db924cf7c	10979	"\tCallback override available, will continue");
wolfSSL	16:8e0d178b1d1e	10980	/* check if fatal error */
wolfSSL	16:8e0d178b1d1e	10981	args->fatal = (args->verifyErr) ? 1 : 0;
wolfSSL	15:117db924cf7c	10982	}
wolfSSL	15:117db924cf7c	10983	else {
wolfSSL	15:117db924cf7c	10984	WOLFSSL_MSG("\tNo callback override available, fatal");
wolfSSL	15:117db924cf7c	10985	args->fatal = 1;
wolfSSL	15:117db924cf7c	10986	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	10987	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	15:117db924cf7c	10988	#endif
wolfSSL	15:117db924cf7c	10989	}
wolfSSL	15:117db924cf7c	10990	}
wolfSSL	15:117db924cf7c	10991
wolfSSL	15:117db924cf7c	10992	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	10993	if (args->fatal == 0 && !IsAtLeastTLSv1_3(ssl->version)
wolfSSL	16:8e0d178b1d1e	10994	&& ssl->secure_renegotiation
wolfSSL	16:8e0d178b1d1e	10995	&& ssl->secure_renegotiation->enabled) {
wolfSSL	15:117db924cf7c	10996
wolfSSL	15:117db924cf7c	10997	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	10998	/* compare against previous time */
wolfSSL	16:8e0d178b1d1e	10999	if (ssl->secure_renegotiation->subject_hash_set) {
wolfSSL	16:8e0d178b1d1e	11000	if (XMEMCMP(args->dCert->subjectHash,
wolfSSL	16:8e0d178b1d1e	11001	ssl->secure_renegotiation->subject_hash,
wolfSSL	16:8e0d178b1d1e	11002	KEYID_SIZE) != 0) {
wolfSSL	16:8e0d178b1d1e	11003	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	11004	"Peer sent different cert during scr, fatal");
wolfSSL	16:8e0d178b1d1e	11005	args->fatal = 1;
wolfSSL	16:8e0d178b1d1e	11006	ret = SCR_DIFFERENT_CERT_E;
wolfSSL	16:8e0d178b1d1e	11007	}
wolfSSL	15:117db924cf7c	11008	}
wolfSSL	15:117db924cf7c	11009	}
wolfSSL	15:117db924cf7c	11010
wolfSSL	15:117db924cf7c	11011	/* cache peer's hash */
wolfSSL	15:117db924cf7c	11012	if (args->fatal == 0) {
wolfSSL	15:117db924cf7c	11013	XMEMCPY(ssl->secure_renegotiation->subject_hash,
wolfSSL	16:8e0d178b1d1e	11014	args->dCert->subjectHash, KEYID_SIZE);
wolfSSL	16:8e0d178b1d1e	11015	ssl->secure_renegotiation->subject_hash_set = 1;
wolfSSL	15:117db924cf7c	11016	}
wolfSSL	15:117db924cf7c	11017	}
wolfSSL	15:117db924cf7c	11018	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	15:117db924cf7c	11019	} /* if (count > 0) */
wolfSSL	15:117db924cf7c	11020
wolfSSL	15:117db924cf7c	11021	/* Check for error */
wolfSSL	15:117db924cf7c	11022	if (args->fatal && ret != 0) {
wolfSSL	15:117db924cf7c	11023	goto exit_ppc;
wolfSSL	15:117db924cf7c	11024	}
wolfSSL	15:117db924cf7c	11025
wolfSSL	15:117db924cf7c	11026	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	11027	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	11028	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	11029	FALL_THROUGH;
wolfSSL	15:117db924cf7c	11030
wolfSSL	15:117db924cf7c	11031	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	11032	{
wolfSSL	15:117db924cf7c	11033	if (args->count > 0) {
wolfSSL	15:117db924cf7c	11034	#if defined(HAVE_OCSP) \|\| defined(HAVE_CRL)
wolfSSL	15:117db924cf7c	11035	if (args->fatal == 0) {
wolfSSL	15:117db924cf7c	11036	int doLookup = 1;
wolfSSL	15:117db924cf7c	11037
wolfSSL	15:117db924cf7c	11038	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	11039	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	11040	if (ssl->status_request) {
wolfSSL	15:117db924cf7c	11041	args->fatal = TLSX_CSR_InitRequest(ssl->extensions,
wolfSSL	15:117db924cf7c	11042	args->dCert, ssl->heap);
wolfSSL	15:117db924cf7c	11043	doLookup = 0;
wolfSSL	16:8e0d178b1d1e	11044	#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
wolfSSL	15:117db924cf7c	11045	if (ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	11046	TLSX* ext = TLSX_Find(ssl->extensions,
wolfSSL	15:117db924cf7c	11047	TLSX_STATUS_REQUEST);
wolfSSL	15:117db924cf7c	11048	if (ext != NULL) {
wolfSSL	15:117db924cf7c	11049	word32 idx = 0;
wolfSSL	15:117db924cf7c	11050	CertificateStatusRequest* csr =
wolfSSL	15:117db924cf7c	11051	(CertificateStatusRequest*)ext->data;
wolfSSL	15:117db924cf7c	11052	ret = ProcessCSR(ssl, csr->response.buffer,
wolfSSL	15:117db924cf7c	11053	&idx, csr->response.length);
wolfSSL	15:117db924cf7c	11054	if (ret < 0)
wolfSSL	15:117db924cf7c	11055	goto exit_ppc;
wolfSSL	15:117db924cf7c	11056	}
wolfSSL	15:117db924cf7c	11057	}
wolfSSL	15:117db924cf7c	11058	#endif
wolfSSL	15:117db924cf7c	11059	}
wolfSSL	15:117db924cf7c	11060	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL	15:117db924cf7c	11061	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	11062	if (ssl->status_request_v2) {
wolfSSL	15:117db924cf7c	11063	args->fatal = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL	15:117db924cf7c	11064	args->dCert, 1, ssl->heap);
wolfSSL	15:117db924cf7c	11065	doLookup = 0;
wolfSSL	15:117db924cf7c	11066	}
wolfSSL	15:117db924cf7c	11067	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	15:117db924cf7c	11068	}
wolfSSL	15:117db924cf7c	11069
wolfSSL	15:117db924cf7c	11070	#ifdef HAVE_OCSP
wolfSSL	15:117db924cf7c	11071	if (doLookup && ssl->ctx->cm->ocspEnabled) {
wolfSSL	15:117db924cf7c	11072	WOLFSSL_MSG("Doing Leaf OCSP check");
wolfSSL	15:117db924cf7c	11073	ret = CheckCertOCSP_ex(ssl->ctx->cm->ocsp,
wolfSSL	15:117db924cf7c	11074	args->dCert, NULL, ssl);
wolfSSL	15:117db924cf7c	11075	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	11076	if (ret == OCSP_WANT_READ) {
wolfSSL	15:117db924cf7c	11077	goto exit_ppc;
wolfSSL	15:117db924cf7c	11078	}
wolfSSL	15:117db924cf7c	11079	#endif
wolfSSL	15:117db924cf7c	11080	doLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL	15:117db924cf7c	11081	if (ret != 0) {
wolfSSL	15:117db924cf7c	11082	WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL	15:117db924cf7c	11083	args->fatal = 0;
wolfSSL	16:8e0d178b1d1e	11084	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	11085	ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL	15:117db924cf7c	11086	#endif
wolfSSL	15:117db924cf7c	11087	}
wolfSSL	15:117db924cf7c	11088	}
wolfSSL	15:117db924cf7c	11089	#endif /* HAVE_OCSP */
wolfSSL	15:117db924cf7c	11090
wolfSSL	15:117db924cf7c	11091	#ifdef HAVE_CRL
wolfSSL	15:117db924cf7c	11092	if (doLookup && ssl->ctx->cm->crlEnabled) {
wolfSSL	15:117db924cf7c	11093	WOLFSSL_MSG("Doing Leaf CRL check");
wolfSSL	15:117db924cf7c	11094	ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL	15:117db924cf7c	11095	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	11096	if (ret == OCSP_WANT_READ) {
wolfSSL	15:117db924cf7c	11097	goto exit_ppc;
wolfSSL	15:117db924cf7c	11098	}
wolfSSL	15:117db924cf7c	11099	#endif
wolfSSL	15:117db924cf7c	11100	if (ret != 0) {
wolfSSL	15:117db924cf7c	11101	WOLFSSL_MSG("\tCRL check not ok");
wolfSSL	15:117db924cf7c	11102	args->fatal = 0;
wolfSSL	16:8e0d178b1d1e	11103	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	11104	ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL	15:117db924cf7c	11105	#endif
wolfSSL	15:117db924cf7c	11106	}
wolfSSL	15:117db924cf7c	11107	}
wolfSSL	15:117db924cf7c	11108	#endif /* HAVE_CRL */
wolfSSL	15:117db924cf7c	11109	(void)doLookup;
wolfSSL	15:117db924cf7c	11110	}
wolfSSL	15:117db924cf7c	11111	#endif /* HAVE_OCSP \|\| HAVE_CRL */
wolfSSL	15:117db924cf7c	11112
wolfSSL	15:117db924cf7c	11113	#ifdef KEEP_PEER_CERT
wolfSSL	15:117db924cf7c	11114	if (args->fatal == 0) {
wolfSSL	16:8e0d178b1d1e	11115	int copyRet = 0;
wolfSSL	16:8e0d178b1d1e	11116
wolfSSL	16:8e0d178b1d1e	11117	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	11118	if (ssl->secure_renegotiation &&
wolfSSL	16:8e0d178b1d1e	11119	ssl->secure_renegotiation->enabled) {
wolfSSL	16:8e0d178b1d1e	11120	/* free old peer cert */
wolfSSL	16:8e0d178b1d1e	11121	FreeX509(&ssl->peerCert);
wolfSSL	16:8e0d178b1d1e	11122	}
wolfSSL	16:8e0d178b1d1e	11123	#endif
wolfSSL	16:8e0d178b1d1e	11124
wolfSSL	15:117db924cf7c	11125	/* set X509 format for peer cert */
wolfSSL	16:8e0d178b1d1e	11126	copyRet = CopyDecodedToX509(&ssl->peerCert, args->dCert);
wolfSSL	15:117db924cf7c	11127	if (copyRet == MEMORY_E) {
wolfSSL	15:117db924cf7c	11128	args->fatal = 1;
wolfSSL	15:117db924cf7c	11129	}
wolfSSL	15:117db924cf7c	11130	}
wolfSSL	15:117db924cf7c	11131	#endif /* KEEP_PEER_CERT */
wolfSSL	15:117db924cf7c	11132
wolfSSL	15:117db924cf7c	11133	#ifndef IGNORE_KEY_EXTENSIONS
wolfSSL	15:117db924cf7c	11134	#if defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	11135	/* when compatibility layer is turned on and no verify is
wolfSSL	15:117db924cf7c	11136	* set then ignore the certificate key extension */
wolfSSL	15:117db924cf7c	11137	if (args->dCert->extKeyUsageSet &&
wolfSSL	15:117db924cf7c	11138	args->dCert->extKeyUsageCrit == 0 &&
wolfSSL	15:117db924cf7c	11139	ssl->options.verifyNone) {
wolfSSL	15:117db924cf7c	11140	WOLFSSL_MSG("Not verifying certificate key usage");
wolfSSL	15:117db924cf7c	11141	}
wolfSSL	15:117db924cf7c	11142	else
wolfSSL	15:117db924cf7c	11143	#endif
wolfSSL	15:117db924cf7c	11144	if (args->dCert->extKeyUsageSet) {
wolfSSL	15:117db924cf7c	11145	if ((ssl->specs.kea == rsa_kea) &&
wolfSSL	15:117db924cf7c	11146	(ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL	15:117db924cf7c	11147	(args->dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL	15:117db924cf7c	11148	ret = KEYUSE_ENCIPHER_E;
wolfSSL	15:117db924cf7c	11149	}
wolfSSL	15:117db924cf7c	11150	if ((ssl->specs.sig_algo == rsa_sa_algo \|\|
wolfSSL	15:117db924cf7c	11151	(ssl->specs.sig_algo == ecc_dsa_sa_algo &&
wolfSSL	15:117db924cf7c	11152	!ssl->specs.static_ecdh)) &&
wolfSSL	15:117db924cf7c	11153	(args->dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL	15:117db924cf7c	11154	WOLFSSL_MSG("KeyUse Digital Sig not set");
wolfSSL	15:117db924cf7c	11155	ret = KEYUSE_SIGNATURE_E;
wolfSSL	15:117db924cf7c	11156	}
wolfSSL	15:117db924cf7c	11157	}
wolfSSL	15:117db924cf7c	11158
wolfSSL	15:117db924cf7c	11159	#if defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	11160	/* when compatibility layer is turned on and no verify is
wolfSSL	15:117db924cf7c	11161	* set then ignore the certificate key extension */
wolfSSL	15:117db924cf7c	11162	if (args->dCert->extExtKeyUsageSet &&
wolfSSL	15:117db924cf7c	11163	args->dCert->extExtKeyUsageCrit == 0 &&
wolfSSL	15:117db924cf7c	11164	ssl->options.verifyNone) {
wolfSSL	15:117db924cf7c	11165	WOLFSSL_MSG("Not verifying certificate ext key usage");
wolfSSL	15:117db924cf7c	11166	}
wolfSSL	15:117db924cf7c	11167	else
wolfSSL	15:117db924cf7c	11168	#endif
wolfSSL	15:117db924cf7c	11169	if (args->dCert->extExtKeyUsageSet) {
wolfSSL	15:117db924cf7c	11170	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	11171	if ((args->dCert->extExtKeyUsage &
wolfSSL	15:117db924cf7c	11172	(EXTKEYUSE_ANY \| EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL	15:117db924cf7c	11173	WOLFSSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL	15:117db924cf7c	11174	ret = EXTKEYUSE_AUTH_E;
wolfSSL	15:117db924cf7c	11175	}
wolfSSL	15:117db924cf7c	11176	}
wolfSSL	15:117db924cf7c	11177	else {
wolfSSL	15:117db924cf7c	11178	if ((args->dCert->extExtKeyUsage &
wolfSSL	15:117db924cf7c	11179	(EXTKEYUSE_ANY \| EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL	15:117db924cf7c	11180	WOLFSSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL	15:117db924cf7c	11181	ret = EXTKEYUSE_AUTH_E;
wolfSSL	15:117db924cf7c	11182	}
wolfSSL	15:117db924cf7c	11183	}
wolfSSL	15:117db924cf7c	11184	}
wolfSSL	15:117db924cf7c	11185	#endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL	15:117db924cf7c	11186
wolfSSL	15:117db924cf7c	11187	if (args->fatal) {
wolfSSL	15:117db924cf7c	11188	ssl->error = ret;
wolfSSL	16:8e0d178b1d1e	11189	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	11190	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	15:117db924cf7c	11191	ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL	15:117db924cf7c	11192	#endif
wolfSSL	15:117db924cf7c	11193	goto exit_ppc;
wolfSSL	15:117db924cf7c	11194	}
wolfSSL	15:117db924cf7c	11195
wolfSSL	15:117db924cf7c	11196	ssl->options.havePeerCert = 1;
wolfSSL	15:117db924cf7c	11197
wolfSSL	15:117db924cf7c	11198	if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL	15:117db924cf7c	11199	#ifndef WOLFSSL_ALLOW_NO_CN_IN_SAN
wolfSSL	15:117db924cf7c	11200	/* Per RFC 5280 section 4.2.1.6, "Whenever such identities
wolfSSL	15:117db924cf7c	11201	* are to be bound into a certificate, the subject
wolfSSL	15:117db924cf7c	11202	* alternative name extension MUST be used." */
wolfSSL	15:117db924cf7c	11203	if (args->dCert->altNames) {
wolfSSL	15:117db924cf7c	11204	if (CheckAltNames(args->dCert,
wolfSSL	15:117db924cf7c	11205	(char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL	15:117db924cf7c	11206	WOLFSSL_MSG("DomainName match on alt names failed");
wolfSSL	15:117db924cf7c	11207	/* try to get peer key still */
wolfSSL	15:117db924cf7c	11208	ret = DOMAIN_NAME_MISMATCH;
wolfSSL	15:117db924cf7c	11209	}
wolfSSL	15:117db924cf7c	11210	}
wolfSSL	15:117db924cf7c	11211	else {
wolfSSL	15:117db924cf7c	11212	if (MatchDomainName(
wolfSSL	15:117db924cf7c	11213	args->dCert->subjectCN,
wolfSSL	15:117db924cf7c	11214	args->dCert->subjectCNLen,
wolfSSL	15:117db924cf7c	11215	(char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL	15:117db924cf7c	11216	WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL	15:117db924cf7c	11217	ret = DOMAIN_NAME_MISMATCH;
wolfSSL	15:117db924cf7c	11218	}
wolfSSL	15:117db924cf7c	11219	}
wolfSSL	15:117db924cf7c	11220	#else /* WOLFSSL_ALL_NO_CN_IN_SAN */
wolfSSL	15:117db924cf7c	11221	/* Old behavior. */
wolfSSL	15:117db924cf7c	11222	if (MatchDomainName(args->dCert->subjectCN,
wolfSSL	15:117db924cf7c	11223	args->dCert->subjectCNLen,
wolfSSL	15:117db924cf7c	11224	(char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL	15:117db924cf7c	11225	WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL	15:117db924cf7c	11226	if (CheckAltNames(args->dCert,
wolfSSL	15:117db924cf7c	11227	(char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL	15:117db924cf7c	11228	WOLFSSL_MSG(
wolfSSL	15:117db924cf7c	11229	"DomainName match on alt names failed too");
wolfSSL	15:117db924cf7c	11230	/* try to get peer key still */
wolfSSL	15:117db924cf7c	11231	ret = DOMAIN_NAME_MISMATCH;
wolfSSL	15:117db924cf7c	11232	}
wolfSSL	15:117db924cf7c	11233	}
wolfSSL	15:117db924cf7c	11234	#endif /* WOLFSSL_ALL_NO_CN_IN_SAN */
wolfSSL	15:117db924cf7c	11235	}
wolfSSL	15:117db924cf7c	11236
wolfSSL	15:117db924cf7c	11237	/* decode peer key */
wolfSSL	15:117db924cf7c	11238	switch (args->dCert->keyOID) {
wolfSSL	15:117db924cf7c	11239	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	11240	case RSAk:
wolfSSL	15:117db924cf7c	11241	{
wolfSSL	15:117db924cf7c	11242	word32 keyIdx = 0;
wolfSSL	15:117db924cf7c	11243	int keyRet = 0;
wolfSSL	15:117db924cf7c	11244
wolfSSL	15:117db924cf7c	11245	if (ssl->peerRsaKey == NULL) {
wolfSSL	15:117db924cf7c	11246	keyRet = AllocKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL	15:117db924cf7c	11247	(void**)&ssl->peerRsaKey);
wolfSSL	15:117db924cf7c	11248	} else if (ssl->peerRsaKeyPresent) {
wolfSSL	15:117db924cf7c	11249	keyRet = ReuseKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL	15:117db924cf7c	11250	ssl->peerRsaKey);
wolfSSL	15:117db924cf7c	11251	ssl->peerRsaKeyPresent = 0;
wolfSSL	15:117db924cf7c	11252	}
wolfSSL	15:117db924cf7c	11253
wolfSSL	15:117db924cf7c	11254	if (keyRet != 0 \|\| wc_RsaPublicKeyDecode(
wolfSSL	16:8e0d178b1d1e	11255	args->dCert->publicKey, &keyIdx, ssl->peerRsaKey,
wolfSSL	15:117db924cf7c	11256	args->dCert->pubKeySize) != 0) {
wolfSSL	15:117db924cf7c	11257	ret = PEER_KEY_ERROR;
wolfSSL	15:117db924cf7c	11258	}
wolfSSL	15:117db924cf7c	11259	else {
wolfSSL	15:117db924cf7c	11260	ssl->peerRsaKeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	11261	#ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL	16:8e0d178b1d1e	11262	/* copy encrypted tsip key index into ssl object */
wolfSSL	16:8e0d178b1d1e	11263	if (args->dCert->tsip_encRsaKeyIdx) {
wolfSSL	16:8e0d178b1d1e	11264	if (!ssl->peerTsipEncRsaKeyIndex) {
wolfSSL	16:8e0d178b1d1e	11265	ssl->peerTsipEncRsaKeyIndex = (byte*)XMALLOC(
wolfSSL	16:8e0d178b1d1e	11266	TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY,
wolfSSL	16:8e0d178b1d1e	11267	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	16:8e0d178b1d1e	11268	if (!ssl->peerTsipEncRsaKeyIndex) {
wolfSSL	16:8e0d178b1d1e	11269	args->lastErr = MEMORY_E;
wolfSSL	16:8e0d178b1d1e	11270	goto exit_ppc;
wolfSSL	16:8e0d178b1d1e	11271	}
wolfSSL	16:8e0d178b1d1e	11272	}
wolfSSL	16:8e0d178b1d1e	11273
wolfSSL	16:8e0d178b1d1e	11274	XMEMCPY(ssl->peerTsipEncRsaKeyIndex,
wolfSSL	16:8e0d178b1d1e	11275	args->dCert->tsip_encRsaKeyIdx,
wolfSSL	16:8e0d178b1d1e	11276	TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY);
wolfSSL	16:8e0d178b1d1e	11277	}
wolfSSL	16:8e0d178b1d1e	11278	#endif
wolfSSL	15:117db924cf7c	11279	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	11280	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	11281	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	11282	if (ssl->buffers.peerRsaKey.buffer) {
wolfSSL	16:8e0d178b1d1e	11283	XFREE(ssl->buffers.peerRsaKey.buffer,
wolfSSL	16:8e0d178b1d1e	11284	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	16:8e0d178b1d1e	11285	ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	11286	}
wolfSSL	16:8e0d178b1d1e	11287	#endif
wolfSSL	16:8e0d178b1d1e	11288
wolfSSL	16:8e0d178b1d1e	11289
wolfSSL	15:117db924cf7c	11290	ssl->buffers.peerRsaKey.buffer =
wolfSSL	15:117db924cf7c	11291	(byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL	15:117db924cf7c	11292	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	15:117db924cf7c	11293	if (ssl->buffers.peerRsaKey.buffer == NULL) {
wolfSSL	15:117db924cf7c	11294	ret = MEMORY_ERROR;
wolfSSL	15:117db924cf7c	11295	}
wolfSSL	15:117db924cf7c	11296	else {
wolfSSL	15:117db924cf7c	11297	XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL	15:117db924cf7c	11298	args->dCert->publicKey,
wolfSSL	15:117db924cf7c	11299	args->dCert->pubKeySize);
wolfSSL	15:117db924cf7c	11300	ssl->buffers.peerRsaKey.length =
wolfSSL	15:117db924cf7c	11301	args->dCert->pubKeySize;
wolfSSL	15:117db924cf7c	11302	}
wolfSSL	15:117db924cf7c	11303	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	11304	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	11305	}
wolfSSL	15:117db924cf7c	11306
wolfSSL	15:117db924cf7c	11307	/* check size of peer RSA key */
wolfSSL	15:117db924cf7c	11308	if (ret == 0 && ssl->peerRsaKeyPresent &&
wolfSSL	15:117db924cf7c	11309	!ssl->options.verifyNone &&
wolfSSL	15:117db924cf7c	11310	wc_RsaEncryptSize(ssl->peerRsaKey)
wolfSSL	15:117db924cf7c	11311	< ssl->options.minRsaKeySz) {
wolfSSL	15:117db924cf7c	11312	ret = RSA_KEY_SIZE_E;
wolfSSL	15:117db924cf7c	11313	WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL	15:117db924cf7c	11314	}
wolfSSL	15:117db924cf7c	11315	break;
wolfSSL	15:117db924cf7c	11316	}
wolfSSL	15:117db924cf7c	11317	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	11318	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	11319	case NTRUk:
wolfSSL	15:117db924cf7c	11320	{
wolfSSL	15:117db924cf7c	11321	if (args->dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL	15:117db924cf7c	11322	ret = PEER_KEY_ERROR;
wolfSSL	15:117db924cf7c	11323	}
wolfSSL	15:117db924cf7c	11324	else {
wolfSSL	15:117db924cf7c	11325	XMEMCPY(ssl->peerNtruKey, args->dCert->publicKey,
wolfSSL	15:117db924cf7c	11326	args->dCert->pubKeySize);
wolfSSL	15:117db924cf7c	11327	ssl->peerNtruKeyLen =
wolfSSL	15:117db924cf7c	11328	(word16)args->dCert->pubKeySize;
wolfSSL	15:117db924cf7c	11329	ssl->peerNtruKeyPresent = 1;
wolfSSL	15:117db924cf7c	11330	}
wolfSSL	15:117db924cf7c	11331	break;
wolfSSL	15:117db924cf7c	11332	}
wolfSSL	15:117db924cf7c	11333	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	11334	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	11335	case ECDSAk:
wolfSSL	15:117db924cf7c	11336	{
wolfSSL	15:117db924cf7c	11337	int keyRet = 0;
wolfSSL	15:117db924cf7c	11338	word32 idx = 0;
wolfSSL	15:117db924cf7c	11339
wolfSSL	15:117db924cf7c	11340	if (ssl->peerEccDsaKey == NULL) {
wolfSSL	15:117db924cf7c	11341	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	11342	keyRet = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	11343	(void**)&ssl->peerEccDsaKey);
wolfSSL	15:117db924cf7c	11344	} else if (ssl->peerEccDsaKeyPresent) {
wolfSSL	15:117db924cf7c	11345	keyRet = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	11346	ssl->peerEccDsaKey);
wolfSSL	15:117db924cf7c	11347	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	15:117db924cf7c	11348	}
wolfSSL	15:117db924cf7c	11349
wolfSSL	15:117db924cf7c	11350	if (keyRet != 0 \|\|
wolfSSL	15:117db924cf7c	11351	wc_EccPublicKeyDecode(args->dCert->publicKey, &idx,
wolfSSL	15:117db924cf7c	11352	ssl->peerEccDsaKey,
wolfSSL	15:117db924cf7c	11353	args->dCert->pubKeySize) != 0) {
wolfSSL	15:117db924cf7c	11354	ret = PEER_KEY_ERROR;
wolfSSL	15:117db924cf7c	11355	}
wolfSSL	15:117db924cf7c	11356	else {
wolfSSL	15:117db924cf7c	11357	ssl->peerEccDsaKeyPresent = 1;
wolfSSL	15:117db924cf7c	11358	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	11359	ssl->buffers.peerEccDsaKey.buffer =
wolfSSL	15:117db924cf7c	11360	(byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL	15:117db924cf7c	11361	ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	15:117db924cf7c	11362	if (ssl->buffers.peerEccDsaKey.buffer == NULL) {
wolfSSL	15:117db924cf7c	11363	ERROR_OUT(MEMORY_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	11364	}
wolfSSL	15:117db924cf7c	11365	else {
wolfSSL	15:117db924cf7c	11366	XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	15:117db924cf7c	11367	args->dCert->publicKey,
wolfSSL	15:117db924cf7c	11368	args->dCert->pubKeySize);
wolfSSL	15:117db924cf7c	11369	ssl->buffers.peerEccDsaKey.length =
wolfSSL	15:117db924cf7c	11370	args->dCert->pubKeySize;
wolfSSL	15:117db924cf7c	11371	}
wolfSSL	15:117db924cf7c	11372	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	11373	}
wolfSSL	15:117db924cf7c	11374
wolfSSL	15:117db924cf7c	11375	/* check size of peer ECC key */
wolfSSL	15:117db924cf7c	11376	if (ret == 0 && ssl->peerEccDsaKeyPresent &&
wolfSSL	15:117db924cf7c	11377	!ssl->options.verifyNone &&
wolfSSL	15:117db924cf7c	11378	wc_ecc_size(ssl->peerEccDsaKey)
wolfSSL	15:117db924cf7c	11379	< ssl->options.minEccKeySz) {
wolfSSL	15:117db924cf7c	11380	ret = ECC_KEY_SIZE_E;
wolfSSL	15:117db924cf7c	11381	WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL	15:117db924cf7c	11382	}
wolfSSL	15:117db924cf7c	11383	break;
wolfSSL	15:117db924cf7c	11384	}
wolfSSL	15:117db924cf7c	11385	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	11386	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	11387	case ED25519k:
wolfSSL	15:117db924cf7c	11388	{
wolfSSL	15:117db924cf7c	11389	int keyRet = 0;
wolfSSL	15:117db924cf7c	11390	if (ssl->peerEd25519Key == NULL) {
wolfSSL	15:117db924cf7c	11391	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	11392	keyRet = AllocKey(ssl, DYNAMIC_TYPE_ED25519,
wolfSSL	15:117db924cf7c	11393	(void**)&ssl->peerEd25519Key);
wolfSSL	15:117db924cf7c	11394	} else if (ssl->peerEd25519KeyPresent) {
wolfSSL	15:117db924cf7c	11395	keyRet = ReuseKey(ssl, DYNAMIC_TYPE_ED25519,
wolfSSL	15:117db924cf7c	11396	ssl->peerEd25519Key);
wolfSSL	15:117db924cf7c	11397	ssl->peerEd25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	11398	}
wolfSSL	15:117db924cf7c	11399
wolfSSL	15:117db924cf7c	11400	if (keyRet != 0 \|\|
wolfSSL	15:117db924cf7c	11401	wc_ed25519_import_public(args->dCert->publicKey,
wolfSSL	15:117db924cf7c	11402	args->dCert->pubKeySize,
wolfSSL	15:117db924cf7c	11403	ssl->peerEd25519Key)
wolfSSL	15:117db924cf7c	11404	!= 0) {
wolfSSL	15:117db924cf7c	11405	ret = PEER_KEY_ERROR;
wolfSSL	15:117db924cf7c	11406	}
wolfSSL	15:117db924cf7c	11407	else {
wolfSSL	15:117db924cf7c	11408	ssl->peerEd25519KeyPresent = 1;
wolfSSL	15:117db924cf7c	11409	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	11410	ssl->buffers.peerEd25519Key.buffer =
wolfSSL	15:117db924cf7c	11411	(byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL	15:117db924cf7c	11412	ssl->heap, DYNAMIC_TYPE_ED25519);
wolfSSL	15:117db924cf7c	11413	if (ssl->buffers.peerEd25519Key.buffer == NULL) {
wolfSSL	15:117db924cf7c	11414	ERROR_OUT(MEMORY_ERROR, exit_ppc);
wolfSSL	15:117db924cf7c	11415	}
wolfSSL	15:117db924cf7c	11416	else {
wolfSSL	15:117db924cf7c	11417	XMEMCPY(ssl->buffers.peerEd25519Key.buffer,
wolfSSL	15:117db924cf7c	11418	args->dCert->publicKey,
wolfSSL	15:117db924cf7c	11419	args->dCert->pubKeySize);
wolfSSL	15:117db924cf7c	11420	ssl->buffers.peerEd25519Key.length =
wolfSSL	15:117db924cf7c	11421	args->dCert->pubKeySize;
wolfSSL	15:117db924cf7c	11422	}
wolfSSL	15:117db924cf7c	11423	#endif /HAVE_PK_CALLBACKS /
wolfSSL	15:117db924cf7c	11424	}
wolfSSL	15:117db924cf7c	11425
wolfSSL	15:117db924cf7c	11426	/* check size of peer ECC key */
wolfSSL	15:117db924cf7c	11427	if (ret == 0 && ssl->peerEd25519KeyPresent &&
wolfSSL	15:117db924cf7c	11428	!ssl->options.verifyNone &&
wolfSSL	15:117db924cf7c	11429	ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL	15:117db924cf7c	11430	ret = ECC_KEY_SIZE_E;
wolfSSL	15:117db924cf7c	11431	WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL	15:117db924cf7c	11432	}
wolfSSL	15:117db924cf7c	11433	break;
wolfSSL	15:117db924cf7c	11434	}
wolfSSL	15:117db924cf7c	11435	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	11436	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	11437	case ED448k:
wolfSSL	16:8e0d178b1d1e	11438	{
wolfSSL	16:8e0d178b1d1e	11439	int keyRet = 0;
wolfSSL	16:8e0d178b1d1e	11440	if (ssl->peerEd448Key == NULL) {
wolfSSL	16:8e0d178b1d1e	11441	/* alloc/init on demand */
wolfSSL	16:8e0d178b1d1e	11442	keyRet = AllocKey(ssl, DYNAMIC_TYPE_ED448,
wolfSSL	16:8e0d178b1d1e	11443	(void**)&ssl->peerEd448Key);
wolfSSL	16:8e0d178b1d1e	11444	} else if (ssl->peerEd448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	11445	keyRet = ReuseKey(ssl, DYNAMIC_TYPE_ED448,
wolfSSL	16:8e0d178b1d1e	11446	ssl->peerEd448Key);
wolfSSL	16:8e0d178b1d1e	11447	ssl->peerEd448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	11448	}
wolfSSL	16:8e0d178b1d1e	11449
wolfSSL	16:8e0d178b1d1e	11450	if (keyRet != 0 \|\|
wolfSSL	16:8e0d178b1d1e	11451	wc_ed448_import_public(args->dCert->publicKey,
wolfSSL	16:8e0d178b1d1e	11452	args->dCert->pubKeySize,
wolfSSL	16:8e0d178b1d1e	11453	ssl->peerEd448Key) != 0) {
wolfSSL	16:8e0d178b1d1e	11454	ret = PEER_KEY_ERROR;
wolfSSL	16:8e0d178b1d1e	11455	}
wolfSSL	16:8e0d178b1d1e	11456	else {
wolfSSL	16:8e0d178b1d1e	11457	ssl->peerEd448KeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	11458	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	11459	ssl->buffers.peerEd448Key.buffer =
wolfSSL	16:8e0d178b1d1e	11460	(byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL	16:8e0d178b1d1e	11461	ssl->heap, DYNAMIC_TYPE_ED448);
wolfSSL	16:8e0d178b1d1e	11462	if (ssl->buffers.peerEd448Key.buffer == NULL) {
wolfSSL	16:8e0d178b1d1e	11463	ERROR_OUT(MEMORY_ERROR, exit_ppc);
wolfSSL	16:8e0d178b1d1e	11464	}
wolfSSL	16:8e0d178b1d1e	11465	else {
wolfSSL	16:8e0d178b1d1e	11466	XMEMCPY(ssl->buffers.peerEd448Key.buffer,
wolfSSL	16:8e0d178b1d1e	11467	args->dCert->publicKey,
wolfSSL	16:8e0d178b1d1e	11468	args->dCert->pubKeySize);
wolfSSL	16:8e0d178b1d1e	11469	ssl->buffers.peerEd448Key.length =
wolfSSL	16:8e0d178b1d1e	11470	args->dCert->pubKeySize;
wolfSSL	16:8e0d178b1d1e	11471	}
wolfSSL	16:8e0d178b1d1e	11472	#endif /HAVE_PK_CALLBACKS /
wolfSSL	16:8e0d178b1d1e	11473	}
wolfSSL	16:8e0d178b1d1e	11474
wolfSSL	16:8e0d178b1d1e	11475	/* check size of peer ECC key */
wolfSSL	16:8e0d178b1d1e	11476	if (ret == 0 && ssl->peerEd448KeyPresent &&
wolfSSL	16:8e0d178b1d1e	11477	!ssl->options.verifyNone &&
wolfSSL	16:8e0d178b1d1e	11478	ED448_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	11479	ret = ECC_KEY_SIZE_E;
wolfSSL	16:8e0d178b1d1e	11480	WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL	16:8e0d178b1d1e	11481	}
wolfSSL	16:8e0d178b1d1e	11482	break;
wolfSSL	16:8e0d178b1d1e	11483	}
wolfSSL	16:8e0d178b1d1e	11484	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	11485	default:
wolfSSL	15:117db924cf7c	11486	break;
wolfSSL	15:117db924cf7c	11487	}
wolfSSL	15:117db924cf7c	11488
wolfSSL	16:8e0d178b1d1e	11489	/* args->dCert free'd in function cleanup after callback */
wolfSSL	15:117db924cf7c	11490	} /* if (count > 0) */
wolfSSL	15:117db924cf7c	11491
wolfSSL	15:117db924cf7c	11492	/* Check for error */
wolfSSL	15:117db924cf7c	11493	if (args->fatal && ret != 0) {
wolfSSL	15:117db924cf7c	11494	goto exit_ppc;
wolfSSL	15:117db924cf7c	11495	}
wolfSSL	15:117db924cf7c	11496
wolfSSL	15:117db924cf7c	11497	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	11498	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	11499	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	11500	FALL_THROUGH;
wolfSSL	15:117db924cf7c	11501
wolfSSL	15:117db924cf7c	11502	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	11503	{
wolfSSL	15:117db924cf7c	11504	/* load last error */
wolfSSL	15:117db924cf7c	11505	if (args->lastErr != 0 && ret == 0) {
wolfSSL	15:117db924cf7c	11506	ret = args->lastErr;
wolfSSL	15:117db924cf7c	11507	}
wolfSSL	15:117db924cf7c	11508
wolfSSL	16:8e0d178b1d1e	11509	#if defined(OPENSSL_EXTRA) \|\| defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL	15:117db924cf7c	11510	if (args->untrustedDepth > ssl->options.verifyDepth) {
wolfSSL	15:117db924cf7c	11511	ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL	15:117db924cf7c	11512	ret = MAX_CHAIN_ERROR;
wolfSSL	15:117db924cf7c	11513	}
wolfSSL	15:117db924cf7c	11514	#endif
wolfSSL	16:8e0d178b1d1e	11515
wolfSSL	16:8e0d178b1d1e	11516	/* Do verify callback */
wolfSSL	16:8e0d178b1d1e	11517	ret = DoVerifyCallback(ssl->ctx->cm, ssl, ret, args);
wolfSSL	16:8e0d178b1d1e	11518
wolfSSL	16:8e0d178b1d1e	11519	if (ssl->options.verifyNone &&
wolfSSL	16:8e0d178b1d1e	11520	(ret == CRL_MISSING \|\| ret == CRL_CERT_REVOKED)) {
wolfSSL	16:8e0d178b1d1e	11521	WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
wolfSSL	16:8e0d178b1d1e	11522	ret = ssl->error = 0;
wolfSSL	16:8e0d178b1d1e	11523	}
wolfSSL	16:8e0d178b1d1e	11524
wolfSSL	15:117db924cf7c	11525	if (ret != 0) {
wolfSSL	15:117db924cf7c	11526	if (!ssl->options.verifyNone) {
wolfSSL	16:8e0d178b1d1e	11527	DoCertFatalAlert(ssl, ret);
wolfSSL	16:8e0d178b1d1e	11528	}
wolfSSL	16:8e0d178b1d1e	11529	ssl->error = ret; /* Report SSL error */
wolfSSL	15:117db924cf7c	11530	}
wolfSSL	15:117db924cf7c	11531
wolfSSL	15:117db924cf7c	11532	if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	11533	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	15:117db924cf7c	11534	}
wolfSSL	15:117db924cf7c	11535
wolfSSL	15:117db924cf7c	11536	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	11537	args->idx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	11538	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	11539	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	11540	args->idx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	11541	#endif
wolfSSL	16:8e0d178b1d1e	11542	}
wolfSSL	16:8e0d178b1d1e	11543
wolfSSL	15:117db924cf7c	11544	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	11545	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	11546	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	11547	FALL_THROUGH;
wolfSSL	15:117db924cf7c	11548
wolfSSL	15:117db924cf7c	11549	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	11550	{
wolfSSL	15:117db924cf7c	11551	/* Set final index */
wolfSSL	15:117db924cf7c	11552	*inOutIdx = args->idx;
wolfSSL	15:117db924cf7c	11553
wolfSSL	15:117db924cf7c	11554	break;
wolfSSL	15:117db924cf7c	11555	}
wolfSSL	15:117db924cf7c	11556	default:
wolfSSL	15:117db924cf7c	11557	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	11558	break;
wolfSSL	15:117db924cf7c	11559	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	11560
wolfSSL	15:117db924cf7c	11561	exit_ppc:
wolfSSL	15:117db924cf7c	11562
wolfSSL	15:117db924cf7c	11563	WOLFSSL_LEAVE("ProcessPeerCerts", ret);
wolfSSL	15:117db924cf7c	11564
wolfSSL	15:117db924cf7c	11565
wolfSSL	15:117db924cf7c	11566	#if defined(WOLFSSL_ASYNC_CRYPT) \|\| defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	11567	if (ret == WC_PENDING_E \|\| ret == OCSP_WANT_READ) {
wolfSSL	16:8e0d178b1d1e	11568	/* Mark message as not received so it can process again */
wolfSSL	15:117db924cf7c	11569	ssl->msgsReceived.got_certificate = 0;
wolfSSL	15:117db924cf7c	11570
wolfSSL	15:117db924cf7c	11571	return ret;
wolfSSL	15:117db924cf7c	11572	}
wolfSSL	15:117db924cf7c	11573	#endif /* WOLFSSL_ASYNC_CRYPT \|\| WOLFSSL_NONBLOCK_OCSP */
wolfSSL	15:117db924cf7c	11574
wolfSSL	15:117db924cf7c	11575	FreeProcPeerCertArgs(ssl, args);
wolfSSL	15:117db924cf7c	11576
wolfSSL	16:8e0d178b1d1e	11577	#if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL	16:8e0d178b1d1e	11578	#elif defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	11579	XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	15:117db924cf7c	11580	ssl->nonblockarg = NULL;
wolfSSL	16:8e0d178b1d1e	11581	#elif defined(WOLFSSL_SMALL_STACK)
wolfSSL	16:8e0d178b1d1e	11582	XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	15:117db924cf7c	11583	#endif
wolfSSL	15:117db924cf7c	11584
wolfSSL	15:117db924cf7c	11585	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	11586
wolfSSL	15:117db924cf7c	11587	return ret;
wolfSSL	15:117db924cf7c	11588	}
wolfSSL	16:8e0d178b1d1e	11589	#endif
wolfSSL	15:117db924cf7c	11590
wolfSSL	15:117db924cf7c	11591	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	11592	#if !defined(NO_WOLFSSL_CLIENT) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	11593
wolfSSL	15:117db924cf7c	11594	/* handle processing of certificate (11) */
wolfSSL	15:117db924cf7c	11595	static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	11596	word32 size)
wolfSSL	15:117db924cf7c	11597	{
wolfSSL	15:117db924cf7c	11598	int ret;
wolfSSL	15:117db924cf7c	11599
wolfSSL	15:117db924cf7c	11600	WOLFSSL_START(WC_FUNC_CERTIFICATE_DO);
wolfSSL	15:117db924cf7c	11601	WOLFSSL_ENTER("DoCertificate");
wolfSSL	15:117db924cf7c	11602
wolfSSL	16:8e0d178b1d1e	11603	#ifdef SESSION_CERTS
wolfSSL	16:8e0d178b1d1e	11604	/* Reset the session cert chain count in case the session resume failed. */
wolfSSL	16:8e0d178b1d1e	11605	ssl->session.chain.count = 0;
wolfSSL	16:8e0d178b1d1e	11606	#ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL	16:8e0d178b1d1e	11607	ssl->session.altChain.count = 0;
wolfSSL	16:8e0d178b1d1e	11608	#endif
wolfSSL	16:8e0d178b1d1e	11609	#endif /* SESSION_CERTS */
wolfSSL	16:8e0d178b1d1e	11610
wolfSSL	15:117db924cf7c	11611	ret = ProcessPeerCerts(ssl, input, inOutIdx, size);
wolfSSL	16:8e0d178b1d1e	11612	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	11613	if (ret == BUFFER_ERROR \|\| ret == ASN_PARSE_E)
wolfSSL	16:8e0d178b1d1e	11614	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	11615	#endif
wolfSSL	15:117db924cf7c	11616
wolfSSL	15:117db924cf7c	11617	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	11618	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	15:117db924cf7c	11619	#endif
wolfSSL	15:117db924cf7c	11620
wolfSSL	15:117db924cf7c	11621	WOLFSSL_LEAVE("DoCertificate", ret);
wolfSSL	15:117db924cf7c	11622	WOLFSSL_END(WC_FUNC_CERTIFICATE_DO);
wolfSSL	15:117db924cf7c	11623
wolfSSL	15:117db924cf7c	11624	return ret;
wolfSSL	15:117db924cf7c	11625	}
wolfSSL	15:117db924cf7c	11626
wolfSSL	15:117db924cf7c	11627	/* handle processing of certificate_status (22) */
wolfSSL	15:117db924cf7c	11628	static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	11629	word32 size)
wolfSSL	15:117db924cf7c	11630	{
wolfSSL	15:117db924cf7c	11631	int ret = 0;
wolfSSL	15:117db924cf7c	11632	byte status_type;
wolfSSL	15:117db924cf7c	11633	word32 status_length;
wolfSSL	15:117db924cf7c	11634
wolfSSL	15:117db924cf7c	11635	WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_DO);
wolfSSL	15:117db924cf7c	11636	WOLFSSL_ENTER("DoCertificateStatus");
wolfSSL	15:117db924cf7c	11637
wolfSSL	15:117db924cf7c	11638	if (size < ENUM_LEN + OPAQUE24_LEN)
wolfSSL	15:117db924cf7c	11639	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11640
wolfSSL	15:117db924cf7c	11641	status_type = input[(*inOutIdx)++];
wolfSSL	15:117db924cf7c	11642
wolfSSL	15:117db924cf7c	11643	c24to32(input + *inOutIdx, &status_length);
wolfSSL	15:117db924cf7c	11644	*inOutIdx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	11645
wolfSSL	15:117db924cf7c	11646	if (size != ENUM_LEN + OPAQUE24_LEN + status_length)
wolfSSL	15:117db924cf7c	11647	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11648
wolfSSL	15:117db924cf7c	11649	switch (status_type) {
wolfSSL	15:117db924cf7c	11650
wolfSSL	15:117db924cf7c	11651	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	11652	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	11653
wolfSSL	15:117db924cf7c	11654	/* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
wolfSSL	15:117db924cf7c	11655	case WOLFSSL_CSR2_OCSP:
wolfSSL	15:117db924cf7c	11656	ret = ProcessCSR(ssl, input, inOutIdx, status_length);
wolfSSL	15:117db924cf7c	11657	break;
wolfSSL	15:117db924cf7c	11658
wolfSSL	15:117db924cf7c	11659	#endif
wolfSSL	15:117db924cf7c	11660
wolfSSL	15:117db924cf7c	11661	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	11662
wolfSSL	15:117db924cf7c	11663	case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL	15:117db924cf7c	11664	OcspRequest* request;
wolfSSL	15:117db924cf7c	11665	word32 list_length = status_length;
wolfSSL	15:117db924cf7c	11666	byte idx = 0;
wolfSSL	15:117db924cf7c	11667
wolfSSL	15:117db924cf7c	11668	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	11669	CertStatus* status;
wolfSSL	15:117db924cf7c	11670	OcspResponse* response;
wolfSSL	15:117db924cf7c	11671	#else
wolfSSL	15:117db924cf7c	11672	CertStatus status[1];
wolfSSL	15:117db924cf7c	11673	OcspResponse response[1];
wolfSSL	15:117db924cf7c	11674	#endif
wolfSSL	15:117db924cf7c	11675
wolfSSL	15:117db924cf7c	11676	do {
wolfSSL	15:117db924cf7c	11677	if (ssl->status_request_v2) {
wolfSSL	15:117db924cf7c	11678	ssl->status_request_v2 = 0;
wolfSSL	15:117db924cf7c	11679	break;
wolfSSL	15:117db924cf7c	11680	}
wolfSSL	15:117db924cf7c	11681
wolfSSL	15:117db924cf7c	11682	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11683	} while(0);
wolfSSL	15:117db924cf7c	11684
wolfSSL	15:117db924cf7c	11685	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	11686	status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL	15:117db924cf7c	11687	DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	11688	response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL	15:117db924cf7c	11689	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	11690
wolfSSL	15:117db924cf7c	11691	if (status == NULL \|\| response == NULL) {
wolfSSL	15:117db924cf7c	11692	if (status)
wolfSSL	15:117db924cf7c	11693	XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	11694	if (response)
wolfSSL	15:117db924cf7c	11695	XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	11696
wolfSSL	15:117db924cf7c	11697	return MEMORY_ERROR;
wolfSSL	15:117db924cf7c	11698	}
wolfSSL	15:117db924cf7c	11699	#endif
wolfSSL	15:117db924cf7c	11700
wolfSSL	15:117db924cf7c	11701	while (list_length && ret == 0) {
wolfSSL	15:117db924cf7c	11702	if (OPAQUE24_LEN > list_length) {
wolfSSL	15:117db924cf7c	11703	ret = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11704	break;
wolfSSL	15:117db924cf7c	11705	}
wolfSSL	15:117db924cf7c	11706
wolfSSL	15:117db924cf7c	11707	c24to32(input + *inOutIdx, &status_length);
wolfSSL	15:117db924cf7c	11708	*inOutIdx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	11709	list_length -= OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	11710
wolfSSL	15:117db924cf7c	11711	if (status_length > list_length) {
wolfSSL	15:117db924cf7c	11712	ret = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11713	break;
wolfSSL	15:117db924cf7c	11714	}
wolfSSL	15:117db924cf7c	11715
wolfSSL	15:117db924cf7c	11716	if (status_length) {
wolfSSL	15:117db924cf7c	11717	InitOcspResponse(response, status, input +*inOutIdx,
wolfSSL	15:117db924cf7c	11718	status_length);
wolfSSL	15:117db924cf7c	11719
wolfSSL	15:117db924cf7c	11720	if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap,
wolfSSL	15:117db924cf7c	11721	0) != 0)
wolfSSL	15:117db924cf7c	11722	\|\| (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL	15:117db924cf7c	11723	\|\| (response->status->status != CERT_GOOD))
wolfSSL	15:117db924cf7c	11724	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	11725
wolfSSL	15:117db924cf7c	11726	while (ret == 0) {
wolfSSL	15:117db924cf7c	11727	request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL	15:117db924cf7c	11728	ssl->extensions, status_type, idx++);
wolfSSL	15:117db924cf7c	11729
wolfSSL	15:117db924cf7c	11730	if (request == NULL)
wolfSSL	15:117db924cf7c	11731	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	11732	else if (CompareOcspReqResp(request, response) == 0)
wolfSSL	15:117db924cf7c	11733	break;
wolfSSL	15:117db924cf7c	11734	else if (idx == 1) /* server cert must be OK */
wolfSSL	15:117db924cf7c	11735	ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL	15:117db924cf7c	11736	}
wolfSSL	15:117db924cf7c	11737
wolfSSL	15:117db924cf7c	11738	*inOutIdx += status_length;
wolfSSL	15:117db924cf7c	11739	list_length -= status_length;
wolfSSL	15:117db924cf7c	11740	}
wolfSSL	15:117db924cf7c	11741	}
wolfSSL	15:117db924cf7c	11742
wolfSSL	15:117db924cf7c	11743	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	11744	ssl->status_request_v2 = 0;
wolfSSL	15:117db924cf7c	11745	#endif
wolfSSL	15:117db924cf7c	11746
wolfSSL	15:117db924cf7c	11747	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	11748	XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	15:117db924cf7c	11749	XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	11750	#endif
wolfSSL	15:117db924cf7c	11751
wolfSSL	15:117db924cf7c	11752	}
wolfSSL	15:117db924cf7c	11753	break;
wolfSSL	15:117db924cf7c	11754
wolfSSL	15:117db924cf7c	11755	#endif
wolfSSL	15:117db924cf7c	11756
wolfSSL	15:117db924cf7c	11757	default:
wolfSSL	15:117db924cf7c	11758	ret = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11759	}
wolfSSL	15:117db924cf7c	11760
wolfSSL	15:117db924cf7c	11761	if (ret != 0)
wolfSSL	15:117db924cf7c	11762	SendAlert(ssl, alert_fatal, bad_certificate_status_response);
wolfSSL	15:117db924cf7c	11763
wolfSSL	16:8e0d178b1d1e	11764	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	11765	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	11766	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	11767	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	11768	if (*inOutIdx + ssl->keys.padSz + digestSz > size)
wolfSSL	16:8e0d178b1d1e	11769	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11770	*inOutIdx += ssl->keys.padSz + digestSz;
wolfSSL	16:8e0d178b1d1e	11771	}
wolfSSL	16:8e0d178b1d1e	11772	else
wolfSSL	16:8e0d178b1d1e	11773	#endif
wolfSSL	16:8e0d178b1d1e	11774	{
wolfSSL	16:8e0d178b1d1e	11775	if (*inOutIdx + ssl->keys.padSz > size)
wolfSSL	16:8e0d178b1d1e	11776	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11777	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	11778	}
wolfSSL	16:8e0d178b1d1e	11779	}
wolfSSL	16:8e0d178b1d1e	11780
wolfSSL	15:117db924cf7c	11781	WOLFSSL_LEAVE("DoCertificateStatus", ret);
wolfSSL	15:117db924cf7c	11782	WOLFSSL_END(WC_FUNC_CERTIFICATE_STATUS_DO);
wolfSSL	15:117db924cf7c	11783
wolfSSL	15:117db924cf7c	11784	return ret;
wolfSSL	15:117db924cf7c	11785	}
wolfSSL	15:117db924cf7c	11786
wolfSSL	16:8e0d178b1d1e	11787	#endif
wolfSSL	16:8e0d178b1d1e	11788
wolfSSL	15:117db924cf7c	11789	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	11790
wolfSSL	15:117db924cf7c	11791	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	11792
wolfSSL	15:117db924cf7c	11793	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	11794
wolfSSL	15:117db924cf7c	11795	static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	11796	word32 size, word32 totalSz)
wolfSSL	15:117db924cf7c	11797	{
wolfSSL	15:117db924cf7c	11798	(void)input;
wolfSSL	15:117db924cf7c	11799
wolfSSL	16:8e0d178b1d1e	11800	WOLFSSL_START(WC_FUNC_HELLO_REQUEST_DO);
wolfSSL	16:8e0d178b1d1e	11801	WOLFSSL_ENTER("DoHelloRequest");
wolfSSL	16:8e0d178b1d1e	11802
wolfSSL	15:117db924cf7c	11803	if (size) /* must be 0 */
wolfSSL	15:117db924cf7c	11804	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11805
wolfSSL	15:117db924cf7c	11806	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	11807	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	11808	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	11809	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	11810	if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
wolfSSL	16:8e0d178b1d1e	11811	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11812	*inOutIdx += ssl->keys.padSz + digestSz;
wolfSSL	16:8e0d178b1d1e	11813	}
wolfSSL	16:8e0d178b1d1e	11814	else
wolfSSL	16:8e0d178b1d1e	11815	#endif
wolfSSL	16:8e0d178b1d1e	11816	{
wolfSSL	16:8e0d178b1d1e	11817	/* access beyond input + size should be checked against totalSz */
wolfSSL	16:8e0d178b1d1e	11818	if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL	16:8e0d178b1d1e	11819	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11820
wolfSSL	16:8e0d178b1d1e	11821	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	11822	}
wolfSSL	15:117db924cf7c	11823	}
wolfSSL	15:117db924cf7c	11824
wolfSSL	15:117db924cf7c	11825	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	11826	SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL	15:117db924cf7c	11827	return FATAL_ERROR;
wolfSSL	15:117db924cf7c	11828	}
wolfSSL	15:117db924cf7c	11829	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	11830	else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL	15:117db924cf7c	11831	ssl->secure_renegotiation->startScr = 1;
wolfSSL	16:8e0d178b1d1e	11832	WOLFSSL_LEAVE("DoHelloRequest", 0);
wolfSSL	16:8e0d178b1d1e	11833	WOLFSSL_END(WC_FUNC_HELLO_REQUEST_DO);
wolfSSL	15:117db924cf7c	11834	return 0;
wolfSSL	15:117db924cf7c	11835	}
wolfSSL	15:117db924cf7c	11836	#endif
wolfSSL	15:117db924cf7c	11837	else {
wolfSSL	15:117db924cf7c	11838	return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL	15:117db924cf7c	11839	}
wolfSSL	15:117db924cf7c	11840	}
wolfSSL	15:117db924cf7c	11841
wolfSSL	15:117db924cf7c	11842
wolfSSL	15:117db924cf7c	11843	int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL	15:117db924cf7c	11844	word32 totalSz, int sniff)
wolfSSL	15:117db924cf7c	11845	{
wolfSSL	15:117db924cf7c	11846	word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL	15:117db924cf7c	11847
wolfSSL	15:117db924cf7c	11848	WOLFSSL_START(WC_FUNC_FINISHED_DO);
wolfSSL	15:117db924cf7c	11849	WOLFSSL_ENTER("DoFinished");
wolfSSL	15:117db924cf7c	11850
wolfSSL	15:117db924cf7c	11851	if (finishedSz != size)
wolfSSL	15:117db924cf7c	11852	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	11853
wolfSSL	15:117db924cf7c	11854	/* check against totalSz */
wolfSSL	16:8e0d178b1d1e	11855	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	11856	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	11857	if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz)
wolfSSL	16:8e0d178b1d1e	11858	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11859	}
wolfSSL	16:8e0d178b1d1e	11860	else
wolfSSL	16:8e0d178b1d1e	11861	#endif
wolfSSL	16:8e0d178b1d1e	11862	{
wolfSSL	16:8e0d178b1d1e	11863	if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL	16:8e0d178b1d1e	11864	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	11865	}
wolfSSL	15:117db924cf7c	11866
wolfSSL	15:117db924cf7c	11867	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	11868	if (ssl->hsInfoOn) AddPacketName(ssl, "Finished");
wolfSSL	15:117db924cf7c	11869	if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	11870	#endif
wolfSSL	15:117db924cf7c	11871
wolfSSL	15:117db924cf7c	11872	if (sniff == NO_SNIFF) {
wolfSSL	15:117db924cf7c	11873	if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
wolfSSL	15:117db924cf7c	11874	WOLFSSL_MSG("Verify finished error on hashes");
wolfSSL	16:8e0d178b1d1e	11875	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	11876	SendAlert(ssl, alert_fatal, decrypt_error);
wolfSSL	16:8e0d178b1d1e	11877	#endif
wolfSSL	15:117db924cf7c	11878	return VERIFY_FINISHED_ERROR;
wolfSSL	15:117db924cf7c	11879	}
wolfSSL	15:117db924cf7c	11880	}
wolfSSL	15:117db924cf7c	11881
wolfSSL	15:117db924cf7c	11882	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	11883	if (ssl->secure_renegotiation) {
wolfSSL	15:117db924cf7c	11884	/* save peer's state */
wolfSSL	15:117db924cf7c	11885	if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	15:117db924cf7c	11886	XMEMCPY(ssl->secure_renegotiation->server_verify_data,
wolfSSL	15:117db924cf7c	11887	input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL	15:117db924cf7c	11888	else
wolfSSL	15:117db924cf7c	11889	XMEMCPY(ssl->secure_renegotiation->client_verify_data,
wolfSSL	15:117db924cf7c	11890	input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL	16:8e0d178b1d1e	11891	ssl->secure_renegotiation->verifySet = 1;
wolfSSL	15:117db924cf7c	11892	}
wolfSSL	15:117db924cf7c	11893	#endif
wolfSSL	15:117db924cf7c	11894
wolfSSL	15:117db924cf7c	11895	/* force input exhaustion at ProcessReply consuming padSz */
wolfSSL	15:117db924cf7c	11896	*inOutIdx += size + ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	11897	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	11898	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	11899	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	11900	#endif
wolfSSL	15:117db924cf7c	11901
wolfSSL	15:117db924cf7c	11902	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	11903	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	11904	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	11905	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	16:8e0d178b1d1e	11906	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	11907	#endif
wolfSSL	15:117db924cf7c	11908	if (!ssl->options.resuming) {
wolfSSL	15:117db924cf7c	11909	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	11910	if (ssl->CBIS != NULL) {
wolfSSL	16:8e0d178b1d1e	11911	ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS);
wolfSSL	16:8e0d178b1d1e	11912	}
wolfSSL	16:8e0d178b1d1e	11913	#endif
wolfSSL	16:8e0d178b1d1e	11914	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	16:8e0d178b1d1e	11915	ssl->options.handShakeDone = 1;
wolfSSL	16:8e0d178b1d1e	11916	}
wolfSSL	15:117db924cf7c	11917	}
wolfSSL	15:117db924cf7c	11918	else {
wolfSSL	15:117db924cf7c	11919	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	11920	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	11921	ssl->cbmode = SSL_CB_MODE_READ;
wolfSSL	15:117db924cf7c	11922	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	11923	#endif
wolfSSL	15:117db924cf7c	11924	if (ssl->options.resuming) {
wolfSSL	15:117db924cf7c	11925	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	11926	if (ssl->CBIS != NULL) {
wolfSSL	16:8e0d178b1d1e	11927	ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS);
wolfSSL	16:8e0d178b1d1e	11928	}
wolfSSL	16:8e0d178b1d1e	11929	#endif
wolfSSL	16:8e0d178b1d1e	11930	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	16:8e0d178b1d1e	11931	ssl->options.handShakeDone = 1;
wolfSSL	16:8e0d178b1d1e	11932	}
wolfSSL	16:8e0d178b1d1e	11933	}
wolfSSL	16:8e0d178b1d1e	11934	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	11935	if (ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	11936	DtlsMsgPoolReset(ssl);
wolfSSL	16:8e0d178b1d1e	11937	}
wolfSSL	16:8e0d178b1d1e	11938	#endif
wolfSSL	15:117db924cf7c	11939
wolfSSL	15:117db924cf7c	11940	WOLFSSL_LEAVE("DoFinished", 0);
wolfSSL	15:117db924cf7c	11941	WOLFSSL_END(WC_FUNC_FINISHED_DO);
wolfSSL	15:117db924cf7c	11942
wolfSSL	15:117db924cf7c	11943	return 0;
wolfSSL	15:117db924cf7c	11944	}
wolfSSL	15:117db924cf7c	11945
wolfSSL	15:117db924cf7c	11946
wolfSSL	15:117db924cf7c	11947	/* Make sure no duplicates, no fast forward, or other problems; 0 on success */
wolfSSL	15:117db924cf7c	11948	static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
wolfSSL	15:117db924cf7c	11949	{
wolfSSL	15:117db924cf7c	11950	/* verify not a duplicate, mark received, check state */
wolfSSL	15:117db924cf7c	11951	switch (type) {
wolfSSL	15:117db924cf7c	11952
wolfSSL	15:117db924cf7c	11953	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	11954	case hello_request:
wolfSSL	15:117db924cf7c	11955	if (ssl->msgsReceived.got_hello_request) {
wolfSSL	15:117db924cf7c	11956	WOLFSSL_MSG("Duplicate HelloRequest received");
wolfSSL	15:117db924cf7c	11957	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	11958	}
wolfSSL	15:117db924cf7c	11959	ssl->msgsReceived.got_hello_request = 1;
wolfSSL	15:117db924cf7c	11960
wolfSSL	15:117db924cf7c	11961	break;
wolfSSL	15:117db924cf7c	11962	#endif
wolfSSL	15:117db924cf7c	11963
wolfSSL	15:117db924cf7c	11964	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	11965	case client_hello:
wolfSSL	15:117db924cf7c	11966	if (ssl->msgsReceived.got_client_hello) {
wolfSSL	15:117db924cf7c	11967	WOLFSSL_MSG("Duplicate ClientHello received");
wolfSSL	16:8e0d178b1d1e	11968	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	11969	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	11970	#endif
wolfSSL	15:117db924cf7c	11971	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	11972	}
wolfSSL	15:117db924cf7c	11973	ssl->msgsReceived.got_client_hello = 1;
wolfSSL	15:117db924cf7c	11974
wolfSSL	15:117db924cf7c	11975	break;
wolfSSL	15:117db924cf7c	11976	#endif
wolfSSL	15:117db924cf7c	11977
wolfSSL	15:117db924cf7c	11978	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	11979	case server_hello:
wolfSSL	15:117db924cf7c	11980	if (ssl->msgsReceived.got_server_hello) {
wolfSSL	15:117db924cf7c	11981	WOLFSSL_MSG("Duplicate ServerHello received");
wolfSSL	15:117db924cf7c	11982	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	11983	}
wolfSSL	15:117db924cf7c	11984	ssl->msgsReceived.got_server_hello = 1;
wolfSSL	15:117db924cf7c	11985
wolfSSL	15:117db924cf7c	11986	break;
wolfSSL	15:117db924cf7c	11987	#endif
wolfSSL	15:117db924cf7c	11988
wolfSSL	15:117db924cf7c	11989	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	11990	case hello_verify_request:
wolfSSL	15:117db924cf7c	11991	if (ssl->msgsReceived.got_hello_verify_request) {
wolfSSL	15:117db924cf7c	11992	WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
wolfSSL	15:117db924cf7c	11993	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	11994	}
wolfSSL	15:117db924cf7c	11995	ssl->msgsReceived.got_hello_verify_request = 1;
wolfSSL	15:117db924cf7c	11996
wolfSSL	15:117db924cf7c	11997	break;
wolfSSL	15:117db924cf7c	11998	#endif
wolfSSL	15:117db924cf7c	11999
wolfSSL	15:117db924cf7c	12000	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12001	case session_ticket:
wolfSSL	15:117db924cf7c	12002	if (ssl->msgsReceived.got_session_ticket) {
wolfSSL	15:117db924cf7c	12003	WOLFSSL_MSG("Duplicate SessionTicket received");
wolfSSL	15:117db924cf7c	12004	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12005	}
wolfSSL	15:117db924cf7c	12006	ssl->msgsReceived.got_session_ticket = 1;
wolfSSL	15:117db924cf7c	12007
wolfSSL	15:117db924cf7c	12008	break;
wolfSSL	15:117db924cf7c	12009	#endif
wolfSSL	15:117db924cf7c	12010
wolfSSL	15:117db924cf7c	12011	case certificate:
wolfSSL	15:117db924cf7c	12012	if (ssl->msgsReceived.got_certificate) {
wolfSSL	15:117db924cf7c	12013	WOLFSSL_MSG("Duplicate Certificate received");
wolfSSL	15:117db924cf7c	12014	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12015	}
wolfSSL	15:117db924cf7c	12016	ssl->msgsReceived.got_certificate = 1;
wolfSSL	15:117db924cf7c	12017
wolfSSL	15:117db924cf7c	12018	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12019	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	12020	if ( ssl->msgsReceived.got_server_hello == 0) {
wolfSSL	15:117db924cf7c	12021	WOLFSSL_MSG("No ServerHello before Cert");
wolfSSL	15:117db924cf7c	12022	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12023	}
wolfSSL	15:117db924cf7c	12024	}
wolfSSL	15:117db924cf7c	12025	#endif
wolfSSL	15:117db924cf7c	12026	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	12027	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	12028	if ( ssl->msgsReceived.got_client_hello == 0) {
wolfSSL	15:117db924cf7c	12029	WOLFSSL_MSG("No ClientHello before Cert");
wolfSSL	15:117db924cf7c	12030	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12031	}
wolfSSL	15:117db924cf7c	12032	}
wolfSSL	15:117db924cf7c	12033	#endif
wolfSSL	15:117db924cf7c	12034	break;
wolfSSL	15:117db924cf7c	12035
wolfSSL	15:117db924cf7c	12036	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12037	case certificate_status:
wolfSSL	15:117db924cf7c	12038	if (ssl->msgsReceived.got_certificate_status) {
wolfSSL	15:117db924cf7c	12039	WOLFSSL_MSG("Duplicate CertificateSatatus received");
wolfSSL	15:117db924cf7c	12040	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12041	}
wolfSSL	15:117db924cf7c	12042	ssl->msgsReceived.got_certificate_status = 1;
wolfSSL	15:117db924cf7c	12043
wolfSSL	15:117db924cf7c	12044	if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL	15:117db924cf7c	12045	WOLFSSL_MSG("No Certificate before CertificateStatus");
wolfSSL	15:117db924cf7c	12046	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12047	}
wolfSSL	15:117db924cf7c	12048	if (ssl->msgsReceived.got_server_key_exchange != 0) {
wolfSSL	15:117db924cf7c	12049	WOLFSSL_MSG("CertificateStatus after ServerKeyExchange");
wolfSSL	15:117db924cf7c	12050	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12051	}
wolfSSL	15:117db924cf7c	12052
wolfSSL	15:117db924cf7c	12053	break;
wolfSSL	15:117db924cf7c	12054	#endif
wolfSSL	15:117db924cf7c	12055
wolfSSL	15:117db924cf7c	12056	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12057	case server_key_exchange:
wolfSSL	15:117db924cf7c	12058	if (ssl->msgsReceived.got_server_key_exchange) {
wolfSSL	15:117db924cf7c	12059	WOLFSSL_MSG("Duplicate ServerKeyExchange received");
wolfSSL	15:117db924cf7c	12060	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12061	}
wolfSSL	15:117db924cf7c	12062	ssl->msgsReceived.got_server_key_exchange = 1;
wolfSSL	15:117db924cf7c	12063
wolfSSL	15:117db924cf7c	12064	if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL	15:117db924cf7c	12065	WOLFSSL_MSG("No ServerHello before ServerKeyExchange");
wolfSSL	15:117db924cf7c	12066	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12067	}
wolfSSL	15:117db924cf7c	12068	if (ssl->msgsReceived.got_certificate_status == 0) {
wolfSSL	15:117db924cf7c	12069	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	12070	if (ssl->status_request) {
wolfSSL	15:117db924cf7c	12071	int ret;
wolfSSL	15:117db924cf7c	12072
wolfSSL	15:117db924cf7c	12073	WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL	15:117db924cf7c	12074	if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0)
wolfSSL	15:117db924cf7c	12075	return ret;
wolfSSL	15:117db924cf7c	12076	}
wolfSSL	15:117db924cf7c	12077	#endif
wolfSSL	15:117db924cf7c	12078	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	12079	if (ssl->status_request_v2) {
wolfSSL	15:117db924cf7c	12080	int ret;
wolfSSL	15:117db924cf7c	12081
wolfSSL	15:117db924cf7c	12082	WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL	15:117db924cf7c	12083	if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0)
wolfSSL	15:117db924cf7c	12084	return ret;
wolfSSL	15:117db924cf7c	12085	}
wolfSSL	15:117db924cf7c	12086	#endif
wolfSSL	15:117db924cf7c	12087	}
wolfSSL	15:117db924cf7c	12088
wolfSSL	15:117db924cf7c	12089	break;
wolfSSL	15:117db924cf7c	12090	#endif
wolfSSL	15:117db924cf7c	12091
wolfSSL	15:117db924cf7c	12092	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12093	case certificate_request:
wolfSSL	15:117db924cf7c	12094	if (ssl->msgsReceived.got_certificate_request) {
wolfSSL	15:117db924cf7c	12095	WOLFSSL_MSG("Duplicate CertificateRequest received");
wolfSSL	15:117db924cf7c	12096	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12097	}
wolfSSL	15:117db924cf7c	12098	ssl->msgsReceived.got_certificate_request = 1;
wolfSSL	15:117db924cf7c	12099
wolfSSL	15:117db924cf7c	12100	break;
wolfSSL	15:117db924cf7c	12101	#endif
wolfSSL	15:117db924cf7c	12102
wolfSSL	15:117db924cf7c	12103	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12104	case server_hello_done:
wolfSSL	15:117db924cf7c	12105	if (ssl->msgsReceived.got_server_hello_done) {
wolfSSL	15:117db924cf7c	12106	WOLFSSL_MSG("Duplicate ServerHelloDone received");
wolfSSL	15:117db924cf7c	12107	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12108	}
wolfSSL	15:117db924cf7c	12109	ssl->msgsReceived.got_server_hello_done = 1;
wolfSSL	15:117db924cf7c	12110
wolfSSL	15:117db924cf7c	12111	if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL	15:117db924cf7c	12112	if (ssl->specs.kea == psk_kea \|\|
wolfSSL	15:117db924cf7c	12113	ssl->specs.kea == dhe_psk_kea \|\|
wolfSSL	15:117db924cf7c	12114	ssl->specs.kea == ecdhe_psk_kea \|\|
wolfSSL	15:117db924cf7c	12115	ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	12116	WOLFSSL_MSG("No Cert required");
wolfSSL	15:117db924cf7c	12117	} else {
wolfSSL	15:117db924cf7c	12118	WOLFSSL_MSG("No Certificate before ServerHelloDone");
wolfSSL	15:117db924cf7c	12119	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12120	}
wolfSSL	15:117db924cf7c	12121	}
wolfSSL	15:117db924cf7c	12122	if (ssl->msgsReceived.got_server_key_exchange == 0) {
wolfSSL	15:117db924cf7c	12123	int pskNoServerHint = 0; /* not required in this case */
wolfSSL	15:117db924cf7c	12124
wolfSSL	15:117db924cf7c	12125	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	12126	if (ssl->specs.kea == psk_kea &&
wolfSSL	16:8e0d178b1d1e	12127	ssl->arrays != NULL &&
wolfSSL	16:8e0d178b1d1e	12128	ssl->arrays->server_hint[0] == 0)
wolfSSL	15:117db924cf7c	12129	pskNoServerHint = 1;
wolfSSL	15:117db924cf7c	12130	#endif
wolfSSL	15:117db924cf7c	12131	if (ssl->specs.static_ecdh == 1 \|\|
wolfSSL	15:117db924cf7c	12132	ssl->specs.kea == rsa_kea \|\|
wolfSSL	15:117db924cf7c	12133	ssl->specs.kea == ntru_kea \|\|
wolfSSL	15:117db924cf7c	12134	pskNoServerHint) {
wolfSSL	15:117db924cf7c	12135	WOLFSSL_MSG("No KeyExchange required");
wolfSSL	15:117db924cf7c	12136	} else {
wolfSSL	15:117db924cf7c	12137	WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
wolfSSL	15:117db924cf7c	12138	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12139	}
wolfSSL	15:117db924cf7c	12140	}
wolfSSL	15:117db924cf7c	12141	break;
wolfSSL	15:117db924cf7c	12142	#endif
wolfSSL	15:117db924cf7c	12143
wolfSSL	15:117db924cf7c	12144	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	12145	case certificate_verify:
wolfSSL	15:117db924cf7c	12146	if (ssl->msgsReceived.got_certificate_verify) {
wolfSSL	15:117db924cf7c	12147	WOLFSSL_MSG("Duplicate CertificateVerify received");
wolfSSL	15:117db924cf7c	12148	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12149	}
wolfSSL	15:117db924cf7c	12150	ssl->msgsReceived.got_certificate_verify = 1;
wolfSSL	15:117db924cf7c	12151
wolfSSL	15:117db924cf7c	12152	if ( ssl->msgsReceived.got_certificate == 0) {
wolfSSL	15:117db924cf7c	12153	WOLFSSL_MSG("No Cert before CertVerify");
wolfSSL	15:117db924cf7c	12154	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12155	}
wolfSSL	15:117db924cf7c	12156	break;
wolfSSL	15:117db924cf7c	12157	#endif
wolfSSL	15:117db924cf7c	12158
wolfSSL	15:117db924cf7c	12159	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	12160	case client_key_exchange:
wolfSSL	15:117db924cf7c	12161	if (ssl->msgsReceived.got_client_key_exchange) {
wolfSSL	15:117db924cf7c	12162	WOLFSSL_MSG("Duplicate ClientKeyExchange received");
wolfSSL	16:8e0d178b1d1e	12163	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	12164	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	12165	#endif
wolfSSL	15:117db924cf7c	12166	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12167	}
wolfSSL	15:117db924cf7c	12168	ssl->msgsReceived.got_client_key_exchange = 1;
wolfSSL	15:117db924cf7c	12169
wolfSSL	15:117db924cf7c	12170	if (ssl->msgsReceived.got_client_hello == 0) {
wolfSSL	15:117db924cf7c	12171	WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
wolfSSL	15:117db924cf7c	12172	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12173	}
wolfSSL	15:117db924cf7c	12174	break;
wolfSSL	15:117db924cf7c	12175	#endif
wolfSSL	15:117db924cf7c	12176
wolfSSL	15:117db924cf7c	12177	case finished:
wolfSSL	15:117db924cf7c	12178	if (ssl->msgsReceived.got_finished) {
wolfSSL	15:117db924cf7c	12179	WOLFSSL_MSG("Duplicate Finished received");
wolfSSL	15:117db924cf7c	12180	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12181	}
wolfSSL	15:117db924cf7c	12182	ssl->msgsReceived.got_finished = 1;
wolfSSL	15:117db924cf7c	12183
wolfSSL	15:117db924cf7c	12184	if (ssl->msgsReceived.got_change_cipher == 0) {
wolfSSL	15:117db924cf7c	12185	WOLFSSL_MSG("Finished received before ChangeCipher");
wolfSSL	16:8e0d178b1d1e	12186	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	12187	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	12188	#endif
wolfSSL	15:117db924cf7c	12189	return NO_CHANGE_CIPHER_E;
wolfSSL	15:117db924cf7c	12190	}
wolfSSL	15:117db924cf7c	12191	break;
wolfSSL	15:117db924cf7c	12192
wolfSSL	15:117db924cf7c	12193	case change_cipher_hs:
wolfSSL	15:117db924cf7c	12194	if (ssl->msgsReceived.got_change_cipher) {
wolfSSL	15:117db924cf7c	12195	WOLFSSL_MSG("Duplicate ChangeCipher received");
wolfSSL	16:8e0d178b1d1e	12196	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	12197	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	12198	#endif
wolfSSL	15:117db924cf7c	12199	return DUPLICATE_MSG_E;
wolfSSL	15:117db924cf7c	12200	}
wolfSSL	15:117db924cf7c	12201	/* DTLS is going to ignore the CCS message if the client key
wolfSSL	15:117db924cf7c	12202	* exchange message wasn't received yet. */
wolfSSL	15:117db924cf7c	12203	if (!ssl->options.dtls)
wolfSSL	15:117db924cf7c	12204	ssl->msgsReceived.got_change_cipher = 1;
wolfSSL	15:117db924cf7c	12205
wolfSSL	15:117db924cf7c	12206	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12207	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	16:8e0d178b1d1e	12208	if (!ssl->options.resuming) {
wolfSSL	16:8e0d178b1d1e	12209	if (ssl->msgsReceived.got_server_hello_done == 0) {
wolfSSL	16:8e0d178b1d1e	12210	WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
wolfSSL	16:8e0d178b1d1e	12211	return OUT_OF_ORDER_E;
wolfSSL	16:8e0d178b1d1e	12212	}
wolfSSL	16:8e0d178b1d1e	12213	}
wolfSSL	16:8e0d178b1d1e	12214	else {
wolfSSL	16:8e0d178b1d1e	12215	if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL	16:8e0d178b1d1e	12216	WOLFSSL_MSG("No ServerHello before ChangeCipher on Resume");
wolfSSL	16:8e0d178b1d1e	12217	return OUT_OF_ORDER_E;
wolfSSL	16:8e0d178b1d1e	12218	}
wolfSSL	15:117db924cf7c	12219	}
wolfSSL	15:117db924cf7c	12220	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	12221	if (ssl->expect_session_ticket) {
wolfSSL	15:117db924cf7c	12222	WOLFSSL_MSG("Expected session ticket missing");
wolfSSL	15:117db924cf7c	12223	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	12224	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	12225	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12226	#endif
wolfSSL	15:117db924cf7c	12227	return SESSION_TICKET_EXPECT_E;
wolfSSL	15:117db924cf7c	12228	}
wolfSSL	15:117db924cf7c	12229	#endif
wolfSSL	15:117db924cf7c	12230	}
wolfSSL	15:117db924cf7c	12231	#endif
wolfSSL	15:117db924cf7c	12232	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	12233	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	12234	if (!ssl->options.resuming &&
wolfSSL	15:117db924cf7c	12235	ssl->msgsReceived.got_client_key_exchange == 0) {
wolfSSL	15:117db924cf7c	12236	WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
wolfSSL	16:8e0d178b1d1e	12237	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	12238	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	12239	#endif
wolfSSL	15:117db924cf7c	12240	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12241	}
wolfSSL	15:117db924cf7c	12242	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	12243	if (ssl->options.verifyPeer &&
wolfSSL	15:117db924cf7c	12244	ssl->options.havePeerCert) {
wolfSSL	15:117db924cf7c	12245
wolfSSL	15:117db924cf7c	12246	if (!ssl->options.havePeerVerify) {
wolfSSL	15:117db924cf7c	12247	WOLFSSL_MSG("client didn't send cert verify");
wolfSSL	15:117db924cf7c	12248	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	12249	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	12250	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12251	#endif
wolfSSL	15:117db924cf7c	12252	return NO_PEER_VERIFY;
wolfSSL	15:117db924cf7c	12253	}
wolfSSL	15:117db924cf7c	12254	}
wolfSSL	15:117db924cf7c	12255	#endif
wolfSSL	15:117db924cf7c	12256	}
wolfSSL	15:117db924cf7c	12257	#endif
wolfSSL	15:117db924cf7c	12258	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	12259	ssl->msgsReceived.got_change_cipher = 1;
wolfSSL	15:117db924cf7c	12260	break;
wolfSSL	15:117db924cf7c	12261
wolfSSL	15:117db924cf7c	12262	default:
wolfSSL	15:117db924cf7c	12263	WOLFSSL_MSG("Unknown message type");
wolfSSL	15:117db924cf7c	12264	return SANITY_MSG_E;
wolfSSL	15:117db924cf7c	12265	}
wolfSSL	15:117db924cf7c	12266
wolfSSL	15:117db924cf7c	12267	return 0;
wolfSSL	15:117db924cf7c	12268	}
wolfSSL	15:117db924cf7c	12269
wolfSSL	15:117db924cf7c	12270
wolfSSL	15:117db924cf7c	12271	static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	12272	byte type, word32 size, word32 totalSz)
wolfSSL	15:117db924cf7c	12273	{
wolfSSL	15:117db924cf7c	12274	int ret = 0;
wolfSSL	15:117db924cf7c	12275	word32 expectedIdx;
wolfSSL	15:117db924cf7c	12276
wolfSSL	15:117db924cf7c	12277	WOLFSSL_ENTER("DoHandShakeMsgType");
wolfSSL	15:117db924cf7c	12278
wolfSSL	15:117db924cf7c	12279	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	12280	if (type == hello_retry_request) {
wolfSSL	15:117db924cf7c	12281	return DoTls13HandShakeMsgType(ssl, input, inOutIdx, type, size,
wolfSSL	15:117db924cf7c	12282	totalSz);
wolfSSL	15:117db924cf7c	12283	}
wolfSSL	15:117db924cf7c	12284	#endif
wolfSSL	15:117db924cf7c	12285
wolfSSL	15:117db924cf7c	12286	/* make sure can read the message */
wolfSSL	16:8e0d178b1d1e	12287	if (*inOutIdx + size > totalSz) {
wolfSSL	16:8e0d178b1d1e	12288	WOLFSSL_MSG("Incomplete Data");
wolfSSL	15:117db924cf7c	12289	return INCOMPLETE_DATA;
wolfSSL	16:8e0d178b1d1e	12290	}
wolfSSL	15:117db924cf7c	12291
wolfSSL	15:117db924cf7c	12292	expectedIdx = *inOutIdx + size +
wolfSSL	15:117db924cf7c	12293	(ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
wolfSSL	16:8e0d178b1d1e	12294	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	12295	if (ssl->options.startedETMRead && ssl->keys.encryptionOn)
wolfSSL	16:8e0d178b1d1e	12296	expectedIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	12297	#endif
wolfSSL	16:8e0d178b1d1e	12298
wolfSSL	16:8e0d178b1d1e	12299	#if !defined(WOLFSSL_NO_SERVER) && \
wolfSSL	16:8e0d178b1d1e	12300	defined(HAVE_SECURE_RENEGOTIATION) && \
wolfSSL	16:8e0d178b1d1e	12301	defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL	16:8e0d178b1d1e	12302	if (ssl->options.handShakeDone && type == client_hello &&
wolfSSL	16:8e0d178b1d1e	12303	ssl->secure_renegotiation &&
wolfSSL	16:8e0d178b1d1e	12304	ssl->secure_renegotiation->enabled)
wolfSSL	16:8e0d178b1d1e	12305	{
wolfSSL	16:8e0d178b1d1e	12306	WOLFSSL_MSG("Reset handshake state");
wolfSSL	16:8e0d178b1d1e	12307	XMEMSET(&ssl->msgsReceived, 0, sizeof(MsgsReceived));
wolfSSL	16:8e0d178b1d1e	12308	ssl->options.serverState = NULL_STATE;
wolfSSL	16:8e0d178b1d1e	12309	ssl->options.clientState = NULL_STATE;
wolfSSL	16:8e0d178b1d1e	12310	ssl->options.connectState = CONNECT_BEGIN;
wolfSSL	16:8e0d178b1d1e	12311	ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL	16:8e0d178b1d1e	12312	ssl->options.handShakeState = NULL_STATE;
wolfSSL	16:8e0d178b1d1e	12313	ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
wolfSSL	16:8e0d178b1d1e	12314
wolfSSL	16:8e0d178b1d1e	12315	ret = InitHandshakeHashes(ssl);
wolfSSL	16:8e0d178b1d1e	12316	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	12317	return ret;
wolfSSL	16:8e0d178b1d1e	12318	}
wolfSSL	16:8e0d178b1d1e	12319	#endif
wolfSSL	15:117db924cf7c	12320
wolfSSL	15:117db924cf7c	12321	/* sanity check msg received */
wolfSSL	15:117db924cf7c	12322	if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
wolfSSL	15:117db924cf7c	12323	WOLFSSL_MSG("Sanity Check on handshake message type received failed");
wolfSSL	15:117db924cf7c	12324	return ret;
wolfSSL	15:117db924cf7c	12325	}
wolfSSL	15:117db924cf7c	12326
wolfSSL	15:117db924cf7c	12327	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	12328	/* add name later, add on record and handshake header part back on */
wolfSSL	15:117db924cf7c	12329	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	12330	int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	12331	AddPacketInfo(ssl, 0, handshake, input + *inOutIdx - add,
wolfSSL	15:117db924cf7c	12332	size + add, READ_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	12333	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	12334	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	12335	#endif
wolfSSL	15:117db924cf7c	12336	}
wolfSSL	15:117db924cf7c	12337	#endif
wolfSSL	15:117db924cf7c	12338
wolfSSL	15:117db924cf7c	12339	if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL	15:117db924cf7c	12340	WOLFSSL_MSG("HandShake message after handshake complete");
wolfSSL	15:117db924cf7c	12341	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	12342	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12343	}
wolfSSL	15:117db924cf7c	12344
wolfSSL	15:117db924cf7c	12345	if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL	15:117db924cf7c	12346	ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL	15:117db924cf7c	12347	WOLFSSL_MSG("First server message not server hello");
wolfSSL	15:117db924cf7c	12348	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	12349	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12350	}
wolfSSL	15:117db924cf7c	12351
wolfSSL	15:117db924cf7c	12352	if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
wolfSSL	15:117db924cf7c	12353	type == server_hello_done &&
wolfSSL	15:117db924cf7c	12354	ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL	15:117db924cf7c	12355	WOLFSSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL	15:117db924cf7c	12356	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	12357	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12358	}
wolfSSL	15:117db924cf7c	12359
wolfSSL	15:117db924cf7c	12360	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	15:117db924cf7c	12361	ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL	15:117db924cf7c	12362	WOLFSSL_MSG("First client message not client hello");
wolfSSL	15:117db924cf7c	12363	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	12364	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	12365	}
wolfSSL	15:117db924cf7c	12366
wolfSSL	15:117db924cf7c	12367	/* above checks handshake state */
wolfSSL	15:117db924cf7c	12368	/* hello_request not hashed */
wolfSSL	15:117db924cf7c	12369	/* Also, skip hashing the client_hello message here for DTLS. It will be
wolfSSL	15:117db924cf7c	12370	* hashed later if the DTLS cookie is correct. */
wolfSSL	15:117db924cf7c	12371	if (type != hello_request &&
wolfSSL	15:117db924cf7c	12372	!(IsDtlsNotSctpMode(ssl) && type == client_hello)
wolfSSL	15:117db924cf7c	12373	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	12374	&& ssl->error != WC_PENDING_E
wolfSSL	15:117db924cf7c	12375	#endif
wolfSSL	15:117db924cf7c	12376	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	12377	&& ssl->error != OCSP_WANT_READ
wolfSSL	15:117db924cf7c	12378	#endif
wolfSSL	15:117db924cf7c	12379	) {
wolfSSL	15:117db924cf7c	12380	ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL	16:8e0d178b1d1e	12381	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	12382	WOLFSSL_MSG("Incomplete handshake hashes");
wolfSSL	16:8e0d178b1d1e	12383	return ret;
wolfSSL	16:8e0d178b1d1e	12384	}
wolfSSL	15:117db924cf7c	12385	}
wolfSSL	15:117db924cf7c	12386
wolfSSL	15:117db924cf7c	12387	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	12388	if (ssl->CBIS != NULL){
wolfSSL	16:8e0d178b1d1e	12389	ssl->cbmode = SSL_CB_MODE_READ;
wolfSSL	16:8e0d178b1d1e	12390	ssl->cbtype = type;
wolfSSL	16:8e0d178b1d1e	12391	ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	12392	}
wolfSSL	15:117db924cf7c	12393	#endif
wolfSSL	15:117db924cf7c	12394
wolfSSL	15:117db924cf7c	12395	switch (type) {
wolfSSL	15:117db924cf7c	12396
wolfSSL	15:117db924cf7c	12397	case hello_request:
wolfSSL	15:117db924cf7c	12398	WOLFSSL_MSG("processing hello request");
wolfSSL	15:117db924cf7c	12399	ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL	15:117db924cf7c	12400	break;
wolfSSL	15:117db924cf7c	12401
wolfSSL	15:117db924cf7c	12402	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	12403	case hello_verify_request:
wolfSSL	15:117db924cf7c	12404	WOLFSSL_MSG("processing hello verify request");
wolfSSL	15:117db924cf7c	12405	ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL	15:117db924cf7c	12406	break;
wolfSSL	15:117db924cf7c	12407
wolfSSL	15:117db924cf7c	12408	case server_hello:
wolfSSL	15:117db924cf7c	12409	WOLFSSL_MSG("processing server hello");
wolfSSL	15:117db924cf7c	12410	ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL	16:8e0d178b1d1e	12411	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	12412	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	12413	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	15:117db924cf7c	12414	if (ssl->options.resuming \|\| !IsAtLeastTLSv1_2(ssl) \|\|
wolfSSL	15:117db924cf7c	12415	IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	16:8e0d178b1d1e	12416
wolfSSL	16:8e0d178b1d1e	12417	#if defined(WOLFSSL_ASYNC_CRYPT) \|\| defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	16:8e0d178b1d1e	12418	if (ret != WC_PENDING_E && ret != OCSP_WANT_READ)
wolfSSL	16:8e0d178b1d1e	12419	#endif
wolfSSL	16:8e0d178b1d1e	12420	{
wolfSSL	16:8e0d178b1d1e	12421	ssl->options.cacheMessages = 0;
wolfSSL	16:8e0d178b1d1e	12422	if (ssl->hsHashes->messages != NULL) {
wolfSSL	16:8e0d178b1d1e	12423	XFREE(ssl->hsHashes->messages, ssl->heap,
wolfSSL	16:8e0d178b1d1e	12424	DYNAMIC_TYPE_HASHES);
wolfSSL	16:8e0d178b1d1e	12425	ssl->hsHashes->messages = NULL;
wolfSSL	16:8e0d178b1d1e	12426	}
wolfSSL	16:8e0d178b1d1e	12427	}
wolfSSL	15:117db924cf7c	12428	}
wolfSSL	15:117db924cf7c	12429	#endif
wolfSSL	15:117db924cf7c	12430	break;
wolfSSL	15:117db924cf7c	12431
wolfSSL	15:117db924cf7c	12432	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	12433	case certificate_request:
wolfSSL	15:117db924cf7c	12434	WOLFSSL_MSG("processing certificate request");
wolfSSL	15:117db924cf7c	12435	ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12436	break;
wolfSSL	15:117db924cf7c	12437	#endif
wolfSSL	15:117db924cf7c	12438
wolfSSL	15:117db924cf7c	12439	case server_key_exchange:
wolfSSL	15:117db924cf7c	12440	WOLFSSL_MSG("processing server key exchange");
wolfSSL	15:117db924cf7c	12441	ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12442	break;
wolfSSL	15:117db924cf7c	12443
wolfSSL	15:117db924cf7c	12444	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	12445	case session_ticket:
wolfSSL	15:117db924cf7c	12446	WOLFSSL_MSG("processing session ticket");
wolfSSL	15:117db924cf7c	12447	ret = DoSessionTicket(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12448	break;
wolfSSL	15:117db924cf7c	12449	#endif /* HAVE_SESSION_TICKET */
wolfSSL	15:117db924cf7c	12450	#endif
wolfSSL	15:117db924cf7c	12451
wolfSSL	16:8e0d178b1d1e	12452	#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) \|\| \
wolfSSL	16:8e0d178b1d1e	12453	!defined(WOLFSSL_NO_CLIENT_AUTH))
wolfSSL	15:117db924cf7c	12454	case certificate:
wolfSSL	15:117db924cf7c	12455	WOLFSSL_MSG("processing certificate");
wolfSSL	15:117db924cf7c	12456	ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12457	break;
wolfSSL	15:117db924cf7c	12458
wolfSSL	15:117db924cf7c	12459	case certificate_status:
wolfSSL	15:117db924cf7c	12460	WOLFSSL_MSG("processing certificate status");
wolfSSL	15:117db924cf7c	12461	ret = DoCertificateStatus(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12462	break;
wolfSSL	15:117db924cf7c	12463	#endif
wolfSSL	15:117db924cf7c	12464
wolfSSL	15:117db924cf7c	12465	case server_hello_done:
wolfSSL	15:117db924cf7c	12466	WOLFSSL_MSG("processing server hello done");
wolfSSL	15:117db924cf7c	12467	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	12468	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	12469	AddPacketName(ssl, "ServerHelloDone");
wolfSSL	15:117db924cf7c	12470	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	12471	AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	12472	#endif
wolfSSL	15:117db924cf7c	12473	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	15:117db924cf7c	12474	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	12475	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	12476	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	12477	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	12478	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	12479	#endif
wolfSSL	15:117db924cf7c	12480	}
wolfSSL	15:117db924cf7c	12481	if (ssl->options.resuming) {
wolfSSL	15:117db924cf7c	12482	WOLFSSL_MSG("Not resuming as thought");
wolfSSL	15:117db924cf7c	12483	ssl->options.resuming = 0;
wolfSSL	15:117db924cf7c	12484	}
wolfSSL	15:117db924cf7c	12485	break;
wolfSSL	15:117db924cf7c	12486
wolfSSL	15:117db924cf7c	12487	case finished:
wolfSSL	15:117db924cf7c	12488	WOLFSSL_MSG("processing finished");
wolfSSL	15:117db924cf7c	12489	ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL	15:117db924cf7c	12490	break;
wolfSSL	15:117db924cf7c	12491
wolfSSL	15:117db924cf7c	12492	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	12493	case client_hello:
wolfSSL	15:117db924cf7c	12494	WOLFSSL_MSG("processing client hello");
wolfSSL	15:117db924cf7c	12495	ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL	16:8e0d178b1d1e	12496	#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
wolfSSL	16:8e0d178b1d1e	12497	((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) \|\| \
wolfSSL	16:8e0d178b1d1e	12498	(defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
wolfSSL	15:117db924cf7c	12499	if (ssl->options.resuming \|\| !ssl->options.verifyPeer \|\| \
wolfSSL	15:117db924cf7c	12500	!IsAtLeastTLSv1_2(ssl) \|\| IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	16:8e0d178b1d1e	12501	#if defined(WOLFSSL_ASYNC_CRYPT) \|\| defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	16:8e0d178b1d1e	12502	if (ret != WC_PENDING_E && ret != OCSP_WANT_READ)
wolfSSL	16:8e0d178b1d1e	12503	#endif
wolfSSL	16:8e0d178b1d1e	12504	{
wolfSSL	16:8e0d178b1d1e	12505	ssl->options.cacheMessages = 0;
wolfSSL	16:8e0d178b1d1e	12506	if (ssl->hsHashes->messages != NULL) {
wolfSSL	16:8e0d178b1d1e	12507	XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL	16:8e0d178b1d1e	12508	ssl->hsHashes->messages = NULL;
wolfSSL	16:8e0d178b1d1e	12509	}
wolfSSL	16:8e0d178b1d1e	12510	}
wolfSSL	16:8e0d178b1d1e	12511	}
wolfSSL	16:8e0d178b1d1e	12512	#endif
wolfSSL	16:8e0d178b1d1e	12513	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	12514	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	12515	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	12516	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	12517	if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
wolfSSL	16:8e0d178b1d1e	12518	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	12519	*inOutIdx += ssl->keys.padSz + digestSz;
wolfSSL	16:8e0d178b1d1e	12520	}
wolfSSL	16:8e0d178b1d1e	12521	else
wolfSSL	16:8e0d178b1d1e	12522	#endif
wolfSSL	16:8e0d178b1d1e	12523	{
wolfSSL	16:8e0d178b1d1e	12524	/* access beyond input + size should be checked against totalSz
wolfSSL	16:8e0d178b1d1e	12525	*/
wolfSSL	16:8e0d178b1d1e	12526	if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL	16:8e0d178b1d1e	12527	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	12528
wolfSSL	16:8e0d178b1d1e	12529	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	12530	}
wolfSSL	16:8e0d178b1d1e	12531	}
wolfSSL	15:117db924cf7c	12532	break;
wolfSSL	15:117db924cf7c	12533
wolfSSL	15:117db924cf7c	12534	case client_key_exchange:
wolfSSL	15:117db924cf7c	12535	WOLFSSL_MSG("processing client key exchange");
wolfSSL	15:117db924cf7c	12536	ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12537	break;
wolfSSL	15:117db924cf7c	12538
wolfSSL	16:8e0d178b1d1e	12539	#if (!defined(NO_RSA) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	12540	defined(HAVE_ED448)) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	12541	case certificate_verify:
wolfSSL	15:117db924cf7c	12542	WOLFSSL_MSG("processing certificate verify");
wolfSSL	15:117db924cf7c	12543	ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL	15:117db924cf7c	12544	break;
wolfSSL	16:8e0d178b1d1e	12545	#endif /* (!NO_RSA \|\| ECC \|\| ED25519 \|\| ED448) && !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	12546
wolfSSL	15:117db924cf7c	12547	#endif /* !NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	12548
wolfSSL	15:117db924cf7c	12549	default:
wolfSSL	15:117db924cf7c	12550	WOLFSSL_MSG("Unknown handshake message type");
wolfSSL	15:117db924cf7c	12551	ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL	15:117db924cf7c	12552	break;
wolfSSL	15:117db924cf7c	12553	}
wolfSSL	15:117db924cf7c	12554	if (ret == 0 && expectedIdx != *inOutIdx) {
wolfSSL	15:117db924cf7c	12555	WOLFSSL_MSG("Extra data in handshake message");
wolfSSL	15:117db924cf7c	12556	if (!ssl->options.dtls)
wolfSSL	15:117db924cf7c	12557	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	15:117db924cf7c	12558	ret = DECODE_E;
wolfSSL	15:117db924cf7c	12559	}
wolfSSL	15:117db924cf7c	12560
wolfSSL	16:8e0d178b1d1e	12561	if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag
wolfSSL	16:8e0d178b1d1e	12562	#if defined(WOLFSSL_ASYNC_CRYPT) \|\| defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	16:8e0d178b1d1e	12563	/* do not shrink input for async or non-block */
wolfSSL	16:8e0d178b1d1e	12564	&& ssl->error != WC_PENDING_E && ssl->error != OCSP_WANT_READ
wolfSSL	16:8e0d178b1d1e	12565	#endif
wolfSSL	16:8e0d178b1d1e	12566	) {
wolfSSL	16:8e0d178b1d1e	12567	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	16:8e0d178b1d1e	12568	}
wolfSSL	16:8e0d178b1d1e	12569
wolfSSL	15:117db924cf7c	12570	#if defined(WOLFSSL_ASYNC_CRYPT) \|\| defined(WOLFSSL_NONBLOCK_OCSP)
wolfSSL	15:117db924cf7c	12571	/* if async, offset index so this msg will be processed again */
wolfSSL	15:117db924cf7c	12572	if ((ret == WC_PENDING_E \|\| ret == OCSP_WANT_READ) && *inOutIdx > 0) {
wolfSSL	15:117db924cf7c	12573	*inOutIdx -= HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	12574	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	12575	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	12576	*inOutIdx -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	12577	}
wolfSSL	15:117db924cf7c	12578	#endif
wolfSSL	15:117db924cf7c	12579	}
wolfSSL	16:8e0d178b1d1e	12580
wolfSSL	16:8e0d178b1d1e	12581	/* make sure async error is cleared */
wolfSSL	16:8e0d178b1d1e	12582	if (ret == 0 && (ssl->error == WC_PENDING_E \|\| ssl->error == OCSP_WANT_READ)) {
wolfSSL	16:8e0d178b1d1e	12583	ssl->error = 0;
wolfSSL	16:8e0d178b1d1e	12584	}
wolfSSL	15:117db924cf7c	12585	#endif /* WOLFSSL_ASYNC_CRYPT \|\| WOLFSSL_NONBLOCK_OCSP */
wolfSSL	15:117db924cf7c	12586
wolfSSL	15:117db924cf7c	12587	WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL	15:117db924cf7c	12588	return ret;
wolfSSL	15:117db924cf7c	12589	}
wolfSSL	15:117db924cf7c	12590
wolfSSL	15:117db924cf7c	12591
wolfSSL	15:117db924cf7c	12592	static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	12593	word32 totalSz)
wolfSSL	15:117db924cf7c	12594	{
wolfSSL	15:117db924cf7c	12595	int ret = 0;
wolfSSL	15:117db924cf7c	12596	word32 inputLength;
wolfSSL	15:117db924cf7c	12597
wolfSSL	15:117db924cf7c	12598	WOLFSSL_ENTER("DoHandShakeMsg()");
wolfSSL	15:117db924cf7c	12599
wolfSSL	15:117db924cf7c	12600	if (ssl->arrays == NULL) {
wolfSSL	15:117db924cf7c	12601	byte type;
wolfSSL	15:117db924cf7c	12602	word32 size;
wolfSSL	15:117db924cf7c	12603
wolfSSL	15:117db924cf7c	12604	if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0)
wolfSSL	15:117db924cf7c	12605	return PARSE_ERROR;
wolfSSL	15:117db924cf7c	12606
wolfSSL	15:117db924cf7c	12607	ssl->options.handShakeState = type;
wolfSSL	15:117db924cf7c	12608
wolfSSL	15:117db924cf7c	12609	return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	15:117db924cf7c	12610	}
wolfSSL	15:117db924cf7c	12611
wolfSSL	15:117db924cf7c	12612	inputLength = ssl->buffers.inputBuffer.length - *inOutIdx;
wolfSSL	15:117db924cf7c	12613
wolfSSL	15:117db924cf7c	12614	/* If there is a pending fragmented handshake message,
wolfSSL	15:117db924cf7c	12615	* pending message size will be non-zero. */
wolfSSL	15:117db924cf7c	12616	if (ssl->arrays->pendingMsgSz == 0) {
wolfSSL	15:117db924cf7c	12617	byte type;
wolfSSL	15:117db924cf7c	12618	word32 size;
wolfSSL	15:117db924cf7c	12619
wolfSSL	15:117db924cf7c	12620	if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
wolfSSL	15:117db924cf7c	12621	return PARSE_ERROR;
wolfSSL	15:117db924cf7c	12622
wolfSSL	15:117db924cf7c	12623	/* Cap the maximum size of a handshake message to something reasonable.
wolfSSL	15:117db924cf7c	12624	* By default is the maximum size of a certificate message assuming
wolfSSL	15:117db924cf7c	12625	* nine 2048-bit RSA certificates in the chain. */
wolfSSL	15:117db924cf7c	12626	if (size > MAX_HANDSHAKE_SZ) {
wolfSSL	15:117db924cf7c	12627	WOLFSSL_MSG("Handshake message too large");
wolfSSL	15:117db924cf7c	12628	return HANDSHAKE_SIZE_ERROR;
wolfSSL	15:117db924cf7c	12629	}
wolfSSL	15:117db924cf7c	12630
wolfSSL	15:117db924cf7c	12631	/* size is the size of the certificate message payload */
wolfSSL	15:117db924cf7c	12632	if (inputLength - HANDSHAKE_HEADER_SZ < size) {
wolfSSL	15:117db924cf7c	12633	ssl->arrays->pendingMsgType = type;
wolfSSL	15:117db924cf7c	12634	ssl->arrays->pendingMsgSz = size + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	12635	ssl->arrays->pendingMsg = (byte*)XMALLOC(size + HANDSHAKE_HEADER_SZ,
wolfSSL	15:117db924cf7c	12636	ssl->heap,
wolfSSL	15:117db924cf7c	12637	DYNAMIC_TYPE_ARRAYS);
wolfSSL	15:117db924cf7c	12638	if (ssl->arrays->pendingMsg == NULL)
wolfSSL	15:117db924cf7c	12639	return MEMORY_E;
wolfSSL	15:117db924cf7c	12640	XMEMCPY(ssl->arrays->pendingMsg,
wolfSSL	15:117db924cf7c	12641	input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL	15:117db924cf7c	12642	inputLength);
wolfSSL	15:117db924cf7c	12643	ssl->arrays->pendingMsgOffset = inputLength;
wolfSSL	15:117db924cf7c	12644	*inOutIdx += inputLength - HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	12645	return 0;
wolfSSL	15:117db924cf7c	12646	}
wolfSSL	15:117db924cf7c	12647
wolfSSL	15:117db924cf7c	12648	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	15:117db924cf7c	12649	}
wolfSSL	15:117db924cf7c	12650	else {
wolfSSL	16:8e0d178b1d1e	12651	word32 pendSz =
wolfSSL	16:8e0d178b1d1e	12652	ssl->arrays->pendingMsgSz - ssl->arrays->pendingMsgOffset;
wolfSSL	16:8e0d178b1d1e	12653
wolfSSL	16:8e0d178b1d1e	12654	/* Catch the case where there may be the remainder of a fragmented
wolfSSL	16:8e0d178b1d1e	12655	* handshake message and the next handshake message in the same
wolfSSL	16:8e0d178b1d1e	12656	* record. */
wolfSSL	16:8e0d178b1d1e	12657	if (inputLength > pendSz)
wolfSSL	16:8e0d178b1d1e	12658	inputLength = pendSz;
wolfSSL	15:117db924cf7c	12659
wolfSSL	15:117db924cf7c	12660	XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
wolfSSL	15:117db924cf7c	12661	input + *inOutIdx, inputLength);
wolfSSL	15:117db924cf7c	12662	ssl->arrays->pendingMsgOffset += inputLength;
wolfSSL	15:117db924cf7c	12663	*inOutIdx += inputLength;
wolfSSL	15:117db924cf7c	12664
wolfSSL	15:117db924cf7c	12665	if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz)
wolfSSL	15:117db924cf7c	12666	{
wolfSSL	16:8e0d178b1d1e	12667	word32 idx = HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	12668	ret = DoHandShakeMsgType(ssl,
wolfSSL	16:8e0d178b1d1e	12669	ssl->arrays->pendingMsg,
wolfSSL	15:117db924cf7c	12670	&idx, ssl->arrays->pendingMsgType,
wolfSSL	16:8e0d178b1d1e	12671	ssl->arrays->pendingMsgSz - idx,
wolfSSL	15:117db924cf7c	12672	ssl->arrays->pendingMsgSz);
wolfSSL	15:117db924cf7c	12673	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	12674	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	12675	/* setup to process fragment again */
wolfSSL	15:117db924cf7c	12676	ssl->arrays->pendingMsgOffset -= inputLength;
wolfSSL	15:117db924cf7c	12677	*inOutIdx -= inputLength;
wolfSSL	15:117db924cf7c	12678	}
wolfSSL	15:117db924cf7c	12679	else
wolfSSL	15:117db924cf7c	12680	#endif
wolfSSL	15:117db924cf7c	12681	{
wolfSSL	15:117db924cf7c	12682	XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	15:117db924cf7c	12683	ssl->arrays->pendingMsg = NULL;
wolfSSL	15:117db924cf7c	12684	ssl->arrays->pendingMsgSz = 0;
wolfSSL	15:117db924cf7c	12685	}
wolfSSL	15:117db924cf7c	12686	}
wolfSSL	15:117db924cf7c	12687	}
wolfSSL	15:117db924cf7c	12688
wolfSSL	15:117db924cf7c	12689	WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL	15:117db924cf7c	12690	return ret;
wolfSSL	15:117db924cf7c	12691	}
wolfSSL	15:117db924cf7c	12692
wolfSSL	15:117db924cf7c	12693	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	12694
wolfSSL	15:117db924cf7c	12695	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	12696
wolfSSL	15:117db924cf7c	12697	static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	12698	{
wolfSSL	15:117db924cf7c	12699	word32* window;
wolfSSL	15:117db924cf7c	12700	word16 cur_hi, next_hi;
wolfSSL	15:117db924cf7c	12701	word32 cur_lo, next_lo, diff;
wolfSSL	15:117db924cf7c	12702	int curLT;
wolfSSL	15:117db924cf7c	12703	WOLFSSL_DTLS_PEERSEQ* peerSeq = NULL;
wolfSSL	15:117db924cf7c	12704
wolfSSL	15:117db924cf7c	12705	if (!ssl->options.haveMcast)
wolfSSL	15:117db924cf7c	12706	peerSeq = ssl->keys.peerSeq;
wolfSSL	15:117db924cf7c	12707	else {
wolfSSL	15:117db924cf7c	12708	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	12709	WOLFSSL_DTLS_PEERSEQ* p;
wolfSSL	15:117db924cf7c	12710	int i;
wolfSSL	15:117db924cf7c	12711
wolfSSL	15:117db924cf7c	12712	for (i = 0, p = ssl->keys.peerSeq;
wolfSSL	15:117db924cf7c	12713	i < WOLFSSL_DTLS_PEERSEQ_SZ;
wolfSSL	15:117db924cf7c	12714	i++, p++) {
wolfSSL	15:117db924cf7c	12715
wolfSSL	15:117db924cf7c	12716	if (p->peerId == ssl->keys.curPeerId) {
wolfSSL	15:117db924cf7c	12717	peerSeq = p;
wolfSSL	15:117db924cf7c	12718	break;
wolfSSL	15:117db924cf7c	12719	}
wolfSSL	15:117db924cf7c	12720	}
wolfSSL	15:117db924cf7c	12721	#endif
wolfSSL	15:117db924cf7c	12722	}
wolfSSL	15:117db924cf7c	12723
wolfSSL	15:117db924cf7c	12724	if (peerSeq == NULL) {
wolfSSL	15:117db924cf7c	12725	WOLFSSL_MSG("Could not find peer sequence");
wolfSSL	15:117db924cf7c	12726	return 0;
wolfSSL	15:117db924cf7c	12727	}
wolfSSL	15:117db924cf7c	12728
wolfSSL	15:117db924cf7c	12729	if (ssl->keys.curEpoch == peerSeq->nextEpoch) {
wolfSSL	15:117db924cf7c	12730	next_hi = peerSeq->nextSeq_hi;
wolfSSL	15:117db924cf7c	12731	next_lo = peerSeq->nextSeq_lo;
wolfSSL	15:117db924cf7c	12732	window = peerSeq->window;
wolfSSL	15:117db924cf7c	12733	}
wolfSSL	15:117db924cf7c	12734	else if (ssl->keys.curEpoch == peerSeq->nextEpoch - 1) {
wolfSSL	15:117db924cf7c	12735	next_hi = peerSeq->prevSeq_hi;
wolfSSL	15:117db924cf7c	12736	next_lo = peerSeq->prevSeq_lo;
wolfSSL	15:117db924cf7c	12737	window = peerSeq->prevWindow;
wolfSSL	15:117db924cf7c	12738	}
wolfSSL	15:117db924cf7c	12739	else {
wolfSSL	15:117db924cf7c	12740	return 0;
wolfSSL	15:117db924cf7c	12741	}
wolfSSL	15:117db924cf7c	12742
wolfSSL	15:117db924cf7c	12743	cur_hi = ssl->keys.curSeq_hi;
wolfSSL	15:117db924cf7c	12744	cur_lo = ssl->keys.curSeq_lo;
wolfSSL	15:117db924cf7c	12745
wolfSSL	15:117db924cf7c	12746	/* If the difference between next and cur is > 2^32, way outside window. */
wolfSSL	15:117db924cf7c	12747	if ((cur_hi > next_hi + 1) \|\| (next_hi > cur_hi + 1)) {
wolfSSL	15:117db924cf7c	12748	WOLFSSL_MSG("Current record from way too far in the future.");
wolfSSL	15:117db924cf7c	12749	return 0;
wolfSSL	15:117db924cf7c	12750	}
wolfSSL	15:117db924cf7c	12751
wolfSSL	15:117db924cf7c	12752	if (cur_hi == next_hi) {
wolfSSL	15:117db924cf7c	12753	curLT = cur_lo < next_lo;
wolfSSL	15:117db924cf7c	12754	diff = curLT ? next_lo - cur_lo : cur_lo - next_lo;
wolfSSL	15:117db924cf7c	12755	}
wolfSSL	15:117db924cf7c	12756	else {
wolfSSL	15:117db924cf7c	12757	curLT = cur_hi < next_hi;
wolfSSL	15:117db924cf7c	12758	diff = curLT ? cur_lo - next_lo : next_lo - cur_lo;
wolfSSL	15:117db924cf7c	12759	}
wolfSSL	15:117db924cf7c	12760
wolfSSL	15:117db924cf7c	12761	/* Check to see that the next value is greater than the number of messages
wolfSSL	15:117db924cf7c	12762	* trackable in the window, and that the difference between the next
wolfSSL	15:117db924cf7c	12763	* expected sequence number and the received sequence number is inside the
wolfSSL	15:117db924cf7c	12764	* window. */
wolfSSL	15:117db924cf7c	12765	if ((next_hi \|\| next_lo > DTLS_SEQ_BITS) &&
wolfSSL	15:117db924cf7c	12766	curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL	15:117db924cf7c	12767
wolfSSL	15:117db924cf7c	12768	WOLFSSL_MSG("Current record sequence number from the past.");
wolfSSL	15:117db924cf7c	12769	return 0;
wolfSSL	15:117db924cf7c	12770	}
wolfSSL	15:117db924cf7c	12771	#ifndef WOLFSSL_DTLS_ALLOW_FUTURE
wolfSSL	15:117db924cf7c	12772	else if (!curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL	15:117db924cf7c	12773	WOLFSSL_MSG("Rejecting message too far into the future.");
wolfSSL	15:117db924cf7c	12774	return 0;
wolfSSL	15:117db924cf7c	12775	}
wolfSSL	15:117db924cf7c	12776	#endif
wolfSSL	15:117db924cf7c	12777	else if (curLT) {
wolfSSL	15:117db924cf7c	12778	word32 idx = diff / DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12779	word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12780
wolfSSL	15:117db924cf7c	12781	/* verify idx is valid for window array */
wolfSSL	15:117db924cf7c	12782	if (idx >= WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL	15:117db924cf7c	12783	WOLFSSL_MSG("Invalid DTLS windows index");
wolfSSL	15:117db924cf7c	12784	return 0;
wolfSSL	15:117db924cf7c	12785	}
wolfSSL	15:117db924cf7c	12786
wolfSSL	16:8e0d178b1d1e	12787	if (window[idx] & (1 << newDiff)) {
wolfSSL	15:117db924cf7c	12788	WOLFSSL_MSG("Current record sequence number already received.");
wolfSSL	15:117db924cf7c	12789	return 0;
wolfSSL	15:117db924cf7c	12790	}
wolfSSL	15:117db924cf7c	12791	}
wolfSSL	15:117db924cf7c	12792
wolfSSL	15:117db924cf7c	12793	return 1;
wolfSSL	15:117db924cf7c	12794	}
wolfSSL	15:117db924cf7c	12795
wolfSSL	15:117db924cf7c	12796
wolfSSL	15:117db924cf7c	12797	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	12798	static WC_INLINE word32 UpdateHighwaterMark(word32 cur, word32 first,
wolfSSL	15:117db924cf7c	12799	word32 second, word32 max)
wolfSSL	15:117db924cf7c	12800	{
wolfSSL	15:117db924cf7c	12801	word32 newCur = 0;
wolfSSL	15:117db924cf7c	12802
wolfSSL	15:117db924cf7c	12803	if (cur < first)
wolfSSL	15:117db924cf7c	12804	newCur = first;
wolfSSL	15:117db924cf7c	12805	else if (cur < second)
wolfSSL	15:117db924cf7c	12806	newCur = second;
wolfSSL	15:117db924cf7c	12807	else if (cur < max)
wolfSSL	15:117db924cf7c	12808	newCur = max;
wolfSSL	15:117db924cf7c	12809
wolfSSL	15:117db924cf7c	12810	return newCur;
wolfSSL	15:117db924cf7c	12811	}
wolfSSL	15:117db924cf7c	12812	#endif /* WOLFSSL_MULTICAST */
wolfSSL	15:117db924cf7c	12813
wolfSSL	15:117db924cf7c	12814
wolfSSL	15:117db924cf7c	12815	static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	12816	{
wolfSSL	15:117db924cf7c	12817	word32* window;
wolfSSL	15:117db924cf7c	12818	word32* next_lo;
wolfSSL	15:117db924cf7c	12819	word16* next_hi;
wolfSSL	15:117db924cf7c	12820	int curLT;
wolfSSL	15:117db924cf7c	12821	word32 cur_lo, diff;
wolfSSL	15:117db924cf7c	12822	word16 cur_hi;
wolfSSL	15:117db924cf7c	12823	WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
wolfSSL	15:117db924cf7c	12824
wolfSSL	15:117db924cf7c	12825	cur_hi = ssl->keys.curSeq_hi;
wolfSSL	15:117db924cf7c	12826	cur_lo = ssl->keys.curSeq_lo;
wolfSSL	15:117db924cf7c	12827
wolfSSL	15:117db924cf7c	12828	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	12829	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	12830	WOLFSSL_DTLS_PEERSEQ* p;
wolfSSL	15:117db924cf7c	12831	int i;
wolfSSL	15:117db924cf7c	12832
wolfSSL	15:117db924cf7c	12833	peerSeq = NULL;
wolfSSL	15:117db924cf7c	12834	for (i = 0, p = ssl->keys.peerSeq;
wolfSSL	15:117db924cf7c	12835	i < WOLFSSL_DTLS_PEERSEQ_SZ;
wolfSSL	15:117db924cf7c	12836	i++, p++) {
wolfSSL	15:117db924cf7c	12837
wolfSSL	15:117db924cf7c	12838	if (p->peerId == ssl->keys.curPeerId) {
wolfSSL	15:117db924cf7c	12839	peerSeq = p;
wolfSSL	15:117db924cf7c	12840	break;
wolfSSL	15:117db924cf7c	12841	}
wolfSSL	15:117db924cf7c	12842	}
wolfSSL	15:117db924cf7c	12843
wolfSSL	15:117db924cf7c	12844	if (peerSeq == NULL) {
wolfSSL	15:117db924cf7c	12845	WOLFSSL_MSG("Couldn't find that peer ID to update window.");
wolfSSL	15:117db924cf7c	12846	return 0;
wolfSSL	15:117db924cf7c	12847	}
wolfSSL	15:117db924cf7c	12848
wolfSSL	15:117db924cf7c	12849	if (p->highwaterMark && cur_lo >= p->highwaterMark) {
wolfSSL	15:117db924cf7c	12850	int cbError = 0;
wolfSSL	15:117db924cf7c	12851
wolfSSL	15:117db924cf7c	12852	if (ssl->ctx->mcastHwCb)
wolfSSL	15:117db924cf7c	12853	cbError = ssl->ctx->mcastHwCb(p->peerId,
wolfSSL	15:117db924cf7c	12854	ssl->ctx->mcastMaxSeq,
wolfSSL	15:117db924cf7c	12855	cur_lo, ssl->mcastHwCbCtx);
wolfSSL	15:117db924cf7c	12856	if (cbError) {
wolfSSL	15:117db924cf7c	12857	WOLFSSL_MSG("Multicast highwater callback returned an error.");
wolfSSL	15:117db924cf7c	12858	return MCAST_HIGHWATER_CB_E;
wolfSSL	15:117db924cf7c	12859	}
wolfSSL	15:117db924cf7c	12860
wolfSSL	15:117db924cf7c	12861	p->highwaterMark = UpdateHighwaterMark(cur_lo,
wolfSSL	15:117db924cf7c	12862	ssl->ctx->mcastFirstSeq,
wolfSSL	15:117db924cf7c	12863	ssl->ctx->mcastSecondSeq,
wolfSSL	15:117db924cf7c	12864	ssl->ctx->mcastMaxSeq);
wolfSSL	15:117db924cf7c	12865	}
wolfSSL	15:117db924cf7c	12866	}
wolfSSL	15:117db924cf7c	12867	#endif
wolfSSL	15:117db924cf7c	12868
wolfSSL	15:117db924cf7c	12869	if (ssl->keys.curEpoch == peerSeq->nextEpoch) {
wolfSSL	15:117db924cf7c	12870	next_hi = &peerSeq->nextSeq_hi;
wolfSSL	15:117db924cf7c	12871	next_lo = &peerSeq->nextSeq_lo;
wolfSSL	15:117db924cf7c	12872	window = peerSeq->window;
wolfSSL	15:117db924cf7c	12873	}
wolfSSL	15:117db924cf7c	12874	else {
wolfSSL	15:117db924cf7c	12875	next_hi = &peerSeq->prevSeq_hi;
wolfSSL	15:117db924cf7c	12876	next_lo = &peerSeq->prevSeq_lo;
wolfSSL	15:117db924cf7c	12877	window = peerSeq->prevWindow;
wolfSSL	15:117db924cf7c	12878	}
wolfSSL	15:117db924cf7c	12879
wolfSSL	15:117db924cf7c	12880	if (cur_hi == *next_hi) {
wolfSSL	15:117db924cf7c	12881	curLT = cur_lo < *next_lo;
wolfSSL	15:117db924cf7c	12882	diff = curLT ? next_lo - cur_lo : cur_lo - next_lo;
wolfSSL	15:117db924cf7c	12883	}
wolfSSL	15:117db924cf7c	12884	else {
wolfSSL	15:117db924cf7c	12885	curLT = cur_hi < *next_hi;
wolfSSL	15:117db924cf7c	12886	diff = curLT ? cur_lo - next_lo : next_lo - cur_lo;
wolfSSL	15:117db924cf7c	12887	}
wolfSSL	15:117db924cf7c	12888
wolfSSL	15:117db924cf7c	12889	if (curLT) {
wolfSSL	15:117db924cf7c	12890	word32 idx = diff / DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12891	word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12892
wolfSSL	15:117db924cf7c	12893	if (idx < WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL	16:8e0d178b1d1e	12894	window[idx] \|= (1 << newDiff);
wolfSSL	15:117db924cf7c	12895	}
wolfSSL	15:117db924cf7c	12896	else {
wolfSSL	15:117db924cf7c	12897	if (diff >= DTLS_SEQ_BITS)
wolfSSL	15:117db924cf7c	12898	XMEMSET(window, 0, DTLS_SEQ_SZ);
wolfSSL	15:117db924cf7c	12899	else {
wolfSSL	15:117db924cf7c	12900	word32 idx, newDiff, temp, i;
wolfSSL	15:117db924cf7c	12901	word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL	15:117db924cf7c	12902
wolfSSL	15:117db924cf7c	12903	temp = 0;
wolfSSL	15:117db924cf7c	12904	diff++;
wolfSSL	15:117db924cf7c	12905	idx = diff / DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12906	newDiff = diff % DTLS_WORD_BITS;
wolfSSL	15:117db924cf7c	12907
wolfSSL	15:117db924cf7c	12908	XMEMCPY(oldWindow, window, sizeof(oldWindow));
wolfSSL	15:117db924cf7c	12909
wolfSSL	15:117db924cf7c	12910	for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL	15:117db924cf7c	12911	if (i < idx)
wolfSSL	15:117db924cf7c	12912	window[i] = 0;
wolfSSL	15:117db924cf7c	12913	else {
wolfSSL	15:117db924cf7c	12914	temp \|= (oldWindow[i-idx] << newDiff);
wolfSSL	15:117db924cf7c	12915	window[i] = temp;
wolfSSL	16:8e0d178b1d1e	12916	temp = oldWindow[i-idx] >> (DTLS_WORD_BITS - newDiff - 1);
wolfSSL	15:117db924cf7c	12917	}
wolfSSL	15:117db924cf7c	12918	}
wolfSSL	15:117db924cf7c	12919	}
wolfSSL	15:117db924cf7c	12920	window[0] \|= 1;
wolfSSL	15:117db924cf7c	12921	*next_lo = cur_lo + 1;
wolfSSL	15:117db924cf7c	12922	if (*next_lo < cur_lo)
wolfSSL	15:117db924cf7c	12923	(*next_hi)++;
wolfSSL	15:117db924cf7c	12924	}
wolfSSL	15:117db924cf7c	12925
wolfSSL	15:117db924cf7c	12926	return 1;
wolfSSL	15:117db924cf7c	12927	}
wolfSSL	15:117db924cf7c	12928
wolfSSL	15:117db924cf7c	12929
wolfSSL	15:117db924cf7c	12930	static int DtlsMsgDrain(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	12931	{
wolfSSL	15:117db924cf7c	12932	DtlsMsg* item = ssl->dtls_rx_msg_list;
wolfSSL	15:117db924cf7c	12933	int ret = 0;
wolfSSL	15:117db924cf7c	12934
wolfSSL	16:8e0d178b1d1e	12935	WOLFSSL_ENTER("DtlsMsgDrain()");
wolfSSL	16:8e0d178b1d1e	12936
wolfSSL	15:117db924cf7c	12937	/* While there is an item in the store list, and it is the expected
wolfSSL	15:117db924cf7c	12938	* message, and it is complete, and there hasn't been an error in the
wolfSSL	16:8e0d178b1d1e	12939	* last message... */
wolfSSL	15:117db924cf7c	12940	while (item != NULL &&
wolfSSL	15:117db924cf7c	12941	ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL	15:117db924cf7c	12942	item->fragSz == item->sz &&
wolfSSL	15:117db924cf7c	12943	ret == 0) {
wolfSSL	15:117db924cf7c	12944	word32 idx = 0;
wolfSSL	15:117db924cf7c	12945	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	15:117db924cf7c	12946	ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL	15:117db924cf7c	12947	&idx, item->type, item->sz, item->sz);
wolfSSL	15:117db924cf7c	12948	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	12949	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	12950	ssl->keys.dtls_expected_peer_handshake_number--;
wolfSSL	15:117db924cf7c	12951	break;
wolfSSL	15:117db924cf7c	12952	}
wolfSSL	15:117db924cf7c	12953	#endif
wolfSSL	15:117db924cf7c	12954	ssl->dtls_rx_msg_list = item->next;
wolfSSL	15:117db924cf7c	12955	DtlsMsgDelete(item, ssl->heap);
wolfSSL	15:117db924cf7c	12956	item = ssl->dtls_rx_msg_list;
wolfSSL	15:117db924cf7c	12957	ssl->dtls_rx_msg_list_sz--;
wolfSSL	15:117db924cf7c	12958	}
wolfSSL	15:117db924cf7c	12959
wolfSSL	16:8e0d178b1d1e	12960	WOLFSSL_LEAVE("DtlsMsgDrain()", ret);
wolfSSL	15:117db924cf7c	12961	return ret;
wolfSSL	15:117db924cf7c	12962	}
wolfSSL	15:117db924cf7c	12963
wolfSSL	15:117db924cf7c	12964
wolfSSL	15:117db924cf7c	12965	static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	12966	word32 totalSz)
wolfSSL	15:117db924cf7c	12967	{
wolfSSL	15:117db924cf7c	12968	byte type;
wolfSSL	15:117db924cf7c	12969	word32 size;
wolfSSL	15:117db924cf7c	12970	word32 fragOffset, fragSz;
wolfSSL	15:117db924cf7c	12971	int ret = 0;
wolfSSL	15:117db924cf7c	12972
wolfSSL	15:117db924cf7c	12973	WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL	15:117db924cf7c	12974
wolfSSL	15:117db924cf7c	12975	/* process any pending DTLS messages - this flow can happen with async */
wolfSSL	15:117db924cf7c	12976	if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL	15:117db924cf7c	12977	ret = DtlsMsgDrain(ssl);
wolfSSL	15:117db924cf7c	12978	if (ret != 0)
wolfSSL	15:117db924cf7c	12979	return ret;
wolfSSL	15:117db924cf7c	12980
wolfSSL	15:117db924cf7c	12981	/* if done processing fragment exit with success */
wolfSSL	15:117db924cf7c	12982	if (totalSz == *inOutIdx)
wolfSSL	15:117db924cf7c	12983	return ret;
wolfSSL	15:117db924cf7c	12984	}
wolfSSL	15:117db924cf7c	12985
wolfSSL	15:117db924cf7c	12986	/* parse header */
wolfSSL	15:117db924cf7c	12987	if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL	16:8e0d178b1d1e	12988	&size, &fragOffset, &fragSz, totalSz) != 0) {
wolfSSL	16:8e0d178b1d1e	12989	WOLFSSL_ERROR(PARSE_ERROR);
wolfSSL	15:117db924cf7c	12990	return PARSE_ERROR;
wolfSSL	16:8e0d178b1d1e	12991	}
wolfSSL	16:8e0d178b1d1e	12992
wolfSSL	16:8e0d178b1d1e	12993	/* Cap the maximum size of a handshake message to something reasonable.
wolfSSL	16:8e0d178b1d1e	12994	* By default is the maximum size of a certificate message assuming
wolfSSL	16:8e0d178b1d1e	12995	* nine 2048-bit RSA certificates in the chain. */
wolfSSL	16:8e0d178b1d1e	12996	if (size > MAX_HANDSHAKE_SZ) {
wolfSSL	16:8e0d178b1d1e	12997	WOLFSSL_MSG("Handshake message too large");
wolfSSL	16:8e0d178b1d1e	12998	return HANDSHAKE_SIZE_ERROR;
wolfSSL	16:8e0d178b1d1e	12999	}
wolfSSL	15:117db924cf7c	13000
wolfSSL	15:117db924cf7c	13001	/* check that we have complete fragment */
wolfSSL	16:8e0d178b1d1e	13002	if (*inOutIdx + fragSz > totalSz) {
wolfSSL	16:8e0d178b1d1e	13003	WOLFSSL_ERROR(INCOMPLETE_DATA);
wolfSSL	15:117db924cf7c	13004	return INCOMPLETE_DATA;
wolfSSL	16:8e0d178b1d1e	13005	}
wolfSSL	15:117db924cf7c	13006
wolfSSL	15:117db924cf7c	13007	/* Check the handshake sequence number first. If out of order,
wolfSSL	15:117db924cf7c	13008	* add the current message to the list. If the message is in order,
wolfSSL	15:117db924cf7c	13009	* but it is a fragment, add the current message to the list, then
wolfSSL	15:117db924cf7c	13010	* check the head of the list to see if it is complete, if so, pop
wolfSSL	15:117db924cf7c	13011	* it out as the current message. If the message is complete and in
wolfSSL	15:117db924cf7c	13012	* order, process it. Check the head of the list to see if it is in
wolfSSL	15:117db924cf7c	13013	* order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL	15:117db924cf7c	13014	* head is out of order, return for more processing.
wolfSSL	15:117db924cf7c	13015	*/
wolfSSL	15:117db924cf7c	13016	if (ssl->keys.dtls_peer_handshake_number >
wolfSSL	15:117db924cf7c	13017	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	15:117db924cf7c	13018	/* Current message is out of order. It will get stored in the list.
wolfSSL	15:117db924cf7c	13019	* Storing also takes care of defragmentation. If the messages is a
wolfSSL	15:117db924cf7c	13020	* client hello, we need to process this out of order; the server
wolfSSL	15:117db924cf7c	13021	* is not supposed to keep state, but the second client hello will
wolfSSL	15:117db924cf7c	13022	* have a different handshake sequence number than is expected, and
wolfSSL	15:117db924cf7c	13023	* the server shouldn't be expecting any particular handshake sequence
wolfSSL	15:117db924cf7c	13024	* number. (If the cookie changes multiple times in quick succession,
wolfSSL	15:117db924cf7c	13025	* the client could be sending multiple new client hello messages
wolfSSL	15:117db924cf7c	13026	* with newer and newer cookies.) */
wolfSSL	15:117db924cf7c	13027	if (type != client_hello) {
wolfSSL	15:117db924cf7c	13028	if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL	15:117db924cf7c	13029	DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL	15:117db924cf7c	13030	input + *inOutIdx, size, type,
wolfSSL	15:117db924cf7c	13031	fragOffset, fragSz, ssl->heap);
wolfSSL	15:117db924cf7c	13032	}
wolfSSL	15:117db924cf7c	13033	*inOutIdx += fragSz;
wolfSSL	15:117db924cf7c	13034	ret = 0;
wolfSSL	15:117db924cf7c	13035	}
wolfSSL	15:117db924cf7c	13036	else {
wolfSSL	15:117db924cf7c	13037	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	15:117db924cf7c	13038	if (ret == 0) {
wolfSSL	15:117db924cf7c	13039	ssl->keys.dtls_expected_peer_handshake_number =
wolfSSL	15:117db924cf7c	13040	ssl->keys.dtls_peer_handshake_number + 1;
wolfSSL	15:117db924cf7c	13041	}
wolfSSL	15:117db924cf7c	13042	}
wolfSSL	15:117db924cf7c	13043	}
wolfSSL	15:117db924cf7c	13044	else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL	15:117db924cf7c	13045	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	15:117db924cf7c	13046	/* Already saw this message and processed it. It can be ignored. */
wolfSSL	15:117db924cf7c	13047	*inOutIdx += fragSz;
wolfSSL	15:117db924cf7c	13048	if(type == finished ) {
wolfSSL	16:8e0d178b1d1e	13049	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	13050	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	13051	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	13052	if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz)
wolfSSL	16:8e0d178b1d1e	13053	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	13054	*inOutIdx += ssl->keys.padSz + digestSz;
wolfSSL	16:8e0d178b1d1e	13055	}
wolfSSL	16:8e0d178b1d1e	13056	else
wolfSSL	16:8e0d178b1d1e	13057	#endif
wolfSSL	16:8e0d178b1d1e	13058	{
wolfSSL	16:8e0d178b1d1e	13059	if (*inOutIdx + ssl->keys.padSz > totalSz) {
wolfSSL	16:8e0d178b1d1e	13060	WOLFSSL_ERROR(BUFFER_E);
wolfSSL	16:8e0d178b1d1e	13061	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	13062	}
wolfSSL	16:8e0d178b1d1e	13063	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	13064	}
wolfSSL	15:117db924cf7c	13065	}
wolfSSL	15:117db924cf7c	13066	if (IsDtlsNotSctpMode(ssl) &&
wolfSSL	15:117db924cf7c	13067	VerifyForDtlsMsgPoolSend(ssl, type, fragOffset)) {
wolfSSL	15:117db924cf7c	13068
wolfSSL	15:117db924cf7c	13069	ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL	15:117db924cf7c	13070	}
wolfSSL	15:117db924cf7c	13071	}
wolfSSL	15:117db924cf7c	13072	else if (fragSz < size) {
wolfSSL	15:117db924cf7c	13073	/* Since this branch is in order, but fragmented, dtls_rx_msg_list will
wolfSSL	15:117db924cf7c	13074	* be pointing to the message with this fragment in it. Check it to see
wolfSSL	15:117db924cf7c	13075	* if it is completed. */
wolfSSL	15:117db924cf7c	13076	if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL	15:117db924cf7c	13077	DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL	15:117db924cf7c	13078	input + *inOutIdx, size, type,
wolfSSL	15:117db924cf7c	13079	fragOffset, fragSz, ssl->heap);
wolfSSL	15:117db924cf7c	13080	}
wolfSSL	15:117db924cf7c	13081	*inOutIdx += fragSz;
wolfSSL	15:117db924cf7c	13082	ret = 0;
wolfSSL	15:117db924cf7c	13083	if (ssl->dtls_rx_msg_list != NULL &&
wolfSSL	15:117db924cf7c	13084	ssl->dtls_rx_msg_list->fragSz >= ssl->dtls_rx_msg_list->sz)
wolfSSL	15:117db924cf7c	13085	ret = DtlsMsgDrain(ssl);
wolfSSL	15:117db924cf7c	13086	}
wolfSSL	15:117db924cf7c	13087	else {
wolfSSL	15:117db924cf7c	13088	/* This branch is in order next, and a complete message. */
wolfSSL	15:117db924cf7c	13089	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	15:117db924cf7c	13090	if (ret == 0) {
wolfSSL	15:117db924cf7c	13091	if (type != client_hello \|\| !IsDtlsNotSctpMode(ssl))
wolfSSL	15:117db924cf7c	13092	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	15:117db924cf7c	13093	if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL	15:117db924cf7c	13094	ret = DtlsMsgDrain(ssl);
wolfSSL	15:117db924cf7c	13095	}
wolfSSL	15:117db924cf7c	13096	}
wolfSSL	15:117db924cf7c	13097	}
wolfSSL	15:117db924cf7c	13098
wolfSSL	15:117db924cf7c	13099	WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL	15:117db924cf7c	13100	return ret;
wolfSSL	15:117db924cf7c	13101	}
wolfSSL	15:117db924cf7c	13102	#endif
wolfSSL	15:117db924cf7c	13103
wolfSSL	15:117db924cf7c	13104	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	13105
wolfSSL	15:117db924cf7c	13106	#ifdef HAVE_AEAD
wolfSSL	16:8e0d178b1d1e	13107
wolfSSL	16:8e0d178b1d1e	13108	#if !defined(NO_PUBLIC_GCM_SET_IV) && \
wolfSSL	16:8e0d178b1d1e	13109	(((defined(HAVE_FIPS) \|\| defined(HAVE_SELFTEST)) && \
wolfSSL	16:8e0d178b1d1e	13110	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2))) \|\| \
wolfSSL	16:8e0d178b1d1e	13111	(defined(HAVE_POLY1305) && defined(HAVE_CHACHA)))
wolfSSL	15:117db924cf7c	13112	static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	13113	{
wolfSSL	15:117db924cf7c	13114	int i;
wolfSSL	15:117db924cf7c	13115	for (i = AEAD_MAX_EXP_SZ-1; i >= 0; i--) {
wolfSSL	15:117db924cf7c	13116	if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL	15:117db924cf7c	13117	}
wolfSSL	15:117db924cf7c	13118	}
wolfSSL	16:8e0d178b1d1e	13119	#endif
wolfSSL	15:117db924cf7c	13120
wolfSSL	15:117db924cf7c	13121
wolfSSL	15:117db924cf7c	13122	#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
wolfSSL	15:117db924cf7c	13123	/* Used for the older version of creating AEAD tags with Poly1305 */
wolfSSL	15:117db924cf7c	13124	static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
wolfSSL	15:117db924cf7c	13125	byte* cipher, word16 sz, byte* tag)
wolfSSL	15:117db924cf7c	13126	{
wolfSSL	15:117db924cf7c	13127	int ret = 0;
wolfSSL	15:117db924cf7c	13128	int msglen = (sz - ssl->specs.aead_mac_size);
wolfSSL	15:117db924cf7c	13129	word32 keySz = 32;
wolfSSL	15:117db924cf7c	13130	byte padding[8]; /* used to temporarily store lengths */
wolfSSL	15:117db924cf7c	13131
wolfSSL	15:117db924cf7c	13132	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13133	printf("Using old version of poly1305 input.\n");
wolfSSL	15:117db924cf7c	13134	#endif
wolfSSL	15:117db924cf7c	13135
wolfSSL	15:117db924cf7c	13136	if (msglen < 0)
wolfSSL	15:117db924cf7c	13137	return INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	13138
wolfSSL	15:117db924cf7c	13139	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
wolfSSL	15:117db924cf7c	13140	return ret;
wolfSSL	15:117db924cf7c	13141
wolfSSL	15:117db924cf7c	13142	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
wolfSSL	15:117db924cf7c	13143	AEAD_AUTH_DATA_SZ)) != 0)
wolfSSL	15:117db924cf7c	13144	return ret;
wolfSSL	15:117db924cf7c	13145
wolfSSL	15:117db924cf7c	13146	/* length of additional input plus padding */
wolfSSL	15:117db924cf7c	13147	XMEMSET(padding, 0, sizeof(padding));
wolfSSL	15:117db924cf7c	13148	padding[0] = AEAD_AUTH_DATA_SZ;
wolfSSL	15:117db924cf7c	13149	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
wolfSSL	15:117db924cf7c	13150	sizeof(padding))) != 0)
wolfSSL	15:117db924cf7c	13151	return ret;
wolfSSL	15:117db924cf7c	13152
wolfSSL	15:117db924cf7c	13153
wolfSSL	15:117db924cf7c	13154	/* add cipher info and then its length */
wolfSSL	15:117db924cf7c	13155	XMEMSET(padding, 0, sizeof(padding));
wolfSSL	15:117db924cf7c	13156	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
wolfSSL	15:117db924cf7c	13157	return ret;
wolfSSL	15:117db924cf7c	13158
wolfSSL	15:117db924cf7c	13159	/* 32 bit size of cipher to 64 bit endian */
wolfSSL	15:117db924cf7c	13160	padding[0] = msglen & 0xff;
wolfSSL	15:117db924cf7c	13161	padding[1] = (msglen >> 8) & 0xff;
wolfSSL	16:8e0d178b1d1e	13162	padding[2] = ((word32)msglen >> 16) & 0xff;
wolfSSL	16:8e0d178b1d1e	13163	padding[3] = ((word32)msglen >> 24) & 0xff;
wolfSSL	15:117db924cf7c	13164	if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
wolfSSL	15:117db924cf7c	13165	!= 0)
wolfSSL	15:117db924cf7c	13166	return ret;
wolfSSL	15:117db924cf7c	13167
wolfSSL	15:117db924cf7c	13168	/* generate tag */
wolfSSL	15:117db924cf7c	13169	if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
wolfSSL	15:117db924cf7c	13170	return ret;
wolfSSL	15:117db924cf7c	13171
wolfSSL	15:117db924cf7c	13172	return ret;
wolfSSL	15:117db924cf7c	13173	}
wolfSSL	15:117db924cf7c	13174
wolfSSL	15:117db924cf7c	13175
wolfSSL	15:117db924cf7c	13176	/* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL	16:8e0d178b1d1e	13177	* the implementation follows an older draft for creating the nonce and MAC.
wolfSSL	16:8e0d178b1d1e	13178	* The flag oldPoly gets set automatically depending on what cipher suite was
wolfSSL	15:117db924cf7c	13179	* negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL	15:117db924cf7c	13180	* cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL	16:8e0d178b1d1e	13181	* draft in comparison to the more recent RFC.
wolfSSL	15:117db924cf7c	13182	*
wolfSSL	15:117db924cf7c	13183	* ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL	15:117db924cf7c	13184	* out output buffer to hold encrypted data
wolfSSL	15:117db924cf7c	13185	* input data to encrypt
wolfSSL	15:117db924cf7c	13186	* sz size of input
wolfSSL	15:117db924cf7c	13187	*
wolfSSL	15:117db924cf7c	13188	* Return 0 on success negative values in error case
wolfSSL	15:117db924cf7c	13189	*/
wolfSSL	15:117db924cf7c	13190	static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL	15:117db924cf7c	13191	word16 sz)
wolfSSL	15:117db924cf7c	13192	{
wolfSSL	15:117db924cf7c	13193	const byte* additionalSrc = input - RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	13194	int ret = 0;
wolfSSL	15:117db924cf7c	13195	word32 msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL	15:117db924cf7c	13196	byte tag[POLY1305_AUTH_SZ];
wolfSSL	15:117db924cf7c	13197	byte add[AEAD_AUTH_DATA_SZ];
wolfSSL	15:117db924cf7c	13198	byte nonce[CHACHA20_NONCE_SZ];
wolfSSL	15:117db924cf7c	13199	byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
wolfSSL	15:117db924cf7c	13200	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13201	int i;
wolfSSL	15:117db924cf7c	13202	#endif
wolfSSL	15:117db924cf7c	13203
wolfSSL	15:117db924cf7c	13204	XMEMSET(tag, 0, sizeof(tag));
wolfSSL	15:117db924cf7c	13205	XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL	15:117db924cf7c	13206	XMEMSET(poly, 0, sizeof(poly));
wolfSSL	15:117db924cf7c	13207	XMEMSET(add, 0, sizeof(add));
wolfSSL	15:117db924cf7c	13208
wolfSSL	15:117db924cf7c	13209	/* opaque SEQ number stored for AD */
wolfSSL	15:117db924cf7c	13210	WriteSEQ(ssl, CUR_ORDER, add);
wolfSSL	15:117db924cf7c	13211
wolfSSL	15:117db924cf7c	13212	if (ssl->options.oldPoly != 0) {
wolfSSL	15:117db924cf7c	13213	/* get nonce. SEQ should not be incremented again here */
wolfSSL	15:117db924cf7c	13214	XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL	15:117db924cf7c	13215	}
wolfSSL	15:117db924cf7c	13216
wolfSSL	15:117db924cf7c	13217	/* Store the type, version. Unfortunately, they are in
wolfSSL	15:117db924cf7c	13218	* the input buffer ahead of the plaintext. */
wolfSSL	15:117db924cf7c	13219	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	13220	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	13221	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	13222	}
wolfSSL	15:117db924cf7c	13223	#endif
wolfSSL	15:117db924cf7c	13224
wolfSSL	15:117db924cf7c	13225	/* add TLS message size to additional data */
wolfSSL	15:117db924cf7c	13226	add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL	15:117db924cf7c	13227	add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL	15:117db924cf7c	13228
wolfSSL	15:117db924cf7c	13229	XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	15:117db924cf7c	13230
wolfSSL	15:117db924cf7c	13231	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13232	printf("Encrypt Additional : ");
wolfSSL	15:117db924cf7c	13233	for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL	15:117db924cf7c	13234	printf("%02x", add[i]);
wolfSSL	15:117db924cf7c	13235	}
wolfSSL	15:117db924cf7c	13236	printf("\n\n");
wolfSSL	15:117db924cf7c	13237	printf("input before encryption :\n");
wolfSSL	15:117db924cf7c	13238	for (i = 0; i < sz; i++) {
wolfSSL	15:117db924cf7c	13239	printf("%02x", input[i]);
wolfSSL	15:117db924cf7c	13240	if ((i + 1) % 16 == 0)
wolfSSL	15:117db924cf7c	13241	printf("\n");
wolfSSL	15:117db924cf7c	13242	}
wolfSSL	15:117db924cf7c	13243	printf("\n");
wolfSSL	15:117db924cf7c	13244	#endif
wolfSSL	15:117db924cf7c	13245
wolfSSL	15:117db924cf7c	13246	if (ssl->options.oldPoly == 0) {
wolfSSL	15:117db924cf7c	13247	/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL	15:117db924cf7c	13248	* record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL	15:117db924cf7c	13249	XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL	15:117db924cf7c	13250	nonce[4] ^= add[0];
wolfSSL	15:117db924cf7c	13251	nonce[5] ^= add[1];
wolfSSL	15:117db924cf7c	13252	nonce[6] ^= add[2];
wolfSSL	15:117db924cf7c	13253	nonce[7] ^= add[3];
wolfSSL	15:117db924cf7c	13254	nonce[8] ^= add[4];
wolfSSL	15:117db924cf7c	13255	nonce[9] ^= add[5];
wolfSSL	15:117db924cf7c	13256	nonce[10] ^= add[6];
wolfSSL	15:117db924cf7c	13257	nonce[11] ^= add[7];
wolfSSL	15:117db924cf7c	13258	}
wolfSSL	15:117db924cf7c	13259
wolfSSL	15:117db924cf7c	13260	/* set the nonce for chacha and get poly1305 key */
wolfSSL	15:117db924cf7c	13261	if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) {
wolfSSL	15:117db924cf7c	13262	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	15:117db924cf7c	13263	return ret;
wolfSSL	15:117db924cf7c	13264	}
wolfSSL	15:117db924cf7c	13265
wolfSSL	15:117db924cf7c	13266	/* create Poly1305 key using chacha20 keystream */
wolfSSL	15:117db924cf7c	13267	if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, poly,
wolfSSL	16:8e0d178b1d1e	13268	poly, sizeof(poly))) != 0) {
wolfSSL	16:8e0d178b1d1e	13269	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	16:8e0d178b1d1e	13270	return ret;
wolfSSL	16:8e0d178b1d1e	13271	}
wolfSSL	16:8e0d178b1d1e	13272
wolfSSL	16:8e0d178b1d1e	13273	/* set the counter after getting poly1305 key */
wolfSSL	16:8e0d178b1d1e	13274	if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 1)) != 0) {
wolfSSL	16:8e0d178b1d1e	13275	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	16:8e0d178b1d1e	13276	return ret;
wolfSSL	16:8e0d178b1d1e	13277	}
wolfSSL	16:8e0d178b1d1e	13278	ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL	15:117db924cf7c	13279
wolfSSL	15:117db924cf7c	13280	/* encrypt the plain text */
wolfSSL	15:117db924cf7c	13281	if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out,
wolfSSL	15:117db924cf7c	13282	input, msgLen)) != 0) {
wolfSSL	15:117db924cf7c	13283	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13284	return ret;
wolfSSL	15:117db924cf7c	13285	}
wolfSSL	15:117db924cf7c	13286
wolfSSL	15:117db924cf7c	13287	/* get the poly1305 tag using either old padding scheme or more recent */
wolfSSL	15:117db924cf7c	13288	if (ssl->options.oldPoly != 0) {
wolfSSL	15:117db924cf7c	13289	if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
wolfSSL	15:117db924cf7c	13290	poly, sz, tag)) != 0) {
wolfSSL	15:117db924cf7c	13291	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13292	return ret;
wolfSSL	15:117db924cf7c	13293	}
wolfSSL	15:117db924cf7c	13294	}
wolfSSL	15:117db924cf7c	13295	else {
wolfSSL	15:117db924cf7c	13296	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL	15:117db924cf7c	13297	sizeof(poly))) != 0) {
wolfSSL	15:117db924cf7c	13298	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13299	return ret;
wolfSSL	15:117db924cf7c	13300	}
wolfSSL	15:117db924cf7c	13301	if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL	15:117db924cf7c	13302	sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL	15:117db924cf7c	13303	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13304	return ret;
wolfSSL	15:117db924cf7c	13305	}
wolfSSL	15:117db924cf7c	13306	}
wolfSSL	15:117db924cf7c	13307	ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL	15:117db924cf7c	13308
wolfSSL	15:117db924cf7c	13309	/* append tag to ciphertext */
wolfSSL	15:117db924cf7c	13310	XMEMCPY(out + msgLen, tag, sizeof(tag));
wolfSSL	15:117db924cf7c	13311
wolfSSL	15:117db924cf7c	13312	AeadIncrementExpIV(ssl);
wolfSSL	15:117db924cf7c	13313
wolfSSL	15:117db924cf7c	13314	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13315	printf("mac tag :\n");
wolfSSL	15:117db924cf7c	13316	for (i = 0; i < 16; i++) {
wolfSSL	15:117db924cf7c	13317	printf("%02x", tag[i]);
wolfSSL	15:117db924cf7c	13318	if ((i + 1) % 16 == 0)
wolfSSL	15:117db924cf7c	13319	printf("\n");
wolfSSL	15:117db924cf7c	13320	}
wolfSSL	15:117db924cf7c	13321	printf("\n\noutput after encrypt :\n");
wolfSSL	15:117db924cf7c	13322	for (i = 0; i < sz; i++) {
wolfSSL	15:117db924cf7c	13323	printf("%02x", out[i]);
wolfSSL	15:117db924cf7c	13324	if ((i + 1) % 16 == 0)
wolfSSL	15:117db924cf7c	13325	printf("\n");
wolfSSL	15:117db924cf7c	13326	}
wolfSSL	15:117db924cf7c	13327	printf("\n");
wolfSSL	15:117db924cf7c	13328	#endif
wolfSSL	15:117db924cf7c	13329
wolfSSL	15:117db924cf7c	13330	return ret;
wolfSSL	15:117db924cf7c	13331	}
wolfSSL	15:117db924cf7c	13332
wolfSSL	15:117db924cf7c	13333
wolfSSL	15:117db924cf7c	13334	/* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL	16:8e0d178b1d1e	13335	* the implementation follows an older draft for creating the nonce and MAC.
wolfSSL	16:8e0d178b1d1e	13336	* The flag oldPoly gets set automatically depending on what cipher suite was
wolfSSL	15:117db924cf7c	13337	* negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL	15:117db924cf7c	13338	* cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL	16:8e0d178b1d1e	13339	* draft in comparison to the more recent RFC.
wolfSSL	15:117db924cf7c	13340	*
wolfSSL	15:117db924cf7c	13341	* ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL	15:117db924cf7c	13342	* plain output buffer to hold decrypted data
wolfSSL	15:117db924cf7c	13343	* input data to decrypt
wolfSSL	15:117db924cf7c	13344	* sz size of input
wolfSSL	15:117db924cf7c	13345	*
wolfSSL	15:117db924cf7c	13346	* Return 0 on success negative values in error case
wolfSSL	15:117db924cf7c	13347	*/
wolfSSL	15:117db924cf7c	13348	static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL	15:117db924cf7c	13349	word16 sz)
wolfSSL	15:117db924cf7c	13350	{
wolfSSL	15:117db924cf7c	13351	byte add[AEAD_AUTH_DATA_SZ];
wolfSSL	15:117db924cf7c	13352	byte nonce[CHACHA20_NONCE_SZ];
wolfSSL	15:117db924cf7c	13353	byte tag[POLY1305_AUTH_SZ];
wolfSSL	15:117db924cf7c	13354	byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
wolfSSL	15:117db924cf7c	13355	int ret = 0;
wolfSSL	15:117db924cf7c	13356	int msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL	15:117db924cf7c	13357
wolfSSL	15:117db924cf7c	13358	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13359	int i;
wolfSSL	15:117db924cf7c	13360	printf("input before decrypt :\n");
wolfSSL	15:117db924cf7c	13361	for (i = 0; i < sz; i++) {
wolfSSL	15:117db924cf7c	13362	printf("%02x", input[i]);
wolfSSL	15:117db924cf7c	13363	if ((i + 1) % 16 == 0)
wolfSSL	15:117db924cf7c	13364	printf("\n");
wolfSSL	15:117db924cf7c	13365	}
wolfSSL	15:117db924cf7c	13366	printf("\n");
wolfSSL	15:117db924cf7c	13367	#endif
wolfSSL	15:117db924cf7c	13368
wolfSSL	15:117db924cf7c	13369	XMEMSET(tag, 0, sizeof(tag));
wolfSSL	15:117db924cf7c	13370	XMEMSET(poly, 0, sizeof(poly));
wolfSSL	15:117db924cf7c	13371	XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL	15:117db924cf7c	13372	XMEMSET(add, 0, sizeof(add));
wolfSSL	15:117db924cf7c	13373
wolfSSL	15:117db924cf7c	13374	/* sequence number field is 64-bits */
wolfSSL	15:117db924cf7c	13375	WriteSEQ(ssl, PEER_ORDER, add);
wolfSSL	15:117db924cf7c	13376
wolfSSL	15:117db924cf7c	13377	if (ssl->options.oldPoly != 0) {
wolfSSL	15:117db924cf7c	13378	/* get nonce, SEQ should not be incremented again here */
wolfSSL	15:117db924cf7c	13379	XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL	15:117db924cf7c	13380	}
wolfSSL	15:117db924cf7c	13381
wolfSSL	15:117db924cf7c	13382	/* get AD info */
wolfSSL	15:117db924cf7c	13383	/* Store the type, version. */
wolfSSL	15:117db924cf7c	13384	add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	15:117db924cf7c	13385	add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	15:117db924cf7c	13386	add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	15:117db924cf7c	13387
wolfSSL	15:117db924cf7c	13388	/* add TLS message size to additional data */
wolfSSL	15:117db924cf7c	13389	add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL	15:117db924cf7c	13390	add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL	15:117db924cf7c	13391
wolfSSL	15:117db924cf7c	13392	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13393	printf("Decrypt Additional : ");
wolfSSL	15:117db924cf7c	13394	for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL	15:117db924cf7c	13395	printf("%02x", add[i]);
wolfSSL	15:117db924cf7c	13396	}
wolfSSL	15:117db924cf7c	13397	printf("\n\n");
wolfSSL	15:117db924cf7c	13398	#endif
wolfSSL	15:117db924cf7c	13399
wolfSSL	15:117db924cf7c	13400	if (ssl->options.oldPoly == 0) {
wolfSSL	15:117db924cf7c	13401	/* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL	15:117db924cf7c	13402	* record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL	15:117db924cf7c	13403	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL	15:117db924cf7c	13404	nonce[4] ^= add[0];
wolfSSL	15:117db924cf7c	13405	nonce[5] ^= add[1];
wolfSSL	15:117db924cf7c	13406	nonce[6] ^= add[2];
wolfSSL	15:117db924cf7c	13407	nonce[7] ^= add[3];
wolfSSL	15:117db924cf7c	13408	nonce[8] ^= add[4];
wolfSSL	15:117db924cf7c	13409	nonce[9] ^= add[5];
wolfSSL	15:117db924cf7c	13410	nonce[10] ^= add[6];
wolfSSL	15:117db924cf7c	13411	nonce[11] ^= add[7];
wolfSSL	15:117db924cf7c	13412	}
wolfSSL	15:117db924cf7c	13413
wolfSSL	15:117db924cf7c	13414	/* set nonce and get poly1305 key */
wolfSSL	15:117db924cf7c	13415	if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) {
wolfSSL	15:117db924cf7c	13416	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	15:117db924cf7c	13417	return ret;
wolfSSL	15:117db924cf7c	13418	}
wolfSSL	15:117db924cf7c	13419
wolfSSL	15:117db924cf7c	13420	/* use chacha20 keystream to get poly1305 key for tag */
wolfSSL	15:117db924cf7c	13421	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, poly,
wolfSSL	16:8e0d178b1d1e	13422	poly, sizeof(poly))) != 0) {
wolfSSL	16:8e0d178b1d1e	13423	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	16:8e0d178b1d1e	13424	return ret;
wolfSSL	16:8e0d178b1d1e	13425	}
wolfSSL	16:8e0d178b1d1e	13426
wolfSSL	16:8e0d178b1d1e	13427	/* set counter after getting poly1305 key */
wolfSSL	16:8e0d178b1d1e	13428	if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 1)) != 0) {
wolfSSL	16:8e0d178b1d1e	13429	ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL	16:8e0d178b1d1e	13430	return ret;
wolfSSL	16:8e0d178b1d1e	13431	}
wolfSSL	16:8e0d178b1d1e	13432	ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL	15:117db924cf7c	13433
wolfSSL	15:117db924cf7c	13434	/* get the tag using Poly1305 */
wolfSSL	15:117db924cf7c	13435	if (ssl->options.oldPoly != 0) {
wolfSSL	15:117db924cf7c	13436	if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
wolfSSL	15:117db924cf7c	13437	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13438	return ret;
wolfSSL	15:117db924cf7c	13439	}
wolfSSL	15:117db924cf7c	13440	}
wolfSSL	15:117db924cf7c	13441	else {
wolfSSL	15:117db924cf7c	13442	if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL	15:117db924cf7c	13443	sizeof(poly))) != 0) {
wolfSSL	15:117db924cf7c	13444	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13445	return ret;
wolfSSL	15:117db924cf7c	13446	}
wolfSSL	15:117db924cf7c	13447	if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL	15:117db924cf7c	13448	sizeof(add), (byte*)input, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL	15:117db924cf7c	13449	ForceZero(poly, sizeof(poly));
wolfSSL	15:117db924cf7c	13450	return ret;
wolfSSL	15:117db924cf7c	13451	}
wolfSSL	15:117db924cf7c	13452	}
wolfSSL	15:117db924cf7c	13453	ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL	15:117db924cf7c	13454
wolfSSL	15:117db924cf7c	13455	/* check tag sent along with packet */
wolfSSL	15:117db924cf7c	13456	if (ConstantCompare(input + msgLen, tag, ssl->specs.aead_mac_size) != 0) {
wolfSSL	15:117db924cf7c	13457	WOLFSSL_MSG("MAC did not match");
wolfSSL	15:117db924cf7c	13458	if (!ssl->options.dtls)
wolfSSL	15:117db924cf7c	13459	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	15:117db924cf7c	13460	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	13461	}
wolfSSL	15:117db924cf7c	13462
wolfSSL	15:117db924cf7c	13463	/* if the tag was good decrypt message */
wolfSSL	15:117db924cf7c	13464	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
wolfSSL	15:117db924cf7c	13465	input, msgLen)) != 0)
wolfSSL	15:117db924cf7c	13466	return ret;
wolfSSL	15:117db924cf7c	13467
wolfSSL	15:117db924cf7c	13468	#ifdef CHACHA_AEAD_TEST
wolfSSL	15:117db924cf7c	13469	printf("plain after decrypt :\n");
wolfSSL	15:117db924cf7c	13470	for (i = 0; i < sz; i++) {
wolfSSL	15:117db924cf7c	13471	printf("%02x", plain[i]);
wolfSSL	15:117db924cf7c	13472	if ((i + 1) % 16 == 0)
wolfSSL	15:117db924cf7c	13473	printf("\n");
wolfSSL	15:117db924cf7c	13474	}
wolfSSL	15:117db924cf7c	13475	printf("\n");
wolfSSL	15:117db924cf7c	13476	#endif
wolfSSL	15:117db924cf7c	13477
wolfSSL	15:117db924cf7c	13478	return ret;
wolfSSL	15:117db924cf7c	13479	}
wolfSSL	15:117db924cf7c	13480	#endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL	15:117db924cf7c	13481	#endif /* HAVE_AEAD */
wolfSSL	15:117db924cf7c	13482
wolfSSL	15:117db924cf7c	13483
wolfSSL	16:8e0d178b1d1e	13484	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	16:8e0d178b1d1e	13485
wolfSSL	16:8e0d178b1d1e	13486	#if !defined(NO_GCM_ENCRYPT_EXTRA) && \
wolfSSL	16:8e0d178b1d1e	13487	((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \|\| \
wolfSSL	16:8e0d178b1d1e	13488	(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
wolfSSL	16:8e0d178b1d1e	13489	/* The following type is used to share code between AES-GCM and AES-CCM. */
wolfSSL	16:8e0d178b1d1e	13490	typedef int (AesAuthEncryptFunc)(Aes aes, byte* out,
wolfSSL	16:8e0d178b1d1e	13491	const byte* in, word32 sz,
wolfSSL	16:8e0d178b1d1e	13492	byte* iv, word32 ivSz,
wolfSSL	16:8e0d178b1d1e	13493	byte* authTag, word32 authTagSz,
wolfSSL	16:8e0d178b1d1e	13494	const byte* authIn, word32 authInSz);
wolfSSL	16:8e0d178b1d1e	13495	#define AES_AUTH_ENCRYPT_FUNC AesAuthEncryptFunc
wolfSSL	16:8e0d178b1d1e	13496	#define AES_GCM_ENCRYPT wc_AesGcmEncrypt_ex
wolfSSL	16:8e0d178b1d1e	13497	#define AES_CCM_ENCRYPT wc_AesCcmEncrypt_ex
wolfSSL	16:8e0d178b1d1e	13498	#else
wolfSSL	16:8e0d178b1d1e	13499	#define AES_AUTH_ENCRYPT_FUNC wc_AesAuthEncryptFunc
wolfSSL	16:8e0d178b1d1e	13500	#define AES_GCM_ENCRYPT wc_AesGcmEncrypt
wolfSSL	16:8e0d178b1d1e	13501	#define AES_CCM_ENCRYPT wc_AesCcmEncrypt
wolfSSL	16:8e0d178b1d1e	13502	#endif
wolfSSL	16:8e0d178b1d1e	13503
wolfSSL	16:8e0d178b1d1e	13504	#endif
wolfSSL	16:8e0d178b1d1e	13505
wolfSSL	16:8e0d178b1d1e	13506
wolfSSL	15:117db924cf7c	13507	static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL	15:117db924cf7c	13508	word16 sz, int asyncOkay)
wolfSSL	15:117db924cf7c	13509	{
wolfSSL	15:117db924cf7c	13510	int ret = 0;
wolfSSL	15:117db924cf7c	13511	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13512	WC_ASYNC_DEV* asyncDev = NULL;
wolfSSL	15:117db924cf7c	13513	word32 event_flags = WC_ASYNC_FLAG_CALL_AGAIN;
wolfSSL	15:117db924cf7c	13514	#else
wolfSSL	15:117db924cf7c	13515	(void)asyncOkay;
wolfSSL	15:117db924cf7c	13516	#endif
wolfSSL	15:117db924cf7c	13517
wolfSSL	15:117db924cf7c	13518	(void)out;
wolfSSL	15:117db924cf7c	13519	(void)input;
wolfSSL	15:117db924cf7c	13520	(void)sz;
wolfSSL	15:117db924cf7c	13521
wolfSSL	15:117db924cf7c	13522	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	15:117db924cf7c	13523	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	13524	case wolfssl_rc4:
wolfSSL	15:117db924cf7c	13525	wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL	15:117db924cf7c	13526	break;
wolfSSL	15:117db924cf7c	13527	#endif
wolfSSL	15:117db924cf7c	13528
wolfSSL	15:117db924cf7c	13529	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	13530	case wolfssl_triple_des:
wolfSSL	15:117db924cf7c	13531	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13532	/* initialize event */
wolfSSL	15:117db924cf7c	13533	asyncDev = &ssl->encrypt.des3->asyncDev;
wolfSSL	15:117db924cf7c	13534	ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags);
wolfSSL	15:117db924cf7c	13535	if (ret != 0)
wolfSSL	15:117db924cf7c	13536	break;
wolfSSL	15:117db924cf7c	13537	#endif
wolfSSL	15:117db924cf7c	13538
wolfSSL	15:117db924cf7c	13539	ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL	15:117db924cf7c	13540	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13541	if (ret == WC_PENDING_E && asyncOkay) {
wolfSSL	15:117db924cf7c	13542	ret = wolfSSL_AsyncPush(ssl, asyncDev);
wolfSSL	15:117db924cf7c	13543	}
wolfSSL	15:117db924cf7c	13544	#endif
wolfSSL	15:117db924cf7c	13545	break;
wolfSSL	15:117db924cf7c	13546	#endif
wolfSSL	15:117db924cf7c	13547
wolfSSL	16:8e0d178b1d1e	13548	#if defined(BUILD_AES) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	13549	case wolfssl_aes:
wolfSSL	15:117db924cf7c	13550	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13551	/* initialize event */
wolfSSL	15:117db924cf7c	13552	asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL	15:117db924cf7c	13553	ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags);
wolfSSL	15:117db924cf7c	13554	if (ret != 0)
wolfSSL	15:117db924cf7c	13555	break;
wolfSSL	15:117db924cf7c	13556	#endif
wolfSSL	16:8e0d178b1d1e	13557	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	13558	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	13559	if (tsip_useable(ssl)) {
wolfSSL	16:8e0d178b1d1e	13560	ret = wc_tsip_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL	16:8e0d178b1d1e	13561	} else
wolfSSL	16:8e0d178b1d1e	13562	#endif
wolfSSL	15:117db924cf7c	13563	ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL	15:117db924cf7c	13564	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13565	if (ret == WC_PENDING_E && asyncOkay) {
wolfSSL	15:117db924cf7c	13566	ret = wolfSSL_AsyncPush(ssl, asyncDev);
wolfSSL	15:117db924cf7c	13567	}
wolfSSL	15:117db924cf7c	13568	#endif
wolfSSL	15:117db924cf7c	13569	break;
wolfSSL	15:117db924cf7c	13570	#endif
wolfSSL	15:117db924cf7c	13571
wolfSSL	15:117db924cf7c	13572	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13573	case wolfssl_aes_gcm:
wolfSSL	15:117db924cf7c	13574	case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
wolfSSL	15:117db924cf7c	13575	{
wolfSSL	16:8e0d178b1d1e	13576	AES_AUTH_ENCRYPT_FUNC aes_auth_fn;
wolfSSL	15:117db924cf7c	13577	const byte* additionalSrc;
wolfSSL	15:117db924cf7c	13578
wolfSSL	15:117db924cf7c	13579	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13580	/* initialize event */
wolfSSL	15:117db924cf7c	13581	asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL	15:117db924cf7c	13582	ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags);
wolfSSL	15:117db924cf7c	13583	if (ret != 0)
wolfSSL	15:117db924cf7c	13584	break;
wolfSSL	15:117db924cf7c	13585	#endif
wolfSSL	15:117db924cf7c	13586
wolfSSL	15:117db924cf7c	13587	#if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13588	aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL	16:8e0d178b1d1e	13589	? AES_GCM_ENCRYPT : AES_CCM_ENCRYPT;
wolfSSL	15:117db924cf7c	13590	#elif defined(BUILD_AESGCM)
wolfSSL	16:8e0d178b1d1e	13591	aes_auth_fn = AES_GCM_ENCRYPT;
wolfSSL	15:117db924cf7c	13592	#else
wolfSSL	16:8e0d178b1d1e	13593	aes_auth_fn = AES_CCM_ENCRYPT;
wolfSSL	15:117db924cf7c	13594	#endif
wolfSSL	15:117db924cf7c	13595	additionalSrc = input - 5;
wolfSSL	15:117db924cf7c	13596
wolfSSL	15:117db924cf7c	13597	XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	15:117db924cf7c	13598
wolfSSL	15:117db924cf7c	13599	/* sequence number field is 64-bits */
wolfSSL	15:117db924cf7c	13600	WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
wolfSSL	15:117db924cf7c	13601
wolfSSL	15:117db924cf7c	13602	/* Store the type, version. Unfortunately, they are in
wolfSSL	15:117db924cf7c	13603	* the input buffer ahead of the plaintext. */
wolfSSL	15:117db924cf7c	13604	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	13605	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	13606	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	13607	}
wolfSSL	15:117db924cf7c	13608	#endif
wolfSSL	15:117db924cf7c	13609	XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
wolfSSL	15:117db924cf7c	13610	additionalSrc, 3);
wolfSSL	15:117db924cf7c	13611
wolfSSL	15:117db924cf7c	13612	/* Store the length of the plain text minus the explicit
wolfSSL	15:117db924cf7c	13613	* IV length minus the authentication tag size. */
wolfSSL	15:117db924cf7c	13614	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13615	ssl->encrypt.additional + AEAD_LEN_OFFSET);
wolfSSL	16:8e0d178b1d1e	13616	#if !defined(NO_PUBLIC_GCM_SET_IV) && \
wolfSSL	16:8e0d178b1d1e	13617	((defined(HAVE_FIPS) \|\| defined(HAVE_SELFTEST)) && \
wolfSSL	16:8e0d178b1d1e	13618	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2)))
wolfSSL	15:117db924cf7c	13619	XMEMCPY(ssl->encrypt.nonce,
wolfSSL	15:117db924cf7c	13620	ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	15:117db924cf7c	13621	XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
wolfSSL	15:117db924cf7c	13622	ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL	16:8e0d178b1d1e	13623	#endif
wolfSSL	15:117db924cf7c	13624	ret = aes_auth_fn(ssl->encrypt.aes,
wolfSSL	15:117db924cf7c	13625	out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL	15:117db924cf7c	13626	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13627	ssl->encrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL	15:117db924cf7c	13628	out + sz - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13629	ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13630	ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
wolfSSL	15:117db924cf7c	13631	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13632	if (ret == WC_PENDING_E && asyncOkay) {
wolfSSL	15:117db924cf7c	13633	ret = wolfSSL_AsyncPush(ssl, asyncDev);
wolfSSL	15:117db924cf7c	13634	}
wolfSSL	15:117db924cf7c	13635	#endif
wolfSSL	16:8e0d178b1d1e	13636	#if !defined(NO_PUBLIC_GCM_SET_IV) && \
wolfSSL	16:8e0d178b1d1e	13637	((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \|\| \
wolfSSL	16:8e0d178b1d1e	13638	(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
wolfSSL	16:8e0d178b1d1e	13639	XMEMCPY(out,
wolfSSL	16:8e0d178b1d1e	13640	ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
wolfSSL	16:8e0d178b1d1e	13641	#endif
wolfSSL	15:117db924cf7c	13642	}
wolfSSL	15:117db924cf7c	13643	break;
wolfSSL	15:117db924cf7c	13644	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	13645
wolfSSL	15:117db924cf7c	13646	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	13647	case wolfssl_camellia:
wolfSSL	15:117db924cf7c	13648	ret = wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL	15:117db924cf7c	13649	break;
wolfSSL	15:117db924cf7c	13650	#endif
wolfSSL	15:117db924cf7c	13651
wolfSSL	15:117db924cf7c	13652	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	13653	case wolfssl_hc128:
wolfSSL	15:117db924cf7c	13654	ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL	15:117db924cf7c	13655	break;
wolfSSL	15:117db924cf7c	13656	#endif
wolfSSL	15:117db924cf7c	13657
wolfSSL	15:117db924cf7c	13658	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	13659	case wolfssl_rabbit:
wolfSSL	15:117db924cf7c	13660	ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL	15:117db924cf7c	13661	break;
wolfSSL	15:117db924cf7c	13662	#endif
wolfSSL	15:117db924cf7c	13663
wolfSSL	15:117db924cf7c	13664	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL	15:117db924cf7c	13665	case wolfssl_chacha:
wolfSSL	15:117db924cf7c	13666	ret = ChachaAEADEncrypt(ssl, out, input, sz);
wolfSSL	15:117db924cf7c	13667	break;
wolfSSL	15:117db924cf7c	13668	#endif
wolfSSL	15:117db924cf7c	13669
wolfSSL	15:117db924cf7c	13670	#ifdef HAVE_NULL_CIPHER
wolfSSL	15:117db924cf7c	13671	case wolfssl_cipher_null:
wolfSSL	15:117db924cf7c	13672	if (input != out) {
wolfSSL	15:117db924cf7c	13673	XMEMMOVE(out, input, sz);
wolfSSL	15:117db924cf7c	13674	}
wolfSSL	15:117db924cf7c	13675	break;
wolfSSL	15:117db924cf7c	13676	#endif
wolfSSL	15:117db924cf7c	13677
wolfSSL	15:117db924cf7c	13678	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	13679	case wolfssl_idea:
wolfSSL	15:117db924cf7c	13680	ret = wc_IdeaCbcEncrypt(ssl->encrypt.idea, out, input, sz);
wolfSSL	15:117db924cf7c	13681	break;
wolfSSL	15:117db924cf7c	13682	#endif
wolfSSL	15:117db924cf7c	13683
wolfSSL	15:117db924cf7c	13684	default:
wolfSSL	15:117db924cf7c	13685	WOLFSSL_MSG("wolfSSL Encrypt programming error");
wolfSSL	15:117db924cf7c	13686	ret = ENCRYPT_ERROR;
wolfSSL	15:117db924cf7c	13687	}
wolfSSL	15:117db924cf7c	13688
wolfSSL	15:117db924cf7c	13689	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13690	/* if async is not okay, then block */
wolfSSL	15:117db924cf7c	13691	if (ret == WC_PENDING_E && !asyncOkay) {
wolfSSL	15:117db924cf7c	13692	ret = wc_AsyncWait(ret, asyncDev, event_flags);
wolfSSL	15:117db924cf7c	13693	}
wolfSSL	15:117db924cf7c	13694	#endif
wolfSSL	15:117db924cf7c	13695
wolfSSL	15:117db924cf7c	13696	return ret;
wolfSSL	15:117db924cf7c	13697	}
wolfSSL	15:117db924cf7c	13698
wolfSSL	15:117db924cf7c	13699	static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
wolfSSL	15:117db924cf7c	13700	int asyncOkay)
wolfSSL	15:117db924cf7c	13701	{
wolfSSL	15:117db924cf7c	13702	int ret = 0;
wolfSSL	15:117db924cf7c	13703
wolfSSL	15:117db924cf7c	13704	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13705	if (ssl->error == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	13706	ssl->error = 0; /* clear async */
wolfSSL	15:117db924cf7c	13707	}
wolfSSL	15:117db924cf7c	13708	#endif
wolfSSL	15:117db924cf7c	13709
wolfSSL	15:117db924cf7c	13710	switch (ssl->encrypt.state) {
wolfSSL	15:117db924cf7c	13711	case CIPHER_STATE_BEGIN:
wolfSSL	15:117db924cf7c	13712	{
wolfSSL	15:117db924cf7c	13713	if (ssl->encrypt.setup == 0) {
wolfSSL	15:117db924cf7c	13714	WOLFSSL_MSG("Encrypt ciphers not setup");
wolfSSL	15:117db924cf7c	13715	return ENCRYPT_ERROR;
wolfSSL	15:117db924cf7c	13716	}
wolfSSL	15:117db924cf7c	13717
wolfSSL	15:117db924cf7c	13718	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	13719	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	13720	ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	13721	#endif
wolfSSL	15:117db924cf7c	13722
wolfSSL	15:117db924cf7c	13723	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13724	/* make sure AES GCM/CCM memory is allocated */
wolfSSL	15:117db924cf7c	13725	/* free for these happens in FreeCiphers */
wolfSSL	15:117db924cf7c	13726	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm \|\|
wolfSSL	15:117db924cf7c	13727	ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL	15:117db924cf7c	13728	/* make sure auth iv and auth are allocated */
wolfSSL	15:117db924cf7c	13729	if (ssl->encrypt.additional == NULL)
wolfSSL	15:117db924cf7c	13730	ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL	15:117db924cf7c	13731	ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	13732	if (ssl->encrypt.nonce == NULL)
wolfSSL	15:117db924cf7c	13733	ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL	15:117db924cf7c	13734	ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	13735	if (ssl->encrypt.additional == NULL \|\|
wolfSSL	15:117db924cf7c	13736	ssl->encrypt.nonce == NULL) {
wolfSSL	15:117db924cf7c	13737	return MEMORY_E;
wolfSSL	15:117db924cf7c	13738	}
wolfSSL	15:117db924cf7c	13739	}
wolfSSL	15:117db924cf7c	13740	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	13741
wolfSSL	15:117db924cf7c	13742	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	13743	ssl->encrypt.state = CIPHER_STATE_DO;
wolfSSL	15:117db924cf7c	13744	}
wolfSSL	15:117db924cf7c	13745	FALL_THROUGH;
wolfSSL	15:117db924cf7c	13746
wolfSSL	15:117db924cf7c	13747	case CIPHER_STATE_DO:
wolfSSL	15:117db924cf7c	13748	{
wolfSSL	15:117db924cf7c	13749	ret = EncryptDo(ssl, out, input, sz, asyncOkay);
wolfSSL	15:117db924cf7c	13750
wolfSSL	15:117db924cf7c	13751	/* Advance state */
wolfSSL	15:117db924cf7c	13752	ssl->encrypt.state = CIPHER_STATE_END;
wolfSSL	15:117db924cf7c	13753
wolfSSL	15:117db924cf7c	13754	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13755	/* If pending, then leave and return will resume below */
wolfSSL	15:117db924cf7c	13756	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	13757	return ret;
wolfSSL	15:117db924cf7c	13758	}
wolfSSL	15:117db924cf7c	13759	#endif
wolfSSL	15:117db924cf7c	13760	}
wolfSSL	15:117db924cf7c	13761	FALL_THROUGH;
wolfSSL	15:117db924cf7c	13762
wolfSSL	15:117db924cf7c	13763	case CIPHER_STATE_END:
wolfSSL	15:117db924cf7c	13764	{
wolfSSL	15:117db924cf7c	13765	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13766	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm \|\|
wolfSSL	15:117db924cf7c	13767	ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL	15:117db924cf7c	13768	{
wolfSSL	15:117db924cf7c	13769	/* finalize authentication cipher */
wolfSSL	16:8e0d178b1d1e	13770	#if !defined(NO_PUBLIC_GCM_SET_IV) && \
wolfSSL	16:8e0d178b1d1e	13771	((defined(HAVE_FIPS) \|\| defined(HAVE_SELFTEST)) && \
wolfSSL	16:8e0d178b1d1e	13772	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2)))
wolfSSL	15:117db924cf7c	13773	AeadIncrementExpIV(ssl);
wolfSSL	16:8e0d178b1d1e	13774	#endif
wolfSSL	15:117db924cf7c	13775	if (ssl->encrypt.nonce)
wolfSSL	15:117db924cf7c	13776	ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL	15:117db924cf7c	13777	}
wolfSSL	15:117db924cf7c	13778	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	13779	break;
wolfSSL	15:117db924cf7c	13780	}
wolfSSL	15:117db924cf7c	13781	}
wolfSSL	15:117db924cf7c	13782
wolfSSL	15:117db924cf7c	13783	/* Reset state */
wolfSSL	15:117db924cf7c	13784	ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL	15:117db924cf7c	13785
wolfSSL	15:117db924cf7c	13786	return ret;
wolfSSL	15:117db924cf7c	13787	}
wolfSSL	15:117db924cf7c	13788
wolfSSL	16:8e0d178b1d1e	13789
wolfSSL	15:117db924cf7c	13790	static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL	15:117db924cf7c	13791	word16 sz)
wolfSSL	15:117db924cf7c	13792	{
wolfSSL	15:117db924cf7c	13793	int ret = 0;
wolfSSL	15:117db924cf7c	13794
wolfSSL	15:117db924cf7c	13795	(void)plain;
wolfSSL	15:117db924cf7c	13796	(void)input;
wolfSSL	15:117db924cf7c	13797	(void)sz;
wolfSSL	15:117db924cf7c	13798
wolfSSL	15:117db924cf7c	13799	switch (ssl->specs.bulk_cipher_algorithm)
wolfSSL	15:117db924cf7c	13800	{
wolfSSL	15:117db924cf7c	13801	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	13802	case wolfssl_rc4:
wolfSSL	15:117db924cf7c	13803	wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL	15:117db924cf7c	13804	break;
wolfSSL	15:117db924cf7c	13805	#endif
wolfSSL	15:117db924cf7c	13806
wolfSSL	15:117db924cf7c	13807	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	13808	case wolfssl_triple_des:
wolfSSL	15:117db924cf7c	13809	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13810	/* initialize event */
wolfSSL	15:117db924cf7c	13811	ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.des3->asyncDev,
wolfSSL	15:117db924cf7c	13812	WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	13813	if (ret != 0)
wolfSSL	15:117db924cf7c	13814	break;
wolfSSL	15:117db924cf7c	13815	#endif
wolfSSL	15:117db924cf7c	13816
wolfSSL	15:117db924cf7c	13817	ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL	15:117db924cf7c	13818	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13819	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	13820	ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev);
wolfSSL	15:117db924cf7c	13821	}
wolfSSL	15:117db924cf7c	13822	#endif
wolfSSL	15:117db924cf7c	13823	break;
wolfSSL	15:117db924cf7c	13824	#endif
wolfSSL	15:117db924cf7c	13825
wolfSSL	16:8e0d178b1d1e	13826	#if defined(BUILD_AES) && defined(HAVE_AES_CBC)
wolfSSL	15:117db924cf7c	13827	case wolfssl_aes:
wolfSSL	15:117db924cf7c	13828	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13829	/* initialize event */
wolfSSL	15:117db924cf7c	13830	ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev,
wolfSSL	15:117db924cf7c	13831	WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	13832	if (ret != 0)
wolfSSL	15:117db924cf7c	13833	break;
wolfSSL	15:117db924cf7c	13834	#endif
wolfSSL	16:8e0d178b1d1e	13835	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	13836	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	13837	if (tsip_useable(ssl)) {
wolfSSL	16:8e0d178b1d1e	13838	ret = wc_tsip_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL	16:8e0d178b1d1e	13839	} else
wolfSSL	16:8e0d178b1d1e	13840	#endif
wolfSSL	15:117db924cf7c	13841	ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL	15:117db924cf7c	13842	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13843	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	13844	ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
wolfSSL	15:117db924cf7c	13845	}
wolfSSL	15:117db924cf7c	13846	#endif
wolfSSL	15:117db924cf7c	13847	break;
wolfSSL	15:117db924cf7c	13848	#endif
wolfSSL	15:117db924cf7c	13849
wolfSSL	15:117db924cf7c	13850	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13851	case wolfssl_aes_gcm:
wolfSSL	15:117db924cf7c	13852	case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
wolfSSL	15:117db924cf7c	13853	{
wolfSSL	15:117db924cf7c	13854	wc_AesAuthDecryptFunc aes_auth_fn;
wolfSSL	15:117db924cf7c	13855
wolfSSL	15:117db924cf7c	13856	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13857	/* initialize event */
wolfSSL	15:117db924cf7c	13858	ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev,
wolfSSL	15:117db924cf7c	13859	WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	13860	if (ret != 0)
wolfSSL	15:117db924cf7c	13861	break;
wolfSSL	15:117db924cf7c	13862	#endif
wolfSSL	15:117db924cf7c	13863
wolfSSL	15:117db924cf7c	13864	#if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13865	aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL	15:117db924cf7c	13866	? wc_AesGcmDecrypt : wc_AesCcmDecrypt;
wolfSSL	15:117db924cf7c	13867	#elif defined(BUILD_AESGCM)
wolfSSL	15:117db924cf7c	13868	aes_auth_fn = wc_AesGcmDecrypt;
wolfSSL	15:117db924cf7c	13869	#else
wolfSSL	15:117db924cf7c	13870	aes_auth_fn = wc_AesCcmDecrypt;
wolfSSL	15:117db924cf7c	13871	#endif
wolfSSL	15:117db924cf7c	13872
wolfSSL	15:117db924cf7c	13873	XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL	15:117db924cf7c	13874
wolfSSL	15:117db924cf7c	13875	/* sequence number field is 64-bits */
wolfSSL	15:117db924cf7c	13876	WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
wolfSSL	15:117db924cf7c	13877
wolfSSL	15:117db924cf7c	13878	ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	15:117db924cf7c	13879	ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	15:117db924cf7c	13880	ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	15:117db924cf7c	13881
wolfSSL	15:117db924cf7c	13882	c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13883	ssl->decrypt.additional + AEAD_LEN_OFFSET);
wolfSSL	15:117db924cf7c	13884	XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV,
wolfSSL	15:117db924cf7c	13885	AESGCM_IMP_IV_SZ);
wolfSSL	15:117db924cf7c	13886	XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input,
wolfSSL	15:117db924cf7c	13887	AESGCM_EXP_IV_SZ);
wolfSSL	15:117db924cf7c	13888	if ((ret = aes_auth_fn(ssl->decrypt.aes,
wolfSSL	15:117db924cf7c	13889	plain + AESGCM_EXP_IV_SZ,
wolfSSL	15:117db924cf7c	13890	input + AESGCM_EXP_IV_SZ,
wolfSSL	15:117db924cf7c	13891	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13892	ssl->decrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL	15:117db924cf7c	13893	input + sz - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13894	ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	13895	ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
wolfSSL	15:117db924cf7c	13896	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13897	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	13898	ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev);
wolfSSL	15:117db924cf7c	13899	}
wolfSSL	15:117db924cf7c	13900	#endif
wolfSSL	15:117db924cf7c	13901	}
wolfSSL	15:117db924cf7c	13902	}
wolfSSL	15:117db924cf7c	13903	break;
wolfSSL	15:117db924cf7c	13904	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	13905
wolfSSL	15:117db924cf7c	13906	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	13907	case wolfssl_camellia:
wolfSSL	15:117db924cf7c	13908	ret = wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL	15:117db924cf7c	13909	break;
wolfSSL	15:117db924cf7c	13910	#endif
wolfSSL	15:117db924cf7c	13911
wolfSSL	15:117db924cf7c	13912	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	13913	case wolfssl_hc128:
wolfSSL	15:117db924cf7c	13914	ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL	15:117db924cf7c	13915	break;
wolfSSL	15:117db924cf7c	13916	#endif
wolfSSL	15:117db924cf7c	13917
wolfSSL	15:117db924cf7c	13918	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	13919	case wolfssl_rabbit:
wolfSSL	15:117db924cf7c	13920	ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL	15:117db924cf7c	13921	break;
wolfSSL	15:117db924cf7c	13922	#endif
wolfSSL	15:117db924cf7c	13923
wolfSSL	15:117db924cf7c	13924	#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL	15:117db924cf7c	13925	case wolfssl_chacha:
wolfSSL	15:117db924cf7c	13926	ret = ChachaAEADDecrypt(ssl, plain, input, sz);
wolfSSL	15:117db924cf7c	13927	break;
wolfSSL	15:117db924cf7c	13928	#endif
wolfSSL	15:117db924cf7c	13929
wolfSSL	15:117db924cf7c	13930	#ifdef HAVE_NULL_CIPHER
wolfSSL	15:117db924cf7c	13931	case wolfssl_cipher_null:
wolfSSL	15:117db924cf7c	13932	if (input != plain) {
wolfSSL	15:117db924cf7c	13933	XMEMMOVE(plain, input, sz);
wolfSSL	15:117db924cf7c	13934	}
wolfSSL	15:117db924cf7c	13935	break;
wolfSSL	15:117db924cf7c	13936	#endif
wolfSSL	15:117db924cf7c	13937
wolfSSL	15:117db924cf7c	13938	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	13939	case wolfssl_idea:
wolfSSL	15:117db924cf7c	13940	ret = wc_IdeaCbcDecrypt(ssl->decrypt.idea, plain, input, sz);
wolfSSL	15:117db924cf7c	13941	break;
wolfSSL	15:117db924cf7c	13942	#endif
wolfSSL	15:117db924cf7c	13943
wolfSSL	15:117db924cf7c	13944	default:
wolfSSL	15:117db924cf7c	13945	WOLFSSL_MSG("wolfSSL Decrypt programming error");
wolfSSL	15:117db924cf7c	13946	ret = DECRYPT_ERROR;
wolfSSL	15:117db924cf7c	13947	}
wolfSSL	15:117db924cf7c	13948
wolfSSL	15:117db924cf7c	13949	return ret;
wolfSSL	15:117db924cf7c	13950	}
wolfSSL	15:117db924cf7c	13951
wolfSSL	15:117db924cf7c	13952	static WC_INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL	15:117db924cf7c	13953	word16 sz)
wolfSSL	15:117db924cf7c	13954	{
wolfSSL	15:117db924cf7c	13955	int ret = 0;
wolfSSL	15:117db924cf7c	13956
wolfSSL	15:117db924cf7c	13957	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	13958	ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
wolfSSL	15:117db924cf7c	13959	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	13960	/* check for still pending */
wolfSSL	15:117db924cf7c	13961	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	13962	return ret;
wolfSSL	15:117db924cf7c	13963
wolfSSL	15:117db924cf7c	13964	ssl->error = 0; /* clear async */
wolfSSL	15:117db924cf7c	13965
wolfSSL	15:117db924cf7c	13966	/* let failures through so CIPHER_STATE_END logic is run */
wolfSSL	15:117db924cf7c	13967	}
wolfSSL	15:117db924cf7c	13968	else
wolfSSL	15:117db924cf7c	13969	#endif
wolfSSL	15:117db924cf7c	13970	{
wolfSSL	15:117db924cf7c	13971	/* Reset state */
wolfSSL	15:117db924cf7c	13972	ret = 0;
wolfSSL	15:117db924cf7c	13973	ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL	15:117db924cf7c	13974	}
wolfSSL	15:117db924cf7c	13975
wolfSSL	15:117db924cf7c	13976	switch (ssl->decrypt.state) {
wolfSSL	15:117db924cf7c	13977	case CIPHER_STATE_BEGIN:
wolfSSL	15:117db924cf7c	13978	{
wolfSSL	15:117db924cf7c	13979	if (ssl->decrypt.setup == 0) {
wolfSSL	15:117db924cf7c	13980	WOLFSSL_MSG("Decrypt ciphers not setup");
wolfSSL	15:117db924cf7c	13981	return DECRYPT_ERROR;
wolfSSL	15:117db924cf7c	13982	}
wolfSSL	15:117db924cf7c	13983
wolfSSL	15:117db924cf7c	13984	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	13985	/* make sure AES GCM/CCM memory is allocated */
wolfSSL	15:117db924cf7c	13986	/* free for these happens in FreeCiphers */
wolfSSL	15:117db924cf7c	13987	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm \|\|
wolfSSL	15:117db924cf7c	13988	ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL	15:117db924cf7c	13989	/* make sure auth iv and auth are allocated */
wolfSSL	15:117db924cf7c	13990	if (ssl->decrypt.additional == NULL)
wolfSSL	15:117db924cf7c	13991	ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL	15:117db924cf7c	13992	ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	13993	if (ssl->decrypt.nonce == NULL)
wolfSSL	15:117db924cf7c	13994	ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL	15:117db924cf7c	13995	ssl->heap, DYNAMIC_TYPE_AES_BUFFER);
wolfSSL	15:117db924cf7c	13996	if (ssl->decrypt.additional == NULL \|\|
wolfSSL	15:117db924cf7c	13997	ssl->decrypt.nonce == NULL) {
wolfSSL	15:117db924cf7c	13998	return MEMORY_E;
wolfSSL	15:117db924cf7c	13999	}
wolfSSL	15:117db924cf7c	14000	}
wolfSSL	15:117db924cf7c	14001	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	14002
wolfSSL	15:117db924cf7c	14003	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	14004	ssl->decrypt.state = CIPHER_STATE_DO;
wolfSSL	15:117db924cf7c	14005	}
wolfSSL	15:117db924cf7c	14006	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14007	case CIPHER_STATE_DO:
wolfSSL	15:117db924cf7c	14008	{
wolfSSL	15:117db924cf7c	14009	ret = DecryptDo(ssl, plain, input, sz);
wolfSSL	15:117db924cf7c	14010
wolfSSL	15:117db924cf7c	14011	/* Advance state */
wolfSSL	15:117db924cf7c	14012	ssl->decrypt.state = CIPHER_STATE_END;
wolfSSL	15:117db924cf7c	14013
wolfSSL	15:117db924cf7c	14014	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	14015	/* If pending, leave and return below */
wolfSSL	15:117db924cf7c	14016	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	14017	return ret;
wolfSSL	15:117db924cf7c	14018	}
wolfSSL	15:117db924cf7c	14019	#endif
wolfSSL	15:117db924cf7c	14020	}
wolfSSL	15:117db924cf7c	14021	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14022	case CIPHER_STATE_END:
wolfSSL	15:117db924cf7c	14023	{
wolfSSL	15:117db924cf7c	14024	#if defined(BUILD_AESGCM) \|\| defined(HAVE_AESCCM)
wolfSSL	15:117db924cf7c	14025	/* make sure AES GCM/CCM nonce is cleared */
wolfSSL	15:117db924cf7c	14026	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm \|\|
wolfSSL	15:117db924cf7c	14027	ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL	15:117db924cf7c	14028	if (ssl->decrypt.nonce)
wolfSSL	15:117db924cf7c	14029	ForceZero(ssl->decrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL	15:117db924cf7c	14030
wolfSSL	15:117db924cf7c	14031	if (ret < 0)
wolfSSL	15:117db924cf7c	14032	ret = VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14033	}
wolfSSL	15:117db924cf7c	14034	#endif /* BUILD_AESGCM \|\| HAVE_AESCCM */
wolfSSL	15:117db924cf7c	14035	break;
wolfSSL	15:117db924cf7c	14036	}
wolfSSL	15:117db924cf7c	14037	}
wolfSSL	15:117db924cf7c	14038
wolfSSL	15:117db924cf7c	14039	/* Reset state */
wolfSSL	15:117db924cf7c	14040	ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL	15:117db924cf7c	14041
wolfSSL	15:117db924cf7c	14042	/* handle mac error case */
wolfSSL	15:117db924cf7c	14043	if (ret == VERIFY_MAC_ERROR) {
wolfSSL	15:117db924cf7c	14044	if (!ssl->options.dtls)
wolfSSL	15:117db924cf7c	14045	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	15:117db924cf7c	14046
wolfSSL	15:117db924cf7c	14047	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	15:117db924cf7c	14048	ssl->macDropCount++;
wolfSSL	15:117db924cf7c	14049	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	15:117db924cf7c	14050	}
wolfSSL	15:117db924cf7c	14051
wolfSSL	15:117db924cf7c	14052	return ret;
wolfSSL	15:117db924cf7c	14053	}
wolfSSL	15:117db924cf7c	14054
wolfSSL	15:117db924cf7c	14055	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	14056
wolfSSL	15:117db924cf7c	14057	/* Check conditions for a cipher to have an explicit IV.
wolfSSL	15:117db924cf7c	14058	*
wolfSSL	15:117db924cf7c	14059	* ssl The SSL/TLS object.
wolfSSL	15:117db924cf7c	14060	* returns 1 if the cipher in use has an explicit IV and 0 otherwise.
wolfSSL	15:117db924cf7c	14061	*/
wolfSSL	15:117db924cf7c	14062	static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl)
wolfSSL	15:117db924cf7c	14063	{
wolfSSL	15:117db924cf7c	14064	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	14065	if (ssl->options.tls1_3)
wolfSSL	15:117db924cf7c	14066	return 0;
wolfSSL	15:117db924cf7c	14067	#endif
wolfSSL	15:117db924cf7c	14068	return (ssl->specs.cipher_type == aead) &&
wolfSSL	15:117db924cf7c	14069	(ssl->specs.bulk_cipher_algorithm != wolfssl_chacha);
wolfSSL	15:117db924cf7c	14070	}
wolfSSL	15:117db924cf7c	14071
wolfSSL	15:117db924cf7c	14072	/* check cipher text size for sanity */
wolfSSL	15:117db924cf7c	14073	static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
wolfSSL	15:117db924cf7c	14074	{
wolfSSL	15:117db924cf7c	14075	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	14076	word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL	15:117db924cf7c	14077	: ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	14078	#else
wolfSSL	15:117db924cf7c	14079	word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL	15:117db924cf7c	14080	#endif
wolfSSL	15:117db924cf7c	14081
wolfSSL	16:8e0d178b1d1e	14082	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	14083	if (ssl->specs.cipher_type == block) {
wolfSSL	16:8e0d178b1d1e	14084	#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL	16:8e0d178b1d1e	14085	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	14086	if ((encryptSz - MacSize(ssl)) % ssl->specs.block_size) {
wolfSSL	16:8e0d178b1d1e	14087	WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL	16:8e0d178b1d1e	14088	return SANITY_CIPHER_E;
wolfSSL	16:8e0d178b1d1e	14089	}
wolfSSL	16:8e0d178b1d1e	14090	}
wolfSSL	16:8e0d178b1d1e	14091	else
wolfSSL	16:8e0d178b1d1e	14092	#endif
wolfSSL	15:117db924cf7c	14093	if (encryptSz % ssl->specs.block_size) {
wolfSSL	15:117db924cf7c	14094	WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL	15:117db924cf7c	14095	return SANITY_CIPHER_E;
wolfSSL	15:117db924cf7c	14096	}
wolfSSL	15:117db924cf7c	14097
wolfSSL	15:117db924cf7c	14098	minLength++; /* pad byte */
wolfSSL	15:117db924cf7c	14099
wolfSSL	15:117db924cf7c	14100	if (ssl->specs.block_size > minLength)
wolfSSL	15:117db924cf7c	14101	minLength = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	14102
wolfSSL	15:117db924cf7c	14103	if (ssl->options.tls1_1)
wolfSSL	15:117db924cf7c	14104	minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL	15:117db924cf7c	14105	}
wolfSSL	16:8e0d178b1d1e	14106	else
wolfSSL	16:8e0d178b1d1e	14107	#endif
wolfSSL	16:8e0d178b1d1e	14108	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	14109	minLength = ssl->specs.aead_mac_size; /* authTag size */
wolfSSL	15:117db924cf7c	14110	if (CipherHasExpIV(ssl))
wolfSSL	15:117db924cf7c	14111	minLength += AESGCM_EXP_IV_SZ; /* explicit IV */
wolfSSL	15:117db924cf7c	14112	}
wolfSSL	15:117db924cf7c	14113
wolfSSL	15:117db924cf7c	14114	if (encryptSz < minLength) {
wolfSSL	15:117db924cf7c	14115	WOLFSSL_MSG("Ciphertext not minimum size");
wolfSSL	15:117db924cf7c	14116	return SANITY_CIPHER_E;
wolfSSL	15:117db924cf7c	14117	}
wolfSSL	15:117db924cf7c	14118
wolfSSL	15:117db924cf7c	14119	return 0;
wolfSSL	15:117db924cf7c	14120	}
wolfSSL	15:117db924cf7c	14121
wolfSSL	15:117db924cf7c	14122
wolfSSL	16:8e0d178b1d1e	14123	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	14124	/* check all length bytes for the pad value, return 0 on success */
wolfSSL	15:117db924cf7c	14125	static int PadCheck(const byte* a, byte pad, int length)
wolfSSL	15:117db924cf7c	14126	{
wolfSSL	15:117db924cf7c	14127	int i;
wolfSSL	15:117db924cf7c	14128	int compareSum = 0;
wolfSSL	15:117db924cf7c	14129
wolfSSL	15:117db924cf7c	14130	for (i = 0; i < length; i++) {
wolfSSL	15:117db924cf7c	14131	compareSum \|= a[i] ^ pad;
wolfSSL	15:117db924cf7c	14132	}
wolfSSL	15:117db924cf7c	14133
wolfSSL	15:117db924cf7c	14134	return compareSum;
wolfSSL	15:117db924cf7c	14135	}
wolfSSL	15:117db924cf7c	14136
wolfSSL	15:117db924cf7c	14137
wolfSSL	15:117db924cf7c	14138	/* Mask the padding bytes with the expected values.
wolfSSL	15:117db924cf7c	14139	* Constant time implementation - does maximum pad size possible.
wolfSSL	15:117db924cf7c	14140	*
wolfSSL	15:117db924cf7c	14141	* data Message data.
wolfSSL	15:117db924cf7c	14142	* sz Size of the message including MAC and padding and padding length.
wolfSSL	15:117db924cf7c	14143	* macSz Size of the MAC.
wolfSSL	15:117db924cf7c	14144	* returns 0 on success, otherwise failure.
wolfSSL	15:117db924cf7c	14145	*/
wolfSSL	15:117db924cf7c	14146	static byte MaskPadding(const byte* data, int sz, int macSz)
wolfSSL	15:117db924cf7c	14147	{
wolfSSL	15:117db924cf7c	14148	int i;
wolfSSL	15:117db924cf7c	14149	int checkSz = sz - 1;
wolfSSL	15:117db924cf7c	14150	byte paddingSz = data[sz - 1];
wolfSSL	15:117db924cf7c	14151	byte mask;
wolfSSL	15:117db924cf7c	14152	byte good = ctMaskGT(paddingSz, sz - 1 - macSz);
wolfSSL	15:117db924cf7c	14153
wolfSSL	15:117db924cf7c	14154	if (checkSz > TLS_MAX_PAD_SZ)
wolfSSL	15:117db924cf7c	14155	checkSz = TLS_MAX_PAD_SZ;
wolfSSL	15:117db924cf7c	14156
wolfSSL	15:117db924cf7c	14157	for (i = 0; i < checkSz; i++) {
wolfSSL	15:117db924cf7c	14158	mask = ctMaskLTE(i, paddingSz);
wolfSSL	15:117db924cf7c	14159	good \|= mask & (data[sz - 1 - i] ^ paddingSz);
wolfSSL	15:117db924cf7c	14160	}
wolfSSL	15:117db924cf7c	14161
wolfSSL	15:117db924cf7c	14162	return good;
wolfSSL	15:117db924cf7c	14163	}
wolfSSL	15:117db924cf7c	14164
wolfSSL	15:117db924cf7c	14165	/* Mask the MAC in the message with the MAC calculated.
wolfSSL	15:117db924cf7c	14166	* Constant time implementation - starts looking for MAC where maximum padding
wolfSSL	15:117db924cf7c	14167	* size has it.
wolfSSL	15:117db924cf7c	14168	*
wolfSSL	15:117db924cf7c	14169	* data Message data.
wolfSSL	15:117db924cf7c	14170	* sz Size of the message including MAC and padding and padding length.
wolfSSL	15:117db924cf7c	14171	* macSz Size of the MAC data.
wolfSSL	15:117db924cf7c	14172	* expMac Expected MAC value.
wolfSSL	15:117db924cf7c	14173	* returns 0 on success, otherwise failure.
wolfSSL	15:117db924cf7c	14174	*/
wolfSSL	15:117db924cf7c	14175	static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
wolfSSL	15:117db924cf7c	14176	{
wolfSSL	15:117db924cf7c	14177	int i, j;
wolfSSL	15:117db924cf7c	14178	unsigned char mac[WC_MAX_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	14179	int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz;
wolfSSL	15:117db924cf7c	14180	int macEnd = sz - 1 - data[sz - 1];
wolfSSL	15:117db924cf7c	14181	int macStart = macEnd - macSz;
wolfSSL	15:117db924cf7c	14182	int r = 0;
wolfSSL	15:117db924cf7c	14183	unsigned char started, notEnded;
wolfSSL	15:117db924cf7c	14184	unsigned char good = 0;
wolfSSL	15:117db924cf7c	14185
wolfSSL	16:8e0d178b1d1e	14186	scanStart &= ctMaskIntGTE(scanStart, 0);
wolfSSL	16:8e0d178b1d1e	14187	macStart &= ctMaskIntGTE(macStart, 0);
wolfSSL	15:117db924cf7c	14188
wolfSSL	15:117db924cf7c	14189	/* Div on Intel has different speeds depending on value.
wolfSSL	15:117db924cf7c	14190	* Use a bitwise AND or mod a specific value (converted to mul). */
wolfSSL	15:117db924cf7c	14191	if ((macSz & (macSz - 1)) == 0)
wolfSSL	15:117db924cf7c	14192	r = (macSz - (scanStart - macStart)) & (macSz - 1);
wolfSSL	15:117db924cf7c	14193	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	14194	else if (macSz == WC_SHA_DIGEST_SIZE)
wolfSSL	15:117db924cf7c	14195	r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	14196	#endif
wolfSSL	15:117db924cf7c	14197	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	14198	else if (macSz == WC_SHA384_DIGEST_SIZE)
wolfSSL	15:117db924cf7c	14199	r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	14200	#endif
wolfSSL	15:117db924cf7c	14201
wolfSSL	15:117db924cf7c	14202	XMEMSET(mac, 0, macSz);
wolfSSL	15:117db924cf7c	14203	for (i = scanStart; i < sz; i += macSz) {
wolfSSL	15:117db924cf7c	14204	for (j = 0; j < macSz && j + i < sz; j++) {
wolfSSL	15:117db924cf7c	14205	started = ctMaskGTE(i + j, macStart);
wolfSSL	15:117db924cf7c	14206	notEnded = ctMaskLT(i + j, macEnd);
wolfSSL	15:117db924cf7c	14207	mac[j] \|= started & notEnded & data[i + j];
wolfSSL	15:117db924cf7c	14208	}
wolfSSL	15:117db924cf7c	14209	}
wolfSSL	15:117db924cf7c	14210
wolfSSL	15:117db924cf7c	14211	if ((macSz & (macSz - 1)) == 0) {
wolfSSL	15:117db924cf7c	14212	for (i = 0; i < macSz; i++)
wolfSSL	15:117db924cf7c	14213	good \|= expMac[i] ^ mac[(i + r) & (macSz - 1)];
wolfSSL	15:117db924cf7c	14214	}
wolfSSL	15:117db924cf7c	14215	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	14216	else if (macSz == WC_SHA_DIGEST_SIZE) {
wolfSSL	15:117db924cf7c	14217	for (i = 0; i < macSz; i++)
wolfSSL	15:117db924cf7c	14218	good \|= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	14219	}
wolfSSL	15:117db924cf7c	14220	#endif
wolfSSL	15:117db924cf7c	14221	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	14222	else if (macSz == WC_SHA384_DIGEST_SIZE) {
wolfSSL	15:117db924cf7c	14223	for (i = 0; i < macSz; i++)
wolfSSL	15:117db924cf7c	14224	good \|= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	14225	}
wolfSSL	15:117db924cf7c	14226	#endif
wolfSSL	15:117db924cf7c	14227
wolfSSL	15:117db924cf7c	14228	return good;
wolfSSL	15:117db924cf7c	14229	}
wolfSSL	15:117db924cf7c	14230
wolfSSL	15:117db924cf7c	14231	/* timing resistant pad/verify check, return 0 on success */
wolfSSL	15:117db924cf7c	14232	int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
wolfSSL	15:117db924cf7c	14233	int pLen, int content)
wolfSSL	15:117db924cf7c	14234	{
wolfSSL	15:117db924cf7c	14235	byte verify[WC_MAX_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	14236	byte good;
wolfSSL	15:117db924cf7c	14237	int ret = 0;
wolfSSL	15:117db924cf7c	14238
wolfSSL	15:117db924cf7c	14239	good = MaskPadding(input, pLen, macSz);
wolfSSL	15:117db924cf7c	14240	/* 4th argument has potential to underflow, ssl->hmac function should
wolfSSL	15:117db924cf7c	14241	* either increment the size by (macSz + padLen + 1) before use or check on
wolfSSL	15:117db924cf7c	14242	* the size to make sure is valid. */
wolfSSL	15:117db924cf7c	14243	ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen,
wolfSSL	15:117db924cf7c	14244	content, 1);
wolfSSL	15:117db924cf7c	14245	good \|= MaskMac(input, pLen, ssl->specs.hash_size, verify);
wolfSSL	15:117db924cf7c	14246
wolfSSL	15:117db924cf7c	14247	/* Non-zero on failure. */
wolfSSL	15:117db924cf7c	14248	good = (byte)~(word32)good;
wolfSSL	15:117db924cf7c	14249	good &= good >> 4;
wolfSSL	15:117db924cf7c	14250	good &= good >> 2;
wolfSSL	15:117db924cf7c	14251	good &= good >> 1;
wolfSSL	15:117db924cf7c	14252	/* Make ret negative on masking failure. */
wolfSSL	15:117db924cf7c	14253	ret -= 1 - good;
wolfSSL	15:117db924cf7c	14254
wolfSSL	16:8e0d178b1d1e	14255	/* Treat any failure as verify MAC error. */
wolfSSL	15:117db924cf7c	14256	if (ret != 0)
wolfSSL	15:117db924cf7c	14257	ret = VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14258
wolfSSL	15:117db924cf7c	14259	return ret;
wolfSSL	15:117db924cf7c	14260	}
wolfSSL	16:8e0d178b1d1e	14261	#endif
wolfSSL	15:117db924cf7c	14262
wolfSSL	15:117db924cf7c	14263
wolfSSL	15:117db924cf7c	14264	int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
wolfSSL	15:117db924cf7c	14265	{
wolfSSL	15:117db924cf7c	14266	word32 msgSz = ssl->keys.encryptSz;
wolfSSL	15:117db924cf7c	14267	word32 idx = *inOutIdx;
wolfSSL	15:117db924cf7c	14268	int dataSz;
wolfSSL	15:117db924cf7c	14269	int ivExtra = 0;
wolfSSL	15:117db924cf7c	14270	byte* rawData = input + idx; /* keep current for hmac */
wolfSSL	15:117db924cf7c	14271	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	14272	byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	15:117db924cf7c	14273	#endif
wolfSSL	15:117db924cf7c	14274
wolfSSL	15:117db924cf7c	14275	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	16:8e0d178b1d1e	14276	if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0) {
wolfSSL	16:8e0d178b1d1e	14277	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	16:8e0d178b1d1e	14278	ssl->earlyData != no_early_data &&
wolfSSL	16:8e0d178b1d1e	14279	ssl->options.clientState < CLIENT_FINISHED_COMPLETE) {
wolfSSL	16:8e0d178b1d1e	14280	ssl->earlyDataSz += ssl->curSize;
wolfSSL	16:8e0d178b1d1e	14281	if (ssl->earlyDataSz <= ssl->options.maxEarlyDataSz) {
wolfSSL	16:8e0d178b1d1e	14282	WOLFSSL_MSG("Ignoring EarlyData!");
wolfSSL	16:8e0d178b1d1e	14283	*inOutIdx = ssl->buffers.inputBuffer.length;
wolfSSL	16:8e0d178b1d1e	14284	return 0;
wolfSSL	16:8e0d178b1d1e	14285	}
wolfSSL	16:8e0d178b1d1e	14286	WOLFSSL_MSG("Too much EarlyData!");
wolfSSL	16:8e0d178b1d1e	14287	}
wolfSSL	16:8e0d178b1d1e	14288	}
wolfSSL	15:117db924cf7c	14289	#endif
wolfSSL	15:117db924cf7c	14290	if (ssl->options.handShakeDone == 0) {
wolfSSL	15:117db924cf7c	14291	WOLFSSL_MSG("Received App data before a handshake completed");
wolfSSL	15:117db924cf7c	14292	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	14293	return OUT_OF_ORDER_E;
wolfSSL	15:117db924cf7c	14294	}
wolfSSL	15:117db924cf7c	14295
wolfSSL	16:8e0d178b1d1e	14296	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	14297	if (ssl->specs.cipher_type == block) {
wolfSSL	15:117db924cf7c	14298	if (ssl->options.tls1_1)
wolfSSL	15:117db924cf7c	14299	ivExtra = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	14300	}
wolfSSL	16:8e0d178b1d1e	14301	else
wolfSSL	16:8e0d178b1d1e	14302	#endif
wolfSSL	16:8e0d178b1d1e	14303	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	14304	if (CipherHasExpIV(ssl))
wolfSSL	15:117db924cf7c	14305	ivExtra = AESGCM_EXP_IV_SZ;
wolfSSL	15:117db924cf7c	14306	}
wolfSSL	15:117db924cf7c	14307
wolfSSL	15:117db924cf7c	14308	dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	14309	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14310	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	14311	dataSz -= MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	14312	#endif
wolfSSL	15:117db924cf7c	14313	if (dataSz < 0) {
wolfSSL	15:117db924cf7c	14314	WOLFSSL_MSG("App data buffer error, malicious input?");
wolfSSL	16:8e0d178b1d1e	14315	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	14316	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	14317	}
wolfSSL	15:117db924cf7c	14318	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	16:8e0d178b1d1e	14319	if (ssl->earlyData > early_data_ext) {
wolfSSL	15:117db924cf7c	14320	if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) {
wolfSSL	15:117db924cf7c	14321	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	14322	return WOLFSSL_FATAL_ERROR;
wolfSSL	15:117db924cf7c	14323	}
wolfSSL	15:117db924cf7c	14324	ssl->earlyDataSz += dataSz;
wolfSSL	15:117db924cf7c	14325	}
wolfSSL	15:117db924cf7c	14326	#endif
wolfSSL	15:117db924cf7c	14327
wolfSSL	15:117db924cf7c	14328	/* read data */
wolfSSL	15:117db924cf7c	14329	if (dataSz) {
wolfSSL	15:117db924cf7c	14330	int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL	15:117db924cf7c	14331
wolfSSL	15:117db924cf7c	14332	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	14333	if (ssl->options.usingCompression) {
wolfSSL	15:117db924cf7c	14334	dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL	15:117db924cf7c	14335	if (dataSz < 0) return dataSz;
wolfSSL	15:117db924cf7c	14336	}
wolfSSL	15:117db924cf7c	14337	#endif
wolfSSL	15:117db924cf7c	14338	idx += rawSz;
wolfSSL	15:117db924cf7c	14339
wolfSSL	15:117db924cf7c	14340	ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL	15:117db924cf7c	14341	ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL	15:117db924cf7c	14342	}
wolfSSL	15:117db924cf7c	14343
wolfSSL	15:117db924cf7c	14344	idx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	14345	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14346	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	14347	idx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	14348	#endif
wolfSSL	15:117db924cf7c	14349
wolfSSL	15:117db924cf7c	14350	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	14351	/* decompress could be bigger, overwrite after verify */
wolfSSL	15:117db924cf7c	14352	if (ssl->options.usingCompression)
wolfSSL	15:117db924cf7c	14353	XMEMMOVE(rawData, decomp, dataSz);
wolfSSL	15:117db924cf7c	14354	#endif
wolfSSL	15:117db924cf7c	14355
wolfSSL	15:117db924cf7c	14356	*inOutIdx = idx;
wolfSSL	15:117db924cf7c	14357	return 0;
wolfSSL	15:117db924cf7c	14358	}
wolfSSL	15:117db924cf7c	14359
wolfSSL	15:117db924cf7c	14360
wolfSSL	15:117db924cf7c	14361	/* process alert, return level */
wolfSSL	15:117db924cf7c	14362	static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL	15:117db924cf7c	14363	word32 totalSz)
wolfSSL	15:117db924cf7c	14364	{
wolfSSL	15:117db924cf7c	14365	byte level;
wolfSSL	15:117db924cf7c	14366	byte code;
wolfSSL	16:8e0d178b1d1e	14367	word32 dataSz = totalSz - *inOutIdx;
wolfSSL	15:117db924cf7c	14368
wolfSSL	15:117db924cf7c	14369	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	14370	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	14371	AddPacketName(ssl, "Alert");
wolfSSL	15:117db924cf7c	14372	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	14373	/* add record header back on to info + alert bytes level/code */
wolfSSL	15:117db924cf7c	14374	AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx -
wolfSSL	15:117db924cf7c	14375	RECORD_HEADER_SZ, RECORD_HEADER_SZ + ALERT_SIZE,
wolfSSL	15:117db924cf7c	14376	READ_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	14377	#endif
wolfSSL	15:117db924cf7c	14378
wolfSSL	16:8e0d178b1d1e	14379	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	14380	dataSz -= ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	14381	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14382	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	14383	dataSz -= MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	14384	#endif
wolfSSL	15:117db924cf7c	14385	}
wolfSSL	15:117db924cf7c	14386
wolfSSL	15:117db924cf7c	14387	/* make sure can read the message */
wolfSSL	16:8e0d178b1d1e	14388	if (dataSz != ALERT_SIZE) {
wolfSSL	16:8e0d178b1d1e	14389	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14390	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	14391	#endif
wolfSSL	16:8e0d178b1d1e	14392	return BUFFER_E;
wolfSSL	16:8e0d178b1d1e	14393	}
wolfSSL	15:117db924cf7c	14394
wolfSSL	15:117db924cf7c	14395	level = input[(*inOutIdx)++];
wolfSSL	15:117db924cf7c	14396	code = input[(*inOutIdx)++];
wolfSSL	15:117db924cf7c	14397	ssl->alert_history.last_rx.code = code;
wolfSSL	15:117db924cf7c	14398	ssl->alert_history.last_rx.level = level;
wolfSSL	15:117db924cf7c	14399	*type = code;
wolfSSL	15:117db924cf7c	14400	if (level == alert_fatal) {
wolfSSL	15:117db924cf7c	14401	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	15:117db924cf7c	14402	}
wolfSSL	15:117db924cf7c	14403
wolfSSL	16:8e0d178b1d1e	14404	if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) {
wolfSSL	16:8e0d178b1d1e	14405	WOLFSSL_MSG("Alert count exceeded");
wolfSSL	16:8e0d178b1d1e	14406	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14407	if (level != alert_warning \|\| code != close_notify)
wolfSSL	16:8e0d178b1d1e	14408	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	14409	#endif
wolfSSL	16:8e0d178b1d1e	14410	return ALERT_COUNT_E;
wolfSSL	16:8e0d178b1d1e	14411	}
wolfSSL	16:8e0d178b1d1e	14412
wolfSSL	15:117db924cf7c	14413	WOLFSSL_MSG("Got alert");
wolfSSL	15:117db924cf7c	14414	if (*type == close_notify) {
wolfSSL	15:117db924cf7c	14415	WOLFSSL_MSG("\tclose notify");
wolfSSL	15:117db924cf7c	14416	ssl->options.closeNotify = 1;
wolfSSL	15:117db924cf7c	14417	}
wolfSSL	15:117db924cf7c	14418	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	14419	if (*type == decode_error) {
wolfSSL	16:8e0d178b1d1e	14420	WOLFSSL_MSG("\tdecode error");
wolfSSL	15:117db924cf7c	14421	}
wolfSSL	15:117db924cf7c	14422	if (*type == illegal_parameter) {
wolfSSL	16:8e0d178b1d1e	14423	WOLFSSL_MSG("\tillegal parameter");
wolfSSL	15:117db924cf7c	14424	}
wolfSSL	15:117db924cf7c	14425	#endif
wolfSSL	15:117db924cf7c	14426	WOLFSSL_ERROR(*type);
wolfSSL	15:117db924cf7c	14427	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	14428	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	14429	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14430	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	14431	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	14432	#endif
wolfSSL	15:117db924cf7c	14433	}
wolfSSL	15:117db924cf7c	14434
wolfSSL	15:117db924cf7c	14435	return level;
wolfSSL	15:117db924cf7c	14436	}
wolfSSL	15:117db924cf7c	14437
wolfSSL	15:117db924cf7c	14438	static int GetInputData(WOLFSSL *ssl, word32 size)
wolfSSL	15:117db924cf7c	14439	{
wolfSSL	15:117db924cf7c	14440	int in;
wolfSSL	15:117db924cf7c	14441	int inSz;
wolfSSL	15:117db924cf7c	14442	int maxLength;
wolfSSL	15:117db924cf7c	14443	int usedLength;
wolfSSL	15:117db924cf7c	14444	int dtlsExtra = 0;
wolfSSL	15:117db924cf7c	14445
wolfSSL	15:117db924cf7c	14446
wolfSSL	15:117db924cf7c	14447	/* check max input length */
wolfSSL	15:117db924cf7c	14448	usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL	15:117db924cf7c	14449	maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL	15:117db924cf7c	14450	inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL	15:117db924cf7c	14451
wolfSSL	15:117db924cf7c	14452	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14453	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	14454	if (size < ssl->dtls_expected_rx)
wolfSSL	15:117db924cf7c	14455	dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL	15:117db924cf7c	14456	inSz = ssl->dtls_expected_rx;
wolfSSL	15:117db924cf7c	14457	}
wolfSSL	15:117db924cf7c	14458	#endif
wolfSSL	15:117db924cf7c	14459
wolfSSL	15:117db924cf7c	14460	/* check that no lengths or size values are negative */
wolfSSL	15:117db924cf7c	14461	if (usedLength < 0 \|\| maxLength < 0 \|\| inSz <= 0) {
wolfSSL	15:117db924cf7c	14462	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	14463	}
wolfSSL	15:117db924cf7c	14464
wolfSSL	15:117db924cf7c	14465	if (inSz > maxLength) {
wolfSSL	15:117db924cf7c	14466	if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL	15:117db924cf7c	14467	return MEMORY_E;
wolfSSL	15:117db924cf7c	14468	}
wolfSSL	15:117db924cf7c	14469
wolfSSL	15:117db924cf7c	14470	/* Put buffer data at start if not there */
wolfSSL	15:117db924cf7c	14471	if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL	15:117db924cf7c	14472	XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	14473	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	14474	usedLength);
wolfSSL	15:117db924cf7c	14475
wolfSSL	15:117db924cf7c	14476	/* remove processed data */
wolfSSL	15:117db924cf7c	14477	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	14478	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	15:117db924cf7c	14479
wolfSSL	15:117db924cf7c	14480	/* read data from network */
wolfSSL	15:117db924cf7c	14481	do {
wolfSSL	15:117db924cf7c	14482	in = wolfSSLReceive(ssl,
wolfSSL	15:117db924cf7c	14483	ssl->buffers.inputBuffer.buffer +
wolfSSL	15:117db924cf7c	14484	ssl->buffers.inputBuffer.length,
wolfSSL	15:117db924cf7c	14485	inSz);
wolfSSL	15:117db924cf7c	14486	if (in == WANT_READ)
wolfSSL	15:117db924cf7c	14487	return WANT_READ;
wolfSSL	15:117db924cf7c	14488
wolfSSL	16:8e0d178b1d1e	14489	if (in < 0)
wolfSSL	16:8e0d178b1d1e	14490	return SOCKET_ERROR_E;
wolfSSL	16:8e0d178b1d1e	14491
wolfSSL	15:117db924cf7c	14492	if (in > inSz)
wolfSSL	15:117db924cf7c	14493	return RECV_OVERFLOW_E;
wolfSSL	15:117db924cf7c	14494
wolfSSL	15:117db924cf7c	14495	ssl->buffers.inputBuffer.length += in;
wolfSSL	15:117db924cf7c	14496	inSz -= in;
wolfSSL	15:117db924cf7c	14497
wolfSSL	15:117db924cf7c	14498	} while (ssl->buffers.inputBuffer.length < size);
wolfSSL	15:117db924cf7c	14499
wolfSSL	15:117db924cf7c	14500	#ifdef WOLFSSL_DEBUG_TLS
wolfSSL	15:117db924cf7c	14501	if (ssl->buffers.inputBuffer.idx == 0) {
wolfSSL	15:117db924cf7c	14502	WOLFSSL_MSG("Data received");
wolfSSL	15:117db924cf7c	14503	WOLFSSL_BUFFER(ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	14504	ssl->buffers.inputBuffer.length);
wolfSSL	15:117db924cf7c	14505	}
wolfSSL	15:117db924cf7c	14506	#endif
wolfSSL	15:117db924cf7c	14507
wolfSSL	15:117db924cf7c	14508	return 0;
wolfSSL	15:117db924cf7c	14509	}
wolfSSL	15:117db924cf7c	14510
wolfSSL	16:8e0d178b1d1e	14511	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14512	static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL	16:8e0d178b1d1e	14513	int content)
wolfSSL	16:8e0d178b1d1e	14514	{
wolfSSL	16:8e0d178b1d1e	14515	int ret;
wolfSSL	16:8e0d178b1d1e	14516	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	16:8e0d178b1d1e	14517	word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL	16:8e0d178b1d1e	14518	: ssl->specs.hash_size;
wolfSSL	16:8e0d178b1d1e	14519	#else
wolfSSL	16:8e0d178b1d1e	14520	word32 digestSz = ssl->specs.hash_size;
wolfSSL	16:8e0d178b1d1e	14521	#endif
wolfSSL	16:8e0d178b1d1e	14522	byte verify[WC_MAX_DIGEST_SIZE];
wolfSSL	16:8e0d178b1d1e	14523
wolfSSL	16:8e0d178b1d1e	14524	WOLFSSL_MSG("Verify MAC of Encrypted Data");
wolfSSL	16:8e0d178b1d1e	14525
wolfSSL	16:8e0d178b1d1e	14526	if (msgSz < digestSz) {
wolfSSL	16:8e0d178b1d1e	14527	return VERIFY_MAC_ERROR;
wolfSSL	16:8e0d178b1d1e	14528	}
wolfSSL	16:8e0d178b1d1e	14529
wolfSSL	16:8e0d178b1d1e	14530	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1);
wolfSSL	16:8e0d178b1d1e	14531	ret \|= ConstantCompare(verify, input + msgSz - digestSz, digestSz);
wolfSSL	16:8e0d178b1d1e	14532	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	14533	return VERIFY_MAC_ERROR;
wolfSSL	16:8e0d178b1d1e	14534	}
wolfSSL	16:8e0d178b1d1e	14535
wolfSSL	16:8e0d178b1d1e	14536	return 0;
wolfSSL	16:8e0d178b1d1e	14537	}
wolfSSL	16:8e0d178b1d1e	14538	#endif
wolfSSL	15:117db924cf7c	14539
wolfSSL	15:117db924cf7c	14540	static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL	15:117db924cf7c	14541	int content, word32* padSz)
wolfSSL	15:117db924cf7c	14542	{
wolfSSL	16:8e0d178b1d1e	14543	#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	15:117db924cf7c	14544	int ivExtra = 0;
wolfSSL	15:117db924cf7c	14545	int ret;
wolfSSL	15:117db924cf7c	14546	word32 pad = 0;
wolfSSL	15:117db924cf7c	14547	word32 padByte = 0;
wolfSSL	15:117db924cf7c	14548	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	14549	word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL	15:117db924cf7c	14550	: ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	14551	#else
wolfSSL	15:117db924cf7c	14552	word32 digestSz = ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	14553	#endif
wolfSSL	15:117db924cf7c	14554	byte verify[WC_MAX_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	14555
wolfSSL	15:117db924cf7c	14556
wolfSSL	15:117db924cf7c	14557	if (ssl->specs.cipher_type == block) {
wolfSSL	15:117db924cf7c	14558	if (ssl->options.tls1_1)
wolfSSL	15:117db924cf7c	14559	ivExtra = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	14560	pad = *(input + msgSz - ivExtra - 1);
wolfSSL	15:117db924cf7c	14561	padByte = 1;
wolfSSL	15:117db924cf7c	14562
wolfSSL	15:117db924cf7c	14563	if (ssl->options.tls) {
wolfSSL	15:117db924cf7c	14564	ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL	15:117db924cf7c	14565	content);
wolfSSL	15:117db924cf7c	14566	if (ret != 0)
wolfSSL	15:117db924cf7c	14567	return ret;
wolfSSL	15:117db924cf7c	14568	}
wolfSSL	15:117db924cf7c	14569	else { /* sslv3, some implementations have bad padding, but don't
wolfSSL	15:117db924cf7c	14570	* allow bad read */
wolfSSL	15:117db924cf7c	14571	int badPadLen = 0;
wolfSSL	15:117db924cf7c	14572	byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL	15:117db924cf7c	14573	byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL	15:117db924cf7c	14574
wolfSSL	15:117db924cf7c	14575	(void)dmy;
wolfSSL	15:117db924cf7c	14576
wolfSSL	15:117db924cf7c	14577	if (pad > (msgSz - digestSz - 1)) {
wolfSSL	15:117db924cf7c	14578	WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL	15:117db924cf7c	14579	pad = 0; /* no bad read */
wolfSSL	15:117db924cf7c	14580	badPadLen = 1;
wolfSSL	15:117db924cf7c	14581	}
wolfSSL	15:117db924cf7c	14582	PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL	15:117db924cf7c	14583	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad,
wolfSSL	15:117db924cf7c	14584	content, 1);
wolfSSL	15:117db924cf7c	14585	if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL	15:117db924cf7c	14586	digestSz) != 0)
wolfSSL	15:117db924cf7c	14587	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14588	if (ret != 0 \|\| badPadLen)
wolfSSL	15:117db924cf7c	14589	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14590	}
wolfSSL	15:117db924cf7c	14591	}
wolfSSL	15:117db924cf7c	14592	else if (ssl->specs.cipher_type == stream) {
wolfSSL	15:117db924cf7c	14593	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1);
wolfSSL	15:117db924cf7c	14594	if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL	15:117db924cf7c	14595	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14596	}
wolfSSL	15:117db924cf7c	14597	if (ret != 0)
wolfSSL	15:117db924cf7c	14598	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	14599	}
wolfSSL	16:8e0d178b1d1e	14600	#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	14601
wolfSSL	15:117db924cf7c	14602	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	14603	*padSz = ssl->specs.aead_mac_size;
wolfSSL	15:117db924cf7c	14604	}
wolfSSL	16:8e0d178b1d1e	14605	#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	15:117db924cf7c	14606	else {
wolfSSL	15:117db924cf7c	14607	*padSz = digestSz + pad + padByte;
wolfSSL	15:117db924cf7c	14608	}
wolfSSL	16:8e0d178b1d1e	14609	#endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	14610
wolfSSL	15:117db924cf7c	14611	(void)input;
wolfSSL	15:117db924cf7c	14612	(void)msgSz;
wolfSSL	15:117db924cf7c	14613	(void)content;
wolfSSL	15:117db924cf7c	14614
wolfSSL	15:117db924cf7c	14615	return 0;
wolfSSL	15:117db924cf7c	14616	}
wolfSSL	15:117db924cf7c	14617
wolfSSL	15:117db924cf7c	14618
wolfSSL	15:117db924cf7c	14619	/* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL	15:117db924cf7c	14620	negative number is error */
wolfSSL	15:117db924cf7c	14621	int ProcessReply(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	14622	{
wolfSSL	15:117db924cf7c	14623	int ret = 0, type, readSz;
wolfSSL	15:117db924cf7c	14624	int atomicUser = 0;
wolfSSL	15:117db924cf7c	14625	word32 startIdx = 0;
wolfSSL	15:117db924cf7c	14626	#if defined(WOLFSSL_DTLS)
wolfSSL	15:117db924cf7c	14627	int used;
wolfSSL	15:117db924cf7c	14628	#endif
wolfSSL	15:117db924cf7c	14629
wolfSSL	15:117db924cf7c	14630	#ifdef ATOMIC_USER
wolfSSL	15:117db924cf7c	14631	if (ssl->ctx->DecryptVerifyCb)
wolfSSL	15:117db924cf7c	14632	atomicUser = 1;
wolfSSL	15:117db924cf7c	14633	#endif
wolfSSL	15:117db924cf7c	14634
wolfSSL	15:117db924cf7c	14635	if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE
wolfSSL	15:117db924cf7c	14636	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	14637	&& ssl->error != WC_PENDING_E
wolfSSL	15:117db924cf7c	14638	#endif
wolfSSL	15:117db924cf7c	14639	#ifdef WOLFSSL_NONBLOCK_OCSP
wolfSSL	15:117db924cf7c	14640	&& ssl->error != OCSP_WANT_READ
wolfSSL	15:117db924cf7c	14641	#endif
wolfSSL	15:117db924cf7c	14642	) {
wolfSSL	15:117db924cf7c	14643	WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL	15:117db924cf7c	14644	return ssl->error;
wolfSSL	15:117db924cf7c	14645	}
wolfSSL	15:117db924cf7c	14646
wolfSSL	15:117db924cf7c	14647	for (;;) {
wolfSSL	15:117db924cf7c	14648	switch (ssl->options.processReply) {
wolfSSL	15:117db924cf7c	14649
wolfSSL	15:117db924cf7c	14650	/* in the WOLFSSL_SERVER case, get the first byte for detecting
wolfSSL	15:117db924cf7c	14651	* old client hello */
wolfSSL	15:117db924cf7c	14652	case doProcessInit:
wolfSSL	15:117db924cf7c	14653
wolfSSL	15:117db924cf7c	14654	readSz = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	14655
wolfSSL	15:117db924cf7c	14656	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14657	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	14658	readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	14659	#endif
wolfSSL	15:117db924cf7c	14660
wolfSSL	15:117db924cf7c	14661	/* get header or return error */
wolfSSL	15:117db924cf7c	14662	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	14663	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	15:117db924cf7c	14664	return ret;
wolfSSL	15:117db924cf7c	14665	} else {
wolfSSL	15:117db924cf7c	14666	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14667	/* read ahead may already have header */
wolfSSL	15:117db924cf7c	14668	used = ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	14669	ssl->buffers.inputBuffer.idx;
wolfSSL	15:117db924cf7c	14670	if (used < readSz) {
wolfSSL	15:117db924cf7c	14671	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	15:117db924cf7c	14672	return ret;
wolfSSL	15:117db924cf7c	14673	}
wolfSSL	15:117db924cf7c	14674	#endif
wolfSSL	15:117db924cf7c	14675	}
wolfSSL	15:117db924cf7c	14676
wolfSSL	15:117db924cf7c	14677	#ifdef OLD_HELLO_ALLOWED
wolfSSL	15:117db924cf7c	14678
wolfSSL	15:117db924cf7c	14679	/* see if sending SSLv2 client hello */
wolfSSL	15:117db924cf7c	14680	if ( ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	15:117db924cf7c	14681	ssl->options.clientState == NULL_STATE &&
wolfSSL	15:117db924cf7c	14682	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL	15:117db924cf7c	14683	!= handshake) {
wolfSSL	15:117db924cf7c	14684	byte b0, b1;
wolfSSL	15:117db924cf7c	14685
wolfSSL	15:117db924cf7c	14686	ssl->options.processReply = runProcessOldClientHello;
wolfSSL	15:117db924cf7c	14687
wolfSSL	15:117db924cf7c	14688	/* sanity checks before getting size at front */
wolfSSL	15:117db924cf7c	14689	if (ssl->buffers.inputBuffer.buffer[
wolfSSL	15:117db924cf7c	14690	ssl->buffers.inputBuffer.idx + OPAQUE16_LEN] != OLD_HELLO_ID) {
wolfSSL	15:117db924cf7c	14691	WOLFSSL_MSG("Not a valid old client hello");
wolfSSL	15:117db924cf7c	14692	return PARSE_ERROR;
wolfSSL	15:117db924cf7c	14693	}
wolfSSL	15:117db924cf7c	14694
wolfSSL	15:117db924cf7c	14695	if (ssl->buffers.inputBuffer.buffer[
wolfSSL	15:117db924cf7c	14696	ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != SSLv3_MAJOR &&
wolfSSL	15:117db924cf7c	14697	ssl->buffers.inputBuffer.buffer[
wolfSSL	15:117db924cf7c	14698	ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != DTLS_MAJOR) {
wolfSSL	15:117db924cf7c	14699	WOLFSSL_MSG("Not a valid version in old client hello");
wolfSSL	15:117db924cf7c	14700	return PARSE_ERROR;
wolfSSL	15:117db924cf7c	14701	}
wolfSSL	15:117db924cf7c	14702
wolfSSL	15:117db924cf7c	14703	/* how many bytes need ProcessOldClientHello */
wolfSSL	15:117db924cf7c	14704	b0 =
wolfSSL	15:117db924cf7c	14705	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	15:117db924cf7c	14706	b1 =
wolfSSL	15:117db924cf7c	14707	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	15:117db924cf7c	14708	ssl->curSize = (word16)(((b0 & 0x7f) << 8) \| b1);
wolfSSL	15:117db924cf7c	14709	}
wolfSSL	15:117db924cf7c	14710	else {
wolfSSL	15:117db924cf7c	14711	ssl->options.processReply = getRecordLayerHeader;
wolfSSL	15:117db924cf7c	14712	continue;
wolfSSL	15:117db924cf7c	14713	}
wolfSSL	15:117db924cf7c	14714	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14715
wolfSSL	15:117db924cf7c	14716	/* in the WOLFSSL_SERVER case, run the old client hello */
wolfSSL	15:117db924cf7c	14717	case runProcessOldClientHello:
wolfSSL	15:117db924cf7c	14718
wolfSSL	15:117db924cf7c	14719	/* get sz bytes or return error */
wolfSSL	15:117db924cf7c	14720	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	14721	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	15:117db924cf7c	14722	return ret;
wolfSSL	15:117db924cf7c	14723	} else {
wolfSSL	15:117db924cf7c	14724	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14725	/* read ahead may already have */
wolfSSL	15:117db924cf7c	14726	used = ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	14727	ssl->buffers.inputBuffer.idx;
wolfSSL	15:117db924cf7c	14728	if (used < ssl->curSize)
wolfSSL	15:117db924cf7c	14729	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	15:117db924cf7c	14730	return ret;
wolfSSL	15:117db924cf7c	14731	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	14732	}
wolfSSL	15:117db924cf7c	14733
wolfSSL	15:117db924cf7c	14734	ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	14735	&ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	14736	ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	14737	ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	14738	ssl->curSize);
wolfSSL	15:117db924cf7c	14739	if (ret < 0)
wolfSSL	15:117db924cf7c	14740	return ret;
wolfSSL	15:117db924cf7c	14741
wolfSSL	15:117db924cf7c	14742	else if (ssl->buffers.inputBuffer.idx ==
wolfSSL	15:117db924cf7c	14743	ssl->buffers.inputBuffer.length) {
wolfSSL	15:117db924cf7c	14744	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	14745	return 0;
wolfSSL	15:117db924cf7c	14746	}
wolfSSL	15:117db924cf7c	14747
wolfSSL	15:117db924cf7c	14748	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	15:117db924cf7c	14749	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14750
wolfSSL	15:117db924cf7c	14751	/* get the record layer header */
wolfSSL	15:117db924cf7c	14752	case getRecordLayerHeader:
wolfSSL	15:117db924cf7c	14753
wolfSSL	15:117db924cf7c	14754	ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	14755	&ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	14756	&ssl->curRL, &ssl->curSize);
wolfSSL	15:117db924cf7c	14757	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14758	if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL	15:117db924cf7c	14759	WOLFSSL_MSG("Silently dropping out of order DTLS message");
wolfSSL	15:117db924cf7c	14760	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	14761	ssl->buffers.inputBuffer.length = 0;
wolfSSL	15:117db924cf7c	14762	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	15:117db924cf7c	14763	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	15:117db924cf7c	14764	ssl->replayDropCount++;
wolfSSL	15:117db924cf7c	14765	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	15:117db924cf7c	14766
wolfSSL	15:117db924cf7c	14767	if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) {
wolfSSL	15:117db924cf7c	14768	ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL	15:117db924cf7c	14769	if (ret != 0)
wolfSSL	15:117db924cf7c	14770	return ret;
wolfSSL	15:117db924cf7c	14771	}
wolfSSL	15:117db924cf7c	14772
wolfSSL	15:117db924cf7c	14773	continue;
wolfSSL	15:117db924cf7c	14774	}
wolfSSL	15:117db924cf7c	14775	#endif
wolfSSL	15:117db924cf7c	14776	if (ret != 0)
wolfSSL	15:117db924cf7c	14777	return ret;
wolfSSL	15:117db924cf7c	14778
wolfSSL	16:8e0d178b1d1e	14779	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	14780	if (IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) &&
wolfSSL	16:8e0d178b1d1e	14781	ssl->curRL.type != application_data &&
wolfSSL	16:8e0d178b1d1e	14782	ssl->curRL.type != change_cipher_spec) {
wolfSSL	16:8e0d178b1d1e	14783	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	14784	return PARSE_ERROR;
wolfSSL	16:8e0d178b1d1e	14785	}
wolfSSL	16:8e0d178b1d1e	14786	#endif
wolfSSL	16:8e0d178b1d1e	14787
wolfSSL	15:117db924cf7c	14788	ssl->options.processReply = getData;
wolfSSL	15:117db924cf7c	14789	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14790
wolfSSL	15:117db924cf7c	14791	/* retrieve record layer data */
wolfSSL	15:117db924cf7c	14792	case getData:
wolfSSL	15:117db924cf7c	14793
wolfSSL	15:117db924cf7c	14794	/* get sz bytes or return error */
wolfSSL	15:117db924cf7c	14795	if (!ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	14796	if ((ret = GetInputData(ssl, ssl->curSize)) < 0) {
wolfSSL	16:8e0d178b1d1e	14797	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14798	if (ret != WANT_READ)
wolfSSL	16:8e0d178b1d1e	14799	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	14800	#endif
wolfSSL	15:117db924cf7c	14801	return ret;
wolfSSL	16:8e0d178b1d1e	14802	}
wolfSSL	16:8e0d178b1d1e	14803	}
wolfSSL	16:8e0d178b1d1e	14804	else {
wolfSSL	15:117db924cf7c	14805	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	14806	/* read ahead may already have */
wolfSSL	15:117db924cf7c	14807	used = ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	14808	ssl->buffers.inputBuffer.idx;
wolfSSL	15:117db924cf7c	14809	if (used < ssl->curSize)
wolfSSL	15:117db924cf7c	14810	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	15:117db924cf7c	14811	return ret;
wolfSSL	15:117db924cf7c	14812	#endif
wolfSSL	15:117db924cf7c	14813	}
wolfSSL	15:117db924cf7c	14814
wolfSSL	16:8e0d178b1d1e	14815	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	14816	int tooLong = 0;
wolfSSL	16:8e0d178b1d1e	14817
wolfSSL	16:8e0d178b1d1e	14818	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	14819	if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	16:8e0d178b1d1e	14820	tooLong = ssl->curSize > MAX_TLS13_ENC_SZ;
wolfSSL	16:8e0d178b1d1e	14821	tooLong \|= ssl->curSize - ssl->specs.aead_mac_size >
wolfSSL	16:8e0d178b1d1e	14822	MAX_TLS13_PLAIN_SZ;
wolfSSL	16:8e0d178b1d1e	14823	}
wolfSSL	16:8e0d178b1d1e	14824	#endif
wolfSSL	16:8e0d178b1d1e	14825	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14826	if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL	16:8e0d178b1d1e	14827	tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ;
wolfSSL	16:8e0d178b1d1e	14828	#endif
wolfSSL	16:8e0d178b1d1e	14829	if (tooLong) {
wolfSSL	16:8e0d178b1d1e	14830	WOLFSSL_MSG("Encrypted data too long");
wolfSSL	16:8e0d178b1d1e	14831	#if defined(WOLFSSL_TLS13) \|\| defined(WOLFSSL_EXTRA_ALERTS)
wolfSSL	16:8e0d178b1d1e	14832	SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL	16:8e0d178b1d1e	14833	#endif
wolfSSL	16:8e0d178b1d1e	14834	return BUFFER_ERROR;
wolfSSL	16:8e0d178b1d1e	14835	}
wolfSSL	16:8e0d178b1d1e	14836	}
wolfSSL	16:8e0d178b1d1e	14837	ssl->keys.padSz = 0;
wolfSSL	16:8e0d178b1d1e	14838
wolfSSL	16:8e0d178b1d1e	14839	ssl->options.processReply = verifyEncryptedMessage;
wolfSSL	16:8e0d178b1d1e	14840	startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL	16:8e0d178b1d1e	14841	FALL_THROUGH;
wolfSSL	16:8e0d178b1d1e	14842
wolfSSL	16:8e0d178b1d1e	14843	/* verify digest of encrypted message */
wolfSSL	16:8e0d178b1d1e	14844	case verifyEncryptedMessage:
wolfSSL	16:8e0d178b1d1e	14845	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14846	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 &&
wolfSSL	16:8e0d178b1d1e	14847	!atomicUser && ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	14848	ret = VerifyMacEnc(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	16:8e0d178b1d1e	14849	ssl->buffers.inputBuffer.idx,
wolfSSL	16:8e0d178b1d1e	14850	ssl->curSize, ssl->curRL.type);
wolfSSL	16:8e0d178b1d1e	14851	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	14852	if (ret == WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	14853	return ret;
wolfSSL	16:8e0d178b1d1e	14854	#endif
wolfSSL	16:8e0d178b1d1e	14855	if (ret < 0) {
wolfSSL	16:8e0d178b1d1e	14856	WOLFSSL_MSG("VerifyMacEnc failed");
wolfSSL	16:8e0d178b1d1e	14857	WOLFSSL_ERROR(ret);
wolfSSL	16:8e0d178b1d1e	14858	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	14859	/* If in DTLS mode, if the decrypt fails for any
wolfSSL	16:8e0d178b1d1e	14860	* reason, pretend the datagram never happened. */
wolfSSL	16:8e0d178b1d1e	14861	if (ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	14862	ssl->options.processReply = doProcessInit;
wolfSSL	16:8e0d178b1d1e	14863	ssl->buffers.inputBuffer.idx =
wolfSSL	16:8e0d178b1d1e	14864	ssl->buffers.inputBuffer.length;
wolfSSL	16:8e0d178b1d1e	14865	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	16:8e0d178b1d1e	14866	ssl->macDropCount++;
wolfSSL	16:8e0d178b1d1e	14867	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	16:8e0d178b1d1e	14868	}
wolfSSL	16:8e0d178b1d1e	14869	#endif /* WOLFSSL_DTLS */
wolfSSL	16:8e0d178b1d1e	14870	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14871	if (!ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	14872	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	14873	#endif
wolfSSL	16:8e0d178b1d1e	14874	return DECRYPT_ERROR;
wolfSSL	16:8e0d178b1d1e	14875	}
wolfSSL	16:8e0d178b1d1e	14876	ssl->keys.encryptSz = ssl->curSize;
wolfSSL	16:8e0d178b1d1e	14877	}
wolfSSL	16:8e0d178b1d1e	14878	#endif
wolfSSL	15:117db924cf7c	14879	ssl->options.processReply = decryptMessage;
wolfSSL	15:117db924cf7c	14880	FALL_THROUGH;
wolfSSL	15:117db924cf7c	14881
wolfSSL	15:117db924cf7c	14882	/* decrypt message */
wolfSSL	15:117db924cf7c	14883	case decryptMessage:
wolfSSL	15:117db924cf7c	14884
wolfSSL	15:117db924cf7c	14885	#if !defined(WOLFSSL_TLS13) \|\| defined(WOLFSSL_TLS13_DRAFT_18)
wolfSSL	15:117db924cf7c	14886	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0)
wolfSSL	15:117db924cf7c	14887	#else
wolfSSL	15:117db924cf7c	14888	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 &&
wolfSSL	15:117db924cf7c	14889	(!IsAtLeastTLSv1_3(ssl->version) \|\|
wolfSSL	15:117db924cf7c	14890	ssl->curRL.type != change_cipher_spec))
wolfSSL	15:117db924cf7c	14891	#endif
wolfSSL	15:117db924cf7c	14892	{
wolfSSL	15:117db924cf7c	14893	bufferStatic* in = &ssl->buffers.inputBuffer;
wolfSSL	15:117db924cf7c	14894
wolfSSL	15:117db924cf7c	14895	ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL	16:8e0d178b1d1e	14896	if (ret < 0) {
wolfSSL	16:8e0d178b1d1e	14897	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	14898	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	14899	#endif
wolfSSL	15:117db924cf7c	14900	return ret;
wolfSSL	16:8e0d178b1d1e	14901	}
wolfSSL	15:117db924cf7c	14902
wolfSSL	15:117db924cf7c	14903	if (atomicUser) {
wolfSSL	16:8e0d178b1d1e	14904	#ifdef ATOMIC_USER
wolfSSL	16:8e0d178b1d1e	14905	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14906	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	14907	ret = ssl->ctx->VerifyDecryptCb(ssl,
wolfSSL	16:8e0d178b1d1e	14908	in->buffer + in->idx, in->buffer + in->idx,
wolfSSL	16:8e0d178b1d1e	14909	ssl->curSize - MacSize(ssl),
wolfSSL	16:8e0d178b1d1e	14910	ssl->curRL.type, 1, &ssl->keys.padSz,
wolfSSL	16:8e0d178b1d1e	14911	ssl->DecryptVerifyCtx);
wolfSSL	16:8e0d178b1d1e	14912	}
wolfSSL	16:8e0d178b1d1e	14913	else
wolfSSL	16:8e0d178b1d1e	14914	#endif
wolfSSL	16:8e0d178b1d1e	14915	{
wolfSSL	16:8e0d178b1d1e	14916	ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL	16:8e0d178b1d1e	14917	in->buffer + in->idx,
wolfSSL	16:8e0d178b1d1e	14918	in->buffer + in->idx,
wolfSSL	16:8e0d178b1d1e	14919	ssl->curSize, ssl->curRL.type, 1,
wolfSSL	16:8e0d178b1d1e	14920	&ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL	16:8e0d178b1d1e	14921	}
wolfSSL	16:8e0d178b1d1e	14922	#endif /* ATOMIC_USER */
wolfSSL	15:117db924cf7c	14923	}
wolfSSL	15:117db924cf7c	14924	else {
wolfSSL	15:117db924cf7c	14925	if (!ssl->options.tls1_3) {
wolfSSL	16:8e0d178b1d1e	14926	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	14927	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	14928	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	14929	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	14930	ret = Decrypt(ssl,
wolfSSL	16:8e0d178b1d1e	14931	in->buffer + in->idx,
wolfSSL	16:8e0d178b1d1e	14932	in->buffer + in->idx,
wolfSSL	16:8e0d178b1d1e	14933	ssl->curSize - digestSz);
wolfSSL	16:8e0d178b1d1e	14934	ssl->keys.padSz =
wolfSSL	16:8e0d178b1d1e	14935	in->buffer[in->idx + ssl->curSize - digestSz - 1];
wolfSSL	16:8e0d178b1d1e	14936	ssl->keys.padSz += 1;
wolfSSL	16:8e0d178b1d1e	14937	ssl->keys.decryptedCur = 1;
wolfSSL	16:8e0d178b1d1e	14938	}
wolfSSL	16:8e0d178b1d1e	14939	else
wolfSSL	16:8e0d178b1d1e	14940	#endif
wolfSSL	16:8e0d178b1d1e	14941	{
wolfSSL	15:117db924cf7c	14942	ret = Decrypt(ssl,
wolfSSL	15:117db924cf7c	14943	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14944	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14945	ssl->curSize);
wolfSSL	16:8e0d178b1d1e	14946	}
wolfSSL	16:8e0d178b1d1e	14947	#else
wolfSSL	15:117db924cf7c	14948	ret = DECRYPT_ERROR;
wolfSSL	16:8e0d178b1d1e	14949	#endif
wolfSSL	15:117db924cf7c	14950	}
wolfSSL	15:117db924cf7c	14951	else
wolfSSL	15:117db924cf7c	14952	{
wolfSSL	15:117db924cf7c	14953	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	14954	#if defined(WOLFSSL_TLS13_DRAFT_18) \|\| \
wolfSSL	15:117db924cf7c	14955	defined(WOLFSSL_TLS13_DRAFT_22) \|\| \
wolfSSL	15:117db924cf7c	14956	defined(WOLFSSL_TLS13_DRAFT_23)
wolfSSL	15:117db924cf7c	14957	ret = DecryptTls13(ssl,
wolfSSL	15:117db924cf7c	14958	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14959	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14960	ssl->curSize, NULL, 0);
wolfSSL	15:117db924cf7c	14961	#else
wolfSSL	15:117db924cf7c	14962	ret = DecryptTls13(ssl,
wolfSSL	15:117db924cf7c	14963	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14964	in->buffer + in->idx,
wolfSSL	15:117db924cf7c	14965	ssl->curSize,
wolfSSL	15:117db924cf7c	14966	(byte*)&ssl->curRL, RECORD_HEADER_SZ);
wolfSSL	15:117db924cf7c	14967	#endif
wolfSSL	15:117db924cf7c	14968	#else
wolfSSL	15:117db924cf7c	14969	ret = DECRYPT_ERROR;
wolfSSL	15:117db924cf7c	14970	#endif /* WOLFSSL_TLS13 */
wolfSSL	15:117db924cf7c	14971	}
wolfSSL	15:117db924cf7c	14972	}
wolfSSL	15:117db924cf7c	14973
wolfSSL	15:117db924cf7c	14974	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	14975	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	14976	return ret;
wolfSSL	15:117db924cf7c	14977	#endif
wolfSSL	15:117db924cf7c	14978
wolfSSL	15:117db924cf7c	14979	if (ret >= 0) {
wolfSSL	16:8e0d178b1d1e	14980	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	14981	/* handle success */
wolfSSL	16:8e0d178b1d1e	14982	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	14983	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	15:117db924cf7c	14984	ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL	16:8e0d178b1d1e	14985	#endif
wolfSSL	15:117db924cf7c	14986	/* go past TLSv1.1 IV */
wolfSSL	15:117db924cf7c	14987	if (CipherHasExpIV(ssl))
wolfSSL	15:117db924cf7c	14988	ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL	16:8e0d178b1d1e	14989	#endif
wolfSSL	15:117db924cf7c	14990	}
wolfSSL	15:117db924cf7c	14991	else {
wolfSSL	15:117db924cf7c	14992	WOLFSSL_MSG("Decrypt failed");
wolfSSL	15:117db924cf7c	14993	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	14994	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	14995	if (ssl->options.tls1_3) {
wolfSSL	16:8e0d178b1d1e	14996	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	16:8e0d178b1d1e	14997	ssl->earlyData != no_early_data &&
wolfSSL	16:8e0d178b1d1e	14998	ssl->options.clientState <
wolfSSL	16:8e0d178b1d1e	14999	CLIENT_FINISHED_COMPLETE) {
wolfSSL	16:8e0d178b1d1e	15000	ssl->earlyDataSz += ssl->curSize;
wolfSSL	16:8e0d178b1d1e	15001	if (ssl->earlyDataSz <=
wolfSSL	16:8e0d178b1d1e	15002	ssl->options.maxEarlyDataSz) {
wolfSSL	16:8e0d178b1d1e	15003	WOLFSSL_MSG("Ignoring EarlyData!");
wolfSSL	16:8e0d178b1d1e	15004	if (ssl->keys.peer_sequence_number_lo-- == 0)
wolfSSL	16:8e0d178b1d1e	15005	ssl->keys.peer_sequence_number_hi--;
wolfSSL	16:8e0d178b1d1e	15006	ssl->options.processReply = doProcessInit;
wolfSSL	16:8e0d178b1d1e	15007	ssl->buffers.inputBuffer.idx =
wolfSSL	16:8e0d178b1d1e	15008	ssl->buffers.inputBuffer.length;
wolfSSL	16:8e0d178b1d1e	15009	return 0;
wolfSSL	16:8e0d178b1d1e	15010	}
wolfSSL	16:8e0d178b1d1e	15011	WOLFSSL_MSG("Too much EarlyData!");
wolfSSL	16:8e0d178b1d1e	15012	}
wolfSSL	16:8e0d178b1d1e	15013	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	15:117db924cf7c	15014	}
wolfSSL	15:117db924cf7c	15015	#endif
wolfSSL	15:117db924cf7c	15016	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15017	/* If in DTLS mode, if the decrypt fails for any
wolfSSL	15:117db924cf7c	15018	* reason, pretend the datagram never happened. */
wolfSSL	15:117db924cf7c	15019	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15020	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	15021	ssl->buffers.inputBuffer.idx =
wolfSSL	15:117db924cf7c	15022	ssl->buffers.inputBuffer.length;
wolfSSL	15:117db924cf7c	15023	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	15:117db924cf7c	15024	ssl->macDropCount++;
wolfSSL	15:117db924cf7c	15025	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	15:117db924cf7c	15026	}
wolfSSL	15:117db924cf7c	15027	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	15028	return DECRYPT_ERROR;
wolfSSL	15:117db924cf7c	15029	}
wolfSSL	15:117db924cf7c	15030	}
wolfSSL	15:117db924cf7c	15031
wolfSSL	15:117db924cf7c	15032	ssl->options.processReply = verifyMessage;
wolfSSL	15:117db924cf7c	15033	FALL_THROUGH;
wolfSSL	15:117db924cf7c	15034
wolfSSL	15:117db924cf7c	15035	/* verify digest of message */
wolfSSL	15:117db924cf7c	15036	case verifyMessage:
wolfSSL	15:117db924cf7c	15037
wolfSSL	15:117db924cf7c	15038	#if !defined(WOLFSSL_TLS13) \|\| defined(WOLFSSL_TLS13_DRAFT_18)
wolfSSL	15:117db924cf7c	15039	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0)
wolfSSL	15:117db924cf7c	15040	#else
wolfSSL	15:117db924cf7c	15041	if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 &&
wolfSSL	15:117db924cf7c	15042	(!IsAtLeastTLSv1_3(ssl->version) \|\|
wolfSSL	15:117db924cf7c	15043	ssl->curRL.type != change_cipher_spec))
wolfSSL	15:117db924cf7c	15044	#endif
wolfSSL	15:117db924cf7c	15045	{
wolfSSL	16:8e0d178b1d1e	15046	if (!atomicUser
wolfSSL	16:8e0d178b1d1e	15047	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15048	&& !ssl->options.startedETMRead
wolfSSL	16:8e0d178b1d1e	15049	#endif
wolfSSL	16:8e0d178b1d1e	15050	) {
wolfSSL	15:117db924cf7c	15051	ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	15:117db924cf7c	15052	ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	15053	ssl->curSize, ssl->curRL.type,
wolfSSL	15:117db924cf7c	15054	&ssl->keys.padSz);
wolfSSL	15:117db924cf7c	15055	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15056	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	15057	return ret;
wolfSSL	15:117db924cf7c	15058	#endif
wolfSSL	15:117db924cf7c	15059	if (ret < 0) {
wolfSSL	15:117db924cf7c	15060	WOLFSSL_MSG("VerifyMac failed");
wolfSSL	15:117db924cf7c	15061	WOLFSSL_ERROR(ret);
wolfSSL	16:8e0d178b1d1e	15062	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15063	/* If in DTLS mode, if the decrypt fails for any
wolfSSL	15:117db924cf7c	15064	* reason, pretend the datagram never happened. */
wolfSSL	15:117db924cf7c	15065	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15066	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	15067	ssl->buffers.inputBuffer.idx =
wolfSSL	15:117db924cf7c	15068	ssl->buffers.inputBuffer.length;
wolfSSL	15:117db924cf7c	15069	#ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL	15:117db924cf7c	15070	ssl->macDropCount++;
wolfSSL	15:117db924cf7c	15071	#endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL	15:117db924cf7c	15072	}
wolfSSL	16:8e0d178b1d1e	15073	#endif /* WOLFSSL_DTLS */
wolfSSL	16:8e0d178b1d1e	15074	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	15075	if (!ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	15076	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	15077	#endif
wolfSSL	15:117db924cf7c	15078	return DECRYPT_ERROR;
wolfSSL	15:117db924cf7c	15079	}
wolfSSL	15:117db924cf7c	15080	}
wolfSSL	15:117db924cf7c	15081
wolfSSL	15:117db924cf7c	15082	ssl->keys.encryptSz = ssl->curSize;
wolfSSL	15:117db924cf7c	15083	ssl->keys.decryptedCur = 1;
wolfSSL	15:117db924cf7c	15084	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	15085	if (ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	15086	word16 i = (word16)(ssl->buffers.inputBuffer.length -
wolfSSL	15:117db924cf7c	15087	ssl->keys.padSz);
wolfSSL	15:117db924cf7c	15088	/* Remove padding from end of plain text. */
wolfSSL	15:117db924cf7c	15089	for (--i; i > ssl->buffers.inputBuffer.idx; i--) {
wolfSSL	15:117db924cf7c	15090	if (ssl->buffers.inputBuffer.buffer[i] != 0)
wolfSSL	15:117db924cf7c	15091	break;
wolfSSL	15:117db924cf7c	15092	}
wolfSSL	15:117db924cf7c	15093	/* Get the real content type from the end of the data. */
wolfSSL	15:117db924cf7c	15094	ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i];
wolfSSL	15:117db924cf7c	15095	ssl->keys.padSz = ssl->buffers.inputBuffer.length - i;
wolfSSL	15:117db924cf7c	15096	}
wolfSSL	15:117db924cf7c	15097	#endif
wolfSSL	15:117db924cf7c	15098	}
wolfSSL	15:117db924cf7c	15099
wolfSSL	15:117db924cf7c	15100	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	15:117db924cf7c	15101	FALL_THROUGH;
wolfSSL	15:117db924cf7c	15102
wolfSSL	15:117db924cf7c	15103	/* the record layer is here */
wolfSSL	15:117db924cf7c	15104	case runProcessingOneMessage:
wolfSSL	15:117db924cf7c	15105
wolfSSL	16:8e0d178b1d1e	15106	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15107	if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	15108	if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
wolfSSL	16:8e0d178b1d1e	15109	ssl->buffers.inputBuffer.idx -
wolfSSL	16:8e0d178b1d1e	15110	MacSize(ssl) > MAX_PLAINTEXT_SZ) {
wolfSSL	16:8e0d178b1d1e	15111	WOLFSSL_MSG("Plaintext too long - Encrypt-Then-MAC");
wolfSSL	16:8e0d178b1d1e	15112	#if defined(WOLFSSL_EXTRA_ALERTS)
wolfSSL	16:8e0d178b1d1e	15113	SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL	16:8e0d178b1d1e	15114	#endif
wolfSSL	16:8e0d178b1d1e	15115	return BUFFER_ERROR;
wolfSSL	16:8e0d178b1d1e	15116	}
wolfSSL	16:8e0d178b1d1e	15117	}
wolfSSL	16:8e0d178b1d1e	15118	else
wolfSSL	16:8e0d178b1d1e	15119	#endif
wolfSSL	16:8e0d178b1d1e	15120	if (ssl->buffers.inputBuffer.length - ssl->keys.padSz -
wolfSSL	16:8e0d178b1d1e	15121	ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
wolfSSL	16:8e0d178b1d1e	15122	WOLFSSL_MSG("Plaintext too long");
wolfSSL	16:8e0d178b1d1e	15123	#if defined(WOLFSSL_TLS13) \|\| defined(WOLFSSL_EXTRA_ALERTS)
wolfSSL	16:8e0d178b1d1e	15124	SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL	16:8e0d178b1d1e	15125	#endif
wolfSSL	16:8e0d178b1d1e	15126	return BUFFER_ERROR;
wolfSSL	16:8e0d178b1d1e	15127	}
wolfSSL	16:8e0d178b1d1e	15128
wolfSSL	15:117db924cf7c	15129	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15130	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	15131	DtlsUpdateWindow(ssl);
wolfSSL	15:117db924cf7c	15132	}
wolfSSL	15:117db924cf7c	15133	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	15134
wolfSSL	15:117db924cf7c	15135	WOLFSSL_MSG("received record layer msg");
wolfSSL	15:117db924cf7c	15136
wolfSSL	15:117db924cf7c	15137	switch (ssl->curRL.type) {
wolfSSL	15:117db924cf7c	15138	case handshake :
wolfSSL	15:117db924cf7c	15139	/* debugging in DoHandShakeMsg */
wolfSSL	15:117db924cf7c	15140	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15141	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15142	ret = DoDtlsHandShakeMsg(ssl,
wolfSSL	15:117db924cf7c	15143	ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	15144	&ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	15145	ssl->buffers.inputBuffer.length);
wolfSSL	15:117db924cf7c	15146	#endif
wolfSSL	15:117db924cf7c	15147	}
wolfSSL	15:117db924cf7c	15148	else if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	15149	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	15150	ret = DoHandShakeMsg(ssl,
wolfSSL	15:117db924cf7c	15151	ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	15152	&ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	15153	ssl->buffers.inputBuffer.length);
wolfSSL	15:117db924cf7c	15154	#else
wolfSSL	15:117db924cf7c	15155	ret = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	15156	#endif
wolfSSL	15:117db924cf7c	15157	}
wolfSSL	15:117db924cf7c	15158	else {
wolfSSL	15:117db924cf7c	15159	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	15160	ret = DoTls13HandShakeMsg(ssl,
wolfSSL	15:117db924cf7c	15161	ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	15162	&ssl->buffers.inputBuffer.idx,
wolfSSL	15:117db924cf7c	15163	ssl->buffers.inputBuffer.length);
wolfSSL	15:117db924cf7c	15164	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	15165	if (ret != 0)
wolfSSL	15:117db924cf7c	15166	return ret;
wolfSSL	15:117db924cf7c	15167	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	16:8e0d178b1d1e	15168	ssl->earlyData > early_data_ext &&
wolfSSL	15:117db924cf7c	15169	ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL	15:117db924cf7c	15170	ssl->earlyData = no_early_data;
wolfSSL	15:117db924cf7c	15171	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	15172	return ZERO_RETURN;
wolfSSL	15:117db924cf7c	15173	}
wolfSSL	15:117db924cf7c	15174	#endif
wolfSSL	15:117db924cf7c	15175	#else
wolfSSL	15:117db924cf7c	15176	ret = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	15177	#endif
wolfSSL	15:117db924cf7c	15178	}
wolfSSL	16:8e0d178b1d1e	15179	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	15180	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	15181	return ret;
wolfSSL	16:8e0d178b1d1e	15182	}
wolfSSL	15:117db924cf7c	15183	break;
wolfSSL	15:117db924cf7c	15184
wolfSSL	15:117db924cf7c	15185	case change_cipher_spec:
wolfSSL	15:117db924cf7c	15186	WOLFSSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL	15:117db924cf7c	15187	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	15188	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	15189	AddPacketName(ssl, "ChangeCipher");
wolfSSL	15:117db924cf7c	15190	/* add record header back on info */
wolfSSL	15:117db924cf7c	15191	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	15192	AddPacketInfo(ssl, "ChangeCipher",
wolfSSL	15:117db924cf7c	15193	change_cipher_spec,
wolfSSL	15:117db924cf7c	15194	ssl->buffers.inputBuffer.buffer +
wolfSSL	15:117db924cf7c	15195	ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	15196	1 + RECORD_HEADER_SZ, READ_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	15197	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	15198	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	15199	#endif
wolfSSL	15:117db924cf7c	15200	}
wolfSSL	15:117db924cf7c	15201	#endif
wolfSSL	15:117db924cf7c	15202
wolfSSL	15:117db924cf7c	15203	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	15204	#ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	15205	if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	15206	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	15:117db924cf7c	15207	return UNKNOWN_RECORD_TYPE;
wolfSSL	15:117db924cf7c	15208	}
wolfSSL	15:117db924cf7c	15209	#else
wolfSSL	15:117db924cf7c	15210	if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	15211	word32 i = ssl->buffers.inputBuffer.idx;
wolfSSL	16:8e0d178b1d1e	15212	if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL	16:8e0d178b1d1e	15213	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	16:8e0d178b1d1e	15214	return UNKNOWN_RECORD_TYPE;
wolfSSL	16:8e0d178b1d1e	15215	}
wolfSSL	15:117db924cf7c	15216	if (ssl->curSize != 1 \|\|
wolfSSL	15:117db924cf7c	15217	ssl->buffers.inputBuffer.buffer[i] != 1) {
wolfSSL	15:117db924cf7c	15218	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	15:117db924cf7c	15219	return UNKNOWN_RECORD_TYPE;
wolfSSL	15:117db924cf7c	15220	}
wolfSSL	15:117db924cf7c	15221	ssl->buffers.inputBuffer.idx++;
wolfSSL	15:117db924cf7c	15222	break;
wolfSSL	15:117db924cf7c	15223	}
wolfSSL	15:117db924cf7c	15224	#endif
wolfSSL	15:117db924cf7c	15225	#endif
wolfSSL	15:117db924cf7c	15226
wolfSSL	15:117db924cf7c	15227	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	15228	ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
wolfSSL	15:117db924cf7c	15229	if (ret != 0) {
wolfSSL	15:117db924cf7c	15230	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15231	return ret;
wolfSSL	15:117db924cf7c	15232	}
wolfSSL	15:117db924cf7c	15233	else {
wolfSSL	15:117db924cf7c	15234	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15235	/* Check for duplicate CCS message in DTLS mode.
wolfSSL	15:117db924cf7c	15236	* DTLS allows for duplicate messages, and it should be
wolfSSL	15:117db924cf7c	15237	* skipped. Also skip if out of order. */
wolfSSL	15:117db924cf7c	15238	if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E)
wolfSSL	15:117db924cf7c	15239	return ret;
wolfSSL	15:117db924cf7c	15240
wolfSSL	15:117db924cf7c	15241	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	15242	ret = DtlsMsgPoolSend(ssl, 1);
wolfSSL	15:117db924cf7c	15243	if (ret != 0)
wolfSSL	15:117db924cf7c	15244	return ret;
wolfSSL	15:117db924cf7c	15245	}
wolfSSL	15:117db924cf7c	15246
wolfSSL	15:117db924cf7c	15247	if (ssl->curSize != 1) {
wolfSSL	15:117db924cf7c	15248	WOLFSSL_MSG("Malicious or corrupted"
wolfSSL	15:117db924cf7c	15249	" duplicate ChangeCipher msg");
wolfSSL	15:117db924cf7c	15250	return LENGTH_ERROR;
wolfSSL	15:117db924cf7c	15251	}
wolfSSL	15:117db924cf7c	15252	ssl->buffers.inputBuffer.idx++;
wolfSSL	15:117db924cf7c	15253	break;
wolfSSL	15:117db924cf7c	15254	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	15255	}
wolfSSL	15:117db924cf7c	15256	}
wolfSSL	15:117db924cf7c	15257
wolfSSL	15:117db924cf7c	15258	if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
wolfSSL	15:117db924cf7c	15259	ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
wolfSSL	15:117db924cf7c	15260	ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
wolfSSL	16:8e0d178b1d1e	15261	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15262	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	15263	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	15264	ssl->buffers.inputBuffer.idx += digestSz;
wolfSSL	16:8e0d178b1d1e	15265	ssl->curSize -= digestSz;
wolfSSL	16:8e0d178b1d1e	15266	}
wolfSSL	16:8e0d178b1d1e	15267	#endif
wolfSSL	15:117db924cf7c	15268	}
wolfSSL	15:117db924cf7c	15269
wolfSSL	15:117db924cf7c	15270	if (ssl->curSize != 1) {
wolfSSL	15:117db924cf7c	15271	WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL	15:117db924cf7c	15272	return LENGTH_ERROR;
wolfSSL	15:117db924cf7c	15273	}
wolfSSL	15:117db924cf7c	15274
wolfSSL	15:117db924cf7c	15275	ssl->buffers.inputBuffer.idx++;
wolfSSL	15:117db924cf7c	15276	ssl->keys.encryptionOn = 1;
wolfSSL	15:117db924cf7c	15277
wolfSSL	15:117db924cf7c	15278	/* setup decrypt keys for following messages */
wolfSSL	15:117db924cf7c	15279	/* XXX This might not be what we want to do when
wolfSSL	15:117db924cf7c	15280	* receiving a CCS with multicast. We update the
wolfSSL	15:117db924cf7c	15281	* key when the application updates them. */
wolfSSL	15:117db924cf7c	15282	if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
wolfSSL	15:117db924cf7c	15283	return ret;
wolfSSL	15:117db924cf7c	15284
wolfSSL	16:8e0d178b1d1e	15285	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15286	ssl->options.startedETMRead = ssl->options.encThenMac;
wolfSSL	16:8e0d178b1d1e	15287	#endif
wolfSSL	16:8e0d178b1d1e	15288
wolfSSL	15:117db924cf7c	15289	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15290	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15291	WOLFSSL_DTLS_PEERSEQ* peerSeq = ssl->keys.peerSeq;
wolfSSL	15:117db924cf7c	15292	#ifdef WOLFSSL_MULTICAST
wolfSSL	15:117db924cf7c	15293	if (ssl->options.haveMcast) {
wolfSSL	15:117db924cf7c	15294	peerSeq += ssl->keys.curPeerId;
wolfSSL	15:117db924cf7c	15295	peerSeq->highwaterMark = UpdateHighwaterMark(0,
wolfSSL	15:117db924cf7c	15296	ssl->ctx->mcastFirstSeq,
wolfSSL	15:117db924cf7c	15297	ssl->ctx->mcastSecondSeq,
wolfSSL	15:117db924cf7c	15298	ssl->ctx->mcastMaxSeq);
wolfSSL	15:117db924cf7c	15299	}
wolfSSL	15:117db924cf7c	15300	#endif
wolfSSL	15:117db924cf7c	15301	peerSeq->nextEpoch++;
wolfSSL	15:117db924cf7c	15302	peerSeq->prevSeq_lo = peerSeq->nextSeq_lo;
wolfSSL	15:117db924cf7c	15303	peerSeq->prevSeq_hi = peerSeq->nextSeq_hi;
wolfSSL	15:117db924cf7c	15304	peerSeq->nextSeq_lo = 0;
wolfSSL	15:117db924cf7c	15305	peerSeq->nextSeq_hi = 0;
wolfSSL	15:117db924cf7c	15306	XMEMCPY(peerSeq->prevWindow, peerSeq->window,
wolfSSL	15:117db924cf7c	15307	DTLS_SEQ_SZ);
wolfSSL	15:117db924cf7c	15308	XMEMSET(peerSeq->window, 0, DTLS_SEQ_SZ);
wolfSSL	15:117db924cf7c	15309	}
wolfSSL	15:117db924cf7c	15310	#endif
wolfSSL	15:117db924cf7c	15311
wolfSSL	15:117db924cf7c	15312	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	15313	if (ssl->options.usingCompression)
wolfSSL	15:117db924cf7c	15314	if ( (ret = InitStreams(ssl)) != 0)
wolfSSL	15:117db924cf7c	15315	return ret;
wolfSSL	15:117db924cf7c	15316	#endif
wolfSSL	15:117db924cf7c	15317	ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
wolfSSL	15:117db924cf7c	15318	ssl->options.side == WOLFSSL_CLIENT_END ?
wolfSSL	15:117db924cf7c	15319	server : client);
wolfSSL	15:117db924cf7c	15320	if (ret != 0)
wolfSSL	15:117db924cf7c	15321	return ret;
wolfSSL	15:117db924cf7c	15322	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	15323	break;
wolfSSL	15:117db924cf7c	15324
wolfSSL	15:117db924cf7c	15325	case application_data:
wolfSSL	15:117db924cf7c	15326	WOLFSSL_MSG("got app DATA");
wolfSSL	15:117db924cf7c	15327	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15328	if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
wolfSSL	15:117db924cf7c	15329	FreeHandshakeResources(ssl);
wolfSSL	15:117db924cf7c	15330	ssl->options.dtlsHsRetain = 0;
wolfSSL	15:117db924cf7c	15331	}
wolfSSL	15:117db924cf7c	15332	#endif
wolfSSL	15:117db924cf7c	15333	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	15334	if (ssl->keys.keyUpdateRespond) {
wolfSSL	15:117db924cf7c	15335	WOLFSSL_MSG("No KeyUpdate from peer seen");
wolfSSL	15:117db924cf7c	15336	return SANITY_MSG_E;
wolfSSL	15:117db924cf7c	15337	}
wolfSSL	15:117db924cf7c	15338	#endif
wolfSSL	15:117db924cf7c	15339	if ((ret = DoApplicationData(ssl,
wolfSSL	15:117db924cf7c	15340	ssl->buffers.inputBuffer.buffer,
wolfSSL	16:8e0d178b1d1e	15341	&ssl->buffers.inputBuffer.idx))
wolfSSL	15:117db924cf7c	15342	!= 0) {
wolfSSL	15:117db924cf7c	15343	WOLFSSL_ERROR(ret);
wolfSSL	15:117db924cf7c	15344	return ret;
wolfSSL	15:117db924cf7c	15345	}
wolfSSL	15:117db924cf7c	15346	break;
wolfSSL	15:117db924cf7c	15347
wolfSSL	15:117db924cf7c	15348	case alert:
wolfSSL	15:117db924cf7c	15349	WOLFSSL_MSG("got ALERT!");
wolfSSL	15:117db924cf7c	15350	ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	15:117db924cf7c	15351	&ssl->buffers.inputBuffer.idx, &type,
wolfSSL	15:117db924cf7c	15352	ssl->buffers.inputBuffer.length);
wolfSSL	15:117db924cf7c	15353	if (ret == alert_fatal)
wolfSSL	15:117db924cf7c	15354	return FATAL_ERROR;
wolfSSL	15:117db924cf7c	15355	else if (ret < 0)
wolfSSL	15:117db924cf7c	15356	return ret;
wolfSSL	15:117db924cf7c	15357
wolfSSL	15:117db924cf7c	15358	/* catch warnings that are handled as errors */
wolfSSL	15:117db924cf7c	15359	if (type == close_notify)
wolfSSL	15:117db924cf7c	15360	return ssl->error = ZERO_RETURN;
wolfSSL	15:117db924cf7c	15361
wolfSSL	15:117db924cf7c	15362	if (type == decrypt_error)
wolfSSL	15:117db924cf7c	15363	return FATAL_ERROR;
wolfSSL	15:117db924cf7c	15364	break;
wolfSSL	15:117db924cf7c	15365
wolfSSL	15:117db924cf7c	15366	default:
wolfSSL	15:117db924cf7c	15367	WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL	15:117db924cf7c	15368	return UNKNOWN_RECORD_TYPE;
wolfSSL	15:117db924cf7c	15369	}
wolfSSL	15:117db924cf7c	15370
wolfSSL	15:117db924cf7c	15371	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	15372
wolfSSL	15:117db924cf7c	15373	/* input exhausted? */
wolfSSL	15:117db924cf7c	15374	if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length)
wolfSSL	15:117db924cf7c	15375	return 0;
wolfSSL	15:117db924cf7c	15376
wolfSSL	15:117db924cf7c	15377	/* more messages per record */
wolfSSL	15:117db924cf7c	15378	else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL	15:117db924cf7c	15379	WOLFSSL_MSG("More messages in record");
wolfSSL	15:117db924cf7c	15380
wolfSSL	15:117db924cf7c	15381	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	15:117db924cf7c	15382
wolfSSL	15:117db924cf7c	15383	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	15384	WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
wolfSSL	16:8e0d178b1d1e	15385	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15386	if (ssl->options.startedETMRead) {
wolfSSL	16:8e0d178b1d1e	15387	word32 digestSz = MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	15388	if (ssl->buffers.inputBuffer.idx >=
wolfSSL	16:8e0d178b1d1e	15389	ssl->keys.padSz + digestSz) {
wolfSSL	16:8e0d178b1d1e	15390	ssl->buffers.inputBuffer.idx -=
wolfSSL	16:8e0d178b1d1e	15391	ssl->keys.padSz + digestSz;
wolfSSL	16:8e0d178b1d1e	15392	}
wolfSSL	16:8e0d178b1d1e	15393	else {
wolfSSL	16:8e0d178b1d1e	15394	WOLFSSL_MSG("\tmiddle padding error");
wolfSSL	16:8e0d178b1d1e	15395	return FATAL_ERROR;
wolfSSL	16:8e0d178b1d1e	15396	}
wolfSSL	16:8e0d178b1d1e	15397	}
wolfSSL	16:8e0d178b1d1e	15398	else
wolfSSL	16:8e0d178b1d1e	15399	#endif
wolfSSL	16:8e0d178b1d1e	15400	{
wolfSSL	16:8e0d178b1d1e	15401	if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
wolfSSL	16:8e0d178b1d1e	15402	ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	15403	}
wolfSSL	16:8e0d178b1d1e	15404	else {
wolfSSL	16:8e0d178b1d1e	15405	WOLFSSL_MSG("\tmiddle padding error");
wolfSSL	16:8e0d178b1d1e	15406	return FATAL_ERROR;
wolfSSL	16:8e0d178b1d1e	15407	}
wolfSSL	15:117db924cf7c	15408	}
wolfSSL	15:117db924cf7c	15409	}
wolfSSL	15:117db924cf7c	15410
wolfSSL	15:117db924cf7c	15411	continue;
wolfSSL	15:117db924cf7c	15412	}
wolfSSL	15:117db924cf7c	15413	/* more records */
wolfSSL	15:117db924cf7c	15414	else {
wolfSSL	15:117db924cf7c	15415	WOLFSSL_MSG("More records in input");
wolfSSL	15:117db924cf7c	15416	ssl->options.processReply = doProcessInit;
wolfSSL	15:117db924cf7c	15417	continue;
wolfSSL	15:117db924cf7c	15418	}
wolfSSL	15:117db924cf7c	15419
wolfSSL	15:117db924cf7c	15420	default:
wolfSSL	15:117db924cf7c	15421	WOLFSSL_MSG("Bad process input state, programming error");
wolfSSL	15:117db924cf7c	15422	return INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	15423	}
wolfSSL	15:117db924cf7c	15424	}
wolfSSL	15:117db924cf7c	15425	}
wolfSSL	15:117db924cf7c	15426
wolfSSL	15:117db924cf7c	15427
wolfSSL	15:117db924cf7c	15428	int SendChangeCipher(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	15429	{
wolfSSL	15:117db924cf7c	15430	byte *output;
wolfSSL	15:117db924cf7c	15431	int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL	15:117db924cf7c	15432	int idx = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	15433	int ret;
wolfSSL	15:117db924cf7c	15434
wolfSSL	15:117db924cf7c	15435	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	15436	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	16:8e0d178b1d1e	15437	if (ssl->options.side == WOLFSSL_SERVER_END){
wolfSSL	16:8e0d178b1d1e	15438	ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE;
wolfSSL	16:8e0d178b1d1e	15439	if (ssl->CBIS != NULL)
wolfSSL	16:8e0d178b1d1e	15440	ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS);
wolfSSL	16:8e0d178b1d1e	15441	}
wolfSSL	16:8e0d178b1d1e	15442	else{
wolfSSL	16:8e0d178b1d1e	15443	ssl->options.clientState =
wolfSSL	16:8e0d178b1d1e	15444	CLIENT_CHANGECIPHERSPEC_COMPLETE;
wolfSSL	16:8e0d178b1d1e	15445	if (ssl->CBIS != NULL)
wolfSSL	16:8e0d178b1d1e	15446	ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS);
wolfSSL	16:8e0d178b1d1e	15447	}
wolfSSL	15:117db924cf7c	15448	#endif
wolfSSL	15:117db924cf7c	15449
wolfSSL	15:117db924cf7c	15450	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15451	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15452	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	15453	idx += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	15454	}
wolfSSL	15:117db924cf7c	15455	#endif
wolfSSL	15:117db924cf7c	15456
wolfSSL	15:117db924cf7c	15457	/* are we in scr */
wolfSSL	15:117db924cf7c	15458	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL	15:117db924cf7c	15459	sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	15460	}
wolfSSL	15:117db924cf7c	15461
wolfSSL	16:8e0d178b1d1e	15462	/* check for available size */
wolfSSL	15:117db924cf7c	15463	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	15464	return ret;
wolfSSL	15:117db924cf7c	15465
wolfSSL	15:117db924cf7c	15466	/* get output buffer */
wolfSSL	15:117db924cf7c	15467	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	15468	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	15469
wolfSSL	15:117db924cf7c	15470	AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL	15:117db924cf7c	15471
wolfSSL	15:117db924cf7c	15472	output[idx] = 1; /* turn it on */
wolfSSL	15:117db924cf7c	15473
wolfSSL	15:117db924cf7c	15474	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL	15:117db924cf7c	15475	byte input[ENUM_LEN];
wolfSSL	15:117db924cf7c	15476	int inputSz = ENUM_LEN;
wolfSSL	15:117db924cf7c	15477
wolfSSL	15:117db924cf7c	15478	input[0] = 1; /* turn it on */
wolfSSL	15:117db924cf7c	15479	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	15:117db924cf7c	15480	change_cipher_spec, 0, 0, 0);
wolfSSL	15:117db924cf7c	15481	if (sendSz < 0) {
wolfSSL	15:117db924cf7c	15482	return sendSz;
wolfSSL	15:117db924cf7c	15483	}
wolfSSL	15:117db924cf7c	15484	}
wolfSSL	15:117db924cf7c	15485
wolfSSL	15:117db924cf7c	15486	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15487	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	15488	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	15489	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	15:117db924cf7c	15490	return ret;
wolfSSL	15:117db924cf7c	15491	}
wolfSSL	15:117db924cf7c	15492	#endif
wolfSSL	15:117db924cf7c	15493	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	15494	if (ssl->hsInfoOn) AddPacketName(ssl, "ChangeCipher");
wolfSSL	15:117db924cf7c	15495	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	15496	AddPacketInfo(ssl, "ChangeCipher", change_cipher_spec, output,
wolfSSL	15:117db924cf7c	15497	sendSz, WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	15498	#endif
wolfSSL	15:117db924cf7c	15499	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	15500
wolfSSL	15:117db924cf7c	15501	if (ssl->options.groupMessages)
wolfSSL	15:117db924cf7c	15502	return 0;
wolfSSL	15:117db924cf7c	15503	#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
wolfSSL	15:117db924cf7c	15504	else if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15505	/* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL	15:117db924cf7c	15506	* same datagram as the finished message. */
wolfSSL	15:117db924cf7c	15507	return 0;
wolfSSL	15:117db924cf7c	15508	}
wolfSSL	15:117db924cf7c	15509	#endif
wolfSSL	15:117db924cf7c	15510	else
wolfSSL	15:117db924cf7c	15511	return SendBuffered(ssl);
wolfSSL	15:117db924cf7c	15512	}
wolfSSL	15:117db924cf7c	15513
wolfSSL	15:117db924cf7c	15514
wolfSSL	16:8e0d178b1d1e	15515	#if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	15:117db924cf7c	15516	static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	15:117db924cf7c	15517	int padLen, int content, int verify)
wolfSSL	15:117db924cf7c	15518	{
wolfSSL	15:117db924cf7c	15519	byte result[WC_MAX_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	15520	word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL	15:117db924cf7c	15521	word32 padSz = ssl->specs.pad_size;
wolfSSL	15:117db924cf7c	15522	int ret = 0;
wolfSSL	15:117db924cf7c	15523
wolfSSL	15:117db924cf7c	15524	wc_Md5 md5;
wolfSSL	15:117db924cf7c	15525	wc_Sha sha;
wolfSSL	15:117db924cf7c	15526
wolfSSL	15:117db924cf7c	15527	/* data */
wolfSSL	15:117db924cf7c	15528	byte seq[SEQ_SZ];
wolfSSL	15:117db924cf7c	15529	byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL	15:117db924cf7c	15530	const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
wolfSSL	15:117db924cf7c	15531
wolfSSL	15:117db924cf7c	15532	(void)padLen;
wolfSSL	15:117db924cf7c	15533
wolfSSL	15:117db924cf7c	15534	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	15535	if (ssl->fuzzerCb)
wolfSSL	15:117db924cf7c	15536	ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	15537	#endif
wolfSSL	15:117db924cf7c	15538
wolfSSL	15:117db924cf7c	15539	XMEMSET(seq, 0, SEQ_SZ);
wolfSSL	15:117db924cf7c	15540	conLen[0] = (byte)content;
wolfSSL	15:117db924cf7c	15541	c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL	15:117db924cf7c	15542	WriteSEQ(ssl, verify, seq);
wolfSSL	15:117db924cf7c	15543
wolfSSL	15:117db924cf7c	15544	if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL	15:117db924cf7c	15545	ret = wc_InitMd5_ex(&md5, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	15546	if (ret != 0)
wolfSSL	15:117db924cf7c	15547	return ret;
wolfSSL	15:117db924cf7c	15548
wolfSSL	15:117db924cf7c	15549	/* inner */
wolfSSL	15:117db924cf7c	15550	ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL	15:117db924cf7c	15551	ret \|= wc_Md5Update(&md5, PAD1, padSz);
wolfSSL	15:117db924cf7c	15552	ret \|= wc_Md5Update(&md5, seq, SEQ_SZ);
wolfSSL	15:117db924cf7c	15553	ret \|= wc_Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL	15:117db924cf7c	15554	/* in buffer */
wolfSSL	15:117db924cf7c	15555	ret \|= wc_Md5Update(&md5, in, sz);
wolfSSL	15:117db924cf7c	15556	if (ret != 0)
wolfSSL	15:117db924cf7c	15557	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15558	ret = wc_Md5Final(&md5, result);
wolfSSL	15:117db924cf7c	15559	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15560	/* TODO: Make non-blocking */
wolfSSL	15:117db924cf7c	15561	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	15562	ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	15563	}
wolfSSL	15:117db924cf7c	15564	#endif
wolfSSL	15:117db924cf7c	15565	if (ret != 0)
wolfSSL	15:117db924cf7c	15566	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15567
wolfSSL	15:117db924cf7c	15568	/* outer */
wolfSSL	15:117db924cf7c	15569	ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL	15:117db924cf7c	15570	ret \|= wc_Md5Update(&md5, PAD2, padSz);
wolfSSL	15:117db924cf7c	15571	ret \|= wc_Md5Update(&md5, result, digestSz);
wolfSSL	15:117db924cf7c	15572	if (ret != 0)
wolfSSL	15:117db924cf7c	15573	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15574	ret = wc_Md5Final(&md5, digest);
wolfSSL	15:117db924cf7c	15575	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15576	/* TODO: Make non-blocking */
wolfSSL	15:117db924cf7c	15577	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	15578	ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	15579	}
wolfSSL	15:117db924cf7c	15580	#endif
wolfSSL	15:117db924cf7c	15581	if (ret != 0)
wolfSSL	15:117db924cf7c	15582	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15583
wolfSSL	15:117db924cf7c	15584	wc_Md5Free(&md5);
wolfSSL	15:117db924cf7c	15585	}
wolfSSL	15:117db924cf7c	15586	else {
wolfSSL	15:117db924cf7c	15587	ret = wc_InitSha_ex(&sha, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	15588	if (ret != 0)
wolfSSL	15:117db924cf7c	15589	return ret;
wolfSSL	15:117db924cf7c	15590
wolfSSL	15:117db924cf7c	15591	/* inner */
wolfSSL	15:117db924cf7c	15592	ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	15:117db924cf7c	15593	ret \|= wc_ShaUpdate(&sha, PAD1, padSz);
wolfSSL	15:117db924cf7c	15594	ret \|= wc_ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL	15:117db924cf7c	15595	ret \|= wc_ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL	15:117db924cf7c	15596	/* in buffer */
wolfSSL	15:117db924cf7c	15597	ret \|= wc_ShaUpdate(&sha, in, sz);
wolfSSL	15:117db924cf7c	15598	if (ret != 0)
wolfSSL	15:117db924cf7c	15599	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15600	ret = wc_ShaFinal(&sha, result);
wolfSSL	15:117db924cf7c	15601	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15602	/* TODO: Make non-blocking */
wolfSSL	15:117db924cf7c	15603	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	15604	ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	15605	}
wolfSSL	15:117db924cf7c	15606	#endif
wolfSSL	15:117db924cf7c	15607	if (ret != 0)
wolfSSL	15:117db924cf7c	15608	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15609
wolfSSL	15:117db924cf7c	15610	/* outer */
wolfSSL	15:117db924cf7c	15611	ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	15:117db924cf7c	15612	ret \|= wc_ShaUpdate(&sha, PAD2, padSz);
wolfSSL	15:117db924cf7c	15613	ret \|= wc_ShaUpdate(&sha, result, digestSz);
wolfSSL	15:117db924cf7c	15614	if (ret != 0)
wolfSSL	15:117db924cf7c	15615	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15616	ret = wc_ShaFinal(&sha, digest);
wolfSSL	15:117db924cf7c	15617	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15618	/* TODO: Make non-blocking */
wolfSSL	15:117db924cf7c	15619	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	15620	ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	15:117db924cf7c	15621	}
wolfSSL	15:117db924cf7c	15622	#endif
wolfSSL	15:117db924cf7c	15623	if (ret != 0)
wolfSSL	15:117db924cf7c	15624	return VERIFY_MAC_ERROR;
wolfSSL	15:117db924cf7c	15625
wolfSSL	15:117db924cf7c	15626	wc_ShaFree(&sha);
wolfSSL	15:117db924cf7c	15627	}
wolfSSL	15:117db924cf7c	15628	return 0;
wolfSSL	15:117db924cf7c	15629	}
wolfSSL	16:8e0d178b1d1e	15630	#endif /* !NO_OLD_TLS && !WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	15631
wolfSSL	15:117db924cf7c	15632
wolfSSL	15:117db924cf7c	15633	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	15634
wolfSSL	15:117db924cf7c	15635	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	15636	static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL	15:117db924cf7c	15637	{
wolfSSL	15:117db924cf7c	15638	int ret;
wolfSSL	15:117db924cf7c	15639	byte md5_result[WC_MD5_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	15640	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	15641	wc_Md5* md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	15642	#else
wolfSSL	15:117db924cf7c	15643	wc_Md5 md5[1];
wolfSSL	15:117db924cf7c	15644	#endif
wolfSSL	15:117db924cf7c	15645
wolfSSL	15:117db924cf7c	15646	/* make md5 inner */
wolfSSL	15:117db924cf7c	15647	ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
wolfSSL	15:117db924cf7c	15648	if (ret == 0)
wolfSSL	15:117db924cf7c	15649	ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	15650	if (ret == 0)
wolfSSL	15:117db924cf7c	15651	ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL	15:117db924cf7c	15652	if (ret == 0)
wolfSSL	15:117db924cf7c	15653	ret = wc_Md5Final(md5, md5_result);
wolfSSL	15:117db924cf7c	15654
wolfSSL	15:117db924cf7c	15655	/* make md5 outer */
wolfSSL	15:117db924cf7c	15656	if (ret == 0) {
wolfSSL	15:117db924cf7c	15657	ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	15658	if (ret == 0) {
wolfSSL	15:117db924cf7c	15659	ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	15660	if (ret == 0)
wolfSSL	15:117db924cf7c	15661	ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL	15:117db924cf7c	15662	if (ret == 0)
wolfSSL	15:117db924cf7c	15663	ret = wc_Md5Update(md5, md5_result, WC_MD5_DIGEST_SIZE);
wolfSSL	15:117db924cf7c	15664	if (ret == 0)
wolfSSL	15:117db924cf7c	15665	ret = wc_Md5Final(md5, digest);
wolfSSL	15:117db924cf7c	15666	wc_Md5Free(md5);
wolfSSL	15:117db924cf7c	15667	}
wolfSSL	15:117db924cf7c	15668	}
wolfSSL	15:117db924cf7c	15669
wolfSSL	15:117db924cf7c	15670	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	15671	XFREE(md5, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	15672	#endif
wolfSSL	15:117db924cf7c	15673
wolfSSL	15:117db924cf7c	15674	return ret;
wolfSSL	15:117db924cf7c	15675	}
wolfSSL	15:117db924cf7c	15676	#endif /* !NO_MD5 && !NO_OLD_TLS */
wolfSSL	15:117db924cf7c	15677
wolfSSL	15:117db924cf7c	15678	#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) \|\| \
wolfSSL	15:117db924cf7c	15679	defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	15:117db924cf7c	15680	static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL	15:117db924cf7c	15681	{
wolfSSL	15:117db924cf7c	15682	int ret;
wolfSSL	15:117db924cf7c	15683	byte sha_result[WC_SHA_DIGEST_SIZE];
wolfSSL	15:117db924cf7c	15684	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	15685	wc_Sha* sha = (wc_Sha*)XMALLOC(sizeof(wc_Sha), ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	15686	#else
wolfSSL	15:117db924cf7c	15687	wc_Sha sha[1];
wolfSSL	15:117db924cf7c	15688	#endif
wolfSSL	15:117db924cf7c	15689
wolfSSL	15:117db924cf7c	15690	/* make sha inner */
wolfSSL	15:117db924cf7c	15691	ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL	15:117db924cf7c	15692	if (ret == 0)
wolfSSL	15:117db924cf7c	15693	ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	15694	if (ret == 0)
wolfSSL	15:117db924cf7c	15695	ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL	15:117db924cf7c	15696	if (ret == 0)
wolfSSL	15:117db924cf7c	15697	ret = wc_ShaFinal(sha, sha_result);
wolfSSL	15:117db924cf7c	15698
wolfSSL	15:117db924cf7c	15699	/* make sha outer */
wolfSSL	15:117db924cf7c	15700	if (ret == 0) {
wolfSSL	15:117db924cf7c	15701	ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL	15:117db924cf7c	15702	if (ret == 0) {
wolfSSL	15:117db924cf7c	15703	ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL	15:117db924cf7c	15704	if (ret == 0)
wolfSSL	15:117db924cf7c	15705	ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL	15:117db924cf7c	15706	if (ret == 0)
wolfSSL	15:117db924cf7c	15707	ret = wc_ShaUpdate(sha, sha_result, WC_SHA_DIGEST_SIZE);
wolfSSL	15:117db924cf7c	15708	if (ret == 0)
wolfSSL	15:117db924cf7c	15709	ret = wc_ShaFinal(sha, digest);
wolfSSL	15:117db924cf7c	15710	wc_ShaFree(sha);
wolfSSL	15:117db924cf7c	15711	}
wolfSSL	15:117db924cf7c	15712	}
wolfSSL	15:117db924cf7c	15713
wolfSSL	15:117db924cf7c	15714	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	15715	XFREE(sha, ssl->heap, DYNAMIC_TYPE_HASHCTX);
wolfSSL	15:117db924cf7c	15716	#endif
wolfSSL	15:117db924cf7c	15717
wolfSSL	15:117db924cf7c	15718	return ret;
wolfSSL	15:117db924cf7c	15719	}
wolfSSL	15:117db924cf7c	15720	#endif /* !NO_SHA && (!NO_OLD_TLS \|\| WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL	15:117db924cf7c	15721
wolfSSL	15:117db924cf7c	15722	int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
wolfSSL	15:117db924cf7c	15723	{
wolfSSL	15:117db924cf7c	15724	int ret = 0;
wolfSSL	15:117db924cf7c	15725
wolfSSL	15:117db924cf7c	15726	(void)hashes;
wolfSSL	15:117db924cf7c	15727
wolfSSL	15:117db924cf7c	15728	if (ssl->options.tls) {
wolfSSL	15:117db924cf7c	15729	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	15730	ret = wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
wolfSSL	15:117db924cf7c	15731	if (ret != 0)
wolfSSL	15:117db924cf7c	15732	return ret;
wolfSSL	15:117db924cf7c	15733	#endif
wolfSSL	15:117db924cf7c	15734	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	15735	ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
wolfSSL	15:117db924cf7c	15736	if (ret != 0)
wolfSSL	15:117db924cf7c	15737	return ret;
wolfSSL	15:117db924cf7c	15738	#endif
wolfSSL	15:117db924cf7c	15739	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	15740	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	15741	ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,
wolfSSL	15:117db924cf7c	15742	hashes->sha256);
wolfSSL	15:117db924cf7c	15743	if (ret != 0)
wolfSSL	15:117db924cf7c	15744	return ret;
wolfSSL	15:117db924cf7c	15745	#endif
wolfSSL	15:117db924cf7c	15746	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	15747	ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384,
wolfSSL	15:117db924cf7c	15748	hashes->sha384);
wolfSSL	15:117db924cf7c	15749	if (ret != 0)
wolfSSL	15:117db924cf7c	15750	return ret;
wolfSSL	15:117db924cf7c	15751	#endif
wolfSSL	15:117db924cf7c	15752	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	15753	ret = wc_Sha512GetHash(&ssl->hsHashes->hashSha512,
wolfSSL	15:117db924cf7c	15754	hashes->sha512);
wolfSSL	15:117db924cf7c	15755	if (ret != 0)
wolfSSL	15:117db924cf7c	15756	return ret;
wolfSSL	15:117db924cf7c	15757	#endif
wolfSSL	15:117db924cf7c	15758	}
wolfSSL	15:117db924cf7c	15759	}
wolfSSL	15:117db924cf7c	15760	else {
wolfSSL	15:117db924cf7c	15761	#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL	15:117db924cf7c	15762	ret = BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL	15:117db924cf7c	15763	if (ret != 0)
wolfSSL	15:117db924cf7c	15764	return ret;
wolfSSL	15:117db924cf7c	15765	#endif
wolfSSL	15:117db924cf7c	15766	#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) \|\| \
wolfSSL	15:117db924cf7c	15767	defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL	15:117db924cf7c	15768	ret = BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL	15:117db924cf7c	15769	if (ret != 0)
wolfSSL	15:117db924cf7c	15770	return ret;
wolfSSL	15:117db924cf7c	15771	#endif
wolfSSL	15:117db924cf7c	15772	}
wolfSSL	15:117db924cf7c	15773
wolfSSL	15:117db924cf7c	15774	return ret;
wolfSSL	15:117db924cf7c	15775	}
wolfSSL	15:117db924cf7c	15776
wolfSSL	15:117db924cf7c	15777	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	15778
wolfSSL	15:117db924cf7c	15779	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	15780	/* Persistable BuildMessage arguments */
wolfSSL	15:117db924cf7c	15781	typedef struct BuildMsgArgs {
wolfSSL	15:117db924cf7c	15782	word32 digestSz;
wolfSSL	15:117db924cf7c	15783	word32 sz;
wolfSSL	15:117db924cf7c	15784	word32 pad;
wolfSSL	15:117db924cf7c	15785	word32 idx;
wolfSSL	15:117db924cf7c	15786	word32 headerSz;
wolfSSL	15:117db924cf7c	15787	word16 size;
wolfSSL	15:117db924cf7c	15788	word32 ivSz; /* TLSv1.1 IV */
wolfSSL	15:117db924cf7c	15789	byte* iv;
wolfSSL	15:117db924cf7c	15790	} BuildMsgArgs;
wolfSSL	15:117db924cf7c	15791
wolfSSL	15:117db924cf7c	15792	static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	15793	{
wolfSSL	15:117db924cf7c	15794	BuildMsgArgs* args = (BuildMsgArgs*)pArgs;
wolfSSL	15:117db924cf7c	15795
wolfSSL	15:117db924cf7c	15796	(void)ssl;
wolfSSL	15:117db924cf7c	15797	(void)args;
wolfSSL	15:117db924cf7c	15798
wolfSSL	15:117db924cf7c	15799	if (args->iv) {
wolfSSL	15:117db924cf7c	15800	XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
wolfSSL	15:117db924cf7c	15801	args->iv = NULL;
wolfSSL	15:117db924cf7c	15802	}
wolfSSL	15:117db924cf7c	15803	}
wolfSSL	15:117db924cf7c	15804	#endif
wolfSSL	15:117db924cf7c	15805
wolfSSL	15:117db924cf7c	15806	/* Build SSL Message, encrypted */
wolfSSL	15:117db924cf7c	15807	int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL	15:117db924cf7c	15808	int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay)
wolfSSL	15:117db924cf7c	15809	{
wolfSSL	15:117db924cf7c	15810	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	15811	int ret = 0;
wolfSSL	15:117db924cf7c	15812	BuildMsgArgs* args;
wolfSSL	15:117db924cf7c	15813	BuildMsgArgs lcl_args;
wolfSSL	15:117db924cf7c	15814	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15815	args = (BuildMsgArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	15816	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	15817	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	15818	#endif
wolfSSL	15:117db924cf7c	15819	#endif
wolfSSL	15:117db924cf7c	15820
wolfSSL	15:117db924cf7c	15821	WOLFSSL_ENTER("BuildMessage");
wolfSSL	15:117db924cf7c	15822
wolfSSL	15:117db924cf7c	15823	if (ssl == NULL) {
wolfSSL	15:117db924cf7c	15824	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	15825	}
wolfSSL	15:117db924cf7c	15826
wolfSSL	15:117db924cf7c	15827	#ifdef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	15828	return BuildTls13Message(ssl, output, outSz, input, inSz, type,
wolfSSL	15:117db924cf7c	15829	hashOutput, sizeOnly, asyncOkay);
wolfSSL	15:117db924cf7c	15830	#else
wolfSSL	15:117db924cf7c	15831	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	15832	if (ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	15833	return BuildTls13Message(ssl, output, outSz, input, inSz, type,
wolfSSL	15:117db924cf7c	15834	hashOutput, sizeOnly, asyncOkay);
wolfSSL	15:117db924cf7c	15835	}
wolfSSL	15:117db924cf7c	15836	#endif
wolfSSL	15:117db924cf7c	15837
wolfSSL	15:117db924cf7c	15838	ret = WC_NOT_PENDING_E;
wolfSSL	15:117db924cf7c	15839	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15840	if (asyncOkay) {
wolfSSL	15:117db924cf7c	15841	ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
wolfSSL	15:117db924cf7c	15842	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	15843	/* Check for error */
wolfSSL	15:117db924cf7c	15844	if (ret < 0)
wolfSSL	15:117db924cf7c	15845	goto exit_buildmsg;
wolfSSL	15:117db924cf7c	15846	}
wolfSSL	15:117db924cf7c	15847	}
wolfSSL	15:117db924cf7c	15848	else
wolfSSL	15:117db924cf7c	15849	#endif
wolfSSL	15:117db924cf7c	15850	{
wolfSSL	15:117db924cf7c	15851	args = &lcl_args;
wolfSSL	15:117db924cf7c	15852	}
wolfSSL	15:117db924cf7c	15853
wolfSSL	15:117db924cf7c	15854	/* Reset state */
wolfSSL	15:117db924cf7c	15855	if (ret == WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	15856	ret = 0;
wolfSSL	15:117db924cf7c	15857	ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL	15:117db924cf7c	15858	XMEMSET(args, 0, sizeof(BuildMsgArgs));
wolfSSL	15:117db924cf7c	15859
wolfSSL	15:117db924cf7c	15860	args->sz = RECORD_HEADER_SZ + inSz;
wolfSSL	15:117db924cf7c	15861	args->idx = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	15862	args->headerSz = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	15863	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	15864	ssl->async.freeArgs = FreeBuildMsgArgs;
wolfSSL	15:117db924cf7c	15865	#endif
wolfSSL	15:117db924cf7c	15866	}
wolfSSL	15:117db924cf7c	15867
wolfSSL	15:117db924cf7c	15868	switch (ssl->options.buildMsgState) {
wolfSSL	15:117db924cf7c	15869	case BUILD_MSG_BEGIN:
wolfSSL	15:117db924cf7c	15870	{
wolfSSL	15:117db924cf7c	15871	/* catch mistaken sizeOnly parameter */
wolfSSL	15:117db924cf7c	15872	if (!sizeOnly && (output == NULL \|\| input == NULL) ) {
wolfSSL	15:117db924cf7c	15873	ERROR_OUT(BAD_FUNC_ARG, exit_buildmsg);
wolfSSL	15:117db924cf7c	15874	}
wolfSSL	15:117db924cf7c	15875	if (sizeOnly && (output \|\| input) ) {
wolfSSL	15:117db924cf7c	15876	WOLFSSL_MSG("BuildMessage w/sizeOnly doesn't need input/output");
wolfSSL	15:117db924cf7c	15877	ERROR_OUT(BAD_FUNC_ARG, exit_buildmsg);
wolfSSL	15:117db924cf7c	15878	}
wolfSSL	15:117db924cf7c	15879
wolfSSL	15:117db924cf7c	15880	ssl->options.buildMsgState = BUILD_MSG_SIZE;
wolfSSL	15:117db924cf7c	15881	}
wolfSSL	15:117db924cf7c	15882	FALL_THROUGH;
wolfSSL	15:117db924cf7c	15883	case BUILD_MSG_SIZE:
wolfSSL	15:117db924cf7c	15884	{
wolfSSL	15:117db924cf7c	15885	args->digestSz = ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	15886	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	15:117db924cf7c	15887	if (ssl->truncated_hmac)
wolfSSL	15:117db924cf7c	15888	args->digestSz = min(TRUNCATED_HMAC_SZ, args->digestSz);
wolfSSL	15:117db924cf7c	15889	#endif
wolfSSL	15:117db924cf7c	15890	args->sz += args->digestSz;
wolfSSL	15:117db924cf7c	15891
wolfSSL	15:117db924cf7c	15892	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	15893	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	15894	args->sz += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	15895	args->idx += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	15896	args->headerSz += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	15897	}
wolfSSL	15:117db924cf7c	15898	#endif
wolfSSL	15:117db924cf7c	15899
wolfSSL	16:8e0d178b1d1e	15900	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	15901	if (ssl->specs.cipher_type == block) {
wolfSSL	15:117db924cf7c	15902	word32 blockSz = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	15903	if (ssl->options.tls1_1) {
wolfSSL	15:117db924cf7c	15904	args->ivSz = blockSz;
wolfSSL	15:117db924cf7c	15905	args->sz += args->ivSz;
wolfSSL	15:117db924cf7c	15906
wolfSSL	15:117db924cf7c	15907	if (args->ivSz > MAX_IV_SZ)
wolfSSL	15:117db924cf7c	15908	ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL	15:117db924cf7c	15909	}
wolfSSL	15:117db924cf7c	15910	args->sz += 1; /* pad byte */
wolfSSL	16:8e0d178b1d1e	15911	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15912	if (ssl->options.startedETMWrite) {
wolfSSL	16:8e0d178b1d1e	15913	args->pad = (args->sz - args->headerSz -
wolfSSL	16:8e0d178b1d1e	15914	args->digestSz) % blockSz;
wolfSSL	16:8e0d178b1d1e	15915	}
wolfSSL	16:8e0d178b1d1e	15916	else
wolfSSL	16:8e0d178b1d1e	15917	#endif
wolfSSL	16:8e0d178b1d1e	15918	args->pad = (args->sz - args->headerSz) % blockSz;
wolfSSL	15:117db924cf7c	15919	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	15920	if(args->pad != 0)
wolfSSL	15:117db924cf7c	15921	#endif
wolfSSL	15:117db924cf7c	15922	args->pad = blockSz - args->pad;
wolfSSL	15:117db924cf7c	15923	args->sz += args->pad;
wolfSSL	15:117db924cf7c	15924	}
wolfSSL	16:8e0d178b1d1e	15925	#endif /* WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	15926
wolfSSL	15:117db924cf7c	15927	#ifdef HAVE_AEAD
wolfSSL	15:117db924cf7c	15928	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	15929	if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	15:117db924cf7c	15930	args->ivSz = AESGCM_EXP_IV_SZ;
wolfSSL	15:117db924cf7c	15931
wolfSSL	15:117db924cf7c	15932	args->sz += (args->ivSz + ssl->specs.aead_mac_size - args->digestSz);
wolfSSL	15:117db924cf7c	15933	}
wolfSSL	15:117db924cf7c	15934	#endif
wolfSSL	15:117db924cf7c	15935
wolfSSL	15:117db924cf7c	15936	/* done with size calculations */
wolfSSL	15:117db924cf7c	15937	if (sizeOnly)
wolfSSL	15:117db924cf7c	15938	goto exit_buildmsg;
wolfSSL	15:117db924cf7c	15939
wolfSSL	15:117db924cf7c	15940	if (args->sz > (word32)outSz) {
wolfSSL	15:117db924cf7c	15941	WOLFSSL_MSG("Oops, want to write past output buffer size");
wolfSSL	15:117db924cf7c	15942	ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL	15:117db924cf7c	15943	}
wolfSSL	15:117db924cf7c	15944
wolfSSL	15:117db924cf7c	15945	if (args->ivSz > 0) {
wolfSSL	15:117db924cf7c	15946	args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, DYNAMIC_TYPE_SALT);
wolfSSL	15:117db924cf7c	15947	if (args->iv == NULL)
wolfSSL	15:117db924cf7c	15948	ERROR_OUT(MEMORY_E, exit_buildmsg);
wolfSSL	15:117db924cf7c	15949
wolfSSL	15:117db924cf7c	15950	ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz);
wolfSSL	15:117db924cf7c	15951	if (ret != 0)
wolfSSL	15:117db924cf7c	15952	goto exit_buildmsg;
wolfSSL	15:117db924cf7c	15953
wolfSSL	15:117db924cf7c	15954	}
wolfSSL	16:8e0d178b1d1e	15955	#if !defined(NO_PUBLIC_GCM_SET_IV) && \
wolfSSL	16:8e0d178b1d1e	15956	((defined(HAVE_FIPS) \|\| defined(HAVE_SELFTEST)) && \
wolfSSL	16:8e0d178b1d1e	15957	(!defined(HAVE_FIPS_VERSION) \|\| (HAVE_FIPS_VERSION < 2)) && \
wolfSSL	16:8e0d178b1d1e	15958	defined(HAVE_AEAD))
wolfSSL	15:117db924cf7c	15959	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	15960	if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL	15:117db924cf7c	15961	XMEMCPY(args->iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL	15:117db924cf7c	15962	}
wolfSSL	16:8e0d178b1d1e	15963	#endif
wolfSSL	15:117db924cf7c	15964
wolfSSL	15:117db924cf7c	15965	args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */
wolfSSL	15:117db924cf7c	15966	AddRecordHeader(output, args->size, (byte)type, ssl);
wolfSSL	15:117db924cf7c	15967
wolfSSL	15:117db924cf7c	15968	/* write to output */
wolfSSL	15:117db924cf7c	15969	if (args->ivSz > 0) {
wolfSSL	15:117db924cf7c	15970	XMEMCPY(output + args->idx, args->iv,
wolfSSL	15:117db924cf7c	15971	min(args->ivSz, MAX_IV_SZ));
wolfSSL	15:117db924cf7c	15972	args->idx += args->ivSz;
wolfSSL	15:117db924cf7c	15973	}
wolfSSL	15:117db924cf7c	15974	XMEMCPY(output + args->idx, input, inSz);
wolfSSL	15:117db924cf7c	15975	args->idx += inSz;
wolfSSL	15:117db924cf7c	15976
wolfSSL	15:117db924cf7c	15977	ssl->options.buildMsgState = BUILD_MSG_HASH;
wolfSSL	15:117db924cf7c	15978	}
wolfSSL	15:117db924cf7c	15979	FALL_THROUGH;
wolfSSL	15:117db924cf7c	15980	case BUILD_MSG_HASH:
wolfSSL	15:117db924cf7c	15981	{
wolfSSL	15:117db924cf7c	15982	if (type == handshake && hashOutput) {
wolfSSL	15:117db924cf7c	15983	ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
wolfSSL	15:117db924cf7c	15984	if (ret != 0)
wolfSSL	15:117db924cf7c	15985	goto exit_buildmsg;
wolfSSL	15:117db924cf7c	15986	}
wolfSSL	16:8e0d178b1d1e	15987	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	15:117db924cf7c	15988	if (ssl->specs.cipher_type == block) {
wolfSSL	16:8e0d178b1d1e	15989	word32 tmpIdx;
wolfSSL	16:8e0d178b1d1e	15990	word32 i;
wolfSSL	16:8e0d178b1d1e	15991
wolfSSL	16:8e0d178b1d1e	15992	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	15993	if (ssl->options.startedETMWrite)
wolfSSL	16:8e0d178b1d1e	15994	tmpIdx = args->idx;
wolfSSL	16:8e0d178b1d1e	15995	else
wolfSSL	16:8e0d178b1d1e	15996	#endif
wolfSSL	16:8e0d178b1d1e	15997	tmpIdx = args->idx + args->digestSz;
wolfSSL	15:117db924cf7c	15998
wolfSSL	15:117db924cf7c	15999	for (i = 0; i <= args->pad; i++)
wolfSSL	15:117db924cf7c	16000	output[tmpIdx++] = (byte)args->pad; /* pad byte gets pad value */
wolfSSL	15:117db924cf7c	16001	}
wolfSSL	16:8e0d178b1d1e	16002	#endif
wolfSSL	15:117db924cf7c	16003
wolfSSL	15:117db924cf7c	16004	ssl->options.buildMsgState = BUILD_MSG_VERIFY_MAC;
wolfSSL	15:117db924cf7c	16005	}
wolfSSL	15:117db924cf7c	16006	FALL_THROUGH;
wolfSSL	15:117db924cf7c	16007	case BUILD_MSG_VERIFY_MAC:
wolfSSL	15:117db924cf7c	16008	{
wolfSSL	15:117db924cf7c	16009	/* User Record Layer Callback handling */
wolfSSL	16:8e0d178b1d1e	16010	#ifdef ATOMIC_USER
wolfSSL	16:8e0d178b1d1e	16011	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	16012	if (ssl->options.startedETMWrite) {
wolfSSL	16:8e0d178b1d1e	16013	if (ssl->ctx->EncryptMacCb) {
wolfSSL	16:8e0d178b1d1e	16014	ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx +
wolfSSL	16:8e0d178b1d1e	16015	args->pad + 1, type, 0,
wolfSSL	16:8e0d178b1d1e	16016	output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16017	output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16018	args->size - args->digestSz,
wolfSSL	16:8e0d178b1d1e	16019	ssl->MacEncryptCtx);
wolfSSL	16:8e0d178b1d1e	16020	goto exit_buildmsg;
wolfSSL	16:8e0d178b1d1e	16021	}
wolfSSL	15:117db924cf7c	16022	}
wolfSSL	15:117db924cf7c	16023	else
wolfSSL	15:117db924cf7c	16024	#endif
wolfSSL	16:8e0d178b1d1e	16025	{
wolfSSL	16:8e0d178b1d1e	16026	if (ssl->ctx->MacEncryptCb) {
wolfSSL	16:8e0d178b1d1e	16027	ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
wolfSSL	16:8e0d178b1d1e	16028	output + args->headerSz + args->ivSz, inSz,
wolfSSL	16:8e0d178b1d1e	16029	type, 0, output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16030	output + args->headerSz, args->size,
wolfSSL	16:8e0d178b1d1e	16031	ssl->MacEncryptCtx);
wolfSSL	16:8e0d178b1d1e	16032	goto exit_buildmsg;
wolfSSL	16:8e0d178b1d1e	16033	}
wolfSSL	16:8e0d178b1d1e	16034	}
wolfSSL	16:8e0d178b1d1e	16035	#endif
wolfSSL	16:8e0d178b1d1e	16036
wolfSSL	16:8e0d178b1d1e	16037	#ifndef WOLFSSL_AEAD_ONLY
wolfSSL	16:8e0d178b1d1e	16038	if (ssl->specs.cipher_type != aead
wolfSSL	16:8e0d178b1d1e	16039	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	16040	&& !ssl->options.startedETMWrite
wolfSSL	16:8e0d178b1d1e	16041	#endif
wolfSSL	16:8e0d178b1d1e	16042	) {
wolfSSL	16:8e0d178b1d1e	16043	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	16:8e0d178b1d1e	16044	if (ssl->truncated_hmac &&
wolfSSL	16:8e0d178b1d1e	16045	ssl->specs.hash_size > args->digestSz) {
wolfSSL	16:8e0d178b1d1e	16046	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16047	byte* hmac;
wolfSSL	16:8e0d178b1d1e	16048	#else
wolfSSL	16:8e0d178b1d1e	16049	byte hmac[WC_MAX_DIGEST_SIZE];
wolfSSL	16:8e0d178b1d1e	16050	#endif
wolfSSL	16:8e0d178b1d1e	16051
wolfSSL	16:8e0d178b1d1e	16052	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16053	hmac = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, ssl->heap,
wolfSSL	16:8e0d178b1d1e	16054	DYNAMIC_TYPE_DIGEST);
wolfSSL	16:8e0d178b1d1e	16055	if (hmac == NULL)
wolfSSL	16:8e0d178b1d1e	16056	ERROR_OUT(MEMORY_E, exit_buildmsg);
wolfSSL	16:8e0d178b1d1e	16057	#endif
wolfSSL	16:8e0d178b1d1e	16058
wolfSSL	16:8e0d178b1d1e	16059	ret = ssl->hmac(ssl, hmac,
wolfSSL	16:8e0d178b1d1e	16060	output + args->headerSz + args->ivSz, inSz,
wolfSSL	16:8e0d178b1d1e	16061	-1, type, 0);
wolfSSL	16:8e0d178b1d1e	16062	XMEMCPY(output + args->idx, hmac, args->digestSz);
wolfSSL	16:8e0d178b1d1e	16063
wolfSSL	16:8e0d178b1d1e	16064	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16065	XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL	16:8e0d178b1d1e	16066	#endif
wolfSSL	16:8e0d178b1d1e	16067	}
wolfSSL	16:8e0d178b1d1e	16068	else
wolfSSL	16:8e0d178b1d1e	16069	#endif
wolfSSL	16:8e0d178b1d1e	16070	{
wolfSSL	16:8e0d178b1d1e	16071	ret = ssl->hmac(ssl, output + args->idx, output +
wolfSSL	15:117db924cf7c	16072	args->headerSz + args->ivSz, inSz, -1, type, 0);
wolfSSL	16:8e0d178b1d1e	16073	}
wolfSSL	16:8e0d178b1d1e	16074	}
wolfSSL	16:8e0d178b1d1e	16075	#endif /* WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	16076	if (ret != 0)
wolfSSL	15:117db924cf7c	16077	goto exit_buildmsg;
wolfSSL	15:117db924cf7c	16078
wolfSSL	15:117db924cf7c	16079	ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
wolfSSL	15:117db924cf7c	16080	}
wolfSSL	15:117db924cf7c	16081	FALL_THROUGH;
wolfSSL	15:117db924cf7c	16082	case BUILD_MSG_ENCRYPT:
wolfSSL	15:117db924cf7c	16083	{
wolfSSL	16:8e0d178b1d1e	16084	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	16085	if (ssl->options.startedETMWrite) {
wolfSSL	16:8e0d178b1d1e	16086	ret = Encrypt(ssl, output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16087	output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16088	args->size - args->digestSz, asyncOkay);
wolfSSL	16:8e0d178b1d1e	16089	}
wolfSSL	16:8e0d178b1d1e	16090	else
wolfSSL	16:8e0d178b1d1e	16091	#endif
wolfSSL	16:8e0d178b1d1e	16092	{
wolfSSL	16:8e0d178b1d1e	16093	ret = Encrypt(ssl, output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16094	output + args->headerSz, args->size, asyncOkay);
wolfSSL	16:8e0d178b1d1e	16095	}
wolfSSL	16:8e0d178b1d1e	16096	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	16097	goto exit_buildmsg;
wolfSSL	16:8e0d178b1d1e	16098	ssl->options.buildMsgState = BUILD_MSG_ENCRYPTED_VERIFY_MAC;
wolfSSL	16:8e0d178b1d1e	16099	}
wolfSSL	16:8e0d178b1d1e	16100	FALL_THROUGH;
wolfSSL	16:8e0d178b1d1e	16101	case BUILD_MSG_ENCRYPTED_VERIFY_MAC:
wolfSSL	16:8e0d178b1d1e	16102	{
wolfSSL	16:8e0d178b1d1e	16103	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	16104	if (ssl->options.startedETMWrite) {
wolfSSL	16:8e0d178b1d1e	16105	WOLFSSL_MSG("Calculate MAC of Encrypted Data");
wolfSSL	16:8e0d178b1d1e	16106
wolfSSL	16:8e0d178b1d1e	16107	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	16:8e0d178b1d1e	16108	if (ssl->truncated_hmac &&
wolfSSL	16:8e0d178b1d1e	16109	ssl->specs.hash_size > args->digestSz) {
wolfSSL	16:8e0d178b1d1e	16110	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16111	byte* hmac = NULL;
wolfSSL	16:8e0d178b1d1e	16112	#else
wolfSSL	16:8e0d178b1d1e	16113	byte hmac[WC_MAX_DIGEST_SIZE];
wolfSSL	16:8e0d178b1d1e	16114	#endif
wolfSSL	16:8e0d178b1d1e	16115
wolfSSL	16:8e0d178b1d1e	16116	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16117	hmac = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, ssl->heap,
wolfSSL	16:8e0d178b1d1e	16118	DYNAMIC_TYPE_DIGEST);
wolfSSL	16:8e0d178b1d1e	16119	if (hmac == NULL)
wolfSSL	16:8e0d178b1d1e	16120	ERROR_OUT(MEMORY_E, exit_buildmsg);
wolfSSL	16:8e0d178b1d1e	16121	#endif
wolfSSL	16:8e0d178b1d1e	16122
wolfSSL	16:8e0d178b1d1e	16123	ret = ssl->hmac(ssl, hmac, output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16124	args->ivSz + inSz + args->pad + 1, -1, type,
wolfSSL	16:8e0d178b1d1e	16125	0);
wolfSSL	16:8e0d178b1d1e	16126	XMEMCPY(output + args->idx + args->pad + 1, hmac,
wolfSSL	16:8e0d178b1d1e	16127	args->digestSz);
wolfSSL	16:8e0d178b1d1e	16128
wolfSSL	16:8e0d178b1d1e	16129	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	16130	XFREE(hmac, ssl->heap, DYNAMIC_TYPE_DIGEST);
wolfSSL	16:8e0d178b1d1e	16131	#endif
wolfSSL	16:8e0d178b1d1e	16132	}
wolfSSL	16:8e0d178b1d1e	16133	else
wolfSSL	16:8e0d178b1d1e	16134	#endif
wolfSSL	16:8e0d178b1d1e	16135	{
wolfSSL	16:8e0d178b1d1e	16136	ret = ssl->hmac(ssl, output + args->idx + args->pad + 1,
wolfSSL	16:8e0d178b1d1e	16137	output + args->headerSz,
wolfSSL	16:8e0d178b1d1e	16138	args->ivSz + inSz + args->pad + 1, -1, type,
wolfSSL	16:8e0d178b1d1e	16139	0);
wolfSSL	16:8e0d178b1d1e	16140	}
wolfSSL	16:8e0d178b1d1e	16141	}
wolfSSL	16:8e0d178b1d1e	16142	#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */
wolfSSL	15:117db924cf7c	16143	}
wolfSSL	15:117db924cf7c	16144	}
wolfSSL	15:117db924cf7c	16145
wolfSSL	15:117db924cf7c	16146	exit_buildmsg:
wolfSSL	15:117db924cf7c	16147
wolfSSL	15:117db924cf7c	16148	WOLFSSL_LEAVE("BuildMessage", ret);
wolfSSL	15:117db924cf7c	16149
wolfSSL	15:117db924cf7c	16150	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	16151	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	16152	return ret;
wolfSSL	15:117db924cf7c	16153	}
wolfSSL	15:117db924cf7c	16154	#endif
wolfSSL	15:117db924cf7c	16155
wolfSSL	15:117db924cf7c	16156	/* make sure build message state is reset */
wolfSSL	15:117db924cf7c	16157	ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL	15:117db924cf7c	16158
wolfSSL	15:117db924cf7c	16159	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16160	if (ret == 0 && ssl->options.dtls)
wolfSSL	15:117db924cf7c	16161	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	16162	#endif
wolfSSL	15:117db924cf7c	16163
wolfSSL	15:117db924cf7c	16164	/* return sz on success */
wolfSSL	15:117db924cf7c	16165	if (ret == 0)
wolfSSL	15:117db924cf7c	16166	ret = args->sz;
wolfSSL	15:117db924cf7c	16167
wolfSSL	15:117db924cf7c	16168	/* Final cleanup */
wolfSSL	15:117db924cf7c	16169	FreeBuildMsgArgs(ssl, args);
wolfSSL	15:117db924cf7c	16170	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	16171	ssl->async.freeArgs = NULL;
wolfSSL	15:117db924cf7c	16172	#endif
wolfSSL	15:117db924cf7c	16173
wolfSSL	15:117db924cf7c	16174	return ret;
wolfSSL	15:117db924cf7c	16175	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	16176	}
wolfSSL	15:117db924cf7c	16177
wolfSSL	15:117db924cf7c	16178	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	16179
wolfSSL	15:117db924cf7c	16180	int SendFinished(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	16181	{
wolfSSL	15:117db924cf7c	16182	int sendSz,
wolfSSL	15:117db924cf7c	16183	finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL	15:117db924cf7c	16184	FINISHED_SZ;
wolfSSL	15:117db924cf7c	16185	byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL	15:117db924cf7c	16186	byte *output;
wolfSSL	15:117db924cf7c	16187	Hashes* hashes;
wolfSSL	15:117db924cf7c	16188	int ret;
wolfSSL	15:117db924cf7c	16189	int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16190	int outputSz;
wolfSSL	15:117db924cf7c	16191
wolfSSL	15:117db924cf7c	16192	WOLFSSL_START(WC_FUNC_FINISHED_SEND);
wolfSSL	15:117db924cf7c	16193	WOLFSSL_ENTER("SendFinished");
wolfSSL	15:117db924cf7c	16194
wolfSSL	15:117db924cf7c	16195	/* setup encrypt keys */
wolfSSL	15:117db924cf7c	16196	if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
wolfSSL	15:117db924cf7c	16197	return ret;
wolfSSL	15:117db924cf7c	16198
wolfSSL	16:8e0d178b1d1e	16199	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	16200	ssl->options.startedETMWrite = ssl->options.encThenMac;
wolfSSL	16:8e0d178b1d1e	16201	#endif
wolfSSL	16:8e0d178b1d1e	16202
wolfSSL	15:117db924cf7c	16203	/* check for available size */
wolfSSL	15:117db924cf7c	16204	outputSz = sizeof(input) + MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	16205	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	15:117db924cf7c	16206	return ret;
wolfSSL	15:117db924cf7c	16207
wolfSSL	15:117db924cf7c	16208	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16209	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	16210	headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	16211	ssl->keys.dtls_epoch++;
wolfSSL	15:117db924cf7c	16212	ssl->keys.dtls_prev_sequence_number_hi =
wolfSSL	15:117db924cf7c	16213	ssl->keys.dtls_sequence_number_hi;
wolfSSL	15:117db924cf7c	16214	ssl->keys.dtls_prev_sequence_number_lo =
wolfSSL	15:117db924cf7c	16215	ssl->keys.dtls_sequence_number_lo;
wolfSSL	15:117db924cf7c	16216	ssl->keys.dtls_sequence_number_hi = 0;
wolfSSL	15:117db924cf7c	16217	ssl->keys.dtls_sequence_number_lo = 0;
wolfSSL	15:117db924cf7c	16218	}
wolfSSL	15:117db924cf7c	16219	#endif
wolfSSL	15:117db924cf7c	16220
wolfSSL	15:117db924cf7c	16221	/* get output buffer */
wolfSSL	15:117db924cf7c	16222	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	16223	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	16224
wolfSSL	15:117db924cf7c	16225	AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
wolfSSL	15:117db924cf7c	16226
wolfSSL	15:117db924cf7c	16227	/* make finished hashes */
wolfSSL	15:117db924cf7c	16228	hashes = (Hashes*)&input[headerSz];
wolfSSL	15:117db924cf7c	16229	ret = BuildFinished(ssl, hashes,
wolfSSL	15:117db924cf7c	16230	ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
wolfSSL	15:117db924cf7c	16231	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	16232
wolfSSL	15:117db924cf7c	16233	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	16234	if (ssl->secure_renegotiation) {
wolfSSL	15:117db924cf7c	16235	if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL	15:117db924cf7c	16236	XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
wolfSSL	15:117db924cf7c	16237	TLS_FINISHED_SZ);
wolfSSL	15:117db924cf7c	16238	else
wolfSSL	15:117db924cf7c	16239	XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
wolfSSL	15:117db924cf7c	16240	TLS_FINISHED_SZ);
wolfSSL	15:117db924cf7c	16241	}
wolfSSL	15:117db924cf7c	16242	#endif
wolfSSL	15:117db924cf7c	16243
wolfSSL	15:117db924cf7c	16244	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16245	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	16246	if ((ret = DtlsMsgPoolSave(ssl, input, headerSz + finishedSz)) != 0)
wolfSSL	15:117db924cf7c	16247	return ret;
wolfSSL	15:117db924cf7c	16248	}
wolfSSL	15:117db924cf7c	16249	#endif
wolfSSL	15:117db924cf7c	16250
wolfSSL	15:117db924cf7c	16251	sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
wolfSSL	15:117db924cf7c	16252	handshake, 1, 0, 0);
wolfSSL	15:117db924cf7c	16253	if (sendSz < 0)
wolfSSL	15:117db924cf7c	16254	return BUILD_MSG_ERROR;
wolfSSL	15:117db924cf7c	16255
wolfSSL	15:117db924cf7c	16256	if (!ssl->options.resuming) {
wolfSSL	15:117db924cf7c	16257	#ifndef NO_SESSION_CACHE
wolfSSL	15:117db924cf7c	16258	AddSession(ssl); /* just try */
wolfSSL	15:117db924cf7c	16259	#endif
wolfSSL	15:117db924cf7c	16260	if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	16261	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	16262	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	16263	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	15:117db924cf7c	16264	if (ssl->CBIS != NULL)
wolfSSL	15:117db924cf7c	16265	ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	16266	#endif
wolfSSL	15:117db924cf7c	16267	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	15:117db924cf7c	16268	ssl->options.handShakeDone = 1;
wolfSSL	15:117db924cf7c	16269	}
wolfSSL	15:117db924cf7c	16270	}
wolfSSL	15:117db924cf7c	16271	else {
wolfSSL	15:117db924cf7c	16272	if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL	15:117db924cf7c	16273	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	16274	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	15:117db924cf7c	16275	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	15:117db924cf7c	16276	if (ssl->CBIS != NULL)
wolfSSL	15:117db924cf7c	16277	ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	16278	#endif
wolfSSL	15:117db924cf7c	16279	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	15:117db924cf7c	16280	ssl->options.handShakeDone = 1;
wolfSSL	15:117db924cf7c	16281	}
wolfSSL	15:117db924cf7c	16282	}
wolfSSL	15:117db924cf7c	16283
wolfSSL	15:117db924cf7c	16284	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	16285	if (ssl->hsInfoOn) AddPacketName(ssl, "Finished");
wolfSSL	15:117db924cf7c	16286	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	16287	AddPacketInfo(ssl, "Finished", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	16288	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	16289	#endif
wolfSSL	15:117db924cf7c	16290
wolfSSL	15:117db924cf7c	16291	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	16292
wolfSSL	15:117db924cf7c	16293	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	16294
wolfSSL	15:117db924cf7c	16295	WOLFSSL_LEAVE("SendFinished", ret);
wolfSSL	15:117db924cf7c	16296	WOLFSSL_END(WC_FUNC_FINISHED_SEND);
wolfSSL	15:117db924cf7c	16297
wolfSSL	15:117db924cf7c	16298	return ret;
wolfSSL	15:117db924cf7c	16299	}
wolfSSL	15:117db924cf7c	16300	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	16301
wolfSSL	15:117db924cf7c	16302	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	16303	#if (!defined(WOLFSSL_NO_TLS12) && \
wolfSSL	15:117db924cf7c	16304	(defined(HAVE_CERTIFICATE_STATUS_REQUEST) \|\| \
wolfSSL	15:117db924cf7c	16305	defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))) \|\| \
wolfSSL	15:117db924cf7c	16306	(defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST))
wolfSSL	16:8e0d178b1d1e	16307	/* Parses and decodes the certificate then initializes "request". In the case
wolfSSL	16:8e0d178b1d1e	16308	* of !ssl->buffers.weOwnCert, ssl->ctx->certOcspRequest gets set to "request".
wolfSSL	16:8e0d178b1d1e	16309	*
wolfSSL	16:8e0d178b1d1e	16310	* Returns 0 on success
wolfSSL	16:8e0d178b1d1e	16311	*/
wolfSSL	15:117db924cf7c	16312	static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request,
wolfSSL	15:117db924cf7c	16313	DecodedCert* cert, byte* certData, word32 length)
wolfSSL	15:117db924cf7c	16314	{
wolfSSL	15:117db924cf7c	16315	int ret;
wolfSSL	15:117db924cf7c	16316
wolfSSL	16:8e0d178b1d1e	16317	if (request != NULL)
wolfSSL	16:8e0d178b1d1e	16318	XMEMSET(request, 0, sizeof(OcspRequest));
wolfSSL	16:8e0d178b1d1e	16319
wolfSSL	15:117db924cf7c	16320	InitDecodedCert(cert, certData, length, ssl->heap);
wolfSSL	15:117db924cf7c	16321	/* TODO: Setup async support here */
wolfSSL	15:117db924cf7c	16322	ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm);
wolfSSL	15:117db924cf7c	16323	if (ret != 0) {
wolfSSL	15:117db924cf7c	16324	WOLFSSL_MSG("ParseCert failed");
wolfSSL	15:117db924cf7c	16325	}
wolfSSL	15:117db924cf7c	16326	if (ret == 0)
wolfSSL	15:117db924cf7c	16327	ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL	15:117db924cf7c	16328	if (ret == 0) {
wolfSSL	15:117db924cf7c	16329	/* make sure ctx OCSP request is updated */
wolfSSL	15:117db924cf7c	16330	if (!ssl->buffers.weOwnCert) {
wolfSSL	15:117db924cf7c	16331	wolfSSL_Mutex* ocspLock = &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL	15:117db924cf7c	16332	if (wc_LockMutex(ocspLock) == 0) {
wolfSSL	15:117db924cf7c	16333	if (ssl->ctx->certOcspRequest == NULL)
wolfSSL	15:117db924cf7c	16334	ssl->ctx->certOcspRequest = request;
wolfSSL	15:117db924cf7c	16335	wc_UnLockMutex(ocspLock);
wolfSSL	15:117db924cf7c	16336	}
wolfSSL	15:117db924cf7c	16337	}
wolfSSL	15:117db924cf7c	16338	}
wolfSSL	15:117db924cf7c	16339
wolfSSL	15:117db924cf7c	16340	FreeDecodedCert(cert);
wolfSSL	15:117db924cf7c	16341
wolfSSL	15:117db924cf7c	16342	return ret;
wolfSSL	15:117db924cf7c	16343	}
wolfSSL	15:117db924cf7c	16344
wolfSSL	15:117db924cf7c	16345
wolfSSL	16:8e0d178b1d1e	16346	/* Creates OCSP response and places it in variable "response". Memory
wolfSSL	16:8e0d178b1d1e	16347	* management for "buffer* response" is up to the caller.
wolfSSL	16:8e0d178b1d1e	16348	*
wolfSSL	16:8e0d178b1d1e	16349	* Also creates an OcspRequest in the case that ocspRequest is null or that
wolfSSL	16:8e0d178b1d1e	16350	* ssl->buffers.weOwnCert is set. In those cases managing ocspRequest free'ing
wolfSSL	16:8e0d178b1d1e	16351	* is up to the caller. NOTE: in OcspCreateRequest ssl->ctx->certOcspRequest can
wolfSSL	16:8e0d178b1d1e	16352	* be set to point to "ocspRequest" and it then should not be free'd since
wolfSSL	16:8e0d178b1d1e	16353	* wolfSSL_CTX_free will take care of it.
wolfSSL	16:8e0d178b1d1e	16354	*
wolfSSL	16:8e0d178b1d1e	16355	* Returns 0 on success
wolfSSL	16:8e0d178b1d1e	16356	*/
wolfSSL	15:117db924cf7c	16357	int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
wolfSSL	15:117db924cf7c	16358	buffer* response)
wolfSSL	15:117db924cf7c	16359	{
wolfSSL	15:117db924cf7c	16360	int ret = 0;
wolfSSL	16:8e0d178b1d1e	16361	OcspRequest* request = NULL;
wolfSSL	16:8e0d178b1d1e	16362	byte createdRequest = 0;
wolfSSL	15:117db924cf7c	16363
wolfSSL	15:117db924cf7c	16364	if (ssl == NULL \|\| ocspRequest == NULL \|\| response == NULL)
wolfSSL	15:117db924cf7c	16365	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	16366
wolfSSL	16:8e0d178b1d1e	16367	XMEMSET(response, 0, sizeof(*response));
wolfSSL	15:117db924cf7c	16368	request = *ocspRequest;
wolfSSL	15:117db924cf7c	16369
wolfSSL	15:117db924cf7c	16370	/* unable to fetch status. skip. */
wolfSSL	15:117db924cf7c	16371	if (ssl->ctx->cm == NULL \|\| ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL	15:117db924cf7c	16372	return 0;
wolfSSL	15:117db924cf7c	16373
wolfSSL	15:117db924cf7c	16374	if (request == NULL \|\| ssl->buffers.weOwnCert) {
wolfSSL	15:117db924cf7c	16375	DerBuffer* der = ssl->buffers.certificate;
wolfSSL	15:117db924cf7c	16376	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	16377	DecodedCert* cert = NULL;
wolfSSL	15:117db924cf7c	16378	#else
wolfSSL	15:117db924cf7c	16379	DecodedCert cert[1];
wolfSSL	15:117db924cf7c	16380	#endif
wolfSSL	15:117db924cf7c	16381
wolfSSL	15:117db924cf7c	16382	/* unable to fetch status. skip. */
wolfSSL	15:117db924cf7c	16383	if (der->buffer == NULL \|\| der->length == 0)
wolfSSL	15:117db924cf7c	16384	return 0;
wolfSSL	15:117db924cf7c	16385
wolfSSL	15:117db924cf7c	16386	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	16387	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL	15:117db924cf7c	16388	DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	16389	if (cert == NULL)
wolfSSL	15:117db924cf7c	16390	return MEMORY_E;
wolfSSL	15:117db924cf7c	16391	#endif
wolfSSL	15:117db924cf7c	16392	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), ssl->heap,
wolfSSL	15:117db924cf7c	16393	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	16394	if (request == NULL)
wolfSSL	15:117db924cf7c	16395	ret = MEMORY_E;
wolfSSL	15:117db924cf7c	16396
wolfSSL	16:8e0d178b1d1e	16397	createdRequest = 1;
wolfSSL	15:117db924cf7c	16398	if (ret == 0) {
wolfSSL	15:117db924cf7c	16399	ret = CreateOcspRequest(ssl, request, cert, der->buffer,
wolfSSL	15:117db924cf7c	16400	der->length);
wolfSSL	15:117db924cf7c	16401	}
wolfSSL	15:117db924cf7c	16402
wolfSSL	16:8e0d178b1d1e	16403	if (ret != 0) {
wolfSSL	15:117db924cf7c	16404	XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	16:8e0d178b1d1e	16405	request = NULL;
wolfSSL	16:8e0d178b1d1e	16406	}
wolfSSL	16:8e0d178b1d1e	16407
wolfSSL	15:117db924cf7c	16408	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	16409	XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	16410	#endif
wolfSSL	15:117db924cf7c	16411	}
wolfSSL	15:117db924cf7c	16412
wolfSSL	15:117db924cf7c	16413	if (ret == 0) {
wolfSSL	15:117db924cf7c	16414	request->ssl = ssl;
wolfSSL	15:117db924cf7c	16415	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, response);
wolfSSL	15:117db924cf7c	16416
wolfSSL	15:117db924cf7c	16417	/* Suppressing, not critical */
wolfSSL	15:117db924cf7c	16418	if (ret == OCSP_CERT_REVOKED \|\|
wolfSSL	15:117db924cf7c	16419	ret == OCSP_CERT_UNKNOWN \|\|
wolfSSL	15:117db924cf7c	16420	ret == OCSP_LOOKUP_FAIL) {
wolfSSL	15:117db924cf7c	16421	ret = 0;
wolfSSL	15:117db924cf7c	16422	}
wolfSSL	15:117db924cf7c	16423	}
wolfSSL	15:117db924cf7c	16424
wolfSSL	16:8e0d178b1d1e	16425	/* free request up if error case found otherwise return it */
wolfSSL	16:8e0d178b1d1e	16426	if (ret != 0 && createdRequest) {
wolfSSL	16:8e0d178b1d1e	16427	FreeOcspRequest(request);
wolfSSL	16:8e0d178b1d1e	16428	XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	16:8e0d178b1d1e	16429	}
wolfSSL	16:8e0d178b1d1e	16430
wolfSSL	16:8e0d178b1d1e	16431	if (ret == 0)
wolfSSL	16:8e0d178b1d1e	16432	*ocspRequest = request;
wolfSSL	15:117db924cf7c	16433
wolfSSL	15:117db924cf7c	16434	return ret;
wolfSSL	15:117db924cf7c	16435	}
wolfSSL	15:117db924cf7c	16436	#endif
wolfSSL	15:117db924cf7c	16437	#endif /* !NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	16438
wolfSSL	15:117db924cf7c	16439	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	16440
wolfSSL	15:117db924cf7c	16441	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	16442	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	16443	/* handle generation of certificate (11) */
wolfSSL	15:117db924cf7c	16444	int SendCertificate(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	16445	{
wolfSSL	15:117db924cf7c	16446	int ret = 0;
wolfSSL	15:117db924cf7c	16447	word32 certSz, certChainSz, headerSz, listSz, payloadSz;
wolfSSL	15:117db924cf7c	16448	word32 length, maxFragment;
wolfSSL	15:117db924cf7c	16449
wolfSSL	15:117db924cf7c	16450	WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
wolfSSL	15:117db924cf7c	16451	WOLFSSL_ENTER("SendCertificate");
wolfSSL	15:117db924cf7c	16452
wolfSSL	15:117db924cf7c	16453	if (ssl->options.usingPSK_cipher \|\| ssl->options.usingAnon_cipher)
wolfSSL	15:117db924cf7c	16454	return 0; /* not needed */
wolfSSL	15:117db924cf7c	16455
wolfSSL	15:117db924cf7c	16456	if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL	15:117db924cf7c	16457	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	16458	if (ssl->version.major == SSLv3_MAJOR
wolfSSL	15:117db924cf7c	16459	&& ssl->version.minor == SSLv3_MINOR){
wolfSSL	15:117db924cf7c	16460	SendAlert(ssl, alert_warning, no_certificate);
wolfSSL	15:117db924cf7c	16461	return 0;
wolfSSL	15:117db924cf7c	16462	} else {
wolfSSL	15:117db924cf7c	16463	#endif
wolfSSL	15:117db924cf7c	16464	certSz = 0;
wolfSSL	15:117db924cf7c	16465	certChainSz = 0;
wolfSSL	15:117db924cf7c	16466	headerSz = CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16467	length = CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16468	listSz = 0;
wolfSSL	15:117db924cf7c	16469	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	16470	}
wolfSSL	15:117db924cf7c	16471	#endif
wolfSSL	15:117db924cf7c	16472	}
wolfSSL	15:117db924cf7c	16473	else {
wolfSSL	15:117db924cf7c	16474	if (!ssl->buffers.certificate) {
wolfSSL	15:117db924cf7c	16475	WOLFSSL_MSG("Send Cert missing certificate buffer");
wolfSSL	15:117db924cf7c	16476	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	16477	}
wolfSSL	15:117db924cf7c	16478	certSz = ssl->buffers.certificate->length;
wolfSSL	15:117db924cf7c	16479	headerSz = 2 * CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16480	/* list + cert size */
wolfSSL	15:117db924cf7c	16481	length = certSz + headerSz;
wolfSSL	15:117db924cf7c	16482	listSz = certSz + CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16483
wolfSSL	15:117db924cf7c	16484	/* may need to send rest of chain, already has leading size(s) */
wolfSSL	15:117db924cf7c	16485	if (certSz && ssl->buffers.certChain) {
wolfSSL	15:117db924cf7c	16486	certChainSz = ssl->buffers.certChain->length;
wolfSSL	15:117db924cf7c	16487	length += certChainSz;
wolfSSL	15:117db924cf7c	16488	listSz += certChainSz;
wolfSSL	15:117db924cf7c	16489	}
wolfSSL	15:117db924cf7c	16490	else
wolfSSL	15:117db924cf7c	16491	certChainSz = 0;
wolfSSL	15:117db924cf7c	16492	}
wolfSSL	15:117db924cf7c	16493
wolfSSL	15:117db924cf7c	16494	payloadSz = length;
wolfSSL	15:117db924cf7c	16495
wolfSSL	15:117db924cf7c	16496	if (ssl->fragOffset != 0)
wolfSSL	15:117db924cf7c	16497	length -= (ssl->fragOffset + headerSz);
wolfSSL	15:117db924cf7c	16498
wolfSSL	15:117db924cf7c	16499	maxFragment = MAX_RECORD_SIZE;
wolfSSL	15:117db924cf7c	16500
wolfSSL	15:117db924cf7c	16501	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	16502	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16503	/* The 100 bytes is used to account for the UDP and IP headers.
wolfSSL	15:117db924cf7c	16504	It can also include the record padding and MAC if the
wolfSSL	15:117db924cf7c	16505	SendCertificate is called for a secure renegotiation. */
wolfSSL	15:117db924cf7c	16506	maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
wolfSSL	15:117db924cf7c	16507	- DTLS_HANDSHAKE_HEADER_SZ - 100;
wolfSSL	15:117db924cf7c	16508	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	16509	}
wolfSSL	15:117db924cf7c	16510
wolfSSL	15:117db924cf7c	16511	maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment);
wolfSSL	15:117db924cf7c	16512
wolfSSL	15:117db924cf7c	16513	while (length > 0 && ret == 0) {
wolfSSL	15:117db924cf7c	16514	byte* output = NULL;
wolfSSL	15:117db924cf7c	16515	word32 fragSz = 0;
wolfSSL	15:117db924cf7c	16516	word32 i = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	16517	int sendSz = RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	16518
wolfSSL	15:117db924cf7c	16519	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	16520	if (ssl->fragOffset == 0) {
wolfSSL	15:117db924cf7c	16521	if (headerSz + certSz + certChainSz <=
wolfSSL	15:117db924cf7c	16522	maxFragment - HANDSHAKE_HEADER_SZ) {
wolfSSL	15:117db924cf7c	16523
wolfSSL	15:117db924cf7c	16524	fragSz = headerSz + certSz + certChainSz;
wolfSSL	15:117db924cf7c	16525	}
wolfSSL	15:117db924cf7c	16526	else {
wolfSSL	15:117db924cf7c	16527	fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16528	}
wolfSSL	15:117db924cf7c	16529	sendSz += fragSz + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16530	i += HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16531	}
wolfSSL	15:117db924cf7c	16532	else {
wolfSSL	15:117db924cf7c	16533	fragSz = min(length, maxFragment);
wolfSSL	15:117db924cf7c	16534	sendSz += fragSz;
wolfSSL	15:117db924cf7c	16535	}
wolfSSL	15:117db924cf7c	16536
wolfSSL	15:117db924cf7c	16537	if (IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	16538	sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	16539	}
wolfSSL	15:117db924cf7c	16540	else {
wolfSSL	15:117db924cf7c	16541	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16542	fragSz = min(length, maxFragment);
wolfSSL	15:117db924cf7c	16543	sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL	15:117db924cf7c	16544	+ HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16545	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL	15:117db924cf7c	16546	+ HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16547	#endif
wolfSSL	15:117db924cf7c	16548	}
wolfSSL	15:117db924cf7c	16549
wolfSSL	15:117db924cf7c	16550	/* check for available size */
wolfSSL	15:117db924cf7c	16551	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	16552	return ret;
wolfSSL	15:117db924cf7c	16553
wolfSSL	15:117db924cf7c	16554	/* get output buffer */
wolfSSL	15:117db924cf7c	16555	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	16556	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	16557
wolfSSL	15:117db924cf7c	16558	if (ssl->fragOffset == 0) {
wolfSSL	15:117db924cf7c	16559	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	16560	AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL	15:117db924cf7c	16561	if (!IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	16562	HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	16563	HANDSHAKE_HEADER_SZ);
wolfSSL	15:117db924cf7c	16564	}
wolfSSL	15:117db924cf7c	16565	else {
wolfSSL	15:117db924cf7c	16566	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16567	AddHeaders(output, payloadSz, certificate, ssl);
wolfSSL	15:117db924cf7c	16568	if (!IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	16569	HashOutputRaw(ssl,
wolfSSL	15:117db924cf7c	16570	output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
wolfSSL	15:117db924cf7c	16571	HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
wolfSSL	15:117db924cf7c	16572	/* Adding the headers increments these, decrement them for
wolfSSL	15:117db924cf7c	16573	* actual message header. */
wolfSSL	15:117db924cf7c	16574	ssl->keys.dtls_handshake_number--;
wolfSSL	15:117db924cf7c	16575	AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL	15:117db924cf7c	16576	ssl->keys.dtls_handshake_number--;
wolfSSL	15:117db924cf7c	16577	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	16578	}
wolfSSL	15:117db924cf7c	16579
wolfSSL	15:117db924cf7c	16580	/* list total */
wolfSSL	15:117db924cf7c	16581	c32to24(listSz, output + i);
wolfSSL	15:117db924cf7c	16582	if (!IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	16583	HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL	15:117db924cf7c	16584	i += CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16585	length -= CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16586	fragSz -= CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16587	if (certSz) {
wolfSSL	15:117db924cf7c	16588	c32to24(certSz, output + i);
wolfSSL	15:117db924cf7c	16589	if (!IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	16590	HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL	15:117db924cf7c	16591	i += CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16592	length -= CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16593	fragSz -= CERT_HEADER_SZ;
wolfSSL	15:117db924cf7c	16594
wolfSSL	15:117db924cf7c	16595	if (!IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	16596	HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz);
wolfSSL	15:117db924cf7c	16597	if (certChainSz)
wolfSSL	15:117db924cf7c	16598	HashOutputRaw(ssl, ssl->buffers.certChain->buffer,
wolfSSL	15:117db924cf7c	16599	certChainSz);
wolfSSL	15:117db924cf7c	16600	}
wolfSSL	15:117db924cf7c	16601	}
wolfSSL	15:117db924cf7c	16602	}
wolfSSL	15:117db924cf7c	16603	else {
wolfSSL	15:117db924cf7c	16604	if (!ssl->options.dtls) {
wolfSSL	15:117db924cf7c	16605	AddRecordHeader(output, fragSz, handshake, ssl);
wolfSSL	15:117db924cf7c	16606	}
wolfSSL	15:117db924cf7c	16607	else {
wolfSSL	15:117db924cf7c	16608	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16609	AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
wolfSSL	15:117db924cf7c	16610	payloadSz, certificate, ssl);
wolfSSL	15:117db924cf7c	16611	ssl->keys.dtls_handshake_number--;
wolfSSL	15:117db924cf7c	16612	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	16613	}
wolfSSL	15:117db924cf7c	16614	}
wolfSSL	15:117db924cf7c	16615
wolfSSL	15:117db924cf7c	16616	/* member */
wolfSSL	15:117db924cf7c	16617	if (certSz && ssl->fragOffset < certSz) {
wolfSSL	15:117db924cf7c	16618	word32 copySz = min(certSz - ssl->fragOffset, fragSz);
wolfSSL	15:117db924cf7c	16619	XMEMCPY(output + i,
wolfSSL	15:117db924cf7c	16620	ssl->buffers.certificate->buffer + ssl->fragOffset, copySz);
wolfSSL	15:117db924cf7c	16621	i += copySz;
wolfSSL	15:117db924cf7c	16622	ssl->fragOffset += copySz;
wolfSSL	15:117db924cf7c	16623	length -= copySz;
wolfSSL	15:117db924cf7c	16624	fragSz -= copySz;
wolfSSL	15:117db924cf7c	16625	}
wolfSSL	15:117db924cf7c	16626	if (certChainSz && fragSz) {
wolfSSL	15:117db924cf7c	16627	word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
wolfSSL	15:117db924cf7c	16628	XMEMCPY(output + i,
wolfSSL	15:117db924cf7c	16629	ssl->buffers.certChain->buffer + ssl->fragOffset - certSz,
wolfSSL	15:117db924cf7c	16630	copySz);
wolfSSL	15:117db924cf7c	16631	i += copySz;
wolfSSL	15:117db924cf7c	16632	ssl->fragOffset += copySz;
wolfSSL	15:117db924cf7c	16633	length -= copySz;
wolfSSL	15:117db924cf7c	16634	}
wolfSSL	15:117db924cf7c	16635
wolfSSL	15:117db924cf7c	16636	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	16637	byte* input = NULL;
wolfSSL	15:117db924cf7c	16638	int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	15:117db924cf7c	16639
wolfSSL	15:117db924cf7c	16640	if (inputSz < 0) {
wolfSSL	15:117db924cf7c	16641	WOLFSSL_MSG("Send Cert bad inputSz");
wolfSSL	15:117db924cf7c	16642	return BUFFER_E;
wolfSSL	15:117db924cf7c	16643	}
wolfSSL	15:117db924cf7c	16644
wolfSSL	15:117db924cf7c	16645	if (inputSz > 0) { /* clang thinks could be zero, let's help */
wolfSSL	15:117db924cf7c	16646	input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL	15:117db924cf7c	16647	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	16648	if (input == NULL)
wolfSSL	15:117db924cf7c	16649	return MEMORY_E;
wolfSSL	15:117db924cf7c	16650	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	15:117db924cf7c	16651	}
wolfSSL	15:117db924cf7c	16652
wolfSSL	15:117db924cf7c	16653	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	15:117db924cf7c	16654	handshake, 1, 0, 0);
wolfSSL	15:117db924cf7c	16655
wolfSSL	15:117db924cf7c	16656	if (inputSz > 0)
wolfSSL	15:117db924cf7c	16657	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	16658
wolfSSL	15:117db924cf7c	16659	if (sendSz < 0)
wolfSSL	15:117db924cf7c	16660	return sendSz;
wolfSSL	15:117db924cf7c	16661	}
wolfSSL	15:117db924cf7c	16662	else {
wolfSSL	15:117db924cf7c	16663	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16664	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	16665	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	16666	#endif
wolfSSL	15:117db924cf7c	16667	}
wolfSSL	15:117db924cf7c	16668
wolfSSL	15:117db924cf7c	16669	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16670	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	16671	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	15:117db924cf7c	16672	return ret;
wolfSSL	15:117db924cf7c	16673	}
wolfSSL	15:117db924cf7c	16674	#endif
wolfSSL	15:117db924cf7c	16675
wolfSSL	15:117db924cf7c	16676	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	16677	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	16678	AddPacketName(ssl, "Certificate");
wolfSSL	15:117db924cf7c	16679	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	16680	AddPacketInfo(ssl, "Certificate", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	16681	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	16682	#endif
wolfSSL	15:117db924cf7c	16683
wolfSSL	15:117db924cf7c	16684	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	16685	if (!ssl->options.groupMessages)
wolfSSL	15:117db924cf7c	16686	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	16687	}
wolfSSL	15:117db924cf7c	16688
wolfSSL	15:117db924cf7c	16689	if (ret != WANT_WRITE) {
wolfSSL	15:117db924cf7c	16690	/* Clean up the fragment offset. */
wolfSSL	15:117db924cf7c	16691	ssl->fragOffset = 0;
wolfSSL	15:117db924cf7c	16692	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16693	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	16694	ssl->keys.dtls_handshake_number++;
wolfSSL	15:117db924cf7c	16695	#endif
wolfSSL	15:117db924cf7c	16696	if (ssl->options.side == WOLFSSL_SERVER_END){
wolfSSL	15:117db924cf7c	16697	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	15:117db924cf7c	16698	}
wolfSSL	15:117db924cf7c	16699	}
wolfSSL	15:117db924cf7c	16700
wolfSSL	15:117db924cf7c	16701	WOLFSSL_LEAVE("SendCertificate", ret);
wolfSSL	15:117db924cf7c	16702	WOLFSSL_END(WC_FUNC_CERTIFICATE_SEND);
wolfSSL	15:117db924cf7c	16703
wolfSSL	15:117db924cf7c	16704	return ret;
wolfSSL	15:117db924cf7c	16705	}
wolfSSL	15:117db924cf7c	16706	#endif /* !NO_WOLFSSL_SERVER \|\| !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	16707
wolfSSL	15:117db924cf7c	16708	/* handle generation of certificate_request (13) */
wolfSSL	15:117db924cf7c	16709	int SendCertificateRequest(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	16710	{
wolfSSL	15:117db924cf7c	16711	byte *output;
wolfSSL	15:117db924cf7c	16712	int ret;
wolfSSL	15:117db924cf7c	16713	int sendSz;
wolfSSL	15:117db924cf7c	16714	word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16715	word32 dnLen = 0;
wolfSSL	15:117db924cf7c	16716	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX)
wolfSSL	15:117db924cf7c	16717	WOLF_STACK_OF(WOLFSSL_X509_NAME)* names;
wolfSSL	15:117db924cf7c	16718	#endif
wolfSSL	15:117db924cf7c	16719
wolfSSL	15:117db924cf7c	16720	int typeTotal = 1; /* only 1 for now */
wolfSSL	15:117db924cf7c	16721	int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL	15:117db924cf7c	16722
wolfSSL	15:117db924cf7c	16723	WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND);
wolfSSL	15:117db924cf7c	16724	WOLFSSL_ENTER("SendCertificateRequest");
wolfSSL	15:117db924cf7c	16725
wolfSSL	15:117db924cf7c	16726	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	15:117db924cf7c	16727	reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL	15:117db924cf7c	16728
wolfSSL	15:117db924cf7c	16729	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX)
wolfSSL	15:117db924cf7c	16730	/* Certificate Authorities */
wolfSSL	15:117db924cf7c	16731	names = ssl->ctx->ca_names;
wolfSSL	15:117db924cf7c	16732	while (names != NULL) {
wolfSSL	15:117db924cf7c	16733	byte seq[MAX_SEQ_SZ];
wolfSSL	15:117db924cf7c	16734
wolfSSL	15:117db924cf7c	16735	/* 16-bit length \| SEQ \| Len \| DER of name */
wolfSSL	15:117db924cf7c	16736	dnLen += OPAQUE16_LEN + SetSequence(names->data.name->rawLen, seq) +
wolfSSL	15:117db924cf7c	16737	names->data.name->rawLen;
wolfSSL	15:117db924cf7c	16738	names = names->next;
wolfSSL	15:117db924cf7c	16739	}
wolfSSL	15:117db924cf7c	16740	reqSz += dnLen;
wolfSSL	15:117db924cf7c	16741	#endif
wolfSSL	15:117db924cf7c	16742
wolfSSL	15:117db924cf7c	16743	if (ssl->options.usingPSK_cipher \|\| ssl->options.usingAnon_cipher)
wolfSSL	15:117db924cf7c	16744	return 0; /* not needed */
wolfSSL	15:117db924cf7c	16745
wolfSSL	15:117db924cf7c	16746	sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL	15:117db924cf7c	16747
wolfSSL	16:8e0d178b1d1e	16748	if (!ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	16749	if (IsEncryptionOn(ssl, 1))
wolfSSL	16:8e0d178b1d1e	16750	sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	16751	}
wolfSSL	16:8e0d178b1d1e	16752	else {
wolfSSL	15:117db924cf7c	16753	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	16754	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	16755	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	16756	#endif
wolfSSL	16:8e0d178b1d1e	16757	}
wolfSSL	15:117db924cf7c	16758	/* check for available size */
wolfSSL	15:117db924cf7c	16759	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	16760	return ret;
wolfSSL	15:117db924cf7c	16761
wolfSSL	15:117db924cf7c	16762	/* get output buffer */
wolfSSL	15:117db924cf7c	16763	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	16764	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	16765
wolfSSL	15:117db924cf7c	16766	AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL	15:117db924cf7c	16767
wolfSSL	15:117db924cf7c	16768	/* write to output */
wolfSSL	15:117db924cf7c	16769	output[i++] = (byte)typeTotal; /* # of types */
wolfSSL	15:117db924cf7c	16770	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	16771	if ((ssl->options.cipherSuite0 == ECC_BYTE \|\|
wolfSSL	15:117db924cf7c	16772	ssl->options.cipherSuite0 == CHACHA_BYTE) &&
wolfSSL	15:117db924cf7c	16773	ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL	15:117db924cf7c	16774	output[i++] = ecdsa_sign;
wolfSSL	15:117db924cf7c	16775	} else
wolfSSL	15:117db924cf7c	16776	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	16777	{
wolfSSL	15:117db924cf7c	16778	output[i++] = rsa_sign;
wolfSSL	15:117db924cf7c	16779	}
wolfSSL	15:117db924cf7c	16780
wolfSSL	15:117db924cf7c	16781	/* supported hash/sig */
wolfSSL	15:117db924cf7c	16782	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	16783	c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL	15:117db924cf7c	16784	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	16785
wolfSSL	15:117db924cf7c	16786	XMEMCPY(&output[i],
wolfSSL	15:117db924cf7c	16787	ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL	15:117db924cf7c	16788	i += ssl->suites->hashSigAlgoSz;
wolfSSL	15:117db924cf7c	16789	}
wolfSSL	15:117db924cf7c	16790
wolfSSL	15:117db924cf7c	16791	/* Certificate Authorities */
wolfSSL	15:117db924cf7c	16792	c16toa((word16)dnLen, &output[i]); /* auth's */
wolfSSL	15:117db924cf7c	16793	i += REQ_HEADER_SZ;
wolfSSL	15:117db924cf7c	16794	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_NGINX)
wolfSSL	15:117db924cf7c	16795	names = ssl->ctx->ca_names;
wolfSSL	15:117db924cf7c	16796	while (names != NULL) {
wolfSSL	15:117db924cf7c	16797	byte seq[MAX_SEQ_SZ];
wolfSSL	15:117db924cf7c	16798
wolfSSL	15:117db924cf7c	16799	c16toa((word16)names->data.name->rawLen +
wolfSSL	15:117db924cf7c	16800	SetSequence(names->data.name->rawLen, seq), &output[i]);
wolfSSL	15:117db924cf7c	16801	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	16802	i += SetSequence(names->data.name->rawLen, output + i);
wolfSSL	15:117db924cf7c	16803	XMEMCPY(output + i, names->data.name->raw, names->data.name->rawLen);
wolfSSL	15:117db924cf7c	16804	i += names->data.name->rawLen;
wolfSSL	15:117db924cf7c	16805	names = names->next;
wolfSSL	15:117db924cf7c	16806	}
wolfSSL	15:117db924cf7c	16807	#endif
wolfSSL	15:117db924cf7c	16808	(void)i;
wolfSSL	15:117db924cf7c	16809
wolfSSL	16:8e0d178b1d1e	16810	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	16811	byte* input;
wolfSSL	16:8e0d178b1d1e	16812	int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	16:8e0d178b1d1e	16813
wolfSSL	16:8e0d178b1d1e	16814	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	16815	if (input == NULL)
wolfSSL	16:8e0d178b1d1e	16816	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	16817
wolfSSL	16:8e0d178b1d1e	16818	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	16:8e0d178b1d1e	16819	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	16:8e0d178b1d1e	16820	handshake, 1, 0, 0);
wolfSSL	16:8e0d178b1d1e	16821	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	16822
wolfSSL	16:8e0d178b1d1e	16823	if (sendSz < 0)
wolfSSL	16:8e0d178b1d1e	16824	return sendSz;
wolfSSL	16:8e0d178b1d1e	16825	} else {
wolfSSL	16:8e0d178b1d1e	16826	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	16827	if (ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	16828	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	16:8e0d178b1d1e	16829	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	16830	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	16831	return ret;
wolfSSL	16:8e0d178b1d1e	16832	}
wolfSSL	16:8e0d178b1d1e	16833	#endif
wolfSSL	16:8e0d178b1d1e	16834	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	16:8e0d178b1d1e	16835	if (ret != 0)
wolfSSL	15:117db924cf7c	16836	return ret;
wolfSSL	15:117db924cf7c	16837	}
wolfSSL	15:117db924cf7c	16838
wolfSSL	15:117db924cf7c	16839	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	16840	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	16841	AddPacketName(ssl, "CertificateRequest");
wolfSSL	15:117db924cf7c	16842	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	16843	AddPacketInfo(ssl, "CertificateRequest", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	16844	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	16845	#endif
wolfSSL	15:117db924cf7c	16846	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	16847	if (ssl->options.groupMessages)
wolfSSL	15:117db924cf7c	16848	ret = 0;
wolfSSL	15:117db924cf7c	16849	else
wolfSSL	15:117db924cf7c	16850	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	16851
wolfSSL	15:117db924cf7c	16852	WOLFSSL_LEAVE("SendCertificateRequest", ret);
wolfSSL	15:117db924cf7c	16853	WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
wolfSSL	15:117db924cf7c	16854
wolfSSL	15:117db924cf7c	16855	return ret;
wolfSSL	15:117db924cf7c	16856	}
wolfSSL	15:117db924cf7c	16857
wolfSSL	15:117db924cf7c	16858	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	16859	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	16860	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	16861	static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
wolfSSL	15:117db924cf7c	16862	byte count)
wolfSSL	15:117db924cf7c	16863	{
wolfSSL	15:117db924cf7c	16864	byte* output = NULL;
wolfSSL	15:117db924cf7c	16865	word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	16866	word32 length = ENUM_LEN;
wolfSSL	15:117db924cf7c	16867	int sendSz = 0;
wolfSSL	15:117db924cf7c	16868	int ret = 0;
wolfSSL	15:117db924cf7c	16869	int i = 0;
wolfSSL	15:117db924cf7c	16870
wolfSSL	15:117db924cf7c	16871	WOLFSSL_ENTER("BuildCertificateStatus");
wolfSSL	15:117db924cf7c	16872
wolfSSL	15:117db924cf7c	16873	switch (type) {
wolfSSL	15:117db924cf7c	16874	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	15:117db924cf7c	16875	length += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	16876	FALL_THROUGH; /* followed by */
wolfSSL	15:117db924cf7c	16877
wolfSSL	15:117db924cf7c	16878	case WOLFSSL_CSR2_OCSP:
wolfSSL	15:117db924cf7c	16879	for (i = 0; i < count; i++)
wolfSSL	15:117db924cf7c	16880	length += OPAQUE24_LEN + status[i].length;
wolfSSL	15:117db924cf7c	16881	break;
wolfSSL	15:117db924cf7c	16882
wolfSSL	15:117db924cf7c	16883	default:
wolfSSL	15:117db924cf7c	16884	return 0;
wolfSSL	15:117db924cf7c	16885	}
wolfSSL	15:117db924cf7c	16886
wolfSSL	15:117db924cf7c	16887	sendSz = idx + length;
wolfSSL	15:117db924cf7c	16888
wolfSSL	15:117db924cf7c	16889	if (ssl->keys.encryptionOn)
wolfSSL	15:117db924cf7c	16890	sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	16891
wolfSSL	15:117db924cf7c	16892	if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
wolfSSL	15:117db924cf7c	16893	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	16894	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	16895
wolfSSL	15:117db924cf7c	16896	AddHeaders(output, length, certificate_status, ssl);
wolfSSL	15:117db924cf7c	16897
wolfSSL	15:117db924cf7c	16898	output[idx++] = type;
wolfSSL	15:117db924cf7c	16899
wolfSSL	15:117db924cf7c	16900	if (type == WOLFSSL_CSR2_OCSP_MULTI) {
wolfSSL	15:117db924cf7c	16901	c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
wolfSSL	15:117db924cf7c	16902	idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	16903	}
wolfSSL	15:117db924cf7c	16904
wolfSSL	15:117db924cf7c	16905	for (i = 0; i < count; i++) {
wolfSSL	15:117db924cf7c	16906	c32to24(status[i].length, output + idx);
wolfSSL	15:117db924cf7c	16907	idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	16908
wolfSSL	15:117db924cf7c	16909	XMEMCPY(output + idx, status[i].buffer, status[i].length);
wolfSSL	15:117db924cf7c	16910	idx += status[i].length;
wolfSSL	15:117db924cf7c	16911	}
wolfSSL	15:117db924cf7c	16912
wolfSSL	15:117db924cf7c	16913	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	16914	byte* input;
wolfSSL	15:117db924cf7c	16915	int inputSz = idx - RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	16916
wolfSSL	15:117db924cf7c	16917	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	16918	if (input == NULL)
wolfSSL	15:117db924cf7c	16919	return MEMORY_E;
wolfSSL	15:117db924cf7c	16920
wolfSSL	15:117db924cf7c	16921	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	15:117db924cf7c	16922	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	15:117db924cf7c	16923	handshake, 1, 0, 0);
wolfSSL	15:117db924cf7c	16924	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	16925
wolfSSL	15:117db924cf7c	16926	if (sendSz < 0)
wolfSSL	15:117db924cf7c	16927	ret = sendSz;
wolfSSL	15:117db924cf7c	16928	}
wolfSSL	15:117db924cf7c	16929	else {
wolfSSL	15:117db924cf7c	16930	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16931	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	16932	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	16933	#endif
wolfSSL	15:117db924cf7c	16934	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	15:117db924cf7c	16935	}
wolfSSL	15:117db924cf7c	16936
wolfSSL	15:117db924cf7c	16937	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	16938	if (ret == 0 && IsDtlsNotSctpMode(ssl))
wolfSSL	15:117db924cf7c	16939	ret = DtlsMsgPoolSave(ssl, output, sendSz);
wolfSSL	15:117db924cf7c	16940	#endif
wolfSSL	15:117db924cf7c	16941
wolfSSL	15:117db924cf7c	16942	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	16943	if (ret == 0 && ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	16944	AddPacketName(ssl, "CertificateStatus");
wolfSSL	15:117db924cf7c	16945	if (ret == 0 && ssl->toInfoOn)
wolfSSL	15:117db924cf7c	16946	AddPacketInfo(ssl, "CertificateStatus", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	16947	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	16948	#endif
wolfSSL	15:117db924cf7c	16949
wolfSSL	15:117db924cf7c	16950	if (ret == 0) {
wolfSSL	15:117db924cf7c	16951	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	16952	if (!ssl->options.groupMessages)
wolfSSL	15:117db924cf7c	16953	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	16954	}
wolfSSL	15:117db924cf7c	16955	}
wolfSSL	15:117db924cf7c	16956
wolfSSL	15:117db924cf7c	16957	WOLFSSL_LEAVE("BuildCertificateStatus", ret);
wolfSSL	15:117db924cf7c	16958	return ret;
wolfSSL	15:117db924cf7c	16959	}
wolfSSL	15:117db924cf7c	16960	#endif
wolfSSL	15:117db924cf7c	16961	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	16962
wolfSSL	15:117db924cf7c	16963	/* handle generation of certificate_status (22) */
wolfSSL	15:117db924cf7c	16964	int SendCertificateStatus(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	16965	{
wolfSSL	15:117db924cf7c	16966	int ret = 0;
wolfSSL	15:117db924cf7c	16967	byte status_type = 0;
wolfSSL	15:117db924cf7c	16968
wolfSSL	15:117db924cf7c	16969	WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_SEND);
wolfSSL	15:117db924cf7c	16970	WOLFSSL_ENTER("SendCertificateStatus");
wolfSSL	15:117db924cf7c	16971
wolfSSL	15:117db924cf7c	16972	(void) ssl;
wolfSSL	15:117db924cf7c	16973
wolfSSL	15:117db924cf7c	16974	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL	15:117db924cf7c	16975	status_type = ssl->status_request;
wolfSSL	15:117db924cf7c	16976	#endif
wolfSSL	15:117db924cf7c	16977
wolfSSL	15:117db924cf7c	16978	#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	16979	status_type = status_type ? status_type : ssl->status_request_v2;
wolfSSL	15:117db924cf7c	16980	#endif
wolfSSL	15:117db924cf7c	16981
wolfSSL	15:117db924cf7c	16982	switch (status_type) {
wolfSSL	15:117db924cf7c	16983
wolfSSL	15:117db924cf7c	16984	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	16985	#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL	15:117db924cf7c	16986	\|\| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL	15:117db924cf7c	16987	/* case WOLFSSL_CSR_OCSP: */
wolfSSL	15:117db924cf7c	16988	case WOLFSSL_CSR2_OCSP:
wolfSSL	15:117db924cf7c	16989	{
wolfSSL	15:117db924cf7c	16990	OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL	15:117db924cf7c	16991	buffer response;
wolfSSL	15:117db924cf7c	16992
wolfSSL	15:117db924cf7c	16993	ret = CreateOcspResponse(ssl, &request, &response);
wolfSSL	16:8e0d178b1d1e	16994
wolfSSL	16:8e0d178b1d1e	16995	/* if a request was successfully created and not stored in
wolfSSL	16:8e0d178b1d1e	16996	* ssl->ctx then free it */
wolfSSL	16:8e0d178b1d1e	16997	if (ret == 0 && request != ssl->ctx->certOcspRequest) {
wolfSSL	16:8e0d178b1d1e	16998	FreeOcspRequest(request);
wolfSSL	16:8e0d178b1d1e	16999	XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	16:8e0d178b1d1e	17000	request = NULL;
wolfSSL	16:8e0d178b1d1e	17001	}
wolfSSL	16:8e0d178b1d1e	17002
wolfSSL	15:117db924cf7c	17003	if (ret == 0 && response.buffer) {
wolfSSL	15:117db924cf7c	17004	ret = BuildCertificateStatus(ssl, status_type, &response, 1);
wolfSSL	15:117db924cf7c	17005
wolfSSL	15:117db924cf7c	17006	XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	17007	response.buffer = NULL;
wolfSSL	15:117db924cf7c	17008	}
wolfSSL	15:117db924cf7c	17009	break;
wolfSSL	15:117db924cf7c	17010	}
wolfSSL	15:117db924cf7c	17011
wolfSSL	15:117db924cf7c	17012	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL	15:117db924cf7c	17013	/* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	15:117db924cf7c	17014
wolfSSL	15:117db924cf7c	17015	#if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL	15:117db924cf7c	17016	case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL	15:117db924cf7c	17017	{
wolfSSL	15:117db924cf7c	17018	OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL	15:117db924cf7c	17019	buffer responses[1 + MAX_CHAIN_DEPTH];
wolfSSL	15:117db924cf7c	17020	int i = 0;
wolfSSL	15:117db924cf7c	17021
wolfSSL	15:117db924cf7c	17022	XMEMSET(responses, 0, sizeof(responses));
wolfSSL	15:117db924cf7c	17023
wolfSSL	15:117db924cf7c	17024	ret = CreateOcspResponse(ssl, &request, &responses[0]);
wolfSSL	16:8e0d178b1d1e	17025
wolfSSL	16:8e0d178b1d1e	17026	/* if a request was successfully created and not stored in
wolfSSL	16:8e0d178b1d1e	17027	* ssl->ctx then free it */
wolfSSL	16:8e0d178b1d1e	17028	if (ret == 0 && request != ssl->ctx->certOcspRequest) {
wolfSSL	16:8e0d178b1d1e	17029	FreeOcspRequest(request);
wolfSSL	16:8e0d178b1d1e	17030	XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	16:8e0d178b1d1e	17031	request = NULL;
wolfSSL	16:8e0d178b1d1e	17032	}
wolfSSL	16:8e0d178b1d1e	17033
wolfSSL	15:117db924cf7c	17034	if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
wolfSSL	15:117db924cf7c	17035	\|\| ssl->buffers.weOwnCertChain)) {
wolfSSL	15:117db924cf7c	17036	buffer der;
wolfSSL	15:117db924cf7c	17037	word32 idx = 0;
wolfSSL	15:117db924cf7c	17038	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	17039	DecodedCert* cert;
wolfSSL	15:117db924cf7c	17040	#else
wolfSSL	15:117db924cf7c	17041	DecodedCert cert[1];
wolfSSL	15:117db924cf7c	17042	#endif
wolfSSL	15:117db924cf7c	17043
wolfSSL	15:117db924cf7c	17044	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	17045	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL	15:117db924cf7c	17046	DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	17047	if (cert == NULL)
wolfSSL	15:117db924cf7c	17048	return MEMORY_E;
wolfSSL	15:117db924cf7c	17049	#endif
wolfSSL	15:117db924cf7c	17050	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), ssl->heap,
wolfSSL	15:117db924cf7c	17051	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	17052	if (request == NULL) {
wolfSSL	15:117db924cf7c	17053	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	17054	XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	17055	#endif
wolfSSL	15:117db924cf7c	17056	return MEMORY_E;
wolfSSL	15:117db924cf7c	17057	}
wolfSSL	15:117db924cf7c	17058
wolfSSL	15:117db924cf7c	17059	while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {
wolfSSL	15:117db924cf7c	17060	c24to32(ssl->buffers.certChain->buffer + idx, &der.length);
wolfSSL	15:117db924cf7c	17061	idx += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	17062
wolfSSL	15:117db924cf7c	17063	der.buffer = ssl->buffers.certChain->buffer + idx;
wolfSSL	15:117db924cf7c	17064	idx += der.length;
wolfSSL	15:117db924cf7c	17065
wolfSSL	15:117db924cf7c	17066	if (idx > ssl->buffers.certChain->length)
wolfSSL	15:117db924cf7c	17067	break;
wolfSSL	15:117db924cf7c	17068
wolfSSL	15:117db924cf7c	17069	ret = CreateOcspRequest(ssl, request, cert, der.buffer,
wolfSSL	15:117db924cf7c	17070	der.length);
wolfSSL	15:117db924cf7c	17071	if (ret == 0) {
wolfSSL	15:117db924cf7c	17072	request->ssl = ssl;
wolfSSL	15:117db924cf7c	17073	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL	15:117db924cf7c	17074	request, &responses[i + 1]);
wolfSSL	15:117db924cf7c	17075
wolfSSL	15:117db924cf7c	17076	/* Suppressing, not critical */
wolfSSL	15:117db924cf7c	17077	if (ret == OCSP_CERT_REVOKED \|\|
wolfSSL	15:117db924cf7c	17078	ret == OCSP_CERT_UNKNOWN \|\|
wolfSSL	15:117db924cf7c	17079	ret == OCSP_LOOKUP_FAIL) {
wolfSSL	15:117db924cf7c	17080	ret = 0;
wolfSSL	15:117db924cf7c	17081	}
wolfSSL	15:117db924cf7c	17082
wolfSSL	15:117db924cf7c	17083
wolfSSL	15:117db924cf7c	17084	i++;
wolfSSL	16:8e0d178b1d1e	17085	FreeOcspRequest(request);
wolfSSL	15:117db924cf7c	17086	}
wolfSSL	15:117db924cf7c	17087	}
wolfSSL	15:117db924cf7c	17088
wolfSSL	15:117db924cf7c	17089	XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	17090	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	17091	XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT);
wolfSSL	15:117db924cf7c	17092	#endif
wolfSSL	15:117db924cf7c	17093	}
wolfSSL	15:117db924cf7c	17094	else {
wolfSSL	15:117db924cf7c	17095	while (ret == 0 &&
wolfSSL	15:117db924cf7c	17096	NULL != (request = ssl->ctx->chainOcspRequest[i])) {
wolfSSL	15:117db924cf7c	17097	request->ssl = ssl;
wolfSSL	15:117db924cf7c	17098	ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL	15:117db924cf7c	17099	request, &responses[++i]);
wolfSSL	15:117db924cf7c	17100
wolfSSL	15:117db924cf7c	17101	/* Suppressing, not critical */
wolfSSL	15:117db924cf7c	17102	if (ret == OCSP_CERT_REVOKED \|\|
wolfSSL	15:117db924cf7c	17103	ret == OCSP_CERT_UNKNOWN \|\|
wolfSSL	15:117db924cf7c	17104	ret == OCSP_LOOKUP_FAIL) {
wolfSSL	15:117db924cf7c	17105	ret = 0;
wolfSSL	15:117db924cf7c	17106	}
wolfSSL	15:117db924cf7c	17107	}
wolfSSL	15:117db924cf7c	17108	}
wolfSSL	15:117db924cf7c	17109
wolfSSL	15:117db924cf7c	17110	if (responses[0].buffer) {
wolfSSL	15:117db924cf7c	17111	if (ret == 0) {
wolfSSL	15:117db924cf7c	17112	ret = BuildCertificateStatus(ssl, status_type, responses,
wolfSSL	15:117db924cf7c	17113	(byte)i + 1);
wolfSSL	15:117db924cf7c	17114	}
wolfSSL	15:117db924cf7c	17115
wolfSSL	15:117db924cf7c	17116	for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) {
wolfSSL	15:117db924cf7c	17117	if (responses[i].buffer) {
wolfSSL	15:117db924cf7c	17118	XFREE(responses[i].buffer, ssl->heap,
wolfSSL	15:117db924cf7c	17119	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	15:117db924cf7c	17120	}
wolfSSL	15:117db924cf7c	17121	}
wolfSSL	15:117db924cf7c	17122	}
wolfSSL	15:117db924cf7c	17123
wolfSSL	15:117db924cf7c	17124	break;
wolfSSL	15:117db924cf7c	17125	}
wolfSSL	15:117db924cf7c	17126	#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL	15:117db924cf7c	17127	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	17128
wolfSSL	15:117db924cf7c	17129	default:
wolfSSL	15:117db924cf7c	17130	break;
wolfSSL	15:117db924cf7c	17131	}
wolfSSL	15:117db924cf7c	17132
wolfSSL	15:117db924cf7c	17133	WOLFSSL_LEAVE("SendCertificateStatus", ret);
wolfSSL	15:117db924cf7c	17134	WOLFSSL_END(WC_FUNC_CERTIFICATE_STATUS_SEND);
wolfSSL	15:117db924cf7c	17135
wolfSSL	15:117db924cf7c	17136	return ret;
wolfSSL	15:117db924cf7c	17137	}
wolfSSL	15:117db924cf7c	17138
wolfSSL	15:117db924cf7c	17139	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	17140
wolfSSL	15:117db924cf7c	17141	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	17142
wolfSSL	16:8e0d178b1d1e	17143
wolfSSL	16:8e0d178b1d1e	17144	/* If secure renegotiation is disabled, this will always return false.
wolfSSL	16:8e0d178b1d1e	17145	* Otherwise it checks to see if we are currently renegotiating. */
wolfSSL	16:8e0d178b1d1e	17146	static WC_INLINE int IsSCR(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	17147	{
wolfSSL	16:8e0d178b1d1e	17148	#ifndef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	17149	(void)ssl;
wolfSSL	16:8e0d178b1d1e	17150	#else /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	16:8e0d178b1d1e	17151	if (ssl->secure_renegotiation &&
wolfSSL	16:8e0d178b1d1e	17152	ssl->secure_renegotiation->enabled &&
wolfSSL	16:8e0d178b1d1e	17153	ssl->options.handShakeState != HANDSHAKE_DONE)
wolfSSL	16:8e0d178b1d1e	17154	return 1;
wolfSSL	16:8e0d178b1d1e	17155	#endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL	16:8e0d178b1d1e	17156	return 0;
wolfSSL	16:8e0d178b1d1e	17157	}
wolfSSL	16:8e0d178b1d1e	17158
wolfSSL	16:8e0d178b1d1e	17159
wolfSSL	15:117db924cf7c	17160	int SendData(WOLFSSL* ssl, const void* data, int sz)
wolfSSL	15:117db924cf7c	17161	{
wolfSSL	15:117db924cf7c	17162	int sent = 0, /* plainText size */
wolfSSL	15:117db924cf7c	17163	sendSz,
wolfSSL	15:117db924cf7c	17164	ret,
wolfSSL	15:117db924cf7c	17165	dtlsExtra = 0;
wolfSSL	16:8e0d178b1d1e	17166	int groupMsgs = 0;
wolfSSL	15:117db924cf7c	17167
wolfSSL	15:117db924cf7c	17168	if (ssl->error == WANT_WRITE
wolfSSL	15:117db924cf7c	17169	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	17170	\|\| ssl->error == WC_PENDING_E
wolfSSL	15:117db924cf7c	17171	#endif
wolfSSL	15:117db924cf7c	17172	) {
wolfSSL	15:117db924cf7c	17173	ssl->error = 0;
wolfSSL	15:117db924cf7c	17174	}
wolfSSL	15:117db924cf7c	17175
wolfSSL	16:8e0d178b1d1e	17176	/* don't allow write after decrypt or mac error */
wolfSSL	16:8e0d178b1d1e	17177	if (ssl->error == VERIFY_MAC_ERROR \|\| ssl->error == DECRYPT_ERROR) {
wolfSSL	16:8e0d178b1d1e	17178	/* For DTLS allow these possible errors and allow the session
wolfSSL	16:8e0d178b1d1e	17179	to continue despite them */
wolfSSL	16:8e0d178b1d1e	17180	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	17181	ssl->error = 0;
wolfSSL	16:8e0d178b1d1e	17182	}
wolfSSL	16:8e0d178b1d1e	17183	else {
wolfSSL	16:8e0d178b1d1e	17184	WOLFSSL_MSG("Not allowing write after decrypt or mac error");
wolfSSL	16:8e0d178b1d1e	17185	return WOLFSSL_FATAL_ERROR;
wolfSSL	16:8e0d178b1d1e	17186	}
wolfSSL	16:8e0d178b1d1e	17187	}
wolfSSL	15:117db924cf7c	17188
wolfSSL	15:117db924cf7c	17189	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	17190	if (ssl->earlyData != no_early_data) {
wolfSSL	15:117db924cf7c	17191	if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL	15:117db924cf7c	17192	WOLFSSL_MSG("handshake complete, trying to send early data");
wolfSSL	15:117db924cf7c	17193	return BUILD_MSG_ERROR;
wolfSSL	15:117db924cf7c	17194	}
wolfSSL	16:8e0d178b1d1e	17195	#ifdef WOLFSSL_EARLY_DATA_GROUP
wolfSSL	16:8e0d178b1d1e	17196	groupMsgs = 1;
wolfSSL	16:8e0d178b1d1e	17197	#endif
wolfSSL	16:8e0d178b1d1e	17198	}
wolfSSL	16:8e0d178b1d1e	17199	else
wolfSSL	16:8e0d178b1d1e	17200	#endif
wolfSSL	16:8e0d178b1d1e	17201	if (ssl->options.handShakeState != HANDSHAKE_DONE && !IsSCR(ssl)) {
wolfSSL	15:117db924cf7c	17202	int err;
wolfSSL	15:117db924cf7c	17203	WOLFSSL_MSG("handshake not complete, trying to finish");
wolfSSL	15:117db924cf7c	17204	if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	17205	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	17206	/* if async would block return WANT_WRITE */
wolfSSL	15:117db924cf7c	17207	if (ssl->error == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	17208	return WOLFSSL_CBIO_ERR_WANT_WRITE;
wolfSSL	15:117db924cf7c	17209	}
wolfSSL	15:117db924cf7c	17210	#endif
wolfSSL	15:117db924cf7c	17211	return err;
wolfSSL	15:117db924cf7c	17212	}
wolfSSL	15:117db924cf7c	17213	}
wolfSSL	15:117db924cf7c	17214
wolfSSL	15:117db924cf7c	17215	/* last time system socket output buffer was full, try again to send */
wolfSSL	16:8e0d178b1d1e	17216	if (!groupMsgs && ssl->buffers.outputBuffer.length > 0) {
wolfSSL	15:117db924cf7c	17217	WOLFSSL_MSG("output buffer was full, trying to send again");
wolfSSL	15:117db924cf7c	17218	if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL	15:117db924cf7c	17219	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17220	if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset \|\|
wolfSSL	15:117db924cf7c	17221	ssl->options.isClosed)) {
wolfSSL	15:117db924cf7c	17222	ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL	15:117db924cf7c	17223	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17224	return 0; /* peer reset or closed */
wolfSSL	15:117db924cf7c	17225	}
wolfSSL	15:117db924cf7c	17226	return ssl->error;
wolfSSL	15:117db924cf7c	17227	}
wolfSSL	15:117db924cf7c	17228	else {
wolfSSL	15:117db924cf7c	17229	/* advance sent to previous sent + plain size just sent */
wolfSSL	15:117db924cf7c	17230	sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL	15:117db924cf7c	17231	WOLFSSL_MSG("sent write buffered data");
wolfSSL	15:117db924cf7c	17232
wolfSSL	15:117db924cf7c	17233	if (sent > sz) {
wolfSSL	15:117db924cf7c	17234	WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
wolfSSL	15:117db924cf7c	17235	return ssl->error = BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	17236	}
wolfSSL	15:117db924cf7c	17237	}
wolfSSL	15:117db924cf7c	17238	}
wolfSSL	15:117db924cf7c	17239
wolfSSL	15:117db924cf7c	17240	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17241	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	17242	dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	17243	}
wolfSSL	15:117db924cf7c	17244	#endif
wolfSSL	15:117db924cf7c	17245
wolfSSL	15:117db924cf7c	17246	for (;;) {
wolfSSL	15:117db924cf7c	17247	int len;
wolfSSL	15:117db924cf7c	17248	byte* out;
wolfSSL	15:117db924cf7c	17249	byte* sendBuffer = (byte)data + sent; / may switch on comp */
wolfSSL	15:117db924cf7c	17250	int buffSz; /* may switch on comp */
wolfSSL	15:117db924cf7c	17251	int outputSz;
wolfSSL	15:117db924cf7c	17252	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	17253	byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	15:117db924cf7c	17254	#endif
wolfSSL	15:117db924cf7c	17255
wolfSSL	15:117db924cf7c	17256	if (sent == sz) break;
wolfSSL	15:117db924cf7c	17257
wolfSSL	15:117db924cf7c	17258	len = wolfSSL_GetMaxRecordSize(ssl, sz - sent);
wolfSSL	15:117db924cf7c	17259
wolfSSL	15:117db924cf7c	17260	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17261	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	17262	len = min(len, MAX_UDP_SIZE);
wolfSSL	15:117db924cf7c	17263	}
wolfSSL	15:117db924cf7c	17264	#endif
wolfSSL	15:117db924cf7c	17265	buffSz = len;
wolfSSL	15:117db924cf7c	17266
wolfSSL	15:117db924cf7c	17267	/* check for available size */
wolfSSL	15:117db924cf7c	17268	outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	17269	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	15:117db924cf7c	17270	return ssl->error = ret;
wolfSSL	15:117db924cf7c	17271
wolfSSL	15:117db924cf7c	17272	/* get output buffer */
wolfSSL	15:117db924cf7c	17273	out = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	17274	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	17275
wolfSSL	15:117db924cf7c	17276	#ifdef HAVE_LIBZ
wolfSSL	15:117db924cf7c	17277	if (ssl->options.usingCompression) {
wolfSSL	15:117db924cf7c	17278	buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL	15:117db924cf7c	17279	if (buffSz < 0) {
wolfSSL	15:117db924cf7c	17280	return buffSz;
wolfSSL	15:117db924cf7c	17281	}
wolfSSL	15:117db924cf7c	17282	sendBuffer = comp;
wolfSSL	15:117db924cf7c	17283	}
wolfSSL	15:117db924cf7c	17284	#endif
wolfSSL	15:117db924cf7c	17285	if (!ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	17286	sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL	15:117db924cf7c	17287	application_data, 0, 0, 1);
wolfSSL	15:117db924cf7c	17288	}
wolfSSL	15:117db924cf7c	17289	else {
wolfSSL	15:117db924cf7c	17290	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	17291	sendSz = BuildTls13Message(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL	15:117db924cf7c	17292	application_data, 0, 0, 1);
wolfSSL	15:117db924cf7c	17293	#else
wolfSSL	15:117db924cf7c	17294	sendSz = BUFFER_ERROR;
wolfSSL	15:117db924cf7c	17295	#endif
wolfSSL	15:117db924cf7c	17296	}
wolfSSL	15:117db924cf7c	17297	if (sendSz < 0) {
wolfSSL	15:117db924cf7c	17298	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	17299	if (sendSz == WC_PENDING_E)
wolfSSL	15:117db924cf7c	17300	ssl->error = sendSz;
wolfSSL	15:117db924cf7c	17301	#endif
wolfSSL	15:117db924cf7c	17302	return BUILD_MSG_ERROR;
wolfSSL	15:117db924cf7c	17303	}
wolfSSL	15:117db924cf7c	17304
wolfSSL	15:117db924cf7c	17305	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	17306
wolfSSL	15:117db924cf7c	17307	if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL	15:117db924cf7c	17308	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17309	/* store for next call if WANT_WRITE or user embedSend() that
wolfSSL	15:117db924cf7c	17310	doesn't present like WANT_WRITE */
wolfSSL	15:117db924cf7c	17311	ssl->buffers.plainSz = len;
wolfSSL	15:117db924cf7c	17312	ssl->buffers.prevSent = sent;
wolfSSL	15:117db924cf7c	17313	if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset \|\|
wolfSSL	15:117db924cf7c	17314	ssl->options.isClosed)) {
wolfSSL	15:117db924cf7c	17315	ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL	15:117db924cf7c	17316	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17317	return 0; /* peer reset or closed */
wolfSSL	15:117db924cf7c	17318	}
wolfSSL	15:117db924cf7c	17319	return ssl->error;
wolfSSL	15:117db924cf7c	17320	}
wolfSSL	15:117db924cf7c	17321
wolfSSL	15:117db924cf7c	17322	sent += len;
wolfSSL	15:117db924cf7c	17323
wolfSSL	15:117db924cf7c	17324	/* only one message per attempt */
wolfSSL	15:117db924cf7c	17325	if (ssl->options.partialWrite == 1) {
wolfSSL	16:8e0d178b1d1e	17326	WOLFSSL_MSG("Partial Write on, only sending one record");
wolfSSL	15:117db924cf7c	17327	break;
wolfSSL	15:117db924cf7c	17328	}
wolfSSL	15:117db924cf7c	17329	}
wolfSSL	15:117db924cf7c	17330
wolfSSL	15:117db924cf7c	17331	return sent;
wolfSSL	15:117db924cf7c	17332	}
wolfSSL	15:117db924cf7c	17333
wolfSSL	15:117db924cf7c	17334	/* process input data */
wolfSSL	15:117db924cf7c	17335	int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
wolfSSL	15:117db924cf7c	17336	{
wolfSSL	15:117db924cf7c	17337	int size;
wolfSSL	15:117db924cf7c	17338
wolfSSL	15:117db924cf7c	17339	WOLFSSL_ENTER("ReceiveData()");
wolfSSL	15:117db924cf7c	17340
wolfSSL	15:117db924cf7c	17341	/* reset error state */
wolfSSL	15:117db924cf7c	17342	if (ssl->error == WANT_READ
wolfSSL	15:117db924cf7c	17343	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	17344	\|\| ssl->error == WC_PENDING_E
wolfSSL	15:117db924cf7c	17345	#endif
wolfSSL	15:117db924cf7c	17346	) {
wolfSSL	15:117db924cf7c	17347	ssl->error = 0;
wolfSSL	15:117db924cf7c	17348	}
wolfSSL	15:117db924cf7c	17349
wolfSSL	15:117db924cf7c	17350	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17351	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	17352	/* In DTLS mode, we forgive some errors and allow the session
wolfSSL	15:117db924cf7c	17353	* to continue despite them. */
wolfSSL	15:117db924cf7c	17354	if (ssl->error == VERIFY_MAC_ERROR \|\| ssl->error == DECRYPT_ERROR)
wolfSSL	15:117db924cf7c	17355	ssl->error = 0;
wolfSSL	15:117db924cf7c	17356	}
wolfSSL	15:117db924cf7c	17357	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	17358
wolfSSL	15:117db924cf7c	17359	if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL	15:117db924cf7c	17360	WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
wolfSSL	15:117db924cf7c	17361	return ssl->error;
wolfSSL	15:117db924cf7c	17362	}
wolfSSL	15:117db924cf7c	17363
wolfSSL	15:117db924cf7c	17364	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	17365	if (ssl->earlyData != no_early_data) {
wolfSSL	15:117db924cf7c	17366	}
wolfSSL	15:117db924cf7c	17367	else
wolfSSL	15:117db924cf7c	17368	#endif
wolfSSL	15:117db924cf7c	17369	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	15:117db924cf7c	17370	int err;
wolfSSL	15:117db924cf7c	17371	WOLFSSL_MSG("Handshake not complete, trying to finish");
wolfSSL	15:117db924cf7c	17372	if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	17373	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	17374	/* if async would block return WANT_WRITE */
wolfSSL	15:117db924cf7c	17375	if (ssl->error == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	17376	return WOLFSSL_CBIO_ERR_WANT_READ;
wolfSSL	15:117db924cf7c	17377	}
wolfSSL	15:117db924cf7c	17378	#endif
wolfSSL	15:117db924cf7c	17379	return err;
wolfSSL	15:117db924cf7c	17380	}
wolfSSL	15:117db924cf7c	17381	}
wolfSSL	15:117db924cf7c	17382
wolfSSL	15:117db924cf7c	17383	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	17384	startScr:
wolfSSL	15:117db924cf7c	17385	if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
wolfSSL	15:117db924cf7c	17386	int err;
wolfSSL	15:117db924cf7c	17387	WOLFSSL_MSG("Need to start scr, server requested");
wolfSSL	15:117db924cf7c	17388	if ( (err = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS)
wolfSSL	15:117db924cf7c	17389	return err;
wolfSSL	16:8e0d178b1d1e	17390	ssl->secure_renegotiation->startScr = 0; /* only start once */
wolfSSL	15:117db924cf7c	17391	}
wolfSSL	15:117db924cf7c	17392	#endif
wolfSSL	15:117db924cf7c	17393
wolfSSL	15:117db924cf7c	17394	while (ssl->buffers.clearOutputBuffer.length == 0) {
wolfSSL	15:117db924cf7c	17395	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	15:117db924cf7c	17396	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17397	if (ssl->error == ZERO_RETURN) {
wolfSSL	15:117db924cf7c	17398	WOLFSSL_MSG("Zero return, no more data coming");
wolfSSL	15:117db924cf7c	17399	return 0; /* no more data coming */
wolfSSL	15:117db924cf7c	17400	}
wolfSSL	15:117db924cf7c	17401	if (ssl->error == SOCKET_ERROR_E) {
wolfSSL	15:117db924cf7c	17402	if (ssl->options.connReset \|\| ssl->options.isClosed) {
wolfSSL	15:117db924cf7c	17403	WOLFSSL_MSG("Peer reset or closed, connection done");
wolfSSL	15:117db924cf7c	17404	ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL	15:117db924cf7c	17405	WOLFSSL_ERROR(ssl->error);
wolfSSL	15:117db924cf7c	17406	return 0; /* peer reset or closed */
wolfSSL	15:117db924cf7c	17407	}
wolfSSL	15:117db924cf7c	17408	}
wolfSSL	15:117db924cf7c	17409	return ssl->error;
wolfSSL	15:117db924cf7c	17410	}
wolfSSL	15:117db924cf7c	17411	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	17412	if (ssl->secure_renegotiation &&
wolfSSL	15:117db924cf7c	17413	ssl->secure_renegotiation->startScr) {
wolfSSL	15:117db924cf7c	17414	goto startScr;
wolfSSL	15:117db924cf7c	17415	}
wolfSSL	15:117db924cf7c	17416	#endif
wolfSSL	15:117db924cf7c	17417	}
wolfSSL	15:117db924cf7c	17418
wolfSSL	15:117db924cf7c	17419	if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL	15:117db924cf7c	17420	size = sz;
wolfSSL	15:117db924cf7c	17421	else
wolfSSL	15:117db924cf7c	17422	size = ssl->buffers.clearOutputBuffer.length;
wolfSSL	15:117db924cf7c	17423
wolfSSL	15:117db924cf7c	17424	XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL	15:117db924cf7c	17425
wolfSSL	15:117db924cf7c	17426	if (peek == 0) {
wolfSSL	15:117db924cf7c	17427	ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL	15:117db924cf7c	17428	ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL	15:117db924cf7c	17429	}
wolfSSL	15:117db924cf7c	17430
wolfSSL	15:117db924cf7c	17431	if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL	15:117db924cf7c	17432	ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	17433	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	15:117db924cf7c	17434
wolfSSL	15:117db924cf7c	17435	WOLFSSL_LEAVE("ReceiveData()", size);
wolfSSL	15:117db924cf7c	17436	return size;
wolfSSL	15:117db924cf7c	17437	}
wolfSSL	15:117db924cf7c	17438
wolfSSL	15:117db924cf7c	17439
wolfSSL	15:117db924cf7c	17440	/* send alert message */
wolfSSL	15:117db924cf7c	17441	int SendAlert(WOLFSSL* ssl, int severity, int type)
wolfSSL	15:117db924cf7c	17442	{
wolfSSL	15:117db924cf7c	17443	byte input[ALERT_SIZE];
wolfSSL	15:117db924cf7c	17444	byte *output;
wolfSSL	15:117db924cf7c	17445	int sendSz;
wolfSSL	15:117db924cf7c	17446	int ret;
wolfSSL	15:117db924cf7c	17447	int outputSz;
wolfSSL	15:117db924cf7c	17448	int dtlsExtra = 0;
wolfSSL	15:117db924cf7c	17449
wolfSSL	16:8e0d178b1d1e	17450	WOLFSSL_ENTER("SendAlert");
wolfSSL	16:8e0d178b1d1e	17451
wolfSSL	15:117db924cf7c	17452	#ifdef HAVE_WRITE_DUP
wolfSSL	15:117db924cf7c	17453	if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) {
wolfSSL	15:117db924cf7c	17454	int notifyErr = 0;
wolfSSL	15:117db924cf7c	17455
wolfSSL	15:117db924cf7c	17456	WOLFSSL_MSG("Read dup side cannot write alerts, notifying sibling");
wolfSSL	15:117db924cf7c	17457
wolfSSL	15:117db924cf7c	17458	if (type == close_notify) {
wolfSSL	15:117db924cf7c	17459	notifyErr = ZERO_RETURN;
wolfSSL	15:117db924cf7c	17460	} else if (severity == alert_fatal) {
wolfSSL	15:117db924cf7c	17461	notifyErr = FATAL_ERROR;
wolfSSL	15:117db924cf7c	17462	}
wolfSSL	15:117db924cf7c	17463
wolfSSL	15:117db924cf7c	17464	if (notifyErr != 0) {
wolfSSL	15:117db924cf7c	17465	return NotifyWriteSide(ssl, notifyErr);
wolfSSL	15:117db924cf7c	17466	}
wolfSSL	15:117db924cf7c	17467
wolfSSL	15:117db924cf7c	17468	return 0;
wolfSSL	15:117db924cf7c	17469	}
wolfSSL	15:117db924cf7c	17470	#endif
wolfSSL	15:117db924cf7c	17471
wolfSSL	15:117db924cf7c	17472	/* if sendalert is called again for nonblocking */
wolfSSL	15:117db924cf7c	17473	if (ssl->options.sendAlertState != 0) {
wolfSSL	15:117db924cf7c	17474	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	17475	if (ret == 0)
wolfSSL	15:117db924cf7c	17476	ssl->options.sendAlertState = 0;
wolfSSL	15:117db924cf7c	17477	return ret;
wolfSSL	15:117db924cf7c	17478	}
wolfSSL	15:117db924cf7c	17479
wolfSSL	15:117db924cf7c	17480	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	17481	if (ssl->CBIS != NULL) {
wolfSSL	15:117db924cf7c	17482	ssl->CBIS(ssl, SSL_CB_ALERT, type);
wolfSSL	15:117db924cf7c	17483	}
wolfSSL	15:117db924cf7c	17484	#endif
wolfSSL	15:117db924cf7c	17485	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17486	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	17487	dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	17488	#endif
wolfSSL	15:117db924cf7c	17489
wolfSSL	15:117db924cf7c	17490	/* check for available size */
wolfSSL	15:117db924cf7c	17491	outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
wolfSSL	15:117db924cf7c	17492	if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL	15:117db924cf7c	17493	return ret;
wolfSSL	15:117db924cf7c	17494
wolfSSL	15:117db924cf7c	17495	/* Check output buffer */
wolfSSL	15:117db924cf7c	17496	if (ssl->buffers.outputBuffer.buffer == NULL)
wolfSSL	15:117db924cf7c	17497	return BUFFER_E;
wolfSSL	15:117db924cf7c	17498
wolfSSL	15:117db924cf7c	17499	/* get output buffer */
wolfSSL	15:117db924cf7c	17500	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	17501	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	17502
wolfSSL	15:117db924cf7c	17503	input[0] = (byte)severity;
wolfSSL	15:117db924cf7c	17504	input[1] = (byte)type;
wolfSSL	15:117db924cf7c	17505	ssl->alert_history.last_tx.code = type;
wolfSSL	15:117db924cf7c	17506	ssl->alert_history.last_tx.level = severity;
wolfSSL	15:117db924cf7c	17507	if (severity == alert_fatal) {
wolfSSL	15:117db924cf7c	17508	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	15:117db924cf7c	17509	}
wolfSSL	15:117db924cf7c	17510
wolfSSL	15:117db924cf7c	17511	/* only send encrypted alert if handshake actually complete, otherwise
wolfSSL	15:117db924cf7c	17512	other side may not be able to handle it */
wolfSSL	16:8e0d178b1d1e	17513	if (IsEncryptionOn(ssl, 1) && (IsAtLeastTLSv1_3(ssl->version) \|\|
wolfSSL	16:8e0d178b1d1e	17514	ssl->options.handShakeDone)) {
wolfSSL	16:8e0d178b1d1e	17515	sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert,
wolfSSL	16:8e0d178b1d1e	17516	0, 0, 0);
wolfSSL	16:8e0d178b1d1e	17517	}
wolfSSL	15:117db924cf7c	17518	else {
wolfSSL	15:117db924cf7c	17519
wolfSSL	15:117db924cf7c	17520	AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL	15:117db924cf7c	17521	output += RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	17522	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17523	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	17524	output += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	17525	#endif
wolfSSL	15:117db924cf7c	17526	XMEMCPY(output, input, ALERT_SIZE);
wolfSSL	15:117db924cf7c	17527
wolfSSL	15:117db924cf7c	17528	sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL	15:117db924cf7c	17529	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	17530	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	17531	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	17532	#endif
wolfSSL	15:117db924cf7c	17533	}
wolfSSL	15:117db924cf7c	17534	if (sendSz < 0)
wolfSSL	15:117db924cf7c	17535	return BUILD_MSG_ERROR;
wolfSSL	15:117db924cf7c	17536
wolfSSL	15:117db924cf7c	17537	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	17538	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	17539	AddPacketName(ssl, "Alert");
wolfSSL	15:117db924cf7c	17540	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	17541	AddPacketInfo(ssl, "Alert", alert, output, sendSz, WRITE_PROTO,
wolfSSL	15:117db924cf7c	17542	ssl->heap);
wolfSSL	15:117db924cf7c	17543	#endif
wolfSSL	15:117db924cf7c	17544
wolfSSL	15:117db924cf7c	17545	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	17546	ssl->options.sendAlertState = 1;
wolfSSL	15:117db924cf7c	17547
wolfSSL	16:8e0d178b1d1e	17548	ret = SendBuffered(ssl);
wolfSSL	16:8e0d178b1d1e	17549
wolfSSL	16:8e0d178b1d1e	17550	WOLFSSL_LEAVE("SendAlert", ret);
wolfSSL	16:8e0d178b1d1e	17551
wolfSSL	16:8e0d178b1d1e	17552	return ret;
wolfSSL	15:117db924cf7c	17553	}
wolfSSL	15:117db924cf7c	17554
wolfSSL	15:117db924cf7c	17555	const char* wolfSSL_ERR_reason_error_string(unsigned long e)
wolfSSL	15:117db924cf7c	17556	{
wolfSSL	15:117db924cf7c	17557	#ifdef NO_ERROR_STRINGS
wolfSSL	15:117db924cf7c	17558
wolfSSL	15:117db924cf7c	17559	(void)e;
wolfSSL	15:117db924cf7c	17560	return "no support for error strings built in";
wolfSSL	15:117db924cf7c	17561
wolfSSL	15:117db924cf7c	17562	#else
wolfSSL	15:117db924cf7c	17563
wolfSSL	15:117db924cf7c	17564	int error = (int)e;
wolfSSL	15:117db924cf7c	17565
wolfSSL	15:117db924cf7c	17566	/* pass to wolfCrypt */
wolfSSL	15:117db924cf7c	17567	if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL	15:117db924cf7c	17568	return wc_GetErrorString(error);
wolfSSL	15:117db924cf7c	17569	}
wolfSSL	15:117db924cf7c	17570
wolfSSL	15:117db924cf7c	17571	switch (error) {
wolfSSL	15:117db924cf7c	17572
wolfSSL	15:117db924cf7c	17573	#ifdef WOLFSSL_WPAS
wolfSSL	15:117db924cf7c	17574	case 0 :
wolfSSL	15:117db924cf7c	17575	return "ok";
wolfSSL	15:117db924cf7c	17576	#endif
wolfSSL	15:117db924cf7c	17577
wolfSSL	15:117db924cf7c	17578	case UNSUPPORTED_SUITE :
wolfSSL	15:117db924cf7c	17579	return "unsupported cipher suite";
wolfSSL	15:117db924cf7c	17580
wolfSSL	15:117db924cf7c	17581	case INPUT_CASE_ERROR :
wolfSSL	15:117db924cf7c	17582	return "input state error";
wolfSSL	15:117db924cf7c	17583
wolfSSL	15:117db924cf7c	17584	case PREFIX_ERROR :
wolfSSL	15:117db924cf7c	17585	return "bad index to key rounds";
wolfSSL	15:117db924cf7c	17586
wolfSSL	15:117db924cf7c	17587	case MEMORY_ERROR :
wolfSSL	15:117db924cf7c	17588	return "out of memory";
wolfSSL	15:117db924cf7c	17589
wolfSSL	15:117db924cf7c	17590	case VERIFY_FINISHED_ERROR :
wolfSSL	15:117db924cf7c	17591	return "verify problem on finished";
wolfSSL	15:117db924cf7c	17592
wolfSSL	15:117db924cf7c	17593	case VERIFY_MAC_ERROR :
wolfSSL	15:117db924cf7c	17594	return "verify mac problem";
wolfSSL	15:117db924cf7c	17595
wolfSSL	15:117db924cf7c	17596	case PARSE_ERROR :
wolfSSL	15:117db924cf7c	17597	return "parse error on header";
wolfSSL	15:117db924cf7c	17598
wolfSSL	15:117db924cf7c	17599	case SIDE_ERROR :
wolfSSL	15:117db924cf7c	17600	return "wrong client/server type";
wolfSSL	15:117db924cf7c	17601
wolfSSL	15:117db924cf7c	17602	case NO_PEER_CERT :
wolfSSL	15:117db924cf7c	17603	return "peer didn't send cert";
wolfSSL	15:117db924cf7c	17604
wolfSSL	15:117db924cf7c	17605	case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL	15:117db924cf7c	17606	return "weird handshake type";
wolfSSL	15:117db924cf7c	17607
wolfSSL	15:117db924cf7c	17608	case SOCKET_ERROR_E :
wolfSSL	15:117db924cf7c	17609	return "error state on socket";
wolfSSL	15:117db924cf7c	17610
wolfSSL	15:117db924cf7c	17611	case SOCKET_NODATA :
wolfSSL	15:117db924cf7c	17612	return "expected data, not there";
wolfSSL	15:117db924cf7c	17613
wolfSSL	15:117db924cf7c	17614	case INCOMPLETE_DATA :
wolfSSL	15:117db924cf7c	17615	return "don't have enough data to complete task";
wolfSSL	15:117db924cf7c	17616
wolfSSL	15:117db924cf7c	17617	case UNKNOWN_RECORD_TYPE :
wolfSSL	15:117db924cf7c	17618	return "unknown type in record hdr";
wolfSSL	15:117db924cf7c	17619
wolfSSL	15:117db924cf7c	17620	case DECRYPT_ERROR :
wolfSSL	15:117db924cf7c	17621	return "error during decryption";
wolfSSL	15:117db924cf7c	17622
wolfSSL	15:117db924cf7c	17623	case FATAL_ERROR :
wolfSSL	16:8e0d178b1d1e	17624	return "received alert fatal error";
wolfSSL	15:117db924cf7c	17625
wolfSSL	15:117db924cf7c	17626	case ENCRYPT_ERROR :
wolfSSL	15:117db924cf7c	17627	return "error during encryption";
wolfSSL	15:117db924cf7c	17628
wolfSSL	15:117db924cf7c	17629	case FREAD_ERROR :
wolfSSL	15:117db924cf7c	17630	return "fread problem";
wolfSSL	15:117db924cf7c	17631
wolfSSL	15:117db924cf7c	17632	case NO_PEER_KEY :
wolfSSL	15:117db924cf7c	17633	return "need peer's key";
wolfSSL	15:117db924cf7c	17634
wolfSSL	15:117db924cf7c	17635	case NO_PRIVATE_KEY :
wolfSSL	15:117db924cf7c	17636	return "need the private key";
wolfSSL	15:117db924cf7c	17637
wolfSSL	15:117db924cf7c	17638	case NO_DH_PARAMS :
wolfSSL	15:117db924cf7c	17639	return "server missing DH params";
wolfSSL	15:117db924cf7c	17640
wolfSSL	15:117db924cf7c	17641	case RSA_PRIVATE_ERROR :
wolfSSL	15:117db924cf7c	17642	return "error during rsa priv op";
wolfSSL	15:117db924cf7c	17643
wolfSSL	15:117db924cf7c	17644	case MATCH_SUITE_ERROR :
wolfSSL	15:117db924cf7c	17645	return "can't match cipher suite";
wolfSSL	15:117db924cf7c	17646
wolfSSL	15:117db924cf7c	17647	case COMPRESSION_ERROR :
wolfSSL	15:117db924cf7c	17648	return "compression mismatch error";
wolfSSL	15:117db924cf7c	17649
wolfSSL	15:117db924cf7c	17650	case BUILD_MSG_ERROR :
wolfSSL	15:117db924cf7c	17651	return "build message failure";
wolfSSL	15:117db924cf7c	17652
wolfSSL	15:117db924cf7c	17653	case BAD_HELLO :
wolfSSL	15:117db924cf7c	17654	return "client hello malformed";
wolfSSL	15:117db924cf7c	17655
wolfSSL	15:117db924cf7c	17656	case DOMAIN_NAME_MISMATCH :
wolfSSL	15:117db924cf7c	17657	return "peer subject name mismatch";
wolfSSL	15:117db924cf7c	17658
wolfSSL	16:8e0d178b1d1e	17659	case IPADDR_MISMATCH :
wolfSSL	16:8e0d178b1d1e	17660	return "peer ip address mismatch";
wolfSSL	16:8e0d178b1d1e	17661
wolfSSL	15:117db924cf7c	17662	case WANT_READ :
wolfSSL	15:117db924cf7c	17663	case WOLFSSL_ERROR_WANT_READ :
wolfSSL	15:117db924cf7c	17664	return "non-blocking socket wants data to be read";
wolfSSL	15:117db924cf7c	17665
wolfSSL	15:117db924cf7c	17666	case NOT_READY_ERROR :
wolfSSL	15:117db924cf7c	17667	return "handshake layer not ready yet, complete first";
wolfSSL	15:117db924cf7c	17668
wolfSSL	15:117db924cf7c	17669	case VERSION_ERROR :
wolfSSL	15:117db924cf7c	17670	return "record layer version error";
wolfSSL	15:117db924cf7c	17671
wolfSSL	15:117db924cf7c	17672	case WANT_WRITE :
wolfSSL	15:117db924cf7c	17673	case WOLFSSL_ERROR_WANT_WRITE :
wolfSSL	15:117db924cf7c	17674	return "non-blocking socket write buffer full";
wolfSSL	15:117db924cf7c	17675
wolfSSL	15:117db924cf7c	17676	case BUFFER_ERROR :
wolfSSL	15:117db924cf7c	17677	return "malformed buffer input error";
wolfSSL	15:117db924cf7c	17678
wolfSSL	15:117db924cf7c	17679	case VERIFY_CERT_ERROR :
wolfSSL	15:117db924cf7c	17680	return "verify problem on certificate";
wolfSSL	15:117db924cf7c	17681
wolfSSL	15:117db924cf7c	17682	case VERIFY_SIGN_ERROR :
wolfSSL	15:117db924cf7c	17683	return "verify problem based on signature";
wolfSSL	15:117db924cf7c	17684
wolfSSL	15:117db924cf7c	17685	case CLIENT_ID_ERROR :
wolfSSL	15:117db924cf7c	17686	return "psk client identity error";
wolfSSL	15:117db924cf7c	17687
wolfSSL	15:117db924cf7c	17688	case SERVER_HINT_ERROR:
wolfSSL	15:117db924cf7c	17689	return "psk server hint error";
wolfSSL	15:117db924cf7c	17690
wolfSSL	15:117db924cf7c	17691	case PSK_KEY_ERROR:
wolfSSL	15:117db924cf7c	17692	return "psk key callback error";
wolfSSL	15:117db924cf7c	17693
wolfSSL	15:117db924cf7c	17694	case NTRU_KEY_ERROR:
wolfSSL	15:117db924cf7c	17695	return "NTRU key error";
wolfSSL	15:117db924cf7c	17696
wolfSSL	15:117db924cf7c	17697	case NTRU_DRBG_ERROR:
wolfSSL	15:117db924cf7c	17698	return "NTRU drbg error";
wolfSSL	15:117db924cf7c	17699
wolfSSL	15:117db924cf7c	17700	case NTRU_ENCRYPT_ERROR:
wolfSSL	15:117db924cf7c	17701	return "NTRU encrypt error";
wolfSSL	15:117db924cf7c	17702
wolfSSL	15:117db924cf7c	17703	case NTRU_DECRYPT_ERROR:
wolfSSL	15:117db924cf7c	17704	return "NTRU decrypt error";
wolfSSL	15:117db924cf7c	17705
wolfSSL	15:117db924cf7c	17706	case GETTIME_ERROR:
wolfSSL	15:117db924cf7c	17707	return "gettimeofday() error";
wolfSSL	15:117db924cf7c	17708
wolfSSL	15:117db924cf7c	17709	case GETITIMER_ERROR:
wolfSSL	15:117db924cf7c	17710	return "getitimer() error";
wolfSSL	15:117db924cf7c	17711
wolfSSL	15:117db924cf7c	17712	case SIGACT_ERROR:
wolfSSL	15:117db924cf7c	17713	return "sigaction() error";
wolfSSL	15:117db924cf7c	17714
wolfSSL	15:117db924cf7c	17715	case SETITIMER_ERROR:
wolfSSL	15:117db924cf7c	17716	return "setitimer() error";
wolfSSL	15:117db924cf7c	17717
wolfSSL	15:117db924cf7c	17718	case LENGTH_ERROR:
wolfSSL	15:117db924cf7c	17719	return "record layer length error";
wolfSSL	15:117db924cf7c	17720
wolfSSL	15:117db924cf7c	17721	case PEER_KEY_ERROR:
wolfSSL	15:117db924cf7c	17722	return "cant decode peer key";
wolfSSL	15:117db924cf7c	17723
wolfSSL	15:117db924cf7c	17724	case ZERO_RETURN:
wolfSSL	15:117db924cf7c	17725	case WOLFSSL_ERROR_ZERO_RETURN:
wolfSSL	15:117db924cf7c	17726	return "peer sent close notify alert";
wolfSSL	15:117db924cf7c	17727
wolfSSL	15:117db924cf7c	17728	case ECC_CURVETYPE_ERROR:
wolfSSL	15:117db924cf7c	17729	return "Bad ECC Curve Type or unsupported";
wolfSSL	15:117db924cf7c	17730
wolfSSL	15:117db924cf7c	17731	case ECC_CURVE_ERROR:
wolfSSL	15:117db924cf7c	17732	return "Bad ECC Curve or unsupported";
wolfSSL	15:117db924cf7c	17733
wolfSSL	15:117db924cf7c	17734	case ECC_PEERKEY_ERROR:
wolfSSL	15:117db924cf7c	17735	return "Bad ECC Peer Key";
wolfSSL	15:117db924cf7c	17736
wolfSSL	15:117db924cf7c	17737	case ECC_MAKEKEY_ERROR:
wolfSSL	15:117db924cf7c	17738	return "ECC Make Key failure";
wolfSSL	15:117db924cf7c	17739
wolfSSL	15:117db924cf7c	17740	case ECC_EXPORT_ERROR:
wolfSSL	15:117db924cf7c	17741	return "ECC Export Key failure";
wolfSSL	15:117db924cf7c	17742
wolfSSL	15:117db924cf7c	17743	case ECC_SHARED_ERROR:
wolfSSL	15:117db924cf7c	17744	return "ECC DHE shared failure";
wolfSSL	15:117db924cf7c	17745
wolfSSL	15:117db924cf7c	17746	case NOT_CA_ERROR:
wolfSSL	15:117db924cf7c	17747	return "Not a CA by basic constraint error";
wolfSSL	15:117db924cf7c	17748
wolfSSL	15:117db924cf7c	17749	case HTTP_TIMEOUT:
wolfSSL	15:117db924cf7c	17750	return "HTTP timeout for OCSP or CRL req";
wolfSSL	15:117db924cf7c	17751
wolfSSL	15:117db924cf7c	17752	case BAD_CERT_MANAGER_ERROR:
wolfSSL	15:117db924cf7c	17753	return "Bad Cert Manager error";
wolfSSL	15:117db924cf7c	17754
wolfSSL	15:117db924cf7c	17755	case OCSP_CERT_REVOKED:
wolfSSL	15:117db924cf7c	17756	return "OCSP Cert revoked";
wolfSSL	15:117db924cf7c	17757
wolfSSL	15:117db924cf7c	17758	case CRL_CERT_REVOKED:
wolfSSL	15:117db924cf7c	17759	return "CRL Cert revoked";
wolfSSL	15:117db924cf7c	17760
wolfSSL	15:117db924cf7c	17761	case CRL_MISSING:
wolfSSL	15:117db924cf7c	17762	return "CRL missing, not loaded";
wolfSSL	15:117db924cf7c	17763
wolfSSL	15:117db924cf7c	17764	case MONITOR_SETUP_E:
wolfSSL	15:117db924cf7c	17765	return "CRL monitor setup error";
wolfSSL	15:117db924cf7c	17766
wolfSSL	15:117db924cf7c	17767	case THREAD_CREATE_E:
wolfSSL	15:117db924cf7c	17768	return "Thread creation problem";
wolfSSL	15:117db924cf7c	17769
wolfSSL	15:117db924cf7c	17770	case OCSP_NEED_URL:
wolfSSL	15:117db924cf7c	17771	return "OCSP need URL";
wolfSSL	15:117db924cf7c	17772
wolfSSL	15:117db924cf7c	17773	case OCSP_CERT_UNKNOWN:
wolfSSL	15:117db924cf7c	17774	return "OCSP Cert unknown";
wolfSSL	15:117db924cf7c	17775
wolfSSL	15:117db924cf7c	17776	case OCSP_LOOKUP_FAIL:
wolfSSL	15:117db924cf7c	17777	return "OCSP Responder lookup fail";
wolfSSL	15:117db924cf7c	17778
wolfSSL	15:117db924cf7c	17779	case MAX_CHAIN_ERROR:
wolfSSL	15:117db924cf7c	17780	return "Maximum Chain Depth Exceeded";
wolfSSL	15:117db924cf7c	17781
wolfSSL	15:117db924cf7c	17782	case COOKIE_ERROR:
wolfSSL	15:117db924cf7c	17783	return "DTLS Cookie Error";
wolfSSL	15:117db924cf7c	17784
wolfSSL	15:117db924cf7c	17785	case SEQUENCE_ERROR:
wolfSSL	15:117db924cf7c	17786	return "DTLS Sequence Error";
wolfSSL	15:117db924cf7c	17787
wolfSSL	15:117db924cf7c	17788	case SUITES_ERROR:
wolfSSL	15:117db924cf7c	17789	return "Suites Pointer Error";
wolfSSL	15:117db924cf7c	17790
wolfSSL	15:117db924cf7c	17791	case OUT_OF_ORDER_E:
wolfSSL	15:117db924cf7c	17792	return "Out of order message, fatal";
wolfSSL	15:117db924cf7c	17793
wolfSSL	15:117db924cf7c	17794	case BAD_KEA_TYPE_E:
wolfSSL	15:117db924cf7c	17795	return "Bad KEA type found";
wolfSSL	15:117db924cf7c	17796
wolfSSL	15:117db924cf7c	17797	case SANITY_CIPHER_E:
wolfSSL	15:117db924cf7c	17798	return "Sanity check on ciphertext failed";
wolfSSL	15:117db924cf7c	17799
wolfSSL	15:117db924cf7c	17800	case RECV_OVERFLOW_E:
wolfSSL	15:117db924cf7c	17801	return "Receive callback returned more than requested";
wolfSSL	15:117db924cf7c	17802
wolfSSL	15:117db924cf7c	17803	case GEN_COOKIE_E:
wolfSSL	15:117db924cf7c	17804	return "Generate Cookie Error";
wolfSSL	15:117db924cf7c	17805
wolfSSL	15:117db924cf7c	17806	case NO_PEER_VERIFY:
wolfSSL	15:117db924cf7c	17807	return "Need peer certificate verify Error";
wolfSSL	15:117db924cf7c	17808
wolfSSL	15:117db924cf7c	17809	case FWRITE_ERROR:
wolfSSL	15:117db924cf7c	17810	return "fwrite Error";
wolfSSL	15:117db924cf7c	17811
wolfSSL	15:117db924cf7c	17812	case CACHE_MATCH_ERROR:
wolfSSL	15:117db924cf7c	17813	return "Cache restore header match Error";
wolfSSL	15:117db924cf7c	17814
wolfSSL	15:117db924cf7c	17815	case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL	15:117db924cf7c	17816	return "Unrecognized host name Error";
wolfSSL	15:117db924cf7c	17817
wolfSSL	15:117db924cf7c	17818	case UNKNOWN_MAX_FRAG_LEN_E:
wolfSSL	15:117db924cf7c	17819	return "Unrecognized max frag len Error";
wolfSSL	15:117db924cf7c	17820
wolfSSL	15:117db924cf7c	17821	case KEYUSE_SIGNATURE_E:
wolfSSL	15:117db924cf7c	17822	return "Key Use digitalSignature not set Error";
wolfSSL	15:117db924cf7c	17823
wolfSSL	15:117db924cf7c	17824	case KEYUSE_ENCIPHER_E:
wolfSSL	15:117db924cf7c	17825	return "Key Use keyEncipherment not set Error";
wolfSSL	15:117db924cf7c	17826
wolfSSL	15:117db924cf7c	17827	case EXTKEYUSE_AUTH_E:
wolfSSL	15:117db924cf7c	17828	return "Ext Key Use server/client auth not set Error";
wolfSSL	15:117db924cf7c	17829
wolfSSL	15:117db924cf7c	17830	case SEND_OOB_READ_E:
wolfSSL	15:117db924cf7c	17831	return "Send Callback Out of Bounds Read Error";
wolfSSL	15:117db924cf7c	17832
wolfSSL	15:117db924cf7c	17833	case SECURE_RENEGOTIATION_E:
wolfSSL	15:117db924cf7c	17834	return "Invalid Renegotiation Error";
wolfSSL	15:117db924cf7c	17835
wolfSSL	15:117db924cf7c	17836	case SESSION_TICKET_LEN_E:
wolfSSL	15:117db924cf7c	17837	return "Session Ticket Too Long Error";
wolfSSL	15:117db924cf7c	17838
wolfSSL	15:117db924cf7c	17839	case SESSION_TICKET_EXPECT_E:
wolfSSL	15:117db924cf7c	17840	return "Session Ticket Error";
wolfSSL	15:117db924cf7c	17841
wolfSSL	15:117db924cf7c	17842	case SESSION_SECRET_CB_E:
wolfSSL	15:117db924cf7c	17843	return "Session Secret Callback Error";
wolfSSL	15:117db924cf7c	17844
wolfSSL	15:117db924cf7c	17845	case NO_CHANGE_CIPHER_E:
wolfSSL	15:117db924cf7c	17846	return "Finished received from peer before Change Cipher Error";
wolfSSL	15:117db924cf7c	17847
wolfSSL	15:117db924cf7c	17848	case SANITY_MSG_E:
wolfSSL	15:117db924cf7c	17849	return "Sanity Check on message order Error";
wolfSSL	15:117db924cf7c	17850
wolfSSL	15:117db924cf7c	17851	case DUPLICATE_MSG_E:
wolfSSL	15:117db924cf7c	17852	return "Duplicate HandShake message Error";
wolfSSL	15:117db924cf7c	17853
wolfSSL	15:117db924cf7c	17854	case SNI_UNSUPPORTED:
wolfSSL	15:117db924cf7c	17855	return "Protocol version does not support SNI Error";
wolfSSL	15:117db924cf7c	17856
wolfSSL	15:117db924cf7c	17857	case SOCKET_PEER_CLOSED_E:
wolfSSL	15:117db924cf7c	17858	return "Peer closed underlying transport Error";
wolfSSL	15:117db924cf7c	17859
wolfSSL	15:117db924cf7c	17860	case BAD_TICKET_KEY_CB_SZ:
wolfSSL	15:117db924cf7c	17861	return "Bad user session ticket key callback Size Error";
wolfSSL	15:117db924cf7c	17862
wolfSSL	15:117db924cf7c	17863	case BAD_TICKET_MSG_SZ:
wolfSSL	15:117db924cf7c	17864	return "Bad session ticket message Size Error";
wolfSSL	15:117db924cf7c	17865
wolfSSL	15:117db924cf7c	17866	case BAD_TICKET_ENCRYPT:
wolfSSL	15:117db924cf7c	17867	return "Bad user ticket callback encrypt Error";
wolfSSL	15:117db924cf7c	17868
wolfSSL	15:117db924cf7c	17869	case DH_KEY_SIZE_E:
wolfSSL	15:117db924cf7c	17870	return "DH key too small Error";
wolfSSL	15:117db924cf7c	17871
wolfSSL	15:117db924cf7c	17872	case SNI_ABSENT_ERROR:
wolfSSL	15:117db924cf7c	17873	return "No Server Name Indication extension Error";
wolfSSL	15:117db924cf7c	17874
wolfSSL	15:117db924cf7c	17875	case RSA_SIGN_FAULT:
wolfSSL	15:117db924cf7c	17876	return "RSA Signature Fault Error";
wolfSSL	15:117db924cf7c	17877
wolfSSL	15:117db924cf7c	17878	case HANDSHAKE_SIZE_ERROR:
wolfSSL	15:117db924cf7c	17879	return "Handshake message too large Error";
wolfSSL	15:117db924cf7c	17880
wolfSSL	15:117db924cf7c	17881	case UNKNOWN_ALPN_PROTOCOL_NAME_E:
wolfSSL	15:117db924cf7c	17882	return "Unrecognized protocol name Error";
wolfSSL	15:117db924cf7c	17883
wolfSSL	15:117db924cf7c	17884	case BAD_CERTIFICATE_STATUS_ERROR:
wolfSSL	15:117db924cf7c	17885	return "Bad Certificate Status Message Error";
wolfSSL	15:117db924cf7c	17886
wolfSSL	15:117db924cf7c	17887	case OCSP_INVALID_STATUS:
wolfSSL	15:117db924cf7c	17888	return "Invalid OCSP Status Error";
wolfSSL	15:117db924cf7c	17889
wolfSSL	15:117db924cf7c	17890	case OCSP_WANT_READ:
wolfSSL	15:117db924cf7c	17891	return "OCSP nonblock wants read";
wolfSSL	15:117db924cf7c	17892
wolfSSL	15:117db924cf7c	17893	case RSA_KEY_SIZE_E:
wolfSSL	15:117db924cf7c	17894	return "RSA key too small";
wolfSSL	15:117db924cf7c	17895
wolfSSL	15:117db924cf7c	17896	case ECC_KEY_SIZE_E:
wolfSSL	15:117db924cf7c	17897	return "ECC key too small";
wolfSSL	15:117db924cf7c	17898
wolfSSL	15:117db924cf7c	17899	case DTLS_EXPORT_VER_E:
wolfSSL	15:117db924cf7c	17900	return "Version needs updated after code change or version mismatch";
wolfSSL	15:117db924cf7c	17901
wolfSSL	15:117db924cf7c	17902	case INPUT_SIZE_E:
wolfSSL	15:117db924cf7c	17903	return "Input size too large Error";
wolfSSL	15:117db924cf7c	17904
wolfSSL	15:117db924cf7c	17905	case CTX_INIT_MUTEX_E:
wolfSSL	15:117db924cf7c	17906	return "Initialize ctx mutex error";
wolfSSL	15:117db924cf7c	17907
wolfSSL	15:117db924cf7c	17908	case EXT_MASTER_SECRET_NEEDED_E:
wolfSSL	15:117db924cf7c	17909	return "Extended Master Secret must be enabled to resume EMS session";
wolfSSL	15:117db924cf7c	17910
wolfSSL	15:117db924cf7c	17911	case DTLS_POOL_SZ_E:
wolfSSL	15:117db924cf7c	17912	return "Maximum DTLS pool size exceeded";
wolfSSL	15:117db924cf7c	17913
wolfSSL	15:117db924cf7c	17914	case DECODE_E:
wolfSSL	15:117db924cf7c	17915	return "Decode handshake message error";
wolfSSL	15:117db924cf7c	17916
wolfSSL	15:117db924cf7c	17917	case WRITE_DUP_READ_E:
wolfSSL	15:117db924cf7c	17918	return "Write dup write side can't read error";
wolfSSL	15:117db924cf7c	17919
wolfSSL	15:117db924cf7c	17920	case WRITE_DUP_WRITE_E:
wolfSSL	15:117db924cf7c	17921	return "Write dup read side can't write error";
wolfSSL	15:117db924cf7c	17922
wolfSSL	15:117db924cf7c	17923	case INVALID_CERT_CTX_E:
wolfSSL	15:117db924cf7c	17924	return "Certificate context does not match request or not empty";
wolfSSL	15:117db924cf7c	17925
wolfSSL	15:117db924cf7c	17926	case BAD_KEY_SHARE_DATA:
wolfSSL	16:8e0d178b1d1e	17927	return "The Key Share data contains group that wasn't in Client Hello";
wolfSSL	15:117db924cf7c	17928
wolfSSL	15:117db924cf7c	17929	case MISSING_HANDSHAKE_DATA:
wolfSSL	15:117db924cf7c	17930	return "The handshake message is missing required data";
wolfSSL	15:117db924cf7c	17931
wolfSSL	15:117db924cf7c	17932	case BAD_BINDER:
wolfSSL	15:117db924cf7c	17933	return "Binder value does not match value server calculated";
wolfSSL	15:117db924cf7c	17934
wolfSSL	15:117db924cf7c	17935	case EXT_NOT_ALLOWED:
wolfSSL	15:117db924cf7c	17936	return "Extension type not allowed in handshake message type";
wolfSSL	15:117db924cf7c	17937
wolfSSL	15:117db924cf7c	17938	case INVALID_PARAMETER:
wolfSSL	15:117db924cf7c	17939	return "The security parameter is invalid";
wolfSSL	15:117db924cf7c	17940
wolfSSL	15:117db924cf7c	17941	case UNSUPPORTED_EXTENSION:
wolfSSL	15:117db924cf7c	17942	return "TLS Extension not requested by the client";
wolfSSL	15:117db924cf7c	17943
wolfSSL	16:8e0d178b1d1e	17944	case PRF_MISSING:
wolfSSL	16:8e0d178b1d1e	17945	return "Pseudo-random function is not enabled";
wolfSSL	16:8e0d178b1d1e	17946
wolfSSL	15:117db924cf7c	17947	case KEY_SHARE_ERROR:
wolfSSL	15:117db924cf7c	17948	return "Key share extension did not contain a valid named group";
wolfSSL	15:117db924cf7c	17949
wolfSSL	15:117db924cf7c	17950	case POST_HAND_AUTH_ERROR:
wolfSSL	15:117db924cf7c	17951	return "Client will not do post handshake authentication";
wolfSSL	15:117db924cf7c	17952
wolfSSL	15:117db924cf7c	17953	case HRR_COOKIE_ERROR:
wolfSSL	15:117db924cf7c	17954	return "Cookie does not match one sent in HelloRetryRequest";
wolfSSL	15:117db924cf7c	17955
wolfSSL	15:117db924cf7c	17956	case MCAST_HIGHWATER_CB_E:
wolfSSL	15:117db924cf7c	17957	return "Multicast highwater callback returned error";
wolfSSL	15:117db924cf7c	17958
wolfSSL	15:117db924cf7c	17959	case ALERT_COUNT_E:
wolfSSL	15:117db924cf7c	17960	return "Alert Count exceeded error";
wolfSSL	15:117db924cf7c	17961
wolfSSL	15:117db924cf7c	17962	case EXT_MISSING:
wolfSSL	15:117db924cf7c	17963	return "Required TLS extension missing";
wolfSSL	15:117db924cf7c	17964
wolfSSL	16:8e0d178b1d1e	17965	case DTLS_RETX_OVER_TX:
wolfSSL	16:8e0d178b1d1e	17966	return "DTLS interrupting flight transmit with retransmit";
wolfSSL	16:8e0d178b1d1e	17967
wolfSSL	16:8e0d178b1d1e	17968	case DH_PARAMS_NOT_FFDHE_E:
wolfSSL	16:8e0d178b1d1e	17969	return "Server DH parameters were not from the FFDHE set as required";
wolfSSL	16:8e0d178b1d1e	17970
wolfSSL	16:8e0d178b1d1e	17971	case TCA_INVALID_ID_TYPE:
wolfSSL	16:8e0d178b1d1e	17972	return "TLS Extension Trusted CA ID type invalid";
wolfSSL	16:8e0d178b1d1e	17973
wolfSSL	16:8e0d178b1d1e	17974	case TCA_ABSENT_ERROR:
wolfSSL	16:8e0d178b1d1e	17975	return "TLS Extension Trusted CA ID response absent";
wolfSSL	16:8e0d178b1d1e	17976
wolfSSL	16:8e0d178b1d1e	17977	case TSIP_MAC_DIGSZ_E:
wolfSSL	16:8e0d178b1d1e	17978	return "TSIP MAC size invalid, must be sized for SHA-1 or SHA-256";
wolfSSL	16:8e0d178b1d1e	17979
wolfSSL	16:8e0d178b1d1e	17980	case CLIENT_CERT_CB_ERROR:
wolfSSL	16:8e0d178b1d1e	17981	return "Error importing client cert or key from callback";
wolfSSL	16:8e0d178b1d1e	17982
wolfSSL	16:8e0d178b1d1e	17983	case SSL_SHUTDOWN_ALREADY_DONE_E:
wolfSSL	16:8e0d178b1d1e	17984	return "Shutdown has already occurred";
wolfSSL	16:8e0d178b1d1e	17985
wolfSSL	16:8e0d178b1d1e	17986	case TLS13_SECRET_CB_E:
wolfSSL	16:8e0d178b1d1e	17987	return "TLS1.3 Secret Callback Error";
wolfSSL	16:8e0d178b1d1e	17988
wolfSSL	15:117db924cf7c	17989	default :
wolfSSL	15:117db924cf7c	17990	return "unknown error number";
wolfSSL	15:117db924cf7c	17991	}
wolfSSL	15:117db924cf7c	17992
wolfSSL	15:117db924cf7c	17993	#endif /* NO_ERROR_STRINGS */
wolfSSL	15:117db924cf7c	17994	}
wolfSSL	15:117db924cf7c	17995
wolfSSL	15:117db924cf7c	17996	void SetErrorString(int error, char* str)
wolfSSL	15:117db924cf7c	17997	{
wolfSSL	15:117db924cf7c	17998	XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
wolfSSL	16:8e0d178b1d1e	17999	str[WOLFSSL_MAX_ERROR_SZ-1] = 0;
wolfSSL	15:117db924cf7c	18000	}
wolfSSL	15:117db924cf7c	18001
wolfSSL	15:117db924cf7c	18002	#ifndef NO_ERROR_STRINGS
wolfSSL	16:8e0d178b1d1e	18003	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	18004	#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u)}
wolfSSL	16:8e0d178b1d1e	18005	#else
wolfSSL	16:8e0d178b1d1e	18006	#define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w)}
wolfSSL	16:8e0d178b1d1e	18007	#endif
wolfSSL	16:8e0d178b1d1e	18008	#else
wolfSSL	16:8e0d178b1d1e	18009	#if defined(OPENSSL_ALL) \|\| defined(WOLFSSL_QT)
wolfSSL	16:8e0d178b1d1e	18010	#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u)}
wolfSSL	16:8e0d178b1d1e	18011	#else
wolfSSL	16:8e0d178b1d1e	18012	#define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w)}
wolfSSL	16:8e0d178b1d1e	18013	#endif
wolfSSL	15:117db924cf7c	18014	#endif
wolfSSL	15:117db924cf7c	18015
wolfSSL	15:117db924cf7c	18016	static const CipherSuiteInfo cipher_names[] =
wolfSSL	15:117db924cf7c	18017	{
wolfSSL	16:8e0d178b1d1e	18018
wolfSSL	16:8e0d178b1d1e	18019	#ifdef BUILD_TLS_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18020	SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18021	#endif
wolfSSL	16:8e0d178b1d1e	18022
wolfSSL	16:8e0d178b1d1e	18023	#ifdef BUILD_TLS_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18024	SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384, TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18025	#endif
wolfSSL	16:8e0d178b1d1e	18026
wolfSSL	16:8e0d178b1d1e	18027	#ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18028	SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18029	#endif
wolfSSL	16:8e0d178b1d1e	18030
wolfSSL	16:8e0d178b1d1e	18031	#ifdef BUILD_TLS_AES_128_CCM_SHA256
wolfSSL	16:8e0d178b1d1e	18032	SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18033	#endif
wolfSSL	16:8e0d178b1d1e	18034
wolfSSL	16:8e0d178b1d1e	18035	#ifdef BUILD_TLS_AES_128_CCM_8_SHA256
wolfSSL	16:8e0d178b1d1e	18036	SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18037	#endif
wolfSSL	16:8e0d178b1d1e	18038
wolfSSL	16:8e0d178b1d1e	18039	#ifdef BUILD_TLS_SHA256_SHA256
wolfSSL	16:8e0d178b1d1e	18040	SUITE_INFO("TLS13-SHA256-SHA256","TLS_SHA256_SHA256",ECC_BYTE,TLS_SHA256_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18041	#endif
wolfSSL	16:8e0d178b1d1e	18042
wolfSSL	16:8e0d178b1d1e	18043	#ifdef BUILD_TLS_SHA384_SHA384
wolfSSL	16:8e0d178b1d1e	18044	SUITE_INFO("TLS13-SHA384-SHA384","TLS_SHA384_SHA384",ECC_BYTE,TLS_SHA384_SHA384,TLSv1_3_MINOR, SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18045	#endif
wolfSSL	16:8e0d178b1d1e	18046
wolfSSL	15:117db924cf7c	18047	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	18048
wolfSSL	15:117db924cf7c	18049	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18050	SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18051	#endif
wolfSSL	15:117db924cf7c	18052
wolfSSL	15:117db924cf7c	18053	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	16:8e0d178b1d1e	18054	SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18055	#endif
wolfSSL	15:117db924cf7c	18056
wolfSSL	15:117db924cf7c	18057	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18058	SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18059	#endif
wolfSSL	15:117db924cf7c	18060
wolfSSL	15:117db924cf7c	18061	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18062	SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18063	#endif
wolfSSL	15:117db924cf7c	18064
wolfSSL	15:117db924cf7c	18065	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18066	SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	16:8e0d178b1d1e	18067	#endif
wolfSSL	16:8e0d178b1d1e	18068
wolfSSL	16:8e0d178b1d1e	18069	#ifdef BUILD_TLS_RSA_WITH_NULL_MD5
wolfSSL	16:8e0d178b1d1e	18070	SUITE_INFO("NULL-MD5","TLS_RSA_WITH_NULL_MD5",CIPHER_BYTE,TLS_RSA_WITH_NULL_MD5,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18071	#endif
wolfSSL	15:117db924cf7c	18072
wolfSSL	15:117db924cf7c	18073	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	16:8e0d178b1d1e	18074	SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18075	#endif
wolfSSL	15:117db924cf7c	18076
wolfSSL	15:117db924cf7c	18077	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	18078	SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18079	#endif
wolfSSL	15:117db924cf7c	18080
wolfSSL	15:117db924cf7c	18081	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18082	SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18083	#endif
wolfSSL	15:117db924cf7c	18084
wolfSSL	15:117db924cf7c	18085	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18086	SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18087	#endif
wolfSSL	15:117db924cf7c	18088
wolfSSL	15:117db924cf7c	18089	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18090	SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18091	#endif
wolfSSL	15:117db924cf7c	18092
wolfSSL	15:117db924cf7c	18093	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18094	SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18095	#endif
wolfSSL	15:117db924cf7c	18096
wolfSSL	15:117db924cf7c	18097	#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18098	SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18099	#endif
wolfSSL	15:117db924cf7c	18100
wolfSSL	15:117db924cf7c	18101	#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18102	SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18103	#endif
wolfSSL	15:117db924cf7c	18104
wolfSSL	15:117db924cf7c	18105	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18106	SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18107	#endif
wolfSSL	15:117db924cf7c	18108
wolfSSL	15:117db924cf7c	18109	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18110	SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18111	#endif
wolfSSL	15:117db924cf7c	18112
wolfSSL	15:117db924cf7c	18113	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18114	SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18115	#endif
wolfSSL	15:117db924cf7c	18116
wolfSSL	15:117db924cf7c	18117	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18118	SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18119	#endif
wolfSSL	15:117db924cf7c	18120
wolfSSL	15:117db924cf7c	18121	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18122	SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18123	#endif
wolfSSL	15:117db924cf7c	18124
wolfSSL	15:117db924cf7c	18125	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18126	SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18127	#endif
wolfSSL	15:117db924cf7c	18128
wolfSSL	15:117db924cf7c	18129	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL	16:8e0d178b1d1e	18130	SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18131	#endif
wolfSSL	15:117db924cf7c	18132
wolfSSL	15:117db924cf7c	18133	#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL	16:8e0d178b1d1e	18134	SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18135	#endif
wolfSSL	15:117db924cf7c	18136
wolfSSL	15:117db924cf7c	18137	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL	16:8e0d178b1d1e	18138	SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18139	#endif
wolfSSL	15:117db924cf7c	18140
wolfSSL	15:117db924cf7c	18141	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL	16:8e0d178b1d1e	18142	SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18143	#endif
wolfSSL	15:117db924cf7c	18144
wolfSSL	15:117db924cf7c	18145	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	16:8e0d178b1d1e	18146	SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18147	#endif
wolfSSL	15:117db924cf7c	18148
wolfSSL	15:117db924cf7c	18149	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	16:8e0d178b1d1e	18150	SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18151	#endif
wolfSSL	15:117db924cf7c	18152
wolfSSL	15:117db924cf7c	18153	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL	16:8e0d178b1d1e	18154	SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18155	#endif
wolfSSL	15:117db924cf7c	18156
wolfSSL	15:117db924cf7c	18157	#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	18158	SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18159	#endif
wolfSSL	15:117db924cf7c	18160
wolfSSL	15:117db924cf7c	18161	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL	16:8e0d178b1d1e	18162	SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18163	#endif
wolfSSL	15:117db924cf7c	18164
wolfSSL	15:117db924cf7c	18165	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	18166	SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18167	#endif
wolfSSL	15:117db924cf7c	18168
wolfSSL	15:117db924cf7c	18169	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	16:8e0d178b1d1e	18170	SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18171	#endif
wolfSSL	15:117db924cf7c	18172
wolfSSL	15:117db924cf7c	18173	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	16:8e0d178b1d1e	18174	SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18175	#endif
wolfSSL	15:117db924cf7c	18176
wolfSSL	15:117db924cf7c	18177	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	16:8e0d178b1d1e	18178	SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18179	#endif
wolfSSL	15:117db924cf7c	18180
wolfSSL	15:117db924cf7c	18181	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	16:8e0d178b1d1e	18182	SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18183	#endif
wolfSSL	15:117db924cf7c	18184
wolfSSL	15:117db924cf7c	18185	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18186	SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18187	#endif
wolfSSL	15:117db924cf7c	18188
wolfSSL	15:117db924cf7c	18189	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18190	SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18191	#endif
wolfSSL	15:117db924cf7c	18192
wolfSSL	15:117db924cf7c	18193	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18194	SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18195	#endif
wolfSSL	15:117db924cf7c	18196
wolfSSL	15:117db924cf7c	18197	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18198	SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18199	#endif
wolfSSL	15:117db924cf7c	18200
wolfSSL	15:117db924cf7c	18201	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	16:8e0d178b1d1e	18202	SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18203	#endif
wolfSSL	15:117db924cf7c	18204
wolfSSL	15:117db924cf7c	18205	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	16:8e0d178b1d1e	18206	SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18207	#endif
wolfSSL	15:117db924cf7c	18208
wolfSSL	15:117db924cf7c	18209	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL	16:8e0d178b1d1e	18210	SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18211	#endif
wolfSSL	15:117db924cf7c	18212
wolfSSL	15:117db924cf7c	18213	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	16:8e0d178b1d1e	18214	SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18215	#endif
wolfSSL	15:117db924cf7c	18216
wolfSSL	15:117db924cf7c	18217	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	16:8e0d178b1d1e	18218	SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18219	#endif
wolfSSL	15:117db924cf7c	18220
wolfSSL	15:117db924cf7c	18221	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18222	SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18223	#endif
wolfSSL	15:117db924cf7c	18224
wolfSSL	15:117db924cf7c	18225	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18226	SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18227	#endif
wolfSSL	15:117db924cf7c	18228
wolfSSL	15:117db924cf7c	18229	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18230	SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18231	#endif
wolfSSL	15:117db924cf7c	18232
wolfSSL	15:117db924cf7c	18233	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18234	SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18235	#endif
wolfSSL	15:117db924cf7c	18236
wolfSSL	15:117db924cf7c	18237	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18238	SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18239	#endif
wolfSSL	15:117db924cf7c	18240
wolfSSL	15:117db924cf7c	18241	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18242	SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18243	#endif
wolfSSL	15:117db924cf7c	18244
wolfSSL	15:117db924cf7c	18245	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18246	SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18247	#endif
wolfSSL	15:117db924cf7c	18248
wolfSSL	15:117db924cf7c	18249	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18250	SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18251	#endif
wolfSSL	15:117db924cf7c	18252
wolfSSL	15:117db924cf7c	18253	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18254	SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18255	#endif
wolfSSL	15:117db924cf7c	18256
wolfSSL	15:117db924cf7c	18257	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18258	SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18259	#endif
wolfSSL	15:117db924cf7c	18260
wolfSSL	15:117db924cf7c	18261	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18262	SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18263	#endif
wolfSSL	15:117db924cf7c	18264
wolfSSL	15:117db924cf7c	18265	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18266	SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18267	#endif
wolfSSL	15:117db924cf7c	18268
wolfSSL	15:117db924cf7c	18269	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18270	SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18271	#endif
wolfSSL	15:117db924cf7c	18272
wolfSSL	15:117db924cf7c	18273	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18274	SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18275	#endif
wolfSSL	15:117db924cf7c	18276
wolfSSL	15:117db924cf7c	18277	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18278	SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18279	#endif
wolfSSL	15:117db924cf7c	18280
wolfSSL	15:117db924cf7c	18281	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18282	SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18283	#endif
wolfSSL	15:117db924cf7c	18284
wolfSSL	15:117db924cf7c	18285	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18286	SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18287	#endif
wolfSSL	15:117db924cf7c	18288
wolfSSL	15:117db924cf7c	18289	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18290	SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18291	#endif
wolfSSL	15:117db924cf7c	18292
wolfSSL	15:117db924cf7c	18293	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	16:8e0d178b1d1e	18294	SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18295	#endif
wolfSSL	15:117db924cf7c	18296
wolfSSL	15:117db924cf7c	18297	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18298	SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18299	#endif
wolfSSL	15:117db924cf7c	18300
wolfSSL	15:117db924cf7c	18301	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18302	SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18303	#endif
wolfSSL	15:117db924cf7c	18304
wolfSSL	15:117db924cf7c	18305	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18306	SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18307	#endif
wolfSSL	15:117db924cf7c	18308
wolfSSL	15:117db924cf7c	18309	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18310	SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18311	#endif
wolfSSL	15:117db924cf7c	18312
wolfSSL	15:117db924cf7c	18313	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18314	SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18315	#endif
wolfSSL	15:117db924cf7c	18316
wolfSSL	15:117db924cf7c	18317	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18318	SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18319	#endif
wolfSSL	15:117db924cf7c	18320
wolfSSL	15:117db924cf7c	18321	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18322	SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18323	#endif
wolfSSL	15:117db924cf7c	18324
wolfSSL	15:117db924cf7c	18325	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18326	SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18327	#endif
wolfSSL	15:117db924cf7c	18328
wolfSSL	15:117db924cf7c	18329	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18330	SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18331	#endif
wolfSSL	15:117db924cf7c	18332
wolfSSL	15:117db924cf7c	18333	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18334	SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18335	#endif
wolfSSL	15:117db924cf7c	18336
wolfSSL	15:117db924cf7c	18337	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18338	SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18339	#endif
wolfSSL	15:117db924cf7c	18340
wolfSSL	15:117db924cf7c	18341	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	16:8e0d178b1d1e	18342	SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18343	#endif
wolfSSL	15:117db924cf7c	18344
wolfSSL	15:117db924cf7c	18345	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18346	SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18347	#endif
wolfSSL	15:117db924cf7c	18348
wolfSSL	15:117db924cf7c	18349	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18350	SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18351	#endif
wolfSSL	15:117db924cf7c	18352
wolfSSL	15:117db924cf7c	18353	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18354	SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18355	#endif
wolfSSL	15:117db924cf7c	18356
wolfSSL	15:117db924cf7c	18357	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18358	SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18359	#endif
wolfSSL	15:117db924cf7c	18360
wolfSSL	15:117db924cf7c	18361	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18362	SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18363	#endif
wolfSSL	15:117db924cf7c	18364
wolfSSL	15:117db924cf7c	18365	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18366	SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18367	#endif
wolfSSL	15:117db924cf7c	18368
wolfSSL	15:117db924cf7c	18369	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18370	SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18371	#endif
wolfSSL	15:117db924cf7c	18372
wolfSSL	15:117db924cf7c	18373	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18374	SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18375	#endif
wolfSSL	15:117db924cf7c	18376
wolfSSL	15:117db924cf7c	18377	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18378	SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18379	#endif
wolfSSL	15:117db924cf7c	18380
wolfSSL	15:117db924cf7c	18381	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18382	SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18383	#endif
wolfSSL	15:117db924cf7c	18384
wolfSSL	15:117db924cf7c	18385	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18386	SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18387	#endif
wolfSSL	15:117db924cf7c	18388
wolfSSL	15:117db924cf7c	18389	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18390	SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18391	#endif
wolfSSL	15:117db924cf7c	18392
wolfSSL	15:117db924cf7c	18393	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18394	SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18395	#endif
wolfSSL	15:117db924cf7c	18396
wolfSSL	15:117db924cf7c	18397	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18398	SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18399	#endif
wolfSSL	15:117db924cf7c	18400
wolfSSL	15:117db924cf7c	18401	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18402	SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18403	#endif
wolfSSL	15:117db924cf7c	18404
wolfSSL	15:117db924cf7c	18405	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18406	SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18407	#endif
wolfSSL	15:117db924cf7c	18408
wolfSSL	15:117db924cf7c	18409	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	16:8e0d178b1d1e	18410	SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18411	#endif
wolfSSL	15:117db924cf7c	18412
wolfSSL	15:117db924cf7c	18413	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18414	SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18415	#endif
wolfSSL	15:117db924cf7c	18416
wolfSSL	15:117db924cf7c	18417	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18418	SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18419	#endif
wolfSSL	15:117db924cf7c	18420
wolfSSL	15:117db924cf7c	18421	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18422	SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18423	#endif
wolfSSL	15:117db924cf7c	18424
wolfSSL	15:117db924cf7c	18425	#ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18426	SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18427	#endif
wolfSSL	15:117db924cf7c	18428
wolfSSL	15:117db924cf7c	18429	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18430	SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18431	#endif
wolfSSL	15:117db924cf7c	18432
wolfSSL	15:117db924cf7c	18433	#ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18434	SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18435	#endif
wolfSSL	15:117db924cf7c	18436
wolfSSL	15:117db924cf7c	18437	#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18438	SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18439	#endif
wolfSSL	15:117db924cf7c	18440
wolfSSL	15:117db924cf7c	18441	#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
wolfSSL	16:8e0d178b1d1e	18442	SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18443	#endif
wolfSSL	15:117db924cf7c	18444
wolfSSL	15:117db924cf7c	18445	#ifdef BUILD_TLS_QSH
wolfSSL	16:8e0d178b1d1e	18446	SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18447	#endif
wolfSSL	15:117db924cf7c	18448
wolfSSL	15:117db924cf7c	18449	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	16:8e0d178b1d1e	18450	SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18451	#endif
wolfSSL	15:117db924cf7c	18452
wolfSSL	15:117db924cf7c	18453	#ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18454	SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18455	#endif
wolfSSL	15:117db924cf7c	18456
wolfSSL	15:117db924cf7c	18457	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL	16:8e0d178b1d1e	18458	SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18459	#endif
wolfSSL	15:117db924cf7c	18460
wolfSSL	15:117db924cf7c	18461	#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	18462	SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18463	#endif
wolfSSL	15:117db924cf7c	18464
wolfSSL	15:117db924cf7c	18465	#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	16:8e0d178b1d1e	18466	SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18467	#endif
wolfSSL	15:117db924cf7c	18468
wolfSSL	15:117db924cf7c	18469	#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18470	SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18471	#endif
wolfSSL	15:117db924cf7c	18472
wolfSSL	15:117db924cf7c	18473	#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18474	SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18475	#endif
wolfSSL	15:117db924cf7c	18476
wolfSSL	15:117db924cf7c	18477	#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL	16:8e0d178b1d1e	18478	SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18479	#endif
wolfSSL	15:117db924cf7c	18480
wolfSSL	15:117db924cf7c	18481	#ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	16:8e0d178b1d1e	18482	SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR),
wolfSSL	15:117db924cf7c	18483	#endif
wolfSSL	15:117db924cf7c	18484
wolfSSL	15:117db924cf7c	18485	#ifdef BUILD_WDM_WITH_NULL_SHA256
wolfSSL	16:8e0d178b1d1e	18486	SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR)
wolfSSL	15:117db924cf7c	18487	#endif
wolfSSL	15:117db924cf7c	18488
wolfSSL	15:117db924cf7c	18489	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	18490	};
wolfSSL	15:117db924cf7c	18491
wolfSSL	15:117db924cf7c	18492
wolfSSL	15:117db924cf7c	18493	/* returns the cipher_names array */
wolfSSL	15:117db924cf7c	18494	const CipherSuiteInfo* GetCipherNames(void)
wolfSSL	15:117db924cf7c	18495	{
wolfSSL	15:117db924cf7c	18496	return cipher_names;
wolfSSL	15:117db924cf7c	18497	}
wolfSSL	15:117db924cf7c	18498
wolfSSL	15:117db924cf7c	18499
wolfSSL	15:117db924cf7c	18500	/* returns the number of elements in the cipher_names array */
wolfSSL	15:117db924cf7c	18501	int GetCipherNamesSize(void)
wolfSSL	15:117db924cf7c	18502	{
wolfSSL	15:117db924cf7c	18503	return (int)(sizeof(cipher_names) / sizeof(CipherSuiteInfo));
wolfSSL	15:117db924cf7c	18504	}
wolfSSL	15:117db924cf7c	18505
wolfSSL	15:117db924cf7c	18506
wolfSSL	15:117db924cf7c	18507	const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite)
wolfSSL	15:117db924cf7c	18508	{
wolfSSL	15:117db924cf7c	18509	int i;
wolfSSL	16:8e0d178b1d1e	18510	const char* nameInternal = "None";
wolfSSL	15:117db924cf7c	18511
wolfSSL	15:117db924cf7c	18512	for (i = 0; i < GetCipherNamesSize(); i++) {
wolfSSL	15:117db924cf7c	18513	if ((cipher_names[i].cipherSuite0 == cipherSuite0) &&
wolfSSL	15:117db924cf7c	18514	(cipher_names[i].cipherSuite == cipherSuite)) {
wolfSSL	15:117db924cf7c	18515	nameInternal = cipher_names[i].name;
wolfSSL	15:117db924cf7c	18516	break;
wolfSSL	15:117db924cf7c	18517	}
wolfSSL	15:117db924cf7c	18518	}
wolfSSL	15:117db924cf7c	18519	return nameInternal;
wolfSSL	15:117db924cf7c	18520	}
wolfSSL	15:117db924cf7c	18521
wolfSSL	16:8e0d178b1d1e	18522	#if defined(WOLFSSL_QT) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	18523	const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]) {
wolfSSL	16:8e0d178b1d1e	18524	const char* keaStr = NULL;
wolfSSL	16:8e0d178b1d1e	18525	const char n0,n1,n2,n3,*n4;
wolfSSL	16:8e0d178b1d1e	18526	n0 = n[0];
wolfSSL	16:8e0d178b1d1e	18527	n1 = n[1];
wolfSSL	16:8e0d178b1d1e	18528	n2 = n[2];
wolfSSL	16:8e0d178b1d1e	18529	n3 = n[3];
wolfSSL	16:8e0d178b1d1e	18530	n4 = n[4];
wolfSSL	16:8e0d178b1d1e	18531
wolfSSL	16:8e0d178b1d1e	18532	if (XSTRNCMP(n0,"ECDHE",5) == 0 && XSTRNCMP(n1,"PSK",3) == 0)
wolfSSL	16:8e0d178b1d1e	18533	keaStr = "ECDHEPSK";
wolfSSL	16:8e0d178b1d1e	18534	else if (XSTRNCMP(n0,"ECDH",4) == 0)
wolfSSL	16:8e0d178b1d1e	18535	keaStr = "ECDH";
wolfSSL	16:8e0d178b1d1e	18536	else if (XSTRNCMP(n0,"DHE",3) == 0 && XSTRNCMP(n1,"PSK",3) == 0)
wolfSSL	16:8e0d178b1d1e	18537	keaStr = "DHEPSK";
wolfSSL	16:8e0d178b1d1e	18538	else if (XSTRNCMP(n0,"DHE",3) == 0)
wolfSSL	16:8e0d178b1d1e	18539	keaStr = "DH";
wolfSSL	16:8e0d178b1d1e	18540	else if (XSTRNCMP(n0,"RSA",3) == 0 && XSTRNCMP(n1,"PSK",3) == 0)
wolfSSL	16:8e0d178b1d1e	18541	keaStr = "RSAPSK";
wolfSSL	16:8e0d178b1d1e	18542	else if (XSTRNCMP(n0,"SRP",3) == 0)
wolfSSL	16:8e0d178b1d1e	18543	keaStr = "SRP";
wolfSSL	16:8e0d178b1d1e	18544	else if (XSTRNCMP(n0,"PSK",3) == 0)
wolfSSL	16:8e0d178b1d1e	18545	keaStr = "PSK";
wolfSSL	16:8e0d178b1d1e	18546	else if (XSTRNCMP(n0,"EDH",3) == 0)
wolfSSL	16:8e0d178b1d1e	18547	keaStr = "EDH";
wolfSSL	16:8e0d178b1d1e	18548	else if ((XSTRNCMP(n1,"SHA",3) == 0) \|\| (XSTRNCMP(n2,"SHA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18549	(XSTRNCMP(n3,"SHA",3) == 0) \|\| (XSTRNCMP(n4,"SHA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18550	(XSTRNCMP(n2,"RSA",3) == 0) \|\| (XSTRNCMP(n0,"AES128",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18551	(XSTRNCMP(n0,"AES256",6) == 0) \|\| (XSTRNCMP(n1,"MD5",3) == 0))
wolfSSL	16:8e0d178b1d1e	18552	keaStr = "RSA";
wolfSSL	16:8e0d178b1d1e	18553	else
wolfSSL	16:8e0d178b1d1e	18554	keaStr = "unknown";
wolfSSL	16:8e0d178b1d1e	18555
wolfSSL	16:8e0d178b1d1e	18556	return keaStr;
wolfSSL	16:8e0d178b1d1e	18557	}
wolfSSL	16:8e0d178b1d1e	18558
wolfSSL	16:8e0d178b1d1e	18559	const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) {
wolfSSL	16:8e0d178b1d1e	18560
wolfSSL	16:8e0d178b1d1e	18561	const char* authStr = NULL;
wolfSSL	16:8e0d178b1d1e	18562	const char n0,n1,*n2;
wolfSSL	16:8e0d178b1d1e	18563	n0 = n[0];
wolfSSL	16:8e0d178b1d1e	18564	n1 = n[1];
wolfSSL	16:8e0d178b1d1e	18565	n2 = n[2];
wolfSSL	16:8e0d178b1d1e	18566
wolfSSL	16:8e0d178b1d1e	18567	if ((XSTRNCMP(n0,"AES128",6) == 0) \|\| (XSTRNCMP(n0,"AES256",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18568	((XSTRNCMP(n0,"TLS13",5) == 0) && ((XSTRNCMP(n1,"AES128",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18569	(XSTRNCMP(n1,"AES256",6) == 0) \|\| (XSTRNCMP(n1,"CHACHA20",8) == 0))) \|\|
wolfSSL	16:8e0d178b1d1e	18570	(XSTRNCMP(n0,"RSA",3) == 0) \|\| (XSTRNCMP(n1,"RSA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18571	(XSTRNCMP(n1,"SHA",3) == 0) \|\| (XSTRNCMP(n2,"SHA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18572	(XSTRNCMP(n1,"MD5",3) == 0))
wolfSSL	16:8e0d178b1d1e	18573	authStr = "RSA";
wolfSSL	16:8e0d178b1d1e	18574	else if (XSTRNCMP(n0,"PSK",3) == 0 \|\| XSTRNCMP(n1,"PSK",3) == 0)
wolfSSL	16:8e0d178b1d1e	18575	authStr = "PSK";
wolfSSL	16:8e0d178b1d1e	18576	else if (XSTRNCMP(n0,"SRP",3) == 0 && XSTRNCMP(n1,"AES",3) == 0)
wolfSSL	16:8e0d178b1d1e	18577	authStr = "SRP";
wolfSSL	16:8e0d178b1d1e	18578	else if (XSTRNCMP(n1,"ECDSA",5) == 0)
wolfSSL	16:8e0d178b1d1e	18579	authStr = "ECDSA";
wolfSSL	16:8e0d178b1d1e	18580	else
wolfSSL	16:8e0d178b1d1e	18581	authStr = "unknown";
wolfSSL	16:8e0d178b1d1e	18582
wolfSSL	16:8e0d178b1d1e	18583	return authStr;
wolfSSL	16:8e0d178b1d1e	18584	}
wolfSSL	16:8e0d178b1d1e	18585
wolfSSL	16:8e0d178b1d1e	18586	const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]) {
wolfSSL	16:8e0d178b1d1e	18587	const char* encStr = NULL;
wolfSSL	16:8e0d178b1d1e	18588	const char n0,n1,n2,n3;
wolfSSL	16:8e0d178b1d1e	18589	n0 = n[0];
wolfSSL	16:8e0d178b1d1e	18590	n1 = n[1];
wolfSSL	16:8e0d178b1d1e	18591	n2 = n[2];
wolfSSL	16:8e0d178b1d1e	18592	n3 = n[3];
wolfSSL	16:8e0d178b1d1e	18593
wolfSSL	16:8e0d178b1d1e	18594	if ((XSTRNCMP(n0,"AES256",6) == 0 && XSTRNCMP(n1,"GCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18595	(XSTRNCMP(n1,"AES256",6) == 0 && XSTRNCMP(n2,"GCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18596	(XSTRNCMP(n2,"AES256",6) == 0 && XSTRNCMP(n3,"GCM",3) == 0))
wolfSSL	16:8e0d178b1d1e	18597	encStr = "AESGCM(256)";
wolfSSL	16:8e0d178b1d1e	18598
wolfSSL	16:8e0d178b1d1e	18599	else if ((XSTRNCMP(n0,"AES128",6) == 0 && XSTRNCMP(n1,"GCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18600	(XSTRNCMP(n1,"AES128",6) == 0 && XSTRNCMP(n2,"GCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18601	(XSTRNCMP(n2,"AES128",6) == 0 && XSTRNCMP(n3,"GCM",3) == 0))
wolfSSL	16:8e0d178b1d1e	18602	encStr = "AESGCM(128)";
wolfSSL	16:8e0d178b1d1e	18603
wolfSSL	16:8e0d178b1d1e	18604	else if ((XSTRNCMP(n0,"AES128",6) == 0 && XSTRNCMP(n1,"CCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18605	(XSTRNCMP(n1,"AES128",6) == 0 && XSTRNCMP(n2,"CCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18606	(XSTRNCMP(n2,"AES128",6) == 0 && XSTRNCMP(n3,"CCM",3) == 0))
wolfSSL	16:8e0d178b1d1e	18607	encStr = "AESCCM(128)";
wolfSSL	16:8e0d178b1d1e	18608
wolfSSL	16:8e0d178b1d1e	18609	else if ((XSTRNCMP(n0,"AES128",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18610	(XSTRNCMP(n1,"AES128",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18611	(XSTRNCMP(n2,"AES128",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18612	(XSTRNCMP(n1,"AES",3) == 0 && XSTRNCMP(n2,"128",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18613	(XSTRNCMP(n2,"AES",3) == 0 && XSTRNCMP(n3,"128",3) == 0))
wolfSSL	16:8e0d178b1d1e	18614	encStr = "AES(128)";
wolfSSL	16:8e0d178b1d1e	18615
wolfSSL	16:8e0d178b1d1e	18616	else if ((XSTRNCMP(n0,"AES256",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18617	(XSTRNCMP(n1,"AES256",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18618	(XSTRNCMP(n2,"AES256",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18619	(XSTRNCMP(n1,"AES",3) == 0 && XSTRNCMP(n2,"256",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18620	(XSTRNCMP(n2,"AES",3) == 0 && XSTRNCMP(n3,"256",3) == 0))
wolfSSL	16:8e0d178b1d1e	18621	encStr = "AES(256)";
wolfSSL	16:8e0d178b1d1e	18622
wolfSSL	16:8e0d178b1d1e	18623	else if ((XSTRNCMP(n0,"CAMELLIA256",11) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18624	(XSTRNCMP(n2,"CAMELLIA256",11) == 0))
wolfSSL	16:8e0d178b1d1e	18625	encStr = "CAMELLIA(256)";
wolfSSL	16:8e0d178b1d1e	18626	else if ((XSTRNCMP(n0,"CAMELLIA128",11) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18627	(XSTRNCMP(n2,"CAMELLIA128",11) == 0))
wolfSSL	16:8e0d178b1d1e	18628	encStr = "CAMELLIA(128)";
wolfSSL	16:8e0d178b1d1e	18629	else if ((XSTRNCMP(n0,"RC4",3) == 0) \|\| (XSTRNCMP(n2,"RC4",3) == 0))
wolfSSL	16:8e0d178b1d1e	18630	encStr = "RC4";
wolfSSL	16:8e0d178b1d1e	18631	else if (((XSTRNCMP(n0,"DES",3) == 0) \|\| (XSTRNCMP(n2,"DES",3) == 0)) &&
wolfSSL	16:8e0d178b1d1e	18632	((XSTRNCMP(n1,"CBC3",4) == 0) \|\| (XSTRNCMP(n3,"CBC3",4) == 0)))
wolfSSL	16:8e0d178b1d1e	18633	encStr = "3DES";
wolfSSL	16:8e0d178b1d1e	18634	else if ((XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18635	(XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0))
wolfSSL	16:8e0d178b1d1e	18636	encStr = "CHACHA20/POLY1305(256)";
wolfSSL	16:8e0d178b1d1e	18637	else if ((XSTRNCMP(n0,"NULL",4) == 0) \|\| (XSTRNCMP(n1,"NULL",4) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18638	(XSTRNCMP(n2,"NULL",4) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18639	((XSTRNCMP(n0,"TLS13",5) == 0) && (XSTRNCMP(n3,"",0) == 0)))
wolfSSL	16:8e0d178b1d1e	18640	encStr = "None";
wolfSSL	16:8e0d178b1d1e	18641	else if ((XSTRNCMP(n0,"IDEA",4) == 0))
wolfSSL	16:8e0d178b1d1e	18642	encStr = "IDEA";
wolfSSL	16:8e0d178b1d1e	18643	else if ((XSTRNCMP(n0,"RABBIT",4) == 0))
wolfSSL	16:8e0d178b1d1e	18644	encStr = "RABBIT";
wolfSSL	16:8e0d178b1d1e	18645	else if ((XSTRNCMP(n0,"HC128",5) == 0))
wolfSSL	16:8e0d178b1d1e	18646	encStr = "HC128";
wolfSSL	16:8e0d178b1d1e	18647	else
wolfSSL	16:8e0d178b1d1e	18648	encStr = "unknown";
wolfSSL	16:8e0d178b1d1e	18649
wolfSSL	16:8e0d178b1d1e	18650	return encStr;
wolfSSL	16:8e0d178b1d1e	18651	}
wolfSSL	16:8e0d178b1d1e	18652
wolfSSL	16:8e0d178b1d1e	18653	/* Returns the MAC string of a cipher or "unknown" on failure */
wolfSSL	16:8e0d178b1d1e	18654	const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) {
wolfSSL	16:8e0d178b1d1e	18655
wolfSSL	16:8e0d178b1d1e	18656	const char* macStr = NULL;
wolfSSL	16:8e0d178b1d1e	18657	const char n1,n2,n3,n4;
wolfSSL	16:8e0d178b1d1e	18658	n1 = n[1];
wolfSSL	16:8e0d178b1d1e	18659	n2 = n[2];
wolfSSL	16:8e0d178b1d1e	18660	n3 = n[3];
wolfSSL	16:8e0d178b1d1e	18661	n4 = n[4];
wolfSSL	16:8e0d178b1d1e	18662
wolfSSL	16:8e0d178b1d1e	18663	if ((XSTRNCMP(n4,"SHA256",6) == 0) \|\| (XSTRNCMP(n3,"SHA256",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18664	(XSTRNCMP(n2,"SHA256",6) == 0) \|\| (XSTRNCMP(n1,"SHA256",6) == 0))
wolfSSL	16:8e0d178b1d1e	18665	macStr = "SHA256";
wolfSSL	16:8e0d178b1d1e	18666	else if ((XSTRNCMP(n4,"SHA384",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18667	(XSTRNCMP(n3,"SHA384",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18668	(XSTRNCMP(n2,"SHA384",6) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18669	(XSTRNCMP(n1,"SHA384",6) == 0))
wolfSSL	16:8e0d178b1d1e	18670	macStr = "SHA384";
wolfSSL	16:8e0d178b1d1e	18671	else if ((XSTRNCMP(n4,"SHA",3) == 0) \|\| (XSTRNCMP(n3,"SHA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18672	(XSTRNCMP(n2,"SHA",3) == 0) \|\| (XSTRNCMP(n1,"SHA",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18673	(XSTRNCMP(n1,"MD5",3) == 0))
wolfSSL	16:8e0d178b1d1e	18674	macStr = "SHA1";
wolfSSL	16:8e0d178b1d1e	18675	else if ((XSTRNCMP(n3,"GCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18676	(XSTRNCMP(n1,"CCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18677	(XSTRNCMP(n2,"CCM",3) == 0) \|\| (XSTRNCMP(n3,"CCM",3) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18678	(XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18679	(XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0))
wolfSSL	16:8e0d178b1d1e	18680	macStr = "AEAD";
wolfSSL	16:8e0d178b1d1e	18681	else
wolfSSL	16:8e0d178b1d1e	18682	macStr = "unknown";
wolfSSL	16:8e0d178b1d1e	18683
wolfSSL	16:8e0d178b1d1e	18684	return macStr;
wolfSSL	16:8e0d178b1d1e	18685	}
wolfSSL	16:8e0d178b1d1e	18686
wolfSSL	16:8e0d178b1d1e	18687	/* Returns the number of bits based on the cipher enc string, or 0 on failure */
wolfSSL	16:8e0d178b1d1e	18688	int SetCipherBits(const char* enc) {
wolfSSL	16:8e0d178b1d1e	18689	int ret = WOLFSSL_FAILURE;
wolfSSL	16:8e0d178b1d1e	18690
wolfSSL	16:8e0d178b1d1e	18691	if ((XSTRNCMP(enc,"AESGCM(256)",11) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18692	(XSTRNCMP(enc,"AES(256)",8) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18693	(XSTRNCMP(enc,"CAMELLIA(256)",13) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18694	(XSTRNCMP(enc,"CHACHA20/POLY1305(256)",22) == 0))
wolfSSL	16:8e0d178b1d1e	18695	ret = 256;
wolfSSL	16:8e0d178b1d1e	18696	else if
wolfSSL	16:8e0d178b1d1e	18697	((XSTRNCMP(enc,"3DES",4) == 0))
wolfSSL	16:8e0d178b1d1e	18698	ret = 168;
wolfSSL	16:8e0d178b1d1e	18699	else if
wolfSSL	16:8e0d178b1d1e	18700	((XSTRNCMP(enc,"AESGCM(128)",11) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18701	(XSTRNCMP(enc,"AES(128)",8) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18702	(XSTRNCMP(enc,"CAMELLIA(128)",13) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18703	(XSTRNCMP(enc,"IDEA",4) == 0) \|\|
wolfSSL	16:8e0d178b1d1e	18704	(XSTRNCMP(enc,"RC4",3) == 0))
wolfSSL	16:8e0d178b1d1e	18705	ret = 128;
wolfSSL	16:8e0d178b1d1e	18706	else if
wolfSSL	16:8e0d178b1d1e	18707	((XSTRNCMP(enc,"DES",3) == 0))
wolfSSL	16:8e0d178b1d1e	18708	ret = 56;
wolfSSL	16:8e0d178b1d1e	18709
wolfSSL	16:8e0d178b1d1e	18710	return ret;
wolfSSL	16:8e0d178b1d1e	18711	}
wolfSSL	16:8e0d178b1d1e	18712	#endif /* WOLFSSL_QT \|\| OPENSSL_ALL */
wolfSSL	16:8e0d178b1d1e	18713
wolfSSL	15:117db924cf7c	18714	const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite)
wolfSSL	15:117db924cf7c	18715	{
wolfSSL	15:117db924cf7c	18716	#ifndef NO_ERROR_STRINGS
wolfSSL	15:117db924cf7c	18717	int i;
wolfSSL	15:117db924cf7c	18718	const char* nameIana = "NONE";
wolfSSL	15:117db924cf7c	18719
wolfSSL	15:117db924cf7c	18720	for (i = 0; i < GetCipherNamesSize(); i++) {
wolfSSL	15:117db924cf7c	18721	if ((cipher_names[i].cipherSuite0 == cipherSuite0) &&
wolfSSL	15:117db924cf7c	18722	(cipher_names[i].cipherSuite == cipherSuite)) {
wolfSSL	15:117db924cf7c	18723	nameIana = cipher_names[i].name_iana;
wolfSSL	15:117db924cf7c	18724	break;
wolfSSL	15:117db924cf7c	18725	}
wolfSSL	15:117db924cf7c	18726	}
wolfSSL	15:117db924cf7c	18727	return nameIana;
wolfSSL	15:117db924cf7c	18728	#else
wolfSSL	15:117db924cf7c	18729	(void)cipherSuite0;
wolfSSL	15:117db924cf7c	18730	(void)cipherSuite;
wolfSSL	15:117db924cf7c	18731	return NULL;
wolfSSL	15:117db924cf7c	18732	#endif
wolfSSL	15:117db924cf7c	18733	}
wolfSSL	15:117db924cf7c	18734
wolfSSL	15:117db924cf7c	18735	const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	18736	{
wolfSSL	15:117db924cf7c	18737	if (ssl == NULL) {
wolfSSL	15:117db924cf7c	18738	return NULL;
wolfSSL	15:117db924cf7c	18739	}
wolfSSL	15:117db924cf7c	18740
wolfSSL	15:117db924cf7c	18741	return GetCipherNameInternal(ssl->options.cipherSuite0, ssl->options.cipherSuite);
wolfSSL	15:117db924cf7c	18742	}
wolfSSL	15:117db924cf7c	18743
wolfSSL	15:117db924cf7c	18744	const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	18745	{
wolfSSL	15:117db924cf7c	18746	if (ssl == NULL) {
wolfSSL	15:117db924cf7c	18747	return NULL;
wolfSSL	15:117db924cf7c	18748	}
wolfSSL	15:117db924cf7c	18749
wolfSSL	15:117db924cf7c	18750	return GetCipherNameIana(ssl->options.cipherSuite0, ssl->options.cipherSuite);
wolfSSL	15:117db924cf7c	18751	}
wolfSSL	15:117db924cf7c	18752
wolfSSL	16:8e0d178b1d1e	18753	int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
wolfSSL	16:8e0d178b1d1e	18754	byte* cipherSuite)
wolfSSL	16:8e0d178b1d1e	18755	{
wolfSSL	16:8e0d178b1d1e	18756	int ret = BAD_FUNC_ARG;
wolfSSL	16:8e0d178b1d1e	18757	int i;
wolfSSL	16:8e0d178b1d1e	18758	unsigned long len = (unsigned long)XSTRLEN(name);
wolfSSL	16:8e0d178b1d1e	18759
wolfSSL	16:8e0d178b1d1e	18760	for (i = 0; i < GetCipherNamesSize(); i++) {
wolfSSL	16:8e0d178b1d1e	18761	if (XSTRNCMP(name, cipher_names[i].name, len) == 0) {
wolfSSL	16:8e0d178b1d1e	18762	*cipherSuite0 = cipher_names[i].cipherSuite0;
wolfSSL	16:8e0d178b1d1e	18763	*cipherSuite = cipher_names[i].cipherSuite;
wolfSSL	16:8e0d178b1d1e	18764	ret = 0;
wolfSSL	16:8e0d178b1d1e	18765	break;
wolfSSL	16:8e0d178b1d1e	18766	}
wolfSSL	16:8e0d178b1d1e	18767	}
wolfSSL	16:8e0d178b1d1e	18768
wolfSSL	16:8e0d178b1d1e	18769	return ret;
wolfSSL	16:8e0d178b1d1e	18770	}
wolfSSL	15:117db924cf7c	18771
wolfSSL	15:117db924cf7c	18772	/**
wolfSSL	15:117db924cf7c	18773	Set the enabled cipher suites.
wolfSSL	15:117db924cf7c	18774
wolfSSL	15:117db924cf7c	18775	@param [out] suites Suites structure.
wolfSSL	15:117db924cf7c	18776	@param [in] list List of cipher suites, only supports full name from
wolfSSL	15:117db924cf7c	18777	cipher_names[] delimited by ':'.
wolfSSL	15:117db924cf7c	18778
wolfSSL	15:117db924cf7c	18779	@return true on success, else false.
wolfSSL	15:117db924cf7c	18780	*/
wolfSSL	15:117db924cf7c	18781	int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
wolfSSL	15:117db924cf7c	18782	{
wolfSSL	15:117db924cf7c	18783	int ret = 0;
wolfSSL	15:117db924cf7c	18784	int idx = 0;
wolfSSL	15:117db924cf7c	18785	int haveRSAsig = 0;
wolfSSL	15:117db924cf7c	18786	int haveECDSAsig = 0;
wolfSSL	15:117db924cf7c	18787	int haveAnon = 0;
wolfSSL	15:117db924cf7c	18788	const int suiteSz = GetCipherNamesSize();
wolfSSL	15:117db924cf7c	18789	char* next = (char*)list;
wolfSSL	15:117db924cf7c	18790
wolfSSL	15:117db924cf7c	18791	if (suites == NULL \|\| list == NULL) {
wolfSSL	15:117db924cf7c	18792	WOLFSSL_MSG("SetCipherList parameter error");
wolfSSL	15:117db924cf7c	18793	return 0;
wolfSSL	15:117db924cf7c	18794	}
wolfSSL	15:117db924cf7c	18795
wolfSSL	15:117db924cf7c	18796	if (next[0] == 0 \|\| XSTRNCMP(next, "ALL", 3) == 0 \|\|
wolfSSL	15:117db924cf7c	18797	XSTRNCMP(next, "DEFAULT", 7) == 0)
wolfSSL	16:8e0d178b1d1e	18798	return 1; /* wolfSSL default */
wolfSSL	15:117db924cf7c	18799
wolfSSL	15:117db924cf7c	18800	do {
wolfSSL	15:117db924cf7c	18801	char* current = next;
wolfSSL	15:117db924cf7c	18802	char name[MAX_SUITE_NAME + 1];
wolfSSL	15:117db924cf7c	18803	int i;
wolfSSL	15:117db924cf7c	18804	word32 length;
wolfSSL	15:117db924cf7c	18805
wolfSSL	15:117db924cf7c	18806	next = XSTRSTR(next, ":");
wolfSSL	15:117db924cf7c	18807	length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL	15:117db924cf7c	18808	: (word32)(next - current));
wolfSSL	15:117db924cf7c	18809
wolfSSL	15:117db924cf7c	18810	XSTRNCPY(name, current, length);
wolfSSL	15:117db924cf7c	18811	name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL	15:117db924cf7c	18812
wolfSSL	15:117db924cf7c	18813	for (i = 0; i < suiteSz; i++) {
wolfSSL	16:8e0d178b1d1e	18814	if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0
wolfSSL	16:8e0d178b1d1e	18815	#ifndef NO_ERROR_STRINGS
wolfSSL	16:8e0d178b1d1e	18816	\|\| XSTRNCMP(name, cipher_names[i].name_iana, sizeof(name)) == 0
wolfSSL	16:8e0d178b1d1e	18817	#endif
wolfSSL	16:8e0d178b1d1e	18818	) {
wolfSSL	15:117db924cf7c	18819	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	18820	/* don't allow stream ciphers with DTLS */
wolfSSL	15:117db924cf7c	18821	if (ctx->method->version.major == DTLS_MAJOR) {
wolfSSL	15:117db924cf7c	18822	if (XSTRSTR(name, "RC4") \|\|
wolfSSL	15:117db924cf7c	18823	XSTRSTR(name, "HC128") \|\|
wolfSSL	15:117db924cf7c	18824	XSTRSTR(name, "RABBIT"))
wolfSSL	15:117db924cf7c	18825	{
wolfSSL	15:117db924cf7c	18826	WOLFSSL_MSG("Stream ciphers not supported with DTLS");
wolfSSL	15:117db924cf7c	18827	continue;
wolfSSL	15:117db924cf7c	18828	}
wolfSSL	15:117db924cf7c	18829
wolfSSL	15:117db924cf7c	18830	}
wolfSSL	15:117db924cf7c	18831	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	18832
wolfSSL	15:117db924cf7c	18833	if (idx + 1 >= WOLFSSL_MAX_SUITE_SZ) {
wolfSSL	15:117db924cf7c	18834	WOLFSSL_MSG("WOLFSSL_MAX_SUITE_SZ set too low");
wolfSSL	15:117db924cf7c	18835	return 0; /* suites buffer not large enough, error out */
wolfSSL	15:117db924cf7c	18836	}
wolfSSL	15:117db924cf7c	18837
wolfSSL	16:8e0d178b1d1e	18838	suites->suites[idx++] = cipher_names[i].cipherSuite0;
wolfSSL	15:117db924cf7c	18839	suites->suites[idx++] = cipher_names[i].cipherSuite;
wolfSSL	15:117db924cf7c	18840	/* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
wolfSSL	15:117db924cf7c	18841	* suites don't necessarily have RSA in the name. */
wolfSSL	15:117db924cf7c	18842	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	18843	if (cipher_names[i].cipherSuite0 == TLS13_BYTE \|\|
wolfSSL	16:8e0d178b1d1e	18844	(cipher_names[i].cipherSuite0 == ECC_BYTE &&
wolfSSL	16:8e0d178b1d1e	18845	(cipher_names[i].cipherSuite == TLS_SHA256_SHA256 \|\|
wolfSSL	16:8e0d178b1d1e	18846	cipher_names[i].cipherSuite == TLS_SHA384_SHA384))) {
wolfSSL	16:8e0d178b1d1e	18847	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	18848	haveRSAsig = 1;
wolfSSL	16:8e0d178b1d1e	18849	#endif
wolfSSL	16:8e0d178b1d1e	18850	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	18851	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	18852	haveECDSAsig = 1;
wolfSSL	16:8e0d178b1d1e	18853	#endif
wolfSSL	15:117db924cf7c	18854	}
wolfSSL	15:117db924cf7c	18855	else
wolfSSL	15:117db924cf7c	18856	#endif
wolfSSL	16:8e0d178b1d1e	18857	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	18858	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	18859	if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
wolfSSL	15:117db924cf7c	18860	haveECDSAsig = 1;
wolfSSL	15:117db924cf7c	18861	else
wolfSSL	15:117db924cf7c	18862	#endif
wolfSSL	15:117db924cf7c	18863	#ifdef HAVE_ANON
wolfSSL	15:117db924cf7c	18864	if (XSTRSTR(name, "ADH"))
wolfSSL	15:117db924cf7c	18865	haveAnon = 1;
wolfSSL	15:117db924cf7c	18866	else
wolfSSL	15:117db924cf7c	18867	#endif
wolfSSL	15:117db924cf7c	18868	if (haveRSAsig == 0
wolfSSL	15:117db924cf7c	18869	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	18870	&& (XSTRSTR(name, "PSK") == NULL)
wolfSSL	15:117db924cf7c	18871	#endif
wolfSSL	15:117db924cf7c	18872	) {
wolfSSL	15:117db924cf7c	18873	haveRSAsig = 1;
wolfSSL	15:117db924cf7c	18874	}
wolfSSL	15:117db924cf7c	18875
wolfSSL	15:117db924cf7c	18876	ret = 1; /* found at least one */
wolfSSL	15:117db924cf7c	18877	break;
wolfSSL	15:117db924cf7c	18878	}
wolfSSL	15:117db924cf7c	18879	}
wolfSSL	15:117db924cf7c	18880	}
wolfSSL	15:117db924cf7c	18881	while (next++); /* ++ needed to skip ':' */
wolfSSL	15:117db924cf7c	18882
wolfSSL	15:117db924cf7c	18883	if (ret) {
wolfSSL	15:117db924cf7c	18884	int keySz = 0;
wolfSSL	15:117db924cf7c	18885	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	18886	keySz = ctx->privateKeySz;
wolfSSL	15:117db924cf7c	18887	#endif
wolfSSL	15:117db924cf7c	18888	suites->setSuites = 1;
wolfSSL	15:117db924cf7c	18889	suites->suiteSz = (word16)idx;
wolfSSL	15:117db924cf7c	18890	InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon, 1,
wolfSSL	15:117db924cf7c	18891	keySz);
wolfSSL	15:117db924cf7c	18892	}
wolfSSL	15:117db924cf7c	18893
wolfSSL	15:117db924cf7c	18894	(void)ctx;
wolfSSL	15:117db924cf7c	18895
wolfSSL	15:117db924cf7c	18896	return ret;
wolfSSL	15:117db924cf7c	18897	}
wolfSSL	15:117db924cf7c	18898
wolfSSL	15:117db924cf7c	18899
wolfSSL	15:117db924cf7c	18900	#if !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_CERTS)
wolfSSL	16:8e0d178b1d1e	18901	int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
wolfSSL	15:117db924cf7c	18902	{
wolfSSL	15:117db924cf7c	18903	word32 i;
wolfSSL	16:8e0d178b1d1e	18904	int ret = MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	18905
wolfSSL	15:117db924cf7c	18906	ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL	15:117db924cf7c	18907
wolfSSL	15:117db924cf7c	18908	/* set defaults */
wolfSSL	15:117db924cf7c	18909	if (IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	18910	ssl->suites->hashAlgo = sha256_mac;
wolfSSL	15:117db924cf7c	18911	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	18912	ssl->suites->sigAlgo = ssl->buffers.keyType;
wolfSSL	15:117db924cf7c	18913	#endif
wolfSSL	15:117db924cf7c	18914	}
wolfSSL	15:117db924cf7c	18915	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	18916	else if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	18917	#ifdef WOLFSSL_ALLOW_TLS_SHA1
wolfSSL	15:117db924cf7c	18918	ssl->suites->hashAlgo = sha_mac;
wolfSSL	15:117db924cf7c	18919	#else
wolfSSL	15:117db924cf7c	18920	ssl->suites->hashAlgo = sha256_mac;
wolfSSL	15:117db924cf7c	18921	#endif
wolfSSL	15:117db924cf7c	18922	}
wolfSSL	15:117db924cf7c	18923	else {
wolfSSL	15:117db924cf7c	18924	ssl->suites->hashAlgo = sha_mac;
wolfSSL	15:117db924cf7c	18925	}
wolfSSL	15:117db924cf7c	18926	#endif
wolfSSL	15:117db924cf7c	18927
wolfSSL	16:8e0d178b1d1e	18928	if (hashSigAlgoSz == 0)
wolfSSL	16:8e0d178b1d1e	18929	return 0;
wolfSSL	16:8e0d178b1d1e	18930
wolfSSL	15:117db924cf7c	18931	/* i+1 since peek a byte ahead for type */
wolfSSL	15:117db924cf7c	18932	for (i = 0; (i+1) < hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) {
wolfSSL	15:117db924cf7c	18933	byte hashAlgo = 0, sigAlgo = 0;
wolfSSL	15:117db924cf7c	18934
wolfSSL	15:117db924cf7c	18935	DecodeSigAlg(&hashSigAlgo[i], &hashAlgo, &sigAlgo);
wolfSSL	15:117db924cf7c	18936	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	18937	if (ssl->pkCurveOID == ECC_ED25519_OID) {
wolfSSL	16:8e0d178b1d1e	18938	if (sigAlgo != ed25519_sa_algo)
wolfSSL	16:8e0d178b1d1e	18939	continue;
wolfSSL	16:8e0d178b1d1e	18940	if (sigAlgo == ed25519_sa_algo &&
wolfSSL	16:8e0d178b1d1e	18941	ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	18942	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	16:8e0d178b1d1e	18943	ssl->suites->hashAlgo = sha512_mac;
wolfSSL	16:8e0d178b1d1e	18944	ret = 0;
wolfSSL	16:8e0d178b1d1e	18945	break;
wolfSSL	16:8e0d178b1d1e	18946	}
wolfSSL	16:8e0d178b1d1e	18947	}
wolfSSL	16:8e0d178b1d1e	18948	#endif
wolfSSL	16:8e0d178b1d1e	18949	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	18950	if (ssl->pkCurveOID == ECC_ED448_OID) {
wolfSSL	16:8e0d178b1d1e	18951	if (sigAlgo != ed448_sa_algo)
wolfSSL	16:8e0d178b1d1e	18952	continue;
wolfSSL	16:8e0d178b1d1e	18953
wolfSSL	16:8e0d178b1d1e	18954	if (sigAlgo == ed448_sa_algo &&
wolfSSL	15:117db924cf7c	18955	ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	18956	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	16:8e0d178b1d1e	18957	ssl->suites->hashAlgo = sha512_mac;
wolfSSL	16:8e0d178b1d1e	18958	ret = 0;
wolfSSL	16:8e0d178b1d1e	18959	break;
wolfSSL	16:8e0d178b1d1e	18960	}
wolfSSL	16:8e0d178b1d1e	18961	}
wolfSSL	16:8e0d178b1d1e	18962	#endif
wolfSSL	16:8e0d178b1d1e	18963	#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	18964	if (IsAtLeastTLSv1_3(ssl->version) && sigAlgo == ssl->suites->sigAlgo &&
wolfSSL	16:8e0d178b1d1e	18965	sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	18966
wolfSSL	16:8e0d178b1d1e	18967	int digestSz = GetMacDigestSize(hashAlgo);
wolfSSL	16:8e0d178b1d1e	18968	if (digestSz <= 0)
wolfSSL	16:8e0d178b1d1e	18969	continue;
wolfSSL	16:8e0d178b1d1e	18970
wolfSSL	16:8e0d178b1d1e	18971	/* TLS 1.3 signature algorithms for ECDSA match hash length with
wolfSSL	16:8e0d178b1d1e	18972	* key size.
wolfSSL	16:8e0d178b1d1e	18973	*/
wolfSSL	16:8e0d178b1d1e	18974	if (digestSz != ssl->buffers.keySz)
wolfSSL	16:8e0d178b1d1e	18975	continue;
wolfSSL	16:8e0d178b1d1e	18976
wolfSSL	16:8e0d178b1d1e	18977	ssl->suites->hashAlgo = hashAlgo;
wolfSSL	15:117db924cf7c	18978	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	16:8e0d178b1d1e	18979	ret = 0;
wolfSSL	16:8e0d178b1d1e	18980	break; /* done selected sig/hash algorithms */
wolfSSL	16:8e0d178b1d1e	18981	}
wolfSSL	16:8e0d178b1d1e	18982	else
wolfSSL	16:8e0d178b1d1e	18983	#endif
wolfSSL	16:8e0d178b1d1e	18984	/* For ECDSA the `USE_ECDSA_KEYSZ_HASH_ALGO` build option will choose a hash
wolfSSL	16:8e0d178b1d1e	18985	* algorithm that matches the ephemeral ECDHE key size or the next highest
wolfSSL	16:8e0d178b1d1e	18986	* available. This workaround resolves issue with some peer's that do not
wolfSSL	16:8e0d178b1d1e	18987	* properly support scenarios such as a P-256 key hashed with SHA512.
wolfSSL	16:8e0d178b1d1e	18988	*/
wolfSSL	16:8e0d178b1d1e	18989	#if defined(HAVE_ECC) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
wolfSSL	16:8e0d178b1d1e	18990	if (sigAlgo == ssl->suites->sigAlgo && sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	18991	int digestSz = GetMacDigestSize(hashAlgo);
wolfSSL	16:8e0d178b1d1e	18992	if (digestSz <= 0)
wolfSSL	16:8e0d178b1d1e	18993	continue;
wolfSSL	16:8e0d178b1d1e	18994
wolfSSL	16:8e0d178b1d1e	18995	/* For ecc_dsa_sa_algo, pick hash algo that is curve size unless
wolfSSL	16:8e0d178b1d1e	18996	algorithm in not compiled in, then choose next highest */
wolfSSL	16:8e0d178b1d1e	18997	if (digestSz == ssl->eccTempKeySz) {
wolfSSL	16:8e0d178b1d1e	18998	ssl->suites->hashAlgo = hashAlgo;
wolfSSL	16:8e0d178b1d1e	18999	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	16:8e0d178b1d1e	19000	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	19001	ssl->namedGroup = 0;
wolfSSL	16:8e0d178b1d1e	19002	#endif
wolfSSL	16:8e0d178b1d1e	19003	ret = 0;
wolfSSL	16:8e0d178b1d1e	19004	break; /* done selected sig/hash algorithms */
wolfSSL	16:8e0d178b1d1e	19005	}
wolfSSL	16:8e0d178b1d1e	19006	/* not strong enough, so keep checking hashSigAlso list */
wolfSSL	16:8e0d178b1d1e	19007	if (digestSz < ssl->eccTempKeySz)
wolfSSL	16:8e0d178b1d1e	19008	continue;
wolfSSL	16:8e0d178b1d1e	19009
wolfSSL	16:8e0d178b1d1e	19010	/* mark as highest and check remainder of hashSigAlgo list */
wolfSSL	16:8e0d178b1d1e	19011	ssl->suites->hashAlgo = hashAlgo;
wolfSSL	16:8e0d178b1d1e	19012	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	16:8e0d178b1d1e	19013	ret = 0;
wolfSSL	16:8e0d178b1d1e	19014	}
wolfSSL	16:8e0d178b1d1e	19015	else
wolfSSL	16:8e0d178b1d1e	19016	#endif
wolfSSL	16:8e0d178b1d1e	19017	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	19018	if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL	16:8e0d178b1d1e	19019	ssl->suites->sigAlgo == rsa_sa_algo &&
wolfSSL	16:8e0d178b1d1e	19020	sigAlgo != rsa_pss_sa_algo) {
wolfSSL	16:8e0d178b1d1e	19021	continue;
wolfSSL	16:8e0d178b1d1e	19022	}
wolfSSL	16:8e0d178b1d1e	19023	else if (sigAlgo == ssl->suites->sigAlgo \|\|
wolfSSL	16:8e0d178b1d1e	19024	(sigAlgo == rsa_pss_sa_algo &&
wolfSSL	16:8e0d178b1d1e	19025	(ssl->suites->sigAlgo == rsa_sa_algo)))
wolfSSL	16:8e0d178b1d1e	19026	#else
wolfSSL	16:8e0d178b1d1e	19027	if (sigAlgo == ssl->suites->sigAlgo)
wolfSSL	16:8e0d178b1d1e	19028	#endif
wolfSSL	16:8e0d178b1d1e	19029	{
wolfSSL	16:8e0d178b1d1e	19030	/* pick highest available between both server and client */
wolfSSL	15:117db924cf7c	19031	switch (hashAlgo) {
wolfSSL	15:117db924cf7c	19032	case sha_mac:
wolfSSL	16:8e0d178b1d1e	19033	#ifdef WOLFSSL_SHA224
wolfSSL	16:8e0d178b1d1e	19034	case sha224_mac:
wolfSSL	16:8e0d178b1d1e	19035	#endif
wolfSSL	15:117db924cf7c	19036	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	19037	case sha256_mac:
wolfSSL	15:117db924cf7c	19038	#endif
wolfSSL	15:117db924cf7c	19039	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	19040	case sha384_mac:
wolfSSL	15:117db924cf7c	19041	#endif
wolfSSL	15:117db924cf7c	19042	#ifdef WOLFSSL_SHA512
wolfSSL	15:117db924cf7c	19043	case sha512_mac:
wolfSSL	15:117db924cf7c	19044	#endif
wolfSSL	16:8e0d178b1d1e	19045	/* not strong enough, so keep checking hashSigAlso list */
wolfSSL	16:8e0d178b1d1e	19046	if (hashAlgo < ssl->suites->hashAlgo) {
wolfSSL	16:8e0d178b1d1e	19047	ret = 0;
wolfSSL	15:117db924cf7c	19048	continue;
wolfSSL	16:8e0d178b1d1e	19049	}
wolfSSL	16:8e0d178b1d1e	19050	/* mark as highest and check remainder of hashSigAlgo list */
wolfSSL	15:117db924cf7c	19051	ssl->suites->hashAlgo = hashAlgo;
wolfSSL	15:117db924cf7c	19052	ssl->suites->sigAlgo = sigAlgo;
wolfSSL	15:117db924cf7c	19053	break;
wolfSSL	15:117db924cf7c	19054	default:
wolfSSL	15:117db924cf7c	19055	continue;
wolfSSL	15:117db924cf7c	19056	}
wolfSSL	16:8e0d178b1d1e	19057	ret = 0;
wolfSSL	16:8e0d178b1d1e	19058	break;
wolfSSL	16:8e0d178b1d1e	19059	}
wolfSSL	16:8e0d178b1d1e	19060	#if defined(WOLFSSL_TLS13)
wolfSSL	16:8e0d178b1d1e	19061	else if (ssl->specs.sig_algo == 0 && IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	16:8e0d178b1d1e	19062	}
wolfSSL	16:8e0d178b1d1e	19063	#endif
wolfSSL	16:8e0d178b1d1e	19064	else if (ssl->specs.sig_algo == 0)
wolfSSL	16:8e0d178b1d1e	19065	{
wolfSSL	15:117db924cf7c	19066	ssl->suites->hashAlgo = ssl->specs.mac_algorithm;
wolfSSL	16:8e0d178b1d1e	19067	ret = 0;
wolfSSL	16:8e0d178b1d1e	19068	}
wolfSSL	16:8e0d178b1d1e	19069	}
wolfSSL	16:8e0d178b1d1e	19070
wolfSSL	16:8e0d178b1d1e	19071	return ret;
wolfSSL	15:117db924cf7c	19072	}
wolfSSL	15:117db924cf7c	19073	#endif /* !defined(NO_WOLFSSL_SERVER) \|\| !defined(NO_CERTS) */
wolfSSL	15:117db924cf7c	19074
wolfSSL	15:117db924cf7c	19075	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	19076
wolfSSL	16:8e0d178b1d1e	19077	/* Initialize HandShakeInfo */
wolfSSL	15:117db924cf7c	19078	void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	19079	{
wolfSSL	15:117db924cf7c	19080	int i;
wolfSSL	15:117db924cf7c	19081
wolfSSL	15:117db924cf7c	19082	info->ssl = ssl;
wolfSSL	15:117db924cf7c	19083	info->cipherName[0] = 0;
wolfSSL	15:117db924cf7c	19084	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	15:117db924cf7c	19085	info->packetNames[i][0] = 0;
wolfSSL	15:117db924cf7c	19086	info->numberPackets = 0;
wolfSSL	15:117db924cf7c	19087	info->negotiationError = 0;
wolfSSL	15:117db924cf7c	19088	}
wolfSSL	15:117db924cf7c	19089
wolfSSL	15:117db924cf7c	19090	/* Set Final HandShakeInfo parameters */
wolfSSL	15:117db924cf7c	19091	void FinishHandShakeInfo(HandShakeInfo* info)
wolfSSL	15:117db924cf7c	19092	{
wolfSSL	15:117db924cf7c	19093	int i;
wolfSSL	15:117db924cf7c	19094	int sz = GetCipherNamesSize();
wolfSSL	15:117db924cf7c	19095
wolfSSL	15:117db924cf7c	19096	for (i = 0; i < sz; i++)
wolfSSL	15:117db924cf7c	19097	if (info->ssl->options.cipherSuite ==
wolfSSL	15:117db924cf7c	19098	(byte)cipher_names[i].cipherSuite) {
wolfSSL	15:117db924cf7c	19099	if (info->ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL	15:117db924cf7c	19100	continue; /* ECC suites at end */
wolfSSL	15:117db924cf7c	19101	XSTRNCPY(info->cipherName, cipher_names[i].name, MAX_CIPHERNAME_SZ);
wolfSSL	15:117db924cf7c	19102	info->cipherName[MAX_CIPHERNAME_SZ] = '\0';
wolfSSL	15:117db924cf7c	19103	break;
wolfSSL	15:117db924cf7c	19104	}
wolfSSL	15:117db924cf7c	19105
wolfSSL	15:117db924cf7c	19106	/* error max and min are negative numbers */
wolfSSL	15:117db924cf7c	19107	if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR)
wolfSSL	15:117db924cf7c	19108	info->negotiationError = info->ssl->error;
wolfSSL	15:117db924cf7c	19109	}
wolfSSL	15:117db924cf7c	19110
wolfSSL	15:117db924cf7c	19111
wolfSSL	15:117db924cf7c	19112	/* Add name to info packet names, increase packet name count */
wolfSSL	15:117db924cf7c	19113	void AddPacketName(WOLFSSL* ssl, const char* name)
wolfSSL	15:117db924cf7c	19114	{
wolfSSL	15:117db924cf7c	19115	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	19116	HandShakeInfo* info = &ssl->handShakeInfo;
wolfSSL	15:117db924cf7c	19117	if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL	15:117db924cf7c	19118	char* packetName = info->packetNames[info->numberPackets];
wolfSSL	15:117db924cf7c	19119	XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ);
wolfSSL	15:117db924cf7c	19120	packetName[MAX_PACKETNAME_SZ] = '\0';
wolfSSL	16:8e0d178b1d1e	19121	info->numberPackets++;
wolfSSL	15:117db924cf7c	19122	}
wolfSSL	15:117db924cf7c	19123	#endif
wolfSSL	15:117db924cf7c	19124	(void)ssl;
wolfSSL	15:117db924cf7c	19125	(void)name;
wolfSSL	15:117db924cf7c	19126	}
wolfSSL	15:117db924cf7c	19127
wolfSSL	15:117db924cf7c	19128
wolfSSL	15:117db924cf7c	19129	#ifdef WOLFSSL_CALLBACKS
wolfSSL	16:8e0d178b1d1e	19130	/* Initialize TimeoutInfo */
wolfSSL	15:117db924cf7c	19131	void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL	15:117db924cf7c	19132	{
wolfSSL	15:117db924cf7c	19133	int i;
wolfSSL	15:117db924cf7c	19134
wolfSSL	15:117db924cf7c	19135	info->timeoutName[0] = 0;
wolfSSL	15:117db924cf7c	19136	info->flags = 0;
wolfSSL	15:117db924cf7c	19137
wolfSSL	15:117db924cf7c	19138	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL	15:117db924cf7c	19139	info->packets[i].packetName[0] = 0;
wolfSSL	15:117db924cf7c	19140	info->packets[i].timestamp.tv_sec = 0;
wolfSSL	15:117db924cf7c	19141	info->packets[i].timestamp.tv_usec = 0;
wolfSSL	15:117db924cf7c	19142	info->packets[i].bufferValue = 0;
wolfSSL	15:117db924cf7c	19143	info->packets[i].valueSz = 0;
wolfSSL	15:117db924cf7c	19144	}
wolfSSL	15:117db924cf7c	19145	info->numberPackets = 0;
wolfSSL	15:117db924cf7c	19146	info->timeoutValue.tv_sec = 0;
wolfSSL	15:117db924cf7c	19147	info->timeoutValue.tv_usec = 0;
wolfSSL	15:117db924cf7c	19148	}
wolfSSL	15:117db924cf7c	19149
wolfSSL	15:117db924cf7c	19150
wolfSSL	15:117db924cf7c	19151	/* Free TimeoutInfo */
wolfSSL	15:117db924cf7c	19152	void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL	15:117db924cf7c	19153	{
wolfSSL	15:117db924cf7c	19154	int i;
wolfSSL	15:117db924cf7c	19155	(void)heap;
wolfSSL	15:117db924cf7c	19156	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	15:117db924cf7c	19157	if (info->packets[i].bufferValue) {
wolfSSL	15:117db924cf7c	19158	XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL	15:117db924cf7c	19159	info->packets[i].bufferValue = 0;
wolfSSL	15:117db924cf7c	19160	}
wolfSSL	15:117db924cf7c	19161
wolfSSL	15:117db924cf7c	19162	}
wolfSSL	15:117db924cf7c	19163
wolfSSL	16:8e0d178b1d1e	19164	/* Add packet name to previously added packet info */
wolfSSL	15:117db924cf7c	19165	void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL	15:117db924cf7c	19166	{
wolfSSL	15:117db924cf7c	19167	/* make sure we have a valid previous one */
wolfSSL	15:117db924cf7c	19168	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	15:117db924cf7c	19169	MAX_PACKETS_HANDSHAKE) {
wolfSSL	15:117db924cf7c	19170	char* packetName = info->packets[info->numberPackets-1].packetName;
wolfSSL	15:117db924cf7c	19171	XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ);
wolfSSL	15:117db924cf7c	19172	packetName[MAX_PACKETNAME_SZ] = '\0';
wolfSSL	15:117db924cf7c	19173	}
wolfSSL	15:117db924cf7c	19174	}
wolfSSL	15:117db924cf7c	19175
wolfSSL	16:8e0d178b1d1e	19176	/* Add record header to previously added packet info */
wolfSSL	15:117db924cf7c	19177	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL	15:117db924cf7c	19178	{
wolfSSL	15:117db924cf7c	19179	/* make sure we have a valid previous one */
wolfSSL	15:117db924cf7c	19180	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	15:117db924cf7c	19181	MAX_PACKETS_HANDSHAKE) {
wolfSSL	15:117db924cf7c	19182	if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL	15:117db924cf7c	19183	XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL	15:117db924cf7c	19184	RECORD_HEADER_SZ);
wolfSSL	15:117db924cf7c	19185	else
wolfSSL	15:117db924cf7c	19186	XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL	15:117db924cf7c	19187	RECORD_HEADER_SZ);
wolfSSL	15:117db924cf7c	19188	}
wolfSSL	15:117db924cf7c	19189	}
wolfSSL	15:117db924cf7c	19190
wolfSSL	15:117db924cf7c	19191	#endif /* WOLFSSL_CALLBACKS */
wolfSSL	15:117db924cf7c	19192
wolfSSL	15:117db924cf7c	19193
wolfSSL	15:117db924cf7c	19194	/* Add PacketInfo to TimeoutInfo
wolfSSL	15:117db924cf7c	19195	*
wolfSSL	15:117db924cf7c	19196	* ssl WOLFSSL structure sending or receiving packet
wolfSSL	15:117db924cf7c	19197	* name name of packet being sent
wolfSSL	15:117db924cf7c	19198	* type type of packet being sent
wolfSSL	15:117db924cf7c	19199	* data data bing sent with packet
wolfSSL	15:117db924cf7c	19200	* sz size of data buffer
wolfSSL	15:117db924cf7c	19201	* written 1 if this packet is being written to wire, 0 if being read
wolfSSL	15:117db924cf7c	19202	* heap custom heap to use for mallocs/frees
wolfSSL	15:117db924cf7c	19203	*/
wolfSSL	15:117db924cf7c	19204	void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
wolfSSL	15:117db924cf7c	19205	const byte* data, int sz, int written, void* heap)
wolfSSL	15:117db924cf7c	19206	{
wolfSSL	15:117db924cf7c	19207	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	19208	TimeoutInfo* info = &ssl->timeoutInfo;
wolfSSL	15:117db924cf7c	19209
wolfSSL	15:117db924cf7c	19210	if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL	16:8e0d178b1d1e	19211	WOLFSSL_TIMEVAL currTime;
wolfSSL	15:117db924cf7c	19212
wolfSSL	15:117db924cf7c	19213	/* may add name after */
wolfSSL	15:117db924cf7c	19214	if (name) {
wolfSSL	15:117db924cf7c	19215	char* packetName = info->packets[info->numberPackets].packetName;
wolfSSL	15:117db924cf7c	19216	XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ);
wolfSSL	15:117db924cf7c	19217	packetName[MAX_PACKETNAME_SZ] = '\0';
wolfSSL	15:117db924cf7c	19218	}
wolfSSL	15:117db924cf7c	19219
wolfSSL	15:117db924cf7c	19220	/* add data, put in buffer if bigger than static buffer */
wolfSSL	15:117db924cf7c	19221	info->packets[info->numberPackets].valueSz = sz;
wolfSSL	15:117db924cf7c	19222	if (sz < MAX_VALUE_SZ)
wolfSSL	15:117db924cf7c	19223	XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL	15:117db924cf7c	19224	else {
wolfSSL	15:117db924cf7c	19225	info->packets[info->numberPackets].bufferValue =
wolfSSL	15:117db924cf7c	19226	(byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL	15:117db924cf7c	19227	if (!info->packets[info->numberPackets].bufferValue)
wolfSSL	15:117db924cf7c	19228	/* let next alloc catch, just don't fill, not fatal here */
wolfSSL	15:117db924cf7c	19229	info->packets[info->numberPackets].valueSz = 0;
wolfSSL	15:117db924cf7c	19230	else
wolfSSL	15:117db924cf7c	19231	XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL	15:117db924cf7c	19232	data, sz);
wolfSSL	15:117db924cf7c	19233	}
wolfSSL	15:117db924cf7c	19234	gettimeofday(&currTime, 0);
wolfSSL	15:117db924cf7c	19235	info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL	15:117db924cf7c	19236	currTime.tv_sec;
wolfSSL	15:117db924cf7c	19237	info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL	15:117db924cf7c	19238	currTime.tv_usec;
wolfSSL	15:117db924cf7c	19239	info->numberPackets++;
wolfSSL	15:117db924cf7c	19240	}
wolfSSL	15:117db924cf7c	19241	#endif /* WOLFSSL_CALLBACKS */
wolfSSL	15:117db924cf7c	19242	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	19243	if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) {
wolfSSL	15:117db924cf7c	19244	/* version from hex to dec 16 is 16^1, 256 from 16^2 and
wolfSSL	15:117db924cf7c	19245	4096 from 16^3 */
wolfSSL	15:117db924cf7c	19246	int version = (ssl->version.minor & 0X0F) +
wolfSSL	15:117db924cf7c	19247	(ssl->version.minor & 0xF0) * 16 +
wolfSSL	15:117db924cf7c	19248	(ssl->version.major & 0X0F) * 256 +
wolfSSL	15:117db924cf7c	19249	(ssl->version.major & 0xF0) * 4096;
wolfSSL	15:117db924cf7c	19250
wolfSSL	15:117db924cf7c	19251	ssl->protoMsgCb(written, version, type,
wolfSSL	15:117db924cf7c	19252	(const void *)(data + RECORD_HEADER_SZ),
wolfSSL	15:117db924cf7c	19253	(size_t)(sz - RECORD_HEADER_SZ),
wolfSSL	15:117db924cf7c	19254	ssl, ssl->protoMsgCtx);
wolfSSL	15:117db924cf7c	19255	}
wolfSSL	15:117db924cf7c	19256	#endif /* OPENSSL_EXTRA */
wolfSSL	15:117db924cf7c	19257	(void)written;
wolfSSL	15:117db924cf7c	19258	(void)name;
wolfSSL	15:117db924cf7c	19259	(void)heap;
wolfSSL	15:117db924cf7c	19260	(void)type;
wolfSSL	15:117db924cf7c	19261	(void)ssl;
wolfSSL	15:117db924cf7c	19262	}
wolfSSL	15:117db924cf7c	19263
wolfSSL	15:117db924cf7c	19264	#endif /* WOLFSSL_CALLBACKS */
wolfSSL	15:117db924cf7c	19265
wolfSSL	16:8e0d178b1d1e	19266	#if !defined(NO_CERTS)
wolfSSL	16:8e0d178b1d1e	19267
wolfSSL	16:8e0d178b1d1e	19268	/* Decode the private key - RSA/ECC/Ed25519/Ed448 - and creates a key object.
wolfSSL	15:117db924cf7c	19269	* The signature type is set as well.
wolfSSL	15:117db924cf7c	19270	* The maximum length of a signature is returned.
wolfSSL	15:117db924cf7c	19271	*
wolfSSL	15:117db924cf7c	19272	* ssl The SSL/TLS object.
wolfSSL	15:117db924cf7c	19273	* length The length of a signature.
wolfSSL	15:117db924cf7c	19274	* returns 0 on success, otherwise failure.
wolfSSL	15:117db924cf7c	19275	*/
wolfSSL	15:117db924cf7c	19276	int DecodePrivateKey(WOLFSSL ssl, word16 length)
wolfSSL	15:117db924cf7c	19277	{
wolfSSL	15:117db924cf7c	19278	int ret = BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	19279	int keySz;
wolfSSL	15:117db924cf7c	19280	word32 idx;
wolfSSL	15:117db924cf7c	19281
wolfSSL	16:8e0d178b1d1e	19282	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	19283	/* allow no private key if using PK callbacks and CB is set */
wolfSSL	16:8e0d178b1d1e	19284	if (wolfSSL_IsPrivatePkSet(ssl)) {
wolfSSL	16:8e0d178b1d1e	19285	*length = GetPrivateKeySigSize(ssl);
wolfSSL	16:8e0d178b1d1e	19286	return 0;
wolfSSL	16:8e0d178b1d1e	19287	}
wolfSSL	16:8e0d178b1d1e	19288	else
wolfSSL	16:8e0d178b1d1e	19289	#endif
wolfSSL	16:8e0d178b1d1e	19290
wolfSSL	15:117db924cf7c	19291	/* make sure private key exists */
wolfSSL	15:117db924cf7c	19292	if (ssl->buffers.key == NULL \|\| ssl->buffers.key->buffer == NULL) {
wolfSSL	15:117db924cf7c	19293	WOLFSSL_MSG("Private key missing!");
wolfSSL	15:117db924cf7c	19294	ERROR_OUT(NO_PRIVATE_KEY, exit_dpk);
wolfSSL	15:117db924cf7c	19295	}
wolfSSL	15:117db924cf7c	19296
wolfSSL	16:8e0d178b1d1e	19297	#ifdef HAVE_PKCS11
wolfSSL	16:8e0d178b1d1e	19298	if (ssl->buffers.keyDevId != INVALID_DEVID && ssl->buffers.keyId) {
wolfSSL	16:8e0d178b1d1e	19299	if (ssl->buffers.keyType == rsa_sa_algo)
wolfSSL	16:8e0d178b1d1e	19300	ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL	16:8e0d178b1d1e	19301	else if (ssl->buffers.keyType == ecc_dsa_sa_algo)
wolfSSL	16:8e0d178b1d1e	19302	ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL	16:8e0d178b1d1e	19303	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19304	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	19305	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19306	}
wolfSSL	16:8e0d178b1d1e	19307
wolfSSL	16:8e0d178b1d1e	19308	if (ssl->buffers.keyType == rsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	19309	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	19310	ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	19311	ssl->buffers.key->buffer, ssl->buffers.key->length,
wolfSSL	16:8e0d178b1d1e	19312	ssl->heap, ssl->buffers.keyDevId);
wolfSSL	16:8e0d178b1d1e	19313	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19314	if (ssl->buffers.keySz < ssl->options.minRsaKeySz) {
wolfSSL	16:8e0d178b1d1e	19315	WOLFSSL_MSG("RSA key size too small");
wolfSSL	16:8e0d178b1d1e	19316	ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19317	}
wolfSSL	16:8e0d178b1d1e	19318
wolfSSL	16:8e0d178b1d1e	19319	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19320	*length = (word16)ssl->buffers.keySz;
wolfSSL	16:8e0d178b1d1e	19321	}
wolfSSL	16:8e0d178b1d1e	19322	#else
wolfSSL	16:8e0d178b1d1e	19323	ret = NOT_COMPILED_IN;
wolfSSL	16:8e0d178b1d1e	19324	#endif
wolfSSL	16:8e0d178b1d1e	19325	}
wolfSSL	16:8e0d178b1d1e	19326	else if (ssl->buffers.keyType == ecc_dsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	19327	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	19328	ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, ssl->buffers.key->buffer,
wolfSSL	16:8e0d178b1d1e	19329	ssl->buffers.key->length, ssl->heap,
wolfSSL	16:8e0d178b1d1e	19330	ssl->buffers.keyDevId);
wolfSSL	16:8e0d178b1d1e	19331	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19332	if (ssl->buffers.keySz < ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	19333	WOLFSSL_MSG("ECC key size too small");
wolfSSL	16:8e0d178b1d1e	19334	ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19335	}
wolfSSL	16:8e0d178b1d1e	19336
wolfSSL	16:8e0d178b1d1e	19337	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19338	*length = (word16)wc_ecc_sig_size_calc(ssl->buffers.keySz);
wolfSSL	16:8e0d178b1d1e	19339	}
wolfSSL	16:8e0d178b1d1e	19340	#else
wolfSSL	16:8e0d178b1d1e	19341	ret = NOT_COMPILED_IN;
wolfSSL	16:8e0d178b1d1e	19342	#endif
wolfSSL	16:8e0d178b1d1e	19343	}
wolfSSL	15:117db924cf7c	19344	goto exit_dpk;
wolfSSL	15:117db924cf7c	19345	}
wolfSSL	16:8e0d178b1d1e	19346	#endif
wolfSSL	16:8e0d178b1d1e	19347
wolfSSL	16:8e0d178b1d1e	19348	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	19349	if (ssl->buffers.keyType == rsa_sa_algo \|\| ssl->buffers.keyType == 0) {
wolfSSL	16:8e0d178b1d1e	19350	ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL	16:8e0d178b1d1e	19351	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19352	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	19353	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19354	}
wolfSSL	16:8e0d178b1d1e	19355
wolfSSL	16:8e0d178b1d1e	19356	WOLFSSL_MSG("Trying RSA private key");
wolfSSL	16:8e0d178b1d1e	19357
wolfSSL	16:8e0d178b1d1e	19358	/* Set start of data to beginning of buffer. */
wolfSSL	16:8e0d178b1d1e	19359	idx = 0;
wolfSSL	16:8e0d178b1d1e	19360	/* Decode the key assuming it is an RSA private key. */
wolfSSL	16:8e0d178b1d1e	19361	ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL	16:8e0d178b1d1e	19362	(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL	16:8e0d178b1d1e	19363	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19364	WOLFSSL_MSG("Using RSA private key");
wolfSSL	16:8e0d178b1d1e	19365
wolfSSL	16:8e0d178b1d1e	19366	/* It worked so check it meets minimum key size requirements. */
wolfSSL	16:8e0d178b1d1e	19367	keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19368	if (keySz < 0) { /* check if keySz has error case */
wolfSSL	16:8e0d178b1d1e	19369	ERROR_OUT(keySz, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19370	}
wolfSSL	16:8e0d178b1d1e	19371
wolfSSL	16:8e0d178b1d1e	19372	if (keySz < ssl->options.minRsaKeySz) {
wolfSSL	16:8e0d178b1d1e	19373	WOLFSSL_MSG("RSA key size too small");
wolfSSL	16:8e0d178b1d1e	19374	ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19375	}
wolfSSL	16:8e0d178b1d1e	19376
wolfSSL	16:8e0d178b1d1e	19377	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19378	*length = (word16)keySz;
wolfSSL	16:8e0d178b1d1e	19379
wolfSSL	16:8e0d178b1d1e	19380	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19381	}
wolfSSL	15:117db924cf7c	19382	}
wolfSSL	15:117db924cf7c	19383	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	19384
wolfSSL	15:117db924cf7c	19385	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	19386	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	19387	FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL	15:117db924cf7c	19388	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	19389
wolfSSL	16:8e0d178b1d1e	19390	if (ssl->buffers.keyType == ecc_dsa_sa_algo \|\| ssl->buffers.keyType == 0) {
wolfSSL	16:8e0d178b1d1e	19391	ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL	16:8e0d178b1d1e	19392	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19393	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	19394	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19395	}
wolfSSL	16:8e0d178b1d1e	19396
wolfSSL	16:8e0d178b1d1e	19397	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	19398	WOLFSSL_MSG("Trying ECC private key, RSA didn't work");
wolfSSL	16:8e0d178b1d1e	19399	#else
wolfSSL	16:8e0d178b1d1e	19400	WOLFSSL_MSG("Trying ECC private key");
wolfSSL	16:8e0d178b1d1e	19401	#endif
wolfSSL	16:8e0d178b1d1e	19402
wolfSSL	16:8e0d178b1d1e	19403	/* Set start of data to beginning of buffer. */
wolfSSL	16:8e0d178b1d1e	19404	idx = 0;
wolfSSL	16:8e0d178b1d1e	19405	/* Decode the key assuming it is an ECC private key. */
wolfSSL	16:8e0d178b1d1e	19406	ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL	16:8e0d178b1d1e	19407	(ecc_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	19408	ssl->buffers.key->length);
wolfSSL	16:8e0d178b1d1e	19409	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19410	WOLFSSL_MSG("Using ECC private key");
wolfSSL	16:8e0d178b1d1e	19411
wolfSSL	16:8e0d178b1d1e	19412	/* Check it meets the minimum ECC key size requirements. */
wolfSSL	16:8e0d178b1d1e	19413	keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19414	if (keySz < ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	19415	WOLFSSL_MSG("ECC key size too small");
wolfSSL	16:8e0d178b1d1e	19416	ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19417	}
wolfSSL	16:8e0d178b1d1e	19418
wolfSSL	16:8e0d178b1d1e	19419	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19420	length = (word16)wc_ecc_sig_size((ecc_key)ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19421
wolfSSL	16:8e0d178b1d1e	19422	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19423	}
wolfSSL	15:117db924cf7c	19424	}
wolfSSL	15:117db924cf7c	19425	#endif
wolfSSL	15:117db924cf7c	19426	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	19427	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	19428	FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL	15:117db924cf7c	19429	#endif
wolfSSL	15:117db924cf7c	19430
wolfSSL	16:8e0d178b1d1e	19431	if (ssl->buffers.keyType == ed25519_sa_algo \|\| ssl->buffers.keyType == 0) {
wolfSSL	16:8e0d178b1d1e	19432	ssl->hsType = DYNAMIC_TYPE_ED25519;
wolfSSL	16:8e0d178b1d1e	19433	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19434	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	19435	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19436	}
wolfSSL	16:8e0d178b1d1e	19437
wolfSSL	16:8e0d178b1d1e	19438	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	19439	WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work");
wolfSSL	16:8e0d178b1d1e	19440	#elif !defined(NO_RSA)
wolfSSL	16:8e0d178b1d1e	19441	WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work");
wolfSSL	16:8e0d178b1d1e	19442	#else
wolfSSL	16:8e0d178b1d1e	19443	WOLFSSL_MSG("Trying ED25519 private key");
wolfSSL	16:8e0d178b1d1e	19444	#endif
wolfSSL	16:8e0d178b1d1e	19445
wolfSSL	16:8e0d178b1d1e	19446	/* Set start of data to beginning of buffer. */
wolfSSL	16:8e0d178b1d1e	19447	idx = 0;
wolfSSL	16:8e0d178b1d1e	19448	/* Decode the key assuming it is an ED25519 private key. */
wolfSSL	16:8e0d178b1d1e	19449	ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL	16:8e0d178b1d1e	19450	(ed25519_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	19451	ssl->buffers.key->length);
wolfSSL	16:8e0d178b1d1e	19452	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19453	WOLFSSL_MSG("Using ED25519 private key");
wolfSSL	16:8e0d178b1d1e	19454
wolfSSL	16:8e0d178b1d1e	19455	/* Check it meets the minimum ECC key size requirements. */
wolfSSL	16:8e0d178b1d1e	19456	if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	19457	WOLFSSL_MSG("ED25519 key size too small");
wolfSSL	16:8e0d178b1d1e	19458	ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19459	}
wolfSSL	16:8e0d178b1d1e	19460
wolfSSL	16:8e0d178b1d1e	19461	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19462	*length = ED25519_SIG_SIZE;
wolfSSL	16:8e0d178b1d1e	19463
wolfSSL	16:8e0d178b1d1e	19464	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19465	}
wolfSSL	15:117db924cf7c	19466	}
wolfSSL	15:117db924cf7c	19467	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	19468	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	19469	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	19470	FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19471	#endif
wolfSSL	16:8e0d178b1d1e	19472
wolfSSL	16:8e0d178b1d1e	19473	if (ssl->buffers.keyType == ed448_sa_algo \|\| ssl->buffers.keyType == 0) {
wolfSSL	16:8e0d178b1d1e	19474	ssl->hsType = DYNAMIC_TYPE_ED448;
wolfSSL	16:8e0d178b1d1e	19475	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	19476	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	19477	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19478	}
wolfSSL	16:8e0d178b1d1e	19479
wolfSSL	16:8e0d178b1d1e	19480	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	19481	WOLFSSL_MSG("Trying ED448 private key, ED25519 didn't work");
wolfSSL	16:8e0d178b1d1e	19482	#elif defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	19483	WOLFSSL_MSG("Trying ED448 private key, ECC didn't work");
wolfSSL	16:8e0d178b1d1e	19484	#elif !defined(NO_RSA)
wolfSSL	16:8e0d178b1d1e	19485	WOLFSSL_MSG("Trying ED448 private key, RSA didn't work");
wolfSSL	16:8e0d178b1d1e	19486	#else
wolfSSL	16:8e0d178b1d1e	19487	WOLFSSL_MSG("Trying ED447 private key");
wolfSSL	16:8e0d178b1d1e	19488	#endif
wolfSSL	16:8e0d178b1d1e	19489
wolfSSL	16:8e0d178b1d1e	19490	/* Set start of data to beginning of buffer. */
wolfSSL	16:8e0d178b1d1e	19491	idx = 0;
wolfSSL	16:8e0d178b1d1e	19492	/* Decode the key assuming it is an ED448 private key. */
wolfSSL	16:8e0d178b1d1e	19493	ret = wc_Ed448PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
wolfSSL	16:8e0d178b1d1e	19494	(ed448_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	19495	ssl->buffers.key->length);
wolfSSL	16:8e0d178b1d1e	19496	if (ret == 0) {
wolfSSL	16:8e0d178b1d1e	19497	WOLFSSL_MSG("Using ED448 private key");
wolfSSL	16:8e0d178b1d1e	19498
wolfSSL	16:8e0d178b1d1e	19499	/* Check it meets the minimum ECC key size requirements. */
wolfSSL	16:8e0d178b1d1e	19500	if (ED448_KEY_SIZE < ssl->options.minEccKeySz) {
wolfSSL	16:8e0d178b1d1e	19501	WOLFSSL_MSG("ED448 key size too small");
wolfSSL	16:8e0d178b1d1e	19502	ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk);
wolfSSL	16:8e0d178b1d1e	19503	}
wolfSSL	16:8e0d178b1d1e	19504
wolfSSL	16:8e0d178b1d1e	19505	/* Return the maximum signature length. */
wolfSSL	16:8e0d178b1d1e	19506	*length = ED448_SIG_SIZE;
wolfSSL	16:8e0d178b1d1e	19507
wolfSSL	16:8e0d178b1d1e	19508	goto exit_dpk;
wolfSSL	16:8e0d178b1d1e	19509	}
wolfSSL	16:8e0d178b1d1e	19510	}
wolfSSL	16:8e0d178b1d1e	19511	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	19512
wolfSSL	15:117db924cf7c	19513	(void)idx;
wolfSSL	15:117db924cf7c	19514	(void)keySz;
wolfSSL	15:117db924cf7c	19515	(void)length;
wolfSSL	15:117db924cf7c	19516	exit_dpk:
wolfSSL	15:117db924cf7c	19517	return ret;
wolfSSL	15:117db924cf7c	19518	}
wolfSSL	15:117db924cf7c	19519
wolfSSL	15:117db924cf7c	19520	#endif /* WOLFSSL_TLS13 \|\| !NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	19521
wolfSSL	15:117db924cf7c	19522	/* client only parts */
wolfSSL	15:117db924cf7c	19523	#ifndef NO_WOLFSSL_CLIENT
wolfSSL	15:117db924cf7c	19524
wolfSSL	15:117db924cf7c	19525	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	19526
wolfSSL	15:117db924cf7c	19527	/* handle generation of client_hello (1) */
wolfSSL	15:117db924cf7c	19528	int SendClientHello(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	19529	{
wolfSSL	15:117db924cf7c	19530	byte *output;
wolfSSL	15:117db924cf7c	19531	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	19532	int sendSz;
wolfSSL	15:117db924cf7c	19533	int idSz = ssl->options.resuming
wolfSSL	15:117db924cf7c	19534	? ssl->session.sessionIDSz
wolfSSL	15:117db924cf7c	19535	: 0;
wolfSSL	15:117db924cf7c	19536	int ret;
wolfSSL	15:117db924cf7c	19537	word16 extSz = 0;
wolfSSL	15:117db924cf7c	19538
wolfSSL	15:117db924cf7c	19539	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	19540	if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL	15:117db924cf7c	19541	return SendTls13ClientHello(ssl);
wolfSSL	15:117db924cf7c	19542	#endif
wolfSSL	15:117db924cf7c	19543
wolfSSL	15:117db924cf7c	19544	WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND);
wolfSSL	15:117db924cf7c	19545	WOLFSSL_ENTER("SendClientHello");
wolfSSL	15:117db924cf7c	19546
wolfSSL	15:117db924cf7c	19547	if (ssl->suites == NULL) {
wolfSSL	15:117db924cf7c	19548	WOLFSSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL	15:117db924cf7c	19549	return SUITES_ERROR;
wolfSSL	15:117db924cf7c	19550	}
wolfSSL	15:117db924cf7c	19551
wolfSSL	15:117db924cf7c	19552	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	19553	if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL	15:117db924cf7c	19554	SessionTicket* ticket;
wolfSSL	15:117db924cf7c	19555
wolfSSL	15:117db924cf7c	19556	ticket = TLSX_SessionTicket_Create(0, ssl->session.ticket,
wolfSSL	15:117db924cf7c	19557	ssl->session.ticketLen, ssl->heap);
wolfSSL	15:117db924cf7c	19558	if (ticket == NULL) return MEMORY_E;
wolfSSL	15:117db924cf7c	19559
wolfSSL	15:117db924cf7c	19560	ret = TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap);
wolfSSL	16:8e0d178b1d1e	19561	if (ret != WOLFSSL_SUCCESS) {
wolfSSL	16:8e0d178b1d1e	19562	TLSX_SessionTicket_Free(ticket, ssl->heap);
wolfSSL	16:8e0d178b1d1e	19563	return ret;
wolfSSL	16:8e0d178b1d1e	19564	}
wolfSSL	15:117db924cf7c	19565
wolfSSL	15:117db924cf7c	19566	idSz = 0;
wolfSSL	15:117db924cf7c	19567	}
wolfSSL	15:117db924cf7c	19568	#endif
wolfSSL	15:117db924cf7c	19569	length = VERSION_SZ + RAN_LEN
wolfSSL	15:117db924cf7c	19570	+ idSz + ENUM_LEN
wolfSSL	15:117db924cf7c	19571	+ ssl->suites->suiteSz + SUITE_LEN
wolfSSL	15:117db924cf7c	19572	+ COMP_LEN + ENUM_LEN;
wolfSSL	15:117db924cf7c	19573
wolfSSL	15:117db924cf7c	19574	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	19575	/* auto populate extensions supported unless user defined */
wolfSSL	15:117db924cf7c	19576	if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
wolfSSL	15:117db924cf7c	19577	return ret;
wolfSSL	15:117db924cf7c	19578	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	19579	if (QSH_Init(ssl) != 0)
wolfSSL	15:117db924cf7c	19580	return MEMORY_E;
wolfSSL	15:117db924cf7c	19581	#endif
wolfSSL	15:117db924cf7c	19582	extSz = 0;
wolfSSL	15:117db924cf7c	19583	ret = TLSX_GetRequestSize(ssl, client_hello, &extSz);
wolfSSL	15:117db924cf7c	19584	if (ret != 0)
wolfSSL	15:117db924cf7c	19585	return ret;
wolfSSL	15:117db924cf7c	19586	length += extSz;
wolfSSL	15:117db924cf7c	19587	#else
wolfSSL	15:117db924cf7c	19588	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	15:117db924cf7c	19589	extSz += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL	15:117db924cf7c	19590	+ ssl->suites->hashSigAlgoSz;
wolfSSL	15:117db924cf7c	19591	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	19592	if (ssl->options.haveEMS)
wolfSSL	15:117db924cf7c	19593	extSz += HELLO_EXT_SZ;
wolfSSL	15:117db924cf7c	19594	#endif
wolfSSL	15:117db924cf7c	19595	if (extSz != 0)
wolfSSL	15:117db924cf7c	19596	length += extSz + HELLO_EXT_SZ_SZ;
wolfSSL	15:117db924cf7c	19597	#endif
wolfSSL	15:117db924cf7c	19598	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	19599
wolfSSL	15:117db924cf7c	19600	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	19601	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	19602	length += ENUM_LEN; /* cookie */
wolfSSL	15:117db924cf7c	19603	if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL	15:117db924cf7c	19604	sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	19605	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	19606	}
wolfSSL	15:117db924cf7c	19607	#endif
wolfSSL	15:117db924cf7c	19608
wolfSSL	15:117db924cf7c	19609	if (IsEncryptionOn(ssl, 1))
wolfSSL	15:117db924cf7c	19610	sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	19611
wolfSSL	15:117db924cf7c	19612	/* check for available size */
wolfSSL	15:117db924cf7c	19613	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	19614	return ret;
wolfSSL	15:117db924cf7c	19615
wolfSSL	15:117db924cf7c	19616	/* get output buffer */
wolfSSL	15:117db924cf7c	19617	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	19618	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	19619
wolfSSL	15:117db924cf7c	19620	AddHeaders(output, length, client_hello, ssl);
wolfSSL	15:117db924cf7c	19621
wolfSSL	15:117db924cf7c	19622	/* client hello, first version */
wolfSSL	15:117db924cf7c	19623	output[idx++] = ssl->version.major;
wolfSSL	15:117db924cf7c	19624	output[idx++] = ssl->version.minor;
wolfSSL	15:117db924cf7c	19625	ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL	15:117db924cf7c	19626
wolfSSL	15:117db924cf7c	19627	/* then random */
wolfSSL	15:117db924cf7c	19628	if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL	15:117db924cf7c	19629	ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL	15:117db924cf7c	19630	if (ret != 0)
wolfSSL	15:117db924cf7c	19631	return ret;
wolfSSL	15:117db924cf7c	19632
wolfSSL	15:117db924cf7c	19633	/* store random */
wolfSSL	15:117db924cf7c	19634	XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL	15:117db924cf7c	19635	} else {
wolfSSL	15:117db924cf7c	19636	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	19637	/* send same random on hello again */
wolfSSL	15:117db924cf7c	19638	XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	19639	#endif
wolfSSL	15:117db924cf7c	19640	}
wolfSSL	15:117db924cf7c	19641	idx += RAN_LEN;
wolfSSL	15:117db924cf7c	19642
wolfSSL	15:117db924cf7c	19643	/* then session id */
wolfSSL	15:117db924cf7c	19644	output[idx++] = (byte)idSz;
wolfSSL	15:117db924cf7c	19645	if (idSz) {
wolfSSL	15:117db924cf7c	19646	XMEMCPY(output + idx, ssl->session.sessionID,
wolfSSL	15:117db924cf7c	19647	ssl->session.sessionIDSz);
wolfSSL	15:117db924cf7c	19648	idx += ssl->session.sessionIDSz;
wolfSSL	15:117db924cf7c	19649	}
wolfSSL	15:117db924cf7c	19650
wolfSSL	15:117db924cf7c	19651	/* then DTLS cookie */
wolfSSL	15:117db924cf7c	19652	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	19653	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	19654	byte cookieSz = ssl->arrays->cookieSz;
wolfSSL	15:117db924cf7c	19655
wolfSSL	15:117db924cf7c	19656	output[idx++] = cookieSz;
wolfSSL	15:117db924cf7c	19657	if (cookieSz) {
wolfSSL	15:117db924cf7c	19658	XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL	15:117db924cf7c	19659	idx += cookieSz;
wolfSSL	15:117db924cf7c	19660	}
wolfSSL	15:117db924cf7c	19661	}
wolfSSL	15:117db924cf7c	19662	#endif
wolfSSL	15:117db924cf7c	19663	/* then cipher suites */
wolfSSL	15:117db924cf7c	19664	c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL	15:117db924cf7c	19665	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	19666	XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL	15:117db924cf7c	19667	idx += ssl->suites->suiteSz;
wolfSSL	15:117db924cf7c	19668
wolfSSL	15:117db924cf7c	19669	/* last, compression */
wolfSSL	15:117db924cf7c	19670	output[idx++] = COMP_LEN;
wolfSSL	15:117db924cf7c	19671	if (ssl->options.usingCompression)
wolfSSL	15:117db924cf7c	19672	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	15:117db924cf7c	19673	else
wolfSSL	15:117db924cf7c	19674	output[idx++] = NO_COMPRESSION;
wolfSSL	15:117db924cf7c	19675
wolfSSL	15:117db924cf7c	19676	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	19677	extSz = 0;
wolfSSL	15:117db924cf7c	19678	ret = TLSX_WriteRequest(ssl, output + idx, client_hello, &extSz);
wolfSSL	15:117db924cf7c	19679	if (ret != 0)
wolfSSL	15:117db924cf7c	19680	return ret;
wolfSSL	15:117db924cf7c	19681	idx += extSz;
wolfSSL	15:117db924cf7c	19682
wolfSSL	15:117db924cf7c	19683	(void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL	15:117db924cf7c	19684	#else
wolfSSL	15:117db924cf7c	19685	if (extSz != 0) {
wolfSSL	15:117db924cf7c	19686	c16toa(extSz, output + idx);
wolfSSL	15:117db924cf7c	19687	idx += HELLO_EXT_SZ_SZ;
wolfSSL	15:117db924cf7c	19688
wolfSSL	15:117db924cf7c	19689	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	19690	if (ssl->suites->hashSigAlgoSz) {
wolfSSL	16:8e0d178b1d1e	19691	word16 i;
wolfSSL	15:117db924cf7c	19692	/* extension type */
wolfSSL	15:117db924cf7c	19693	c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL	15:117db924cf7c	19694	idx += HELLO_EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	19695	/* extension data length */
wolfSSL	15:117db924cf7c	19696	c16toa(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz,
wolfSSL	15:117db924cf7c	19697	output + idx);
wolfSSL	15:117db924cf7c	19698	idx += HELLO_EXT_SZ_SZ;
wolfSSL	15:117db924cf7c	19699	/* sig algos length */
wolfSSL	15:117db924cf7c	19700	c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL	15:117db924cf7c	19701	idx += HELLO_EXT_SIGALGO_SZ;
wolfSSL	16:8e0d178b1d1e	19702	for (i=0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL	15:117db924cf7c	19703	output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL	15:117db924cf7c	19704	}
wolfSSL	15:117db924cf7c	19705	}
wolfSSL	15:117db924cf7c	19706	}
wolfSSL	15:117db924cf7c	19707	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	19708	if (ssl->options.haveEMS) {
wolfSSL	15:117db924cf7c	19709	c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL	15:117db924cf7c	19710	idx += HELLO_EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	19711	c16toa(0, output + idx);
wolfSSL	15:117db924cf7c	19712	idx += HELLO_EXT_SZ_SZ;
wolfSSL	15:117db924cf7c	19713	}
wolfSSL	15:117db924cf7c	19714	#endif
wolfSSL	15:117db924cf7c	19715	}
wolfSSL	15:117db924cf7c	19716	#endif
wolfSSL	15:117db924cf7c	19717
wolfSSL	15:117db924cf7c	19718	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	19719	byte* input;
wolfSSL	15:117db924cf7c	19720	int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	15:117db924cf7c	19721
wolfSSL	15:117db924cf7c	19722	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	19723	if (input == NULL)
wolfSSL	15:117db924cf7c	19724	return MEMORY_E;
wolfSSL	15:117db924cf7c	19725
wolfSSL	15:117db924cf7c	19726	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	15:117db924cf7c	19727	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	15:117db924cf7c	19728	handshake, 1, 0, 0);
wolfSSL	15:117db924cf7c	19729	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	19730
wolfSSL	15:117db924cf7c	19731	if (sendSz < 0)
wolfSSL	15:117db924cf7c	19732	return sendSz;
wolfSSL	15:117db924cf7c	19733	} else {
wolfSSL	15:117db924cf7c	19734	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	19735	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	19736	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	19737	return ret;
wolfSSL	16:8e0d178b1d1e	19738	}
wolfSSL	15:117db924cf7c	19739	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	19740	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	19741	#endif
wolfSSL	15:117db924cf7c	19742	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	15:117db924cf7c	19743	if (ret != 0)
wolfSSL	15:117db924cf7c	19744	return ret;
wolfSSL	15:117db924cf7c	19745	}
wolfSSL	15:117db924cf7c	19746
wolfSSL	15:117db924cf7c	19747	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	15:117db924cf7c	19748	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	19749	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	16:8e0d178b1d1e	19750	if (ssl->CBIS != NULL)
wolfSSL	16:8e0d178b1d1e	19751	ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	19752	#endif
wolfSSL	15:117db924cf7c	19753
wolfSSL	15:117db924cf7c	19754	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	19755	if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
wolfSSL	15:117db924cf7c	19756	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	19757	AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	19758	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	19759	#endif
wolfSSL	15:117db924cf7c	19760
wolfSSL	15:117db924cf7c	19761	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	19762
wolfSSL	15:117db924cf7c	19763	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	19764
wolfSSL	15:117db924cf7c	19765	WOLFSSL_LEAVE("SendClientHello", ret);
wolfSSL	15:117db924cf7c	19766	WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND);
wolfSSL	15:117db924cf7c	19767
wolfSSL	15:117db924cf7c	19768	return ret;
wolfSSL	15:117db924cf7c	19769	}
wolfSSL	15:117db924cf7c	19770
wolfSSL	15:117db924cf7c	19771
wolfSSL	15:117db924cf7c	19772	/* handle processing of DTLS hello_verify_request (3) */
wolfSSL	15:117db924cf7c	19773	static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	19774	word32* inOutIdx, word32 size)
wolfSSL	15:117db924cf7c	19775	{
wolfSSL	15:117db924cf7c	19776	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	19777	byte cookieSz;
wolfSSL	15:117db924cf7c	19778	word32 begin = *inOutIdx;
wolfSSL	15:117db924cf7c	19779
wolfSSL	15:117db924cf7c	19780	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	19781	if (ssl->hsInfoOn) AddPacketName(ssl, "HelloVerifyRequest");
wolfSSL	15:117db924cf7c	19782	if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	19783	#endif
wolfSSL	15:117db924cf7c	19784
wolfSSL	15:117db924cf7c	19785	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	19786	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	19787	DtlsMsgPoolReset(ssl);
wolfSSL	15:117db924cf7c	19788	}
wolfSSL	15:117db924cf7c	19789	#endif
wolfSSL	15:117db924cf7c	19790
wolfSSL	16:8e0d178b1d1e	19791	if (OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL	15:117db924cf7c	19792	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	19793
wolfSSL	15:117db924cf7c	19794	XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	19795	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	19796
wolfSSL	15:117db924cf7c	19797	if (pv.major != DTLS_MAJOR \|\|
wolfSSL	15:117db924cf7c	19798	(pv.minor != DTLS_MINOR && pv.minor != DTLSv1_2_MINOR))
wolfSSL	15:117db924cf7c	19799	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19800
wolfSSL	15:117db924cf7c	19801	cookieSz = input[(*inOutIdx)++];
wolfSSL	15:117db924cf7c	19802
wolfSSL	15:117db924cf7c	19803	if (cookieSz) {
wolfSSL	15:117db924cf7c	19804	if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL	15:117db924cf7c	19805	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	19806
wolfSSL	15:117db924cf7c	19807	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	19808	if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL	15:117db924cf7c	19809	XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL	15:117db924cf7c	19810	ssl->arrays->cookieSz = cookieSz;
wolfSSL	15:117db924cf7c	19811	}
wolfSSL	15:117db924cf7c	19812	#endif
wolfSSL	15:117db924cf7c	19813	*inOutIdx += cookieSz;
wolfSSL	15:117db924cf7c	19814	}
wolfSSL	15:117db924cf7c	19815
wolfSSL	15:117db924cf7c	19816	ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	15:117db924cf7c	19817	return 0;
wolfSSL	15:117db924cf7c	19818	}
wolfSSL	15:117db924cf7c	19819
wolfSSL	15:117db924cf7c	19820
wolfSSL	15:117db924cf7c	19821	static WC_INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	19822	{
wolfSSL	15:117db924cf7c	19823	int ret = 0;
wolfSSL	15:117db924cf7c	19824
wolfSSL	15:117db924cf7c	19825	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	15:117db924cf7c	19826	/* If a session secret callback exists, we are using that
wolfSSL	15:117db924cf7c	19827	* key instead of the saved session key. */
wolfSSL	15:117db924cf7c	19828	ret = ret \|\| (ssl->sessionSecretCb != NULL);
wolfSSL	15:117db924cf7c	19829	#endif
wolfSSL	15:117db924cf7c	19830
wolfSSL	15:117db924cf7c	19831	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	19832	/* server may send blank ticket which may not be expected to indicate
wolfSSL	15:117db924cf7c	19833	* existing one ok but will also be sending a new one */
wolfSSL	15:117db924cf7c	19834	ret = ret \|\| (ssl->session.ticketLen > 0);
wolfSSL	15:117db924cf7c	19835	#endif
wolfSSL	15:117db924cf7c	19836
wolfSSL	15:117db924cf7c	19837	ret = ret \|\|
wolfSSL	15:117db924cf7c	19838	(ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL	15:117db924cf7c	19839	ssl->session.sessionID, ID_LEN) == 0);
wolfSSL	15:117db924cf7c	19840
wolfSSL	15:117db924cf7c	19841	return ret;
wolfSSL	15:117db924cf7c	19842	}
wolfSSL	15:117db924cf7c	19843
wolfSSL	15:117db924cf7c	19844	/* Check the version in the received message is valid and set protocol
wolfSSL	15:117db924cf7c	19845	* version to use.
wolfSSL	15:117db924cf7c	19846	*
wolfSSL	15:117db924cf7c	19847	* ssl The SSL/TLS object.
wolfSSL	15:117db924cf7c	19848	* pv The protocol version from the packet.
wolfSSL	15:117db924cf7c	19849	* returns 0 on success, otherwise failure.
wolfSSL	15:117db924cf7c	19850	*/
wolfSSL	15:117db924cf7c	19851	int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv)
wolfSSL	15:117db924cf7c	19852	{
wolfSSL	16:8e0d178b1d1e	19853	#ifdef WOLFSSL_TLS13_DRAFT
wolfSSL	15:117db924cf7c	19854	if (pv.major == TLS_DRAFT_MAJOR) {
wolfSSL	15:117db924cf7c	19855	pv.major = SSLv3_MAJOR;
wolfSSL	15:117db924cf7c	19856	pv.minor = TLSv1_3_MINOR;
wolfSSL	15:117db924cf7c	19857	}
wolfSSL	15:117db924cf7c	19858	#endif
wolfSSL	15:117db924cf7c	19859
wolfSSL	15:117db924cf7c	19860	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	19861	if (ssl->CBIS != NULL) {
wolfSSL	15:117db924cf7c	19862	ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	19863	}
wolfSSL	15:117db924cf7c	19864	#endif
wolfSSL	15:117db924cf7c	19865
wolfSSL	15:117db924cf7c	19866	if (pv.minor > ssl->version.minor) {
wolfSSL	15:117db924cf7c	19867	WOLFSSL_MSG("Server using higher version, fatal error");
wolfSSL	15:117db924cf7c	19868	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19869	}
wolfSSL	15:117db924cf7c	19870	if (pv.minor < ssl->version.minor) {
wolfSSL	15:117db924cf7c	19871	WOLFSSL_MSG("server using lower version");
wolfSSL	15:117db924cf7c	19872
wolfSSL	15:117db924cf7c	19873	/* Check for downgrade attack. */
wolfSSL	15:117db924cf7c	19874	if (!ssl->options.downgrade) {
wolfSSL	15:117db924cf7c	19875	WOLFSSL_MSG("\tno downgrade allowed, fatal error");
wolfSSL	15:117db924cf7c	19876	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19877	}
wolfSSL	15:117db924cf7c	19878	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	15:117db924cf7c	19879	WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL	15:117db924cf7c	19880	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19881	}
wolfSSL	15:117db924cf7c	19882
wolfSSL	15:117db924cf7c	19883	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	19884	if (ssl->secure_renegotiation &&
wolfSSL	15:117db924cf7c	19885	ssl->secure_renegotiation->enabled &&
wolfSSL	15:117db924cf7c	19886	ssl->options.handShakeDone) {
wolfSSL	15:117db924cf7c	19887	WOLFSSL_MSG("Server changed version during scr");
wolfSSL	15:117db924cf7c	19888	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19889	}
wolfSSL	15:117db924cf7c	19890	#endif
wolfSSL	15:117db924cf7c	19891
wolfSSL	15:117db924cf7c	19892	/* Checks made - OK to downgrade. */
wolfSSL	15:117db924cf7c	19893	if (pv.minor == SSLv3_MINOR) {
wolfSSL	15:117db924cf7c	19894	/* turn off tls */
wolfSSL	15:117db924cf7c	19895	WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL	15:117db924cf7c	19896	ssl->options.tls = 0;
wolfSSL	15:117db924cf7c	19897	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	19898	ssl->version.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	19899	}
wolfSSL	15:117db924cf7c	19900	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	15:117db924cf7c	19901	/* turn off tls 1.1+ */
wolfSSL	15:117db924cf7c	19902	WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL	15:117db924cf7c	19903	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	19904	ssl->version.minor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	19905	}
wolfSSL	15:117db924cf7c	19906	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	15:117db924cf7c	19907	WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL	15:117db924cf7c	19908	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	15:117db924cf7c	19909	}
wolfSSL	15:117db924cf7c	19910	else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL	15:117db924cf7c	19911	WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL	15:117db924cf7c	19912	ssl->version.minor = TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	19913	}
wolfSSL	15:117db924cf7c	19914	}
wolfSSL	15:117db924cf7c	19915
wolfSSL	15:117db924cf7c	19916	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	19917	/* check if option is set to not allow the current version
wolfSSL	15:117db924cf7c	19918	* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
wolfSSL	15:117db924cf7c	19919	if (!ssl->options.dtls && ssl->options.downgrade &&
wolfSSL	15:117db924cf7c	19920	ssl->options.mask > 0) {
wolfSSL	15:117db924cf7c	19921	if (ssl->version.minor == TLSv1_2_MINOR &&
wolfSSL	15:117db924cf7c	19922	(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL	15:117db924cf7c	19923	WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
wolfSSL	15:117db924cf7c	19924	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	15:117db924cf7c	19925	}
wolfSSL	15:117db924cf7c	19926	if (ssl->version.minor == TLSv1_1_MINOR &&
wolfSSL	15:117db924cf7c	19927	(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL	15:117db924cf7c	19928	WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
wolfSSL	15:117db924cf7c	19929	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	19930	ssl->version.minor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	19931	}
wolfSSL	15:117db924cf7c	19932	if (ssl->version.minor == TLSv1_MINOR &&
wolfSSL	15:117db924cf7c	19933	(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL	15:117db924cf7c	19934	WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
wolfSSL	15:117db924cf7c	19935	ssl->options.tls = 0;
wolfSSL	15:117db924cf7c	19936	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	19937	ssl->version.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	19938	}
wolfSSL	15:117db924cf7c	19939	if (ssl->version.minor == SSLv3_MINOR &&
wolfSSL	15:117db924cf7c	19940	(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL	15:117db924cf7c	19941	WOLFSSL_MSG("\tError, option set to not allow SSLv3");
wolfSSL	15:117db924cf7c	19942	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19943	}
wolfSSL	15:117db924cf7c	19944
wolfSSL	15:117db924cf7c	19945	if (ssl->version.minor < ssl->options.minDowngrade) {
wolfSSL	15:117db924cf7c	19946	WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL	15:117db924cf7c	19947	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	19948	}
wolfSSL	15:117db924cf7c	19949	}
wolfSSL	15:117db924cf7c	19950	#endif
wolfSSL	15:117db924cf7c	19951
wolfSSL	15:117db924cf7c	19952	return 0;
wolfSSL	15:117db924cf7c	19953	}
wolfSSL	15:117db924cf7c	19954
wolfSSL	15:117db924cf7c	19955	/* handle processing of server_hello (2) */
wolfSSL	15:117db924cf7c	19956	int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	19957	word32 helloSz)
wolfSSL	15:117db924cf7c	19958	{
wolfSSL	15:117db924cf7c	19959	byte cs0; /* cipher suite bytes 0, 1 */
wolfSSL	15:117db924cf7c	19960	byte cs1;
wolfSSL	15:117db924cf7c	19961	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	19962	byte compression;
wolfSSL	15:117db924cf7c	19963	word32 i = *inOutIdx;
wolfSSL	15:117db924cf7c	19964	word32 begin = i;
wolfSSL	15:117db924cf7c	19965	int ret;
wolfSSL	15:117db924cf7c	19966
wolfSSL	15:117db924cf7c	19967	WOLFSSL_START(WC_FUNC_SERVER_HELLO_DO);
wolfSSL	15:117db924cf7c	19968	WOLFSSL_ENTER("DoServerHello");
wolfSSL	15:117db924cf7c	19969
wolfSSL	15:117db924cf7c	19970	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	19971	if (ssl->hsInfoOn) AddPacketName(ssl, "ServerHello");
wolfSSL	15:117db924cf7c	19972	if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	19973	#endif
wolfSSL	15:117db924cf7c	19974
wolfSSL	15:117db924cf7c	19975	/* protocol version, random and session id length check */
wolfSSL	15:117db924cf7c	19976	if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	15:117db924cf7c	19977	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	19978
wolfSSL	15:117db924cf7c	19979	/* protocol version */
wolfSSL	15:117db924cf7c	19980	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	19981	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	19982
wolfSSL	15:117db924cf7c	19983	ret = CheckVersion(ssl, pv);
wolfSSL	15:117db924cf7c	19984	if (ret != 0)
wolfSSL	15:117db924cf7c	19985	return ret;
wolfSSL	15:117db924cf7c	19986
wolfSSL	15:117db924cf7c	19987	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	19988	if (IsAtLeastTLSv1_3(pv)) {
wolfSSL	15:117db924cf7c	19989	byte type = server_hello;
wolfSSL	15:117db924cf7c	19990	return DoTls13ServerHello(ssl, input, inOutIdx, helloSz, &type);
wolfSSL	15:117db924cf7c	19991	}
wolfSSL	15:117db924cf7c	19992	#endif
wolfSSL	15:117db924cf7c	19993
wolfSSL	15:117db924cf7c	19994	/* random */
wolfSSL	15:117db924cf7c	19995	XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL	15:117db924cf7c	19996	i += RAN_LEN;
wolfSSL	15:117db924cf7c	19997
wolfSSL	15:117db924cf7c	19998	/* session id */
wolfSSL	15:117db924cf7c	19999	ssl->arrays->sessionIDSz = input[i++];
wolfSSL	15:117db924cf7c	20000
wolfSSL	15:117db924cf7c	20001	if (ssl->arrays->sessionIDSz > ID_LEN) {
wolfSSL	15:117db924cf7c	20002	WOLFSSL_MSG("Invalid session ID size");
wolfSSL	15:117db924cf7c	20003	ssl->arrays->sessionIDSz = 0;
wolfSSL	15:117db924cf7c	20004	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20005	}
wolfSSL	15:117db924cf7c	20006	else if (ssl->arrays->sessionIDSz) {
wolfSSL	15:117db924cf7c	20007	if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
wolfSSL	15:117db924cf7c	20008	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20009
wolfSSL	15:117db924cf7c	20010	XMEMCPY(ssl->arrays->sessionID, input + i,
wolfSSL	15:117db924cf7c	20011	ssl->arrays->sessionIDSz);
wolfSSL	15:117db924cf7c	20012	i += ssl->arrays->sessionIDSz;
wolfSSL	15:117db924cf7c	20013	ssl->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	20014	}
wolfSSL	15:117db924cf7c	20015
wolfSSL	15:117db924cf7c	20016
wolfSSL	15:117db924cf7c	20017	/* suite and compression */
wolfSSL	15:117db924cf7c	20018	if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	15:117db924cf7c	20019	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20020
wolfSSL	15:117db924cf7c	20021	cs0 = input[i++];
wolfSSL	15:117db924cf7c	20022	cs1 = input[i++];
wolfSSL	15:117db924cf7c	20023
wolfSSL	15:117db924cf7c	20024	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	15:117db924cf7c	20025	if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL	15:117db924cf7c	20026	ssl->options.handShakeDone) {
wolfSSL	15:117db924cf7c	20027	if (ssl->options.cipherSuite0 != cs0 \|\|
wolfSSL	15:117db924cf7c	20028	ssl->options.cipherSuite != cs1) {
wolfSSL	15:117db924cf7c	20029	WOLFSSL_MSG("Server changed cipher suite during scr");
wolfSSL	15:117db924cf7c	20030	return MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	20031	}
wolfSSL	15:117db924cf7c	20032	}
wolfSSL	15:117db924cf7c	20033	#endif
wolfSSL	15:117db924cf7c	20034
wolfSSL	15:117db924cf7c	20035	ssl->options.cipherSuite0 = cs0;
wolfSSL	15:117db924cf7c	20036	ssl->options.cipherSuite = cs1;
wolfSSL	15:117db924cf7c	20037	compression = input[i++];
wolfSSL	15:117db924cf7c	20038
wolfSSL	16:8e0d178b1d1e	20039	#ifndef WOLFSSL_NO_STRICT_CIPHER_SUITE
wolfSSL	16:8e0d178b1d1e	20040	{
wolfSSL	16:8e0d178b1d1e	20041	word32 idx, found = 0;
wolfSSL	16:8e0d178b1d1e	20042	/* confirm server_hello cipher suite is one sent in client_hello */
wolfSSL	16:8e0d178b1d1e	20043	for (idx = 0; idx < ssl->suites->suiteSz; idx += 2) {
wolfSSL	16:8e0d178b1d1e	20044	if (ssl->suites->suites[idx] == cs0 &&
wolfSSL	16:8e0d178b1d1e	20045	ssl->suites->suites[idx+1] == cs1) {
wolfSSL	16:8e0d178b1d1e	20046	found = 1;
wolfSSL	16:8e0d178b1d1e	20047	break;
wolfSSL	16:8e0d178b1d1e	20048	}
wolfSSL	16:8e0d178b1d1e	20049	}
wolfSSL	16:8e0d178b1d1e	20050	if (!found) {
wolfSSL	16:8e0d178b1d1e	20051	WOLFSSL_MSG("ServerHello did not use cipher suite from ClientHello");
wolfSSL	16:8e0d178b1d1e	20052	return MATCH_SUITE_ERROR;
wolfSSL	16:8e0d178b1d1e	20053	}
wolfSSL	16:8e0d178b1d1e	20054	}
wolfSSL	16:8e0d178b1d1e	20055	#endif /* !WOLFSSL_NO_STRICT_CIPHER_SUITE */
wolfSSL	16:8e0d178b1d1e	20056
wolfSSL	15:117db924cf7c	20057	if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
wolfSSL	15:117db924cf7c	20058	WOLFSSL_MSG("Server forcing compression w/o support");
wolfSSL	15:117db924cf7c	20059	return COMPRESSION_ERROR;
wolfSSL	15:117db924cf7c	20060	}
wolfSSL	15:117db924cf7c	20061
wolfSSL	15:117db924cf7c	20062	if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL	15:117db924cf7c	20063	WOLFSSL_MSG("Server refused compression, turning off");
wolfSSL	15:117db924cf7c	20064	ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL	15:117db924cf7c	20065	}
wolfSSL	15:117db924cf7c	20066
wolfSSL	15:117db924cf7c	20067	*inOutIdx = i;
wolfSSL	15:117db924cf7c	20068
wolfSSL	15:117db924cf7c	20069	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	20070	if ( (i - begin) < helloSz) {
wolfSSL	15:117db924cf7c	20071	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	15:117db924cf7c	20072	word16 totalExtSz;
wolfSSL	15:117db924cf7c	20073
wolfSSL	15:117db924cf7c	20074	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	15:117db924cf7c	20075	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20076
wolfSSL	15:117db924cf7c	20077	ato16(&input[i], &totalExtSz);
wolfSSL	15:117db924cf7c	20078	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20079
wolfSSL	15:117db924cf7c	20080	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	15:117db924cf7c	20081	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20082
wolfSSL	16:8e0d178b1d1e	20083	if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz,
wolfSSL	16:8e0d178b1d1e	20084	server_hello, NULL)))
wolfSSL	15:117db924cf7c	20085	return ret;
wolfSSL	15:117db924cf7c	20086
wolfSSL	15:117db924cf7c	20087	i += totalExtSz;
wolfSSL	15:117db924cf7c	20088	*inOutIdx = i;
wolfSSL	15:117db924cf7c	20089	}
wolfSSL	15:117db924cf7c	20090	else
wolfSSL	15:117db924cf7c	20091	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	15:117db924cf7c	20092	}
wolfSSL	15:117db924cf7c	20093	else
wolfSSL	15:117db924cf7c	20094	ssl->options.haveEMS = 0; /* If no extensions, no EMS */
wolfSSL	15:117db924cf7c	20095	#else
wolfSSL	15:117db924cf7c	20096	{
wolfSSL	15:117db924cf7c	20097	int allowExt = 0;
wolfSSL	15:117db924cf7c	20098	byte pendingEMS = 0;
wolfSSL	15:117db924cf7c	20099
wolfSSL	15:117db924cf7c	20100	if ( (i - begin) < helloSz) {
wolfSSL	15:117db924cf7c	20101	if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL	15:117db924cf7c	20102	ssl->version.minor >= TLSv1_MINOR) {
wolfSSL	15:117db924cf7c	20103
wolfSSL	15:117db924cf7c	20104	allowExt = 1;
wolfSSL	15:117db924cf7c	20105	}
wolfSSL	15:117db924cf7c	20106	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	20107	if (ssl->version.major == DTLS_MAJOR)
wolfSSL	15:117db924cf7c	20108	allowExt = 1;
wolfSSL	15:117db924cf7c	20109	#endif
wolfSSL	15:117db924cf7c	20110
wolfSSL	15:117db924cf7c	20111	if (allowExt) {
wolfSSL	15:117db924cf7c	20112	word16 totalExtSz;
wolfSSL	15:117db924cf7c	20113
wolfSSL	15:117db924cf7c	20114	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	15:117db924cf7c	20115	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20116
wolfSSL	15:117db924cf7c	20117	ato16(&input[i], &totalExtSz);
wolfSSL	15:117db924cf7c	20118	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20119
wolfSSL	15:117db924cf7c	20120	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	15:117db924cf7c	20121	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20122
wolfSSL	15:117db924cf7c	20123	while (totalExtSz) {
wolfSSL	15:117db924cf7c	20124	word16 extId, extSz;
wolfSSL	15:117db924cf7c	20125
wolfSSL	15:117db924cf7c	20126	if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL	15:117db924cf7c	20127	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20128
wolfSSL	15:117db924cf7c	20129	ato16(&input[i], &extId);
wolfSSL	15:117db924cf7c	20130	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20131	ato16(&input[i], &extSz);
wolfSSL	15:117db924cf7c	20132	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20133
wolfSSL	15:117db924cf7c	20134	if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL	15:117db924cf7c	20135	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20136
wolfSSL	15:117db924cf7c	20137	if (extId == HELLO_EXT_EXTMS)
wolfSSL	15:117db924cf7c	20138	pendingEMS = 1;
wolfSSL	15:117db924cf7c	20139	else
wolfSSL	15:117db924cf7c	20140	i += extSz;
wolfSSL	15:117db924cf7c	20141
wolfSSL	15:117db924cf7c	20142	totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL	15:117db924cf7c	20143	}
wolfSSL	15:117db924cf7c	20144
wolfSSL	15:117db924cf7c	20145	*inOutIdx = i;
wolfSSL	15:117db924cf7c	20146	}
wolfSSL	15:117db924cf7c	20147	else
wolfSSL	15:117db924cf7c	20148	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	15:117db924cf7c	20149	}
wolfSSL	15:117db924cf7c	20150
wolfSSL	15:117db924cf7c	20151	if (!pendingEMS && ssl->options.haveEMS)
wolfSSL	15:117db924cf7c	20152	ssl->options.haveEMS = 0;
wolfSSL	15:117db924cf7c	20153	}
wolfSSL	15:117db924cf7c	20154	#endif
wolfSSL	15:117db924cf7c	20155
wolfSSL	15:117db924cf7c	20156	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	15:117db924cf7c	20157
wolfSSL	15:117db924cf7c	20158	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	20159	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	20160	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	20161	if (ssl->options.startedETMWrite &&
wolfSSL	16:8e0d178b1d1e	20162	ssl->specs.cipher_type == block) {
wolfSSL	16:8e0d178b1d1e	20163	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	20164	}
wolfSSL	16:8e0d178b1d1e	20165	#endif
wolfSSL	15:117db924cf7c	20166	}
wolfSSL	15:117db924cf7c	20167
wolfSSL	15:117db924cf7c	20168	#ifdef HAVE_SECRET_CALLBACK
wolfSSL	15:117db924cf7c	20169	if (ssl->sessionSecretCb != NULL) {
wolfSSL	15:117db924cf7c	20170	int secretSz = SECRET_LEN;
wolfSSL	15:117db924cf7c	20171	ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
wolfSSL	15:117db924cf7c	20172	&secretSz, ssl->sessionSecretCtx);
wolfSSL	15:117db924cf7c	20173	if (ret != 0 \|\| secretSz != SECRET_LEN)
wolfSSL	15:117db924cf7c	20174	return SESSION_SECRET_CB_E;
wolfSSL	15:117db924cf7c	20175	}
wolfSSL	15:117db924cf7c	20176	#endif /* HAVE_SECRET_CALLBACK */
wolfSSL	15:117db924cf7c	20177
wolfSSL	15:117db924cf7c	20178	ret = CompleteServerHello(ssl);
wolfSSL	15:117db924cf7c	20179
wolfSSL	15:117db924cf7c	20180	WOLFSSL_LEAVE("DoServerHello", ret);
wolfSSL	15:117db924cf7c	20181	WOLFSSL_END(WC_FUNC_SERVER_HELLO_DO);
wolfSSL	15:117db924cf7c	20182
wolfSSL	15:117db924cf7c	20183	return ret;
wolfSSL	15:117db924cf7c	20184	}
wolfSSL	15:117db924cf7c	20185
wolfSSL	16:8e0d178b1d1e	20186	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	20187	/* returns 1 if able to do TLS 1.3 otherwise 0 */
wolfSSL	16:8e0d178b1d1e	20188	static int TLSv1_3_Capable(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	20189	{
wolfSSL	16:8e0d178b1d1e	20190	#ifndef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	20191	return 0;
wolfSSL	16:8e0d178b1d1e	20192	#else
wolfSSL	16:8e0d178b1d1e	20193	int ret = 0;
wolfSSL	16:8e0d178b1d1e	20194
wolfSSL	16:8e0d178b1d1e	20195	if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {
wolfSSL	16:8e0d178b1d1e	20196	ret = 1;
wolfSSL	16:8e0d178b1d1e	20197	}
wolfSSL	16:8e0d178b1d1e	20198
wolfSSL	16:8e0d178b1d1e	20199	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	20200	if ((wolfSSL_get_options(ssl) & SSL_OP_NO_TLSv1_3)) {
wolfSSL	16:8e0d178b1d1e	20201	/* option set at run time to disable TLS 1.3 */
wolfSSL	16:8e0d178b1d1e	20202	ret = 0;
wolfSSL	16:8e0d178b1d1e	20203	}
wolfSSL	16:8e0d178b1d1e	20204	#endif
wolfSSL	16:8e0d178b1d1e	20205	return ret;
wolfSSL	16:8e0d178b1d1e	20206	#endif
wolfSSL	16:8e0d178b1d1e	20207	}
wolfSSL	16:8e0d178b1d1e	20208	#endif /* WOLFSSL_TLS13 */
wolfSSL	16:8e0d178b1d1e	20209
wolfSSL	15:117db924cf7c	20210	int CompleteServerHello(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	20211	{
wolfSSL	15:117db924cf7c	20212	int ret;
wolfSSL	15:117db924cf7c	20213
wolfSSL	15:117db924cf7c	20214	if (!ssl->options.resuming) {
wolfSSL	15:117db924cf7c	20215	byte* down = ssl->arrays->serverRandom + RAN_LEN -
wolfSSL	15:117db924cf7c	20216	TLS13_DOWNGRADE_SZ - 1;
wolfSSL	15:117db924cf7c	20217	byte vers = ssl->arrays->serverRandom[RAN_LEN - 1];
wolfSSL	15:117db924cf7c	20218	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	20219	if (TLSv1_3_Capable(ssl)) {
wolfSSL	15:117db924cf7c	20220	/* TLS v1.3 capable client not allowed to downgrade when
wolfSSL	15:117db924cf7c	20221	* connecting to TLS v1.3 capable server unless cipher suite
wolfSSL	15:117db924cf7c	20222	* demands it.
wolfSSL	15:117db924cf7c	20223	*/
wolfSSL	15:117db924cf7c	20224	if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
wolfSSL	15:117db924cf7c	20225	(vers == 0 \|\| vers == 1)) {
wolfSSL	15:117db924cf7c	20226	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	15:117db924cf7c	20227	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	20228	}
wolfSSL	15:117db924cf7c	20229	}
wolfSSL	15:117db924cf7c	20230	else
wolfSSL	15:117db924cf7c	20231	#endif
wolfSSL	15:117db924cf7c	20232	if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
wolfSSL	15:117db924cf7c	20233	ssl->ctx->method->version.minor == TLSv1_2_MINOR) {
wolfSSL	15:117db924cf7c	20234	/* TLS v1.2 capable client not allowed to downgrade when
wolfSSL	15:117db924cf7c	20235	* connecting to TLS v1.2 capable server.
wolfSSL	15:117db924cf7c	20236	*/
wolfSSL	15:117db924cf7c	20237	if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&
wolfSSL	15:117db924cf7c	20238	vers == 0) {
wolfSSL	15:117db924cf7c	20239	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	15:117db924cf7c	20240	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	20241	}
wolfSSL	15:117db924cf7c	20242	}
wolfSSL	15:117db924cf7c	20243	}
wolfSSL	15:117db924cf7c	20244	else {
wolfSSL	15:117db924cf7c	20245	if (DSH_CheckSessionId(ssl)) {
wolfSSL	15:117db924cf7c	20246	if (SetCipherSpecs(ssl) == 0) {
wolfSSL	15:117db924cf7c	20247
wolfSSL	15:117db924cf7c	20248	XMEMCPY(ssl->arrays->masterSecret,
wolfSSL	15:117db924cf7c	20249	ssl->session.masterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	20250	#ifdef NO_OLD_TLS
wolfSSL	15:117db924cf7c	20251	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	20252	#else
wolfSSL	15:117db924cf7c	20253	ret = -1; /* default value */
wolfSSL	15:117db924cf7c	20254	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	20255	if (ssl->options.tls)
wolfSSL	15:117db924cf7c	20256	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	20257	#endif
wolfSSL	15:117db924cf7c	20258	if (!ssl->options.tls)
wolfSSL	15:117db924cf7c	20259	ret = DeriveKeys(ssl);
wolfSSL	15:117db924cf7c	20260	#endif /* NO_OLD_TLS */
wolfSSL	15:117db924cf7c	20261	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	15:117db924cf7c	20262
wolfSSL	15:117db924cf7c	20263	return ret;
wolfSSL	15:117db924cf7c	20264	}
wolfSSL	15:117db924cf7c	20265	else {
wolfSSL	15:117db924cf7c	20266	WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL	15:117db924cf7c	20267	return UNSUPPORTED_SUITE;
wolfSSL	15:117db924cf7c	20268	}
wolfSSL	15:117db924cf7c	20269	}
wolfSSL	15:117db924cf7c	20270	else {
wolfSSL	15:117db924cf7c	20271	WOLFSSL_MSG("Server denied resumption attempt");
wolfSSL	15:117db924cf7c	20272	ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL	15:117db924cf7c	20273	}
wolfSSL	15:117db924cf7c	20274	}
wolfSSL	15:117db924cf7c	20275	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	20276	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	20277	DtlsMsgPoolReset(ssl);
wolfSSL	15:117db924cf7c	20278	}
wolfSSL	15:117db924cf7c	20279	#endif
wolfSSL	15:117db924cf7c	20280
wolfSSL	15:117db924cf7c	20281	return SetCipherSpecs(ssl);
wolfSSL	15:117db924cf7c	20282	}
wolfSSL	15:117db924cf7c	20283
wolfSSL	15:117db924cf7c	20284	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	20285
wolfSSL	15:117db924cf7c	20286
wolfSSL	15:117db924cf7c	20287	/* Make sure client setup is valid for this suite, true on success */
wolfSSL	15:117db924cf7c	20288	int VerifyClientSuite(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	20289	{
wolfSSL	15:117db924cf7c	20290	int havePSK = 0;
wolfSSL	15:117db924cf7c	20291	byte first = ssl->options.cipherSuite0;
wolfSSL	15:117db924cf7c	20292	byte second = ssl->options.cipherSuite;
wolfSSL	15:117db924cf7c	20293
wolfSSL	15:117db924cf7c	20294	WOLFSSL_ENTER("VerifyClientSuite");
wolfSSL	15:117db924cf7c	20295
wolfSSL	15:117db924cf7c	20296	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	20297	havePSK = ssl->options.havePSK;
wolfSSL	15:117db924cf7c	20298	#endif
wolfSSL	15:117db924cf7c	20299
wolfSSL	15:117db924cf7c	20300	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	15:117db924cf7c	20301	WOLFSSL_MSG("Requires PSK");
wolfSSL	15:117db924cf7c	20302	if (havePSK == 0) {
wolfSSL	15:117db924cf7c	20303	WOLFSSL_MSG("Don't have PSK");
wolfSSL	15:117db924cf7c	20304	return 0;
wolfSSL	15:117db924cf7c	20305	}
wolfSSL	15:117db924cf7c	20306	}
wolfSSL	15:117db924cf7c	20307
wolfSSL	15:117db924cf7c	20308	return 1; /* success */
wolfSSL	15:117db924cf7c	20309	}
wolfSSL	15:117db924cf7c	20310
wolfSSL	15:117db924cf7c	20311	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	20312
wolfSSL	15:117db924cf7c	20313	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	20314	/* handle processing of certificate_request (13) */
wolfSSL	15:117db924cf7c	20315	static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
wolfSSL	15:117db924cf7c	20316	inOutIdx, word32 size)
wolfSSL	15:117db924cf7c	20317	{
wolfSSL	15:117db924cf7c	20318	word16 len;
wolfSSL	15:117db924cf7c	20319	word32 begin = *inOutIdx;
wolfSSL	16:8e0d178b1d1e	20320	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	20321	int ret;
wolfSSL	16:8e0d178b1d1e	20322	WOLFSSL_X509* x509 = NULL;
wolfSSL	16:8e0d178b1d1e	20323	WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL	16:8e0d178b1d1e	20324	#endif
wolfSSL	15:117db924cf7c	20325
wolfSSL	15:117db924cf7c	20326	WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_DO);
wolfSSL	15:117db924cf7c	20327	WOLFSSL_ENTER("DoCertificateRequest");
wolfSSL	15:117db924cf7c	20328
wolfSSL	15:117db924cf7c	20329	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	20330	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	20331	AddPacketName(ssl, "CertificateRequest");
wolfSSL	15:117db924cf7c	20332	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	20333	AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	20334	#endif
wolfSSL	15:117db924cf7c	20335
wolfSSL	16:8e0d178b1d1e	20336	if (OPAQUE8_LEN > size)
wolfSSL	15:117db924cf7c	20337	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20338
wolfSSL	15:117db924cf7c	20339	len = input[(*inOutIdx)++];
wolfSSL	15:117db924cf7c	20340
wolfSSL	15:117db924cf7c	20341	if ((*inOutIdx - begin) + len > size)
wolfSSL	15:117db924cf7c	20342	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20343
wolfSSL	15:117db924cf7c	20344	/* types, read in here */
wolfSSL	15:117db924cf7c	20345	*inOutIdx += len;
wolfSSL	15:117db924cf7c	20346
wolfSSL	15:117db924cf7c	20347	/* signature and hash signature algorithm */
wolfSSL	15:117db924cf7c	20348	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	20349	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	15:117db924cf7c	20350	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20351
wolfSSL	15:117db924cf7c	20352	ato16(input + *inOutIdx, &len);
wolfSSL	15:117db924cf7c	20353	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20354
wolfSSL	15:117db924cf7c	20355	if ((*inOutIdx - begin) + len > size)
wolfSSL	15:117db924cf7c	20356	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20357
wolfSSL	16:8e0d178b1d1e	20358	if (PickHashSigAlgo(ssl, input + *inOutIdx, len) != 0 &&
wolfSSL	16:8e0d178b1d1e	20359	ssl->buffers.certificate &&
wolfSSL	16:8e0d178b1d1e	20360	ssl->buffers.certificate->buffer) {
wolfSSL	16:8e0d178b1d1e	20361	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	20362	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
wolfSSL	16:8e0d178b1d1e	20363	WOLFSSL_MSG("Using PK for client private key");
wolfSSL	16:8e0d178b1d1e	20364	return INVALID_PARAMETER;
wolfSSL	16:8e0d178b1d1e	20365	}
wolfSSL	16:8e0d178b1d1e	20366	#endif
wolfSSL	16:8e0d178b1d1e	20367	if (ssl->buffers.key && ssl->buffers.key->buffer) {
wolfSSL	16:8e0d178b1d1e	20368	return INVALID_PARAMETER;
wolfSSL	16:8e0d178b1d1e	20369	}
wolfSSL	16:8e0d178b1d1e	20370	}
wolfSSL	15:117db924cf7c	20371	*inOutIdx += len;
wolfSSL	15:117db924cf7c	20372	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	20373	ssl->pssAlgo = 0;
wolfSSL	15:117db924cf7c	20374	if (ssl->suites->sigAlgo == rsa_pss_sa_algo)
wolfSSL	15:117db924cf7c	20375	ssl->pssAlgo \|= 1 << ssl->suites->hashAlgo;
wolfSSL	15:117db924cf7c	20376	#endif
wolfSSL	15:117db924cf7c	20377	}
wolfSSL	15:117db924cf7c	20378
wolfSSL	15:117db924cf7c	20379	/* authorities */
wolfSSL	15:117db924cf7c	20380	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	15:117db924cf7c	20381	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20382
wolfSSL	15:117db924cf7c	20383	ato16(input + *inOutIdx, &len);
wolfSSL	15:117db924cf7c	20384	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20385
wolfSSL	15:117db924cf7c	20386	if ((*inOutIdx - begin) + len > size)
wolfSSL	15:117db924cf7c	20387	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20388
wolfSSL	15:117db924cf7c	20389	while (len) {
wolfSSL	15:117db924cf7c	20390	word16 dnSz;
wolfSSL	15:117db924cf7c	20391
wolfSSL	15:117db924cf7c	20392	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	15:117db924cf7c	20393	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20394
wolfSSL	15:117db924cf7c	20395	ato16(input + *inOutIdx, &dnSz);
wolfSSL	15:117db924cf7c	20396	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20397
wolfSSL	15:117db924cf7c	20398	if ((*inOutIdx - begin) + dnSz > size)
wolfSSL	15:117db924cf7c	20399	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	20400
wolfSSL	15:117db924cf7c	20401	*inOutIdx += dnSz;
wolfSSL	15:117db924cf7c	20402	len -= OPAQUE16_LEN + dnSz;
wolfSSL	15:117db924cf7c	20403	}
wolfSSL	15:117db924cf7c	20404
wolfSSL	16:8e0d178b1d1e	20405	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	20406	/* call client cert callback if no cert has been loaded */
wolfSSL	16:8e0d178b1d1e	20407	if ((ssl->ctx->CBClientCert != NULL) &&
wolfSSL	16:8e0d178b1d1e	20408	(!ssl->buffers.certificate \|\| !ssl->buffers.certificate->buffer)) {
wolfSSL	16:8e0d178b1d1e	20409
wolfSSL	16:8e0d178b1d1e	20410	ret = ssl->ctx->CBClientCert(ssl, &x509, &pkey);
wolfSSL	16:8e0d178b1d1e	20411	if (ret == 1) {
wolfSSL	16:8e0d178b1d1e	20412	if ((wolfSSL_use_certificate(ssl, x509) != WOLFSSL_SUCCESS) \|\|
wolfSSL	16:8e0d178b1d1e	20413	(wolfSSL_use_PrivateKey(ssl, pkey) != WOLFSSL_SUCCESS)) {
wolfSSL	16:8e0d178b1d1e	20414	return CLIENT_CERT_CB_ERROR;
wolfSSL	16:8e0d178b1d1e	20415	}
wolfSSL	16:8e0d178b1d1e	20416	wolfSSL_X509_free(x509);
wolfSSL	16:8e0d178b1d1e	20417	wolfSSL_EVP_PKEY_free(pkey);
wolfSSL	16:8e0d178b1d1e	20418
wolfSSL	16:8e0d178b1d1e	20419	} else if (ret < 0) {
wolfSSL	16:8e0d178b1d1e	20420	return WOLFSSL_ERROR_WANT_X509_LOOKUP;
wolfSSL	16:8e0d178b1d1e	20421	}
wolfSSL	16:8e0d178b1d1e	20422	}
wolfSSL	16:8e0d178b1d1e	20423	#endif
wolfSSL	16:8e0d178b1d1e	20424
wolfSSL	15:117db924cf7c	20425	/* don't send client cert or cert verify if user hasn't provided
wolfSSL	15:117db924cf7c	20426	cert and private key */
wolfSSL	15:117db924cf7c	20427	if (ssl->buffers.certificate && ssl->buffers.certificate->buffer) {
wolfSSL	15:117db924cf7c	20428	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	20429	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
wolfSSL	15:117db924cf7c	20430	WOLFSSL_MSG("Using PK for client private key");
wolfSSL	15:117db924cf7c	20431	ssl->options.sendVerify = SEND_CERT;
wolfSSL	15:117db924cf7c	20432	}
wolfSSL	15:117db924cf7c	20433	#endif
wolfSSL	15:117db924cf7c	20434	if (ssl->buffers.key && ssl->buffers.key->buffer) {
wolfSSL	15:117db924cf7c	20435	ssl->options.sendVerify = SEND_CERT;
wolfSSL	15:117db924cf7c	20436	}
wolfSSL	15:117db924cf7c	20437	}
wolfSSL	16:8e0d178b1d1e	20438	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	20439	else
wolfSSL	16:8e0d178b1d1e	20440	#else
wolfSSL	15:117db924cf7c	20441	else if (IsTLS(ssl))
wolfSSL	16:8e0d178b1d1e	20442	#endif
wolfSSL	15:117db924cf7c	20443	{
wolfSSL	15:117db924cf7c	20444	ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL	15:117db924cf7c	20445	}
wolfSSL	15:117db924cf7c	20446
wolfSSL	16:8e0d178b1d1e	20447	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	20448	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	20449	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	20450	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	20451	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	20452	#endif
wolfSSL	16:8e0d178b1d1e	20453	}
wolfSSL	15:117db924cf7c	20454
wolfSSL	15:117db924cf7c	20455	WOLFSSL_LEAVE("DoCertificateRequest", 0);
wolfSSL	15:117db924cf7c	20456	WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO);
wolfSSL	15:117db924cf7c	20457
wolfSSL	15:117db924cf7c	20458	return 0;
wolfSSL	15:117db924cf7c	20459	}
wolfSSL	15:117db924cf7c	20460	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	20461
wolfSSL	15:117db924cf7c	20462
wolfSSL	16:8e0d178b1d1e	20463	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	20464
wolfSSL	15:117db924cf7c	20465	static int CheckCurveId(int tlsCurveId)
wolfSSL	15:117db924cf7c	20466	{
wolfSSL	15:117db924cf7c	20467	int ret = ECC_CURVE_ERROR;
wolfSSL	15:117db924cf7c	20468
wolfSSL	15:117db924cf7c	20469	switch (tlsCurveId) {
wolfSSL	15:117db924cf7c	20470	#if defined(HAVE_ECC160) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20471	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20472	case WOLFSSL_ECC_SECP160R1: return ECC_SECP160R1_OID;
wolfSSL	15:117db924cf7c	20473	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20474	#ifdef HAVE_ECC_SECPR2
wolfSSL	15:117db924cf7c	20475	case WOLFSSL_ECC_SECP160R2: return ECC_SECP160R2_OID;
wolfSSL	15:117db924cf7c	20476	#endif /* HAVE_ECC_SECPR2 */
wolfSSL	15:117db924cf7c	20477	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	20478	case WOLFSSL_ECC_SECP160K1: return ECC_SECP160K1_OID;
wolfSSL	15:117db924cf7c	20479	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	20480	#endif
wolfSSL	15:117db924cf7c	20481	#if defined(HAVE_ECC192) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20482	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20483	case WOLFSSL_ECC_SECP192R1: return ECC_SECP192R1_OID;
wolfSSL	15:117db924cf7c	20484	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20485	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	20486	case WOLFSSL_ECC_SECP192K1: return ECC_SECP192K1_OID;
wolfSSL	15:117db924cf7c	20487	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	20488	#endif
wolfSSL	15:117db924cf7c	20489	#if defined(HAVE_ECC224) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20490	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20491	case WOLFSSL_ECC_SECP224R1: return ECC_SECP224R1_OID;
wolfSSL	15:117db924cf7c	20492	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20493	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	20494	case WOLFSSL_ECC_SECP224K1: return ECC_SECP224K1_OID;
wolfSSL	15:117db924cf7c	20495	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	20496	#endif
wolfSSL	15:117db924cf7c	20497	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	20498	case WOLFSSL_ECC_X25519: return ECC_X25519_OID;
wolfSSL	15:117db924cf7c	20499	#endif
wolfSSL	16:8e0d178b1d1e	20500	#if !defined(NO_ECC256) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20501	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20502	case WOLFSSL_ECC_SECP256R1: return ECC_SECP256R1_OID;
wolfSSL	15:117db924cf7c	20503	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20504	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	20505	case WOLFSSL_ECC_SECP256K1: return ECC_SECP256K1_OID;
wolfSSL	15:117db924cf7c	20506	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	20507	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	20508	case WOLFSSL_ECC_BRAINPOOLP256R1: return ECC_BRAINPOOLP256R1_OID;
wolfSSL	15:117db924cf7c	20509	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	20510	#endif
wolfSSL	16:8e0d178b1d1e	20511	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	20512	case WOLFSSL_ECC_X448: return ECC_X448_OID;
wolfSSL	16:8e0d178b1d1e	20513	#endif
wolfSSL	15:117db924cf7c	20514	#if defined(HAVE_ECC384) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20515	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20516	case WOLFSSL_ECC_SECP384R1: return ECC_SECP384R1_OID;
wolfSSL	15:117db924cf7c	20517	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20518	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	20519	case WOLFSSL_ECC_BRAINPOOLP384R1: return ECC_BRAINPOOLP384R1_OID;
wolfSSL	15:117db924cf7c	20520	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	20521	#endif
wolfSSL	15:117db924cf7c	20522	#if defined(HAVE_ECC512) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20523	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	20524	case WOLFSSL_ECC_BRAINPOOLP512R1: return ECC_BRAINPOOLP512R1_OID;
wolfSSL	15:117db924cf7c	20525	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	20526	#endif
wolfSSL	15:117db924cf7c	20527	#if defined(HAVE_ECC521) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	20528	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	20529	case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
wolfSSL	15:117db924cf7c	20530	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	20531	#endif
wolfSSL	15:117db924cf7c	20532	}
wolfSSL	15:117db924cf7c	20533
wolfSSL	15:117db924cf7c	20534	return ret;
wolfSSL	15:117db924cf7c	20535	}
wolfSSL	15:117db924cf7c	20536
wolfSSL	15:117db924cf7c	20537	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	20538
wolfSSL	15:117db924cf7c	20539	/* Persistable DoServerKeyExchange arguments */
wolfSSL	15:117db924cf7c	20540	typedef struct DskeArgs {
wolfSSL	15:117db924cf7c	20541	byte* output; /* not allocated */
wolfSSL	16:8e0d178b1d1e	20542	#if !defined(NO_DH) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	20543	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	20544	byte* verifySig;
wolfSSL	15:117db924cf7c	20545	#endif
wolfSSL	15:117db924cf7c	20546	word32 idx;
wolfSSL	15:117db924cf7c	20547	word32 begin;
wolfSSL	16:8e0d178b1d1e	20548	#if !defined(NO_DH) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	20549	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	20550	word16 verifySigSz;
wolfSSL	15:117db924cf7c	20551	#endif
wolfSSL	15:117db924cf7c	20552	word16 sigSz;
wolfSSL	15:117db924cf7c	20553	byte sigAlgo;
wolfSSL	15:117db924cf7c	20554	byte hashAlgo;
wolfSSL	16:8e0d178b1d1e	20555	#if !defined(NO_RSA) && defined(WC_RSA_PSS)
wolfSSL	16:8e0d178b1d1e	20556	int bits;
wolfSSL	16:8e0d178b1d1e	20557	#endif
wolfSSL	15:117db924cf7c	20558	} DskeArgs;
wolfSSL	15:117db924cf7c	20559
wolfSSL	15:117db924cf7c	20560	static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	20561	{
wolfSSL	15:117db924cf7c	20562	DskeArgs* args = (DskeArgs*)pArgs;
wolfSSL	15:117db924cf7c	20563
wolfSSL	15:117db924cf7c	20564	(void)ssl;
wolfSSL	15:117db924cf7c	20565	(void)args;
wolfSSL	15:117db924cf7c	20566
wolfSSL	16:8e0d178b1d1e	20567	#if !defined(NO_DH) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	20568	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	20569	if (args->verifySig) {
wolfSSL	15:117db924cf7c	20570	XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	20571	args->verifySig = NULL;
wolfSSL	15:117db924cf7c	20572	}
wolfSSL	15:117db924cf7c	20573	#endif
wolfSSL	15:117db924cf7c	20574	}
wolfSSL	15:117db924cf7c	20575
wolfSSL	16:8e0d178b1d1e	20576	#ifndef NO_DH
wolfSSL	16:8e0d178b1d1e	20577	static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size,
wolfSSL	16:8e0d178b1d1e	20578	DskeArgs* args)
wolfSSL	16:8e0d178b1d1e	20579	{
wolfSSL	16:8e0d178b1d1e	20580	int ret = 0;
wolfSSL	16:8e0d178b1d1e	20581	word16 length;
wolfSSL	16:8e0d178b1d1e	20582	#ifdef HAVE_FFDHE
wolfSSL	16:8e0d178b1d1e	20583	const DhParams* params = NULL;
wolfSSL	16:8e0d178b1d1e	20584	int group = 0;
wolfSSL	16:8e0d178b1d1e	20585	#endif
wolfSSL	16:8e0d178b1d1e	20586
wolfSSL	16:8e0d178b1d1e	20587	ssl->buffers.weOwnDH = 1;
wolfSSL	16:8e0d178b1d1e	20588
wolfSSL	16:8e0d178b1d1e	20589	ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	20590	ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	20591	ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL	16:8e0d178b1d1e	20592
wolfSSL	16:8e0d178b1d1e	20593	/* p */
wolfSSL	16:8e0d178b1d1e	20594	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	16:8e0d178b1d1e	20595	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20596	}
wolfSSL	16:8e0d178b1d1e	20597
wolfSSL	16:8e0d178b1d1e	20598	ato16(input + args->idx, &length);
wolfSSL	16:8e0d178b1d1e	20599	args->idx += OPAQUE16_LEN;
wolfSSL	16:8e0d178b1d1e	20600
wolfSSL	16:8e0d178b1d1e	20601	if ((args->idx - args->begin) + length > size) {
wolfSSL	16:8e0d178b1d1e	20602	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20603	}
wolfSSL	16:8e0d178b1d1e	20604
wolfSSL	16:8e0d178b1d1e	20605	if (length < ssl->options.minDhKeySz) {
wolfSSL	16:8e0d178b1d1e	20606	WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL	16:8e0d178b1d1e	20607	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	16:8e0d178b1d1e	20608	ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20609	}
wolfSSL	16:8e0d178b1d1e	20610	if (length > ssl->options.maxDhKeySz) {
wolfSSL	16:8e0d178b1d1e	20611	WOLFSSL_MSG("Server using a DH key that is too big");
wolfSSL	16:8e0d178b1d1e	20612	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	16:8e0d178b1d1e	20613	ERROR_OUT(DH_KEY_SIZE_E, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20614	}
wolfSSL	16:8e0d178b1d1e	20615
wolfSSL	16:8e0d178b1d1e	20616	ssl->buffers.serverDH_P.buffer =
wolfSSL	16:8e0d178b1d1e	20617	(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	20618	if (ssl->buffers.serverDH_P.buffer) {
wolfSSL	16:8e0d178b1d1e	20619	ssl->buffers.serverDH_P.length = length;
wolfSSL	16:8e0d178b1d1e	20620	}
wolfSSL	16:8e0d178b1d1e	20621	else {
wolfSSL	16:8e0d178b1d1e	20622	ERROR_OUT(MEMORY_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20623	}
wolfSSL	16:8e0d178b1d1e	20624
wolfSSL	16:8e0d178b1d1e	20625	XMEMCPY(ssl->buffers.serverDH_P.buffer, input + args->idx,
wolfSSL	16:8e0d178b1d1e	20626	length);
wolfSSL	16:8e0d178b1d1e	20627	args->idx += length;
wolfSSL	16:8e0d178b1d1e	20628
wolfSSL	16:8e0d178b1d1e	20629	ssl->options.dhKeySz = length;
wolfSSL	16:8e0d178b1d1e	20630
wolfSSL	16:8e0d178b1d1e	20631	/* g */
wolfSSL	16:8e0d178b1d1e	20632	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	16:8e0d178b1d1e	20633	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20634	}
wolfSSL	16:8e0d178b1d1e	20635
wolfSSL	16:8e0d178b1d1e	20636	ato16(input + args->idx, &length);
wolfSSL	16:8e0d178b1d1e	20637	args->idx += OPAQUE16_LEN;
wolfSSL	16:8e0d178b1d1e	20638
wolfSSL	16:8e0d178b1d1e	20639	if ((args->idx - args->begin) + length > size) {
wolfSSL	16:8e0d178b1d1e	20640	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20641	}
wolfSSL	16:8e0d178b1d1e	20642
wolfSSL	16:8e0d178b1d1e	20643	ssl->buffers.serverDH_G.buffer =
wolfSSL	16:8e0d178b1d1e	20644	(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	20645	if (ssl->buffers.serverDH_G.buffer) {
wolfSSL	16:8e0d178b1d1e	20646	ssl->buffers.serverDH_G.length = length;
wolfSSL	16:8e0d178b1d1e	20647	}
wolfSSL	16:8e0d178b1d1e	20648	else {
wolfSSL	16:8e0d178b1d1e	20649	ERROR_OUT(MEMORY_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20650	}
wolfSSL	16:8e0d178b1d1e	20651
wolfSSL	16:8e0d178b1d1e	20652	XMEMCPY(ssl->buffers.serverDH_G.buffer, input + args->idx,
wolfSSL	16:8e0d178b1d1e	20653	length);
wolfSSL	16:8e0d178b1d1e	20654	args->idx += length;
wolfSSL	16:8e0d178b1d1e	20655
wolfSSL	16:8e0d178b1d1e	20656	/* pub */
wolfSSL	16:8e0d178b1d1e	20657	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	16:8e0d178b1d1e	20658	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20659	}
wolfSSL	16:8e0d178b1d1e	20660
wolfSSL	16:8e0d178b1d1e	20661	ato16(input + args->idx, &length);
wolfSSL	16:8e0d178b1d1e	20662	args->idx += OPAQUE16_LEN;
wolfSSL	16:8e0d178b1d1e	20663
wolfSSL	16:8e0d178b1d1e	20664	if ((args->idx - args->begin) + length > size) {
wolfSSL	16:8e0d178b1d1e	20665	ERROR_OUT(BUFFER_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20666	}
wolfSSL	16:8e0d178b1d1e	20667
wolfSSL	16:8e0d178b1d1e	20668	ssl->buffers.serverDH_Pub.buffer =
wolfSSL	16:8e0d178b1d1e	20669	(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	16:8e0d178b1d1e	20670	if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL	16:8e0d178b1d1e	20671	ssl->buffers.serverDH_Pub.length = length;
wolfSSL	16:8e0d178b1d1e	20672	}
wolfSSL	16:8e0d178b1d1e	20673	else {
wolfSSL	16:8e0d178b1d1e	20674	ERROR_OUT(MEMORY_ERROR, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20675	}
wolfSSL	16:8e0d178b1d1e	20676
wolfSSL	16:8e0d178b1d1e	20677	XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
wolfSSL	16:8e0d178b1d1e	20678	length);
wolfSSL	16:8e0d178b1d1e	20679	args->idx += length;
wolfSSL	16:8e0d178b1d1e	20680
wolfSSL	16:8e0d178b1d1e	20681	#ifdef HAVE_FFDHE
wolfSSL	16:8e0d178b1d1e	20682	switch (ssl->options.dhKeySz) {
wolfSSL	16:8e0d178b1d1e	20683	#ifdef HAVE_FFDHE_2048
wolfSSL	16:8e0d178b1d1e	20684	case 2048/8:
wolfSSL	16:8e0d178b1d1e	20685	params = wc_Dh_ffdhe2048_Get();
wolfSSL	16:8e0d178b1d1e	20686	group = WOLFSSL_FFDHE_2048;
wolfSSL	16:8e0d178b1d1e	20687	break;
wolfSSL	16:8e0d178b1d1e	20688	#endif
wolfSSL	16:8e0d178b1d1e	20689	#ifdef HAVE_FFDHE_3072
wolfSSL	16:8e0d178b1d1e	20690	case 3072/8:
wolfSSL	16:8e0d178b1d1e	20691	params = wc_Dh_ffdhe3072_Get();
wolfSSL	16:8e0d178b1d1e	20692	group = WOLFSSL_FFDHE_3072;
wolfSSL	16:8e0d178b1d1e	20693	break;
wolfSSL	16:8e0d178b1d1e	20694	#endif
wolfSSL	16:8e0d178b1d1e	20695	#ifdef HAVE_FFDHE_4096
wolfSSL	16:8e0d178b1d1e	20696	case 4096/8:
wolfSSL	16:8e0d178b1d1e	20697	params = wc_Dh_ffdhe4096_Get();
wolfSSL	16:8e0d178b1d1e	20698	group = WOLFSSL_FFDHE_4096;
wolfSSL	16:8e0d178b1d1e	20699	break;
wolfSSL	16:8e0d178b1d1e	20700	#endif
wolfSSL	16:8e0d178b1d1e	20701	#ifdef HAVE_FFDHE_6144
wolfSSL	16:8e0d178b1d1e	20702	case 6144/8:
wolfSSL	16:8e0d178b1d1e	20703	params = wc_Dh_ffdhe6144_Get();
wolfSSL	16:8e0d178b1d1e	20704	group = WOLFSSL_FFDHE_6144;
wolfSSL	16:8e0d178b1d1e	20705	break;
wolfSSL	16:8e0d178b1d1e	20706	#endif
wolfSSL	16:8e0d178b1d1e	20707	#ifdef HAVE_FFDHE_8192
wolfSSL	16:8e0d178b1d1e	20708	case 8192/8:
wolfSSL	16:8e0d178b1d1e	20709	params = wc_Dh_ffdhe8192_Get();
wolfSSL	16:8e0d178b1d1e	20710	group = WOLFSSL_FFDHE_8192;
wolfSSL	16:8e0d178b1d1e	20711	break;
wolfSSL	16:8e0d178b1d1e	20712	#endif
wolfSSL	16:8e0d178b1d1e	20713	default:
wolfSSL	16:8e0d178b1d1e	20714	break;
wolfSSL	16:8e0d178b1d1e	20715	}
wolfSSL	16:8e0d178b1d1e	20716
wolfSSL	16:8e0d178b1d1e	20717	if (params == NULL \|\| params->g_len != ssl->buffers.serverDH_G.length \|\|
wolfSSL	16:8e0d178b1d1e	20718	(XMEMCMP(ssl->buffers.serverDH_G.buffer, params->g,
wolfSSL	16:8e0d178b1d1e	20719	params->g_len) != 0) \|\|
wolfSSL	16:8e0d178b1d1e	20720	(XMEMCMP(ssl->buffers.serverDH_P.buffer, params->p,
wolfSSL	16:8e0d178b1d1e	20721	params->p_len) != 0)) {
wolfSSL	16:8e0d178b1d1e	20722	WOLFSSL_MSG("Server not using FFDHE parameters");
wolfSSL	16:8e0d178b1d1e	20723	#ifdef WOLFSSL_REQUIRE_FFDHE
wolfSSL	16:8e0d178b1d1e	20724	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	16:8e0d178b1d1e	20725	ERROR_OUT(DH_PARAMS_NOT_FFDHE_E, exit_gdpk);
wolfSSL	16:8e0d178b1d1e	20726	#endif
wolfSSL	16:8e0d178b1d1e	20727	}
wolfSSL	16:8e0d178b1d1e	20728	else {
wolfSSL	16:8e0d178b1d1e	20729	ssl->namedGroup = group;
wolfSSL	16:8e0d178b1d1e	20730	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL	16:8e0d178b1d1e	20731	!defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	20732	ssl->options.dhDoKeyTest = 0;
wolfSSL	16:8e0d178b1d1e	20733	#endif
wolfSSL	16:8e0d178b1d1e	20734	}
wolfSSL	16:8e0d178b1d1e	20735	#endif /* HAVE_FFDHE */
wolfSSL	16:8e0d178b1d1e	20736
wolfSSL	16:8e0d178b1d1e	20737	exit_gdpk:
wolfSSL	16:8e0d178b1d1e	20738	return ret;
wolfSSL	16:8e0d178b1d1e	20739	}
wolfSSL	16:8e0d178b1d1e	20740	#endif
wolfSSL	16:8e0d178b1d1e	20741
wolfSSL	15:117db924cf7c	20742	/* handle processing of server_key_exchange (12) */
wolfSSL	15:117db924cf7c	20743	static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wolfSSL	15:117db924cf7c	20744	word32* inOutIdx, word32 size)
wolfSSL	15:117db924cf7c	20745	{
wolfSSL	15:117db924cf7c	20746	int ret = 0;
wolfSSL	15:117db924cf7c	20747	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	20748	DskeArgs* args = (DskeArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	20749	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	20750	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	20751	#else
wolfSSL	15:117db924cf7c	20752	DskeArgs args[1];
wolfSSL	15:117db924cf7c	20753	#endif
wolfSSL	15:117db924cf7c	20754
wolfSSL	15:117db924cf7c	20755	(void)input;
wolfSSL	15:117db924cf7c	20756	(void)size;
wolfSSL	15:117db924cf7c	20757
wolfSSL	15:117db924cf7c	20758	WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_DO);
wolfSSL	15:117db924cf7c	20759	WOLFSSL_ENTER("DoServerKeyExchange");
wolfSSL	15:117db924cf7c	20760
wolfSSL	15:117db924cf7c	20761	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	20762	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	20763	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	20764	/* Check for error */
wolfSSL	15:117db924cf7c	20765	if (ret < 0)
wolfSSL	15:117db924cf7c	20766	goto exit_dske;
wolfSSL	15:117db924cf7c	20767	}
wolfSSL	15:117db924cf7c	20768	else
wolfSSL	15:117db924cf7c	20769	#endif
wolfSSL	15:117db924cf7c	20770	{
wolfSSL	15:117db924cf7c	20771	/* Reset state */
wolfSSL	15:117db924cf7c	20772	ret = 0;
wolfSSL	15:117db924cf7c	20773	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	20774	XMEMSET(args, 0, sizeof(DskeArgs));
wolfSSL	15:117db924cf7c	20775	args->idx = *inOutIdx;
wolfSSL	15:117db924cf7c	20776	args->begin = *inOutIdx;
wolfSSL	15:117db924cf7c	20777	args->sigAlgo = ssl->specs.sig_algo;
wolfSSL	15:117db924cf7c	20778	args->hashAlgo = sha_mac;
wolfSSL	15:117db924cf7c	20779	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	20780	ssl->async.freeArgs = FreeDskeArgs;
wolfSSL	15:117db924cf7c	20781	#endif
wolfSSL	15:117db924cf7c	20782	}
wolfSSL	15:117db924cf7c	20783
wolfSSL	15:117db924cf7c	20784	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	20785	{
wolfSSL	15:117db924cf7c	20786	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	20787	{
wolfSSL	15:117db924cf7c	20788	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	20789	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	20790	AddPacketName(ssl, "ServerKeyExchange");
wolfSSL	15:117db924cf7c	20791	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	20792	AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	20793	#endif
wolfSSL	15:117db924cf7c	20794
wolfSSL	15:117db924cf7c	20795	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	20796	{
wolfSSL	15:117db924cf7c	20797	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	20798	case psk_kea:
wolfSSL	15:117db924cf7c	20799	{
wolfSSL	15:117db924cf7c	20800	int srvHintLen;
wolfSSL	15:117db924cf7c	20801	word16 length;
wolfSSL	15:117db924cf7c	20802
wolfSSL	15:117db924cf7c	20803	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	20804	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20805	}
wolfSSL	15:117db924cf7c	20806
wolfSSL	15:117db924cf7c	20807	ato16(input + args->idx, &length);
wolfSSL	15:117db924cf7c	20808	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20809
wolfSSL	15:117db924cf7c	20810	if ((args->idx - args->begin) + length > size) {
wolfSSL	15:117db924cf7c	20811	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20812	}
wolfSSL	15:117db924cf7c	20813
wolfSSL	15:117db924cf7c	20814	/* get PSK server hint from the wire */
wolfSSL	15:117db924cf7c	20815	srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL	15:117db924cf7c	20816	XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL	15:117db924cf7c	20817	srvHintLen);
wolfSSL	15:117db924cf7c	20818	ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	20819	args->idx += length;
wolfSSL	15:117db924cf7c	20820	break;
wolfSSL	15:117db924cf7c	20821	}
wolfSSL	15:117db924cf7c	20822	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	20823	#ifndef NO_DH
wolfSSL	15:117db924cf7c	20824	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	20825	{
wolfSSL	16:8e0d178b1d1e	20826	ret = GetDhPublicKey(ssl, input, size, args);
wolfSSL	16:8e0d178b1d1e	20827	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	20828	goto exit_dske;
wolfSSL	15:117db924cf7c	20829	break;
wolfSSL	15:117db924cf7c	20830	}
wolfSSL	15:117db924cf7c	20831	#endif /* !NO_DH */
wolfSSL	16:8e0d178b1d1e	20832	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	20833	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	20834	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	20835	{
wolfSSL	15:117db924cf7c	20836	byte b;
wolfSSL	15:117db924cf7c	20837	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	20838	int curveId;
wolfSSL	15:117db924cf7c	20839	#endif
wolfSSL	15:117db924cf7c	20840	int curveOid;
wolfSSL	15:117db924cf7c	20841	word16 length;
wolfSSL	15:117db924cf7c	20842
wolfSSL	15:117db924cf7c	20843	if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL	15:117db924cf7c	20844	OPAQUE8_LEN > size) {
wolfSSL	15:117db924cf7c	20845	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20846	}
wolfSSL	15:117db924cf7c	20847
wolfSSL	15:117db924cf7c	20848	b = input[args->idx++];
wolfSSL	15:117db924cf7c	20849	if (b != named_curve) {
wolfSSL	15:117db924cf7c	20850	ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20851	}
wolfSSL	15:117db924cf7c	20852
wolfSSL	15:117db924cf7c	20853	args->idx += 1; /* curve type, eat leading 0 */
wolfSSL	15:117db924cf7c	20854	b = input[args->idx++];
wolfSSL	15:117db924cf7c	20855	if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL	15:117db924cf7c	20856	ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20857	}
wolfSSL	15:117db924cf7c	20858	ssl->ecdhCurveOID = curveOid;
wolfSSL	16:8e0d178b1d1e	20859	#if defined(WOLFSSL_TLS13) \|\| defined(HAVE_FFDHE)
wolfSSL	16:8e0d178b1d1e	20860	ssl->namedGroup = 0;
wolfSSL	16:8e0d178b1d1e	20861	#endif
wolfSSL	15:117db924cf7c	20862
wolfSSL	15:117db924cf7c	20863	length = input[args->idx++];
wolfSSL	15:117db924cf7c	20864	if ((args->idx - args->begin) + length > size) {
wolfSSL	15:117db924cf7c	20865	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20866	}
wolfSSL	15:117db924cf7c	20867
wolfSSL	15:117db924cf7c	20868	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	20869	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	20870	if (ssl->peerX25519Key == NULL) {
wolfSSL	15:117db924cf7c	20871	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	20872	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	20873	if (ret != 0) {
wolfSSL	15:117db924cf7c	20874	goto exit_dske;
wolfSSL	15:117db924cf7c	20875	}
wolfSSL	15:117db924cf7c	20876	} else if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	20877	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	20878	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	20879	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	20880	if (ret != 0) {
wolfSSL	15:117db924cf7c	20881	goto exit_dske;
wolfSSL	15:117db924cf7c	20882	}
wolfSSL	15:117db924cf7c	20883	}
wolfSSL	15:117db924cf7c	20884
wolfSSL	16:8e0d178b1d1e	20885	if ((ret = wc_curve25519_check_public(
wolfSSL	16:8e0d178b1d1e	20886	input + args->idx, length,
wolfSSL	16:8e0d178b1d1e	20887	EC25519_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	20888	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	20889	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	20890	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	20891	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	20892	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	20893	else {
wolfSSL	16:8e0d178b1d1e	20894	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	20895	}
wolfSSL	16:8e0d178b1d1e	20896	#endif
wolfSSL	16:8e0d178b1d1e	20897	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	20898	}
wolfSSL	16:8e0d178b1d1e	20899
wolfSSL	15:117db924cf7c	20900	if (wc_curve25519_import_public_ex(input + args->idx,
wolfSSL	15:117db924cf7c	20901	length, ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	20902	EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL	15:117db924cf7c	20903	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20904	}
wolfSSL	15:117db924cf7c	20905
wolfSSL	15:117db924cf7c	20906	args->idx += length;
wolfSSL	15:117db924cf7c	20907	ssl->peerX25519KeyPresent = 1;
wolfSSL	15:117db924cf7c	20908	break;
wolfSSL	15:117db924cf7c	20909	}
wolfSSL	15:117db924cf7c	20910	#endif
wolfSSL	16:8e0d178b1d1e	20911	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	20912	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	20913	if (ssl->peerX448Key == NULL) {
wolfSSL	16:8e0d178b1d1e	20914	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	20915	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	20916	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	20917	goto exit_dske;
wolfSSL	16:8e0d178b1d1e	20918	}
wolfSSL	16:8e0d178b1d1e	20919	} else if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	20920	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	20921	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	20922	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	20923	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	20924	goto exit_dske;
wolfSSL	16:8e0d178b1d1e	20925	}
wolfSSL	16:8e0d178b1d1e	20926	}
wolfSSL	16:8e0d178b1d1e	20927
wolfSSL	16:8e0d178b1d1e	20928	if ((ret = wc_curve448_check_public(
wolfSSL	16:8e0d178b1d1e	20929	input + args->idx, length,
wolfSSL	16:8e0d178b1d1e	20930	EC448_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	20931	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	20932	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	20933	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	20934	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	20935	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	20936	else {
wolfSSL	16:8e0d178b1d1e	20937	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	20938	}
wolfSSL	16:8e0d178b1d1e	20939	#endif
wolfSSL	16:8e0d178b1d1e	20940	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	20941	}
wolfSSL	16:8e0d178b1d1e	20942
wolfSSL	16:8e0d178b1d1e	20943	if (wc_curve448_import_public_ex(input + args->idx,
wolfSSL	16:8e0d178b1d1e	20944	length, ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	20945	EC448_LITTLE_ENDIAN) != 0) {
wolfSSL	16:8e0d178b1d1e	20946	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	20947	}
wolfSSL	16:8e0d178b1d1e	20948
wolfSSL	16:8e0d178b1d1e	20949	args->idx += length;
wolfSSL	16:8e0d178b1d1e	20950	ssl->peerX448KeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	20951	break;
wolfSSL	16:8e0d178b1d1e	20952	}
wolfSSL	16:8e0d178b1d1e	20953	#endif
wolfSSL	15:117db924cf7c	20954	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	20955	if (ssl->peerEccKey == NULL) {
wolfSSL	15:117db924cf7c	20956	ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	20957	(void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	20958	if (ret != 0) {
wolfSSL	15:117db924cf7c	20959	goto exit_dske;
wolfSSL	15:117db924cf7c	20960	}
wolfSSL	15:117db924cf7c	20961	} else if (ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	20962	ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
wolfSSL	15:117db924cf7c	20963	ssl->peerEccKeyPresent = 0;
wolfSSL	15:117db924cf7c	20964	if (ret != 0) {
wolfSSL	15:117db924cf7c	20965	goto exit_dske;
wolfSSL	15:117db924cf7c	20966	}
wolfSSL	15:117db924cf7c	20967	}
wolfSSL	15:117db924cf7c	20968
wolfSSL	15:117db924cf7c	20969	curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL	15:117db924cf7c	20970	if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL	15:117db924cf7c	20971	ssl->peerEccKey, curveId) != 0) {
wolfSSL	16:8e0d178b1d1e	20972	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	20973	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	20974	#endif
wolfSSL	15:117db924cf7c	20975	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20976	}
wolfSSL	15:117db924cf7c	20977
wolfSSL	15:117db924cf7c	20978	args->idx += length;
wolfSSL	15:117db924cf7c	20979	ssl->peerEccKeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	20980	#endif
wolfSSL	16:8e0d178b1d1e	20981	break;
wolfSSL	16:8e0d178b1d1e	20982	}
wolfSSL	16:8e0d178b1d1e	20983	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	20984	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	20985	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	20986	{
wolfSSL	15:117db924cf7c	20987	int srvHintLen;
wolfSSL	15:117db924cf7c	20988	word16 length;
wolfSSL	15:117db924cf7c	20989
wolfSSL	15:117db924cf7c	20990	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	20991	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20992	}
wolfSSL	15:117db924cf7c	20993
wolfSSL	15:117db924cf7c	20994	ato16(input + args->idx, &length);
wolfSSL	15:117db924cf7c	20995	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	20996
wolfSSL	15:117db924cf7c	20997	if ((args->idx - args->begin) + length > size) {
wolfSSL	15:117db924cf7c	20998	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	20999	}
wolfSSL	15:117db924cf7c	21000
wolfSSL	15:117db924cf7c	21001	/* get PSK server hint from the wire */
wolfSSL	15:117db924cf7c	21002	srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL	15:117db924cf7c	21003	XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL	15:117db924cf7c	21004	srvHintLen);
wolfSSL	15:117db924cf7c	21005	ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	21006	args->idx += length;
wolfSSL	15:117db924cf7c	21007
wolfSSL	16:8e0d178b1d1e	21008	ret = GetDhPublicKey(ssl, input, size, args);
wolfSSL	16:8e0d178b1d1e	21009	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	21010	goto exit_dske;
wolfSSL	16:8e0d178b1d1e	21011	break;
wolfSSL	16:8e0d178b1d1e	21012	}
wolfSSL	16:8e0d178b1d1e	21013	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	21014	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	21015	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	21016	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	21017	{
wolfSSL	15:117db924cf7c	21018	byte b;
wolfSSL	15:117db924cf7c	21019	int curveOid, curveId;
wolfSSL	15:117db924cf7c	21020	int srvHintLen;
wolfSSL	15:117db924cf7c	21021	word16 length;
wolfSSL	15:117db924cf7c	21022
wolfSSL	15:117db924cf7c	21023	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	21024	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21025	}
wolfSSL	15:117db924cf7c	21026
wolfSSL	15:117db924cf7c	21027	ato16(input + args->idx, &length);
wolfSSL	15:117db924cf7c	21028	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	21029
wolfSSL	15:117db924cf7c	21030	if ((args->idx - args->begin) + length > size) {
wolfSSL	15:117db924cf7c	21031	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21032	}
wolfSSL	15:117db924cf7c	21033
wolfSSL	15:117db924cf7c	21034	/* get PSK server hint from the wire */
wolfSSL	15:117db924cf7c	21035	srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL	15:117db924cf7c	21036	XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL	15:117db924cf7c	21037	srvHintLen);
wolfSSL	15:117db924cf7c	21038	ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	21039
wolfSSL	15:117db924cf7c	21040	args->idx += length;
wolfSSL	15:117db924cf7c	21041
wolfSSL	15:117db924cf7c	21042	if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL	15:117db924cf7c	21043	OPAQUE8_LEN > size) {
wolfSSL	15:117db924cf7c	21044	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21045	}
wolfSSL	15:117db924cf7c	21046
wolfSSL	15:117db924cf7c	21047	/* Check curve name and ID */
wolfSSL	15:117db924cf7c	21048	b = input[args->idx++];
wolfSSL	15:117db924cf7c	21049	if (b != named_curve) {
wolfSSL	15:117db924cf7c	21050	ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21051	}
wolfSSL	15:117db924cf7c	21052
wolfSSL	15:117db924cf7c	21053	args->idx += 1; /* curve type, eat leading 0 */
wolfSSL	15:117db924cf7c	21054	b = input[args->idx++];
wolfSSL	15:117db924cf7c	21055	if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL	15:117db924cf7c	21056	ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21057	}
wolfSSL	15:117db924cf7c	21058
wolfSSL	15:117db924cf7c	21059	length = input[args->idx++];
wolfSSL	15:117db924cf7c	21060	if ((args->idx - args->begin) + length > size) {
wolfSSL	15:117db924cf7c	21061	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21062	}
wolfSSL	15:117db924cf7c	21063
wolfSSL	15:117db924cf7c	21064	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	21065	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	21066	if (ssl->peerX25519Key == NULL) {
wolfSSL	15:117db924cf7c	21067	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	21068	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	21069	if (ret != 0) {
wolfSSL	15:117db924cf7c	21070	goto exit_dske;
wolfSSL	15:117db924cf7c	21071	}
wolfSSL	15:117db924cf7c	21072	} else if (ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	21073	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	21074	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	21075	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	21076	if (ret != 0) {
wolfSSL	15:117db924cf7c	21077	goto exit_dske;
wolfSSL	15:117db924cf7c	21078	}
wolfSSL	15:117db924cf7c	21079	}
wolfSSL	15:117db924cf7c	21080
wolfSSL	16:8e0d178b1d1e	21081	if ((ret = wc_curve25519_check_public(
wolfSSL	16:8e0d178b1d1e	21082	input + args->idx, length,
wolfSSL	16:8e0d178b1d1e	21083	EC25519_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	21084	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	21085	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	21086	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	21087	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	21088	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	21089	else {
wolfSSL	16:8e0d178b1d1e	21090	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	21091	}
wolfSSL	16:8e0d178b1d1e	21092	#endif
wolfSSL	16:8e0d178b1d1e	21093	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	21094	}
wolfSSL	16:8e0d178b1d1e	21095
wolfSSL	15:117db924cf7c	21096	if (wc_curve25519_import_public_ex(input + args->idx,
wolfSSL	15:117db924cf7c	21097	length, ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	21098	EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL	15:117db924cf7c	21099	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21100	}
wolfSSL	15:117db924cf7c	21101
wolfSSL	15:117db924cf7c	21102	args->idx += length;
wolfSSL	15:117db924cf7c	21103	ssl->peerX25519KeyPresent = 1;
wolfSSL	15:117db924cf7c	21104	break;
wolfSSL	15:117db924cf7c	21105	}
wolfSSL	15:117db924cf7c	21106	#endif
wolfSSL	16:8e0d178b1d1e	21107	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	21108	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	21109	if (ssl->peerX448Key == NULL) {
wolfSSL	16:8e0d178b1d1e	21110	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	21111	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	21112	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	21113	goto exit_dske;
wolfSSL	16:8e0d178b1d1e	21114	}
wolfSSL	16:8e0d178b1d1e	21115	} else if (ssl->peerEccKeyPresent) {
wolfSSL	16:8e0d178b1d1e	21116	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	21117	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	21118	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	21119	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	21120	goto exit_dske;
wolfSSL	16:8e0d178b1d1e	21121	}
wolfSSL	16:8e0d178b1d1e	21122	}
wolfSSL	16:8e0d178b1d1e	21123
wolfSSL	16:8e0d178b1d1e	21124	if ((ret = wc_curve448_check_public(
wolfSSL	16:8e0d178b1d1e	21125	input + args->idx, length,
wolfSSL	16:8e0d178b1d1e	21126	EC448_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	21127	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	21128	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	21129	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	21130	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	21131	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	21132	else {
wolfSSL	16:8e0d178b1d1e	21133	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	21134	}
wolfSSL	16:8e0d178b1d1e	21135	#endif
wolfSSL	16:8e0d178b1d1e	21136	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	21137	}
wolfSSL	16:8e0d178b1d1e	21138
wolfSSL	16:8e0d178b1d1e	21139	if (wc_curve448_import_public_ex(input + args->idx,
wolfSSL	16:8e0d178b1d1e	21140	length, ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	21141	EC448_LITTLE_ENDIAN) != 0) {
wolfSSL	16:8e0d178b1d1e	21142	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	16:8e0d178b1d1e	21143	}
wolfSSL	16:8e0d178b1d1e	21144
wolfSSL	16:8e0d178b1d1e	21145	args->idx += length;
wolfSSL	16:8e0d178b1d1e	21146	ssl->peerX448KeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	21147	break;
wolfSSL	16:8e0d178b1d1e	21148	}
wolfSSL	16:8e0d178b1d1e	21149	#endif
wolfSSL	15:117db924cf7c	21150
wolfSSL	15:117db924cf7c	21151	if (ssl->peerEccKey == NULL) {
wolfSSL	15:117db924cf7c	21152	ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	21153	(void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	21154	if (ret != 0) {
wolfSSL	15:117db924cf7c	21155	goto exit_dske;
wolfSSL	15:117db924cf7c	21156	}
wolfSSL	15:117db924cf7c	21157	} else if (ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	21158	ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
wolfSSL	15:117db924cf7c	21159	ssl->peerEccKeyPresent = 0;
wolfSSL	15:117db924cf7c	21160	if (ret != 0) {
wolfSSL	15:117db924cf7c	21161	goto exit_dske;
wolfSSL	15:117db924cf7c	21162	}
wolfSSL	15:117db924cf7c	21163	}
wolfSSL	15:117db924cf7c	21164
wolfSSL	15:117db924cf7c	21165	curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL	15:117db924cf7c	21166	if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL	15:117db924cf7c	21167	ssl->peerEccKey, curveId) != 0) {
wolfSSL	15:117db924cf7c	21168	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21169	}
wolfSSL	15:117db924cf7c	21170
wolfSSL	15:117db924cf7c	21171	args->idx += length;
wolfSSL	15:117db924cf7c	21172	ssl->peerEccKeyPresent = 1;
wolfSSL	15:117db924cf7c	21173	break;
wolfSSL	15:117db924cf7c	21174	}
wolfSSL	16:8e0d178b1d1e	21175	#endif /* (HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	21176	default:
wolfSSL	15:117db924cf7c	21177	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	21178	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	21179
wolfSSL	15:117db924cf7c	21180	/* Check for error */
wolfSSL	15:117db924cf7c	21181	if (ret != 0) {
wolfSSL	15:117db924cf7c	21182	goto exit_dske;
wolfSSL	15:117db924cf7c	21183	}
wolfSSL	15:117db924cf7c	21184
wolfSSL	15:117db924cf7c	21185	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	21186	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	21187	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	21188	FALL_THROUGH;
wolfSSL	15:117db924cf7c	21189
wolfSSL	15:117db924cf7c	21190	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	21191	{
wolfSSL	15:117db924cf7c	21192	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	21193	{
wolfSSL	15:117db924cf7c	21194	case psk_kea:
wolfSSL	15:117db924cf7c	21195	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	21196	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	21197	{
wolfSSL	15:117db924cf7c	21198	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	21199	break;
wolfSSL	15:117db924cf7c	21200	}
wolfSSL	15:117db924cf7c	21201
wolfSSL	15:117db924cf7c	21202	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21203	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21204	{
wolfSSL	16:8e0d178b1d1e	21205	#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \
wolfSSL	16:8e0d178b1d1e	21206	&& !defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	21207	ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL	15:117db924cf7c	21208	#else
wolfSSL	15:117db924cf7c	21209	enum wc_HashType hashType;
wolfSSL	15:117db924cf7c	21210	word16 verifySz;
wolfSSL	15:117db924cf7c	21211
wolfSSL	15:117db924cf7c	21212	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	21213	break;
wolfSSL	15:117db924cf7c	21214	}
wolfSSL	15:117db924cf7c	21215
wolfSSL	15:117db924cf7c	21216	verifySz = (word16)(args->idx - args->begin);
wolfSSL	15:117db924cf7c	21217	if (verifySz > MAX_DH_SZ) {
wolfSSL	15:117db924cf7c	21218	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21219	}
wolfSSL	15:117db924cf7c	21220
wolfSSL	15:117db924cf7c	21221	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	21222	if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN >
wolfSSL	15:117db924cf7c	21223	size) {
wolfSSL	15:117db924cf7c	21224	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21225	}
wolfSSL	15:117db924cf7c	21226
wolfSSL	15:117db924cf7c	21227	DecodeSigAlg(&input[args->idx], &args->hashAlgo,
wolfSSL	15:117db924cf7c	21228	&args->sigAlgo);
wolfSSL	15:117db924cf7c	21229	args->idx += 2;
wolfSSL	15:117db924cf7c	21230	hashType = HashAlgoToType(args->hashAlgo);
wolfSSL	15:117db924cf7c	21231	if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL	15:117db924cf7c	21232	ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL	15:117db924cf7c	21233	}
wolfSSL	15:117db924cf7c	21234	} else {
wolfSSL	15:117db924cf7c	21235	/* only using sha and md5 for rsa */
wolfSSL	15:117db924cf7c	21236	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	21237	hashType = WC_HASH_TYPE_SHA;
wolfSSL	15:117db924cf7c	21238	if (args->sigAlgo == rsa_sa_algo) {
wolfSSL	15:117db924cf7c	21239	hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL	15:117db924cf7c	21240	}
wolfSSL	15:117db924cf7c	21241	#else
wolfSSL	15:117db924cf7c	21242	ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL	15:117db924cf7c	21243	#endif
wolfSSL	15:117db924cf7c	21244	}
wolfSSL	15:117db924cf7c	21245
wolfSSL	15:117db924cf7c	21246	/* signature */
wolfSSL	15:117db924cf7c	21247	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	21248	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21249	}
wolfSSL	15:117db924cf7c	21250
wolfSSL	15:117db924cf7c	21251	ato16(input + args->idx, &args->verifySigSz);
wolfSSL	15:117db924cf7c	21252	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	21253
wolfSSL	15:117db924cf7c	21254	if ((args->idx - args->begin) + args->verifySigSz > size) {
wolfSSL	15:117db924cf7c	21255	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21256	}
wolfSSL	15:117db924cf7c	21257
wolfSSL	15:117db924cf7c	21258	/* buffer for signature */
wolfSSL	15:117db924cf7c	21259	ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
wolfSSL	15:117db924cf7c	21260	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	21261	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	21262	ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL	15:117db924cf7c	21263	}
wolfSSL	15:117db924cf7c	21264	ssl->buffers.sig.length = SEED_LEN + verifySz;
wolfSSL	15:117db924cf7c	21265
wolfSSL	15:117db924cf7c	21266	/* build message to hash */
wolfSSL	15:117db924cf7c	21267	XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	21268	ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	21269	XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN],
wolfSSL	15:117db924cf7c	21270	ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	21271	XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2],
wolfSSL	15:117db924cf7c	21272	input + args->begin, verifySz); /* message */
wolfSSL	15:117db924cf7c	21273
wolfSSL	15:117db924cf7c	21274	if (args->sigAlgo != ed25519_sa_algo) {
wolfSSL	15:117db924cf7c	21275	int digest_sz = wc_HashGetDigestSize(hashType);
wolfSSL	15:117db924cf7c	21276	if (digest_sz <= 0) {
wolfSSL	15:117db924cf7c	21277	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21278	}
wolfSSL	15:117db924cf7c	21279	ssl->buffers.digest.length = (unsigned int)digest_sz;
wolfSSL	15:117db924cf7c	21280
wolfSSL	15:117db924cf7c	21281	/* buffer for hash */
wolfSSL	15:117db924cf7c	21282	ssl->buffers.digest.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	21283	ssl->buffers.digest.length, ssl->heap,
wolfSSL	15:117db924cf7c	21284	DYNAMIC_TYPE_DIGEST);
wolfSSL	15:117db924cf7c	21285	if (ssl->buffers.digest.buffer == NULL) {
wolfSSL	15:117db924cf7c	21286	ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL	15:117db924cf7c	21287	}
wolfSSL	15:117db924cf7c	21288
wolfSSL	15:117db924cf7c	21289	/* Perform hash */
wolfSSL	15:117db924cf7c	21290	ret = wc_Hash(hashType, ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	21291	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	21292	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	21293	ssl->buffers.digest.length);
wolfSSL	15:117db924cf7c	21294	if (ret != 0) {
wolfSSL	15:117db924cf7c	21295	goto exit_dske;
wolfSSL	15:117db924cf7c	21296	}
wolfSSL	15:117db924cf7c	21297	}
wolfSSL	15:117db924cf7c	21298
wolfSSL	15:117db924cf7c	21299	switch (args->sigAlgo)
wolfSSL	15:117db924cf7c	21300	{
wolfSSL	15:117db924cf7c	21301	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	21302	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	21303	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	21304	#endif
wolfSSL	15:117db924cf7c	21305	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	21306	{
wolfSSL	15:117db924cf7c	21307	if (ssl->peerRsaKey == NULL \|\|
wolfSSL	15:117db924cf7c	21308	!ssl->peerRsaKeyPresent) {
wolfSSL	15:117db924cf7c	21309	ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL	15:117db924cf7c	21310	}
wolfSSL	15:117db924cf7c	21311	break;
wolfSSL	15:117db924cf7c	21312	}
wolfSSL	15:117db924cf7c	21313	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	21314	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	21315	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	21316	{
wolfSSL	15:117db924cf7c	21317	if (!ssl->peerEccDsaKeyPresent) {
wolfSSL	15:117db924cf7c	21318	ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL	15:117db924cf7c	21319	}
wolfSSL	15:117db924cf7c	21320	break;
wolfSSL	15:117db924cf7c	21321	}
wolfSSL	15:117db924cf7c	21322	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	21323	#if defined(HAVE_ED25519)
wolfSSL	15:117db924cf7c	21324	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	21325	{
wolfSSL	15:117db924cf7c	21326	if (!ssl->peerEd25519KeyPresent) {
wolfSSL	15:117db924cf7c	21327	ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL	15:117db924cf7c	21328	}
wolfSSL	15:117db924cf7c	21329	break;
wolfSSL	15:117db924cf7c	21330	}
wolfSSL	15:117db924cf7c	21331	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	21332	#if defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	21333	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	21334	{
wolfSSL	16:8e0d178b1d1e	21335	if (!ssl->peerEd448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	21336	ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL	16:8e0d178b1d1e	21337	}
wolfSSL	16:8e0d178b1d1e	21338	break;
wolfSSL	16:8e0d178b1d1e	21339	}
wolfSSL	16:8e0d178b1d1e	21340	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	21341
wolfSSL	15:117db924cf7c	21342	default:
wolfSSL	15:117db924cf7c	21343	ret = ALGO_ID_E;
wolfSSL	15:117db924cf7c	21344	} /* switch (args->sigAlgo) */
wolfSSL	15:117db924cf7c	21345
wolfSSL	16:8e0d178b1d1e	21346	#endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 && !HAVE_ED448 */
wolfSSL	15:117db924cf7c	21347	break;
wolfSSL	15:117db924cf7c	21348	}
wolfSSL	15:117db924cf7c	21349	default:
wolfSSL	15:117db924cf7c	21350	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	21351	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	21352
wolfSSL	15:117db924cf7c	21353	/* Check for error */
wolfSSL	15:117db924cf7c	21354	if (ret != 0) {
wolfSSL	15:117db924cf7c	21355	goto exit_dske;
wolfSSL	15:117db924cf7c	21356	}
wolfSSL	15:117db924cf7c	21357
wolfSSL	15:117db924cf7c	21358	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	21359	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	21360	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	21361	FALL_THROUGH;
wolfSSL	15:117db924cf7c	21362
wolfSSL	15:117db924cf7c	21363	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	21364	{
wolfSSL	15:117db924cf7c	21365	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	21366	{
wolfSSL	15:117db924cf7c	21367	case psk_kea:
wolfSSL	15:117db924cf7c	21368	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	21369	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	21370	{
wolfSSL	15:117db924cf7c	21371	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	21372	break;
wolfSSL	15:117db924cf7c	21373	}
wolfSSL	15:117db924cf7c	21374
wolfSSL	15:117db924cf7c	21375	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21376	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21377	{
wolfSSL	16:8e0d178b1d1e	21378	#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \
wolfSSL	16:8e0d178b1d1e	21379	&& !defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	21380	ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL	15:117db924cf7c	21381	#else
wolfSSL	15:117db924cf7c	21382	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	21383	break;
wolfSSL	15:117db924cf7c	21384	}
wolfSSL	15:117db924cf7c	21385
wolfSSL	15:117db924cf7c	21386	if (args->verifySig == NULL) {
wolfSSL	15:117db924cf7c	21387	args->verifySig = (byte*)XMALLOC(args->verifySigSz,
wolfSSL	15:117db924cf7c	21388	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	21389	if (args->verifySig == NULL) {
wolfSSL	15:117db924cf7c	21390	ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL	15:117db924cf7c	21391	}
wolfSSL	15:117db924cf7c	21392	XMEMCPY(args->verifySig, input + args->idx,
wolfSSL	15:117db924cf7c	21393	args->verifySigSz);
wolfSSL	15:117db924cf7c	21394	}
wolfSSL	15:117db924cf7c	21395
wolfSSL	15:117db924cf7c	21396	switch (args->sigAlgo)
wolfSSL	15:117db924cf7c	21397	{
wolfSSL	15:117db924cf7c	21398	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	21399	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	21400	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	21401	#endif
wolfSSL	15:117db924cf7c	21402	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	21403	{
wolfSSL	15:117db924cf7c	21404	ret = RsaVerify(ssl,
wolfSSL	15:117db924cf7c	21405	args->verifySig, args->verifySigSz,
wolfSSL	15:117db924cf7c	21406	&args->output,
wolfSSL	15:117db924cf7c	21407	args->sigAlgo, args->hashAlgo,
wolfSSL	15:117db924cf7c	21408	ssl->peerRsaKey,
wolfSSL	15:117db924cf7c	21409	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	21410	&ssl->buffers.peerRsaKey
wolfSSL	15:117db924cf7c	21411	#else
wolfSSL	15:117db924cf7c	21412	NULL
wolfSSL	15:117db924cf7c	21413	#endif
wolfSSL	15:117db924cf7c	21414	);
wolfSSL	15:117db924cf7c	21415
wolfSSL	15:117db924cf7c	21416	if (ret >= 0) {
wolfSSL	15:117db924cf7c	21417	args->sigSz = (word16)ret;
wolfSSL	16:8e0d178b1d1e	21418	#ifdef WC_RSA_PSS
wolfSSL	16:8e0d178b1d1e	21419	args->bits = mp_count_bits(&ssl->peerRsaKey->n);
wolfSSL	16:8e0d178b1d1e	21420	#endif
wolfSSL	15:117db924cf7c	21421	ret = 0;
wolfSSL	15:117db924cf7c	21422	}
wolfSSL	16:8e0d178b1d1e	21423	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	21424	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	21425	#endif
wolfSSL	16:8e0d178b1d1e	21426	{
wolfSSL	16:8e0d178b1d1e	21427	/* peerRsaKey */
wolfSSL	16:8e0d178b1d1e	21428	FreeKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL	16:8e0d178b1d1e	21429	(void**)&ssl->peerRsaKey);
wolfSSL	16:8e0d178b1d1e	21430	ssl->peerRsaKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	21431	}
wolfSSL	15:117db924cf7c	21432	break;
wolfSSL	15:117db924cf7c	21433	}
wolfSSL	15:117db924cf7c	21434	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	21435	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	21436	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	21437	{
wolfSSL	15:117db924cf7c	21438	ret = EccVerify(ssl,
wolfSSL	15:117db924cf7c	21439	args->verifySig, args->verifySigSz,
wolfSSL	15:117db924cf7c	21440	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	21441	ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	21442	ssl->peerEccDsaKey,
wolfSSL	15:117db924cf7c	21443	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	21444	&ssl->buffers.peerEccDsaKey
wolfSSL	15:117db924cf7c	21445	#else
wolfSSL	15:117db924cf7c	21446	NULL
wolfSSL	15:117db924cf7c	21447	#endif
wolfSSL	15:117db924cf7c	21448	);
wolfSSL	15:117db924cf7c	21449
wolfSSL	16:8e0d178b1d1e	21450	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	21451	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	21452	#endif
wolfSSL	16:8e0d178b1d1e	21453	{
wolfSSL	16:8e0d178b1d1e	21454	/* peerEccDsaKey */
wolfSSL	16:8e0d178b1d1e	21455	FreeKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	21456	(void**)&ssl->peerEccDsaKey);
wolfSSL	16:8e0d178b1d1e	21457	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	21458	}
wolfSSL	15:117db924cf7c	21459	break;
wolfSSL	15:117db924cf7c	21460	}
wolfSSL	15:117db924cf7c	21461	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	21462	#if defined(HAVE_ED25519)
wolfSSL	15:117db924cf7c	21463	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	21464	{
wolfSSL	15:117db924cf7c	21465	ret = Ed25519Verify(ssl,
wolfSSL	15:117db924cf7c	21466	args->verifySig, args->verifySigSz,
wolfSSL	15:117db924cf7c	21467	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	21468	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	21469	ssl->peerEd25519Key,
wolfSSL	15:117db924cf7c	21470	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	21471	&ssl->buffers.peerEd25519Key
wolfSSL	15:117db924cf7c	21472	#else
wolfSSL	15:117db924cf7c	21473	NULL
wolfSSL	15:117db924cf7c	21474	#endif
wolfSSL	15:117db924cf7c	21475	);
wolfSSL	15:117db924cf7c	21476
wolfSSL	16:8e0d178b1d1e	21477	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	21478	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	21479	#endif
wolfSSL	16:8e0d178b1d1e	21480	{
wolfSSL	16:8e0d178b1d1e	21481	/* peerEccDsaKey */
wolfSSL	16:8e0d178b1d1e	21482	FreeKey(ssl, DYNAMIC_TYPE_ED25519,
wolfSSL	15:117db924cf7c	21483	(void**)&ssl->peerEd25519Key);
wolfSSL	16:8e0d178b1d1e	21484	ssl->peerEd25519KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	21485	}
wolfSSL	15:117db924cf7c	21486	break;
wolfSSL	15:117db924cf7c	21487	}
wolfSSL	15:117db924cf7c	21488	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	21489	#if defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	21490	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	21491	{
wolfSSL	16:8e0d178b1d1e	21492	ret = Ed448Verify(ssl,
wolfSSL	16:8e0d178b1d1e	21493	args->verifySig, args->verifySigSz,
wolfSSL	16:8e0d178b1d1e	21494	ssl->buffers.sig.buffer,
wolfSSL	16:8e0d178b1d1e	21495	ssl->buffers.sig.length,
wolfSSL	16:8e0d178b1d1e	21496	ssl->peerEd448Key,
wolfSSL	16:8e0d178b1d1e	21497	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	21498	&ssl->buffers.peerEd448Key
wolfSSL	16:8e0d178b1d1e	21499	#else
wolfSSL	16:8e0d178b1d1e	21500	NULL
wolfSSL	16:8e0d178b1d1e	21501	#endif
wolfSSL	16:8e0d178b1d1e	21502	);
wolfSSL	16:8e0d178b1d1e	21503
wolfSSL	16:8e0d178b1d1e	21504	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	21505	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	21506	#endif
wolfSSL	16:8e0d178b1d1e	21507	{
wolfSSL	16:8e0d178b1d1e	21508	/* peerEccDsaKey */
wolfSSL	16:8e0d178b1d1e	21509	FreeKey(ssl, DYNAMIC_TYPE_ED448,
wolfSSL	16:8e0d178b1d1e	21510	(void**)&ssl->peerEd448Key);
wolfSSL	16:8e0d178b1d1e	21511	ssl->peerEd448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	21512	}
wolfSSL	16:8e0d178b1d1e	21513	break;
wolfSSL	16:8e0d178b1d1e	21514	}
wolfSSL	16:8e0d178b1d1e	21515	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	21516
wolfSSL	15:117db924cf7c	21517	default:
wolfSSL	15:117db924cf7c	21518	ret = ALGO_ID_E;
wolfSSL	15:117db924cf7c	21519	} /* switch (sigAlgo) */
wolfSSL	16:8e0d178b1d1e	21520	#endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 && !HAVE_ED448 */
wolfSSL	15:117db924cf7c	21521	break;
wolfSSL	15:117db924cf7c	21522	}
wolfSSL	15:117db924cf7c	21523	default:
wolfSSL	15:117db924cf7c	21524	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	21525	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	21526
wolfSSL	15:117db924cf7c	21527	/* Check for error */
wolfSSL	15:117db924cf7c	21528	if (ret != 0) {
wolfSSL	15:117db924cf7c	21529	goto exit_dske;
wolfSSL	15:117db924cf7c	21530	}
wolfSSL	15:117db924cf7c	21531
wolfSSL	15:117db924cf7c	21532	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	21533	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	21534	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	21535	FALL_THROUGH;
wolfSSL	15:117db924cf7c	21536
wolfSSL	15:117db924cf7c	21537	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	21538	{
wolfSSL	15:117db924cf7c	21539	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	21540	{
wolfSSL	15:117db924cf7c	21541	case psk_kea:
wolfSSL	15:117db924cf7c	21542	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	21543	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	21544	{
wolfSSL	15:117db924cf7c	21545	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	21546	break;
wolfSSL	15:117db924cf7c	21547	}
wolfSSL	15:117db924cf7c	21548
wolfSSL	15:117db924cf7c	21549	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21550	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	21551	{
wolfSSL	16:8e0d178b1d1e	21552	#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) \
wolfSSL	16:8e0d178b1d1e	21553	&& !defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	21554	ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL	15:117db924cf7c	21555	#else
wolfSSL	15:117db924cf7c	21556	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	21557	break;
wolfSSL	15:117db924cf7c	21558	}
wolfSSL	15:117db924cf7c	21559
wolfSSL	15:117db924cf7c	21560	/* increment index after verify is done */
wolfSSL	15:117db924cf7c	21561	args->idx += args->verifySigSz;
wolfSSL	15:117db924cf7c	21562
wolfSSL	15:117db924cf7c	21563	switch(args->sigAlgo)
wolfSSL	15:117db924cf7c	21564	{
wolfSSL	15:117db924cf7c	21565	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	21566	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	21567	case rsa_pss_sa_algo:
wolfSSL	16:8e0d178b1d1e	21568	#ifdef HAVE_SELFTEST
wolfSSL	15:117db924cf7c	21569	ret = wc_RsaPSS_CheckPadding(
wolfSSL	15:117db924cf7c	21570	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	21571	ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	21572	args->output, args->sigSz,
wolfSSL	15:117db924cf7c	21573	HashAlgoToType(args->hashAlgo));
wolfSSL	16:8e0d178b1d1e	21574	#else
wolfSSL	16:8e0d178b1d1e	21575	ret = wc_RsaPSS_CheckPadding_ex(
wolfSSL	16:8e0d178b1d1e	21576	ssl->buffers.digest.buffer,
wolfSSL	16:8e0d178b1d1e	21577	ssl->buffers.digest.length,
wolfSSL	16:8e0d178b1d1e	21578	args->output, args->sigSz,
wolfSSL	16:8e0d178b1d1e	21579	HashAlgoToType(args->hashAlgo),
wolfSSL	16:8e0d178b1d1e	21580	-1, args->bits);
wolfSSL	16:8e0d178b1d1e	21581	#endif
wolfSSL	15:117db924cf7c	21582	if (ret != 0)
wolfSSL	15:117db924cf7c	21583	return ret;
wolfSSL	15:117db924cf7c	21584	break;
wolfSSL	15:117db924cf7c	21585	#endif
wolfSSL	15:117db924cf7c	21586	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	21587	{
wolfSSL	15:117db924cf7c	21588	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	21589	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	21590	byte* encodedSig;
wolfSSL	15:117db924cf7c	21591	#else
wolfSSL	15:117db924cf7c	21592	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	15:117db924cf7c	21593	#endif
wolfSSL	15:117db924cf7c	21594	word32 encSigSz;
wolfSSL	15:117db924cf7c	21595
wolfSSL	15:117db924cf7c	21596	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	21597	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL	15:117db924cf7c	21598	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	21599	if (encodedSig == NULL) {
wolfSSL	15:117db924cf7c	21600	ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL	15:117db924cf7c	21601	}
wolfSSL	15:117db924cf7c	21602	#endif
wolfSSL	15:117db924cf7c	21603
wolfSSL	15:117db924cf7c	21604	encSigSz = wc_EncodeSignature(encodedSig,
wolfSSL	15:117db924cf7c	21605	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	21606	ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	21607	TypeHash(args->hashAlgo));
wolfSSL	15:117db924cf7c	21608	if (encSigSz != args->sigSz \|\| !args->output \|\|
wolfSSL	15:117db924cf7c	21609	XMEMCMP(args->output, encodedSig,
wolfSSL	15:117db924cf7c	21610	min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL	15:117db924cf7c	21611	ret = VERIFY_SIGN_ERROR;
wolfSSL	15:117db924cf7c	21612	}
wolfSSL	15:117db924cf7c	21613	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	21614	XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	21615	#endif
wolfSSL	15:117db924cf7c	21616	if (ret != 0) {
wolfSSL	15:117db924cf7c	21617	goto exit_dske;
wolfSSL	15:117db924cf7c	21618	}
wolfSSL	15:117db924cf7c	21619	}
wolfSSL	15:117db924cf7c	21620	else if (args->sigSz != FINISHED_SZ \|\|
wolfSSL	15:117db924cf7c	21621	!args->output \|\|
wolfSSL	15:117db924cf7c	21622	XMEMCMP(args->output,
wolfSSL	15:117db924cf7c	21623	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	21624	FINISHED_SZ) != 0) {
wolfSSL	15:117db924cf7c	21625	ERROR_OUT(VERIFY_SIGN_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21626	}
wolfSSL	15:117db924cf7c	21627	break;
wolfSSL	15:117db924cf7c	21628	}
wolfSSL	15:117db924cf7c	21629	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	21630	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	21631	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	21632	/* Nothing to do in this algo */
wolfSSL	15:117db924cf7c	21633	break;
wolfSSL	15:117db924cf7c	21634	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	21635	#if defined(HAVE_ED25519)
wolfSSL	15:117db924cf7c	21636	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	21637	/* Nothing to do in this algo */
wolfSSL	15:117db924cf7c	21638	break;
wolfSSL	15:117db924cf7c	21639	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	21640	#if defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	21641	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	21642	/* Nothing to do in this algo */
wolfSSL	16:8e0d178b1d1e	21643	break;
wolfSSL	16:8e0d178b1d1e	21644	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	21645	default:
wolfSSL	15:117db924cf7c	21646	ret = ALGO_ID_E;
wolfSSL	15:117db924cf7c	21647	} /* switch (sigAlgo) */
wolfSSL	16:8e0d178b1d1e	21648	#endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 && !HAVE_ED448 */
wolfSSL	15:117db924cf7c	21649	break;
wolfSSL	15:117db924cf7c	21650	}
wolfSSL	15:117db924cf7c	21651	default:
wolfSSL	15:117db924cf7c	21652	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	21653	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	21654
wolfSSL	15:117db924cf7c	21655	/* Check for error */
wolfSSL	15:117db924cf7c	21656	if (ret != 0) {
wolfSSL	15:117db924cf7c	21657	goto exit_dske;
wolfSSL	15:117db924cf7c	21658	}
wolfSSL	15:117db924cf7c	21659
wolfSSL	15:117db924cf7c	21660	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	21661	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	21662	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	21663	FALL_THROUGH;
wolfSSL	15:117db924cf7c	21664
wolfSSL	15:117db924cf7c	21665	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	21666	{
wolfSSL	15:117db924cf7c	21667	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	21668	args->idx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	21669	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	21670	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	21671	args->idx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	21672	#endif
wolfSSL	15:117db924cf7c	21673	}
wolfSSL	15:117db924cf7c	21674
wolfSSL	15:117db924cf7c	21675	/* QSH extensions */
wolfSSL	15:117db924cf7c	21676	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	21677	if (ssl->peerQSHKeyPresent) {
wolfSSL	15:117db924cf7c	21678	word16 name;
wolfSSL	15:117db924cf7c	21679	int qshSz;
wolfSSL	15:117db924cf7c	21680
wolfSSL	15:117db924cf7c	21681	/* extension name */
wolfSSL	15:117db924cf7c	21682	ato16(input + args->idx, &name);
wolfSSL	15:117db924cf7c	21683	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	21684
wolfSSL	15:117db924cf7c	21685	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	15:117db924cf7c	21686	/* if qshSz is larger than 0 it is the length of
wolfSSL	15:117db924cf7c	21687	buffer used */
wolfSSL	15:117db924cf7c	21688	if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + args->idx,
wolfSSL	15:117db924cf7c	21689	size, 0)) < 0) {
wolfSSL	15:117db924cf7c	21690	ERROR_OUT(qshSz, exit_dske);
wolfSSL	15:117db924cf7c	21691	}
wolfSSL	15:117db924cf7c	21692	args->idx += qshSz;
wolfSSL	15:117db924cf7c	21693	}
wolfSSL	15:117db924cf7c	21694	else {
wolfSSL	15:117db924cf7c	21695	/* unknown extension sent server ignored handshake */
wolfSSL	15:117db924cf7c	21696	ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL	15:117db924cf7c	21697	}
wolfSSL	15:117db924cf7c	21698	}
wolfSSL	15:117db924cf7c	21699	#endif
wolfSSL	15:117db924cf7c	21700
wolfSSL	15:117db924cf7c	21701	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	21702	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	21703	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	21704	FALL_THROUGH;
wolfSSL	15:117db924cf7c	21705
wolfSSL	15:117db924cf7c	21706	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	21707	{
wolfSSL	15:117db924cf7c	21708	/* return index */
wolfSSL	15:117db924cf7c	21709	*inOutIdx = args->idx;
wolfSSL	15:117db924cf7c	21710
wolfSSL	15:117db924cf7c	21711	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	21712	break;
wolfSSL	15:117db924cf7c	21713	}
wolfSSL	15:117db924cf7c	21714	default:
wolfSSL	15:117db924cf7c	21715	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	21716	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	21717
wolfSSL	15:117db924cf7c	21718	exit_dske:
wolfSSL	15:117db924cf7c	21719
wolfSSL	15:117db924cf7c	21720	WOLFSSL_LEAVE("DoServerKeyExchange", ret);
wolfSSL	15:117db924cf7c	21721	WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_DO);
wolfSSL	15:117db924cf7c	21722
wolfSSL	15:117db924cf7c	21723	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	21724	/* Handle async operation */
wolfSSL	15:117db924cf7c	21725	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	21726	/* Mark message as not received so it can process again */
wolfSSL	15:117db924cf7c	21727	ssl->msgsReceived.got_server_key_exchange = 0;
wolfSSL	15:117db924cf7c	21728
wolfSSL	15:117db924cf7c	21729	return ret;
wolfSSL	15:117db924cf7c	21730	}
wolfSSL	15:117db924cf7c	21731	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	21732
wolfSSL	15:117db924cf7c	21733	/* Final cleanup */
wolfSSL	15:117db924cf7c	21734	FreeDskeArgs(ssl, args);
wolfSSL	15:117db924cf7c	21735	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	21736
wolfSSL	15:117db924cf7c	21737	return ret;
wolfSSL	15:117db924cf7c	21738	}
wolfSSL	15:117db924cf7c	21739
wolfSSL	15:117db924cf7c	21740
wolfSSL	15:117db924cf7c	21741	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	21742
wolfSSL	15:117db924cf7c	21743	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21744	/* Encrypt a byte array using ntru
wolfSSL	15:117db924cf7c	21745	key a struct containing the public key to use
wolfSSL	15:117db924cf7c	21746	bufIn array to be encrypted
wolfSSL	15:117db924cf7c	21747	inSz size of bufIn array
wolfSSL	15:117db924cf7c	21748	bufOut cipher text out
wolfSSL	15:117db924cf7c	21749	outSz will be set to the new size of cipher text
wolfSSL	15:117db924cf7c	21750	*/
wolfSSL	15:117db924cf7c	21751	static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL	15:117db924cf7c	21752	byte* bufOut, word16* outSz)
wolfSSL	15:117db924cf7c	21753	{
wolfSSL	15:117db924cf7c	21754	int ret;
wolfSSL	15:117db924cf7c	21755	DRBG_HANDLE drbg;
wolfSSL	15:117db924cf7c	21756
wolfSSL	15:117db924cf7c	21757	/* sanity checks on input arguments */
wolfSSL	15:117db924cf7c	21758	if (key == NULL \|\| bufIn == NULL \|\| bufOut == NULL \|\| outSz == NULL)
wolfSSL	15:117db924cf7c	21759	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	21760
wolfSSL	15:117db924cf7c	21761	if (key->pub.buffer == NULL)
wolfSSL	15:117db924cf7c	21762	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	21763
wolfSSL	15:117db924cf7c	21764	switch (key->name) {
wolfSSL	15:117db924cf7c	21765	case WOLFSSL_NTRU_EESS439:
wolfSSL	15:117db924cf7c	21766	case WOLFSSL_NTRU_EESS593:
wolfSSL	15:117db924cf7c	21767	case WOLFSSL_NTRU_EESS743:
wolfSSL	15:117db924cf7c	21768	break;
wolfSSL	15:117db924cf7c	21769	default:
wolfSSL	15:117db924cf7c	21770	WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL	15:117db924cf7c	21771	return -1;
wolfSSL	15:117db924cf7c	21772	}
wolfSSL	15:117db924cf7c	21773
wolfSSL	15:117db924cf7c	21774	/* set up ntru drbg */
wolfSSL	15:117db924cf7c	21775	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	15:117db924cf7c	21776	if (ret != DRBG_OK)
wolfSSL	15:117db924cf7c	21777	return NTRU_DRBG_ERROR;
wolfSSL	15:117db924cf7c	21778
wolfSSL	15:117db924cf7c	21779	/* encrypt the byte array */
wolfSSL	15:117db924cf7c	21780	ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
wolfSSL	15:117db924cf7c	21781	inSz, bufIn, outSz, bufOut);
wolfSSL	15:117db924cf7c	21782	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	15:117db924cf7c	21783	if (ret != NTRU_OK)
wolfSSL	15:117db924cf7c	21784	return NTRU_ENCRYPT_ERROR;
wolfSSL	15:117db924cf7c	21785
wolfSSL	15:117db924cf7c	21786	return ret;
wolfSSL	15:117db924cf7c	21787	}
wolfSSL	15:117db924cf7c	21788
wolfSSL	15:117db924cf7c	21789	/* Decrypt a byte array using ntru
wolfSSL	15:117db924cf7c	21790	key a struct containing the private key to use
wolfSSL	15:117db924cf7c	21791	bufIn array to be decrypted
wolfSSL	15:117db924cf7c	21792	inSz size of bufIn array
wolfSSL	15:117db924cf7c	21793	bufOut plain text out
wolfSSL	15:117db924cf7c	21794	outSz will be set to the new size of plain text
wolfSSL	15:117db924cf7c	21795	*/
wolfSSL	15:117db924cf7c	21796
wolfSSL	15:117db924cf7c	21797	static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL	15:117db924cf7c	21798	byte* bufOut, word16* outSz)
wolfSSL	15:117db924cf7c	21799	{
wolfSSL	15:117db924cf7c	21800	int ret;
wolfSSL	15:117db924cf7c	21801	DRBG_HANDLE drbg;
wolfSSL	15:117db924cf7c	21802
wolfSSL	15:117db924cf7c	21803	/* sanity checks on input arguments */
wolfSSL	15:117db924cf7c	21804	if (key == NULL \|\| bufIn == NULL \|\| bufOut == NULL \|\| outSz == NULL)
wolfSSL	15:117db924cf7c	21805	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	21806
wolfSSL	15:117db924cf7c	21807	if (key->pri.buffer == NULL)
wolfSSL	15:117db924cf7c	21808	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	21809
wolfSSL	15:117db924cf7c	21810	switch (key->name) {
wolfSSL	15:117db924cf7c	21811	case WOLFSSL_NTRU_EESS439:
wolfSSL	15:117db924cf7c	21812	case WOLFSSL_NTRU_EESS593:
wolfSSL	15:117db924cf7c	21813	case WOLFSSL_NTRU_EESS743:
wolfSSL	15:117db924cf7c	21814	break;
wolfSSL	15:117db924cf7c	21815	default:
wolfSSL	15:117db924cf7c	21816	WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL	15:117db924cf7c	21817	return -1;
wolfSSL	15:117db924cf7c	21818	}
wolfSSL	15:117db924cf7c	21819
wolfSSL	15:117db924cf7c	21820
wolfSSL	15:117db924cf7c	21821	/* set up drbg */
wolfSSL	15:117db924cf7c	21822	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	15:117db924cf7c	21823	if (ret != DRBG_OK)
wolfSSL	15:117db924cf7c	21824	return NTRU_DRBG_ERROR;
wolfSSL	15:117db924cf7c	21825
wolfSSL	15:117db924cf7c	21826	/* decrypt cipher text */
wolfSSL	15:117db924cf7c	21827	ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
wolfSSL	15:117db924cf7c	21828	inSz, bufIn, outSz, bufOut);
wolfSSL	15:117db924cf7c	21829	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	15:117db924cf7c	21830	if (ret != NTRU_OK)
wolfSSL	15:117db924cf7c	21831	return NTRU_ENCRYPT_ERROR;
wolfSSL	15:117db924cf7c	21832
wolfSSL	15:117db924cf7c	21833	return ret;
wolfSSL	15:117db924cf7c	21834	}
wolfSSL	15:117db924cf7c	21835	#endif /* HAVE_NTRU */
wolfSSL	15:117db924cf7c	21836
wolfSSL	15:117db924cf7c	21837	int QSH_Init(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	21838	{
wolfSSL	16:8e0d178b1d1e	21839	/* check so not initializing twice when running DTLS */
wolfSSL	15:117db924cf7c	21840	if (ssl->QSH_secret != NULL)
wolfSSL	15:117db924cf7c	21841	return 0;
wolfSSL	15:117db924cf7c	21842
wolfSSL	15:117db924cf7c	21843	/* malloc memory for holding generated secret information */
wolfSSL	15:117db924cf7c	21844	if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
wolfSSL	15:117db924cf7c	21845	DYNAMIC_TYPE_QSH)) == NULL)
wolfSSL	15:117db924cf7c	21846	return MEMORY_E;
wolfSSL	15:117db924cf7c	21847
wolfSSL	15:117db924cf7c	21848	ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL	15:117db924cf7c	21849	DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	21850	if (ssl->QSH_secret->CliSi == NULL)
wolfSSL	15:117db924cf7c	21851	return MEMORY_E;
wolfSSL	15:117db924cf7c	21852
wolfSSL	15:117db924cf7c	21853	ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL	15:117db924cf7c	21854	DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	21855	if (ssl->QSH_secret->SerSi == NULL)
wolfSSL	15:117db924cf7c	21856	return MEMORY_E;
wolfSSL	15:117db924cf7c	21857
wolfSSL	15:117db924cf7c	21858	/* initialize variables */
wolfSSL	15:117db924cf7c	21859	ssl->QSH_secret->list = NULL;
wolfSSL	15:117db924cf7c	21860	ssl->QSH_secret->CliSi->length = 0;
wolfSSL	15:117db924cf7c	21861	ssl->QSH_secret->CliSi->buffer = NULL;
wolfSSL	15:117db924cf7c	21862	ssl->QSH_secret->SerSi->length = 0;
wolfSSL	15:117db924cf7c	21863	ssl->QSH_secret->SerSi->buffer = NULL;
wolfSSL	15:117db924cf7c	21864
wolfSSL	15:117db924cf7c	21865	return 0;
wolfSSL	15:117db924cf7c	21866	}
wolfSSL	15:117db924cf7c	21867
wolfSSL	15:117db924cf7c	21868
wolfSSL	15:117db924cf7c	21869	static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL	15:117db924cf7c	21870	byte* out, word32* szOut)
wolfSSL	15:117db924cf7c	21871	{
wolfSSL	15:117db924cf7c	21872	int ret = 0;
wolfSSL	15:117db924cf7c	21873	word16 size = *szOut;
wolfSSL	15:117db924cf7c	21874
wolfSSL	15:117db924cf7c	21875	(void)in;
wolfSSL	15:117db924cf7c	21876	(void)szIn;
wolfSSL	15:117db924cf7c	21877	(void)out;
wolfSSL	15:117db924cf7c	21878	(void)szOut;
wolfSSL	15:117db924cf7c	21879
wolfSSL	15:117db924cf7c	21880	WOLFSSL_MSG("Encrypting QSH key material");
wolfSSL	15:117db924cf7c	21881
wolfSSL	15:117db924cf7c	21882	switch (key->name) {
wolfSSL	15:117db924cf7c	21883	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21884	case WOLFSSL_NTRU_EESS439:
wolfSSL	15:117db924cf7c	21885	case WOLFSSL_NTRU_EESS593:
wolfSSL	15:117db924cf7c	21886	case WOLFSSL_NTRU_EESS743:
wolfSSL	15:117db924cf7c	21887	ret = NtruSecretEncrypt(key, in, szIn, out, &size);
wolfSSL	15:117db924cf7c	21888	break;
wolfSSL	15:117db924cf7c	21889	#endif
wolfSSL	15:117db924cf7c	21890	default:
wolfSSL	15:117db924cf7c	21891	WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL	15:117db924cf7c	21892	return -1;
wolfSSL	15:117db924cf7c	21893	}
wolfSSL	15:117db924cf7c	21894
wolfSSL	15:117db924cf7c	21895	*szOut = size;
wolfSSL	15:117db924cf7c	21896
wolfSSL	15:117db924cf7c	21897	return ret;
wolfSSL	15:117db924cf7c	21898	}
wolfSSL	15:117db924cf7c	21899
wolfSSL	15:117db924cf7c	21900
wolfSSL	15:117db924cf7c	21901	/* Decrypt using Quantum Safe Handshake algorithms */
wolfSSL	15:117db924cf7c	21902	int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, byte* out, word16* szOut)
wolfSSL	15:117db924cf7c	21903	{
wolfSSL	15:117db924cf7c	21904	int ret = 0;
wolfSSL	15:117db924cf7c	21905	word16 size = *szOut;
wolfSSL	15:117db924cf7c	21906
wolfSSL	15:117db924cf7c	21907	(void)in;
wolfSSL	15:117db924cf7c	21908	(void)szIn;
wolfSSL	15:117db924cf7c	21909	(void)out;
wolfSSL	15:117db924cf7c	21910	(void)szOut;
wolfSSL	15:117db924cf7c	21911
wolfSSL	15:117db924cf7c	21912	WOLFSSL_MSG("Decrypting QSH key material");
wolfSSL	15:117db924cf7c	21913
wolfSSL	15:117db924cf7c	21914	switch (key->name) {
wolfSSL	15:117db924cf7c	21915	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21916	case WOLFSSL_NTRU_EESS439:
wolfSSL	15:117db924cf7c	21917	case WOLFSSL_NTRU_EESS593:
wolfSSL	15:117db924cf7c	21918	case WOLFSSL_NTRU_EESS743:
wolfSSL	15:117db924cf7c	21919	ret = NtruSecretDecrypt(key, in, szIn, out, &size);
wolfSSL	15:117db924cf7c	21920	break;
wolfSSL	15:117db924cf7c	21921	#endif
wolfSSL	15:117db924cf7c	21922	default:
wolfSSL	15:117db924cf7c	21923	WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL	15:117db924cf7c	21924	return -1;
wolfSSL	15:117db924cf7c	21925	}
wolfSSL	15:117db924cf7c	21926
wolfSSL	15:117db924cf7c	21927	*szOut = size;
wolfSSL	15:117db924cf7c	21928
wolfSSL	15:117db924cf7c	21929	return ret;
wolfSSL	15:117db924cf7c	21930	}
wolfSSL	15:117db924cf7c	21931
wolfSSL	15:117db924cf7c	21932
wolfSSL	15:117db924cf7c	21933	/* Get the max cipher text for corresponding encryption scheme
wolfSSL	15:117db924cf7c	21934	(encrypting 48 or max plain text whichever is smaller)
wolfSSL	15:117db924cf7c	21935	*/
wolfSSL	15:117db924cf7c	21936	static word32 QSH_MaxSecret(QSHKey* key)
wolfSSL	15:117db924cf7c	21937	{
wolfSSL	15:117db924cf7c	21938	int ret = 0;
wolfSSL	15:117db924cf7c	21939	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21940	byte isNtru = 0;
wolfSSL	15:117db924cf7c	21941	word16 inSz = 48;
wolfSSL	15:117db924cf7c	21942	word16 outSz;
wolfSSL	15:117db924cf7c	21943	DRBG_HANDLE drbg = 0;
wolfSSL	15:117db924cf7c	21944	byte bufIn[48];
wolfSSL	15:117db924cf7c	21945	#endif
wolfSSL	15:117db924cf7c	21946
wolfSSL	15:117db924cf7c	21947	if (key == NULL \|\| key->pub.length == 0)
wolfSSL	15:117db924cf7c	21948	return 0;
wolfSSL	15:117db924cf7c	21949
wolfSSL	15:117db924cf7c	21950	switch(key->name) {
wolfSSL	15:117db924cf7c	21951	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21952	case WOLFSSL_NTRU_EESS439:
wolfSSL	15:117db924cf7c	21953	isNtru = 1;
wolfSSL	15:117db924cf7c	21954	break;
wolfSSL	15:117db924cf7c	21955	case WOLFSSL_NTRU_EESS593:
wolfSSL	15:117db924cf7c	21956	isNtru = 1;
wolfSSL	15:117db924cf7c	21957	break;
wolfSSL	15:117db924cf7c	21958	case WOLFSSL_NTRU_EESS743:
wolfSSL	15:117db924cf7c	21959	isNtru = 1;
wolfSSL	15:117db924cf7c	21960	break;
wolfSSL	15:117db924cf7c	21961	#endif
wolfSSL	15:117db924cf7c	21962	default:
wolfSSL	15:117db924cf7c	21963	WOLFSSL_MSG("Unknown QSH encryption scheme size!");
wolfSSL	15:117db924cf7c	21964	return 0;
wolfSSL	15:117db924cf7c	21965	}
wolfSSL	15:117db924cf7c	21966
wolfSSL	15:117db924cf7c	21967	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	21968	if (isNtru) {
wolfSSL	15:117db924cf7c	21969	ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	15:117db924cf7c	21970	if (ret != DRBG_OK)
wolfSSL	15:117db924cf7c	21971	return NTRU_DRBG_ERROR;
wolfSSL	15:117db924cf7c	21972	ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
wolfSSL	15:117db924cf7c	21973	key->pub.buffer, inSz, bufIn, &outSz, NULL);
wolfSSL	15:117db924cf7c	21974	if (ret != NTRU_OK) {
wolfSSL	15:117db924cf7c	21975	return NTRU_ENCRYPT_ERROR;
wolfSSL	15:117db924cf7c	21976	}
wolfSSL	15:117db924cf7c	21977	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	15:117db924cf7c	21978	ret = outSz;
wolfSSL	15:117db924cf7c	21979	}
wolfSSL	15:117db924cf7c	21980	#endif
wolfSSL	15:117db924cf7c	21981
wolfSSL	15:117db924cf7c	21982	return ret;
wolfSSL	15:117db924cf7c	21983	}
wolfSSL	15:117db924cf7c	21984
wolfSSL	15:117db924cf7c	21985	/* Generate the secret byte material for pms
wolfSSL	15:117db924cf7c	21986	returns length on success and -1 on fail
wolfSSL	15:117db924cf7c	21987	*/
wolfSSL	15:117db924cf7c	21988	static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
wolfSSL	15:117db924cf7c	21989	{
wolfSSL	15:117db924cf7c	21990	int sz = 0;
wolfSSL	15:117db924cf7c	21991	int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
wolfSSL	15:117db924cf7c	21992	int offset = 0;
wolfSSL	15:117db924cf7c	21993	word32 tmpSz = 0;
wolfSSL	15:117db924cf7c	21994	buffer* buf;
wolfSSL	16:8e0d178b1d1e	21995	QSHKey* current;
wolfSSL	15:117db924cf7c	21996	QSHScheme* schmPre = NULL;
wolfSSL	15:117db924cf7c	21997	QSHScheme* schm = NULL;
wolfSSL	15:117db924cf7c	21998
wolfSSL	15:117db924cf7c	21999	if (ssl == NULL)
wolfSSL	15:117db924cf7c	22000	return -1;
wolfSSL	15:117db924cf7c	22001
wolfSSL	15:117db924cf7c	22002	WOLFSSL_MSG("Generating QSH secret key material");
wolfSSL	15:117db924cf7c	22003
wolfSSL	16:8e0d178b1d1e	22004	current = ssl->peerQSHKey;
wolfSSL	15:117db924cf7c	22005	/* get size of buffer needed */
wolfSSL	15:117db924cf7c	22006	while (current) {
wolfSSL	15:117db924cf7c	22007	if (current->pub.length != 0) {
wolfSSL	15:117db924cf7c	22008	sz += plainSz;
wolfSSL	15:117db924cf7c	22009	}
wolfSSL	15:117db924cf7c	22010	current = (QSHKey*)current->next;
wolfSSL	15:117db924cf7c	22011	}
wolfSSL	15:117db924cf7c	22012
wolfSSL	15:117db924cf7c	22013	/* allocate memory for buffer */
wolfSSL	15:117db924cf7c	22014	if (isServer) {
wolfSSL	15:117db924cf7c	22015	buf = ssl->QSH_secret->SerSi;
wolfSSL	15:117db924cf7c	22016	}
wolfSSL	15:117db924cf7c	22017	else {
wolfSSL	15:117db924cf7c	22018	buf = ssl->QSH_secret->CliSi;
wolfSSL	15:117db924cf7c	22019	}
wolfSSL	15:117db924cf7c	22020	buf->length = sz;
wolfSSL	15:117db924cf7c	22021	buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	22022	if (buf->buffer == NULL) {
wolfSSL	15:117db924cf7c	22023	WOLFSSL_ERROR(MEMORY_E);
wolfSSL	15:117db924cf7c	22024	}
wolfSSL	15:117db924cf7c	22025
wolfSSL	15:117db924cf7c	22026	/* create secret information */
wolfSSL	15:117db924cf7c	22027	sz = 0;
wolfSSL	15:117db924cf7c	22028	current = ssl->peerQSHKey;
wolfSSL	15:117db924cf7c	22029	while (current) {
wolfSSL	15:117db924cf7c	22030	schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
wolfSSL	15:117db924cf7c	22031	DYNAMIC_TYPE_QSH);
wolfSSL	15:117db924cf7c	22032	if (schm == NULL)
wolfSSL	15:117db924cf7c	22033	return MEMORY_E;
wolfSSL	15:117db924cf7c	22034
wolfSSL	15:117db924cf7c	22035	/* initialize variables */
wolfSSL	15:117db924cf7c	22036	schm->name = 0;
wolfSSL	15:117db924cf7c	22037	schm->PK = NULL;
wolfSSL	15:117db924cf7c	22038	schm->PKLen = 0;
wolfSSL	15:117db924cf7c	22039	schm->next = NULL;
wolfSSL	15:117db924cf7c	22040	if (ssl->QSH_secret->list == NULL) {
wolfSSL	15:117db924cf7c	22041	ssl->QSH_secret->list = schm;
wolfSSL	15:117db924cf7c	22042	}
wolfSSL	15:117db924cf7c	22043	else {
wolfSSL	15:117db924cf7c	22044	if (schmPre)
wolfSSL	15:117db924cf7c	22045	schmPre->next = schm;
wolfSSL	15:117db924cf7c	22046	}
wolfSSL	15:117db924cf7c	22047
wolfSSL	15:117db924cf7c	22048	tmpSz = QSH_MaxSecret(current);
wolfSSL	15:117db924cf7c	22049
wolfSSL	15:117db924cf7c	22050	if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
wolfSSL	15:117db924cf7c	22051	DYNAMIC_TYPE_SECRET)) == NULL)
wolfSSL	15:117db924cf7c	22052	return -1;
wolfSSL	15:117db924cf7c	22053
wolfSSL	15:117db924cf7c	22054	/* store info for writing extension */
wolfSSL	15:117db924cf7c	22055	schm->name = current->name;
wolfSSL	15:117db924cf7c	22056
wolfSSL	15:117db924cf7c	22057	/* no key to use for encryption */
wolfSSL	15:117db924cf7c	22058	if (tmpSz == 0) {
wolfSSL	15:117db924cf7c	22059	current = (QSHKey*)current->next;
wolfSSL	15:117db924cf7c	22060	continue;
wolfSSL	15:117db924cf7c	22061	}
wolfSSL	15:117db924cf7c	22062
wolfSSL	15:117db924cf7c	22063	if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
wolfSSL	15:117db924cf7c	22064	!= 0) {
wolfSSL	15:117db924cf7c	22065	return -1;
wolfSSL	15:117db924cf7c	22066	}
wolfSSL	15:117db924cf7c	22067	if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
wolfSSL	15:117db924cf7c	22068	&tmpSz) != 0) {
wolfSSL	15:117db924cf7c	22069	return -1;
wolfSSL	15:117db924cf7c	22070	}
wolfSSL	15:117db924cf7c	22071	schm->PKLen = tmpSz;
wolfSSL	15:117db924cf7c	22072
wolfSSL	15:117db924cf7c	22073	sz += tmpSz;
wolfSSL	15:117db924cf7c	22074	offset += plainSz;
wolfSSL	15:117db924cf7c	22075	schmPre = schm;
wolfSSL	15:117db924cf7c	22076	current = (QSHKey*)current->next;
wolfSSL	15:117db924cf7c	22077	}
wolfSSL	15:117db924cf7c	22078
wolfSSL	15:117db924cf7c	22079	return sz;
wolfSSL	15:117db924cf7c	22080	}
wolfSSL	15:117db924cf7c	22081
wolfSSL	15:117db924cf7c	22082
wolfSSL	15:117db924cf7c	22083	static word32 QSH_KeyGetSize(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	22084	{
wolfSSL	15:117db924cf7c	22085	word32 sz = 0;
wolfSSL	16:8e0d178b1d1e	22086	QSHKey* current;
wolfSSL	15:117db924cf7c	22087
wolfSSL	15:117db924cf7c	22088	if (ssl == NULL)
wolfSSL	15:117db924cf7c	22089	return -1;
wolfSSL	15:117db924cf7c	22090
wolfSSL	16:8e0d178b1d1e	22091	current = ssl->peerQSHKey;
wolfSSL	15:117db924cf7c	22092	sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
wolfSSL	15:117db924cf7c	22093	sz += OPAQUE24_LEN;
wolfSSL	15:117db924cf7c	22094	/* get size of buffer needed */
wolfSSL	15:117db924cf7c	22095	while (current) {
wolfSSL	15:117db924cf7c	22096	sz += OPAQUE16_LEN; /* scheme id */
wolfSSL	15:117db924cf7c	22097	sz += OPAQUE16_LEN; /* encrypted key len*/
wolfSSL	15:117db924cf7c	22098	sz += QSH_MaxSecret(current);
wolfSSL	15:117db924cf7c	22099	current = (QSHKey*)current->next;
wolfSSL	15:117db924cf7c	22100	}
wolfSSL	15:117db924cf7c	22101
wolfSSL	15:117db924cf7c	22102	return sz;
wolfSSL	15:117db924cf7c	22103	}
wolfSSL	15:117db924cf7c	22104
wolfSSL	15:117db924cf7c	22105
wolfSSL	15:117db924cf7c	22106	/* handle QSH key Exchange
wolfSSL	15:117db924cf7c	22107	return 0 on success
wolfSSL	15:117db924cf7c	22108	*/
wolfSSL	15:117db924cf7c	22109	static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
wolfSSL	15:117db924cf7c	22110	{
wolfSSL	15:117db924cf7c	22111	int ret = 0;
wolfSSL	15:117db924cf7c	22112
wolfSSL	15:117db924cf7c	22113	WOLFSSL_ENTER("QSH KeyExchange");
wolfSSL	15:117db924cf7c	22114
wolfSSL	15:117db924cf7c	22115	ret = QSH_GenerateSerCliSecret(ssl, isServer);
wolfSSL	15:117db924cf7c	22116	if (ret < 0)
wolfSSL	15:117db924cf7c	22117	return MEMORY_E;
wolfSSL	15:117db924cf7c	22118
wolfSSL	15:117db924cf7c	22119	return 0;
wolfSSL	15:117db924cf7c	22120	}
wolfSSL	15:117db924cf7c	22121
wolfSSL	15:117db924cf7c	22122	#endif /* HAVE_QSH */
wolfSSL	15:117db924cf7c	22123
wolfSSL	15:117db924cf7c	22124
wolfSSL	15:117db924cf7c	22125	typedef struct SckeArgs {
wolfSSL	15:117db924cf7c	22126	byte* output; /* not allocated */
wolfSSL	15:117db924cf7c	22127	byte* encSecret;
wolfSSL	15:117db924cf7c	22128	byte* input;
wolfSSL	15:117db924cf7c	22129	word32 encSz;
wolfSSL	15:117db924cf7c	22130	word32 length;
wolfSSL	15:117db924cf7c	22131	int sendSz;
wolfSSL	15:117db924cf7c	22132	int inputSz;
wolfSSL	15:117db924cf7c	22133	} SckeArgs;
wolfSSL	15:117db924cf7c	22134
wolfSSL	15:117db924cf7c	22135	static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	22136	{
wolfSSL	15:117db924cf7c	22137	SckeArgs* args = (SckeArgs*)pArgs;
wolfSSL	15:117db924cf7c	22138
wolfSSL	15:117db924cf7c	22139	(void)ssl;
wolfSSL	15:117db924cf7c	22140
wolfSSL	15:117db924cf7c	22141	if (args->encSecret) {
wolfSSL	15:117db924cf7c	22142	XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	22143	args->encSecret = NULL;
wolfSSL	15:117db924cf7c	22144	}
wolfSSL	15:117db924cf7c	22145	if (args->input) {
wolfSSL	15:117db924cf7c	22146	XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	22147	args->input = NULL;
wolfSSL	15:117db924cf7c	22148	}
wolfSSL	15:117db924cf7c	22149	}
wolfSSL	15:117db924cf7c	22150
wolfSSL	15:117db924cf7c	22151	/* handle generation client_key_exchange (16) */
wolfSSL	15:117db924cf7c	22152	int SendClientKeyExchange(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	22153	{
wolfSSL	15:117db924cf7c	22154	int ret = 0;
wolfSSL	15:117db924cf7c	22155	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	22156	SckeArgs* args = (SckeArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	22157	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	22158	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	22159	#else
wolfSSL	15:117db924cf7c	22160	SckeArgs args[1];
wolfSSL	15:117db924cf7c	22161	#endif
wolfSSL	15:117db924cf7c	22162
wolfSSL	15:117db924cf7c	22163	WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
wolfSSL	15:117db924cf7c	22164	WOLFSSL_ENTER("SendClientKeyExchange");
wolfSSL	15:117db924cf7c	22165
wolfSSL	15:117db924cf7c	22166	#ifdef OPENSSL_EXTRA
wolfSSL	16:8e0d178b1d1e	22167	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	16:8e0d178b1d1e	22168	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	16:8e0d178b1d1e	22169	if (ssl->CBIS != NULL)
wolfSSL	16:8e0d178b1d1e	22170	ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS);
wolfSSL	15:117db924cf7c	22171	#endif
wolfSSL	15:117db924cf7c	22172
wolfSSL	15:117db924cf7c	22173	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	22174	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	22175	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	22176	/* Check for error */
wolfSSL	15:117db924cf7c	22177	if (ret < 0)
wolfSSL	15:117db924cf7c	22178	goto exit_scke;
wolfSSL	15:117db924cf7c	22179	}
wolfSSL	15:117db924cf7c	22180	else
wolfSSL	15:117db924cf7c	22181	#endif
wolfSSL	15:117db924cf7c	22182	{
wolfSSL	15:117db924cf7c	22183	/* Reset state */
wolfSSL	15:117db924cf7c	22184	ret = 0;
wolfSSL	15:117db924cf7c	22185	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	22186	XMEMSET(args, 0, sizeof(SckeArgs));
wolfSSL	15:117db924cf7c	22187	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	22188	ssl->async.freeArgs = FreeSckeArgs;
wolfSSL	15:117db924cf7c	22189	#endif
wolfSSL	15:117db924cf7c	22190	}
wolfSSL	15:117db924cf7c	22191
wolfSSL	15:117db924cf7c	22192	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	22193	{
wolfSSL	15:117db924cf7c	22194	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	22195	{
wolfSSL	15:117db924cf7c	22196	switch (ssl->specs.kea) {
wolfSSL	15:117db924cf7c	22197	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	22198	case rsa_kea:
wolfSSL	15:117db924cf7c	22199	if (ssl->peerRsaKey == NULL \|\|
wolfSSL	15:117db924cf7c	22200	ssl->peerRsaKeyPresent == 0) {
wolfSSL	15:117db924cf7c	22201	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22202	}
wolfSSL	15:117db924cf7c	22203	break;
wolfSSL	15:117db924cf7c	22204	#endif
wolfSSL	15:117db924cf7c	22205	#ifndef NO_DH
wolfSSL	15:117db924cf7c	22206	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22207	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	15:117db924cf7c	22208	ssl->buffers.serverDH_G.buffer == NULL \|\|
wolfSSL	15:117db924cf7c	22209	ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	15:117db924cf7c	22210	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22211	}
wolfSSL	15:117db924cf7c	22212	break;
wolfSSL	15:117db924cf7c	22213	#endif /* NO_DH */
wolfSSL	15:117db924cf7c	22214	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	22215	case psk_kea:
wolfSSL	15:117db924cf7c	22216	/* sanity check that PSK client callback has been set */
wolfSSL	15:117db924cf7c	22217	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	22218	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	15:117db924cf7c	22219	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22220	}
wolfSSL	15:117db924cf7c	22221	break;
wolfSSL	15:117db924cf7c	22222	#endif /* NO_PSK */
wolfSSL	15:117db924cf7c	22223	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22224	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	22225	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	15:117db924cf7c	22226	ssl->buffers.serverDH_G.buffer == NULL \|\|
wolfSSL	15:117db924cf7c	22227	ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	15:117db924cf7c	22228	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22229	}
wolfSSL	15:117db924cf7c	22230
wolfSSL	15:117db924cf7c	22231	/* sanity check that PSK client callback has been set */
wolfSSL	15:117db924cf7c	22232	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	22233	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	15:117db924cf7c	22234	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22235	}
wolfSSL	15:117db924cf7c	22236	break;
wolfSSL	15:117db924cf7c	22237	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	22238	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22239	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22240	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	22241	/* sanity check that PSK client callback has been set */
wolfSSL	15:117db924cf7c	22242	if (ssl->options.client_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	22243	WOLFSSL_MSG("No client PSK callback set");
wolfSSL	15:117db924cf7c	22244	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22245	}
wolfSSL	15:117db924cf7c	22246
wolfSSL	15:117db924cf7c	22247	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22248	if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	22249	/* Check client ECC public key */
wolfSSL	15:117db924cf7c	22250	if (!ssl->peerX25519Key \|\| !ssl->peerX25519Key->dp) {
wolfSSL	15:117db924cf7c	22251	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22252	}
wolfSSL	15:117db924cf7c	22253
wolfSSL	15:117db924cf7c	22254	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22255	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22256	if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22257	break;
wolfSSL	15:117db924cf7c	22258	}
wolfSSL	15:117db924cf7c	22259	#endif
wolfSSL	15:117db924cf7c	22260
wolfSSL	15:117db924cf7c	22261	/* create private key */
wolfSSL	15:117db924cf7c	22262	ssl->hsType = DYNAMIC_TYPE_CURVE25519;
wolfSSL	15:117db924cf7c	22263	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	15:117db924cf7c	22264	if (ret != 0) {
wolfSSL	15:117db924cf7c	22265	goto exit_scke;
wolfSSL	15:117db924cf7c	22266	}
wolfSSL	15:117db924cf7c	22267
wolfSSL	15:117db924cf7c	22268	ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22269	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	22270	break;
wolfSSL	15:117db924cf7c	22271	}
wolfSSL	15:117db924cf7c	22272	#endif
wolfSSL	16:8e0d178b1d1e	22273	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22274	if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	22275	/* Check client ECC public key */
wolfSSL	16:8e0d178b1d1e	22276	if (!ssl->peerX448Key) {
wolfSSL	16:8e0d178b1d1e	22277	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	16:8e0d178b1d1e	22278	}
wolfSSL	16:8e0d178b1d1e	22279
wolfSSL	16:8e0d178b1d1e	22280	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	22281	/* if callback then use it for shared secret */
wolfSSL	16:8e0d178b1d1e	22282	if (ssl->ctx->X448SharedSecretCb != NULL) {
wolfSSL	16:8e0d178b1d1e	22283	break;
wolfSSL	16:8e0d178b1d1e	22284	}
wolfSSL	16:8e0d178b1d1e	22285	#endif
wolfSSL	16:8e0d178b1d1e	22286
wolfSSL	16:8e0d178b1d1e	22287	/* create private key */
wolfSSL	16:8e0d178b1d1e	22288	ssl->hsType = DYNAMIC_TYPE_CURVE448;
wolfSSL	16:8e0d178b1d1e	22289	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	22290	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22291	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22292	}
wolfSSL	16:8e0d178b1d1e	22293
wolfSSL	16:8e0d178b1d1e	22294	ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	22295	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	22296	break;
wolfSSL	16:8e0d178b1d1e	22297	}
wolfSSL	16:8e0d178b1d1e	22298	#endif
wolfSSL	15:117db924cf7c	22299	/* Check client ECC public key */
wolfSSL	15:117db924cf7c	22300	if (!ssl->peerEccKey \|\| !ssl->peerEccKeyPresent \|\|
wolfSSL	15:117db924cf7c	22301	!ssl->peerEccKey->dp) {
wolfSSL	15:117db924cf7c	22302	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22303	}
wolfSSL	15:117db924cf7c	22304
wolfSSL	15:117db924cf7c	22305	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22306	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22307	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22308	break;
wolfSSL	15:117db924cf7c	22309	}
wolfSSL	15:117db924cf7c	22310	#endif
wolfSSL	15:117db924cf7c	22311
wolfSSL	15:117db924cf7c	22312	/* create ephemeral private key */
wolfSSL	15:117db924cf7c	22313	ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	22314	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	15:117db924cf7c	22315	if (ret != 0) {
wolfSSL	15:117db924cf7c	22316	goto exit_scke;
wolfSSL	15:117db924cf7c	22317	}
wolfSSL	15:117db924cf7c	22318
wolfSSL	15:117db924cf7c	22319	ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
wolfSSL	15:117db924cf7c	22320
wolfSSL	15:117db924cf7c	22321	break;
wolfSSL	16:8e0d178b1d1e	22322	#endif /* (HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	22323	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	22324	case ntru_kea:
wolfSSL	15:117db924cf7c	22325	if (ssl->peerNtruKeyPresent == 0) {
wolfSSL	15:117db924cf7c	22326	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22327	}
wolfSSL	15:117db924cf7c	22328	break;
wolfSSL	15:117db924cf7c	22329	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	22330	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22331	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	22332	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22333	{
wolfSSL	15:117db924cf7c	22334	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	22335	ecc_key* peerKey;
wolfSSL	15:117db924cf7c	22336	#endif
wolfSSL	15:117db924cf7c	22337
wolfSSL	15:117db924cf7c	22338	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22339	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22340	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22341	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	22342	if (ssl->ctx->X25519SharedSecretCb != NULL)
wolfSSL	15:117db924cf7c	22343	break;
wolfSSL	15:117db924cf7c	22344	}
wolfSSL	15:117db924cf7c	22345	else
wolfSSL	15:117db924cf7c	22346	#endif
wolfSSL	16:8e0d178b1d1e	22347	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22348	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	22349	if (ssl->ctx->X448SharedSecretCb != NULL)
wolfSSL	16:8e0d178b1d1e	22350	break;
wolfSSL	16:8e0d178b1d1e	22351	}
wolfSSL	16:8e0d178b1d1e	22352	else
wolfSSL	16:8e0d178b1d1e	22353	#endif
wolfSSL	15:117db924cf7c	22354	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22355	break;
wolfSSL	15:117db924cf7c	22356	}
wolfSSL	15:117db924cf7c	22357	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	22358
wolfSSL	15:117db924cf7c	22359	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22360	if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	22361	if (!ssl->peerX25519Key \|\| !ssl->peerX25519Key->dp) {
wolfSSL	15:117db924cf7c	22362	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22363	}
wolfSSL	15:117db924cf7c	22364
wolfSSL	15:117db924cf7c	22365	/* create private key */
wolfSSL	15:117db924cf7c	22366	ssl->hsType = DYNAMIC_TYPE_CURVE25519;
wolfSSL	15:117db924cf7c	22367	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	15:117db924cf7c	22368	if (ret != 0) {
wolfSSL	15:117db924cf7c	22369	goto exit_scke;
wolfSSL	15:117db924cf7c	22370	}
wolfSSL	15:117db924cf7c	22371
wolfSSL	15:117db924cf7c	22372	ret = X25519MakeKey(ssl, (curve25519_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22373	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	22374	break;
wolfSSL	15:117db924cf7c	22375	}
wolfSSL	15:117db924cf7c	22376	#endif
wolfSSL	16:8e0d178b1d1e	22377	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22378	if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	22379	if (!ssl->peerX448Key) {
wolfSSL	16:8e0d178b1d1e	22380	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	16:8e0d178b1d1e	22381	}
wolfSSL	16:8e0d178b1d1e	22382
wolfSSL	16:8e0d178b1d1e	22383	/* create private key */
wolfSSL	16:8e0d178b1d1e	22384	ssl->hsType = DYNAMIC_TYPE_CURVE448;
wolfSSL	16:8e0d178b1d1e	22385	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	16:8e0d178b1d1e	22386	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22387	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22388	}
wolfSSL	16:8e0d178b1d1e	22389
wolfSSL	16:8e0d178b1d1e	22390	ret = X448MakeKey(ssl, (curve448_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	22391	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	22392	break;
wolfSSL	16:8e0d178b1d1e	22393	}
wolfSSL	16:8e0d178b1d1e	22394	#endif
wolfSSL	15:117db924cf7c	22395	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	22396	if (ssl->specs.static_ecdh) {
wolfSSL	15:117db924cf7c	22397	/* Note: EccDsa is really fixed Ecc key here */
wolfSSL	16:8e0d178b1d1e	22398	if (!ssl->peerEccDsaKey \|\| !ssl->peerEccDsaKeyPresent) {
wolfSSL	15:117db924cf7c	22399	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22400	}
wolfSSL	15:117db924cf7c	22401	peerKey = ssl->peerEccDsaKey;
wolfSSL	15:117db924cf7c	22402	}
wolfSSL	15:117db924cf7c	22403	else {
wolfSSL	16:8e0d178b1d1e	22404	if (!ssl->peerEccKey \|\| !ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	22405	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22406	}
wolfSSL	15:117db924cf7c	22407	peerKey = ssl->peerEccKey;
wolfSSL	15:117db924cf7c	22408	}
wolfSSL	15:117db924cf7c	22409	if (peerKey == NULL) {
wolfSSL	15:117db924cf7c	22410	ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL	15:117db924cf7c	22411	}
wolfSSL	15:117db924cf7c	22412
wolfSSL	15:117db924cf7c	22413	/* create ephemeral private key */
wolfSSL	15:117db924cf7c	22414	ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	22415	ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL	15:117db924cf7c	22416	if (ret != 0) {
wolfSSL	15:117db924cf7c	22417	goto exit_scke;
wolfSSL	15:117db924cf7c	22418	}
wolfSSL	15:117db924cf7c	22419
wolfSSL	15:117db924cf7c	22420	ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey);
wolfSSL	15:117db924cf7c	22421	#endif
wolfSSL	15:117db924cf7c	22422
wolfSSL	15:117db924cf7c	22423	break;
wolfSSL	15:117db924cf7c	22424	}
wolfSSL	16:8e0d178b1d1e	22425	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	22426
wolfSSL	15:117db924cf7c	22427	default:
wolfSSL	15:117db924cf7c	22428	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	22429	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	22430
wolfSSL	15:117db924cf7c	22431	/* Check for error */
wolfSSL	15:117db924cf7c	22432	if (ret != 0) {
wolfSSL	15:117db924cf7c	22433	goto exit_scke;
wolfSSL	15:117db924cf7c	22434	}
wolfSSL	15:117db924cf7c	22435
wolfSSL	15:117db924cf7c	22436	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	22437	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	22438	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	22439	FALL_THROUGH;
wolfSSL	15:117db924cf7c	22440
wolfSSL	15:117db924cf7c	22441	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	22442	{
wolfSSL	15:117db924cf7c	22443	args->encSz = MAX_ENCRYPT_SZ;
wolfSSL	15:117db924cf7c	22444	args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
wolfSSL	15:117db924cf7c	22445	DYNAMIC_TYPE_SECRET);
wolfSSL	15:117db924cf7c	22446	if (args->encSecret == NULL) {
wolfSSL	15:117db924cf7c	22447	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	22448	}
wolfSSL	16:8e0d178b1d1e	22449	if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL	16:8e0d178b1d1e	22450	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	16:8e0d178b1d1e	22451	ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL	16:8e0d178b1d1e	22452	ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	16:8e0d178b1d1e	22453	if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL	16:8e0d178b1d1e	22454	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	16:8e0d178b1d1e	22455	}
wolfSSL	16:8e0d178b1d1e	22456	XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
wolfSSL	16:8e0d178b1d1e	22457	}
wolfSSL	15:117db924cf7c	22458
wolfSSL	15:117db924cf7c	22459	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	22460	{
wolfSSL	15:117db924cf7c	22461	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	22462	case rsa_kea:
wolfSSL	15:117db924cf7c	22463	{
wolfSSL	15:117db924cf7c	22464	/* build PreMasterSecret with RNG data */
wolfSSL	16:8e0d178b1d1e	22465	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	22466	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	22467	if (tsip_useable(ssl)) {
wolfSSL	16:8e0d178b1d1e	22468	ret = tsip_generatePremasterSecret(
wolfSSL	15:117db924cf7c	22469	&ssl->arrays->preMasterSecret[VERSION_SZ],
wolfSSL	16:8e0d178b1d1e	22470	ENCRYPT_LEN - VERSION_SZ);
wolfSSL	16:8e0d178b1d1e	22471	} else {
wolfSSL	16:8e0d178b1d1e	22472	#endif
wolfSSL	16:8e0d178b1d1e	22473	ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL	16:8e0d178b1d1e	22474	&ssl->arrays->preMasterSecret[VERSION_SZ],
wolfSSL	16:8e0d178b1d1e	22475	SECRET_LEN - VERSION_SZ);
wolfSSL	16:8e0d178b1d1e	22476	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	22477	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	22478	}
wolfSSL	16:8e0d178b1d1e	22479	#endif
wolfSSL	16:8e0d178b1d1e	22480	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22481	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22482	}
wolfSSL	16:8e0d178b1d1e	22483
wolfSSL	16:8e0d178b1d1e	22484	ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL	16:8e0d178b1d1e	22485	ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL	16:8e0d178b1d1e	22486
wolfSSL	15:117db924cf7c	22487	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	16:8e0d178b1d1e	22488
wolfSSL	15:117db924cf7c	22489	break;
wolfSSL	15:117db924cf7c	22490	}
wolfSSL	15:117db924cf7c	22491	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	22492	#ifndef NO_DH
wolfSSL	15:117db924cf7c	22493	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22494	{
wolfSSL	15:117db924cf7c	22495	ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	22496	ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL	15:117db924cf7c	22497	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	22498	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	22499	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	22500	}
wolfSSL	15:117db924cf7c	22501
wolfSSL	15:117db924cf7c	22502	ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL	15:117db924cf7c	22503	(void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	22504	if (ret != 0) {
wolfSSL	15:117db924cf7c	22505	goto exit_scke;
wolfSSL	15:117db924cf7c	22506	}
wolfSSL	15:117db924cf7c	22507
wolfSSL	16:8e0d178b1d1e	22508	#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
wolfSSL	16:8e0d178b1d1e	22509	!defined(WOLFSSL_OLD_PRIME_CHECK)
wolfSSL	16:8e0d178b1d1e	22510	if (ssl->options.dhDoKeyTest &&
wolfSSL	16:8e0d178b1d1e	22511	!ssl->options.dhKeyTested)
wolfSSL	16:8e0d178b1d1e	22512	{
wolfSSL	16:8e0d178b1d1e	22513	ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22514	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	22515	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	22516	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	22517	ssl->buffers.serverDH_G.length,
wolfSSL	16:8e0d178b1d1e	22518	NULL, 0, 0, ssl->rng);
wolfSSL	16:8e0d178b1d1e	22519	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22520	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22521	}
wolfSSL	16:8e0d178b1d1e	22522	ssl->options.dhKeyTested = 1;
wolfSSL	16:8e0d178b1d1e	22523	}
wolfSSL	16:8e0d178b1d1e	22524	else
wolfSSL	16:8e0d178b1d1e	22525	#endif
wolfSSL	16:8e0d178b1d1e	22526	{
wolfSSL	16:8e0d178b1d1e	22527	ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22528	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	22529	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	22530	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	22531	ssl->buffers.serverDH_G.length);
wolfSSL	16:8e0d178b1d1e	22532	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22533	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22534	}
wolfSSL	15:117db924cf7c	22535	}
wolfSSL	15:117db924cf7c	22536
wolfSSL	15:117db924cf7c	22537	/* for DH, encSecret is Yc, agree is pre-master */
wolfSSL	15:117db924cf7c	22538	ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22539	ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	22540	args->encSecret, &args->encSz);
wolfSSL	15:117db924cf7c	22541
wolfSSL	15:117db924cf7c	22542	/* set the max agree result size */
wolfSSL	15:117db924cf7c	22543	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	22544	break;
wolfSSL	15:117db924cf7c	22545	}
wolfSSL	15:117db924cf7c	22546	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	22547	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	22548	case psk_kea:
wolfSSL	15:117db924cf7c	22549	{
wolfSSL	15:117db924cf7c	22550	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	22551	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	15:117db924cf7c	22552	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	22553	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	22554	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	22555	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	22556	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22557	}
wolfSSL	15:117db924cf7c	22558	ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	22559	args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	15:117db924cf7c	22560	if (args->encSz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	22561	ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22562	}
wolfSSL	15:117db924cf7c	22563	XMEMCPY(args->encSecret, ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	22564	args->encSz);
wolfSSL	15:117db924cf7c	22565
wolfSSL	15:117db924cf7c	22566	/* make psk pre master secret */
wolfSSL	15:117db924cf7c	22567	/* length of key + length 0s + length of key + key */
wolfSSL	15:117db924cf7c	22568	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	22569	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22570	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	22571	pms += ssl->arrays->psk_keySz;
wolfSSL	15:117db924cf7c	22572	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	22573	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22574	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	22575	ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
wolfSSL	15:117db924cf7c	22576	(2 * OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	22577	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	22578	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	15:117db924cf7c	22579	break;
wolfSSL	15:117db924cf7c	22580	}
wolfSSL	15:117db924cf7c	22581	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	22582	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22583	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	22584	{
wolfSSL	15:117db924cf7c	22585	word32 esSz = 0;
wolfSSL	15:117db924cf7c	22586	args->output = args->encSecret;
wolfSSL	15:117db924cf7c	22587
wolfSSL	15:117db924cf7c	22588	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	15:117db924cf7c	22589	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	22590	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	22591	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	22592	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	22593	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22594	}
wolfSSL	15:117db924cf7c	22595	ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	22596	esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	15:117db924cf7c	22597
wolfSSL	15:117db924cf7c	22598	if (esSz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	22599	ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22600	}
wolfSSL	15:117db924cf7c	22601
wolfSSL	15:117db924cf7c	22602	ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	22603	ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL	15:117db924cf7c	22604	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	22605	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	22606	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	22607	}
wolfSSL	15:117db924cf7c	22608
wolfSSL	15:117db924cf7c	22609	c16toa((word16)esSz, args->output);
wolfSSL	15:117db924cf7c	22610	args->output += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22611	XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL	15:117db924cf7c	22612	args->output += esSz;
wolfSSL	15:117db924cf7c	22613	args->encSz = esSz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22614
wolfSSL	15:117db924cf7c	22615	args->length = 0;
wolfSSL	15:117db924cf7c	22616
wolfSSL	15:117db924cf7c	22617	ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL	15:117db924cf7c	22618	(void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	22619	if (ret != 0) {
wolfSSL	15:117db924cf7c	22620	goto exit_scke;
wolfSSL	15:117db924cf7c	22621	}
wolfSSL	15:117db924cf7c	22622
wolfSSL	16:8e0d178b1d1e	22623	#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
wolfSSL	16:8e0d178b1d1e	22624	!defined(WOLFSSL_OLD_PRIME_CHECK)
wolfSSL	16:8e0d178b1d1e	22625	if (ssl->options.dhDoKeyTest &&
wolfSSL	16:8e0d178b1d1e	22626	!ssl->options.dhKeyTested)
wolfSSL	16:8e0d178b1d1e	22627	{
wolfSSL	16:8e0d178b1d1e	22628	ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22629	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	22630	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	22631	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	22632	ssl->buffers.serverDH_G.length,
wolfSSL	16:8e0d178b1d1e	22633	NULL, 0, 0, ssl->rng);
wolfSSL	16:8e0d178b1d1e	22634	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22635	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22636	}
wolfSSL	16:8e0d178b1d1e	22637	ssl->options.dhKeyTested = 1;
wolfSSL	16:8e0d178b1d1e	22638	}
wolfSSL	16:8e0d178b1d1e	22639	else
wolfSSL	16:8e0d178b1d1e	22640	#endif
wolfSSL	16:8e0d178b1d1e	22641	{
wolfSSL	16:8e0d178b1d1e	22642	ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22643	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	22644	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	22645	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	22646	ssl->buffers.serverDH_G.length);
wolfSSL	16:8e0d178b1d1e	22647	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22648	goto exit_scke;
wolfSSL	16:8e0d178b1d1e	22649	}
wolfSSL	15:117db924cf7c	22650	}
wolfSSL	15:117db924cf7c	22651
wolfSSL	15:117db924cf7c	22652	/* for DH, encSecret is Yc, agree is pre-master */
wolfSSL	15:117db924cf7c	22653	ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	22654	ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	22655	args->output + OPAQUE16_LEN, &args->length);
wolfSSL	15:117db924cf7c	22656	break;
wolfSSL	15:117db924cf7c	22657	}
wolfSSL	15:117db924cf7c	22658	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	22659	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22660	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22661	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	22662	{
wolfSSL	15:117db924cf7c	22663	word32 esSz = 0;
wolfSSL	15:117db924cf7c	22664	args->output = args->encSecret;
wolfSSL	15:117db924cf7c	22665
wolfSSL	15:117db924cf7c	22666	/* Send PSK client identity */
wolfSSL	15:117db924cf7c	22667	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	15:117db924cf7c	22668	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	22669	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	22670	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	22671	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	22672	ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22673	}
wolfSSL	15:117db924cf7c	22674	ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	22675	esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	15:117db924cf7c	22676	if (esSz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	22677	ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22678	}
wolfSSL	15:117db924cf7c	22679
wolfSSL	15:117db924cf7c	22680	/* place size and identity in output buffer sz:identity */
wolfSSL	15:117db924cf7c	22681	c16toa((word16)esSz, args->output);
wolfSSL	15:117db924cf7c	22682	args->output += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22683	XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL	15:117db924cf7c	22684	args->output += esSz;
wolfSSL	15:117db924cf7c	22685	args->encSz = esSz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22686
wolfSSL	15:117db924cf7c	22687	/* length is used for public key size */
wolfSSL	15:117db924cf7c	22688	args->length = MAX_ENCRYPT_SZ;
wolfSSL	15:117db924cf7c	22689
wolfSSL	16:8e0d178b1d1e	22690	/* Create shared ECC key leaving room at the beginning
wolfSSL	15:117db924cf7c	22691	of buffer for size of shared key. */
wolfSSL	15:117db924cf7c	22692	ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	22693
wolfSSL	15:117db924cf7c	22694	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22695	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	22696	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22697	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22698	if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22699	break;
wolfSSL	15:117db924cf7c	22700	}
wolfSSL	15:117db924cf7c	22701	#endif
wolfSSL	15:117db924cf7c	22702
wolfSSL	15:117db924cf7c	22703	ret = wc_curve25519_export_public_ex(
wolfSSL	15:117db924cf7c	22704	(curve25519_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22705	args->output + OPAQUE8_LEN, &args->length,
wolfSSL	15:117db924cf7c	22706	EC25519_LITTLE_ENDIAN);
wolfSSL	15:117db924cf7c	22707	if (ret != 0) {
wolfSSL	15:117db924cf7c	22708	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22709	}
wolfSSL	15:117db924cf7c	22710
wolfSSL	15:117db924cf7c	22711	break;
wolfSSL	15:117db924cf7c	22712	}
wolfSSL	15:117db924cf7c	22713	#endif
wolfSSL	16:8e0d178b1d1e	22714	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22715	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	22716	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	22717	/* if callback then use it for shared secret */
wolfSSL	16:8e0d178b1d1e	22718	if (ssl->ctx->X448SharedSecretCb != NULL) {
wolfSSL	16:8e0d178b1d1e	22719	break;
wolfSSL	16:8e0d178b1d1e	22720	}
wolfSSL	16:8e0d178b1d1e	22721	#endif
wolfSSL	16:8e0d178b1d1e	22722
wolfSSL	16:8e0d178b1d1e	22723	ret = wc_curve448_export_public_ex(
wolfSSL	16:8e0d178b1d1e	22724	(curve448_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	22725	args->output + OPAQUE8_LEN, &args->length,
wolfSSL	16:8e0d178b1d1e	22726	EC448_LITTLE_ENDIAN);
wolfSSL	16:8e0d178b1d1e	22727	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22728	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	16:8e0d178b1d1e	22729	}
wolfSSL	16:8e0d178b1d1e	22730
wolfSSL	16:8e0d178b1d1e	22731	break;
wolfSSL	16:8e0d178b1d1e	22732	}
wolfSSL	16:8e0d178b1d1e	22733	#endif
wolfSSL	15:117db924cf7c	22734	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22735	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22736	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22737	break;
wolfSSL	15:117db924cf7c	22738	}
wolfSSL	15:117db924cf7c	22739	#endif
wolfSSL	15:117db924cf7c	22740
wolfSSL	15:117db924cf7c	22741	/* Place ECC key in output buffer, leaving room for size */
wolfSSL	15:117db924cf7c	22742	ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22743	args->output + OPAQUE8_LEN, &args->length);
wolfSSL	15:117db924cf7c	22744	if (ret != 0) {
wolfSSL	15:117db924cf7c	22745	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22746	}
wolfSSL	15:117db924cf7c	22747
wolfSSL	15:117db924cf7c	22748	break;
wolfSSL	15:117db924cf7c	22749	}
wolfSSL	16:8e0d178b1d1e	22750	#endif /* (HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	22751	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	22752	case ntru_kea:
wolfSSL	15:117db924cf7c	22753	{
wolfSSL	15:117db924cf7c	22754	ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL	15:117db924cf7c	22755	ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	22756	if (ret != 0) {
wolfSSL	15:117db924cf7c	22757	goto exit_scke;
wolfSSL	15:117db924cf7c	22758	}
wolfSSL	15:117db924cf7c	22759
wolfSSL	15:117db924cf7c	22760	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	15:117db924cf7c	22761	args->encSz = MAX_ENCRYPT_SZ;
wolfSSL	15:117db924cf7c	22762	break;
wolfSSL	15:117db924cf7c	22763	}
wolfSSL	15:117db924cf7c	22764	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	22765	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22766	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	22767	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22768	{
wolfSSL	15:117db924cf7c	22769	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	22770
wolfSSL	15:117db924cf7c	22771	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22772	if (ssl->hsType == DYNAMIC_TYPE_CURVE25519) {
wolfSSL	15:117db924cf7c	22773	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22774	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22775	if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22776	break;
wolfSSL	15:117db924cf7c	22777	}
wolfSSL	15:117db924cf7c	22778	#endif
wolfSSL	15:117db924cf7c	22779
wolfSSL	15:117db924cf7c	22780	ret = wc_curve25519_export_public_ex(
wolfSSL	15:117db924cf7c	22781	(curve25519_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22782	args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL	15:117db924cf7c	22783	EC25519_LITTLE_ENDIAN);
wolfSSL	15:117db924cf7c	22784	if (ret != 0) {
wolfSSL	15:117db924cf7c	22785	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22786	}
wolfSSL	15:117db924cf7c	22787
wolfSSL	15:117db924cf7c	22788	break;
wolfSSL	15:117db924cf7c	22789	}
wolfSSL	15:117db924cf7c	22790	#endif
wolfSSL	16:8e0d178b1d1e	22791	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22792	if (ssl->hsType == DYNAMIC_TYPE_CURVE448) {
wolfSSL	16:8e0d178b1d1e	22793	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	22794	/* if callback then use it for shared secret */
wolfSSL	16:8e0d178b1d1e	22795	if (ssl->ctx->X448SharedSecretCb != NULL) {
wolfSSL	16:8e0d178b1d1e	22796	break;
wolfSSL	16:8e0d178b1d1e	22797	}
wolfSSL	16:8e0d178b1d1e	22798	#endif
wolfSSL	16:8e0d178b1d1e	22799
wolfSSL	16:8e0d178b1d1e	22800	ret = wc_curve448_export_public_ex(
wolfSSL	16:8e0d178b1d1e	22801	(curve448_key*)ssl->hsKey,
wolfSSL	16:8e0d178b1d1e	22802	args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL	16:8e0d178b1d1e	22803	EC448_LITTLE_ENDIAN);
wolfSSL	16:8e0d178b1d1e	22804	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	22805	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	16:8e0d178b1d1e	22806	}
wolfSSL	16:8e0d178b1d1e	22807
wolfSSL	16:8e0d178b1d1e	22808	break;
wolfSSL	16:8e0d178b1d1e	22809	}
wolfSSL	16:8e0d178b1d1e	22810	#endif
wolfSSL	16:8e0d178b1d1e	22811	#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
wolfSSL	15:117db924cf7c	22812	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	22813	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	22814	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	22815	break;
wolfSSL	15:117db924cf7c	22816	}
wolfSSL	15:117db924cf7c	22817	#endif
wolfSSL	15:117db924cf7c	22818
wolfSSL	15:117db924cf7c	22819	/* Place ECC key in buffer, leaving room for size */
wolfSSL	15:117db924cf7c	22820	ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL	15:117db924cf7c	22821	args->encSecret + OPAQUE8_LEN, &args->encSz);
wolfSSL	15:117db924cf7c	22822	if (ret != 0) {
wolfSSL	15:117db924cf7c	22823	ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22824	}
wolfSSL	15:117db924cf7c	22825	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	22826	break;
wolfSSL	15:117db924cf7c	22827	}
wolfSSL	16:8e0d178b1d1e	22828	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	22829
wolfSSL	15:117db924cf7c	22830	default:
wolfSSL	15:117db924cf7c	22831	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	22832	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	22833
wolfSSL	15:117db924cf7c	22834	/* Check for error */
wolfSSL	15:117db924cf7c	22835	if (ret != 0) {
wolfSSL	15:117db924cf7c	22836	goto exit_scke;
wolfSSL	15:117db924cf7c	22837	}
wolfSSL	15:117db924cf7c	22838
wolfSSL	15:117db924cf7c	22839	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	22840	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	22841	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	22842	FALL_THROUGH;
wolfSSL	15:117db924cf7c	22843
wolfSSL	15:117db924cf7c	22844	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	22845	{
wolfSSL	15:117db924cf7c	22846	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	22847	{
wolfSSL	15:117db924cf7c	22848	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	22849	case rsa_kea:
wolfSSL	15:117db924cf7c	22850	{
wolfSSL	16:8e0d178b1d1e	22851	#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
wolfSSL	16:8e0d178b1d1e	22852	!defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
wolfSSL	16:8e0d178b1d1e	22853	if (tsip_useable(ssl) &&
wolfSSL	16:8e0d178b1d1e	22854	wc_RsaEncryptSize(ssl->peerRsaKey) == 256) {
wolfSSL	16:8e0d178b1d1e	22855	ret = tsip_generateEncryptPreMasterSecret(ssl,
wolfSSL	16:8e0d178b1d1e	22856	args->encSecret,
wolfSSL	16:8e0d178b1d1e	22857	&args->encSz);
wolfSSL	16:8e0d178b1d1e	22858
wolfSSL	16:8e0d178b1d1e	22859	} else
wolfSSL	16:8e0d178b1d1e	22860	#endif
wolfSSL	16:8e0d178b1d1e	22861	ret = RsaEnc(ssl,
wolfSSL	16:8e0d178b1d1e	22862	ssl->arrays->preMasterSecret, SECRET_LEN,
wolfSSL	16:8e0d178b1d1e	22863	args->encSecret, &args->encSz,
wolfSSL	16:8e0d178b1d1e	22864	ssl->peerRsaKey,
wolfSSL	16:8e0d178b1d1e	22865	#if defined(HAVE_PK_CALLBACKS)
wolfSSL	16:8e0d178b1d1e	22866	&ssl->buffers.peerRsaKey
wolfSSL	16:8e0d178b1d1e	22867	#else
wolfSSL	16:8e0d178b1d1e	22868	NULL
wolfSSL	16:8e0d178b1d1e	22869	#endif
wolfSSL	16:8e0d178b1d1e	22870	);
wolfSSL	15:117db924cf7c	22871
wolfSSL	15:117db924cf7c	22872	break;
wolfSSL	15:117db924cf7c	22873	}
wolfSSL	15:117db924cf7c	22874	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	22875	#ifndef NO_DH
wolfSSL	15:117db924cf7c	22876	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22877	{
wolfSSL	15:117db924cf7c	22878	ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	22879	ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	22880	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	15:117db924cf7c	22881	ssl->buffers.serverDH_Pub.length,
wolfSSL	15:117db924cf7c	22882	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	22883	&ssl->arrays->preMasterSz);
wolfSSL	15:117db924cf7c	22884	break;
wolfSSL	15:117db924cf7c	22885	}
wolfSSL	15:117db924cf7c	22886	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	22887	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	22888	case psk_kea:
wolfSSL	15:117db924cf7c	22889	{
wolfSSL	15:117db924cf7c	22890	break;
wolfSSL	15:117db924cf7c	22891	}
wolfSSL	15:117db924cf7c	22892	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	22893	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22894	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	22895	{
wolfSSL	15:117db924cf7c	22896	ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	22897	ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	22898	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	15:117db924cf7c	22899	ssl->buffers.serverDH_Pub.length,
wolfSSL	15:117db924cf7c	22900	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	22901	&ssl->arrays->preMasterSz);
wolfSSL	15:117db924cf7c	22902	break;
wolfSSL	15:117db924cf7c	22903	}
wolfSSL	15:117db924cf7c	22904	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	22905	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22906	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	22907	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	22908	{
wolfSSL	15:117db924cf7c	22909	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	22910	if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	22911	ret = X25519SharedSecret(ssl,
wolfSSL	15:117db924cf7c	22912	(curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	22913	args->output + OPAQUE8_LEN, &args->length,
wolfSSL	15:117db924cf7c	22914	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	22915	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	22916	WOLFSSL_CLIENT_END
wolfSSL	15:117db924cf7c	22917	);
wolfSSL	16:8e0d178b1d1e	22918	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	22919	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	22920	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	22921	#endif
wolfSSL	16:8e0d178b1d1e	22922	) {
wolfSSL	15:117db924cf7c	22923	FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	22924	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	22925	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	22926	}
wolfSSL	15:117db924cf7c	22927	break;
wolfSSL	15:117db924cf7c	22928	}
wolfSSL	15:117db924cf7c	22929	#endif
wolfSSL	16:8e0d178b1d1e	22930	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	22931	if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	22932	ret = X448SharedSecret(ssl,
wolfSSL	16:8e0d178b1d1e	22933	(curve448_key*)ssl->hsKey, ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	22934	args->output + OPAQUE8_LEN, &args->length,
wolfSSL	16:8e0d178b1d1e	22935	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	16:8e0d178b1d1e	22936	&ssl->arrays->preMasterSz,
wolfSSL	16:8e0d178b1d1e	22937	WOLFSSL_CLIENT_END
wolfSSL	16:8e0d178b1d1e	22938	);
wolfSSL	16:8e0d178b1d1e	22939	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	22940	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	22941	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	22942	#endif
wolfSSL	16:8e0d178b1d1e	22943	) {
wolfSSL	16:8e0d178b1d1e	22944	FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	22945	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	22946	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	22947	}
wolfSSL	16:8e0d178b1d1e	22948	break;
wolfSSL	16:8e0d178b1d1e	22949	}
wolfSSL	16:8e0d178b1d1e	22950	#endif
wolfSSL	15:117db924cf7c	22951	ret = EccSharedSecret(ssl,
wolfSSL	15:117db924cf7c	22952	(ecc_key*)ssl->hsKey, ssl->peerEccKey,
wolfSSL	15:117db924cf7c	22953	args->output + OPAQUE8_LEN, &args->length,
wolfSSL	15:117db924cf7c	22954	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	22955	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	22956	WOLFSSL_CLIENT_END
wolfSSL	15:117db924cf7c	22957	);
wolfSSL	16:8e0d178b1d1e	22958	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	22959	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	22960	#endif
wolfSSL	16:8e0d178b1d1e	22961	{
wolfSSL	16:8e0d178b1d1e	22962	FreeKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	16:8e0d178b1d1e	22963	(void**)&ssl->peerEccKey);
wolfSSL	16:8e0d178b1d1e	22964	ssl->peerEccKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	22965	}
wolfSSL	16:8e0d178b1d1e	22966	break;
wolfSSL	16:8e0d178b1d1e	22967	}
wolfSSL	16:8e0d178b1d1e	22968	#endif /* (HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	22969	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	22970	case ntru_kea:
wolfSSL	15:117db924cf7c	22971	{
wolfSSL	15:117db924cf7c	22972	word32 rc;
wolfSSL	15:117db924cf7c	22973	word16 tmpEncSz = (word16)args->encSz;
wolfSSL	15:117db924cf7c	22974	DRBG_HANDLE drbg;
wolfSSL	15:117db924cf7c	22975
wolfSSL	15:117db924cf7c	22976	rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL	15:117db924cf7c	22977	if (rc != DRBG_OK) {
wolfSSL	15:117db924cf7c	22978	ERROR_OUT(NTRU_DRBG_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22979	}
wolfSSL	15:117db924cf7c	22980	rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL	15:117db924cf7c	22981	ssl->peerNtruKey,
wolfSSL	15:117db924cf7c	22982	ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	22983	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	22984	&tmpEncSz,
wolfSSL	15:117db924cf7c	22985	args->encSecret);
wolfSSL	15:117db924cf7c	22986	args->encSz = tmpEncSz;
wolfSSL	15:117db924cf7c	22987	ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL	15:117db924cf7c	22988	if (rc != NTRU_OK) {
wolfSSL	15:117db924cf7c	22989	ERROR_OUT(NTRU_ENCRYPT_ERROR, exit_scke);
wolfSSL	15:117db924cf7c	22990	}
wolfSSL	15:117db924cf7c	22991	ret = 0;
wolfSSL	15:117db924cf7c	22992	break;
wolfSSL	15:117db924cf7c	22993	}
wolfSSL	15:117db924cf7c	22994	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	22995	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	22996	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	22997	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	22998	{
wolfSSL	15:117db924cf7c	22999	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	23000	ecc_key* peerKey;
wolfSSL	15:117db924cf7c	23001	#endif
wolfSSL	15:117db924cf7c	23002
wolfSSL	15:117db924cf7c	23003	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	23004	if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	23005	ret = X25519SharedSecret(ssl,
wolfSSL	15:117db924cf7c	23006	(curve25519_key*)ssl->hsKey, ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	23007	args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL	15:117db924cf7c	23008	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	23009	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	23010	WOLFSSL_CLIENT_END
wolfSSL	15:117db924cf7c	23011	);
wolfSSL	16:8e0d178b1d1e	23012	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	23013	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	23014	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	23015	#endif
wolfSSL	16:8e0d178b1d1e	23016	) {
wolfSSL	15:117db924cf7c	23017	FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	23018	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	23019	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	23020	}
wolfSSL	15:117db924cf7c	23021	break;
wolfSSL	15:117db924cf7c	23022	}
wolfSSL	15:117db924cf7c	23023	#endif
wolfSSL	16:8e0d178b1d1e	23024	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	23025	if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	23026	ret = X448SharedSecret(ssl,
wolfSSL	16:8e0d178b1d1e	23027	(curve448_key*)ssl->hsKey, ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	23028	args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL	16:8e0d178b1d1e	23029	ssl->arrays->preMasterSecret,
wolfSSL	16:8e0d178b1d1e	23030	&ssl->arrays->preMasterSz,
wolfSSL	16:8e0d178b1d1e	23031	WOLFSSL_CLIENT_END
wolfSSL	16:8e0d178b1d1e	23032	);
wolfSSL	16:8e0d178b1d1e	23033	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	23034	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	23035	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	23036	#endif
wolfSSL	16:8e0d178b1d1e	23037	) {
wolfSSL	16:8e0d178b1d1e	23038	FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	23039	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	23040	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	23041	}
wolfSSL	16:8e0d178b1d1e	23042	break;
wolfSSL	16:8e0d178b1d1e	23043	}
wolfSSL	16:8e0d178b1d1e	23044	#endif
wolfSSL	15:117db924cf7c	23045	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	23046	peerKey = (ssl->specs.static_ecdh) ?
wolfSSL	15:117db924cf7c	23047	ssl->peerEccDsaKey : ssl->peerEccKey;
wolfSSL	15:117db924cf7c	23048
wolfSSL	15:117db924cf7c	23049	ret = EccSharedSecret(ssl,
wolfSSL	15:117db924cf7c	23050	(ecc_key*)ssl->hsKey, peerKey,
wolfSSL	15:117db924cf7c	23051	args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL	15:117db924cf7c	23052	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	23053	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	23054	WOLFSSL_CLIENT_END
wolfSSL	15:117db924cf7c	23055	);
wolfSSL	16:8e0d178b1d1e	23056	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	23057	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	23058	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	23059	#endif
wolfSSL	16:8e0d178b1d1e	23060	&& !ssl->options.keepResources) {
wolfSSL	16:8e0d178b1d1e	23061	FreeKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	16:8e0d178b1d1e	23062	(void**)&ssl->peerEccKey);
wolfSSL	16:8e0d178b1d1e	23063	ssl->peerEccKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	23064	}
wolfSSL	16:8e0d178b1d1e	23065	#endif
wolfSSL	16:8e0d178b1d1e	23066
wolfSSL	16:8e0d178b1d1e	23067	break;
wolfSSL	16:8e0d178b1d1e	23068	}
wolfSSL	16:8e0d178b1d1e	23069	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	23070
wolfSSL	15:117db924cf7c	23071	default:
wolfSSL	15:117db924cf7c	23072	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	23073	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	23074
wolfSSL	15:117db924cf7c	23075	/* Check for error */
wolfSSL	15:117db924cf7c	23076	if (ret != 0) {
wolfSSL	15:117db924cf7c	23077	goto exit_scke;
wolfSSL	15:117db924cf7c	23078	}
wolfSSL	15:117db924cf7c	23079
wolfSSL	15:117db924cf7c	23080	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23081	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	23082	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	23083	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23084
wolfSSL	15:117db924cf7c	23085	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	23086	{
wolfSSL	15:117db924cf7c	23087	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	23088	{
wolfSSL	15:117db924cf7c	23089	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23090	case rsa_kea:
wolfSSL	15:117db924cf7c	23091	{
wolfSSL	15:117db924cf7c	23092	break;
wolfSSL	15:117db924cf7c	23093	}
wolfSSL	15:117db924cf7c	23094	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	23095	#ifndef NO_DH
wolfSSL	15:117db924cf7c	23096	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	23097	{
wolfSSL	15:117db924cf7c	23098	break;
wolfSSL	15:117db924cf7c	23099	}
wolfSSL	15:117db924cf7c	23100	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	23101	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	23102	case psk_kea:
wolfSSL	15:117db924cf7c	23103	{
wolfSSL	15:117db924cf7c	23104	break;
wolfSSL	15:117db924cf7c	23105	}
wolfSSL	15:117db924cf7c	23106	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	23107	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	23108	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	23109	{
wolfSSL	15:117db924cf7c	23110	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	23111
wolfSSL	15:117db924cf7c	23112	/* validate args */
wolfSSL	15:117db924cf7c	23113	if (args->output == NULL \|\| args->length == 0) {
wolfSSL	15:117db924cf7c	23114	ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL	15:117db924cf7c	23115	}
wolfSSL	15:117db924cf7c	23116
wolfSSL	15:117db924cf7c	23117	c16toa((word16)args->length, args->output);
wolfSSL	15:117db924cf7c	23118	args->encSz += args->length + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23119	c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL	15:117db924cf7c	23120	ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23121	pms += ssl->arrays->preMasterSz;
wolfSSL	15:117db924cf7c	23122
wolfSSL	15:117db924cf7c	23123	/* make psk pre master secret */
wolfSSL	15:117db924cf7c	23124	/* length of key + length 0s + length of key + key */
wolfSSL	15:117db924cf7c	23125	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	23126	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23127	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	23128	ssl->arrays->preMasterSz +=
wolfSSL	15:117db924cf7c	23129	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23130	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	23131	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	15:117db924cf7c	23132	break;
wolfSSL	15:117db924cf7c	23133	}
wolfSSL	15:117db924cf7c	23134	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	23135	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	23136	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	23137	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	23138	{
wolfSSL	15:117db924cf7c	23139	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	23140
wolfSSL	15:117db924cf7c	23141	/* validate args */
wolfSSL	15:117db924cf7c	23142	if (args->output == NULL \|\| args->length > ENCRYPT_LEN) {
wolfSSL	15:117db924cf7c	23143	ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL	15:117db924cf7c	23144	}
wolfSSL	15:117db924cf7c	23145
wolfSSL	15:117db924cf7c	23146	/* place size of public key in output buffer */
wolfSSL	15:117db924cf7c	23147	*args->output = (byte)args->length;
wolfSSL	15:117db924cf7c	23148	args->encSz += args->length + OPAQUE8_LEN;
wolfSSL	15:117db924cf7c	23149
wolfSSL	16:8e0d178b1d1e	23150	/* Create pre master secret is the concatenation of
wolfSSL	15:117db924cf7c	23151	eccSize + eccSharedKey + pskSize + pskKey */
wolfSSL	15:117db924cf7c	23152	c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL	15:117db924cf7c	23153	ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23154	pms += ssl->arrays->preMasterSz;
wolfSSL	15:117db924cf7c	23155
wolfSSL	15:117db924cf7c	23156	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	23157	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23158	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	23159	ssl->arrays->preMasterSz +=
wolfSSL	15:117db924cf7c	23160	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23161
wolfSSL	15:117db924cf7c	23162	ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	23163	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	15:117db924cf7c	23164	break;
wolfSSL	15:117db924cf7c	23165	}
wolfSSL	16:8e0d178b1d1e	23166	#endif /* (HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	23167	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	23168	case ntru_kea:
wolfSSL	15:117db924cf7c	23169	{
wolfSSL	15:117db924cf7c	23170	break;
wolfSSL	15:117db924cf7c	23171	}
wolfSSL	15:117db924cf7c	23172	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	23173	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	23174	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	23175	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	23176	{
wolfSSL	15:117db924cf7c	23177	/* place size of public key in buffer */
wolfSSL	15:117db924cf7c	23178	*args->encSecret = (byte)args->encSz;
wolfSSL	15:117db924cf7c	23179	args->encSz += OPAQUE8_LEN;
wolfSSL	15:117db924cf7c	23180	break;
wolfSSL	15:117db924cf7c	23181	}
wolfSSL	16:8e0d178b1d1e	23182	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	23183
wolfSSL	15:117db924cf7c	23184	default:
wolfSSL	15:117db924cf7c	23185	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	23186	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	23187
wolfSSL	15:117db924cf7c	23188	/* Check for error */
wolfSSL	15:117db924cf7c	23189	if (ret != 0) {
wolfSSL	15:117db924cf7c	23190	goto exit_scke;
wolfSSL	15:117db924cf7c	23191	}
wolfSSL	15:117db924cf7c	23192
wolfSSL	15:117db924cf7c	23193	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23194	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	23195	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	23196	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23197
wolfSSL	15:117db924cf7c	23198	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	23199	{
wolfSSL	15:117db924cf7c	23200	word32 tlsSz = 0;
wolfSSL	15:117db924cf7c	23201	word32 idx = 0;
wolfSSL	15:117db924cf7c	23202
wolfSSL	15:117db924cf7c	23203	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	23204	word32 qshSz = 0;
wolfSSL	15:117db924cf7c	23205	if (ssl->peerQSHKeyPresent) {
wolfSSL	15:117db924cf7c	23206	qshSz = QSH_KeyGetSize(ssl);
wolfSSL	15:117db924cf7c	23207	}
wolfSSL	15:117db924cf7c	23208	#endif
wolfSSL	15:117db924cf7c	23209
wolfSSL	15:117db924cf7c	23210	if (ssl->options.tls \|\| ssl->specs.kea == diffie_hellman_kea) {
wolfSSL	15:117db924cf7c	23211	tlsSz = 2;
wolfSSL	15:117db924cf7c	23212	}
wolfSSL	15:117db924cf7c	23213
wolfSSL	15:117db924cf7c	23214	if (ssl->specs.kea == ecc_diffie_hellman_kea \|\|
wolfSSL	15:117db924cf7c	23215	ssl->specs.kea == dhe_psk_kea \|\|
wolfSSL	15:117db924cf7c	23216	ssl->specs.kea == ecdhe_psk_kea) { /* always off */
wolfSSL	15:117db924cf7c	23217	tlsSz = 0;
wolfSSL	15:117db924cf7c	23218	}
wolfSSL	15:117db924cf7c	23219
wolfSSL	15:117db924cf7c	23220	idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	23221	args->sendSz = args->encSz + tlsSz + idx;
wolfSSL	15:117db924cf7c	23222
wolfSSL	15:117db924cf7c	23223	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23224	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	23225	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	23226	args->sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	15:117db924cf7c	23227	}
wolfSSL	15:117db924cf7c	23228	#endif
wolfSSL	15:117db924cf7c	23229
wolfSSL	15:117db924cf7c	23230	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23231	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	23232	}
wolfSSL	15:117db924cf7c	23233
wolfSSL	15:117db924cf7c	23234	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	23235	args->encSz += qshSz;
wolfSSL	15:117db924cf7c	23236	args->sendSz += qshSz;
wolfSSL	15:117db924cf7c	23237	#endif
wolfSSL	15:117db924cf7c	23238
wolfSSL	15:117db924cf7c	23239	/* check for available size */
wolfSSL	15:117db924cf7c	23240	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	23241	goto exit_scke;
wolfSSL	15:117db924cf7c	23242	}
wolfSSL	15:117db924cf7c	23243
wolfSSL	15:117db924cf7c	23244	/* get output buffer */
wolfSSL	15:117db924cf7c	23245	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	23246	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	23247
wolfSSL	15:117db924cf7c	23248	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	23249	if (ssl->peerQSHKeyPresent) {
wolfSSL	15:117db924cf7c	23250	byte idxSave = idx;
wolfSSL	15:117db924cf7c	23251	idx = args->sendSz - qshSz;
wolfSSL	15:117db924cf7c	23252
wolfSSL	15:117db924cf7c	23253	if (QSH_KeyExchangeWrite(ssl, 0) != 0) {
wolfSSL	15:117db924cf7c	23254	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	23255	}
wolfSSL	15:117db924cf7c	23256
wolfSSL	15:117db924cf7c	23257	/* extension type */
wolfSSL	15:117db924cf7c	23258	c16toa(TLSX_QUANTUM_SAFE_HYBRID, args->output + idx);
wolfSSL	15:117db924cf7c	23259	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23260
wolfSSL	15:117db924cf7c	23261	/* write to output and check amount written */
wolfSSL	15:117db924cf7c	23262	if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL	15:117db924cf7c	23263	args->output + idx) > qshSz - OPAQUE16_LEN) {
wolfSSL	15:117db924cf7c	23264	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	23265	}
wolfSSL	15:117db924cf7c	23266
wolfSSL	15:117db924cf7c	23267	idx = idxSave;
wolfSSL	15:117db924cf7c	23268	}
wolfSSL	15:117db924cf7c	23269	#endif
wolfSSL	15:117db924cf7c	23270
wolfSSL	15:117db924cf7c	23271	AddHeaders(args->output, args->encSz + tlsSz, client_key_exchange, ssl);
wolfSSL	15:117db924cf7c	23272
wolfSSL	15:117db924cf7c	23273	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	23274	if (ssl->peerQSHKeyPresent) {
wolfSSL	15:117db924cf7c	23275	args->encSz -= qshSz;
wolfSSL	15:117db924cf7c	23276	}
wolfSSL	15:117db924cf7c	23277	#endif
wolfSSL	15:117db924cf7c	23278	if (tlsSz) {
wolfSSL	15:117db924cf7c	23279	c16toa((word16)args->encSz, &args->output[idx]);
wolfSSL	15:117db924cf7c	23280	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23281	}
wolfSSL	15:117db924cf7c	23282	XMEMCPY(args->output + idx, args->encSecret, args->encSz);
wolfSSL	15:117db924cf7c	23283	idx += args->encSz;
wolfSSL	15:117db924cf7c	23284
wolfSSL	15:117db924cf7c	23285	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23286	args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */
wolfSSL	15:117db924cf7c	23287	args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL	15:117db924cf7c	23288	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	23289	if (args->input == NULL) {
wolfSSL	15:117db924cf7c	23290	ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL	15:117db924cf7c	23291	}
wolfSSL	15:117db924cf7c	23292
wolfSSL	15:117db924cf7c	23293	XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	23294	args->inputSz);
wolfSSL	15:117db924cf7c	23295	}
wolfSSL	15:117db924cf7c	23296
wolfSSL	15:117db924cf7c	23297	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23298	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	23299	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	23300	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23301
wolfSSL	15:117db924cf7c	23302	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	23303	{
wolfSSL	15:117db924cf7c	23304	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23305	ret = BuildMessage(ssl, args->output, args->sendSz,
wolfSSL	15:117db924cf7c	23306	args->input, args->inputSz, handshake, 1, 0, 0);
wolfSSL	15:117db924cf7c	23307	XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	23308	args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL	15:117db924cf7c	23309
wolfSSL	15:117db924cf7c	23310	if (ret >= 0) {
wolfSSL	15:117db924cf7c	23311	args->sendSz = ret;
wolfSSL	15:117db924cf7c	23312	ret = 0;
wolfSSL	15:117db924cf7c	23313	}
wolfSSL	15:117db924cf7c	23314	}
wolfSSL	15:117db924cf7c	23315	else {
wolfSSL	15:117db924cf7c	23316	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23317	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	23318	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	23319	#endif
wolfSSL	15:117db924cf7c	23320	ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL	15:117db924cf7c	23321	}
wolfSSL	15:117db924cf7c	23322
wolfSSL	15:117db924cf7c	23323	if (ret != 0) {
wolfSSL	15:117db924cf7c	23324	goto exit_scke;
wolfSSL	15:117db924cf7c	23325	}
wolfSSL	15:117db924cf7c	23326
wolfSSL	15:117db924cf7c	23327	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23328	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	23329	if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	23330	goto exit_scke;
wolfSSL	15:117db924cf7c	23331	}
wolfSSL	15:117db924cf7c	23332	}
wolfSSL	15:117db924cf7c	23333	#endif
wolfSSL	15:117db924cf7c	23334
wolfSSL	15:117db924cf7c	23335	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	23336	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	23337	AddPacketName(ssl, "ClientKeyExchange");
wolfSSL	15:117db924cf7c	23338	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	23339	AddPacketInfo(ssl, "ClientKeyExchange", handshake,
wolfSSL	15:117db924cf7c	23340	args->output, args->sendSz, WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	23341	#endif
wolfSSL	15:117db924cf7c	23342
wolfSSL	15:117db924cf7c	23343	ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL	15:117db924cf7c	23344
wolfSSL	15:117db924cf7c	23345	if (!ssl->options.groupMessages) {
wolfSSL	15:117db924cf7c	23346	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	23347	}
wolfSSL	15:117db924cf7c	23348	if (ret == 0 \|\| ret == WANT_WRITE) {
wolfSSL	15:117db924cf7c	23349	int tmpRet = MakeMasterSecret(ssl);
wolfSSL	15:117db924cf7c	23350	if (tmpRet != 0) {
wolfSSL	15:117db924cf7c	23351	ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL	15:117db924cf7c	23352	}
wolfSSL	15:117db924cf7c	23353	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	23354	}
wolfSSL	15:117db924cf7c	23355	break;
wolfSSL	15:117db924cf7c	23356	}
wolfSSL	15:117db924cf7c	23357	default:
wolfSSL	15:117db924cf7c	23358	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	23359	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	23360
wolfSSL	15:117db924cf7c	23361	exit_scke:
wolfSSL	15:117db924cf7c	23362
wolfSSL	15:117db924cf7c	23363	WOLFSSL_LEAVE("SendClientKeyExchange", ret);
wolfSSL	15:117db924cf7c	23364	WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND);
wolfSSL	15:117db924cf7c	23365
wolfSSL	15:117db924cf7c	23366	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23367	/* Handle async operation */
wolfSSL	15:117db924cf7c	23368	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	23369	return ret;
wolfSSL	15:117db924cf7c	23370	#endif
wolfSSL	15:117db924cf7c	23371
wolfSSL	15:117db924cf7c	23372	/* No further need for PMS */
wolfSSL	16:8e0d178b1d1e	23373	if (ssl->arrays->preMasterSecret != NULL) {
wolfSSL	16:8e0d178b1d1e	23374	ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL	16:8e0d178b1d1e	23375	}
wolfSSL	15:117db924cf7c	23376	ssl->arrays->preMasterSz = 0;
wolfSSL	15:117db924cf7c	23377
wolfSSL	15:117db924cf7c	23378	/* Final cleanup */
wolfSSL	15:117db924cf7c	23379	FreeSckeArgs(ssl, args);
wolfSSL	15:117db924cf7c	23380	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	23381
wolfSSL	15:117db924cf7c	23382	return ret;
wolfSSL	15:117db924cf7c	23383	}
wolfSSL	15:117db924cf7c	23384
wolfSSL	15:117db924cf7c	23385	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	23386
wolfSSL	15:117db924cf7c	23387	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	23388
wolfSSL	15:117db924cf7c	23389	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	23390	int GetPrivateKeySigSize(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	23391	{
wolfSSL	15:117db924cf7c	23392	int sigSz = 0;
wolfSSL	15:117db924cf7c	23393
wolfSSL	15:117db924cf7c	23394	if (ssl == NULL)
wolfSSL	15:117db924cf7c	23395	return 0;
wolfSSL	15:117db924cf7c	23396
wolfSSL	15:117db924cf7c	23397	switch (ssl->buffers.keyType) {
wolfSSL	15:117db924cf7c	23398	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23399	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	23400	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	23401	#endif
wolfSSL	15:117db924cf7c	23402	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	23403	sigSz = ssl->buffers.keySz;
wolfSSL	15:117db924cf7c	23404	ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL	15:117db924cf7c	23405	break;
wolfSSL	15:117db924cf7c	23406	#endif
wolfSSL	15:117db924cf7c	23407	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	23408	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	23409	sigSz = wc_ecc_sig_size_calc(ssl->buffers.keySz);
wolfSSL	15:117db924cf7c	23410	ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	23411	break;
wolfSSL	15:117db924cf7c	23412	#endif
wolfSSL	15:117db924cf7c	23413	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	23414	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	23415	sigSz = ED25519_SIG_SIZE; /* fixed known value */
wolfSSL	15:117db924cf7c	23416	ssl->hsType = DYNAMIC_TYPE_ED25519;
wolfSSL	15:117db924cf7c	23417	break;
wolfSSL	15:117db924cf7c	23418	#endif
wolfSSL	16:8e0d178b1d1e	23419	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	23420	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	23421	sigSz = ED448_SIG_SIZE; /* fixed known value */
wolfSSL	16:8e0d178b1d1e	23422	ssl->hsType = DYNAMIC_TYPE_ED448;
wolfSSL	16:8e0d178b1d1e	23423	break;
wolfSSL	16:8e0d178b1d1e	23424	#endif
wolfSSL	15:117db924cf7c	23425	default:
wolfSSL	15:117db924cf7c	23426	break;
wolfSSL	15:117db924cf7c	23427	}
wolfSSL	15:117db924cf7c	23428	return sigSz;
wolfSSL	15:117db924cf7c	23429	}
wolfSSL	15:117db924cf7c	23430	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	15:117db924cf7c	23431
wolfSSL	15:117db924cf7c	23432	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	23433
wolfSSL	15:117db924cf7c	23434	#ifndef WOLFSSL_NO_CLIENT_AUTH
wolfSSL	15:117db924cf7c	23435	typedef struct ScvArgs {
wolfSSL	15:117db924cf7c	23436	byte* output; /* not allocated */
wolfSSL	15:117db924cf7c	23437	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23438	byte* verifySig;
wolfSSL	15:117db924cf7c	23439	#endif
wolfSSL	15:117db924cf7c	23440	byte* verify; /* not allocated */
wolfSSL	15:117db924cf7c	23441	byte* input;
wolfSSL	15:117db924cf7c	23442	word32 idx;
wolfSSL	15:117db924cf7c	23443	word32 extraSz;
wolfSSL	15:117db924cf7c	23444	word32 sigSz;
wolfSSL	15:117db924cf7c	23445	int sendSz;
wolfSSL	15:117db924cf7c	23446	int inputSz;
wolfSSL	15:117db924cf7c	23447	word16 length;
wolfSSL	15:117db924cf7c	23448	byte sigAlgo;
wolfSSL	15:117db924cf7c	23449	} ScvArgs;
wolfSSL	15:117db924cf7c	23450
wolfSSL	15:117db924cf7c	23451	static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	23452	{
wolfSSL	15:117db924cf7c	23453	ScvArgs* args = (ScvArgs*)pArgs;
wolfSSL	15:117db924cf7c	23454
wolfSSL	15:117db924cf7c	23455	(void)ssl;
wolfSSL	15:117db924cf7c	23456
wolfSSL	15:117db924cf7c	23457	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23458	if (args->verifySig) {
wolfSSL	15:117db924cf7c	23459	XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	23460	args->verifySig = NULL;
wolfSSL	15:117db924cf7c	23461	}
wolfSSL	15:117db924cf7c	23462	#endif
wolfSSL	15:117db924cf7c	23463	if (args->input) {
wolfSSL	15:117db924cf7c	23464	XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	23465	args->input = NULL;
wolfSSL	15:117db924cf7c	23466	}
wolfSSL	15:117db924cf7c	23467	}
wolfSSL	15:117db924cf7c	23468
wolfSSL	15:117db924cf7c	23469	/* handle generation of certificate_verify (15) */
wolfSSL	15:117db924cf7c	23470	int SendCertificateVerify(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	23471	{
wolfSSL	15:117db924cf7c	23472	int ret = 0;
wolfSSL	15:117db924cf7c	23473	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23474	ScvArgs* args = (ScvArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	23475	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	23476	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	23477	#else
wolfSSL	15:117db924cf7c	23478	ScvArgs args[1];
wolfSSL	15:117db924cf7c	23479	#endif
wolfSSL	15:117db924cf7c	23480
wolfSSL	15:117db924cf7c	23481	WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND);
wolfSSL	15:117db924cf7c	23482	WOLFSSL_ENTER("SendCertificateVerify");
wolfSSL	15:117db924cf7c	23483
wolfSSL	15:117db924cf7c	23484	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23485	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	23486	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	23487	/* Check for error */
wolfSSL	15:117db924cf7c	23488	if (ret < 0)
wolfSSL	15:117db924cf7c	23489	goto exit_scv;
wolfSSL	15:117db924cf7c	23490	}
wolfSSL	15:117db924cf7c	23491	else
wolfSSL	15:117db924cf7c	23492	#endif
wolfSSL	15:117db924cf7c	23493	{
wolfSSL	15:117db924cf7c	23494	/* Reset state */
wolfSSL	15:117db924cf7c	23495	ret = 0;
wolfSSL	15:117db924cf7c	23496	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	23497	XMEMSET(args, 0, sizeof(ScvArgs));
wolfSSL	15:117db924cf7c	23498	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23499	ssl->async.freeArgs = FreeScvArgs;
wolfSSL	15:117db924cf7c	23500	#endif
wolfSSL	15:117db924cf7c	23501	}
wolfSSL	15:117db924cf7c	23502
wolfSSL	15:117db924cf7c	23503	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	23504	{
wolfSSL	15:117db924cf7c	23505	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	23506	{
wolfSSL	15:117db924cf7c	23507	if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL	15:117db924cf7c	23508	return 0; /* sent blank cert, can't verify */
wolfSSL	15:117db924cf7c	23509	}
wolfSSL	15:117db924cf7c	23510
wolfSSL	16:8e0d178b1d1e	23511	args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	23512	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23513	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	15:117db924cf7c	23514	}
wolfSSL	15:117db924cf7c	23515
wolfSSL	15:117db924cf7c	23516	/* check for available size */
wolfSSL	15:117db924cf7c	23517	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	23518	goto exit_scv;
wolfSSL	15:117db924cf7c	23519	}
wolfSSL	15:117db924cf7c	23520
wolfSSL	15:117db924cf7c	23521	/* get output buffer */
wolfSSL	15:117db924cf7c	23522	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	23523	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	23524
wolfSSL	15:117db924cf7c	23525	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23526	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	23527	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	23528	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23529
wolfSSL	15:117db924cf7c	23530	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	23531	{
wolfSSL	15:117db924cf7c	23532	ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL	15:117db924cf7c	23533	if (ret != 0) {
wolfSSL	15:117db924cf7c	23534	goto exit_scv;
wolfSSL	15:117db924cf7c	23535	}
wolfSSL	15:117db924cf7c	23536
wolfSSL	15:117db924cf7c	23537	if (ssl->buffers.key == NULL) {
wolfSSL	15:117db924cf7c	23538	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	23539	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
wolfSSL	15:117db924cf7c	23540	args->length = GetPrivateKeySigSize(ssl);
wolfSSL	15:117db924cf7c	23541	else
wolfSSL	15:117db924cf7c	23542	#endif
wolfSSL	15:117db924cf7c	23543	ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
wolfSSL	15:117db924cf7c	23544	}
wolfSSL	15:117db924cf7c	23545	else {
wolfSSL	15:117db924cf7c	23546	/* Decode private key. */
wolfSSL	15:117db924cf7c	23547	ret = DecodePrivateKey(ssl, &args->length);
wolfSSL	15:117db924cf7c	23548	if (ret != 0) {
wolfSSL	15:117db924cf7c	23549	goto exit_scv;
wolfSSL	15:117db924cf7c	23550	}
wolfSSL	15:117db924cf7c	23551	}
wolfSSL	15:117db924cf7c	23552
wolfSSL	16:8e0d178b1d1e	23553	if (args->length == 0) {
wolfSSL	15:117db924cf7c	23554	ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
wolfSSL	15:117db924cf7c	23555	}
wolfSSL	15:117db924cf7c	23556
wolfSSL	15:117db924cf7c	23557	/* idx is used to track verify pointer offset to output */
wolfSSL	15:117db924cf7c	23558	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	23559	args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
wolfSSL	15:117db924cf7c	23560	args->extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL	15:117db924cf7c	23561
wolfSSL	15:117db924cf7c	23562	/* build encoded signature buffer */
wolfSSL	15:117db924cf7c	23563	ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
wolfSSL	15:117db924cf7c	23564	ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	23565	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	23566	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	23567	ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL	15:117db924cf7c	23568	}
wolfSSL	15:117db924cf7c	23569
wolfSSL	15:117db924cf7c	23570	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23571	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	23572	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	23573	args->verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	23574	}
wolfSSL	15:117db924cf7c	23575	#endif
wolfSSL	15:117db924cf7c	23576
wolfSSL	15:117db924cf7c	23577	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	23578	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	23579	/* old tls default */
wolfSSL	15:117db924cf7c	23580	SetDigest(ssl, sha_mac);
wolfSSL	15:117db924cf7c	23581	#endif
wolfSSL	15:117db924cf7c	23582	#else
wolfSSL	15:117db924cf7c	23583	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	23584	/* new tls default */
wolfSSL	15:117db924cf7c	23585	SetDigest(ssl, sha256_mac);
wolfSSL	15:117db924cf7c	23586	#endif
wolfSSL	15:117db924cf7c	23587	#endif /* !NO_OLD_TLS */
wolfSSL	15:117db924cf7c	23588
wolfSSL	15:117db924cf7c	23589	if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL	15:117db924cf7c	23590	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	23591	if (IsAtLeastTLSv1_2(ssl) &&
wolfSSL	15:117db924cf7c	23592	(ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) {
wolfSSL	15:117db924cf7c	23593	args->sigAlgo = rsa_pss_sa_algo;
wolfSSL	15:117db924cf7c	23594	}
wolfSSL	15:117db924cf7c	23595	else
wolfSSL	15:117db924cf7c	23596	#endif
wolfSSL	15:117db924cf7c	23597	args->sigAlgo = rsa_sa_algo;
wolfSSL	15:117db924cf7c	23598	}
wolfSSL	15:117db924cf7c	23599	else if (ssl->hsType == DYNAMIC_TYPE_ECC)
wolfSSL	15:117db924cf7c	23600	args->sigAlgo = ecc_dsa_sa_algo;
wolfSSL	15:117db924cf7c	23601	else if (ssl->hsType == DYNAMIC_TYPE_ED25519)
wolfSSL	15:117db924cf7c	23602	args->sigAlgo = ed25519_sa_algo;
wolfSSL	16:8e0d178b1d1e	23603	else if (ssl->hsType == DYNAMIC_TYPE_ED448)
wolfSSL	16:8e0d178b1d1e	23604	args->sigAlgo = ed448_sa_algo;
wolfSSL	15:117db924cf7c	23605
wolfSSL	15:117db924cf7c	23606	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	23607	EncodeSigAlg(ssl->suites->hashAlgo, args->sigAlgo,
wolfSSL	15:117db924cf7c	23608	args->verify);
wolfSSL	15:117db924cf7c	23609	args->extraSz = HASH_SIG_SIZE;
wolfSSL	15:117db924cf7c	23610	SetDigest(ssl, ssl->suites->hashAlgo);
wolfSSL	15:117db924cf7c	23611	}
wolfSSL	15:117db924cf7c	23612	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	23613	else {
wolfSSL	15:117db924cf7c	23614	/* if old TLS load MD5 and SHA hash as value to sign */
wolfSSL	15:117db924cf7c	23615	XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	23616	(byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
wolfSSL	15:117db924cf7c	23617	}
wolfSSL	15:117db924cf7c	23618	#endif
wolfSSL	15:117db924cf7c	23619
wolfSSL	15:117db924cf7c	23620	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23621	if (args->sigAlgo == rsa_sa_algo) {
wolfSSL	15:117db924cf7c	23622	ssl->buffers.sig.length = FINISHED_SZ;
wolfSSL	15:117db924cf7c	23623	args->sigSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	23624
wolfSSL	15:117db924cf7c	23625	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	23626	ssl->buffers.sig.length = wc_EncodeSignature(
wolfSSL	15:117db924cf7c	23627	ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	23628	ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	23629	TypeHash(ssl->suites->hashAlgo));
wolfSSL	15:117db924cf7c	23630	}
wolfSSL	15:117db924cf7c	23631
wolfSSL	15:117db924cf7c	23632	/* prepend hdr */
wolfSSL	15:117db924cf7c	23633	c16toa(args->length, args->verify + args->extraSz);
wolfSSL	15:117db924cf7c	23634	}
wolfSSL	16:8e0d178b1d1e	23635	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	23636	else if (args->sigAlgo == rsa_pss_sa_algo) {
wolfSSL	15:117db924cf7c	23637	XMEMCPY(ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	23638	ssl->buffers.digest.length);
wolfSSL	15:117db924cf7c	23639	ssl->buffers.sig.length = ssl->buffers.digest.length;
wolfSSL	15:117db924cf7c	23640	args->sigSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	23641
wolfSSL	15:117db924cf7c	23642	/* prepend hdr */
wolfSSL	15:117db924cf7c	23643	c16toa(args->length, args->verify + args->extraSz);
wolfSSL	15:117db924cf7c	23644	}
wolfSSL	16:8e0d178b1d1e	23645	#endif
wolfSSL	15:117db924cf7c	23646	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	23647	#if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	23648	if (args->sigAlgo == ed25519_sa_algo) {
wolfSSL	15:117db924cf7c	23649	ret = Ed25519CheckPubKey(ssl);
wolfSSL	15:117db924cf7c	23650	if (ret != 0)
wolfSSL	15:117db924cf7c	23651	goto exit_scv;
wolfSSL	15:117db924cf7c	23652	}
wolfSSL	15:117db924cf7c	23653	#endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	23654	#if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	23655	if (args->sigAlgo == ed448_sa_algo) {
wolfSSL	16:8e0d178b1d1e	23656	ret = Ed448CheckPubKey(ssl);
wolfSSL	16:8e0d178b1d1e	23657	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	23658	goto exit_scv;
wolfSSL	16:8e0d178b1d1e	23659	}
wolfSSL	16:8e0d178b1d1e	23660	#endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	23661
wolfSSL	15:117db924cf7c	23662	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23663	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	23664	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	23665	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23666
wolfSSL	15:117db924cf7c	23667	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	23668	{
wolfSSL	15:117db924cf7c	23669	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	23670	if (ssl->hsType == DYNAMIC_TYPE_ECC) {
wolfSSL	15:117db924cf7c	23671	ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	23672
wolfSSL	15:117db924cf7c	23673	ret = EccSign(ssl,
wolfSSL	15:117db924cf7c	23674	ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL	16:8e0d178b1d1e	23675	ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	23676	key,
wolfSSL	15:117db924cf7c	23677	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	23678	ssl->buffers.key
wolfSSL	15:117db924cf7c	23679	#else
wolfSSL	15:117db924cf7c	23680	NULL
wolfSSL	15:117db924cf7c	23681	#endif
wolfSSL	15:117db924cf7c	23682	);
wolfSSL	15:117db924cf7c	23683	}
wolfSSL	15:117db924cf7c	23684	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	23685	#if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	23686	if (ssl->hsType == DYNAMIC_TYPE_ED25519) {
wolfSSL	15:117db924cf7c	23687	ed25519_key* key = (ed25519_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	23688
wolfSSL	15:117db924cf7c	23689	ret = Ed25519Sign(ssl,
wolfSSL	15:117db924cf7c	23690	ssl->hsHashes->messages, ssl->hsHashes->length,
wolfSSL	16:8e0d178b1d1e	23691	ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	23692	key,
wolfSSL	15:117db924cf7c	23693	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	23694	ssl->buffers.key
wolfSSL	15:117db924cf7c	23695	#else
wolfSSL	15:117db924cf7c	23696	NULL
wolfSSL	15:117db924cf7c	23697	#endif
wolfSSL	15:117db924cf7c	23698	);
wolfSSL	15:117db924cf7c	23699	}
wolfSSL	15:117db924cf7c	23700	#endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	23701	#if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	23702	if (ssl->hsType == DYNAMIC_TYPE_ED448) {
wolfSSL	16:8e0d178b1d1e	23703	ed448_key* key = (ed448_key*)ssl->hsKey;
wolfSSL	16:8e0d178b1d1e	23704
wolfSSL	16:8e0d178b1d1e	23705	ret = Ed448Sign(ssl,
wolfSSL	16:8e0d178b1d1e	23706	ssl->hsHashes->messages, ssl->hsHashes->length,
wolfSSL	16:8e0d178b1d1e	23707	ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length,
wolfSSL	16:8e0d178b1d1e	23708	key,
wolfSSL	16:8e0d178b1d1e	23709	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	23710	ssl->buffers.key
wolfSSL	16:8e0d178b1d1e	23711	#else
wolfSSL	16:8e0d178b1d1e	23712	NULL
wolfSSL	16:8e0d178b1d1e	23713	#endif
wolfSSL	16:8e0d178b1d1e	23714	);
wolfSSL	16:8e0d178b1d1e	23715	}
wolfSSL	16:8e0d178b1d1e	23716	#endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	23717	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	23718	if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL	15:117db924cf7c	23719	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	23720
wolfSSL	15:117db924cf7c	23721	/* restore verify pointer */
wolfSSL	15:117db924cf7c	23722	args->verify = &args->output[args->idx];
wolfSSL	15:117db924cf7c	23723
wolfSSL	15:117db924cf7c	23724	ret = RsaSign(ssl,
wolfSSL	15:117db924cf7c	23725	ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	23726	args->verify + args->extraSz + VERIFY_HEADER, &args->sigSz,
wolfSSL	15:117db924cf7c	23727	args->sigAlgo, ssl->suites->hashAlgo, key,
wolfSSL	15:117db924cf7c	23728	ssl->buffers.key
wolfSSL	15:117db924cf7c	23729	);
wolfSSL	15:117db924cf7c	23730	}
wolfSSL	15:117db924cf7c	23731	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	23732
wolfSSL	15:117db924cf7c	23733	/* Check for error */
wolfSSL	15:117db924cf7c	23734	if (ret != 0) {
wolfSSL	15:117db924cf7c	23735	goto exit_scv;
wolfSSL	15:117db924cf7c	23736	}
wolfSSL	15:117db924cf7c	23737
wolfSSL	15:117db924cf7c	23738	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23739	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	23740	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	23741	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23742
wolfSSL	15:117db924cf7c	23743	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	23744	{
wolfSSL	15:117db924cf7c	23745	/* restore verify pointer */
wolfSSL	15:117db924cf7c	23746	args->verify = &args->output[args->idx];
wolfSSL	15:117db924cf7c	23747
wolfSSL	16:8e0d178b1d1e	23748	switch (ssl->hsType) {
wolfSSL	16:8e0d178b1d1e	23749	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448)
wolfSSL	16:8e0d178b1d1e	23750	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	23751	case DYNAMIC_TYPE_ECC:
wolfSSL	16:8e0d178b1d1e	23752	#endif
wolfSSL	16:8e0d178b1d1e	23753	#ifdef HAVE_ED25519
wolfSSL	16:8e0d178b1d1e	23754	case DYNAMIC_TYPE_ED25519:
wolfSSL	16:8e0d178b1d1e	23755	#endif
wolfSSL	16:8e0d178b1d1e	23756	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	23757	case DYNAMIC_TYPE_ED448:
wolfSSL	16:8e0d178b1d1e	23758	#endif
wolfSSL	16:8e0d178b1d1e	23759	args->length = (word16)ssl->buffers.sig.length;
wolfSSL	16:8e0d178b1d1e	23760	/* prepend hdr */
wolfSSL	16:8e0d178b1d1e	23761	c16toa(args->length, args->verify + args->extraSz);
wolfSSL	16:8e0d178b1d1e	23762	XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
wolfSSL	16:8e0d178b1d1e	23763	ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL	16:8e0d178b1d1e	23764	break;
wolfSSL	16:8e0d178b1d1e	23765	#endif
wolfSSL	16:8e0d178b1d1e	23766	#ifndef NO_RSA
wolfSSL	16:8e0d178b1d1e	23767	case DYNAMIC_TYPE_RSA:
wolfSSL	16:8e0d178b1d1e	23768	{
wolfSSL	16:8e0d178b1d1e	23769	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	16:8e0d178b1d1e	23770
wolfSSL	15:117db924cf7c	23771	if (args->verifySig == NULL) {
wolfSSL	16:8e0d178b1d1e	23772	args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap,
wolfSSL	16:8e0d178b1d1e	23773	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	16:8e0d178b1d1e	23774	if (args->verifySig == NULL) {
wolfSSL	16:8e0d178b1d1e	23775	ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL	16:8e0d178b1d1e	23776	}
wolfSSL	16:8e0d178b1d1e	23777	XMEMCPY(args->verifySig, args->verify + args->extraSz +
wolfSSL	15:117db924cf7c	23778	VERIFY_HEADER, args->sigSz);
wolfSSL	16:8e0d178b1d1e	23779	}
wolfSSL	16:8e0d178b1d1e	23780
wolfSSL	16:8e0d178b1d1e	23781	/* check for signature faults */
wolfSSL	16:8e0d178b1d1e	23782	ret = VerifyRsaSign(ssl,
wolfSSL	16:8e0d178b1d1e	23783	args->verifySig, args->sigSz,
wolfSSL	16:8e0d178b1d1e	23784	ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL	16:8e0d178b1d1e	23785	args->sigAlgo, ssl->suites->hashAlgo, key,
wolfSSL	16:8e0d178b1d1e	23786	ssl->buffers.key
wolfSSL	16:8e0d178b1d1e	23787	);
wolfSSL	16:8e0d178b1d1e	23788	break;
wolfSSL	16:8e0d178b1d1e	23789	}
wolfSSL	16:8e0d178b1d1e	23790	#endif /* !NO_RSA */
wolfSSL	16:8e0d178b1d1e	23791	default:
wolfSSL	16:8e0d178b1d1e	23792	break;
wolfSSL	16:8e0d178b1d1e	23793	}
wolfSSL	15:117db924cf7c	23794
wolfSSL	15:117db924cf7c	23795	/* Check for error */
wolfSSL	15:117db924cf7c	23796	if (ret != 0) {
wolfSSL	15:117db924cf7c	23797	goto exit_scv;
wolfSSL	15:117db924cf7c	23798	}
wolfSSL	15:117db924cf7c	23799
wolfSSL	15:117db924cf7c	23800	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23801	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	23802	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	23803	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23804
wolfSSL	15:117db924cf7c	23805	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	23806	{
wolfSSL	15:117db924cf7c	23807	if (args->output == NULL) {
wolfSSL	15:117db924cf7c	23808	ERROR_OUT(BUFFER_ERROR, exit_scv);
wolfSSL	15:117db924cf7c	23809	}
wolfSSL	15:117db924cf7c	23810	AddHeaders(args->output, (word32)args->length + args->extraSz +
wolfSSL	15:117db924cf7c	23811	VERIFY_HEADER, certificate_verify, ssl);
wolfSSL	15:117db924cf7c	23812
wolfSSL	15:117db924cf7c	23813	args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
wolfSSL	15:117db924cf7c	23814	(word32)args->length + args->extraSz + VERIFY_HEADER;
wolfSSL	15:117db924cf7c	23815
wolfSSL	15:117db924cf7c	23816	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23817	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	23818	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	23819	}
wolfSSL	15:117db924cf7c	23820	#endif
wolfSSL	15:117db924cf7c	23821
wolfSSL	15:117db924cf7c	23822	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23823	args->inputSz = args->sendSz - RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	23824	/* build msg adds rec hdr */
wolfSSL	15:117db924cf7c	23825	args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL	15:117db924cf7c	23826	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	23827	if (args->input == NULL) {
wolfSSL	15:117db924cf7c	23828	ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL	15:117db924cf7c	23829	}
wolfSSL	15:117db924cf7c	23830
wolfSSL	15:117db924cf7c	23831	XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	23832	args->inputSz);
wolfSSL	15:117db924cf7c	23833	}
wolfSSL	15:117db924cf7c	23834
wolfSSL	15:117db924cf7c	23835	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	23836	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	23837	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	23838	FALL_THROUGH;
wolfSSL	15:117db924cf7c	23839
wolfSSL	15:117db924cf7c	23840	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	23841	{
wolfSSL	15:117db924cf7c	23842	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	15:117db924cf7c	23843	ret = BuildMessage(ssl, args->output,
wolfSSL	15:117db924cf7c	23844	MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
wolfSSL	15:117db924cf7c	23845	args->input, args->inputSz, handshake,
wolfSSL	15:117db924cf7c	23846	1, 0, 1);
wolfSSL	15:117db924cf7c	23847	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23848	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	23849	goto exit_scv;
wolfSSL	15:117db924cf7c	23850	#endif
wolfSSL	15:117db924cf7c	23851
wolfSSL	15:117db924cf7c	23852	XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	15:117db924cf7c	23853	args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL	15:117db924cf7c	23854
wolfSSL	15:117db924cf7c	23855	if (ret >= 0) {
wolfSSL	15:117db924cf7c	23856	args->sendSz = ret;
wolfSSL	15:117db924cf7c	23857	ret = 0;
wolfSSL	15:117db924cf7c	23858	}
wolfSSL	15:117db924cf7c	23859	}
wolfSSL	15:117db924cf7c	23860	else {
wolfSSL	15:117db924cf7c	23861	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23862	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	23863	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	15:117db924cf7c	23864	#endif
wolfSSL	15:117db924cf7c	23865	ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL	15:117db924cf7c	23866	}
wolfSSL	15:117db924cf7c	23867
wolfSSL	15:117db924cf7c	23868	if (ret != 0) {
wolfSSL	15:117db924cf7c	23869	goto exit_scv;
wolfSSL	15:117db924cf7c	23870	}
wolfSSL	15:117db924cf7c	23871
wolfSSL	15:117db924cf7c	23872	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	23873	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	23874	ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz);
wolfSSL	15:117db924cf7c	23875	}
wolfSSL	15:117db924cf7c	23876	#endif
wolfSSL	15:117db924cf7c	23877
wolfSSL	15:117db924cf7c	23878
wolfSSL	15:117db924cf7c	23879	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	23880	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	23881	AddPacketName(ssl, "CertificateVerify");
wolfSSL	15:117db924cf7c	23882	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	23883	AddPacketInfo(ssl, "CertificateVerify", handshake,
wolfSSL	15:117db924cf7c	23884	args->output, args->sendSz, WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	23885	#endif
wolfSSL	15:117db924cf7c	23886
wolfSSL	15:117db924cf7c	23887	ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL	15:117db924cf7c	23888
wolfSSL	15:117db924cf7c	23889	if (!ssl->options.groupMessages) {
wolfSSL	15:117db924cf7c	23890	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	23891	}
wolfSSL	15:117db924cf7c	23892	break;
wolfSSL	15:117db924cf7c	23893	}
wolfSSL	15:117db924cf7c	23894	default:
wolfSSL	15:117db924cf7c	23895	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	23896	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	23897
wolfSSL	15:117db924cf7c	23898	exit_scv:
wolfSSL	15:117db924cf7c	23899
wolfSSL	15:117db924cf7c	23900	WOLFSSL_LEAVE("SendCertificateVerify", ret);
wolfSSL	15:117db924cf7c	23901	WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND);
wolfSSL	15:117db924cf7c	23902
wolfSSL	15:117db924cf7c	23903	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	23904	/* Handle async operation */
wolfSSL	15:117db924cf7c	23905	if (ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	23906	return ret;
wolfSSL	15:117db924cf7c	23907	}
wolfSSL	15:117db924cf7c	23908	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	23909
wolfSSL	15:117db924cf7c	23910	/* Digest is not allocated, so do this to prevent free */
wolfSSL	15:117db924cf7c	23911	ssl->buffers.digest.buffer = NULL;
wolfSSL	15:117db924cf7c	23912	ssl->buffers.digest.length = 0;
wolfSSL	15:117db924cf7c	23913
wolfSSL	15:117db924cf7c	23914	/* Final cleanup */
wolfSSL	15:117db924cf7c	23915	FreeScvArgs(ssl, args);
wolfSSL	15:117db924cf7c	23916	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	23917
wolfSSL	15:117db924cf7c	23918	return ret;
wolfSSL	15:117db924cf7c	23919	}
wolfSSL	15:117db924cf7c	23920	#endif /* WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	23921
wolfSSL	15:117db924cf7c	23922	#endif /* WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	23923
wolfSSL	15:117db924cf7c	23924	#endif /* NO_CERTS */
wolfSSL	15:117db924cf7c	23925
wolfSSL	15:117db924cf7c	23926
wolfSSL	15:117db924cf7c	23927	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	23928	int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
wolfSSL	15:117db924cf7c	23929	{
wolfSSL	15:117db924cf7c	23930	/* Free old dynamic ticket if we already had one */
wolfSSL	15:117db924cf7c	23931	if (ssl->session.isDynamic) {
wolfSSL	15:117db924cf7c	23932	XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL	15:117db924cf7c	23933	ssl->session.ticket = ssl->session.staticTicket;
wolfSSL	15:117db924cf7c	23934	ssl->session.isDynamic = 0;
wolfSSL	15:117db924cf7c	23935	}
wolfSSL	15:117db924cf7c	23936
wolfSSL	15:117db924cf7c	23937	if (length > sizeof(ssl->session.staticTicket)) {
wolfSSL	15:117db924cf7c	23938	byte* sessionTicket =
wolfSSL	15:117db924cf7c	23939	(byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL	15:117db924cf7c	23940	if (sessionTicket == NULL)
wolfSSL	15:117db924cf7c	23941	return MEMORY_E;
wolfSSL	15:117db924cf7c	23942	ssl->session.ticket = sessionTicket;
wolfSSL	15:117db924cf7c	23943	ssl->session.isDynamic = 1;
wolfSSL	15:117db924cf7c	23944	}
wolfSSL	15:117db924cf7c	23945	ssl->session.ticketLen = (word16)length;
wolfSSL	15:117db924cf7c	23946
wolfSSL	15:117db924cf7c	23947	if (length > 0) {
wolfSSL	15:117db924cf7c	23948	XMEMCPY(ssl->session.ticket, ticket, length);
wolfSSL	15:117db924cf7c	23949	if (ssl->session_ticket_cb != NULL) {
wolfSSL	15:117db924cf7c	23950	ssl->session_ticket_cb(ssl,
wolfSSL	15:117db924cf7c	23951	ssl->session.ticket, ssl->session.ticketLen,
wolfSSL	15:117db924cf7c	23952	ssl->session_ticket_ctx);
wolfSSL	15:117db924cf7c	23953	}
wolfSSL	15:117db924cf7c	23954	/* Create a fake sessionID based on the ticket, this will
wolfSSL	16:8e0d178b1d1e	23955	* supersede the existing session cache info. */
wolfSSL	15:117db924cf7c	23956	ssl->options.haveSessionId = 1;
wolfSSL	16:8e0d178b1d1e	23957	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	23958	if (ssl->options.tls1_3) {
wolfSSL	16:8e0d178b1d1e	23959	XMEMCPY(ssl->session.sessionID,
wolfSSL	16:8e0d178b1d1e	23960	ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL	16:8e0d178b1d1e	23961	}
wolfSSL	16:8e0d178b1d1e	23962	else
wolfSSL	16:8e0d178b1d1e	23963	#endif
wolfSSL	16:8e0d178b1d1e	23964	XMEMCPY(ssl->arrays->sessionID,
wolfSSL	15:117db924cf7c	23965	ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL	15:117db924cf7c	23966	}
wolfSSL	15:117db924cf7c	23967
wolfSSL	15:117db924cf7c	23968	return 0;
wolfSSL	15:117db924cf7c	23969	}
wolfSSL	15:117db924cf7c	23970
wolfSSL	15:117db924cf7c	23971	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	23972
wolfSSL	15:117db924cf7c	23973	/* handle processing of session_ticket (4) */
wolfSSL	15:117db924cf7c	23974	static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	23975	word32 size)
wolfSSL	15:117db924cf7c	23976	{
wolfSSL	15:117db924cf7c	23977	word32 begin = *inOutIdx;
wolfSSL	15:117db924cf7c	23978	word32 lifetime;
wolfSSL	15:117db924cf7c	23979	word16 length;
wolfSSL	15:117db924cf7c	23980	int ret;
wolfSSL	15:117db924cf7c	23981
wolfSSL	15:117db924cf7c	23982	if (ssl->expect_session_ticket == 0) {
wolfSSL	15:117db924cf7c	23983	WOLFSSL_MSG("Unexpected session ticket");
wolfSSL	15:117db924cf7c	23984	return SESSION_TICKET_EXPECT_E;
wolfSSL	15:117db924cf7c	23985	}
wolfSSL	15:117db924cf7c	23986
wolfSSL	16:8e0d178b1d1e	23987	if (OPAQUE32_LEN > size)
wolfSSL	15:117db924cf7c	23988	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	23989
wolfSSL	15:117db924cf7c	23990	ato32(input + *inOutIdx, &lifetime);
wolfSSL	15:117db924cf7c	23991	*inOutIdx += OPAQUE32_LEN;
wolfSSL	15:117db924cf7c	23992
wolfSSL	15:117db924cf7c	23993	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	15:117db924cf7c	23994	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	23995
wolfSSL	15:117db924cf7c	23996	ato16(input + *inOutIdx, &length);
wolfSSL	15:117db924cf7c	23997	*inOutIdx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	23998
wolfSSL	15:117db924cf7c	23999	if ((*inOutIdx - begin) + length > size)
wolfSSL	15:117db924cf7c	24000	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	24001
wolfSSL	15:117db924cf7c	24002	if ((ret = SetTicket(ssl, input + *inOutIdx, length)) != 0)
wolfSSL	15:117db924cf7c	24003	return ret;
wolfSSL	15:117db924cf7c	24004	*inOutIdx += length;
wolfSSL	15:117db924cf7c	24005	if (length > 0) {
wolfSSL	15:117db924cf7c	24006	ssl->timeout = lifetime;
wolfSSL	15:117db924cf7c	24007	#ifndef NO_SESSION_CACHE
wolfSSL	15:117db924cf7c	24008	AddSession(ssl);
wolfSSL	15:117db924cf7c	24009	#endif
wolfSSL	15:117db924cf7c	24010	}
wolfSSL	15:117db924cf7c	24011
wolfSSL	15:117db924cf7c	24012	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	15:117db924cf7c	24013	*inOutIdx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	24014	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	24015	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	24016	*inOutIdx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	24017	#endif
wolfSSL	15:117db924cf7c	24018	}
wolfSSL	15:117db924cf7c	24019
wolfSSL	15:117db924cf7c	24020	ssl->expect_session_ticket = 0;
wolfSSL	15:117db924cf7c	24021
wolfSSL	15:117db924cf7c	24022	return 0;
wolfSSL	15:117db924cf7c	24023	}
wolfSSL	15:117db924cf7c	24024
wolfSSL	15:117db924cf7c	24025	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	24026
wolfSSL	15:117db924cf7c	24027	#endif /* HAVE_SESSION_TICKET */
wolfSSL	15:117db924cf7c	24028
wolfSSL	15:117db924cf7c	24029	#endif /* NO_WOLFSSL_CLIENT */
wolfSSL	15:117db924cf7c	24030
wolfSSL	16:8e0d178b1d1e	24031	#ifdef HAVE_ECC
wolfSSL	16:8e0d178b1d1e	24032	/* returns the WOLFSSL_* version of the curve from the OID sum */
wolfSSL	16:8e0d178b1d1e	24033	word16 GetCurveByOID(int oidSum) {
wolfSSL	16:8e0d178b1d1e	24034	switch(oidSum) {
wolfSSL	15:117db924cf7c	24035	#if defined(HAVE_ECC160) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24036	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24037	case ECC_SECP160R1_OID:
wolfSSL	15:117db924cf7c	24038	return WOLFSSL_ECC_SECP160R1;
wolfSSL	15:117db924cf7c	24039	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24040	#ifdef HAVE_ECC_SECPR2
wolfSSL	15:117db924cf7c	24041	case ECC_SECP160R2_OID:
wolfSSL	15:117db924cf7c	24042	return WOLFSSL_ECC_SECP160R2;
wolfSSL	15:117db924cf7c	24043	#endif /* HAVE_ECC_SECPR2 */
wolfSSL	15:117db924cf7c	24044	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	24045	case ECC_SECP160K1_OID:
wolfSSL	15:117db924cf7c	24046	return WOLFSSL_ECC_SECP160K1;
wolfSSL	15:117db924cf7c	24047	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	24048	#endif
wolfSSL	15:117db924cf7c	24049	#if defined(HAVE_ECC192) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24050	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24051	case ECC_SECP192R1_OID:
wolfSSL	15:117db924cf7c	24052	return WOLFSSL_ECC_SECP192R1;
wolfSSL	15:117db924cf7c	24053	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24054	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	24055	case ECC_SECP192K1_OID:
wolfSSL	15:117db924cf7c	24056	return WOLFSSL_ECC_SECP192K1;
wolfSSL	15:117db924cf7c	24057	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	24058	#endif
wolfSSL	15:117db924cf7c	24059	#if defined(HAVE_ECC224) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24060	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24061	case ECC_SECP224R1_OID:
wolfSSL	15:117db924cf7c	24062	return WOLFSSL_ECC_SECP224R1;
wolfSSL	15:117db924cf7c	24063	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24064	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	24065	case ECC_SECP224K1_OID:
wolfSSL	15:117db924cf7c	24066	return WOLFSSL_ECC_SECP224K1;
wolfSSL	15:117db924cf7c	24067	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	24068	#endif
wolfSSL	15:117db924cf7c	24069	#if !defined(NO_ECC256) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24070	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24071	case ECC_SECP256R1_OID:
wolfSSL	15:117db924cf7c	24072	return WOLFSSL_ECC_SECP256R1;
wolfSSL	15:117db924cf7c	24073	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24074	#ifdef HAVE_ECC_KOBLITZ
wolfSSL	15:117db924cf7c	24075	case ECC_SECP256K1_OID:
wolfSSL	15:117db924cf7c	24076	return WOLFSSL_ECC_SECP256K1;
wolfSSL	15:117db924cf7c	24077	#endif /* HAVE_ECC_KOBLITZ */
wolfSSL	15:117db924cf7c	24078	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	24079	case ECC_BRAINPOOLP256R1_OID:
wolfSSL	15:117db924cf7c	24080	return WOLFSSL_ECC_BRAINPOOLP256R1;
wolfSSL	15:117db924cf7c	24081	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	24082	#endif
wolfSSL	15:117db924cf7c	24083	#if defined(HAVE_ECC384) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24084	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24085	case ECC_SECP384R1_OID:
wolfSSL	15:117db924cf7c	24086	return WOLFSSL_ECC_SECP384R1;
wolfSSL	15:117db924cf7c	24087	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24088	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	24089	case ECC_BRAINPOOLP384R1_OID:
wolfSSL	15:117db924cf7c	24090	return WOLFSSL_ECC_BRAINPOOLP384R1;
wolfSSL	15:117db924cf7c	24091	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	24092	#endif
wolfSSL	15:117db924cf7c	24093	#if defined(HAVE_ECC512) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24094	#ifdef HAVE_ECC_BRAINPOOL
wolfSSL	15:117db924cf7c	24095	case ECC_BRAINPOOLP512R1_OID:
wolfSSL	15:117db924cf7c	24096	return WOLFSSL_ECC_BRAINPOOLP512R1;
wolfSSL	15:117db924cf7c	24097	#endif /* HAVE_ECC_BRAINPOOL */
wolfSSL	15:117db924cf7c	24098	#endif
wolfSSL	15:117db924cf7c	24099	#if defined(HAVE_ECC521) \|\| defined(HAVE_ALL_CURVES)
wolfSSL	15:117db924cf7c	24100	#ifndef NO_ECC_SECP
wolfSSL	15:117db924cf7c	24101	case ECC_SECP521R1_OID:
wolfSSL	15:117db924cf7c	24102	return WOLFSSL_ECC_SECP521R1;
wolfSSL	15:117db924cf7c	24103	#endif /* !NO_ECC_SECP */
wolfSSL	15:117db924cf7c	24104	#endif
wolfSSL	15:117db924cf7c	24105	default:
wolfSSL	16:8e0d178b1d1e	24106	WOLFSSL_MSG("Curve OID not compiled in or implemented");
wolfSSL	15:117db924cf7c	24107	return 0;
wolfSSL	15:117db924cf7c	24108	}
wolfSSL	15:117db924cf7c	24109	}
wolfSSL	16:8e0d178b1d1e	24110	#endif /* HAVE_ECC */
wolfSSL	16:8e0d178b1d1e	24111
wolfSSL	16:8e0d178b1d1e	24112
wolfSSL	16:8e0d178b1d1e	24113	#ifndef NO_WOLFSSL_SERVER
wolfSSL	16:8e0d178b1d1e	24114
wolfSSL	16:8e0d178b1d1e	24115	#ifndef WOLFSSL_NO_TLS12
wolfSSL	16:8e0d178b1d1e	24116
wolfSSL	16:8e0d178b1d1e	24117	/* handle generation of server_hello (2) */
wolfSSL	16:8e0d178b1d1e	24118	int SendServerHello(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	24119	{
wolfSSL	16:8e0d178b1d1e	24120	int ret;
wolfSSL	16:8e0d178b1d1e	24121	byte *output;
wolfSSL	16:8e0d178b1d1e	24122	word16 length;
wolfSSL	16:8e0d178b1d1e	24123	word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	16:8e0d178b1d1e	24124	int sendSz;
wolfSSL	16:8e0d178b1d1e	24125	byte sessIdSz = ID_LEN;
wolfSSL	16:8e0d178b1d1e	24126	byte echoId = 0; /* ticket echo id flag */
wolfSSL	16:8e0d178b1d1e	24127	byte cacheOff = 0; /* session cache off flag */
wolfSSL	16:8e0d178b1d1e	24128
wolfSSL	16:8e0d178b1d1e	24129	WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND);
wolfSSL	16:8e0d178b1d1e	24130	WOLFSSL_ENTER("SendServerHello");
wolfSSL	16:8e0d178b1d1e	24131
wolfSSL	16:8e0d178b1d1e	24132	length = VERSION_SZ + RAN_LEN
wolfSSL	16:8e0d178b1d1e	24133	+ ID_LEN + ENUM_LEN
wolfSSL	16:8e0d178b1d1e	24134	+ SUITE_LEN
wolfSSL	16:8e0d178b1d1e	24135	+ ENUM_LEN;
wolfSSL	16:8e0d178b1d1e	24136
wolfSSL	16:8e0d178b1d1e	24137	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	16:8e0d178b1d1e	24138	ret = TLSX_GetResponseSize(ssl, server_hello, &length);
wolfSSL	16:8e0d178b1d1e	24139	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	24140	return ret;
wolfSSL	16:8e0d178b1d1e	24141	#ifdef HAVE_SESSION_TICKET
wolfSSL	16:8e0d178b1d1e	24142	if (ssl->options.useTicket) {
wolfSSL	16:8e0d178b1d1e	24143	/* echo session id sz can be 0,32 or bogus len in between */
wolfSSL	16:8e0d178b1d1e	24144	sessIdSz = ssl->arrays->sessionIDSz;
wolfSSL	16:8e0d178b1d1e	24145	if (sessIdSz > ID_LEN) {
wolfSSL	16:8e0d178b1d1e	24146	WOLFSSL_MSG("Bad bogus session id len");
wolfSSL	16:8e0d178b1d1e	24147	return BUFFER_ERROR;
wolfSSL	16:8e0d178b1d1e	24148	}
wolfSSL	16:8e0d178b1d1e	24149	if (!IsAtLeastTLSv1_3(ssl->version))
wolfSSL	16:8e0d178b1d1e	24150	length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
wolfSSL	16:8e0d178b1d1e	24151	echoId = 1;
wolfSSL	16:8e0d178b1d1e	24152	}
wolfSSL	16:8e0d178b1d1e	24153	#endif /* HAVE_SESSION_TICKET */
wolfSSL	16:8e0d178b1d1e	24154	#else
wolfSSL	16:8e0d178b1d1e	24155	if (ssl->options.haveEMS) {
wolfSSL	16:8e0d178b1d1e	24156	length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
wolfSSL	16:8e0d178b1d1e	24157	}
wolfSSL	16:8e0d178b1d1e	24158	#endif
wolfSSL	16:8e0d178b1d1e	24159
wolfSSL	16:8e0d178b1d1e	24160	/* is the session cache off at build or runtime */
wolfSSL	16:8e0d178b1d1e	24161	#ifdef NO_SESSION_CACHE
wolfSSL	16:8e0d178b1d1e	24162	cacheOff = 1;
wolfSSL	16:8e0d178b1d1e	24163	#else
wolfSSL	16:8e0d178b1d1e	24164	if (ssl->options.sessionCacheOff == 1) {
wolfSSL	16:8e0d178b1d1e	24165	cacheOff = 1;
wolfSSL	16:8e0d178b1d1e	24166	}
wolfSSL	16:8e0d178b1d1e	24167	#endif
wolfSSL	16:8e0d178b1d1e	24168
wolfSSL	16:8e0d178b1d1e	24169	/* if no session cache don't send a session ID unless we're echoing
wolfSSL	16:8e0d178b1d1e	24170	* an ID as part of session tickets */
wolfSSL	16:8e0d178b1d1e	24171	if (echoId == 0 && cacheOff == 1) {
wolfSSL	16:8e0d178b1d1e	24172	length -= ID_LEN; /* adjust ID_LEN assumption */
wolfSSL	16:8e0d178b1d1e	24173	sessIdSz = 0;
wolfSSL	16:8e0d178b1d1e	24174	}
wolfSSL	16:8e0d178b1d1e	24175
wolfSSL	16:8e0d178b1d1e	24176	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	16:8e0d178b1d1e	24177	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	24178	if (ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	24179	/* Server Hello should use the same sequence number as the
wolfSSL	16:8e0d178b1d1e	24180	* Client Hello. */
wolfSSL	16:8e0d178b1d1e	24181	ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL	16:8e0d178b1d1e	24182	ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL	16:8e0d178b1d1e	24183	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	24184	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	24185	}
wolfSSL	16:8e0d178b1d1e	24186	#endif /* WOLFSSL_DTLS */
wolfSSL	16:8e0d178b1d1e	24187
wolfSSL	16:8e0d178b1d1e	24188	if (IsEncryptionOn(ssl, 1))
wolfSSL	16:8e0d178b1d1e	24189	sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	24190
wolfSSL	16:8e0d178b1d1e	24191	/* check for available size */
wolfSSL	16:8e0d178b1d1e	24192	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	24193	return ret;
wolfSSL	16:8e0d178b1d1e	24194
wolfSSL	16:8e0d178b1d1e	24195	/* get output buffer */
wolfSSL	16:8e0d178b1d1e	24196	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	16:8e0d178b1d1e	24197	ssl->buffers.outputBuffer.length;
wolfSSL	16:8e0d178b1d1e	24198
wolfSSL	16:8e0d178b1d1e	24199	AddHeaders(output, length, server_hello, ssl);
wolfSSL	16:8e0d178b1d1e	24200
wolfSSL	16:8e0d178b1d1e	24201	/* now write to output */
wolfSSL	16:8e0d178b1d1e	24202	/* first version */
wolfSSL	16:8e0d178b1d1e	24203	output[idx++] = (byte)ssl->version.major;
wolfSSL	16:8e0d178b1d1e	24204	output[idx++] = (byte)ssl->version.minor;
wolfSSL	16:8e0d178b1d1e	24205
wolfSSL	16:8e0d178b1d1e	24206	/* then random and session id */
wolfSSL	16:8e0d178b1d1e	24207	if (!ssl->options.resuming) {
wolfSSL	16:8e0d178b1d1e	24208	/* generate random part and session id */
wolfSSL	16:8e0d178b1d1e	24209	ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
wolfSSL	16:8e0d178b1d1e	24210	RAN_LEN + sizeof(sessIdSz) + sessIdSz);
wolfSSL	16:8e0d178b1d1e	24211	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	24212	return ret;
wolfSSL	16:8e0d178b1d1e	24213
wolfSSL	16:8e0d178b1d1e	24214	#ifdef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	24215	if (TLSv1_3_Capable(ssl)) {
wolfSSL	16:8e0d178b1d1e	24216	/* TLS v1.3 capable server downgraded. */
wolfSSL	16:8e0d178b1d1e	24217	XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL	16:8e0d178b1d1e	24218	tls13Downgrade, TLS13_DOWNGRADE_SZ);
wolfSSL	16:8e0d178b1d1e	24219	output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl);
wolfSSL	16:8e0d178b1d1e	24220	}
wolfSSL	16:8e0d178b1d1e	24221	else
wolfSSL	16:8e0d178b1d1e	24222	#endif
wolfSSL	16:8e0d178b1d1e	24223	if (ssl->ctx->method->version.major == SSLv3_MAJOR &&
wolfSSL	16:8e0d178b1d1e	24224	ssl->ctx->method->version.minor == TLSv1_2_MINOR &&
wolfSSL	16:8e0d178b1d1e	24225	!IsAtLeastTLSv1_2(ssl)) {
wolfSSL	16:8e0d178b1d1e	24226	/* TLS v1.2 capable server downgraded. */
wolfSSL	16:8e0d178b1d1e	24227	XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1),
wolfSSL	16:8e0d178b1d1e	24228	tls13Downgrade, TLS13_DOWNGRADE_SZ);
wolfSSL	16:8e0d178b1d1e	24229	output[idx + RAN_LEN - 1] = 0;
wolfSSL	16:8e0d178b1d1e	24230	}
wolfSSL	16:8e0d178b1d1e	24231
wolfSSL	16:8e0d178b1d1e	24232	/* store info in SSL for later */
wolfSSL	16:8e0d178b1d1e	24233	XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
wolfSSL	16:8e0d178b1d1e	24234	idx += RAN_LEN;
wolfSSL	16:8e0d178b1d1e	24235	output[idx++] = sessIdSz;
wolfSSL	16:8e0d178b1d1e	24236	XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
wolfSSL	16:8e0d178b1d1e	24237	ssl->arrays->sessionIDSz = sessIdSz;
wolfSSL	16:8e0d178b1d1e	24238	}
wolfSSL	16:8e0d178b1d1e	24239	else {
wolfSSL	16:8e0d178b1d1e	24240	/* If resuming, use info from SSL */
wolfSSL	16:8e0d178b1d1e	24241	XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	16:8e0d178b1d1e	24242	idx += RAN_LEN;
wolfSSL	16:8e0d178b1d1e	24243	output[idx++] = sessIdSz;
wolfSSL	16:8e0d178b1d1e	24244	XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
wolfSSL	16:8e0d178b1d1e	24245	}
wolfSSL	16:8e0d178b1d1e	24246	idx += sessIdSz;
wolfSSL	16:8e0d178b1d1e	24247
wolfSSL	16:8e0d178b1d1e	24248	#ifdef SHOW_SECRETS
wolfSSL	16:8e0d178b1d1e	24249	{
wolfSSL	16:8e0d178b1d1e	24250	int j;
wolfSSL	16:8e0d178b1d1e	24251	printf("server random: ");
wolfSSL	16:8e0d178b1d1e	24252	for (j = 0; j < RAN_LEN; j++)
wolfSSL	16:8e0d178b1d1e	24253	printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL	16:8e0d178b1d1e	24254	printf("\n");
wolfSSL	16:8e0d178b1d1e	24255	}
wolfSSL	16:8e0d178b1d1e	24256	#endif
wolfSSL	16:8e0d178b1d1e	24257
wolfSSL	16:8e0d178b1d1e	24258	/* then cipher suite */
wolfSSL	16:8e0d178b1d1e	24259	output[idx++] = ssl->options.cipherSuite0;
wolfSSL	16:8e0d178b1d1e	24260	output[idx++] = ssl->options.cipherSuite;
wolfSSL	16:8e0d178b1d1e	24261
wolfSSL	16:8e0d178b1d1e	24262	/* then compression */
wolfSSL	16:8e0d178b1d1e	24263	if (ssl->options.usingCompression)
wolfSSL	16:8e0d178b1d1e	24264	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	16:8e0d178b1d1e	24265	else
wolfSSL	16:8e0d178b1d1e	24266	output[idx++] = NO_COMPRESSION;
wolfSSL	16:8e0d178b1d1e	24267
wolfSSL	16:8e0d178b1d1e	24268	/* last, extensions */
wolfSSL	16:8e0d178b1d1e	24269	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	16:8e0d178b1d1e	24270	{
wolfSSL	16:8e0d178b1d1e	24271	word16 offset = 0;
wolfSSL	16:8e0d178b1d1e	24272	ret = TLSX_WriteResponse(ssl, output + idx, server_hello, &offset);
wolfSSL	16:8e0d178b1d1e	24273	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	24274	return ret;
wolfSSL	16:8e0d178b1d1e	24275	idx += offset;
wolfSSL	16:8e0d178b1d1e	24276	}
wolfSSL	16:8e0d178b1d1e	24277	#else
wolfSSL	16:8e0d178b1d1e	24278	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	16:8e0d178b1d1e	24279	if (ssl->options.haveEMS) {
wolfSSL	16:8e0d178b1d1e	24280	c16toa(HELLO_EXT_SZ, output + idx);
wolfSSL	16:8e0d178b1d1e	24281	idx += HELLO_EXT_SZ_SZ;
wolfSSL	16:8e0d178b1d1e	24282
wolfSSL	16:8e0d178b1d1e	24283	c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL	16:8e0d178b1d1e	24284	idx += HELLO_EXT_TYPE_SZ;
wolfSSL	16:8e0d178b1d1e	24285	c16toa(0, output + idx);
wolfSSL	16:8e0d178b1d1e	24286	/idx += HELLO_EXT_SZ_SZ;/
wolfSSL	16:8e0d178b1d1e	24287	/* idx is not used after this point. uncomment the line above
wolfSSL	16:8e0d178b1d1e	24288	* if adding any more extensions in the future. */
wolfSSL	16:8e0d178b1d1e	24289	}
wolfSSL	16:8e0d178b1d1e	24290	#endif
wolfSSL	16:8e0d178b1d1e	24291	#endif
wolfSSL	16:8e0d178b1d1e	24292
wolfSSL	16:8e0d178b1d1e	24293	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	24294	byte* input;
wolfSSL	16:8e0d178b1d1e	24295	int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	16:8e0d178b1d1e	24296
wolfSSL	16:8e0d178b1d1e	24297	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	24298	if (input == NULL)
wolfSSL	16:8e0d178b1d1e	24299	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	24300
wolfSSL	16:8e0d178b1d1e	24301	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	16:8e0d178b1d1e	24302	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	16:8e0d178b1d1e	24303	handshake, 1, 0, 0);
wolfSSL	16:8e0d178b1d1e	24304	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	24305
wolfSSL	16:8e0d178b1d1e	24306	if (sendSz < 0)
wolfSSL	16:8e0d178b1d1e	24307	return sendSz;
wolfSSL	16:8e0d178b1d1e	24308	} else {
wolfSSL	16:8e0d178b1d1e	24309	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	24310	if (ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	24311	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	16:8e0d178b1d1e	24312	#endif
wolfSSL	16:8e0d178b1d1e	24313	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	16:8e0d178b1d1e	24314	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	24315	return ret;
wolfSSL	16:8e0d178b1d1e	24316	}
wolfSSL	16:8e0d178b1d1e	24317
wolfSSL	16:8e0d178b1d1e	24318	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	16:8e0d178b1d1e	24319	if (ssl->hsInfoOn)
wolfSSL	16:8e0d178b1d1e	24320	AddPacketName(ssl, "ServerHello");
wolfSSL	16:8e0d178b1d1e	24321	if (ssl->toInfoOn)
wolfSSL	16:8e0d178b1d1e	24322	AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz,
wolfSSL	16:8e0d178b1d1e	24323	WRITE_PROTO, ssl->heap);
wolfSSL	16:8e0d178b1d1e	24324	#endif
wolfSSL	16:8e0d178b1d1e	24325
wolfSSL	16:8e0d178b1d1e	24326	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	16:8e0d178b1d1e	24327	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	16:8e0d178b1d1e	24328
wolfSSL	16:8e0d178b1d1e	24329	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	24330	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	24331	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	24332	return ret;
wolfSSL	16:8e0d178b1d1e	24333	}
wolfSSL	16:8e0d178b1d1e	24334	#endif
wolfSSL	16:8e0d178b1d1e	24335
wolfSSL	16:8e0d178b1d1e	24336	if (ssl->options.groupMessages)
wolfSSL	16:8e0d178b1d1e	24337	ret = 0;
wolfSSL	16:8e0d178b1d1e	24338	else
wolfSSL	16:8e0d178b1d1e	24339	ret = SendBuffered(ssl);
wolfSSL	16:8e0d178b1d1e	24340
wolfSSL	16:8e0d178b1d1e	24341	WOLFSSL_LEAVE("SendServerHello", ret);
wolfSSL	16:8e0d178b1d1e	24342	WOLFSSL_END(WC_FUNC_SERVER_HELLO_SEND);
wolfSSL	16:8e0d178b1d1e	24343
wolfSSL	16:8e0d178b1d1e	24344	return ret;
wolfSSL	16:8e0d178b1d1e	24345	}
wolfSSL	16:8e0d178b1d1e	24346
wolfSSL	16:8e0d178b1d1e	24347
wolfSSL	16:8e0d178b1d1e	24348	#if defined(HAVE_ECC)
wolfSSL	16:8e0d178b1d1e	24349
wolfSSL	16:8e0d178b1d1e	24350	static byte SetCurveId(ecc_key* key)
wolfSSL	16:8e0d178b1d1e	24351	{
wolfSSL	16:8e0d178b1d1e	24352	if (key == NULL \|\| key->dp == NULL) {
wolfSSL	16:8e0d178b1d1e	24353	WOLFSSL_MSG("SetCurveId: Invalid key!");
wolfSSL	16:8e0d178b1d1e	24354	return 0;
wolfSSL	16:8e0d178b1d1e	24355	}
wolfSSL	16:8e0d178b1d1e	24356
wolfSSL	16:8e0d178b1d1e	24357	return (byte)GetCurveByOID(key->dp->oidSum);
wolfSSL	16:8e0d178b1d1e	24358	}
wolfSSL	16:8e0d178b1d1e	24359
wolfSSL	16:8e0d178b1d1e	24360	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	24361
wolfSSL	15:117db924cf7c	24362	typedef struct SskeArgs {
wolfSSL	15:117db924cf7c	24363	byte* output; /* not allocated */
wolfSSL	16:8e0d178b1d1e	24364	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448) \|\| \
wolfSSL	15:117db924cf7c	24365	(!defined(NO_DH) && !defined(NO_RSA))
wolfSSL	15:117db924cf7c	24366	byte* sigDataBuf;
wolfSSL	15:117db924cf7c	24367	#endif
wolfSSL	16:8e0d178b1d1e	24368	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	24369	byte* exportBuf;
wolfSSL	15:117db924cf7c	24370	#endif
wolfSSL	15:117db924cf7c	24371	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	24372	byte* verifySig;
wolfSSL	15:117db924cf7c	24373	#endif
wolfSSL	16:8e0d178b1d1e	24374	byte* input;
wolfSSL	15:117db924cf7c	24375	word32 idx;
wolfSSL	15:117db924cf7c	24376	word32 tmpSigSz;
wolfSSL	15:117db924cf7c	24377	word32 length;
wolfSSL	15:117db924cf7c	24378	word32 sigSz;
wolfSSL	16:8e0d178b1d1e	24379	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448) \|\| \
wolfSSL	15:117db924cf7c	24380	(!defined(NO_DH) && !defined(NO_RSA))
wolfSSL	15:117db924cf7c	24381	word32 sigDataSz;
wolfSSL	15:117db924cf7c	24382	#endif
wolfSSL	16:8e0d178b1d1e	24383	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	24384	word32 exportSz;
wolfSSL	15:117db924cf7c	24385	#endif
wolfSSL	15:117db924cf7c	24386	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24387	word32 qshSz;
wolfSSL	15:117db924cf7c	24388	#endif
wolfSSL	15:117db924cf7c	24389	int sendSz;
wolfSSL	16:8e0d178b1d1e	24390	int inputSz;
wolfSSL	15:117db924cf7c	24391	} SskeArgs;
wolfSSL	15:117db924cf7c	24392
wolfSSL	15:117db924cf7c	24393	static void FreeSskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	24394	{
wolfSSL	15:117db924cf7c	24395	SskeArgs* args = (SskeArgs*)pArgs;
wolfSSL	15:117db924cf7c	24396
wolfSSL	15:117db924cf7c	24397	(void)ssl;
wolfSSL	15:117db924cf7c	24398
wolfSSL	16:8e0d178b1d1e	24399	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	24400	if (args->exportBuf) {
wolfSSL	15:117db924cf7c	24401	XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	24402	args->exportBuf = NULL;
wolfSSL	15:117db924cf7c	24403	}
wolfSSL	15:117db924cf7c	24404	#endif
wolfSSL	16:8e0d178b1d1e	24405	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| defined(HAVE_ED448) \|\| \
wolfSSL	15:117db924cf7c	24406	(!defined(NO_DH) && !defined(NO_RSA))
wolfSSL	15:117db924cf7c	24407	if (args->sigDataBuf) {
wolfSSL	15:117db924cf7c	24408	XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	24409	args->sigDataBuf = NULL;
wolfSSL	15:117db924cf7c	24410	}
wolfSSL	15:117db924cf7c	24411	#endif
wolfSSL	15:117db924cf7c	24412	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	24413	if (args->verifySig) {
wolfSSL	15:117db924cf7c	24414	XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	24415	args->verifySig = NULL;
wolfSSL	15:117db924cf7c	24416	}
wolfSSL	15:117db924cf7c	24417	#endif
wolfSSL	15:117db924cf7c	24418	(void)args;
wolfSSL	15:117db924cf7c	24419	}
wolfSSL	15:117db924cf7c	24420
wolfSSL	15:117db924cf7c	24421	/* handle generation of server_key_exchange (12) */
wolfSSL	15:117db924cf7c	24422	int SendServerKeyExchange(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	24423	{
wolfSSL	15:117db924cf7c	24424	int ret;
wolfSSL	15:117db924cf7c	24425	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	24426	SskeArgs* args = (SskeArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	24427	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	24428	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	24429	#else
wolfSSL	15:117db924cf7c	24430	SskeArgs args[1];
wolfSSL	15:117db924cf7c	24431	#endif
wolfSSL	15:117db924cf7c	24432
wolfSSL	15:117db924cf7c	24433	WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
wolfSSL	15:117db924cf7c	24434	WOLFSSL_ENTER("SendServerKeyExchange");
wolfSSL	15:117db924cf7c	24435
wolfSSL	15:117db924cf7c	24436	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	24437	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	24438	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	24439	/* Check for error */
wolfSSL	15:117db924cf7c	24440	if (ret < 0)
wolfSSL	15:117db924cf7c	24441	goto exit_sske;
wolfSSL	15:117db924cf7c	24442	}
wolfSSL	15:117db924cf7c	24443	else
wolfSSL	15:117db924cf7c	24444	#endif
wolfSSL	15:117db924cf7c	24445	{
wolfSSL	15:117db924cf7c	24446	/* Reset state */
wolfSSL	15:117db924cf7c	24447	ret = 0;
wolfSSL	15:117db924cf7c	24448	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	24449	XMEMSET(args, 0, sizeof(SskeArgs));
wolfSSL	15:117db924cf7c	24450	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	24451	ssl->async.freeArgs = FreeSskeArgs;
wolfSSL	15:117db924cf7c	24452	#endif
wolfSSL	15:117db924cf7c	24453	}
wolfSSL	15:117db924cf7c	24454
wolfSSL	15:117db924cf7c	24455	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	24456	{
wolfSSL	15:117db924cf7c	24457	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	24458	{
wolfSSL	15:117db924cf7c	24459	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24460	if (ssl->peerQSHKeyPresent && ssl->options.haveQSH) {
wolfSSL	15:117db924cf7c	24461	args->qshSz = QSH_KeyGetSize(ssl);
wolfSSL	15:117db924cf7c	24462	}
wolfSSL	15:117db924cf7c	24463	#endif
wolfSSL	15:117db924cf7c	24464
wolfSSL	15:117db924cf7c	24465	/* Do some checks / debug msgs */
wolfSSL	15:117db924cf7c	24466	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	24467	{
wolfSSL	16:8e0d178b1d1e	24468	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	24469	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	24470	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	24471	{
wolfSSL	15:117db924cf7c	24472	WOLFSSL_MSG("Using ephemeral ECDH PSK");
wolfSSL	15:117db924cf7c	24473	break;
wolfSSL	15:117db924cf7c	24474	}
wolfSSL	16:8e0d178b1d1e	24475	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	24476	#if defined(HAVE_ECC)
wolfSSL	15:117db924cf7c	24477	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	24478	{
wolfSSL	15:117db924cf7c	24479	if (ssl->specs.static_ecdh) {
wolfSSL	16:8e0d178b1d1e	24480	WOLFSSL_MSG("Using Static ECDH, not sending "
wolfSSL	16:8e0d178b1d1e	24481	"ServerKeyExchange");
wolfSSL	15:117db924cf7c	24482	ERROR_OUT(0, exit_sske);
wolfSSL	15:117db924cf7c	24483	}
wolfSSL	15:117db924cf7c	24484
wolfSSL	15:117db924cf7c	24485	WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL	15:117db924cf7c	24486	break;
wolfSSL	15:117db924cf7c	24487	}
wolfSSL	15:117db924cf7c	24488	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	24489	}
wolfSSL	15:117db924cf7c	24490
wolfSSL	15:117db924cf7c	24491	/* Preparing keys */
wolfSSL	15:117db924cf7c	24492	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	24493	{
wolfSSL	15:117db924cf7c	24494	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	24495	case psk_kea:
wolfSSL	15:117db924cf7c	24496	{
wolfSSL	15:117db924cf7c	24497	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	24498	break;
wolfSSL	15:117db924cf7c	24499	}
wolfSSL	15:117db924cf7c	24500	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	24501	#if !defined(NO_DH) && (!defined(NO_PSK) \|\| !defined(NO_RSA))
wolfSSL	15:117db924cf7c	24502	#if !defined(NO_PSK)
wolfSSL	15:117db924cf7c	24503	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	24504	#endif
wolfSSL	15:117db924cf7c	24505	#if !defined(NO_RSA)
wolfSSL	15:117db924cf7c	24506	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	24507	#endif
wolfSSL	15:117db924cf7c	24508	{
wolfSSL	15:117db924cf7c	24509	/* Allocate DH key buffers and generate key */
wolfSSL	15:117db924cf7c	24510	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	15:117db924cf7c	24511	ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL	15:117db924cf7c	24512	ERROR_OUT(NO_DH_PARAMS, exit_sske);
wolfSSL	15:117db924cf7c	24513	}
wolfSSL	15:117db924cf7c	24514
wolfSSL	15:117db924cf7c	24515	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	15:117db924cf7c	24516	/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL	15:117db924cf7c	24517	ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	24518	ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	24519	ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	15:117db924cf7c	24520	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	15:117db924cf7c	24521	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	24522	}
wolfSSL	15:117db924cf7c	24523	}
wolfSSL	15:117db924cf7c	24524
wolfSSL	15:117db924cf7c	24525	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	15:117db924cf7c	24526	/* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL	15:117db924cf7c	24527	ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	24528	ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	24529	ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL	15:117db924cf7c	24530	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	15:117db924cf7c	24531	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	24532	}
wolfSSL	15:117db924cf7c	24533	}
wolfSSL	15:117db924cf7c	24534
wolfSSL	15:117db924cf7c	24535	ssl->options.dhKeySz =
wolfSSL	15:117db924cf7c	24536	(word16)ssl->buffers.serverDH_P.length;
wolfSSL	15:117db924cf7c	24537
wolfSSL	15:117db924cf7c	24538	ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL	15:117db924cf7c	24539	(void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	24540	if (ret != 0) {
wolfSSL	15:117db924cf7c	24541	goto exit_sske;
wolfSSL	15:117db924cf7c	24542	}
wolfSSL	15:117db924cf7c	24543
wolfSSL	16:8e0d178b1d1e	24544	#if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
wolfSSL	16:8e0d178b1d1e	24545	!defined(HAVE_FIPS) && \
wolfSSL	16:8e0d178b1d1e	24546	!defined(HAVE_SELFTEST)
wolfSSL	16:8e0d178b1d1e	24547	if (ssl->options.dhDoKeyTest &&
wolfSSL	16:8e0d178b1d1e	24548	!ssl->options.dhKeyTested)
wolfSSL	16:8e0d178b1d1e	24549	{
wolfSSL	16:8e0d178b1d1e	24550	ret = wc_DhSetCheckKey(
wolfSSL	16:8e0d178b1d1e	24551	ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	24552	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	24553	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	24554	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	24555	ssl->buffers.serverDH_G.length,
wolfSSL	16:8e0d178b1d1e	24556	NULL, 0, 0, ssl->rng);
wolfSSL	16:8e0d178b1d1e	24557	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	24558	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	24559	}
wolfSSL	16:8e0d178b1d1e	24560	ssl->options.dhKeyTested = 1;
wolfSSL	16:8e0d178b1d1e	24561	}
wolfSSL	16:8e0d178b1d1e	24562	else
wolfSSL	16:8e0d178b1d1e	24563	#endif
wolfSSL	16:8e0d178b1d1e	24564	{
wolfSSL	16:8e0d178b1d1e	24565	ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL	16:8e0d178b1d1e	24566	ssl->buffers.serverDH_P.buffer,
wolfSSL	16:8e0d178b1d1e	24567	ssl->buffers.serverDH_P.length,
wolfSSL	16:8e0d178b1d1e	24568	ssl->buffers.serverDH_G.buffer,
wolfSSL	16:8e0d178b1d1e	24569	ssl->buffers.serverDH_G.length);
wolfSSL	16:8e0d178b1d1e	24570	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	24571	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	24572	}
wolfSSL	15:117db924cf7c	24573	}
wolfSSL	15:117db924cf7c	24574
wolfSSL	15:117db924cf7c	24575	ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	24576	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	16:8e0d178b1d1e	24577	(word32*)&ssl->buffers.serverDH_Priv.length,
wolfSSL	15:117db924cf7c	24578	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	16:8e0d178b1d1e	24579	(word32*)&ssl->buffers.serverDH_Pub.length);
wolfSSL	15:117db924cf7c	24580	break;
wolfSSL	15:117db924cf7c	24581	}
wolfSSL	15:117db924cf7c	24582	#endif /* !NO_DH && (!NO_PSK \|\| !NO_RSA) */
wolfSSL	16:8e0d178b1d1e	24583	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	24584	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	24585	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	24586	/* Fall through to create temp ECC key */
wolfSSL	16:8e0d178b1d1e	24587	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	24588	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	24589	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	24590	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	24591	{
wolfSSL	15:117db924cf7c	24592	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	24593	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	24594	/* need ephemeral key now, create it if missing */
wolfSSL	15:117db924cf7c	24595	if (ssl->eccTempKey == NULL) {
wolfSSL	15:117db924cf7c	24596	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	24597	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	24598	(void**)&ssl->eccTempKey);
wolfSSL	15:117db924cf7c	24599	if (ret != 0) {
wolfSSL	15:117db924cf7c	24600	goto exit_sske;
wolfSSL	15:117db924cf7c	24601	}
wolfSSL	15:117db924cf7c	24602	}
wolfSSL	15:117db924cf7c	24603
wolfSSL	15:117db924cf7c	24604	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	15:117db924cf7c	24605	ret = X25519MakeKey(ssl,
wolfSSL	15:117db924cf7c	24606	(curve25519_key*)ssl->eccTempKey, NULL);
wolfSSL	15:117db924cf7c	24607	if (ret == 0 \|\| ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	24608	ssl->eccTempKeyPresent =
wolfSSL	15:117db924cf7c	24609	DYNAMIC_TYPE_CURVE25519;
wolfSSL	15:117db924cf7c	24610	}
wolfSSL	15:117db924cf7c	24611	}
wolfSSL	15:117db924cf7c	24612	break;
wolfSSL	15:117db924cf7c	24613	}
wolfSSL	15:117db924cf7c	24614	#endif
wolfSSL	16:8e0d178b1d1e	24615	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	24616	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	24617	/* need ephemeral key now, create it if missing */
wolfSSL	16:8e0d178b1d1e	24618	if (ssl->eccTempKey == NULL) {
wolfSSL	16:8e0d178b1d1e	24619	/* alloc/init on demand */
wolfSSL	16:8e0d178b1d1e	24620	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	24621	(void**)&ssl->eccTempKey);
wolfSSL	16:8e0d178b1d1e	24622	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	24623	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	24624	}
wolfSSL	16:8e0d178b1d1e	24625	}
wolfSSL	16:8e0d178b1d1e	24626
wolfSSL	16:8e0d178b1d1e	24627	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	16:8e0d178b1d1e	24628	ret = X448MakeKey(ssl,
wolfSSL	16:8e0d178b1d1e	24629	(curve448_key*)ssl->eccTempKey, NULL);
wolfSSL	16:8e0d178b1d1e	24630	if (ret == 0 \|\| ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	24631	ssl->eccTempKeyPresent =
wolfSSL	16:8e0d178b1d1e	24632	DYNAMIC_TYPE_CURVE448;
wolfSSL	16:8e0d178b1d1e	24633	}
wolfSSL	16:8e0d178b1d1e	24634	}
wolfSSL	16:8e0d178b1d1e	24635	break;
wolfSSL	16:8e0d178b1d1e	24636	}
wolfSSL	16:8e0d178b1d1e	24637	#endif
wolfSSL	15:117db924cf7c	24638	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	24639	/* need ephemeral key now, create it if missing */
wolfSSL	15:117db924cf7c	24640	if (ssl->eccTempKey == NULL) {
wolfSSL	15:117db924cf7c	24641	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	24642	ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	24643	(void**)&ssl->eccTempKey);
wolfSSL	15:117db924cf7c	24644	if (ret != 0) {
wolfSSL	15:117db924cf7c	24645	goto exit_sske;
wolfSSL	15:117db924cf7c	24646	}
wolfSSL	15:117db924cf7c	24647	}
wolfSSL	15:117db924cf7c	24648
wolfSSL	15:117db924cf7c	24649	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	15:117db924cf7c	24650	ret = EccMakeKey(ssl, ssl->eccTempKey, NULL);
wolfSSL	15:117db924cf7c	24651	if (ret == 0 \|\| ret == WC_PENDING_E) {
wolfSSL	15:117db924cf7c	24652	ssl->eccTempKeyPresent = DYNAMIC_TYPE_ECC;
wolfSSL	15:117db924cf7c	24653	}
wolfSSL	15:117db924cf7c	24654	}
wolfSSL	15:117db924cf7c	24655	#endif
wolfSSL	15:117db924cf7c	24656	break;
wolfSSL	15:117db924cf7c	24657	}
wolfSSL	16:8e0d178b1d1e	24658	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	24659	default:
wolfSSL	15:117db924cf7c	24660	/* Skip ServerKeyExchange */
wolfSSL	15:117db924cf7c	24661	goto exit_sske;
wolfSSL	15:117db924cf7c	24662	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	24663
wolfSSL	15:117db924cf7c	24664	/* Check for error */
wolfSSL	15:117db924cf7c	24665	if (ret != 0) {
wolfSSL	15:117db924cf7c	24666	goto exit_sske;
wolfSSL	15:117db924cf7c	24667	}
wolfSSL	15:117db924cf7c	24668
wolfSSL	15:117db924cf7c	24669	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	24670	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	24671	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	24672	FALL_THROUGH;
wolfSSL	15:117db924cf7c	24673
wolfSSL	15:117db924cf7c	24674	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	24675	{
wolfSSL	15:117db924cf7c	24676	#if (!defined(NO_DH) && !defined(NO_RSA)) \|\| (defined(HAVE_ECC) \|\| \
wolfSSL	16:8e0d178b1d1e	24677	defined(HAVE_CURVE25519) \|\| defined(HAVE_CURVE448))
wolfSSL	15:117db924cf7c	24678	word32 preSigSz, preSigIdx;
wolfSSL	15:117db924cf7c	24679	#endif
wolfSSL	15:117db924cf7c	24680
wolfSSL	15:117db924cf7c	24681	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	24682	{
wolfSSL	15:117db924cf7c	24683	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	24684	case psk_kea:
wolfSSL	15:117db924cf7c	24685	{
wolfSSL	15:117db924cf7c	24686	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	24687
wolfSSL	15:117db924cf7c	24688	if (ssl->arrays->server_hint[0] == 0) {
wolfSSL	15:117db924cf7c	24689	ERROR_OUT(0, exit_sske); /* don't send */
wolfSSL	15:117db924cf7c	24690	}
wolfSSL	15:117db924cf7c	24691
wolfSSL	15:117db924cf7c	24692	/* include size part */
wolfSSL	15:117db924cf7c	24693	args->length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	15:117db924cf7c	24694	if (args->length > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	24695	ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24696	}
wolfSSL	15:117db924cf7c	24697
wolfSSL	15:117db924cf7c	24698	args->length += HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24699	args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL	15:117db924cf7c	24700	RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	24701
wolfSSL	15:117db924cf7c	24702	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24703	args->length += args->qshSz;
wolfSSL	15:117db924cf7c	24704	args->sendSz += args->qshSz;
wolfSSL	15:117db924cf7c	24705	#endif
wolfSSL	15:117db924cf7c	24706
wolfSSL	15:117db924cf7c	24707	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	24708	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	24709	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24710	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24711	}
wolfSSL	15:117db924cf7c	24712	#endif
wolfSSL	16:8e0d178b1d1e	24713
wolfSSL	16:8e0d178b1d1e	24714	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	24715	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	24716	}
wolfSSL	16:8e0d178b1d1e	24717
wolfSSL	15:117db924cf7c	24718	/* check for available size */
wolfSSL	15:117db924cf7c	24719	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	24720	goto exit_sske;
wolfSSL	15:117db924cf7c	24721	}
wolfSSL	15:117db924cf7c	24722
wolfSSL	16:8e0d178b1d1e	24723	/* get output buffer */
wolfSSL	15:117db924cf7c	24724	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	24725	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	24726
wolfSSL	15:117db924cf7c	24727	AddHeaders(args->output, args->length,
wolfSSL	15:117db924cf7c	24728	server_key_exchange, ssl);
wolfSSL	15:117db924cf7c	24729
wolfSSL	15:117db924cf7c	24730	/* key data */
wolfSSL	15:117db924cf7c	24731	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24732	c16toa((word16)(args->length - args->qshSz -
wolfSSL	15:117db924cf7c	24733	HINT_LEN_SZ), args->output + args->idx);
wolfSSL	15:117db924cf7c	24734	#else
wolfSSL	15:117db924cf7c	24735	c16toa((word16)(args->length - HINT_LEN_SZ),
wolfSSL	15:117db924cf7c	24736	args->output + args->idx);
wolfSSL	15:117db924cf7c	24737	#endif
wolfSSL	15:117db924cf7c	24738
wolfSSL	15:117db924cf7c	24739	args->idx += HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24740	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24741	ssl->arrays->server_hint,
wolfSSL	15:117db924cf7c	24742	args->length - HINT_LEN_SZ);
wolfSSL	15:117db924cf7c	24743	break;
wolfSSL	15:117db924cf7c	24744	}
wolfSSL	15:117db924cf7c	24745	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	24746	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	24747	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	24748	{
wolfSSL	15:117db924cf7c	24749	word32 hintLen;
wolfSSL	15:117db924cf7c	24750
wolfSSL	15:117db924cf7c	24751	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	24752	args->length = LENGTH_SZ * 3 + /* p, g, pub */
wolfSSL	15:117db924cf7c	24753	ssl->buffers.serverDH_P.length +
wolfSSL	15:117db924cf7c	24754	ssl->buffers.serverDH_G.length +
wolfSSL	15:117db924cf7c	24755	ssl->buffers.serverDH_Pub.length;
wolfSSL	15:117db924cf7c	24756
wolfSSL	15:117db924cf7c	24757	/* include size part */
wolfSSL	15:117db924cf7c	24758	hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	15:117db924cf7c	24759	if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	24760	ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24761	}
wolfSSL	15:117db924cf7c	24762	args->length += hintLen + HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24763	args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL	15:117db924cf7c	24764	RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	24765
wolfSSL	15:117db924cf7c	24766	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24767	args->length += args->qshSz;
wolfSSL	15:117db924cf7c	24768	args->sendSz += args->qshSz;
wolfSSL	15:117db924cf7c	24769	#endif
wolfSSL	15:117db924cf7c	24770	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	24771	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	24772	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24773	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24774	}
wolfSSL	15:117db924cf7c	24775	#endif
wolfSSL	15:117db924cf7c	24776
wolfSSL	16:8e0d178b1d1e	24777	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	24778	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	24779	}
wolfSSL	16:8e0d178b1d1e	24780
wolfSSL	15:117db924cf7c	24781	/* check for available size */
wolfSSL	15:117db924cf7c	24782	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	24783	goto exit_sske;
wolfSSL	15:117db924cf7c	24784	}
wolfSSL	15:117db924cf7c	24785
wolfSSL	16:8e0d178b1d1e	24786	/* get output buffer */
wolfSSL	15:117db924cf7c	24787	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	24788	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	24789
wolfSSL	15:117db924cf7c	24790	AddHeaders(args->output, args->length,
wolfSSL	15:117db924cf7c	24791	server_key_exchange, ssl);
wolfSSL	15:117db924cf7c	24792
wolfSSL	15:117db924cf7c	24793	/* key data */
wolfSSL	15:117db924cf7c	24794	c16toa((word16)hintLen, args->output + args->idx);
wolfSSL	15:117db924cf7c	24795	args->idx += HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24796	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24797	ssl->arrays->server_hint, hintLen);
wolfSSL	15:117db924cf7c	24798	args->idx += hintLen;
wolfSSL	15:117db924cf7c	24799
wolfSSL	15:117db924cf7c	24800	/* add p, g, pub */
wolfSSL	15:117db924cf7c	24801	c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL	15:117db924cf7c	24802	args->output + args->idx);
wolfSSL	15:117db924cf7c	24803	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	24804	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24805	ssl->buffers.serverDH_P.buffer,
wolfSSL	15:117db924cf7c	24806	ssl->buffers.serverDH_P.length);
wolfSSL	15:117db924cf7c	24807	args->idx += ssl->buffers.serverDH_P.length;
wolfSSL	15:117db924cf7c	24808
wolfSSL	15:117db924cf7c	24809	/* g */
wolfSSL	15:117db924cf7c	24810	c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL	15:117db924cf7c	24811	args->output + args->idx);
wolfSSL	15:117db924cf7c	24812	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	24813	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24814	ssl->buffers.serverDH_G.buffer,
wolfSSL	15:117db924cf7c	24815	ssl->buffers.serverDH_G.length);
wolfSSL	15:117db924cf7c	24816	args->idx += ssl->buffers.serverDH_G.length;
wolfSSL	15:117db924cf7c	24817
wolfSSL	15:117db924cf7c	24818	/* pub */
wolfSSL	15:117db924cf7c	24819	c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL	15:117db924cf7c	24820	args->output + args->idx);
wolfSSL	15:117db924cf7c	24821	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	24822	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24823	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	15:117db924cf7c	24824	ssl->buffers.serverDH_Pub.length);
wolfSSL	15:117db924cf7c	24825	/* No need to update idx, since sizes are already set */
wolfSSL	15:117db924cf7c	24826	/* args->idx += ssl->buffers.serverDH_Pub.length; */
wolfSSL	15:117db924cf7c	24827	break;
wolfSSL	15:117db924cf7c	24828	}
wolfSSL	15:117db924cf7c	24829	#endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL	16:8e0d178b1d1e	24830	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	24831	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	24832	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	24833	{
wolfSSL	15:117db924cf7c	24834	word32 hintLen;
wolfSSL	15:117db924cf7c	24835
wolfSSL	15:117db924cf7c	24836	/* curve type, named curve, length(1) */
wolfSSL	15:117db924cf7c	24837	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	24838	args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL	15:117db924cf7c	24839
wolfSSL	15:117db924cf7c	24840	args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL	15:117db924cf7c	24841	args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL	15:117db924cf7c	24842	ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	24843	if (args->exportBuf == NULL) {
wolfSSL	15:117db924cf7c	24844	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	24845	}
wolfSSL	15:117db924cf7c	24846	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	24847	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	24848	if (wc_curve25519_export_public_ex(
wolfSSL	15:117db924cf7c	24849	(curve25519_key*)ssl->eccTempKey,
wolfSSL	15:117db924cf7c	24850	args->exportBuf, &args->exportSz,
wolfSSL	15:117db924cf7c	24851	EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL	15:117db924cf7c	24852	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24853	}
wolfSSL	15:117db924cf7c	24854	}
wolfSSL	15:117db924cf7c	24855	else
wolfSSL	15:117db924cf7c	24856	#endif
wolfSSL	16:8e0d178b1d1e	24857	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	24858	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	24859	if (wc_curve448_export_public_ex(
wolfSSL	16:8e0d178b1d1e	24860	(curve448_key*)ssl->eccTempKey,
wolfSSL	16:8e0d178b1d1e	24861	args->exportBuf, &args->exportSz,
wolfSSL	16:8e0d178b1d1e	24862	EC448_LITTLE_ENDIAN) != 0) {
wolfSSL	16:8e0d178b1d1e	24863	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	16:8e0d178b1d1e	24864	}
wolfSSL	16:8e0d178b1d1e	24865	}
wolfSSL	16:8e0d178b1d1e	24866	else
wolfSSL	16:8e0d178b1d1e	24867	#endif
wolfSSL	15:117db924cf7c	24868	{
wolfSSL	15:117db924cf7c	24869	if (wc_ecc_export_x963(ssl->eccTempKey,
wolfSSL	15:117db924cf7c	24870	args->exportBuf, &args->exportSz) != 0) {
wolfSSL	15:117db924cf7c	24871	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24872	}
wolfSSL	15:117db924cf7c	24873	}
wolfSSL	15:117db924cf7c	24874	args->length += args->exportSz;
wolfSSL	15:117db924cf7c	24875
wolfSSL	15:117db924cf7c	24876	/* include size part */
wolfSSL	15:117db924cf7c	24877	hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	15:117db924cf7c	24878	if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	24879	ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24880	}
wolfSSL	15:117db924cf7c	24881	args->length += hintLen + HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24882	args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	24883
wolfSSL	15:117db924cf7c	24884	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	24885	args->length += args->qshSz;
wolfSSL	15:117db924cf7c	24886	args->sendSz += args->qshSz;
wolfSSL	15:117db924cf7c	24887	#endif
wolfSSL	15:117db924cf7c	24888	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	24889	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	24890	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24891	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	24892	}
wolfSSL	15:117db924cf7c	24893	#endif
wolfSSL	16:8e0d178b1d1e	24894
wolfSSL	16:8e0d178b1d1e	24895	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	24896	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	24897	}
wolfSSL	16:8e0d178b1d1e	24898
wolfSSL	15:117db924cf7c	24899	/* check for available size */
wolfSSL	15:117db924cf7c	24900	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	24901	goto exit_sske;
wolfSSL	15:117db924cf7c	24902	}
wolfSSL	15:117db924cf7c	24903
wolfSSL	15:117db924cf7c	24904	/* get output buffer */
wolfSSL	15:117db924cf7c	24905	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	24906	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	24907
wolfSSL	15:117db924cf7c	24908	/* key data */
wolfSSL	15:117db924cf7c	24909	c16toa((word16)hintLen, args->output + args->idx);
wolfSSL	15:117db924cf7c	24910	args->idx += HINT_LEN_SZ;
wolfSSL	15:117db924cf7c	24911	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	24912	ssl->arrays->server_hint, hintLen);
wolfSSL	15:117db924cf7c	24913	args->idx += hintLen;
wolfSSL	15:117db924cf7c	24914
wolfSSL	15:117db924cf7c	24915	/* ECC key exchange data */
wolfSSL	15:117db924cf7c	24916	args->output[args->idx++] = named_curve;
wolfSSL	15:117db924cf7c	24917	args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL	15:117db924cf7c	24918	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	24919	if (ssl->ecdhCurveOID == ECC_X25519_OID)
wolfSSL	15:117db924cf7c	24920	args->output[args->idx++] = WOLFSSL_ECC_X25519;
wolfSSL	15:117db924cf7c	24921	else
wolfSSL	15:117db924cf7c	24922	#endif
wolfSSL	16:8e0d178b1d1e	24923	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	24924	if (ssl->ecdhCurveOID == ECC_X448_OID)
wolfSSL	16:8e0d178b1d1e	24925	args->output[args->idx++] = WOLFSSL_ECC_X448;
wolfSSL	16:8e0d178b1d1e	24926	else
wolfSSL	16:8e0d178b1d1e	24927	#endif
wolfSSL	15:117db924cf7c	24928	{
wolfSSL	15:117db924cf7c	24929	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	24930	args->output[args->idx++] =
wolfSSL	15:117db924cf7c	24931	SetCurveId(ssl->eccTempKey);
wolfSSL	15:117db924cf7c	24932	#endif
wolfSSL	15:117db924cf7c	24933	}
wolfSSL	15:117db924cf7c	24934	args->output[args->idx++] = (byte)args->exportSz;
wolfSSL	15:117db924cf7c	24935	XMEMCPY(args->output + args->idx, args->exportBuf,
wolfSSL	15:117db924cf7c	24936	args->exportSz);
wolfSSL	15:117db924cf7c	24937	break;
wolfSSL	15:117db924cf7c	24938	}
wolfSSL	16:8e0d178b1d1e	24939	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	24940	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	24941	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	24942	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	24943	{
wolfSSL	15:117db924cf7c	24944	enum wc_HashType hashType;
wolfSSL	15:117db924cf7c	24945
wolfSSL	15:117db924cf7c	24946	/* curve type, named curve, length(1) */
wolfSSL	15:117db924cf7c	24947	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	24948	args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL	15:117db924cf7c	24949
wolfSSL	15:117db924cf7c	24950	/* Export temp ECC key and add to length */
wolfSSL	15:117db924cf7c	24951	args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL	15:117db924cf7c	24952	args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL	15:117db924cf7c	24953	ssl->heap, DYNAMIC_TYPE_DER);
wolfSSL	15:117db924cf7c	24954	if (args->exportBuf == NULL) {
wolfSSL	15:117db924cf7c	24955	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	24956	}
wolfSSL	15:117db924cf7c	24957	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	24958	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	24959	if (wc_curve25519_export_public_ex(
wolfSSL	15:117db924cf7c	24960	(curve25519_key*)ssl->eccTempKey,
wolfSSL	15:117db924cf7c	24961	args->exportBuf, &args->exportSz,
wolfSSL	15:117db924cf7c	24962	EC25519_LITTLE_ENDIAN) != 0) {
wolfSSL	15:117db924cf7c	24963	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24964	}
wolfSSL	15:117db924cf7c	24965	}
wolfSSL	15:117db924cf7c	24966	else
wolfSSL	15:117db924cf7c	24967	#endif
wolfSSL	16:8e0d178b1d1e	24968	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	24969	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	24970	if (wc_curve448_export_public_ex(
wolfSSL	16:8e0d178b1d1e	24971	(curve448_key*)ssl->eccTempKey,
wolfSSL	16:8e0d178b1d1e	24972	args->exportBuf, &args->exportSz,
wolfSSL	16:8e0d178b1d1e	24973	EC448_LITTLE_ENDIAN) != 0) {
wolfSSL	16:8e0d178b1d1e	24974	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	16:8e0d178b1d1e	24975	}
wolfSSL	16:8e0d178b1d1e	24976	}
wolfSSL	16:8e0d178b1d1e	24977	else
wolfSSL	16:8e0d178b1d1e	24978	#endif
wolfSSL	15:117db924cf7c	24979	{
wolfSSL	16:8e0d178b1d1e	24980	#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)
wolfSSL	15:117db924cf7c	24981	if (wc_ecc_export_x963(ssl->eccTempKey,
wolfSSL	15:117db924cf7c	24982	args->exportBuf, &args->exportSz) != 0) {
wolfSSL	15:117db924cf7c	24983	ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	24984	}
wolfSSL	15:117db924cf7c	24985	#endif
wolfSSL	15:117db924cf7c	24986	}
wolfSSL	15:117db924cf7c	24987	args->length += args->exportSz;
wolfSSL	15:117db924cf7c	24988
wolfSSL	15:117db924cf7c	24989	preSigSz = args->length;
wolfSSL	15:117db924cf7c	24990	preSigIdx = args->idx;
wolfSSL	15:117db924cf7c	24991
wolfSSL	15:117db924cf7c	24992	if (ssl->buffers.key == NULL) {
wolfSSL	15:117db924cf7c	24993	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	24994	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
wolfSSL	15:117db924cf7c	24995	args->tmpSigSz = GetPrivateKeySigSize(ssl);
wolfSSL	16:8e0d178b1d1e	24996	if (args->tmpSigSz == 0) {
wolfSSL	15:117db924cf7c	24997	ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL	15:117db924cf7c	24998	}
wolfSSL	15:117db924cf7c	24999	}
wolfSSL	15:117db924cf7c	25000	else
wolfSSL	15:117db924cf7c	25001	#endif
wolfSSL	15:117db924cf7c	25002	ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL	15:117db924cf7c	25003	}
wolfSSL	15:117db924cf7c	25004	else {
wolfSSL	15:117db924cf7c	25005	switch(ssl->suites->sigAlgo) {
wolfSSL	15:117db924cf7c	25006	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25007	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25008	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25009	#endif
wolfSSL	15:117db924cf7c	25010	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25011	{
wolfSSL	16:8e0d178b1d1e	25012	word16 keySz;
wolfSSL	16:8e0d178b1d1e	25013
wolfSSL	16:8e0d178b1d1e	25014	ssl->buffers.keyType = rsa_sa_algo;
wolfSSL	16:8e0d178b1d1e	25015	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	25016	if (ret != 0) {
wolfSSL	15:117db924cf7c	25017	goto exit_sske;
wolfSSL	15:117db924cf7c	25018	}
wolfSSL	15:117db924cf7c	25019
wolfSSL	15:117db924cf7c	25020	args->tmpSigSz = (word32)keySz;
wolfSSL	15:117db924cf7c	25021	break;
wolfSSL	15:117db924cf7c	25022	}
wolfSSL	15:117db924cf7c	25023	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	25024	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	25025	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	25026	{
wolfSSL	16:8e0d178b1d1e	25027	word16 keySz;
wolfSSL	16:8e0d178b1d1e	25028
wolfSSL	16:8e0d178b1d1e	25029	ssl->buffers.keyType = ecc_dsa_sa_algo;
wolfSSL	16:8e0d178b1d1e	25030	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	25031	if (ret != 0) {
wolfSSL	15:117db924cf7c	25032	goto exit_sske;
wolfSSL	15:117db924cf7c	25033	}
wolfSSL	15:117db924cf7c	25034	/* worst case estimate */
wolfSSL	16:8e0d178b1d1e	25035	args->tmpSigSz = keySz;
wolfSSL	15:117db924cf7c	25036	break;
wolfSSL	15:117db924cf7c	25037	}
wolfSSL	15:117db924cf7c	25038	#endif
wolfSSL	15:117db924cf7c	25039	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	25040	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	25041	{
wolfSSL	16:8e0d178b1d1e	25042	word16 keySz;
wolfSSL	16:8e0d178b1d1e	25043
wolfSSL	16:8e0d178b1d1e	25044	ssl->buffers.keyType = ed25519_sa_algo;
wolfSSL	16:8e0d178b1d1e	25045	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	25046	if (ret != 0) {
wolfSSL	15:117db924cf7c	25047	goto exit_sske;
wolfSSL	15:117db924cf7c	25048	}
wolfSSL	15:117db924cf7c	25049
wolfSSL	15:117db924cf7c	25050	/* worst case estimate */
wolfSSL	15:117db924cf7c	25051	args->tmpSigSz = ED25519_SIG_SIZE;
wolfSSL	15:117db924cf7c	25052	break;
wolfSSL	15:117db924cf7c	25053	}
wolfSSL	15:117db924cf7c	25054	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	25055	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	25056	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	25057	{
wolfSSL	16:8e0d178b1d1e	25058	word16 keySz;
wolfSSL	16:8e0d178b1d1e	25059
wolfSSL	16:8e0d178b1d1e	25060	ssl->buffers.keyType = ed448_sa_algo;
wolfSSL	16:8e0d178b1d1e	25061	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	16:8e0d178b1d1e	25062	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	25063	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	25064	}
wolfSSL	16:8e0d178b1d1e	25065
wolfSSL	16:8e0d178b1d1e	25066	/* worst case estimate */
wolfSSL	16:8e0d178b1d1e	25067	args->tmpSigSz = ED448_SIG_SIZE;
wolfSSL	16:8e0d178b1d1e	25068	break;
wolfSSL	16:8e0d178b1d1e	25069	}
wolfSSL	16:8e0d178b1d1e	25070	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	25071	default:
wolfSSL	15:117db924cf7c	25072	ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL	15:117db924cf7c	25073	} /* switch(ssl->specs.sig_algo) */
wolfSSL	15:117db924cf7c	25074	}
wolfSSL	15:117db924cf7c	25075
wolfSSL	15:117db924cf7c	25076	/* sig length */
wolfSSL	15:117db924cf7c	25077	args->length += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25078	args->length += args->tmpSigSz;
wolfSSL	15:117db924cf7c	25079
wolfSSL	15:117db924cf7c	25080	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25081	args->length += HASH_SIG_SIZE;
wolfSSL	15:117db924cf7c	25082	}
wolfSSL	15:117db924cf7c	25083
wolfSSL	15:117db924cf7c	25084	args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	25085
wolfSSL	15:117db924cf7c	25086	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	25087	args->length += args->qshSz;
wolfSSL	15:117db924cf7c	25088	args->sendSz += args->qshSz;
wolfSSL	15:117db924cf7c	25089	#endif
wolfSSL	15:117db924cf7c	25090	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	25091	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	25092	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	25093	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	25094	preSigIdx = args->idx;
wolfSSL	15:117db924cf7c	25095	}
wolfSSL	15:117db924cf7c	25096	#endif
wolfSSL	16:8e0d178b1d1e	25097	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	25098	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	25099	}
wolfSSL	16:8e0d178b1d1e	25100
wolfSSL	15:117db924cf7c	25101	/* check for available size */
wolfSSL	15:117db924cf7c	25102	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	25103	goto exit_sske;
wolfSSL	15:117db924cf7c	25104	}
wolfSSL	15:117db924cf7c	25105
wolfSSL	16:8e0d178b1d1e	25106	/* get output buffer */
wolfSSL	15:117db924cf7c	25107	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	25108	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	25109
wolfSSL	15:117db924cf7c	25110	/* record and message headers will be added below, when we're sure
wolfSSL	15:117db924cf7c	25111	of the sig length */
wolfSSL	15:117db924cf7c	25112
wolfSSL	15:117db924cf7c	25113	/* key exchange data */
wolfSSL	15:117db924cf7c	25114	args->output[args->idx++] = named_curve;
wolfSSL	15:117db924cf7c	25115	args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL	15:117db924cf7c	25116	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	25117	if (ssl->ecdhCurveOID == ECC_X25519_OID)
wolfSSL	15:117db924cf7c	25118	args->output[args->idx++] = WOLFSSL_ECC_X25519;
wolfSSL	15:117db924cf7c	25119	else
wolfSSL	15:117db924cf7c	25120	#endif
wolfSSL	16:8e0d178b1d1e	25121	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	25122	if (ssl->ecdhCurveOID == ECC_X448_OID)
wolfSSL	16:8e0d178b1d1e	25123	args->output[args->idx++] = WOLFSSL_ECC_X448;
wolfSSL	16:8e0d178b1d1e	25124	else
wolfSSL	16:8e0d178b1d1e	25125	#endif
wolfSSL	15:117db924cf7c	25126	{
wolfSSL	15:117db924cf7c	25127	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	25128	args->output[args->idx++] =
wolfSSL	15:117db924cf7c	25129	SetCurveId(ssl->eccTempKey);
wolfSSL	15:117db924cf7c	25130	#endif
wolfSSL	15:117db924cf7c	25131	}
wolfSSL	15:117db924cf7c	25132	args->output[args->idx++] = (byte)args->exportSz;
wolfSSL	15:117db924cf7c	25133	XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz);
wolfSSL	15:117db924cf7c	25134	args->idx += args->exportSz;
wolfSSL	15:117db924cf7c	25135
wolfSSL	15:117db924cf7c	25136	/* Determine hash type */
wolfSSL	15:117db924cf7c	25137	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25138	EncodeSigAlg(ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25139	ssl->suites->sigAlgo,
wolfSSL	15:117db924cf7c	25140	&args->output[args->idx]);
wolfSSL	15:117db924cf7c	25141	args->idx += 2;
wolfSSL	15:117db924cf7c	25142
wolfSSL	15:117db924cf7c	25143	hashType = HashAlgoToType(ssl->suites->hashAlgo);
wolfSSL	15:117db924cf7c	25144	if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL	15:117db924cf7c	25145	ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL	15:117db924cf7c	25146	}
wolfSSL	15:117db924cf7c	25147
wolfSSL	15:117db924cf7c	25148	} else {
wolfSSL	15:117db924cf7c	25149	/* only using sha and md5 for rsa */
wolfSSL	15:117db924cf7c	25150	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	25151	hashType = WC_HASH_TYPE_SHA;
wolfSSL	15:117db924cf7c	25152	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	15:117db924cf7c	25153	hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL	15:117db924cf7c	25154	}
wolfSSL	15:117db924cf7c	25155	#else
wolfSSL	15:117db924cf7c	25156	ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL	15:117db924cf7c	25157	#endif
wolfSSL	15:117db924cf7c	25158	}
wolfSSL	15:117db924cf7c	25159
wolfSSL	16:8e0d178b1d1e	25160	/* Signature length will be written later, when we're sure what it is */
wolfSSL	15:117db924cf7c	25161
wolfSSL	15:117db924cf7c	25162	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	25163	if (ssl->fuzzerCb) {
wolfSSL	15:117db924cf7c	25164	ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL	15:117db924cf7c	25165	preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	25166	}
wolfSSL	15:117db924cf7c	25167	#endif
wolfSSL	15:117db924cf7c	25168
wolfSSL	15:117db924cf7c	25169	/* Assemble buffer to hash for signature */
wolfSSL	15:117db924cf7c	25170	args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL	15:117db924cf7c	25171	args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL	15:117db924cf7c	25172	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25173	if (args->sigDataBuf == NULL) {
wolfSSL	15:117db924cf7c	25174	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25175	}
wolfSSL	15:117db924cf7c	25176	XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL	15:117db924cf7c	25177	RAN_LEN);
wolfSSL	15:117db924cf7c	25178	XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL	15:117db924cf7c	25179	ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	25180	XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL	15:117db924cf7c	25181	args->output + preSigIdx, preSigSz);
wolfSSL	15:117db924cf7c	25182
wolfSSL	16:8e0d178b1d1e	25183	if (ssl->suites->sigAlgo != ed25519_sa_algo &&
wolfSSL	16:8e0d178b1d1e	25184	ssl->suites->sigAlgo != ed448_sa_algo) {
wolfSSL	15:117db924cf7c	25185	ssl->buffers.sig.length =
wolfSSL	15:117db924cf7c	25186	wc_HashGetDigestSize(hashType);
wolfSSL	16:8e0d178b1d1e	25187	if ((int)ssl->buffers.sig.length < 0) {
wolfSSL	16:8e0d178b1d1e	25188	ERROR_OUT(HASH_TYPE_E, exit_sske);
wolfSSL	16:8e0d178b1d1e	25189	}
wolfSSL	15:117db924cf7c	25190	ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25191	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25192	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25193	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	25194	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25195	}
wolfSSL	15:117db924cf7c	25196
wolfSSL	15:117db924cf7c	25197	/* Perform hash */
wolfSSL	15:117db924cf7c	25198	ret = wc_Hash(hashType, args->sigDataBuf,
wolfSSL	15:117db924cf7c	25199	args->sigDataSz,
wolfSSL	15:117db924cf7c	25200	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25201	ssl->buffers.sig.length);
wolfSSL	15:117db924cf7c	25202	if (ret != 0) {
wolfSSL	15:117db924cf7c	25203	goto exit_sske;
wolfSSL	15:117db924cf7c	25204	}
wolfSSL	15:117db924cf7c	25205	}
wolfSSL	15:117db924cf7c	25206
wolfSSL	15:117db924cf7c	25207	args->sigSz = args->tmpSigSz;
wolfSSL	15:117db924cf7c	25208
wolfSSL	15:117db924cf7c	25209	/* Sign hash to create signature */
wolfSSL	15:117db924cf7c	25210	switch (ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25211	{
wolfSSL	15:117db924cf7c	25212	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25213	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25214	{
wolfSSL	15:117db924cf7c	25215	/* For TLS 1.2 re-encode signature */
wolfSSL	15:117db924cf7c	25216	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25217	byte* encodedSig = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25218	MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL	15:117db924cf7c	25219	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25220	if (encodedSig == NULL) {
wolfSSL	15:117db924cf7c	25221	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25222	}
wolfSSL	15:117db924cf7c	25223
wolfSSL	15:117db924cf7c	25224	ssl->buffers.sig.length =
wolfSSL	15:117db924cf7c	25225	wc_EncodeSignature(encodedSig,
wolfSSL	15:117db924cf7c	25226	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25227	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25228	TypeHash(ssl->suites->hashAlgo));
wolfSSL	15:117db924cf7c	25229
wolfSSL	15:117db924cf7c	25230	/* Replace sig buffer with new one */
wolfSSL	15:117db924cf7c	25231	XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	25232	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25233	ssl->buffers.sig.buffer = encodedSig;
wolfSSL	15:117db924cf7c	25234	}
wolfSSL	15:117db924cf7c	25235
wolfSSL	15:117db924cf7c	25236	/* write sig size here */
wolfSSL	15:117db924cf7c	25237	c16toa((word16)args->sigSz,
wolfSSL	15:117db924cf7c	25238	args->output + args->idx);
wolfSSL	15:117db924cf7c	25239	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25240	break;
wolfSSL	15:117db924cf7c	25241	}
wolfSSL	15:117db924cf7c	25242	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25243	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25244	/* write sig size here */
wolfSSL	15:117db924cf7c	25245	c16toa((word16)args->sigSz,
wolfSSL	15:117db924cf7c	25246	args->output + args->idx);
wolfSSL	15:117db924cf7c	25247	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25248	break;
wolfSSL	15:117db924cf7c	25249	#endif
wolfSSL	15:117db924cf7c	25250	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	25251	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	25252	{
wolfSSL	15:117db924cf7c	25253	break;
wolfSSL	15:117db924cf7c	25254	}
wolfSSL	15:117db924cf7c	25255	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	25256	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	25257	ret = Ed25519CheckPubKey(ssl);
wolfSSL	15:117db924cf7c	25258	if (ret != 0)
wolfSSL	15:117db924cf7c	25259	goto exit_sske;
wolfSSL	15:117db924cf7c	25260	break;
wolfSSL	15:117db924cf7c	25261	#endif /* HAVE_ED25519 */
wolfSSL	16:8e0d178b1d1e	25262	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	25263	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	25264	ret = Ed448CheckPubKey(ssl);
wolfSSL	16:8e0d178b1d1e	25265	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	25266	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	25267	break;
wolfSSL	16:8e0d178b1d1e	25268	#endif /* HAVE_ED448 */
wolfSSL	15:117db924cf7c	25269	} /* switch(ssl->specs.sig_algo) */
wolfSSL	15:117db924cf7c	25270	break;
wolfSSL	15:117db924cf7c	25271	}
wolfSSL	16:8e0d178b1d1e	25272	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	25273	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	25274	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	25275	{
wolfSSL	15:117db924cf7c	25276	enum wc_HashType hashType;
wolfSSL	15:117db924cf7c	25277
wolfSSL	15:117db924cf7c	25278	args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	25279	args->length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL	15:117db924cf7c	25280	args->length += ssl->buffers.serverDH_P.length +
wolfSSL	15:117db924cf7c	25281	ssl->buffers.serverDH_G.length +
wolfSSL	15:117db924cf7c	25282	ssl->buffers.serverDH_Pub.length;
wolfSSL	15:117db924cf7c	25283
wolfSSL	15:117db924cf7c	25284	preSigIdx = args->idx;
wolfSSL	15:117db924cf7c	25285	preSigSz = args->length;
wolfSSL	15:117db924cf7c	25286
wolfSSL	15:117db924cf7c	25287	if (!ssl->options.usingAnon_cipher) {
wolfSSL	16:8e0d178b1d1e	25288	word16 keySz;
wolfSSL	15:117db924cf7c	25289
wolfSSL	15:117db924cf7c	25290	/* sig length */
wolfSSL	15:117db924cf7c	25291	args->length += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25292
wolfSSL	15:117db924cf7c	25293	if (ssl->buffers.key == NULL) {
wolfSSL	15:117db924cf7c	25294	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	25295	if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx))
wolfSSL	15:117db924cf7c	25296	keySz = (word32)GetPrivateKeySigSize(ssl);
wolfSSL	15:117db924cf7c	25297	else
wolfSSL	15:117db924cf7c	25298	#endif
wolfSSL	15:117db924cf7c	25299	ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL	15:117db924cf7c	25300	}
wolfSSL	15:117db924cf7c	25301	else
wolfSSL	15:117db924cf7c	25302	{
wolfSSL	16:8e0d178b1d1e	25303	if (ssl->buffers.keyType == 0)
wolfSSL	16:8e0d178b1d1e	25304	ssl->buffers.keyType = rsa_sa_algo;
wolfSSL	16:8e0d178b1d1e	25305	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	25306	if (ret != 0) {
wolfSSL	15:117db924cf7c	25307	goto exit_sske;
wolfSSL	15:117db924cf7c	25308	}
wolfSSL	16:8e0d178b1d1e	25309	}
wolfSSL	16:8e0d178b1d1e	25310
wolfSSL	16:8e0d178b1d1e	25311	if (keySz == 0) { /* test if keySz has error */
wolfSSL	15:117db924cf7c	25312	ERROR_OUT(keySz, exit_sske);
wolfSSL	15:117db924cf7c	25313	}
wolfSSL	15:117db924cf7c	25314
wolfSSL	15:117db924cf7c	25315	args->tmpSigSz = (word32)keySz;
wolfSSL	15:117db924cf7c	25316	args->length += args->tmpSigSz;
wolfSSL	15:117db924cf7c	25317
wolfSSL	15:117db924cf7c	25318	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25319	args->length += HASH_SIG_SIZE;
wolfSSL	15:117db924cf7c	25320	}
wolfSSL	15:117db924cf7c	25321	}
wolfSSL	15:117db924cf7c	25322
wolfSSL	15:117db924cf7c	25323	args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL	15:117db924cf7c	25324	RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	25325
wolfSSL	15:117db924cf7c	25326	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	25327	args->length += args->qshSz;
wolfSSL	15:117db924cf7c	25328	args->sendSz += args->qshSz;
wolfSSL	15:117db924cf7c	25329	#endif
wolfSSL	15:117db924cf7c	25330	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	25331	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	25332	args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	25333	args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	25334	preSigIdx = args->idx;
wolfSSL	15:117db924cf7c	25335	}
wolfSSL	15:117db924cf7c	25336	#endif
wolfSSL	15:117db924cf7c	25337
wolfSSL	16:8e0d178b1d1e	25338	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	25339	args->sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	25340	}
wolfSSL	16:8e0d178b1d1e	25341
wolfSSL	15:117db924cf7c	25342	/* check for available size */
wolfSSL	15:117db924cf7c	25343	if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL	15:117db924cf7c	25344	goto exit_sske;
wolfSSL	15:117db924cf7c	25345	}
wolfSSL	15:117db924cf7c	25346
wolfSSL	16:8e0d178b1d1e	25347	/* get output buffer */
wolfSSL	15:117db924cf7c	25348	args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	25349	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	25350
wolfSSL	15:117db924cf7c	25351	AddHeaders(args->output, args->length,
wolfSSL	15:117db924cf7c	25352	server_key_exchange, ssl);
wolfSSL	15:117db924cf7c	25353
wolfSSL	15:117db924cf7c	25354	/* add p, g, pub */
wolfSSL	15:117db924cf7c	25355	c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL	15:117db924cf7c	25356	args->output + args->idx);
wolfSSL	15:117db924cf7c	25357	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25358	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	25359	ssl->buffers.serverDH_P.buffer,
wolfSSL	15:117db924cf7c	25360	ssl->buffers.serverDH_P.length);
wolfSSL	15:117db924cf7c	25361	args->idx += ssl->buffers.serverDH_P.length;
wolfSSL	15:117db924cf7c	25362
wolfSSL	15:117db924cf7c	25363	/* g */
wolfSSL	15:117db924cf7c	25364	c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL	15:117db924cf7c	25365	args->output + args->idx);
wolfSSL	15:117db924cf7c	25366	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25367	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	25368	ssl->buffers.serverDH_G.buffer,
wolfSSL	15:117db924cf7c	25369	ssl->buffers.serverDH_G.length);
wolfSSL	15:117db924cf7c	25370	args->idx += ssl->buffers.serverDH_G.length;
wolfSSL	15:117db924cf7c	25371
wolfSSL	15:117db924cf7c	25372	/* pub */
wolfSSL	15:117db924cf7c	25373	c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL	15:117db924cf7c	25374	args->output + args->idx);
wolfSSL	15:117db924cf7c	25375	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25376	XMEMCPY(args->output + args->idx,
wolfSSL	15:117db924cf7c	25377	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	15:117db924cf7c	25378	ssl->buffers.serverDH_Pub.length);
wolfSSL	15:117db924cf7c	25379	args->idx += ssl->buffers.serverDH_Pub.length;
wolfSSL	15:117db924cf7c	25380
wolfSSL	15:117db924cf7c	25381	#ifdef HAVE_FUZZER
wolfSSL	15:117db924cf7c	25382	if (ssl->fuzzerCb) {
wolfSSL	15:117db924cf7c	25383	ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL	15:117db924cf7c	25384	preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL	15:117db924cf7c	25385	}
wolfSSL	15:117db924cf7c	25386	#endif
wolfSSL	15:117db924cf7c	25387
wolfSSL	15:117db924cf7c	25388	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	25389	break;
wolfSSL	15:117db924cf7c	25390	}
wolfSSL	15:117db924cf7c	25391
wolfSSL	15:117db924cf7c	25392	/* Determine hash type */
wolfSSL	15:117db924cf7c	25393	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25394	EncodeSigAlg(ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25395	ssl->suites->sigAlgo,
wolfSSL	15:117db924cf7c	25396	&args->output[args->idx]);
wolfSSL	15:117db924cf7c	25397	args->idx += 2;
wolfSSL	15:117db924cf7c	25398
wolfSSL	15:117db924cf7c	25399	hashType = HashAlgoToType(ssl->suites->hashAlgo);
wolfSSL	15:117db924cf7c	25400	if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL	15:117db924cf7c	25401	ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL	15:117db924cf7c	25402	}
wolfSSL	15:117db924cf7c	25403	} else {
wolfSSL	15:117db924cf7c	25404	/* only using sha and md5 for rsa */
wolfSSL	15:117db924cf7c	25405	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	25406	hashType = WC_HASH_TYPE_SHA;
wolfSSL	15:117db924cf7c	25407	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	15:117db924cf7c	25408	hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL	15:117db924cf7c	25409	}
wolfSSL	15:117db924cf7c	25410	#else
wolfSSL	15:117db924cf7c	25411	ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL	15:117db924cf7c	25412	#endif
wolfSSL	15:117db924cf7c	25413	}
wolfSSL	15:117db924cf7c	25414
wolfSSL	15:117db924cf7c	25415	/* signature size */
wolfSSL	15:117db924cf7c	25416	c16toa((word16)args->tmpSigSz, args->output + args->idx);
wolfSSL	15:117db924cf7c	25417	args->idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	25418
wolfSSL	15:117db924cf7c	25419	/* Assemble buffer to hash for signature */
wolfSSL	15:117db924cf7c	25420	args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL	15:117db924cf7c	25421	args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL	15:117db924cf7c	25422	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25423	if (args->sigDataBuf == NULL) {
wolfSSL	15:117db924cf7c	25424	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25425	}
wolfSSL	15:117db924cf7c	25426	XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL	15:117db924cf7c	25427	RAN_LEN);
wolfSSL	15:117db924cf7c	25428	XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL	15:117db924cf7c	25429	ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	25430	XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL	15:117db924cf7c	25431	args->output + preSigIdx, preSigSz);
wolfSSL	15:117db924cf7c	25432
wolfSSL	16:8e0d178b1d1e	25433	if (ssl->suites->sigAlgo != ed25519_sa_algo &&
wolfSSL	16:8e0d178b1d1e	25434	ssl->suites->sigAlgo != ed448_sa_algo) {
wolfSSL	15:117db924cf7c	25435	ssl->buffers.sig.length =
wolfSSL	15:117db924cf7c	25436	wc_HashGetDigestSize(hashType);
wolfSSL	15:117db924cf7c	25437	ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25438	ssl->buffers.sig.length, ssl->heap,
wolfSSL	15:117db924cf7c	25439	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25440	if (ssl->buffers.sig.buffer == NULL) {
wolfSSL	15:117db924cf7c	25441	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25442	}
wolfSSL	15:117db924cf7c	25443
wolfSSL	15:117db924cf7c	25444	/* Perform hash */
wolfSSL	15:117db924cf7c	25445	ret = wc_Hash(hashType, args->sigDataBuf,
wolfSSL	15:117db924cf7c	25446	args->sigDataSz,
wolfSSL	15:117db924cf7c	25447	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25448	ssl->buffers.sig.length);
wolfSSL	15:117db924cf7c	25449	if (ret != 0) {
wolfSSL	15:117db924cf7c	25450	goto exit_sske;
wolfSSL	15:117db924cf7c	25451	}
wolfSSL	15:117db924cf7c	25452	}
wolfSSL	15:117db924cf7c	25453
wolfSSL	15:117db924cf7c	25454	args->sigSz = args->tmpSigSz;
wolfSSL	15:117db924cf7c	25455
wolfSSL	15:117db924cf7c	25456	/* Sign hash to create signature */
wolfSSL	15:117db924cf7c	25457	switch (ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25458	{
wolfSSL	15:117db924cf7c	25459	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25460	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25461	{
wolfSSL	15:117db924cf7c	25462	/* For TLS 1.2 re-encode signature */
wolfSSL	15:117db924cf7c	25463	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	25464	byte* encodedSig = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25465	MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL	15:117db924cf7c	25466	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25467	if (encodedSig == NULL) {
wolfSSL	15:117db924cf7c	25468	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25469	}
wolfSSL	15:117db924cf7c	25470
wolfSSL	15:117db924cf7c	25471	ssl->buffers.sig.length =
wolfSSL	15:117db924cf7c	25472	wc_EncodeSignature(encodedSig,
wolfSSL	15:117db924cf7c	25473	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25474	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25475	TypeHash(ssl->suites->hashAlgo));
wolfSSL	15:117db924cf7c	25476
wolfSSL	15:117db924cf7c	25477	/* Replace sig buffer with new one */
wolfSSL	15:117db924cf7c	25478	XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL	15:117db924cf7c	25479	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25480	ssl->buffers.sig.buffer = encodedSig;
wolfSSL	15:117db924cf7c	25481	}
wolfSSL	15:117db924cf7c	25482	break;
wolfSSL	15:117db924cf7c	25483	}
wolfSSL	15:117db924cf7c	25484	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	25485	} /* switch (ssl->suites->sigAlgo) */
wolfSSL	15:117db924cf7c	25486	break;
wolfSSL	15:117db924cf7c	25487	}
wolfSSL	15:117db924cf7c	25488	#endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL	15:117db924cf7c	25489	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	25490
wolfSSL	15:117db924cf7c	25491	/* Check for error */
wolfSSL	15:117db924cf7c	25492	if (ret != 0) {
wolfSSL	15:117db924cf7c	25493	goto exit_sske;
wolfSSL	15:117db924cf7c	25494	}
wolfSSL	15:117db924cf7c	25495
wolfSSL	15:117db924cf7c	25496	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	25497	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	25498	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	25499	FALL_THROUGH;
wolfSSL	15:117db924cf7c	25500
wolfSSL	15:117db924cf7c	25501	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	25502	{
wolfSSL	15:117db924cf7c	25503	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	25504	{
wolfSSL	15:117db924cf7c	25505	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	25506	case psk_kea:
wolfSSL	15:117db924cf7c	25507	{
wolfSSL	15:117db924cf7c	25508	break;
wolfSSL	15:117db924cf7c	25509	}
wolfSSL	15:117db924cf7c	25510	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	25511	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	25512	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	25513	{
wolfSSL	15:117db924cf7c	25514	break;
wolfSSL	15:117db924cf7c	25515	}
wolfSSL	15:117db924cf7c	25516	#endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL	16:8e0d178b1d1e	25517	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	25518	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	25519	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	25520	{
wolfSSL	15:117db924cf7c	25521	break;
wolfSSL	15:117db924cf7c	25522	}
wolfSSL	16:8e0d178b1d1e	25523	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	25524	#if defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	25525	defined(HAVE_ED448)
wolfSSL	15:117db924cf7c	25526	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	25527	{
wolfSSL	15:117db924cf7c	25528	/* Sign hash to create signature */
wolfSSL	15:117db924cf7c	25529	switch (ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25530	{
wolfSSL	15:117db924cf7c	25531	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25532	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25533	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25534	#endif
wolfSSL	15:117db924cf7c	25535	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25536	{
wolfSSL	15:117db924cf7c	25537	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25538
wolfSSL	15:117db924cf7c	25539	ret = RsaSign(ssl,
wolfSSL	15:117db924cf7c	25540	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25541	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25542	args->output + args->idx,
wolfSSL	15:117db924cf7c	25543	&args->sigSz,
wolfSSL	15:117db924cf7c	25544	ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25545	key,
wolfSSL	15:117db924cf7c	25546	ssl->buffers.key
wolfSSL	15:117db924cf7c	25547	);
wolfSSL	15:117db924cf7c	25548	break;
wolfSSL	15:117db924cf7c	25549	}
wolfSSL	15:117db924cf7c	25550	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	25551	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	25552	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	25553	{
wolfSSL	15:117db924cf7c	25554	ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25555
wolfSSL	15:117db924cf7c	25556	ret = EccSign(ssl,
wolfSSL	15:117db924cf7c	25557	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25558	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25559	args->output + LENGTH_SZ + args->idx,
wolfSSL	15:117db924cf7c	25560	&args->sigSz,
wolfSSL	15:117db924cf7c	25561	key,
wolfSSL	15:117db924cf7c	25562	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	25563	ssl->buffers.key
wolfSSL	15:117db924cf7c	25564	#else
wolfSSL	15:117db924cf7c	25565	NULL
wolfSSL	15:117db924cf7c	25566	#endif
wolfSSL	15:117db924cf7c	25567	);
wolfSSL	15:117db924cf7c	25568	break;
wolfSSL	15:117db924cf7c	25569	}
wolfSSL	15:117db924cf7c	25570	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	25571	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	25572	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	25573	{
wolfSSL	15:117db924cf7c	25574	ed25519_key* key = (ed25519_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25575
wolfSSL	15:117db924cf7c	25576	ret = Ed25519Sign(ssl,
wolfSSL	15:117db924cf7c	25577	args->sigDataBuf, args->sigDataSz,
wolfSSL	15:117db924cf7c	25578	args->output + LENGTH_SZ + args->idx,
wolfSSL	15:117db924cf7c	25579	&args->sigSz,
wolfSSL	15:117db924cf7c	25580	key,
wolfSSL	15:117db924cf7c	25581	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	25582	ssl->buffers.key
wolfSSL	15:117db924cf7c	25583	#else
wolfSSL	15:117db924cf7c	25584	NULL
wolfSSL	15:117db924cf7c	25585	#endif
wolfSSL	15:117db924cf7c	25586	);
wolfSSL	15:117db924cf7c	25587	break;
wolfSSL	15:117db924cf7c	25588	}
wolfSSL	15:117db924cf7c	25589	#endif
wolfSSL	16:8e0d178b1d1e	25590	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	25591	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	25592	{
wolfSSL	16:8e0d178b1d1e	25593	ed448_key* key = (ed448_key*)ssl->hsKey;
wolfSSL	16:8e0d178b1d1e	25594
wolfSSL	16:8e0d178b1d1e	25595	ret = Ed448Sign(ssl,
wolfSSL	16:8e0d178b1d1e	25596	args->sigDataBuf, args->sigDataSz,
wolfSSL	16:8e0d178b1d1e	25597	args->output + LENGTH_SZ + args->idx,
wolfSSL	16:8e0d178b1d1e	25598	&args->sigSz,
wolfSSL	16:8e0d178b1d1e	25599	key,
wolfSSL	16:8e0d178b1d1e	25600	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	25601	ssl->buffers.key
wolfSSL	16:8e0d178b1d1e	25602	#else
wolfSSL	16:8e0d178b1d1e	25603	NULL
wolfSSL	16:8e0d178b1d1e	25604	#endif
wolfSSL	16:8e0d178b1d1e	25605	);
wolfSSL	16:8e0d178b1d1e	25606	break;
wolfSSL	16:8e0d178b1d1e	25607	}
wolfSSL	16:8e0d178b1d1e	25608	#endif
wolfSSL	15:117db924cf7c	25609	} /* switch(ssl->specs.sig_algo) */
wolfSSL	15:117db924cf7c	25610	break;
wolfSSL	15:117db924cf7c	25611	}
wolfSSL	16:8e0d178b1d1e	25612	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	25613	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	25614	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	25615	{
wolfSSL	15:117db924cf7c	25616	/* Sign hash to create signature */
wolfSSL	15:117db924cf7c	25617	switch (ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25618	{
wolfSSL	15:117db924cf7c	25619	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25620	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25621	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25622	#endif
wolfSSL	15:117db924cf7c	25623	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25624	{
wolfSSL	15:117db924cf7c	25625	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25626
wolfSSL	15:117db924cf7c	25627	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	25628	break;
wolfSSL	15:117db924cf7c	25629	}
wolfSSL	15:117db924cf7c	25630
wolfSSL	15:117db924cf7c	25631	ret = RsaSign(ssl,
wolfSSL	15:117db924cf7c	25632	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25633	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25634	args->output + args->idx,
wolfSSL	15:117db924cf7c	25635	&args->sigSz,
wolfSSL	15:117db924cf7c	25636	ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25637	key,
wolfSSL	15:117db924cf7c	25638	ssl->buffers.key
wolfSSL	15:117db924cf7c	25639	);
wolfSSL	15:117db924cf7c	25640	break;
wolfSSL	15:117db924cf7c	25641	}
wolfSSL	15:117db924cf7c	25642	#endif /* NO_RSA */
wolfSSL	15:117db924cf7c	25643	} /* switch (ssl->suites->sigAlgo) */
wolfSSL	15:117db924cf7c	25644
wolfSSL	15:117db924cf7c	25645	break;
wolfSSL	15:117db924cf7c	25646	}
wolfSSL	15:117db924cf7c	25647	#endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL	15:117db924cf7c	25648	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	25649
wolfSSL	15:117db924cf7c	25650	/* Check for error */
wolfSSL	15:117db924cf7c	25651	if (ret != 0) {
wolfSSL	15:117db924cf7c	25652	goto exit_sske;
wolfSSL	15:117db924cf7c	25653	}
wolfSSL	15:117db924cf7c	25654
wolfSSL	15:117db924cf7c	25655	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	25656	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	25657	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	25658	FALL_THROUGH;
wolfSSL	15:117db924cf7c	25659
wolfSSL	15:117db924cf7c	25660	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	25661	{
wolfSSL	15:117db924cf7c	25662	switch(ssl->specs.kea)
wolfSSL	15:117db924cf7c	25663	{
wolfSSL	15:117db924cf7c	25664	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	25665	case psk_kea:
wolfSSL	15:117db924cf7c	25666	{
wolfSSL	15:117db924cf7c	25667	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	25668	break;
wolfSSL	15:117db924cf7c	25669	}
wolfSSL	15:117db924cf7c	25670	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	25671	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	25672	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	25673	{
wolfSSL	15:117db924cf7c	25674	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	25675	break;
wolfSSL	15:117db924cf7c	25676	}
wolfSSL	15:117db924cf7c	25677	#endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL	16:8e0d178b1d1e	25678	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	25679	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	25680	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	25681	{
wolfSSL	15:117db924cf7c	25682	/* Nothing to do in this sub-state */
wolfSSL	15:117db924cf7c	25683	break;
wolfSSL	15:117db924cf7c	25684	}
wolfSSL	16:8e0d178b1d1e	25685	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	25686	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	25687	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	25688	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	25689	{
wolfSSL	15:117db924cf7c	25690	switch(ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25691	{
wolfSSL	15:117db924cf7c	25692	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25693	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25694	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25695	#endif
wolfSSL	15:117db924cf7c	25696	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25697	{
wolfSSL	15:117db924cf7c	25698	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25699
wolfSSL	15:117db924cf7c	25700	if (args->verifySig == NULL) {
wolfSSL	15:117db924cf7c	25701	if (args->sigSz == 0) {
wolfSSL	15:117db924cf7c	25702	ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL	15:117db924cf7c	25703	}
wolfSSL	15:117db924cf7c	25704	args->verifySig = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25705	args->sigSz, ssl->heap,
wolfSSL	15:117db924cf7c	25706	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25707	if (!args->verifySig) {
wolfSSL	15:117db924cf7c	25708	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25709	}
wolfSSL	15:117db924cf7c	25710	XMEMCPY(args->verifySig,
wolfSSL	15:117db924cf7c	25711	args->output + args->idx, args->sigSz);
wolfSSL	15:117db924cf7c	25712	}
wolfSSL	15:117db924cf7c	25713
wolfSSL	15:117db924cf7c	25714	/* check for signature faults */
wolfSSL	15:117db924cf7c	25715	ret = VerifyRsaSign(ssl,
wolfSSL	15:117db924cf7c	25716	args->verifySig, args->sigSz,
wolfSSL	15:117db924cf7c	25717	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25718	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25719	ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25720	key, ssl->buffers.key
wolfSSL	15:117db924cf7c	25721	);
wolfSSL	15:117db924cf7c	25722	break;
wolfSSL	15:117db924cf7c	25723	}
wolfSSL	15:117db924cf7c	25724	#endif
wolfSSL	15:117db924cf7c	25725	case ecc_dsa_sa_algo:
wolfSSL	15:117db924cf7c	25726	#ifdef HAVE_ED25519
wolfSSL	15:117db924cf7c	25727	case ed25519_sa_algo:
wolfSSL	15:117db924cf7c	25728	#endif
wolfSSL	16:8e0d178b1d1e	25729	#ifdef HAVE_ED448
wolfSSL	16:8e0d178b1d1e	25730	case ed448_sa_algo:
wolfSSL	16:8e0d178b1d1e	25731	#endif
wolfSSL	15:117db924cf7c	25732	{
wolfSSL	15:117db924cf7c	25733	/* Now that we know the real sig size, write it. */
wolfSSL	15:117db924cf7c	25734	c16toa((word16)args->sigSz,
wolfSSL	15:117db924cf7c	25735	args->output + args->idx);
wolfSSL	15:117db924cf7c	25736
wolfSSL	15:117db924cf7c	25737	/* And adjust length and sendSz from estimates */
wolfSSL	15:117db924cf7c	25738	args->length += args->sigSz - args->tmpSigSz;
wolfSSL	15:117db924cf7c	25739	args->sendSz += args->sigSz - args->tmpSigSz;
wolfSSL	15:117db924cf7c	25740	break;
wolfSSL	15:117db924cf7c	25741	}
wolfSSL	15:117db924cf7c	25742	default:
wolfSSL	15:117db924cf7c	25743	ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL	15:117db924cf7c	25744	} /* switch(ssl->specs.sig_algo) */
wolfSSL	15:117db924cf7c	25745	break;
wolfSSL	15:117db924cf7c	25746	}
wolfSSL	16:8e0d178b1d1e	25747	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	25748	#if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL	15:117db924cf7c	25749	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	25750	{
wolfSSL	15:117db924cf7c	25751	switch (ssl->suites->sigAlgo)
wolfSSL	15:117db924cf7c	25752	{
wolfSSL	15:117db924cf7c	25753	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	25754	#ifndef WC_RSA_PSS
wolfSSL	15:117db924cf7c	25755	case rsa_pss_sa_algo:
wolfSSL	15:117db924cf7c	25756	#endif
wolfSSL	15:117db924cf7c	25757	case rsa_sa_algo:
wolfSSL	15:117db924cf7c	25758	{
wolfSSL	15:117db924cf7c	25759	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	25760
wolfSSL	15:117db924cf7c	25761	if (ssl->options.usingAnon_cipher) {
wolfSSL	15:117db924cf7c	25762	break;
wolfSSL	15:117db924cf7c	25763	}
wolfSSL	15:117db924cf7c	25764
wolfSSL	15:117db924cf7c	25765	if (args->verifySig == NULL) {
wolfSSL	15:117db924cf7c	25766	if (args->sigSz == 0) {
wolfSSL	15:117db924cf7c	25767	ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL	15:117db924cf7c	25768	}
wolfSSL	15:117db924cf7c	25769	args->verifySig = (byte*)XMALLOC(
wolfSSL	15:117db924cf7c	25770	args->sigSz, ssl->heap,
wolfSSL	15:117db924cf7c	25771	DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	25772	if (!args->verifySig) {
wolfSSL	15:117db924cf7c	25773	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25774	}
wolfSSL	15:117db924cf7c	25775	XMEMCPY(args->verifySig,
wolfSSL	15:117db924cf7c	25776	args->output + args->idx, args->sigSz);
wolfSSL	15:117db924cf7c	25777	}
wolfSSL	15:117db924cf7c	25778
wolfSSL	15:117db924cf7c	25779	/* check for signature faults */
wolfSSL	15:117db924cf7c	25780	ret = VerifyRsaSign(ssl,
wolfSSL	15:117db924cf7c	25781	args->verifySig, args->sigSz,
wolfSSL	15:117db924cf7c	25782	ssl->buffers.sig.buffer,
wolfSSL	15:117db924cf7c	25783	ssl->buffers.sig.length,
wolfSSL	15:117db924cf7c	25784	ssl->suites->sigAlgo, ssl->suites->hashAlgo,
wolfSSL	15:117db924cf7c	25785	key, ssl->buffers.key
wolfSSL	15:117db924cf7c	25786	);
wolfSSL	15:117db924cf7c	25787	break;
wolfSSL	15:117db924cf7c	25788	}
wolfSSL	15:117db924cf7c	25789	#endif
wolfSSL	15:117db924cf7c	25790	} /* switch (ssl->suites->sigAlgo) */
wolfSSL	15:117db924cf7c	25791	break;
wolfSSL	15:117db924cf7c	25792	}
wolfSSL	15:117db924cf7c	25793	#endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL	15:117db924cf7c	25794	} /* switch(ssl->specs.kea) */
wolfSSL	15:117db924cf7c	25795
wolfSSL	15:117db924cf7c	25796	/* Check for error */
wolfSSL	15:117db924cf7c	25797	if (ret != 0) {
wolfSSL	15:117db924cf7c	25798	goto exit_sske;
wolfSSL	15:117db924cf7c	25799	}
wolfSSL	15:117db924cf7c	25800
wolfSSL	15:117db924cf7c	25801	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	25802	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	25803	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	25804	FALL_THROUGH;
wolfSSL	15:117db924cf7c	25805
wolfSSL	15:117db924cf7c	25806	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	25807	{
wolfSSL	15:117db924cf7c	25808	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	25809	if (ssl->peerQSHKeyPresent) {
wolfSSL	15:117db924cf7c	25810	if (args->qshSz > 0) {
wolfSSL	15:117db924cf7c	25811	args->idx = args->sendSz - args->qshSz;
wolfSSL	15:117db924cf7c	25812	if (QSH_KeyExchangeWrite(ssl, 1) != 0) {
wolfSSL	15:117db924cf7c	25813	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25814	}
wolfSSL	15:117db924cf7c	25815
wolfSSL	15:117db924cf7c	25816	/* extension type */
wolfSSL	15:117db924cf7c	25817	c16toa(TLSX_QUANTUM_SAFE_HYBRID,
wolfSSL	15:117db924cf7c	25818	args->output + args->idx);
wolfSSL	15:117db924cf7c	25819	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	25820
wolfSSL	15:117db924cf7c	25821	/* write to output and check amount written */
wolfSSL	15:117db924cf7c	25822	if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL	15:117db924cf7c	25823	args->output + args->idx) >
wolfSSL	15:117db924cf7c	25824	args->qshSz - OPAQUE16_LEN) {
wolfSSL	15:117db924cf7c	25825	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	15:117db924cf7c	25826	}
wolfSSL	15:117db924cf7c	25827	}
wolfSSL	15:117db924cf7c	25828	}
wolfSSL	15:117db924cf7c	25829	#endif
wolfSSL	15:117db924cf7c	25830
wolfSSL	16:8e0d178b1d1e	25831	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	25832	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	25833	if (ssl->specs.kea == ecdhe_psk_kea \|\|
wolfSSL	15:117db924cf7c	25834	ssl->specs.kea == ecc_diffie_hellman_kea) {
wolfSSL	15:117db924cf7c	25835	/* Check output to make sure it was set */
wolfSSL	15:117db924cf7c	25836	if (args->output) {
wolfSSL	15:117db924cf7c	25837	AddHeaders(args->output, args->length,
wolfSSL	15:117db924cf7c	25838	server_key_exchange, ssl);
wolfSSL	15:117db924cf7c	25839	}
wolfSSL	15:117db924cf7c	25840	else {
wolfSSL	15:117db924cf7c	25841	ERROR_OUT(BUFFER_ERROR, exit_sske);
wolfSSL	15:117db924cf7c	25842	}
wolfSSL	15:117db924cf7c	25843	}
wolfSSL	16:8e0d178b1d1e	25844	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	16:8e0d178b1d1e	25845
wolfSSL	16:8e0d178b1d1e	25846	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	25847	args->inputSz = args->length + HANDSHAKE_HEADER_SZ;
wolfSSL	16:8e0d178b1d1e	25848	/* buildmsg adds rechdr */
wolfSSL	16:8e0d178b1d1e	25849	args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL	16:8e0d178b1d1e	25850	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	25851	if (args->input == NULL) {
wolfSSL	16:8e0d178b1d1e	25852	ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL	16:8e0d178b1d1e	25853	}
wolfSSL	16:8e0d178b1d1e	25854
wolfSSL	16:8e0d178b1d1e	25855	if (args->output == NULL) {
wolfSSL	16:8e0d178b1d1e	25856	ERROR_OUT(BUFFER_ERROR, exit_sske);
wolfSSL	16:8e0d178b1d1e	25857	}
wolfSSL	16:8e0d178b1d1e	25858
wolfSSL	16:8e0d178b1d1e	25859	XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL	16:8e0d178b1d1e	25860	args->inputSz);
wolfSSL	16:8e0d178b1d1e	25861	ret = BuildMessage(ssl, args->output, args->sendSz,
wolfSSL	16:8e0d178b1d1e	25862	args->input, args->inputSz, handshake, 1, 0, 0);
wolfSSL	16:8e0d178b1d1e	25863	XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	25864	args->input = NULL;
wolfSSL	16:8e0d178b1d1e	25865	/* make sure its not double free'd on cleanup */
wolfSSL	16:8e0d178b1d1e	25866
wolfSSL	16:8e0d178b1d1e	25867	if (ret >= 0) {
wolfSSL	16:8e0d178b1d1e	25868	args->sendSz = ret;
wolfSSL	16:8e0d178b1d1e	25869	ret = 0;
wolfSSL	16:8e0d178b1d1e	25870	}
wolfSSL	16:8e0d178b1d1e	25871	}
wolfSSL	16:8e0d178b1d1e	25872	else {
wolfSSL	16:8e0d178b1d1e	25873	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	25874	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	25875	if ((ret = DtlsMsgPoolSave(ssl,
wolfSSL	16:8e0d178b1d1e	25876	args->output, args->sendSz)) != 0) {
wolfSSL	16:8e0d178b1d1e	25877	goto exit_sske;
wolfSSL	16:8e0d178b1d1e	25878	}
wolfSSL	16:8e0d178b1d1e	25879	}
wolfSSL	16:8e0d178b1d1e	25880
wolfSSL	16:8e0d178b1d1e	25881	if (ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	25882	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	16:8e0d178b1d1e	25883	#endif
wolfSSL	16:8e0d178b1d1e	25884
wolfSSL	16:8e0d178b1d1e	25885	ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL	16:8e0d178b1d1e	25886	if (ret != 0) {
wolfSSL	15:117db924cf7c	25887	goto exit_sske;
wolfSSL	15:117db924cf7c	25888	}
wolfSSL	15:117db924cf7c	25889	}
wolfSSL	15:117db924cf7c	25890
wolfSSL	15:117db924cf7c	25891	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	25892	if (ssl->hsInfoOn) {
wolfSSL	15:117db924cf7c	25893	AddPacketName(ssl, "ServerKeyExchange");
wolfSSL	15:117db924cf7c	25894	}
wolfSSL	15:117db924cf7c	25895	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	25896	AddPacketInfo(ssl, "ServerKeyExchange", handshake,
wolfSSL	15:117db924cf7c	25897	args->output, args->sendSz, WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	25898	}
wolfSSL	15:117db924cf7c	25899	#endif
wolfSSL	15:117db924cf7c	25900
wolfSSL	15:117db924cf7c	25901	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	25902	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	25903	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	25904	FALL_THROUGH;
wolfSSL	15:117db924cf7c	25905
wolfSSL	15:117db924cf7c	25906	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	25907	{
wolfSSL	15:117db924cf7c	25908	ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL	15:117db924cf7c	25909	if (!ssl->options.groupMessages) {
wolfSSL	15:117db924cf7c	25910	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	25911	}
wolfSSL	15:117db924cf7c	25912
wolfSSL	15:117db924cf7c	25913	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	25914	break;
wolfSSL	15:117db924cf7c	25915	}
wolfSSL	15:117db924cf7c	25916	default:
wolfSSL	15:117db924cf7c	25917	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	25918	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	25919
wolfSSL	15:117db924cf7c	25920	exit_sske:
wolfSSL	15:117db924cf7c	25921
wolfSSL	15:117db924cf7c	25922	WOLFSSL_LEAVE("SendServerKeyExchange", ret);
wolfSSL	15:117db924cf7c	25923	WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_SEND);
wolfSSL	15:117db924cf7c	25924
wolfSSL	15:117db924cf7c	25925	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	25926	/* Handle async operation */
wolfSSL	15:117db924cf7c	25927	if (ret == WC_PENDING_E)
wolfSSL	15:117db924cf7c	25928	return ret;
wolfSSL	15:117db924cf7c	25929	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	25930
wolfSSL	15:117db924cf7c	25931	/* Final cleanup */
wolfSSL	15:117db924cf7c	25932	FreeSskeArgs(ssl, args);
wolfSSL	15:117db924cf7c	25933	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	25934
wolfSSL	15:117db924cf7c	25935	return ret;
wolfSSL	15:117db924cf7c	25936	}
wolfSSL	15:117db924cf7c	25937
wolfSSL	16:8e0d178b1d1e	25938	#if defined(HAVE_SERVER_RENEGOTIATION_INFO) \|\| defined(HAVE_FALLBACK_SCSV) \|\| \
wolfSSL	16:8e0d178b1d1e	25939	defined(OPENSSL_ALL)
wolfSSL	15:117db924cf7c	25940
wolfSSL	15:117db924cf7c	25941	/* search suites for specific one, idx on success, negative on error */
wolfSSL	16:8e0d178b1d1e	25942	#ifndef WOLFSSL_TLS13
wolfSSL	16:8e0d178b1d1e	25943	static
wolfSSL	16:8e0d178b1d1e	25944	#endif
wolfSSL	16:8e0d178b1d1e	25945	int FindSuite(Suites* suites, byte first, byte second)
wolfSSL	15:117db924cf7c	25946	{
wolfSSL	15:117db924cf7c	25947	int i;
wolfSSL	15:117db924cf7c	25948
wolfSSL	15:117db924cf7c	25949	if (suites == NULL \|\| suites->suiteSz == 0) {
wolfSSL	15:117db924cf7c	25950	WOLFSSL_MSG("Suites pointer error or suiteSz 0");
wolfSSL	15:117db924cf7c	25951	return SUITES_ERROR;
wolfSSL	15:117db924cf7c	25952	}
wolfSSL	15:117db924cf7c	25953
wolfSSL	15:117db924cf7c	25954	for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
wolfSSL	15:117db924cf7c	25955	if (suites->suites[i] == first &&
wolfSSL	15:117db924cf7c	25956	suites->suites[i+1] == second )
wolfSSL	15:117db924cf7c	25957	return i;
wolfSSL	15:117db924cf7c	25958	}
wolfSSL	15:117db924cf7c	25959
wolfSSL	15:117db924cf7c	25960	return MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	25961	}
wolfSSL	15:117db924cf7c	25962
wolfSSL	15:117db924cf7c	25963	#endif
wolfSSL	15:117db924cf7c	25964
wolfSSL	15:117db924cf7c	25965	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	25966
wolfSSL	15:117db924cf7c	25967	/* Make sure server cert/key are valid for this suite, true on success */
wolfSSL	15:117db924cf7c	25968	static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
wolfSSL	15:117db924cf7c	25969	{
wolfSSL	15:117db924cf7c	25970	int haveRSA = !ssl->options.haveStaticECC;
wolfSSL	15:117db924cf7c	25971	int havePSK = 0;
wolfSSL	15:117db924cf7c	25972	byte first;
wolfSSL	15:117db924cf7c	25973	byte second;
wolfSSL	15:117db924cf7c	25974
wolfSSL	15:117db924cf7c	25975	WOLFSSL_ENTER("VerifyServerSuite");
wolfSSL	15:117db924cf7c	25976
wolfSSL	15:117db924cf7c	25977	if (ssl->suites == NULL) {
wolfSSL	15:117db924cf7c	25978	WOLFSSL_MSG("Suites pointer error");
wolfSSL	15:117db924cf7c	25979	return 0;
wolfSSL	15:117db924cf7c	25980	}
wolfSSL	15:117db924cf7c	25981
wolfSSL	15:117db924cf7c	25982	first = ssl->suites->suites[idx];
wolfSSL	15:117db924cf7c	25983	second = ssl->suites->suites[idx+1];
wolfSSL	15:117db924cf7c	25984
wolfSSL	15:117db924cf7c	25985	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	25986	havePSK = ssl->options.havePSK;
wolfSSL	15:117db924cf7c	25987	#endif
wolfSSL	15:117db924cf7c	25988
wolfSSL	15:117db924cf7c	25989	if (ssl->options.haveNTRU)
wolfSSL	15:117db924cf7c	25990	haveRSA = 0;
wolfSSL	15:117db924cf7c	25991
wolfSSL	15:117db924cf7c	25992	if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL	15:117db924cf7c	25993	WOLFSSL_MSG("Requires RSA");
wolfSSL	15:117db924cf7c	25994	if (haveRSA == 0) {
wolfSSL	15:117db924cf7c	25995	WOLFSSL_MSG("Don't have RSA");
wolfSSL	15:117db924cf7c	25996	return 0;
wolfSSL	15:117db924cf7c	25997	}
wolfSSL	15:117db924cf7c	25998	}
wolfSSL	15:117db924cf7c	25999
wolfSSL	15:117db924cf7c	26000	if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL	15:117db924cf7c	26001	WOLFSSL_MSG("Requires DHE");
wolfSSL	15:117db924cf7c	26002	if (ssl->options.haveDH == 0) {
wolfSSL	15:117db924cf7c	26003	WOLFSSL_MSG("Don't have DHE");
wolfSSL	15:117db924cf7c	26004	return 0;
wolfSSL	15:117db924cf7c	26005	}
wolfSSL	15:117db924cf7c	26006	}
wolfSSL	15:117db924cf7c	26007
wolfSSL	15:117db924cf7c	26008	if (CipherRequires(first, second, REQUIRES_ECC)) {
wolfSSL	15:117db924cf7c	26009	WOLFSSL_MSG("Requires ECC");
wolfSSL	15:117db924cf7c	26010	if (ssl->options.haveECC == 0) {
wolfSSL	15:117db924cf7c	26011	WOLFSSL_MSG("Don't have ECC");
wolfSSL	15:117db924cf7c	26012	return 0;
wolfSSL	15:117db924cf7c	26013	}
wolfSSL	15:117db924cf7c	26014	}
wolfSSL	15:117db924cf7c	26015
wolfSSL	15:117db924cf7c	26016	if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL	15:117db924cf7c	26017	WOLFSSL_MSG("Requires static ECC");
wolfSSL	15:117db924cf7c	26018	if (ssl->options.haveStaticECC == 0) {
wolfSSL	15:117db924cf7c	26019	WOLFSSL_MSG("Don't have static ECC");
wolfSSL	15:117db924cf7c	26020	return 0;
wolfSSL	15:117db924cf7c	26021	}
wolfSSL	15:117db924cf7c	26022	}
wolfSSL	15:117db924cf7c	26023
wolfSSL	15:117db924cf7c	26024	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	15:117db924cf7c	26025	WOLFSSL_MSG("Requires PSK");
wolfSSL	15:117db924cf7c	26026	if (havePSK == 0) {
wolfSSL	15:117db924cf7c	26027	WOLFSSL_MSG("Don't have PSK");
wolfSSL	15:117db924cf7c	26028	return 0;
wolfSSL	15:117db924cf7c	26029	}
wolfSSL	15:117db924cf7c	26030	}
wolfSSL	15:117db924cf7c	26031
wolfSSL	15:117db924cf7c	26032	if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL	15:117db924cf7c	26033	WOLFSSL_MSG("Requires NTRU");
wolfSSL	15:117db924cf7c	26034	if (ssl->options.haveNTRU == 0) {
wolfSSL	15:117db924cf7c	26035	WOLFSSL_MSG("Don't have NTRU");
wolfSSL	15:117db924cf7c	26036	return 0;
wolfSSL	15:117db924cf7c	26037	}
wolfSSL	15:117db924cf7c	26038	}
wolfSSL	15:117db924cf7c	26039
wolfSSL	15:117db924cf7c	26040	if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL	15:117db924cf7c	26041	WOLFSSL_MSG("Requires RSA Signature");
wolfSSL	15:117db924cf7c	26042	if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL	15:117db924cf7c	26043	ssl->options.haveECDSAsig == 1) {
wolfSSL	15:117db924cf7c	26044	WOLFSSL_MSG("Don't have RSA Signature");
wolfSSL	15:117db924cf7c	26045	return 0;
wolfSSL	15:117db924cf7c	26046	}
wolfSSL	15:117db924cf7c	26047	}
wolfSSL	15:117db924cf7c	26048
wolfSSL	16:8e0d178b1d1e	26049	#if !defined(WOLFSSL_OLDTLS_AEAD_CIPHERSUITES)
wolfSSL	16:8e0d178b1d1e	26050	if (CipherRequires(first, second, REQUIRES_AEAD)) {
wolfSSL	16:8e0d178b1d1e	26051	WOLFSSL_MSG("Requires AEAD");
wolfSSL	16:8e0d178b1d1e	26052	if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL	16:8e0d178b1d1e	26053	ssl->version.minor < TLSv1_2_MINOR) {
wolfSSL	16:8e0d178b1d1e	26054	WOLFSSL_MSG("Version of SSL does not support AEAD ciphers");
wolfSSL	16:8e0d178b1d1e	26055	return 0;
wolfSSL	16:8e0d178b1d1e	26056	}
wolfSSL	16:8e0d178b1d1e	26057
wolfSSL	16:8e0d178b1d1e	26058	}
wolfSSL	16:8e0d178b1d1e	26059	#endif
wolfSSL	16:8e0d178b1d1e	26060
wolfSSL	16:8e0d178b1d1e	26061	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	26062	defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	15:117db924cf7c	26063	if (!TLSX_ValidateSupportedCurves(ssl, first, second)) {
wolfSSL	15:117db924cf7c	26064	WOLFSSL_MSG("Don't have matching curves");
wolfSSL	15:117db924cf7c	26065	return 0;
wolfSSL	15:117db924cf7c	26066	}
wolfSSL	15:117db924cf7c	26067	#endif
wolfSSL	15:117db924cf7c	26068
wolfSSL	15:117db924cf7c	26069	/* ECCDHE is always supported if ECC on */
wolfSSL	15:117db924cf7c	26070
wolfSSL	15:117db924cf7c	26071	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	26072	/* need to negotiate a classic suite in addition to TLS_QSH */
wolfSSL	15:117db924cf7c	26073	if (first == QSH_BYTE && second == TLS_QSH) {
wolfSSL	15:117db924cf7c	26074	if (TLSX_SupportExtensions(ssl)) {
wolfSSL	15:117db924cf7c	26075	ssl->options.haveQSH = 1; /* matched TLS_QSH */
wolfSSL	15:117db924cf7c	26076	}
wolfSSL	15:117db924cf7c	26077	else {
wolfSSL	15:117db924cf7c	26078	WOLFSSL_MSG("Version of SSL connection does not support "
wolfSSL	15:117db924cf7c	26079	"TLS_QSH");
wolfSSL	15:117db924cf7c	26080	}
wolfSSL	15:117db924cf7c	26081	return 0;
wolfSSL	15:117db924cf7c	26082	}
wolfSSL	15:117db924cf7c	26083	#endif
wolfSSL	15:117db924cf7c	26084
wolfSSL	15:117db924cf7c	26085	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	26086	if (IsAtLeastTLSv1_3(ssl->version) &&
wolfSSL	15:117db924cf7c	26087	ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	26088	/* Try to establish a key share. */
wolfSSL	15:117db924cf7c	26089	int ret = TLSX_KeyShare_Establish(ssl);
wolfSSL	15:117db924cf7c	26090	if (ret == KEY_SHARE_ERROR)
wolfSSL	15:117db924cf7c	26091	ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
wolfSSL	15:117db924cf7c	26092	else if (ret != 0)
wolfSSL	15:117db924cf7c	26093	return 0;
wolfSSL	15:117db924cf7c	26094	}
wolfSSL	16:8e0d178b1d1e	26095	else if (first == TLS13_BYTE \|\| (first == ECC_BYTE &&
wolfSSL	16:8e0d178b1d1e	26096	(second == TLS_SHA256_SHA256 \|\| second == TLS_SHA384_SHA384))) {
wolfSSL	16:8e0d178b1d1e	26097	/* Can't negotiate TLS 1.3 cipher suites with lower protocol
wolfSSL	15:117db924cf7c	26098	* version. */
wolfSSL	15:117db924cf7c	26099	return 0;
wolfSSL	15:117db924cf7c	26100	}
wolfSSL	15:117db924cf7c	26101	#endif
wolfSSL	15:117db924cf7c	26102
wolfSSL	15:117db924cf7c	26103	return 1;
wolfSSL	15:117db924cf7c	26104	}
wolfSSL	15:117db924cf7c	26105
wolfSSL	15:117db924cf7c	26106	#ifndef NO_WOLFSSL_SERVER
wolfSSL	15:117db924cf7c	26107	static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i,
wolfSSL	15:117db924cf7c	26108	word16 j)
wolfSSL	15:117db924cf7c	26109	{
wolfSSL	15:117db924cf7c	26110	if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL	15:117db924cf7c	26111	ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL	15:117db924cf7c	26112
wolfSSL	15:117db924cf7c	26113	if (VerifyServerSuite(ssl, i)) {
wolfSSL	15:117db924cf7c	26114	int result;
wolfSSL	15:117db924cf7c	26115	WOLFSSL_MSG("Verified suite validity");
wolfSSL	15:117db924cf7c	26116	ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL	15:117db924cf7c	26117	ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL	15:117db924cf7c	26118	result = SetCipherSpecs(ssl);
wolfSSL	16:8e0d178b1d1e	26119	if (result == 0) {
wolfSSL	16:8e0d178b1d1e	26120	result = PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL	16:8e0d178b1d1e	26121	peerSuites->hashSigAlgoSz);
wolfSSL	16:8e0d178b1d1e	26122	}
wolfSSL	15:117db924cf7c	26123	return result;
wolfSSL	15:117db924cf7c	26124	}
wolfSSL	15:117db924cf7c	26125	else {
wolfSSL	15:117db924cf7c	26126	WOLFSSL_MSG("Could not verify suite validity, continue");
wolfSSL	15:117db924cf7c	26127	}
wolfSSL	15:117db924cf7c	26128	}
wolfSSL	15:117db924cf7c	26129
wolfSSL	15:117db924cf7c	26130	return MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	26131	}
wolfSSL	15:117db924cf7c	26132
wolfSSL	15:117db924cf7c	26133	int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
wolfSSL	15:117db924cf7c	26134	{
wolfSSL	15:117db924cf7c	26135	int ret;
wolfSSL	15:117db924cf7c	26136	word16 i, j;
wolfSSL	15:117db924cf7c	26137
wolfSSL	15:117db924cf7c	26138	WOLFSSL_ENTER("MatchSuite");
wolfSSL	15:117db924cf7c	26139
wolfSSL	15:117db924cf7c	26140	/* & 0x1 equivalent % 2 */
wolfSSL	15:117db924cf7c	26141	if (peerSuites->suiteSz == 0 \|\| peerSuites->suiteSz & 0x1)
wolfSSL	16:8e0d178b1d1e	26142	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26143
wolfSSL	15:117db924cf7c	26144	if (ssl->suites == NULL)
wolfSSL	15:117db924cf7c	26145	return SUITES_ERROR;
wolfSSL	15:117db924cf7c	26146
wolfSSL	15:117db924cf7c	26147	if (!ssl->options.useClientOrder) {
wolfSSL	15:117db924cf7c	26148	/* Server order */
wolfSSL	15:117db924cf7c	26149	for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL	15:117db924cf7c	26150	for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL	15:117db924cf7c	26151	ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL	15:117db924cf7c	26152	if (ret != MATCH_SUITE_ERROR)
wolfSSL	15:117db924cf7c	26153	return ret;
wolfSSL	15:117db924cf7c	26154	}
wolfSSL	15:117db924cf7c	26155	}
wolfSSL	15:117db924cf7c	26156	}
wolfSSL	15:117db924cf7c	26157	else {
wolfSSL	15:117db924cf7c	26158	/* Client order */
wolfSSL	15:117db924cf7c	26159	for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL	15:117db924cf7c	26160	for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL	15:117db924cf7c	26161	ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL	15:117db924cf7c	26162	if (ret != MATCH_SUITE_ERROR)
wolfSSL	15:117db924cf7c	26163	return ret;
wolfSSL	15:117db924cf7c	26164	}
wolfSSL	15:117db924cf7c	26165	}
wolfSSL	15:117db924cf7c	26166	}
wolfSSL	15:117db924cf7c	26167
wolfSSL	15:117db924cf7c	26168	return MATCH_SUITE_ERROR;
wolfSSL	15:117db924cf7c	26169	}
wolfSSL	15:117db924cf7c	26170	#endif
wolfSSL	15:117db924cf7c	26171
wolfSSL	15:117db924cf7c	26172	#ifdef OLD_HELLO_ALLOWED
wolfSSL	15:117db924cf7c	26173
wolfSSL	15:117db924cf7c	26174	/* process old style client hello, deprecate? */
wolfSSL	15:117db924cf7c	26175	int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	26176	word32 inSz, word16 sz)
wolfSSL	15:117db924cf7c	26177	{
wolfSSL	15:117db924cf7c	26178	word32 idx = *inOutIdx;
wolfSSL	15:117db924cf7c	26179	word16 sessionSz;
wolfSSL	15:117db924cf7c	26180	word16 randomSz;
wolfSSL	15:117db924cf7c	26181	word16 i, j;
wolfSSL	15:117db924cf7c	26182	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	26183	Suites clSuites;
wolfSSL	15:117db924cf7c	26184	int ret = -1;
wolfSSL	15:117db924cf7c	26185
wolfSSL	15:117db924cf7c	26186	(void)inSz;
wolfSSL	15:117db924cf7c	26187	WOLFSSL_MSG("Got old format client hello");
wolfSSL	15:117db924cf7c	26188	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	26189	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	26190	AddPacketName(ssl, "ClientHello");
wolfSSL	15:117db924cf7c	26191	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	26192	AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	26193	#endif
wolfSSL	15:117db924cf7c	26194
wolfSSL	15:117db924cf7c	26195	/* manually hash input since different format */
wolfSSL	15:117db924cf7c	26196	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	26197	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	26198	wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
wolfSSL	15:117db924cf7c	26199	#endif
wolfSSL	15:117db924cf7c	26200	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	26201	wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
wolfSSL	15:117db924cf7c	26202	#endif
wolfSSL	15:117db924cf7c	26203	#endif
wolfSSL	15:117db924cf7c	26204	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	26205	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	26206	int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
wolfSSL	15:117db924cf7c	26207	input + idx, sz);
wolfSSL	15:117db924cf7c	26208	if (shaRet != 0)
wolfSSL	15:117db924cf7c	26209	return shaRet;
wolfSSL	15:117db924cf7c	26210	}
wolfSSL	15:117db924cf7c	26211	#endif
wolfSSL	15:117db924cf7c	26212
wolfSSL	15:117db924cf7c	26213	/* does this value mean client_hello? */
wolfSSL	15:117db924cf7c	26214	idx++;
wolfSSL	15:117db924cf7c	26215
wolfSSL	15:117db924cf7c	26216	/* version */
wolfSSL	15:117db924cf7c	26217	pv.major = input[idx++];
wolfSSL	15:117db924cf7c	26218	pv.minor = input[idx++];
wolfSSL	15:117db924cf7c	26219	ssl->chVersion = pv; /* store */
wolfSSL	15:117db924cf7c	26220
wolfSSL	15:117db924cf7c	26221	if (ssl->version.minor > pv.minor) {
wolfSSL	15:117db924cf7c	26222	byte haveRSA = 0;
wolfSSL	15:117db924cf7c	26223	byte havePSK = 0;
wolfSSL	15:117db924cf7c	26224	int keySz = 0;
wolfSSL	15:117db924cf7c	26225
wolfSSL	15:117db924cf7c	26226	if (!ssl->options.downgrade) {
wolfSSL	15:117db924cf7c	26227	WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL	15:117db924cf7c	26228	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26229	}
wolfSSL	15:117db924cf7c	26230	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	15:117db924cf7c	26231	WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL	15:117db924cf7c	26232	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26233	}
wolfSSL	15:117db924cf7c	26234	if (pv.minor == SSLv3_MINOR) {
wolfSSL	15:117db924cf7c	26235	/* turn off tls */
wolfSSL	15:117db924cf7c	26236	WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL	15:117db924cf7c	26237	ssl->options.tls = 0;
wolfSSL	15:117db924cf7c	26238	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26239	ssl->version.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	26240	}
wolfSSL	15:117db924cf7c	26241	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	15:117db924cf7c	26242	WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL	15:117db924cf7c	26243	/* turn off tls 1.1+ */
wolfSSL	15:117db924cf7c	26244	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26245	ssl->version.minor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	26246	}
wolfSSL	15:117db924cf7c	26247	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	15:117db924cf7c	26248	WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL	15:117db924cf7c	26249	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	15:117db924cf7c	26250	}
wolfSSL	15:117db924cf7c	26251	else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL	15:117db924cf7c	26252	WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL	15:117db924cf7c	26253	ssl->version.minor = TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	26254	}
wolfSSL	15:117db924cf7c	26255	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	26256	haveRSA = 1;
wolfSSL	15:117db924cf7c	26257	#endif
wolfSSL	15:117db924cf7c	26258	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	26259	havePSK = ssl->options.havePSK;
wolfSSL	15:117db924cf7c	26260	#endif
wolfSSL	15:117db924cf7c	26261	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	26262	keySz = ssl->buffers.keySz;
wolfSSL	15:117db924cf7c	26263	#endif
wolfSSL	15:117db924cf7c	26264
wolfSSL	15:117db924cf7c	26265	InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL	15:117db924cf7c	26266	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	15:117db924cf7c	26267	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	15:117db924cf7c	26268	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	15:117db924cf7c	26269	}
wolfSSL	15:117db924cf7c	26270
wolfSSL	15:117db924cf7c	26271	/* suite size */
wolfSSL	15:117db924cf7c	26272	ato16(&input[idx], &clSuites.suiteSz);
wolfSSL	15:117db924cf7c	26273	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26274
wolfSSL	15:117db924cf7c	26275	if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL	15:117db924cf7c	26276	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26277	clSuites.hashSigAlgoSz = 0;
wolfSSL	15:117db924cf7c	26278
wolfSSL	15:117db924cf7c	26279	/* session size */
wolfSSL	15:117db924cf7c	26280	ato16(&input[idx], &sessionSz);
wolfSSL	15:117db924cf7c	26281	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26282
wolfSSL	15:117db924cf7c	26283	if (sessionSz > ID_LEN)
wolfSSL	15:117db924cf7c	26284	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26285
wolfSSL	15:117db924cf7c	26286	/* random size */
wolfSSL	15:117db924cf7c	26287	ato16(&input[idx], &randomSz);
wolfSSL	15:117db924cf7c	26288	idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26289
wolfSSL	15:117db924cf7c	26290	if (randomSz > RAN_LEN)
wolfSSL	15:117db924cf7c	26291	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26292
wolfSSL	15:117db924cf7c	26293	/* suites */
wolfSSL	15:117db924cf7c	26294	for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL	15:117db924cf7c	26295	byte first = input[idx++];
wolfSSL	15:117db924cf7c	26296	if (!first) { /* implicit: skip sslv2 type */
wolfSSL	15:117db924cf7c	26297	XMEMCPY(&clSuites.suites[j], &input[idx], SUITE_LEN);
wolfSSL	15:117db924cf7c	26298	j += SUITE_LEN;
wolfSSL	15:117db924cf7c	26299	}
wolfSSL	15:117db924cf7c	26300	idx += SUITE_LEN;
wolfSSL	15:117db924cf7c	26301	}
wolfSSL	15:117db924cf7c	26302	clSuites.suiteSz = j;
wolfSSL	15:117db924cf7c	26303
wolfSSL	15:117db924cf7c	26304	/* session id */
wolfSSL	15:117db924cf7c	26305	if (sessionSz) {
wolfSSL	15:117db924cf7c	26306	XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL	15:117db924cf7c	26307	ssl->arrays->sessionIDSz = (byte)sessionSz;
wolfSSL	15:117db924cf7c	26308	idx += sessionSz;
wolfSSL	15:117db924cf7c	26309	ssl->options.resuming = 1;
wolfSSL	15:117db924cf7c	26310	}
wolfSSL	15:117db924cf7c	26311
wolfSSL	15:117db924cf7c	26312	/* random */
wolfSSL	15:117db924cf7c	26313	if (randomSz < RAN_LEN)
wolfSSL	15:117db924cf7c	26314	XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL	15:117db924cf7c	26315	XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL	15:117db924cf7c	26316	randomSz);
wolfSSL	15:117db924cf7c	26317	idx += randomSz;
wolfSSL	15:117db924cf7c	26318
wolfSSL	15:117db924cf7c	26319	if (ssl->options.usingCompression)
wolfSSL	15:117db924cf7c	26320	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	15:117db924cf7c	26321
wolfSSL	15:117db924cf7c	26322	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	15:117db924cf7c	26323	ssl->cbmode = SSL_CB_MODE_WRITE;
wolfSSL	15:117db924cf7c	26324	*inOutIdx = idx;
wolfSSL	15:117db924cf7c	26325
wolfSSL	15:117db924cf7c	26326	ssl->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	26327	/* DoClientHello uses same resume code */
wolfSSL	15:117db924cf7c	26328	if (ssl->options.resuming) { /* let's try */
wolfSSL	15:117db924cf7c	26329	WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL	15:117db924cf7c	26330	ssl->arrays->masterSecret, 1);
wolfSSL	15:117db924cf7c	26331	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	26332	if (ssl->options.useTicket == 1) {
wolfSSL	15:117db924cf7c	26333	session = &ssl->session;
wolfSSL	15:117db924cf7c	26334	}
wolfSSL	15:117db924cf7c	26335	#endif
wolfSSL	15:117db924cf7c	26336
wolfSSL	15:117db924cf7c	26337	if (!session) {
wolfSSL	15:117db924cf7c	26338	WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL	15:117db924cf7c	26339	ssl->options.resuming = 0;
wolfSSL	15:117db924cf7c	26340	} else {
wolfSSL	15:117db924cf7c	26341	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	26342	wolfSSL_SESSION_free(session);
wolfSSL	15:117db924cf7c	26343	#endif
wolfSSL	15:117db924cf7c	26344	if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL	15:117db924cf7c	26345	WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL	15:117db924cf7c	26346	return UNSUPPORTED_SUITE;
wolfSSL	15:117db924cf7c	26347	}
wolfSSL	15:117db924cf7c	26348
wolfSSL	15:117db924cf7c	26349	ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	15:117db924cf7c	26350	RAN_LEN);
wolfSSL	15:117db924cf7c	26351	if (ret != 0)
wolfSSL	15:117db924cf7c	26352	return ret;
wolfSSL	15:117db924cf7c	26353
wolfSSL	15:117db924cf7c	26354	#ifdef NO_OLD_TLS
wolfSSL	15:117db924cf7c	26355	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	26356	#else
wolfSSL	15:117db924cf7c	26357	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	26358	if (ssl->options.tls)
wolfSSL	15:117db924cf7c	26359	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	26360	#endif
wolfSSL	15:117db924cf7c	26361	if (!ssl->options.tls)
wolfSSL	15:117db924cf7c	26362	ret = DeriveKeys(ssl);
wolfSSL	15:117db924cf7c	26363	#endif
wolfSSL	15:117db924cf7c	26364	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	26365
wolfSSL	15:117db924cf7c	26366	return ret;
wolfSSL	15:117db924cf7c	26367	}
wolfSSL	15:117db924cf7c	26368	}
wolfSSL	15:117db924cf7c	26369
wolfSSL	15:117db924cf7c	26370	ret = MatchSuite(ssl, &clSuites);
wolfSSL	15:117db924cf7c	26371	if (ret != 0)return ret;
wolfSSL	15:117db924cf7c	26372	return SanityCheckMsgReceived(ssl, client_hello);
wolfSSL	15:117db924cf7c	26373	}
wolfSSL	15:117db924cf7c	26374
wolfSSL	15:117db924cf7c	26375	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	15:117db924cf7c	26376
wolfSSL	15:117db924cf7c	26377	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	26378
wolfSSL	15:117db924cf7c	26379	int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites)
wolfSSL	15:117db924cf7c	26380	{
wolfSSL	15:117db924cf7c	26381	int ret = 0;
wolfSSL	16:8e0d178b1d1e	26382	WOLFSSL_SESSION* session;
wolfSSL	15:117db924cf7c	26383
wolfSSL	15:117db924cf7c	26384	(void)bogusID;
wolfSSL	15:117db924cf7c	26385
wolfSSL	16:8e0d178b1d1e	26386	session = GetSession(ssl, ssl->arrays->masterSecret, 1);
wolfSSL	15:117db924cf7c	26387	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	26388	if (ssl->options.useTicket == 1) {
wolfSSL	15:117db924cf7c	26389	session = &ssl->session;
wolfSSL	15:117db924cf7c	26390	} else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
wolfSSL	15:117db924cf7c	26391	WOLFSSL_MSG("Bogus session ID without session ticket");
wolfSSL	15:117db924cf7c	26392	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26393	}
wolfSSL	15:117db924cf7c	26394	#endif
wolfSSL	15:117db924cf7c	26395
wolfSSL	15:117db924cf7c	26396	if (!session) {
wolfSSL	15:117db924cf7c	26397	WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL	15:117db924cf7c	26398	ssl->options.resuming = 0;
wolfSSL	15:117db924cf7c	26399	}
wolfSSL	15:117db924cf7c	26400	else if (session->haveEMS != ssl->options.haveEMS) {
wolfSSL	15:117db924cf7c	26401	/* RFC 7627, 5.3, server-side */
wolfSSL	15:117db924cf7c	26402	/* if old sess didn't have EMS, but new does, full handshake */
wolfSSL	15:117db924cf7c	26403	if (!session->haveEMS && ssl->options.haveEMS) {
wolfSSL	15:117db924cf7c	26404	WOLFSSL_MSG("Attempting to resume a session that didn't "
wolfSSL	15:117db924cf7c	26405	"use EMS with a new session with EMS. Do full "
wolfSSL	15:117db924cf7c	26406	"handshake.");
wolfSSL	15:117db924cf7c	26407	ssl->options.resuming = 0;
wolfSSL	15:117db924cf7c	26408	}
wolfSSL	15:117db924cf7c	26409	/* if old sess used EMS, but new doesn't, MUST abort */
wolfSSL	15:117db924cf7c	26410	else if (session->haveEMS && !ssl->options.haveEMS) {
wolfSSL	15:117db924cf7c	26411	WOLFSSL_MSG("Trying to resume a session with EMS without "
wolfSSL	15:117db924cf7c	26412	"using EMS");
wolfSSL	16:8e0d178b1d1e	26413	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	26414	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	16:8e0d178b1d1e	26415	#endif
wolfSSL	15:117db924cf7c	26416	return EXT_MASTER_SECRET_NEEDED_E;
wolfSSL	15:117db924cf7c	26417	}
wolfSSL	15:117db924cf7c	26418	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	26419	wolfSSL_SESSION_free(session);
wolfSSL	15:117db924cf7c	26420	#endif
wolfSSL	15:117db924cf7c	26421	}
wolfSSL	15:117db924cf7c	26422	else {
wolfSSL	16:8e0d178b1d1e	26423	#ifndef NO_RESUME_SUITE_CHECK
wolfSSL	16:8e0d178b1d1e	26424	int j;
wolfSSL	16:8e0d178b1d1e	26425
wolfSSL	16:8e0d178b1d1e	26426	/* Check client suites include the one in session */
wolfSSL	16:8e0d178b1d1e	26427	for (j = 0; j < clSuites->suiteSz; j += 2) {
wolfSSL	16:8e0d178b1d1e	26428	if (clSuites->suites[j] == session->cipherSuite0 &&
wolfSSL	16:8e0d178b1d1e	26429	clSuites->suites[j+1] == session->cipherSuite) {
wolfSSL	16:8e0d178b1d1e	26430	break;
wolfSSL	16:8e0d178b1d1e	26431	}
wolfSSL	16:8e0d178b1d1e	26432	}
wolfSSL	16:8e0d178b1d1e	26433	if (j == clSuites->suiteSz) {
wolfSSL	16:8e0d178b1d1e	26434	WOLFSSL_MSG("Prev session's cipher suite not in ClientHello");
wolfSSL	16:8e0d178b1d1e	26435	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	26436	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	26437	#endif
wolfSSL	16:8e0d178b1d1e	26438	return UNSUPPORTED_SUITE;
wolfSSL	16:8e0d178b1d1e	26439	}
wolfSSL	16:8e0d178b1d1e	26440	#endif
wolfSSL	16:8e0d178b1d1e	26441
wolfSSL	15:117db924cf7c	26442	#ifdef HAVE_EXT_CACHE
wolfSSL	15:117db924cf7c	26443	wolfSSL_SESSION_free(session);
wolfSSL	15:117db924cf7c	26444	#endif
wolfSSL	15:117db924cf7c	26445	if (MatchSuite(ssl, clSuites) < 0) {
wolfSSL	15:117db924cf7c	26446	WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL	15:117db924cf7c	26447	return UNSUPPORTED_SUITE;
wolfSSL	15:117db924cf7c	26448	}
wolfSSL	15:117db924cf7c	26449
wolfSSL	15:117db924cf7c	26450	ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	15:117db924cf7c	26451	RAN_LEN);
wolfSSL	15:117db924cf7c	26452	if (ret != 0)
wolfSSL	15:117db924cf7c	26453	return ret;
wolfSSL	15:117db924cf7c	26454
wolfSSL	15:117db924cf7c	26455	#ifdef NO_OLD_TLS
wolfSSL	15:117db924cf7c	26456	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	26457	#else
wolfSSL	15:117db924cf7c	26458	#ifndef NO_TLS
wolfSSL	15:117db924cf7c	26459	if (ssl->options.tls)
wolfSSL	15:117db924cf7c	26460	ret = DeriveTlsKeys(ssl);
wolfSSL	15:117db924cf7c	26461	#endif
wolfSSL	15:117db924cf7c	26462	if (!ssl->options.tls)
wolfSSL	15:117db924cf7c	26463	ret = DeriveKeys(ssl);
wolfSSL	15:117db924cf7c	26464	#endif
wolfSSL	15:117db924cf7c	26465	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	26466	}
wolfSSL	15:117db924cf7c	26467
wolfSSL	15:117db924cf7c	26468	return ret;
wolfSSL	15:117db924cf7c	26469	}
wolfSSL	15:117db924cf7c	26470
wolfSSL	15:117db924cf7c	26471
wolfSSL	15:117db924cf7c	26472	/* handle processing of client_hello (1) */
wolfSSL	15:117db924cf7c	26473	int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	26474	word32 helloSz)
wolfSSL	15:117db924cf7c	26475	{
wolfSSL	15:117db924cf7c	26476	byte b;
wolfSSL	15:117db924cf7c	26477	byte bogusID = 0; /* flag for a bogus session id */
wolfSSL	15:117db924cf7c	26478	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	26479	Suites clSuites;
wolfSSL	15:117db924cf7c	26480	word32 i = *inOutIdx;
wolfSSL	15:117db924cf7c	26481	word32 begin = i;
wolfSSL	15:117db924cf7c	26482	int ret = 0;
wolfSSL	15:117db924cf7c	26483	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26484	Hmac cookieHmac;
wolfSSL	15:117db924cf7c	26485	byte peerCookie[MAX_COOKIE_LEN];
wolfSSL	15:117db924cf7c	26486	byte peerCookieSz = 0;
wolfSSL	15:117db924cf7c	26487	byte cookieType;
wolfSSL	15:117db924cf7c	26488	byte cookieSz = 0;
wolfSSL	15:117db924cf7c	26489
wolfSSL	15:117db924cf7c	26490	XMEMSET(&cookieHmac, 0, sizeof(Hmac));
wolfSSL	15:117db924cf7c	26491	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26492
wolfSSL	15:117db924cf7c	26493	WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
wolfSSL	15:117db924cf7c	26494	WOLFSSL_ENTER("DoClientHello");
wolfSSL	15:117db924cf7c	26495
wolfSSL	15:117db924cf7c	26496	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	26497	if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello");
wolfSSL	15:117db924cf7c	26498	if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	26499	#endif
wolfSSL	15:117db924cf7c	26500	/* protocol version, random and session id length check */
wolfSSL	16:8e0d178b1d1e	26501	if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	15:117db924cf7c	26502	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26503
wolfSSL	15:117db924cf7c	26504	/* protocol version */
wolfSSL	15:117db924cf7c	26505	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	26506	ssl->chVersion = pv; /* store */
wolfSSL	15:117db924cf7c	26507	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26508	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	26509	#if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL	15:117db924cf7c	26510	#error "DTLS needs either SHA or SHA-256"
wolfSSL	15:117db924cf7c	26511	#endif /* NO_SHA && NO_SHA256 */
wolfSSL	15:117db924cf7c	26512
wolfSSL	15:117db924cf7c	26513	#if !defined(NO_SHA) && defined(NO_SHA256)
wolfSSL	15:117db924cf7c	26514	cookieType = WC_SHA;
wolfSSL	15:117db924cf7c	26515	cookieSz = WC_SHA_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	26516	#endif /* NO_SHA */
wolfSSL	15:117db924cf7c	26517	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	26518	cookieType = WC_SHA256;
wolfSSL	15:117db924cf7c	26519	cookieSz = WC_SHA256_DIGEST_SIZE;
wolfSSL	15:117db924cf7c	26520	#endif /* NO_SHA256 */
wolfSSL	15:117db924cf7c	26521	ret = wc_HmacSetKey(&cookieHmac, cookieType,
wolfSSL	15:117db924cf7c	26522	ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL	15:117db924cf7c	26523	ssl->buffers.dtlsCookieSecret.length);
wolfSSL	15:117db924cf7c	26524	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26525	ret = wc_HmacUpdate(&cookieHmac,
wolfSSL	15:117db924cf7c	26526	(const byte*)ssl->buffers.dtlsCtx.peer.sa,
wolfSSL	15:117db924cf7c	26527	ssl->buffers.dtlsCtx.peer.sz);
wolfSSL	15:117db924cf7c	26528	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26529	ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	26530	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26531	}
wolfSSL	15:117db924cf7c	26532	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26533	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26534
wolfSSL	15:117db924cf7c	26535	/* Legacy protocol version cannot negotiate TLS 1.3 or higher. */
wolfSSL	15:117db924cf7c	26536	if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR)
wolfSSL	15:117db924cf7c	26537	pv.minor = TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	26538
wolfSSL	15:117db924cf7c	26539	if ((!ssl->options.dtls && ssl->version.minor > pv.minor) \|\|
wolfSSL	15:117db924cf7c	26540	(ssl->options.dtls && ssl->version.minor != DTLS_MINOR
wolfSSL	15:117db924cf7c	26541	&& ssl->version.minor != DTLSv1_2_MINOR && pv.minor != DTLS_MINOR
wolfSSL	15:117db924cf7c	26542	&& pv.minor != DTLSv1_2_MINOR)) {
wolfSSL	15:117db924cf7c	26543
wolfSSL	15:117db924cf7c	26544	word16 haveRSA = 0;
wolfSSL	15:117db924cf7c	26545	word16 havePSK = 0;
wolfSSL	15:117db924cf7c	26546	int keySz = 0;
wolfSSL	15:117db924cf7c	26547
wolfSSL	15:117db924cf7c	26548	if (!ssl->options.downgrade) {
wolfSSL	15:117db924cf7c	26549	WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL	15:117db924cf7c	26550	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26551	}
wolfSSL	15:117db924cf7c	26552	if (pv.minor < ssl->options.minDowngrade) {
wolfSSL	15:117db924cf7c	26553	WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL	15:117db924cf7c	26554	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26555	}
wolfSSL	15:117db924cf7c	26556
wolfSSL	15:117db924cf7c	26557	if (pv.minor == SSLv3_MINOR) {
wolfSSL	15:117db924cf7c	26558	/* turn off tls */
wolfSSL	15:117db924cf7c	26559	WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL	15:117db924cf7c	26560	ssl->options.tls = 0;
wolfSSL	15:117db924cf7c	26561	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26562	ssl->version.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	26563	}
wolfSSL	15:117db924cf7c	26564	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	15:117db924cf7c	26565	/* turn off tls 1.1+ */
wolfSSL	15:117db924cf7c	26566	WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL	15:117db924cf7c	26567	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26568	ssl->version.minor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	26569	}
wolfSSL	15:117db924cf7c	26570	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	15:117db924cf7c	26571	WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL	15:117db924cf7c	26572	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	15:117db924cf7c	26573	}
wolfSSL	15:117db924cf7c	26574	else if (pv.minor == TLSv1_2_MINOR) {
wolfSSL	15:117db924cf7c	26575	WOLFSSL_MSG(" downgrading to TLSv1.2");
wolfSSL	15:117db924cf7c	26576	ssl->version.minor = TLSv1_2_MINOR;
wolfSSL	15:117db924cf7c	26577	}
wolfSSL	15:117db924cf7c	26578	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	26579	haveRSA = 1;
wolfSSL	15:117db924cf7c	26580	#endif
wolfSSL	15:117db924cf7c	26581	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	26582	havePSK = ssl->options.havePSK;
wolfSSL	15:117db924cf7c	26583	#endif
wolfSSL	15:117db924cf7c	26584	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	26585	keySz = ssl->buffers.keySz;
wolfSSL	15:117db924cf7c	26586	#endif
wolfSSL	15:117db924cf7c	26587	InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL	15:117db924cf7c	26588	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	15:117db924cf7c	26589	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	15:117db924cf7c	26590	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	15:117db924cf7c	26591	}
wolfSSL	15:117db924cf7c	26592
wolfSSL	15:117db924cf7c	26593	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	26594	/* check if option is set to not allow the current version
wolfSSL	15:117db924cf7c	26595	* set from either wolfSSL_set_options or wolfSSL_CTX_set_options */
wolfSSL	15:117db924cf7c	26596	if (!ssl->options.dtls && ssl->options.downgrade &&
wolfSSL	15:117db924cf7c	26597	ssl->options.mask > 0) {
wolfSSL	15:117db924cf7c	26598	int reset = 0;
wolfSSL	15:117db924cf7c	26599	if (ssl->version.minor == TLSv1_2_MINOR &&
wolfSSL	15:117db924cf7c	26600	(ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL	15:117db924cf7c	26601	WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading");
wolfSSL	15:117db924cf7c	26602	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	15:117db924cf7c	26603	reset = 1;
wolfSSL	15:117db924cf7c	26604	}
wolfSSL	15:117db924cf7c	26605	if (ssl->version.minor == TLSv1_1_MINOR &&
wolfSSL	15:117db924cf7c	26606	(ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL	15:117db924cf7c	26607	WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading");
wolfSSL	15:117db924cf7c	26608	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26609	ssl->version.minor = TLSv1_MINOR;
wolfSSL	15:117db924cf7c	26610	reset = 1;
wolfSSL	15:117db924cf7c	26611	}
wolfSSL	15:117db924cf7c	26612	if (ssl->version.minor == TLSv1_MINOR &&
wolfSSL	15:117db924cf7c	26613	(ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL	15:117db924cf7c	26614	WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading");
wolfSSL	15:117db924cf7c	26615	ssl->options.tls = 0;
wolfSSL	15:117db924cf7c	26616	ssl->options.tls1_1 = 0;
wolfSSL	15:117db924cf7c	26617	ssl->version.minor = SSLv3_MINOR;
wolfSSL	15:117db924cf7c	26618	reset = 1;
wolfSSL	15:117db924cf7c	26619	}
wolfSSL	15:117db924cf7c	26620	if (ssl->version.minor == SSLv3_MINOR &&
wolfSSL	15:117db924cf7c	26621	(ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL	15:117db924cf7c	26622	WOLFSSL_MSG("\tError, option set to not allow SSLv3");
wolfSSL	15:117db924cf7c	26623	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26624	}
wolfSSL	15:117db924cf7c	26625
wolfSSL	15:117db924cf7c	26626	if (ssl->version.minor < ssl->options.minDowngrade) {
wolfSSL	15:117db924cf7c	26627	WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL	15:117db924cf7c	26628	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26629	}
wolfSSL	15:117db924cf7c	26630
wolfSSL	15:117db924cf7c	26631	if (reset) {
wolfSSL	15:117db924cf7c	26632	word16 haveRSA = 0;
wolfSSL	15:117db924cf7c	26633	word16 havePSK = 0;
wolfSSL	15:117db924cf7c	26634	int keySz = 0;
wolfSSL	15:117db924cf7c	26635
wolfSSL	15:117db924cf7c	26636	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	26637	haveRSA = 1;
wolfSSL	15:117db924cf7c	26638	#endif
wolfSSL	15:117db924cf7c	26639	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	26640	havePSK = ssl->options.havePSK;
wolfSSL	15:117db924cf7c	26641	#endif
wolfSSL	15:117db924cf7c	26642	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	26643	keySz = ssl->buffers.keySz;
wolfSSL	15:117db924cf7c	26644	#endif
wolfSSL	15:117db924cf7c	26645
wolfSSL	15:117db924cf7c	26646	/* reset cipher suites to account for TLS version change */
wolfSSL	15:117db924cf7c	26647	InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL	15:117db924cf7c	26648	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	15:117db924cf7c	26649	ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL	15:117db924cf7c	26650	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	15:117db924cf7c	26651	}
wolfSSL	15:117db924cf7c	26652	}
wolfSSL	15:117db924cf7c	26653	#endif
wolfSSL	15:117db924cf7c	26654
wolfSSL	15:117db924cf7c	26655	/* random */
wolfSSL	15:117db924cf7c	26656	XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL	15:117db924cf7c	26657	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26658	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	26659	ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
wolfSSL	15:117db924cf7c	26660	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26661	}
wolfSSL	15:117db924cf7c	26662	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26663	i += RAN_LEN;
wolfSSL	15:117db924cf7c	26664
wolfSSL	15:117db924cf7c	26665	#ifdef SHOW_SECRETS
wolfSSL	15:117db924cf7c	26666	{
wolfSSL	15:117db924cf7c	26667	int j;
wolfSSL	15:117db924cf7c	26668	printf("client random: ");
wolfSSL	15:117db924cf7c	26669	for (j = 0; j < RAN_LEN; j++)
wolfSSL	15:117db924cf7c	26670	printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL	15:117db924cf7c	26671	printf("\n");
wolfSSL	15:117db924cf7c	26672	}
wolfSSL	15:117db924cf7c	26673	#endif
wolfSSL	15:117db924cf7c	26674
wolfSSL	15:117db924cf7c	26675	/* session id */
wolfSSL	15:117db924cf7c	26676	b = input[i++];
wolfSSL	15:117db924cf7c	26677
wolfSSL	15:117db924cf7c	26678	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	26679	if (b > 0 && b < ID_LEN) {
wolfSSL	15:117db924cf7c	26680	bogusID = 1;
wolfSSL	15:117db924cf7c	26681	WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
wolfSSL	15:117db924cf7c	26682	}
wolfSSL	15:117db924cf7c	26683	#endif
wolfSSL	15:117db924cf7c	26684
wolfSSL	15:117db924cf7c	26685	if (b == ID_LEN \|\| bogusID) {
wolfSSL	15:117db924cf7c	26686	if ((i - begin) + b > helloSz)
wolfSSL	15:117db924cf7c	26687	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26688
wolfSSL	15:117db924cf7c	26689	XMEMCPY(ssl->arrays->sessionID, input + i, b);
wolfSSL	15:117db924cf7c	26690	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26691	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	26692	ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL	15:117db924cf7c	26693	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26694	}
wolfSSL	15:117db924cf7c	26695	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26696	ssl->arrays->sessionIDSz = b;
wolfSSL	15:117db924cf7c	26697	i += b;
wolfSSL	15:117db924cf7c	26698	ssl->options.resuming = 1; /* client wants to resume */
wolfSSL	15:117db924cf7c	26699	WOLFSSL_MSG("Client wants to resume session");
wolfSSL	15:117db924cf7c	26700	}
wolfSSL	15:117db924cf7c	26701	else if (b) {
wolfSSL	15:117db924cf7c	26702	WOLFSSL_MSG("Invalid session ID size");
wolfSSL	15:117db924cf7c	26703	return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL	15:117db924cf7c	26704	}
wolfSSL	15:117db924cf7c	26705
wolfSSL	15:117db924cf7c	26706	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26707	/* cookie */
wolfSSL	15:117db924cf7c	26708	if (ssl->options.dtls) {
wolfSSL	15:117db924cf7c	26709
wolfSSL	15:117db924cf7c	26710	if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL	15:117db924cf7c	26711	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26712
wolfSSL	15:117db924cf7c	26713	peerCookieSz = input[i++];
wolfSSL	15:117db924cf7c	26714
wolfSSL	15:117db924cf7c	26715	if (peerCookieSz) {
wolfSSL	15:117db924cf7c	26716	if (peerCookieSz > MAX_COOKIE_LEN)
wolfSSL	15:117db924cf7c	26717	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26718
wolfSSL	15:117db924cf7c	26719	if ((i - begin) + peerCookieSz > helloSz)
wolfSSL	15:117db924cf7c	26720	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26721
wolfSSL	15:117db924cf7c	26722	XMEMCPY(peerCookie, input + i, peerCookieSz);
wolfSSL	15:117db924cf7c	26723
wolfSSL	15:117db924cf7c	26724	i += peerCookieSz;
wolfSSL	15:117db924cf7c	26725	}
wolfSSL	15:117db924cf7c	26726	}
wolfSSL	15:117db924cf7c	26727	#endif
wolfSSL	15:117db924cf7c	26728
wolfSSL	15:117db924cf7c	26729	/* suites */
wolfSSL	15:117db924cf7c	26730	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	15:117db924cf7c	26731	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26732
wolfSSL	15:117db924cf7c	26733	ato16(&input[i], &clSuites.suiteSz);
wolfSSL	15:117db924cf7c	26734	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26735
wolfSSL	15:117db924cf7c	26736	/* suites and compression length check */
wolfSSL	15:117db924cf7c	26737	if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL	15:117db924cf7c	26738	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26739
wolfSSL	15:117db924cf7c	26740	if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL	15:117db924cf7c	26741	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26742
wolfSSL	15:117db924cf7c	26743	XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL	15:117db924cf7c	26744
wolfSSL	15:117db924cf7c	26745	#ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL	15:117db924cf7c	26746	/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
wolfSSL	15:117db924cf7c	26747	if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
wolfSSL	16:8e0d178b1d1e	26748	TLSX* extension;
wolfSSL	16:8e0d178b1d1e	26749
wolfSSL	16:8e0d178b1d1e	26750	/* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
wolfSSL	15:117db924cf7c	26751	ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
wolfSSL	15:117db924cf7c	26752	if (ret != WOLFSSL_SUCCESS)
wolfSSL	15:117db924cf7c	26753	return ret;
wolfSSL	16:8e0d178b1d1e	26754
wolfSSL	16:8e0d178b1d1e	26755	extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL	16:8e0d178b1d1e	26756	if (extension) {
wolfSSL	16:8e0d178b1d1e	26757	ssl->secure_renegotiation =
wolfSSL	16:8e0d178b1d1e	26758	(SecureRenegotiation*)extension->data;
wolfSSL	16:8e0d178b1d1e	26759	ssl->secure_renegotiation->enabled = 1;
wolfSSL	16:8e0d178b1d1e	26760	}
wolfSSL	15:117db924cf7c	26761	}
wolfSSL	15:117db924cf7c	26762	#endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL	16:8e0d178b1d1e	26763	#if defined(HAVE_FALLBACK_SCSV) \|\| defined(OPENSSL_ALL)
wolfSSL	16:8e0d178b1d1e	26764	/* check for TLS_FALLBACK_SCSV suite */
wolfSSL	16:8e0d178b1d1e	26765	if (FindSuite(&clSuites, TLS_FALLBACK_SCSV, 0) >= 0) {
wolfSSL	16:8e0d178b1d1e	26766	WOLFSSL_MSG("Found Fallback SCSV");
wolfSSL	16:8e0d178b1d1e	26767	if (ssl->ctx->method->version.minor > pv.minor) {
wolfSSL	16:8e0d178b1d1e	26768	WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL	16:8e0d178b1d1e	26769	SendAlert(ssl, alert_fatal, inappropriate_fallback);
wolfSSL	16:8e0d178b1d1e	26770	return VERSION_ERROR;
wolfSSL	16:8e0d178b1d1e	26771	}
wolfSSL	16:8e0d178b1d1e	26772	}
wolfSSL	16:8e0d178b1d1e	26773	#endif
wolfSSL	15:117db924cf7c	26774
wolfSSL	15:117db924cf7c	26775	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26776	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	26777	ret = wc_HmacUpdate(&cookieHmac,
wolfSSL	15:117db924cf7c	26778	input + i - OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	26779	clSuites.suiteSz + OPAQUE16_LEN);
wolfSSL	15:117db924cf7c	26780	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26781	}
wolfSSL	15:117db924cf7c	26782	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26783	i += clSuites.suiteSz;
wolfSSL	15:117db924cf7c	26784	clSuites.hashSigAlgoSz = 0;
wolfSSL	15:117db924cf7c	26785
wolfSSL	15:117db924cf7c	26786	/* compression length */
wolfSSL	15:117db924cf7c	26787	b = input[i++];
wolfSSL	15:117db924cf7c	26788
wolfSSL	15:117db924cf7c	26789	if ((i - begin) + b > helloSz)
wolfSSL	15:117db924cf7c	26790	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26791
wolfSSL	15:117db924cf7c	26792	if (b == 0) {
wolfSSL	15:117db924cf7c	26793	WOLFSSL_MSG("No compression types in list");
wolfSSL	16:8e0d178b1d1e	26794	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	26795	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	26796	#endif
wolfSSL	15:117db924cf7c	26797	return COMPRESSION_ERROR;
wolfSSL	15:117db924cf7c	26798	}
wolfSSL	15:117db924cf7c	26799
wolfSSL	15:117db924cf7c	26800	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	26801	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	15:117db924cf7c	26802	byte newCookie[MAX_COOKIE_LEN];
wolfSSL	15:117db924cf7c	26803
wolfSSL	15:117db924cf7c	26804	ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL	15:117db924cf7c	26805	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26806	ret = wc_HmacFinal(&cookieHmac, newCookie);
wolfSSL	15:117db924cf7c	26807	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26808
wolfSSL	15:117db924cf7c	26809	/* If a cookie callback is set, call it to overwrite the cookie.
wolfSSL	15:117db924cf7c	26810	* This should be deprecated. The code now calculates the cookie
wolfSSL	15:117db924cf7c	26811	* using an HMAC as expected. */
wolfSSL	15:117db924cf7c	26812	if (ssl->ctx->CBIOCookie != NULL &&
wolfSSL	15:117db924cf7c	26813	ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
wolfSSL	15:117db924cf7c	26814	ssl->IOCB_CookieCtx) != cookieSz) {
wolfSSL	15:117db924cf7c	26815	return COOKIE_ERROR;
wolfSSL	15:117db924cf7c	26816	}
wolfSSL	15:117db924cf7c	26817
wolfSSL	15:117db924cf7c	26818	/* Check the cookie, see if we progress the state machine. */
wolfSSL	15:117db924cf7c	26819	if (peerCookieSz != cookieSz \|\|
wolfSSL	15:117db924cf7c	26820	XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
wolfSSL	15:117db924cf7c	26821
wolfSSL	15:117db924cf7c	26822	/* Send newCookie to client in a HelloVerifyRequest message
wolfSSL	15:117db924cf7c	26823	* and let the state machine alone. */
wolfSSL	15:117db924cf7c	26824	ssl->msgsReceived.got_client_hello = 0;
wolfSSL	15:117db924cf7c	26825	ssl->keys.dtls_handshake_number = 0;
wolfSSL	15:117db924cf7c	26826	ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL	15:117db924cf7c	26827	*inOutIdx += helloSz;
wolfSSL	15:117db924cf7c	26828	return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
wolfSSL	15:117db924cf7c	26829	}
wolfSSL	15:117db924cf7c	26830
wolfSSL	15:117db924cf7c	26831	/* This was skipped in the DTLS case so we could handle the hello
wolfSSL	15:117db924cf7c	26832	* verify request. */
wolfSSL	15:117db924cf7c	26833	ret = HashInput(ssl, input + *inOutIdx, helloSz);
wolfSSL	15:117db924cf7c	26834	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	26835	}
wolfSSL	15:117db924cf7c	26836	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	26837
wolfSSL	15:117db924cf7c	26838	{
wolfSSL	16:8e0d178b1d1e	26839	/* compression match types */
wolfSSL	15:117db924cf7c	26840	int matchNo = 0;
wolfSSL	15:117db924cf7c	26841	int matchZlib = 0;
wolfSSL	15:117db924cf7c	26842
wolfSSL	15:117db924cf7c	26843	while (b--) {
wolfSSL	15:117db924cf7c	26844	byte comp = input[i++];
wolfSSL	15:117db924cf7c	26845
wolfSSL	15:117db924cf7c	26846	if (comp == NO_COMPRESSION) {
wolfSSL	15:117db924cf7c	26847	matchNo = 1;
wolfSSL	15:117db924cf7c	26848	}
wolfSSL	15:117db924cf7c	26849	if (comp == ZLIB_COMPRESSION) {
wolfSSL	15:117db924cf7c	26850	matchZlib = 1;
wolfSSL	15:117db924cf7c	26851	}
wolfSSL	15:117db924cf7c	26852	}
wolfSSL	15:117db924cf7c	26853
wolfSSL	15:117db924cf7c	26854	if (ssl->options.usingCompression == 0 && matchNo) {
wolfSSL	15:117db924cf7c	26855	WOLFSSL_MSG("Matched No Compression");
wolfSSL	15:117db924cf7c	26856	} else if (ssl->options.usingCompression && matchZlib) {
wolfSSL	15:117db924cf7c	26857	WOLFSSL_MSG("Matched zlib Compression");
wolfSSL	15:117db924cf7c	26858	} else if (ssl->options.usingCompression && matchNo) {
wolfSSL	15:117db924cf7c	26859	WOLFSSL_MSG("Could only match no compression, turning off");
wolfSSL	15:117db924cf7c	26860	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	15:117db924cf7c	26861	} else {
wolfSSL	15:117db924cf7c	26862	WOLFSSL_MSG("Could not match compression");
wolfSSL	16:8e0d178b1d1e	26863	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	26864	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	26865	#endif
wolfSSL	15:117db924cf7c	26866	return COMPRESSION_ERROR;
wolfSSL	15:117db924cf7c	26867	}
wolfSSL	15:117db924cf7c	26868	}
wolfSSL	15:117db924cf7c	26869
wolfSSL	15:117db924cf7c	26870	*inOutIdx = i;
wolfSSL	15:117db924cf7c	26871
wolfSSL	15:117db924cf7c	26872	/* tls extensions */
wolfSSL	15:117db924cf7c	26873	if ((i - begin) < helloSz) {
wolfSSL	15:117db924cf7c	26874	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	26875	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	26876	QSH_Init(ssl);
wolfSSL	15:117db924cf7c	26877	#endif
wolfSSL	15:117db924cf7c	26878	if (TLSX_SupportExtensions(ssl))
wolfSSL	15:117db924cf7c	26879	#else
wolfSSL	15:117db924cf7c	26880	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	15:117db924cf7c	26881	#endif
wolfSSL	15:117db924cf7c	26882	{
wolfSSL	15:117db924cf7c	26883	/* Process the hello extension. Skip unsupported. */
wolfSSL	15:117db924cf7c	26884	word16 totalExtSz;
wolfSSL	15:117db924cf7c	26885
wolfSSL	15:117db924cf7c	26886	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	26887	/* auto populate extensions supported unless user defined */
wolfSSL	15:117db924cf7c	26888	if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
wolfSSL	15:117db924cf7c	26889	return ret;
wolfSSL	15:117db924cf7c	26890	#endif
wolfSSL	15:117db924cf7c	26891
wolfSSL	15:117db924cf7c	26892	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	15:117db924cf7c	26893	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26894
wolfSSL	15:117db924cf7c	26895	ato16(&input[i], &totalExtSz);
wolfSSL	15:117db924cf7c	26896	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26897
wolfSSL	15:117db924cf7c	26898	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	15:117db924cf7c	26899	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26900
wolfSSL	15:117db924cf7c	26901	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	15:117db924cf7c	26902	/* tls extensions */
wolfSSL	15:117db924cf7c	26903	if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz,
wolfSSL	15:117db924cf7c	26904	client_hello, &clSuites)))
wolfSSL	15:117db924cf7c	26905	return ret;
wolfSSL	15:117db924cf7c	26906	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	26907	if (TLSX_Find(ssl->extensions,
wolfSSL	15:117db924cf7c	26908	TLSX_SUPPORTED_VERSIONS) != NULL) {
wolfSSL	15:117db924cf7c	26909	WOLFSSL_MSG(
wolfSSL	15:117db924cf7c	26910	"Client attempting to connect with higher version");
wolfSSL	15:117db924cf7c	26911	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	26912	}
wolfSSL	15:117db924cf7c	26913	#endif
wolfSSL	15:117db924cf7c	26914	#if defined(OPENSSL_ALL) \|\| defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	26915	if((ret=SNI_Callback(ssl)))
wolfSSL	15:117db924cf7c	26916	return ret;
wolfSSL	15:117db924cf7c	26917	ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL	15:117db924cf7c	26918	#endif
wolfSSL	15:117db924cf7c	26919
wolfSSL	15:117db924cf7c	26920	i += totalExtSz;
wolfSSL	15:117db924cf7c	26921	#else
wolfSSL	15:117db924cf7c	26922	while (totalExtSz) {
wolfSSL	15:117db924cf7c	26923	word16 extId, extSz;
wolfSSL	15:117db924cf7c	26924
wolfSSL	15:117db924cf7c	26925	if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL	15:117db924cf7c	26926	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26927
wolfSSL	15:117db924cf7c	26928	ato16(&input[i], &extId);
wolfSSL	15:117db924cf7c	26929	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26930	ato16(&input[i], &extSz);
wolfSSL	15:117db924cf7c	26931	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26932
wolfSSL	15:117db924cf7c	26933	if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL	15:117db924cf7c	26934	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26935
wolfSSL	15:117db924cf7c	26936	if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL	15:117db924cf7c	26937	word16 hashSigAlgoSz;
wolfSSL	15:117db924cf7c	26938
wolfSSL	15:117db924cf7c	26939	ato16(&input[i], &hashSigAlgoSz);
wolfSSL	15:117db924cf7c	26940	i += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	26941
wolfSSL	15:117db924cf7c	26942	if (OPAQUE16_LEN + hashSigAlgoSz > extSz)
wolfSSL	15:117db924cf7c	26943	return BUFFER_ERROR;
wolfSSL	15:117db924cf7c	26944
wolfSSL	15:117db924cf7c	26945	clSuites.hashSigAlgoSz = hashSigAlgoSz;
wolfSSL	15:117db924cf7c	26946	if (clSuites.hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) {
wolfSSL	15:117db924cf7c	26947	WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, "
wolfSSL	15:117db924cf7c	26948	"truncating");
wolfSSL	15:117db924cf7c	26949	clSuites.hashSigAlgoSz = WOLFSSL_MAX_SIGALGO;
wolfSSL	15:117db924cf7c	26950	}
wolfSSL	15:117db924cf7c	26951
wolfSSL	15:117db924cf7c	26952	XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL	15:117db924cf7c	26953	clSuites.hashSigAlgoSz);
wolfSSL	15:117db924cf7c	26954
wolfSSL	15:117db924cf7c	26955	i += hashSigAlgoSz;
wolfSSL	15:117db924cf7c	26956	}
wolfSSL	15:117db924cf7c	26957	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	26958	else if (extId == HELLO_EXT_EXTMS)
wolfSSL	15:117db924cf7c	26959	ssl->options.haveEMS = 1;
wolfSSL	15:117db924cf7c	26960	#endif
wolfSSL	15:117db924cf7c	26961	else
wolfSSL	15:117db924cf7c	26962	i += extSz;
wolfSSL	15:117db924cf7c	26963
wolfSSL	15:117db924cf7c	26964	totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL	15:117db924cf7c	26965	}
wolfSSL	15:117db924cf7c	26966	#endif
wolfSSL	15:117db924cf7c	26967	*inOutIdx = i;
wolfSSL	15:117db924cf7c	26968	}
wolfSSL	15:117db924cf7c	26969	else
wolfSSL	15:117db924cf7c	26970	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	15:117db924cf7c	26971	}
wolfSSL	15:117db924cf7c	26972
wolfSSL	15:117db924cf7c	26973	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	15:117db924cf7c	26974	ssl->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	26975
wolfSSL	15:117db924cf7c	26976	/* ProcessOld uses same resume code */
wolfSSL	15:117db924cf7c	26977	if (ssl->options.resuming) {
wolfSSL	15:117db924cf7c	26978	ret = HandleTlsResumption(ssl, bogusID, &clSuites);
wolfSSL	15:117db924cf7c	26979	if (ret != 0)
wolfSSL	15:117db924cf7c	26980	return ret;
wolfSSL	16:8e0d178b1d1e	26981
wolfSSL	16:8e0d178b1d1e	26982	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	26983	if (ssl->secure_renegotiation &&
wolfSSL	16:8e0d178b1d1e	26984	ssl->secure_renegotiation->enabled &&
wolfSSL	16:8e0d178b1d1e	26985	IsEncryptionOn(ssl, 0))
wolfSSL	16:8e0d178b1d1e	26986	ssl->secure_renegotiation->startScr = 1;
wolfSSL	16:8e0d178b1d1e	26987	#endif
wolfSSL	16:8e0d178b1d1e	26988
wolfSSL	15:117db924cf7c	26989	if (ssl->options.clientState == CLIENT_KEYEXCHANGE_COMPLETE) {
wolfSSL	15:117db924cf7c	26990	WOLFSSL_LEAVE("DoClientHello", ret);
wolfSSL	15:117db924cf7c	26991	WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
wolfSSL	15:117db924cf7c	26992
wolfSSL	15:117db924cf7c	26993	return ret;
wolfSSL	15:117db924cf7c	26994	}
wolfSSL	15:117db924cf7c	26995	}
wolfSSL	16:8e0d178b1d1e	26996
wolfSSL	16:8e0d178b1d1e	26997	#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_DH_DEFAULT_PARAMS)
wolfSSL	16:8e0d178b1d1e	26998	#if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES)
wolfSSL	16:8e0d178b1d1e	26999	if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) {
wolfSSL	16:8e0d178b1d1e	27000	/* Set FFDHE parameters or clear DHE parameters if FFDH parameters
wolfSSL	16:8e0d178b1d1e	27001	* present and no matches in the server's list. */
wolfSSL	16:8e0d178b1d1e	27002	ret = TLSX_SupportedFFDHE_Set(ssl);
wolfSSL	16:8e0d178b1d1e	27003	if (ret != 0)
wolfSSL	16:8e0d178b1d1e	27004	return ret;
wolfSSL	16:8e0d178b1d1e	27005	}
wolfSSL	16:8e0d178b1d1e	27006	#endif
wolfSSL	16:8e0d178b1d1e	27007	#endif
wolfSSL	16:8e0d178b1d1e	27008
wolfSSL	15:117db924cf7c	27009	ret = MatchSuite(ssl, &clSuites);
wolfSSL	16:8e0d178b1d1e	27010	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	27011	if (ret == BUFFER_ERROR)
wolfSSL	16:8e0d178b1d1e	27012	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	27013	else if (ret < 0)
wolfSSL	16:8e0d178b1d1e	27014	SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL	16:8e0d178b1d1e	27015	#endif
wolfSSL	16:8e0d178b1d1e	27016
wolfSSL	16:8e0d178b1d1e	27017	#ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL	16:8e0d178b1d1e	27018	if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL	16:8e0d178b1d1e	27019	IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	27020	ssl->secure_renegotiation->startScr = 1;
wolfSSL	16:8e0d178b1d1e	27021	}
wolfSSL	16:8e0d178b1d1e	27022	#endif
wolfSSL	15:117db924cf7c	27023	WOLFSSL_LEAVE("DoClientHello", ret);
wolfSSL	15:117db924cf7c	27024	WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
wolfSSL	15:117db924cf7c	27025
wolfSSL	15:117db924cf7c	27026	return ret;
wolfSSL	15:117db924cf7c	27027	}
wolfSSL	15:117db924cf7c	27028
wolfSSL	15:117db924cf7c	27029
wolfSSL	16:8e0d178b1d1e	27030	#if (!defined(NO_RSA) \|\| defined(HAVE_ECC) \|\| defined(HAVE_ED25519) \|\| \
wolfSSL	16:8e0d178b1d1e	27031	defined(HAVE_ED448)) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	27032
wolfSSL	15:117db924cf7c	27033	typedef struct DcvArgs {
wolfSSL	15:117db924cf7c	27034	byte* output; /* not allocated */
wolfSSL	15:117db924cf7c	27035	word32 sendSz;
wolfSSL	15:117db924cf7c	27036	word16 sz;
wolfSSL	15:117db924cf7c	27037	word32 sigSz;
wolfSSL	15:117db924cf7c	27038	word32 idx;
wolfSSL	15:117db924cf7c	27039	word32 begin;
wolfSSL	15:117db924cf7c	27040	byte hashAlgo;
wolfSSL	15:117db924cf7c	27041	byte sigAlgo;
wolfSSL	15:117db924cf7c	27042	} DcvArgs;
wolfSSL	15:117db924cf7c	27043
wolfSSL	15:117db924cf7c	27044	static void FreeDcvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	27045	{
wolfSSL	15:117db924cf7c	27046	DcvArgs* args = (DcvArgs*)pArgs;
wolfSSL	15:117db924cf7c	27047
wolfSSL	15:117db924cf7c	27048	(void)ssl;
wolfSSL	15:117db924cf7c	27049	(void)args;
wolfSSL	15:117db924cf7c	27050	}
wolfSSL	15:117db924cf7c	27051
wolfSSL	15:117db924cf7c	27052	/* handle processing of certificate_verify (15) */
wolfSSL	15:117db924cf7c	27053	static int DoCertificateVerify(WOLFSSL* ssl, byte* input,
wolfSSL	15:117db924cf7c	27054	word32* inOutIdx, word32 size)
wolfSSL	15:117db924cf7c	27055	{
wolfSSL	15:117db924cf7c	27056	int ret = 0;
wolfSSL	15:117db924cf7c	27057	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	27058	DcvArgs* args = (DcvArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	27059	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	27060	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	27061	#else
wolfSSL	15:117db924cf7c	27062	DcvArgs args[1];
wolfSSL	15:117db924cf7c	27063	#endif
wolfSSL	15:117db924cf7c	27064
wolfSSL	15:117db924cf7c	27065	WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_DO);
wolfSSL	15:117db924cf7c	27066	WOLFSSL_ENTER("DoCertificateVerify");
wolfSSL	15:117db924cf7c	27067
wolfSSL	15:117db924cf7c	27068	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	27069	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	27070	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	27071	/* Check for error */
wolfSSL	15:117db924cf7c	27072	if (ret < 0)
wolfSSL	15:117db924cf7c	27073	goto exit_dcv;
wolfSSL	15:117db924cf7c	27074	}
wolfSSL	15:117db924cf7c	27075	else
wolfSSL	15:117db924cf7c	27076	#endif
wolfSSL	15:117db924cf7c	27077	{
wolfSSL	15:117db924cf7c	27078	/* Reset state */
wolfSSL	15:117db924cf7c	27079	ret = 0;
wolfSSL	15:117db924cf7c	27080	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	27081	XMEMSET(args, 0, sizeof(DcvArgs));
wolfSSL	15:117db924cf7c	27082	args->hashAlgo = sha_mac;
wolfSSL	15:117db924cf7c	27083	args->sigAlgo = anonymous_sa_algo;
wolfSSL	15:117db924cf7c	27084	args->idx = *inOutIdx;
wolfSSL	15:117db924cf7c	27085	args->begin = *inOutIdx;
wolfSSL	15:117db924cf7c	27086	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	27087	ssl->async.freeArgs = FreeDcvArgs;
wolfSSL	15:117db924cf7c	27088	#endif
wolfSSL	15:117db924cf7c	27089	}
wolfSSL	15:117db924cf7c	27090
wolfSSL	15:117db924cf7c	27091	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	27092	{
wolfSSL	15:117db924cf7c	27093	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	27094	{
wolfSSL	15:117db924cf7c	27095	#ifdef WOLFSSL_CALLBACKS
wolfSSL	15:117db924cf7c	27096	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	27097	AddPacketName(ssl, "CertificateVerify");
wolfSSL	15:117db924cf7c	27098	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	27099	AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	27100	#endif
wolfSSL	15:117db924cf7c	27101
wolfSSL	15:117db924cf7c	27102	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	27103	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	27104	} /* case TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	27105	FALL_THROUGH;
wolfSSL	15:117db924cf7c	27106
wolfSSL	15:117db924cf7c	27107	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	27108	{
wolfSSL	15:117db924cf7c	27109	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	27110	if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL	15:117db924cf7c	27111	ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL	15:117db924cf7c	27112	}
wolfSSL	15:117db924cf7c	27113
wolfSSL	15:117db924cf7c	27114	DecodeSigAlg(&input[args->idx], &args->hashAlgo,
wolfSSL	15:117db924cf7c	27115	&args->sigAlgo);
wolfSSL	15:117db924cf7c	27116	args->idx += 2;
wolfSSL	15:117db924cf7c	27117	}
wolfSSL	15:117db924cf7c	27118	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	27119	else if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0)
wolfSSL	15:117db924cf7c	27120	args->sigAlgo = rsa_sa_algo;
wolfSSL	15:117db924cf7c	27121	#endif
wolfSSL	15:117db924cf7c	27122	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	27123	else if (ssl->peerEccDsaKeyPresent)
wolfSSL	15:117db924cf7c	27124	args->sigAlgo = ecc_dsa_sa_algo;
wolfSSL	15:117db924cf7c	27125	#endif
wolfSSL	15:117db924cf7c	27126	#if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	27127	else if (ssl->peerEd25519KeyPresent)
wolfSSL	15:117db924cf7c	27128	args->sigAlgo = ed25519_sa_algo;
wolfSSL	15:117db924cf7c	27129	#endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	27130	#if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	27131	else if (ssl->peerEd448KeyPresent)
wolfSSL	16:8e0d178b1d1e	27132	args->sigAlgo = ed448_sa_algo;
wolfSSL	16:8e0d178b1d1e	27133	#endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	27134
wolfSSL	15:117db924cf7c	27135	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	27136	ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL	15:117db924cf7c	27137	}
wolfSSL	15:117db924cf7c	27138
wolfSSL	15:117db924cf7c	27139	ato16(input + args->idx, &args->sz);
wolfSSL	15:117db924cf7c	27140	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	27141
wolfSSL	15:117db924cf7c	27142	if ((args->idx - args->begin) + args->sz > size \|\|
wolfSSL	15:117db924cf7c	27143	args->sz > ENCRYPT_LEN) {
wolfSSL	15:117db924cf7c	27144	ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL	15:117db924cf7c	27145	}
wolfSSL	15:117db924cf7c	27146
wolfSSL	15:117db924cf7c	27147	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	27148	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	15:117db924cf7c	27149
wolfSSL	15:117db924cf7c	27150	WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL	15:117db924cf7c	27151
wolfSSL	15:117db924cf7c	27152	/* make sure a default is defined */
wolfSSL	15:117db924cf7c	27153	#if !defined(NO_SHA)
wolfSSL	15:117db924cf7c	27154	SetDigest(ssl, sha_mac);
wolfSSL	15:117db924cf7c	27155	#elif !defined(NO_SHA256)
wolfSSL	15:117db924cf7c	27156	SetDigest(ssl, sha256_mac);
wolfSSL	15:117db924cf7c	27157	#elif defined(WOLFSSL_SHA384)
wolfSSL	15:117db924cf7c	27158	SetDigest(ssl, sha384_mac);
wolfSSL	15:117db924cf7c	27159	#elif defined(WOLFSSL_SHA512)
wolfSSL	15:117db924cf7c	27160	SetDigest(ssl, sha512_mac);
wolfSSL	15:117db924cf7c	27161	#else
wolfSSL	15:117db924cf7c	27162	#error No digest enabled for ECC sig verify
wolfSSL	15:117db924cf7c	27163	#endif
wolfSSL	15:117db924cf7c	27164
wolfSSL	15:117db924cf7c	27165	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	27166	if (args->sigAlgo != ecc_dsa_sa_algo) {
wolfSSL	15:117db924cf7c	27167	WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL	15:117db924cf7c	27168	}
wolfSSL	15:117db924cf7c	27169
wolfSSL	15:117db924cf7c	27170	SetDigest(ssl, args->hashAlgo);
wolfSSL	15:117db924cf7c	27171	}
wolfSSL	15:117db924cf7c	27172	}
wolfSSL	15:117db924cf7c	27173	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	27174	#if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	27175	if (ssl->peerEd25519KeyPresent) {
wolfSSL	15:117db924cf7c	27176	WOLFSSL_MSG("Doing ED25519 peer cert verify");
wolfSSL	15:117db924cf7c	27177	if (IsAtLeastTLSv1_2(ssl) &&
wolfSSL	15:117db924cf7c	27178	args->sigAlgo != ed25519_sa_algo) {
wolfSSL	15:117db924cf7c	27179	WOLFSSL_MSG(
wolfSSL	15:117db924cf7c	27180	"Oops, peer sent ED25519 key but not in verify");
wolfSSL	15:117db924cf7c	27181	}
wolfSSL	15:117db924cf7c	27182	}
wolfSSL	15:117db924cf7c	27183	#endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	27184	#if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	27185	if (ssl->peerEd448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	27186	WOLFSSL_MSG("Doing ED448 peer cert verify");
wolfSSL	16:8e0d178b1d1e	27187	if (IsAtLeastTLSv1_2(ssl) &&
wolfSSL	16:8e0d178b1d1e	27188	args->sigAlgo != ed448_sa_algo) {
wolfSSL	16:8e0d178b1d1e	27189	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	27190	"Oops, peer sent ED448 key but not in verify");
wolfSSL	16:8e0d178b1d1e	27191	}
wolfSSL	16:8e0d178b1d1e	27192	}
wolfSSL	16:8e0d178b1d1e	27193	#endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	27194
wolfSSL	15:117db924cf7c	27195	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	27196	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	27197	} /* case TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	27198	FALL_THROUGH;
wolfSSL	15:117db924cf7c	27199
wolfSSL	15:117db924cf7c	27200	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	27201	{
wolfSSL	15:117db924cf7c	27202	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	27203	if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL	15:117db924cf7c	27204	WOLFSSL_MSG("Doing RSA peer cert verify");
wolfSSL	15:117db924cf7c	27205
wolfSSL	15:117db924cf7c	27206	ret = RsaVerify(ssl,
wolfSSL	15:117db924cf7c	27207	input + args->idx,
wolfSSL	15:117db924cf7c	27208	args->sz,
wolfSSL	15:117db924cf7c	27209	&args->output,
wolfSSL	15:117db924cf7c	27210	args->sigAlgo, args->hashAlgo,
wolfSSL	15:117db924cf7c	27211	ssl->peerRsaKey,
wolfSSL	15:117db924cf7c	27212	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	27213	&ssl->buffers.peerRsaKey
wolfSSL	15:117db924cf7c	27214	#else
wolfSSL	15:117db924cf7c	27215	NULL
wolfSSL	15:117db924cf7c	27216	#endif
wolfSSL	15:117db924cf7c	27217	);
wolfSSL	15:117db924cf7c	27218	if (ret >= 0) {
wolfSSL	15:117db924cf7c	27219	if (args->sigAlgo == rsa_sa_algo)
wolfSSL	15:117db924cf7c	27220	args->sendSz = ret;
wolfSSL	15:117db924cf7c	27221	else {
wolfSSL	15:117db924cf7c	27222	args->sigSz = ret;
wolfSSL	15:117db924cf7c	27223	args->sendSz = ssl->buffers.digest.length;
wolfSSL	15:117db924cf7c	27224	}
wolfSSL	15:117db924cf7c	27225	ret = 0;
wolfSSL	15:117db924cf7c	27226	}
wolfSSL	15:117db924cf7c	27227	}
wolfSSL	15:117db924cf7c	27228	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	27229	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	27230	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	15:117db924cf7c	27231	WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL	15:117db924cf7c	27232
wolfSSL	15:117db924cf7c	27233	ret = EccVerify(ssl,
wolfSSL	15:117db924cf7c	27234	input + args->idx, args->sz,
wolfSSL	15:117db924cf7c	27235	ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	27236	ssl->peerEccDsaKey,
wolfSSL	15:117db924cf7c	27237	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	27238	&ssl->buffers.peerEccDsaKey
wolfSSL	15:117db924cf7c	27239	#else
wolfSSL	15:117db924cf7c	27240	NULL
wolfSSL	15:117db924cf7c	27241	#endif
wolfSSL	15:117db924cf7c	27242	);
wolfSSL	15:117db924cf7c	27243	}
wolfSSL	15:117db924cf7c	27244	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	27245	#if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
wolfSSL	15:117db924cf7c	27246	if (ssl->peerEd25519KeyPresent) {
wolfSSL	15:117db924cf7c	27247	WOLFSSL_MSG("Doing Ed25519 peer cert verify");
wolfSSL	15:117db924cf7c	27248
wolfSSL	15:117db924cf7c	27249	ret = Ed25519Verify(ssl,
wolfSSL	15:117db924cf7c	27250	input + args->idx, args->sz,
wolfSSL	15:117db924cf7c	27251	ssl->hsHashes->messages, ssl->hsHashes->prevLen,
wolfSSL	15:117db924cf7c	27252	ssl->peerEd25519Key,
wolfSSL	15:117db924cf7c	27253	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	27254	&ssl->buffers.peerEd25519Key
wolfSSL	15:117db924cf7c	27255	#else
wolfSSL	15:117db924cf7c	27256	NULL
wolfSSL	15:117db924cf7c	27257	#endif
wolfSSL	15:117db924cf7c	27258	);
wolfSSL	15:117db924cf7c	27259	}
wolfSSL	15:117db924cf7c	27260	#endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	27261	#if defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)
wolfSSL	16:8e0d178b1d1e	27262	if (ssl->peerEd448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	27263	WOLFSSL_MSG("Doing Ed448 peer cert verify");
wolfSSL	16:8e0d178b1d1e	27264
wolfSSL	16:8e0d178b1d1e	27265	ret = Ed448Verify(ssl,
wolfSSL	16:8e0d178b1d1e	27266	input + args->idx, args->sz,
wolfSSL	16:8e0d178b1d1e	27267	ssl->hsHashes->messages, ssl->hsHashes->prevLen,
wolfSSL	16:8e0d178b1d1e	27268	ssl->peerEd448Key,
wolfSSL	16:8e0d178b1d1e	27269	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	27270	&ssl->buffers.peerEd448Key
wolfSSL	16:8e0d178b1d1e	27271	#else
wolfSSL	16:8e0d178b1d1e	27272	NULL
wolfSSL	16:8e0d178b1d1e	27273	#endif
wolfSSL	16:8e0d178b1d1e	27274	);
wolfSSL	16:8e0d178b1d1e	27275	}
wolfSSL	16:8e0d178b1d1e	27276	#endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
wolfSSL	16:8e0d178b1d1e	27277
wolfSSL	16:8e0d178b1d1e	27278	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	27279	/* handle async pending */
wolfSSL	16:8e0d178b1d1e	27280	if (ret == WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	27281	goto exit_dcv;
wolfSSL	16:8e0d178b1d1e	27282	#endif
wolfSSL	15:117db924cf7c	27283
wolfSSL	15:117db924cf7c	27284	/* Check for error */
wolfSSL	15:117db924cf7c	27285	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	27286	ret = SIG_VERIFY_E;
wolfSSL	15:117db924cf7c	27287	goto exit_dcv;
wolfSSL	15:117db924cf7c	27288	}
wolfSSL	15:117db924cf7c	27289
wolfSSL	15:117db924cf7c	27290	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	27291	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	27292	} /* case TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	27293	FALL_THROUGH;
wolfSSL	15:117db924cf7c	27294
wolfSSL	15:117db924cf7c	27295	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	27296	{
wolfSSL	15:117db924cf7c	27297	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	27298	if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL	15:117db924cf7c	27299	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	15:117db924cf7c	27300	#ifdef WC_RSA_PSS
wolfSSL	15:117db924cf7c	27301	if (args->sigAlgo == rsa_pss_sa_algo) {
wolfSSL	15:117db924cf7c	27302	SetDigest(ssl, args->hashAlgo);
wolfSSL	15:117db924cf7c	27303
wolfSSL	16:8e0d178b1d1e	27304	#ifdef HAVE_SELFTEST
wolfSSL	15:117db924cf7c	27305	ret = wc_RsaPSS_CheckPadding(
wolfSSL	16:8e0d178b1d1e	27306	ssl->buffers.digest.buffer,
wolfSSL	16:8e0d178b1d1e	27307	ssl->buffers.digest.length,
wolfSSL	16:8e0d178b1d1e	27308	args->output, args->sigSz,
wolfSSL	16:8e0d178b1d1e	27309	HashAlgoToType(args->hashAlgo));
wolfSSL	16:8e0d178b1d1e	27310	#else
wolfSSL	16:8e0d178b1d1e	27311	ret = wc_RsaPSS_CheckPadding_ex(
wolfSSL	16:8e0d178b1d1e	27312	ssl->buffers.digest.buffer,
wolfSSL	16:8e0d178b1d1e	27313	ssl->buffers.digest.length,
wolfSSL	16:8e0d178b1d1e	27314	args->output, args->sigSz,
wolfSSL	16:8e0d178b1d1e	27315	HashAlgoToType(args->hashAlgo), -1,
wolfSSL	16:8e0d178b1d1e	27316	mp_count_bits(&ssl->peerRsaKey->n));
wolfSSL	16:8e0d178b1d1e	27317	#endif
wolfSSL	16:8e0d178b1d1e	27318	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	27319	ret = SIG_VERIFY_E;
wolfSSL	15:117db924cf7c	27320	goto exit_dcv;
wolfSSL	16:8e0d178b1d1e	27321	}
wolfSSL	15:117db924cf7c	27322	}
wolfSSL	15:117db924cf7c	27323	else
wolfSSL	15:117db924cf7c	27324	#endif
wolfSSL	15:117db924cf7c	27325	{
wolfSSL	15:117db924cf7c	27326	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	27327	byte* encodedSig;
wolfSSL	15:117db924cf7c	27328	#else
wolfSSL	15:117db924cf7c	27329	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	15:117db924cf7c	27330	#endif
wolfSSL	15:117db924cf7c	27331
wolfSSL	15:117db924cf7c	27332	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	27333	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL	16:8e0d178b1d1e	27334	ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	27335	if (encodedSig == NULL) {
wolfSSL	15:117db924cf7c	27336	ERROR_OUT(MEMORY_E, exit_dcv);
wolfSSL	15:117db924cf7c	27337	}
wolfSSL	15:117db924cf7c	27338	#endif
wolfSSL	15:117db924cf7c	27339
wolfSSL	15:117db924cf7c	27340	if (args->sigAlgo != rsa_sa_algo) {
wolfSSL	16:8e0d178b1d1e	27341	WOLFSSL_MSG("Oops, peer sent RSA key but not "
wolfSSL	16:8e0d178b1d1e	27342	"in verify");
wolfSSL	15:117db924cf7c	27343	}
wolfSSL	15:117db924cf7c	27344
wolfSSL	15:117db924cf7c	27345	SetDigest(ssl, args->hashAlgo);
wolfSSL	15:117db924cf7c	27346
wolfSSL	15:117db924cf7c	27347	args->sigSz = wc_EncodeSignature(encodedSig,
wolfSSL	15:117db924cf7c	27348	ssl->buffers.digest.buffer,
wolfSSL	15:117db924cf7c	27349	ssl->buffers.digest.length,
wolfSSL	15:117db924cf7c	27350	TypeHash(args->hashAlgo));
wolfSSL	15:117db924cf7c	27351
wolfSSL	15:117db924cf7c	27352	if (args->sendSz != args->sigSz \|\| !args->output \|\|
wolfSSL	15:117db924cf7c	27353	XMEMCMP(args->output, encodedSig,
wolfSSL	15:117db924cf7c	27354	min(args->sigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL	15:117db924cf7c	27355	ret = VERIFY_CERT_ERROR;
wolfSSL	15:117db924cf7c	27356	}
wolfSSL	15:117db924cf7c	27357
wolfSSL	15:117db924cf7c	27358	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	15:117db924cf7c	27359	XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	15:117db924cf7c	27360	#endif
wolfSSL	15:117db924cf7c	27361	}
wolfSSL	15:117db924cf7c	27362	}
wolfSSL	15:117db924cf7c	27363	else {
wolfSSL	15:117db924cf7c	27364	if (args->sendSz != FINISHED_SZ \|\| !args->output \|\|
wolfSSL	15:117db924cf7c	27365	XMEMCMP(args->output,
wolfSSL	15:117db924cf7c	27366	&ssl->hsHashes->certHashes, FINISHED_SZ) != 0) {
wolfSSL	15:117db924cf7c	27367	ret = VERIFY_CERT_ERROR;
wolfSSL	15:117db924cf7c	27368	}
wolfSSL	15:117db924cf7c	27369	}
wolfSSL	15:117db924cf7c	27370	}
wolfSSL	15:117db924cf7c	27371	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	27372
wolfSSL	15:117db924cf7c	27373	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	27374	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	27375	} /* case TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	27376	FALL_THROUGH;
wolfSSL	15:117db924cf7c	27377
wolfSSL	15:117db924cf7c	27378	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	27379	{
wolfSSL	16:8e0d178b1d1e	27380	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	27381	args->idx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	27382	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	27383	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	27384	args->idx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	27385	#endif
wolfSSL	16:8e0d178b1d1e	27386	}
wolfSSL	16:8e0d178b1d1e	27387
wolfSSL	15:117db924cf7c	27388	ssl->options.havePeerVerify = 1;
wolfSSL	15:117db924cf7c	27389
wolfSSL	15:117db924cf7c	27390	/* Set final index */
wolfSSL	15:117db924cf7c	27391	args->idx += args->sz;
wolfSSL	15:117db924cf7c	27392	*inOutIdx = args->idx;
wolfSSL	15:117db924cf7c	27393
wolfSSL	15:117db924cf7c	27394	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	27395	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	27396	} /* case TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	27397
wolfSSL	15:117db924cf7c	27398	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	27399	{
wolfSSL	15:117db924cf7c	27400	break;
wolfSSL	15:117db924cf7c	27401	}
wolfSSL	15:117db924cf7c	27402	default:
wolfSSL	15:117db924cf7c	27403	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	27404	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	27405
wolfSSL	15:117db924cf7c	27406	exit_dcv:
wolfSSL	15:117db924cf7c	27407
wolfSSL	15:117db924cf7c	27408	WOLFSSL_LEAVE("DoCertificateVerify", ret);
wolfSSL	15:117db924cf7c	27409	WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_DO);
wolfSSL	15:117db924cf7c	27410
wolfSSL	15:117db924cf7c	27411	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	27412	/* Handle async operation */
wolfSSL	15:117db924cf7c	27413	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	27414	/* Mark message as not received so it can process again */
wolfSSL	15:117db924cf7c	27415	ssl->msgsReceived.got_certificate_verify = 0;
wolfSSL	15:117db924cf7c	27416
wolfSSL	15:117db924cf7c	27417	return ret;
wolfSSL	15:117db924cf7c	27418	}
wolfSSL	15:117db924cf7c	27419	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	16:8e0d178b1d1e	27420	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	27421	if (ret == BUFFER_ERROR)
wolfSSL	16:8e0d178b1d1e	27422	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	27423	else if (ret == SIG_VERIFY_E)
wolfSSL	16:8e0d178b1d1e	27424	SendAlert(ssl, alert_fatal, decrypt_error);
wolfSSL	16:8e0d178b1d1e	27425	else if (ret != 0)
wolfSSL	16:8e0d178b1d1e	27426	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	15:117db924cf7c	27427	#endif
wolfSSL	15:117db924cf7c	27428	/* Digest is not allocated, so do this to prevent free */
wolfSSL	15:117db924cf7c	27429	ssl->buffers.digest.buffer = NULL;
wolfSSL	15:117db924cf7c	27430	ssl->buffers.digest.length = 0;
wolfSSL	15:117db924cf7c	27431
wolfSSL	15:117db924cf7c	27432	/* Final cleanup */
wolfSSL	15:117db924cf7c	27433	FreeDcvArgs(ssl, args);
wolfSSL	15:117db924cf7c	27434	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	27435
wolfSSL	15:117db924cf7c	27436	return ret;
wolfSSL	15:117db924cf7c	27437	}
wolfSSL	15:117db924cf7c	27438
wolfSSL	16:8e0d178b1d1e	27439	#endif /* (!NO_RSA \|\| ECC \|\| ED25519 \|\| ED448) && !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL	15:117db924cf7c	27440
wolfSSL	15:117db924cf7c	27441	/* handle generation of server_hello_done (14) */
wolfSSL	15:117db924cf7c	27442	int SendServerHelloDone(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	27443	{
wolfSSL	15:117db924cf7c	27444	byte* output;
wolfSSL	15:117db924cf7c	27445	int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	27446	int ret;
wolfSSL	15:117db924cf7c	27447
wolfSSL	15:117db924cf7c	27448	WOLFSSL_START(WC_FUNC_SERVER_HELLO_DONE_SEND);
wolfSSL	15:117db924cf7c	27449	WOLFSSL_ENTER("SendServerHelloDone");
wolfSSL	15:117db924cf7c	27450
wolfSSL	15:117db924cf7c	27451	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	27452	if (ssl->options.dtls)
wolfSSL	15:117db924cf7c	27453	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	27454	#endif
wolfSSL	15:117db924cf7c	27455
wolfSSL	16:8e0d178b1d1e	27456	if (IsEncryptionOn(ssl, 1))
wolfSSL	16:8e0d178b1d1e	27457	sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	27458
wolfSSL	15:117db924cf7c	27459	/* check for available size */
wolfSSL	15:117db924cf7c	27460	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	27461	return ret;
wolfSSL	15:117db924cf7c	27462
wolfSSL	15:117db924cf7c	27463	/* get output buffer */
wolfSSL	15:117db924cf7c	27464	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	27465	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	27466
wolfSSL	15:117db924cf7c	27467	AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL	15:117db924cf7c	27468
wolfSSL	16:8e0d178b1d1e	27469	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	27470	byte* input;
wolfSSL	16:8e0d178b1d1e	27471	int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	16:8e0d178b1d1e	27472
wolfSSL	16:8e0d178b1d1e	27473	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27474	if (input == NULL)
wolfSSL	16:8e0d178b1d1e	27475	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	27476
wolfSSL	16:8e0d178b1d1e	27477	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	16:8e0d178b1d1e	27478	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	16:8e0d178b1d1e	27479	handshake, 1, 0, 0);
wolfSSL	16:8e0d178b1d1e	27480	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27481
wolfSSL	16:8e0d178b1d1e	27482	if (sendSz < 0)
wolfSSL	16:8e0d178b1d1e	27483	return sendSz;
wolfSSL	16:8e0d178b1d1e	27484	} else {
wolfSSL	16:8e0d178b1d1e	27485	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	27486	if (IsDtlsNotSctpMode(ssl)) {
wolfSSL	16:8e0d178b1d1e	27487	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	27488	return ret;
wolfSSL	16:8e0d178b1d1e	27489	}
wolfSSL	16:8e0d178b1d1e	27490	if (ssl->options.dtls)
wolfSSL	16:8e0d178b1d1e	27491	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	16:8e0d178b1d1e	27492	#endif
wolfSSL	16:8e0d178b1d1e	27493	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	15:117db924cf7c	27494	if (ret != 0)
wolfSSL	15:117db924cf7c	27495	return ret;
wolfSSL	16:8e0d178b1d1e	27496	}
wolfSSL	15:117db924cf7c	27497
wolfSSL	15:117db924cf7c	27498	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	27499	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	27500	AddPacketName(ssl, "ServerHelloDone");
wolfSSL	15:117db924cf7c	27501	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	27502	AddPacketInfo(ssl, "ServerHelloDone", handshake, output, sendSz,
wolfSSL	15:117db924cf7c	27503	WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	27504	#endif
wolfSSL	15:117db924cf7c	27505	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	15:117db924cf7c	27506
wolfSSL	15:117db924cf7c	27507	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	27508
wolfSSL	15:117db924cf7c	27509	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	27510
wolfSSL	15:117db924cf7c	27511	WOLFSSL_LEAVE("SendServerHelloDone", ret);
wolfSSL	15:117db924cf7c	27512	WOLFSSL_END(WC_FUNC_SERVER_HELLO_DONE_SEND);
wolfSSL	15:117db924cf7c	27513
wolfSSL	15:117db924cf7c	27514	return ret;
wolfSSL	15:117db924cf7c	27515	}
wolfSSL	15:117db924cf7c	27516
wolfSSL	15:117db924cf7c	27517	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	27518
wolfSSL	15:117db924cf7c	27519	#ifdef HAVE_SESSION_TICKET
wolfSSL	15:117db924cf7c	27520
wolfSSL	15:117db924cf7c	27521	#define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
wolfSSL	15:117db924cf7c	27522	WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
wolfSSL	15:117db924cf7c	27523	#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
wolfSSL	15:117db924cf7c	27524
wolfSSL	15:117db924cf7c	27525	/* our ticket format */
wolfSSL	15:117db924cf7c	27526	typedef struct InternalTicket {
wolfSSL	15:117db924cf7c	27527	ProtocolVersion pv; /* version when ticket created */
wolfSSL	15:117db924cf7c	27528	byte suite[SUITE_LEN]; /* cipher suite when created */
wolfSSL	15:117db924cf7c	27529	byte msecret[SECRET_LEN]; /* master secret */
wolfSSL	15:117db924cf7c	27530	word32 timestamp; /* born on */
wolfSSL	15:117db924cf7c	27531	word16 haveEMS; /* have extended master secret */
wolfSSL	15:117db924cf7c	27532	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	27533	word32 ageAdd; /* Obfuscation of age */
wolfSSL	15:117db924cf7c	27534	word16 namedGroup; /* Named group used */
wolfSSL	15:117db924cf7c	27535	#ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	27536	TicketNonce ticketNonce; /* Ticket nonce */
wolfSSL	15:117db924cf7c	27537	#endif
wolfSSL	15:117db924cf7c	27538	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	27539	word32 maxEarlyDataSz; /* Max size of early data */
wolfSSL	15:117db924cf7c	27540	#endif
wolfSSL	15:117db924cf7c	27541	#endif
wolfSSL	15:117db924cf7c	27542	} InternalTicket;
wolfSSL	15:117db924cf7c	27543
wolfSSL	15:117db924cf7c	27544	/* fit within SESSION_TICKET_LEN */
wolfSSL	15:117db924cf7c	27545	typedef struct ExternalTicket {
wolfSSL	15:117db924cf7c	27546	byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
wolfSSL	15:117db924cf7c	27547	byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
wolfSSL	15:117db924cf7c	27548	byte enc_len[LENGTH_SZ]; /* encrypted length */
wolfSSL	15:117db924cf7c	27549	byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
wolfSSL	15:117db924cf7c	27550	byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
wolfSSL	15:117db924cf7c	27551	/* !! if add to structure, add to TICKET_FIXED_SZ !! */
wolfSSL	15:117db924cf7c	27552	} ExternalTicket;
wolfSSL	15:117db924cf7c	27553
wolfSSL	15:117db924cf7c	27554	/* create a new session ticket, 0 on success */
wolfSSL	15:117db924cf7c	27555	int CreateTicket(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	27556	{
wolfSSL	15:117db924cf7c	27557	InternalTicket it;
wolfSSL	15:117db924cf7c	27558	ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
wolfSSL	15:117db924cf7c	27559	int encLen;
wolfSSL	15:117db924cf7c	27560	int ret;
wolfSSL	15:117db924cf7c	27561	byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
wolfSSL	15:117db924cf7c	27562
wolfSSL	15:117db924cf7c	27563	XMEMSET(&it, 0, sizeof(it));
wolfSSL	15:117db924cf7c	27564
wolfSSL	15:117db924cf7c	27565	/* build internal */
wolfSSL	15:117db924cf7c	27566	it.pv.major = ssl->version.major;
wolfSSL	15:117db924cf7c	27567	it.pv.minor = ssl->version.minor;
wolfSSL	15:117db924cf7c	27568
wolfSSL	15:117db924cf7c	27569	it.suite[0] = ssl->options.cipherSuite0;
wolfSSL	15:117db924cf7c	27570	it.suite[1] = ssl->options.cipherSuite;
wolfSSL	15:117db924cf7c	27571
wolfSSL	15:117db924cf7c	27572	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	27573	it.maxEarlyDataSz = ssl->options.maxEarlyDataSz;
wolfSSL	15:117db924cf7c	27574	#endif
wolfSSL	15:117db924cf7c	27575
wolfSSL	15:117db924cf7c	27576	if (!ssl->options.tls1_3) {
wolfSSL	15:117db924cf7c	27577	XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	27578	c32toa(LowResTimer(), (byte*)&it.timestamp);
wolfSSL	15:117db924cf7c	27579	it.haveEMS = ssl->options.haveEMS;
wolfSSL	15:117db924cf7c	27580	}
wolfSSL	15:117db924cf7c	27581	else {
wolfSSL	15:117db924cf7c	27582	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	27583	/* Client adds to ticket age to obfuscate. */
wolfSSL	15:117db924cf7c	27584	ret = wc_RNG_GenerateBlock(ssl->rng, (byte*)&it.ageAdd,
wolfSSL	15:117db924cf7c	27585	sizeof(it.ageAdd));
wolfSSL	15:117db924cf7c	27586	if (ret != 0)
wolfSSL	15:117db924cf7c	27587	return BAD_TICKET_ENCRYPT;
wolfSSL	15:117db924cf7c	27588	ssl->session.ticketAdd = it.ageAdd;
wolfSSL	15:117db924cf7c	27589	it.namedGroup = ssl->session.namedGroup;
wolfSSL	15:117db924cf7c	27590	it.timestamp = TimeNowInMilliseconds();
wolfSSL	15:117db924cf7c	27591	/* Resumption master secret. */
wolfSSL	15:117db924cf7c	27592	XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	27593	#ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	27594	XMEMCPY(&it.ticketNonce, &ssl->session.ticketNonce,
wolfSSL	15:117db924cf7c	27595	sizeof(TicketNonce));
wolfSSL	15:117db924cf7c	27596	#endif
wolfSSL	15:117db924cf7c	27597	#endif
wolfSSL	15:117db924cf7c	27598	}
wolfSSL	15:117db924cf7c	27599
wolfSSL	15:117db924cf7c	27600	/* build external */
wolfSSL	15:117db924cf7c	27601	XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
wolfSSL	15:117db924cf7c	27602
wolfSSL	15:117db924cf7c	27603	/* encrypt */
wolfSSL	15:117db924cf7c	27604	encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
wolfSSL	16:8e0d178b1d1e	27605	if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL	16:8e0d178b1d1e	27606	ret = WOLFSSL_TICKET_RET_FATAL;
wolfSSL	16:8e0d178b1d1e	27607	}
wolfSSL	16:8e0d178b1d1e	27608	else {
wolfSSL	16:8e0d178b1d1e	27609	ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
wolfSSL	15:117db924cf7c	27610	et->enc_ticket, sizeof(InternalTicket),
wolfSSL	15:117db924cf7c	27611	&encLen, ssl->ctx->ticketEncCtx);
wolfSSL	16:8e0d178b1d1e	27612	}
wolfSSL	15:117db924cf7c	27613	if (ret == WOLFSSL_TICKET_RET_OK) {
wolfSSL	15:117db924cf7c	27614	if (encLen < (int)sizeof(InternalTicket) \|\|
wolfSSL	15:117db924cf7c	27615	encLen > WOLFSSL_TICKET_ENC_SZ) {
wolfSSL	15:117db924cf7c	27616	WOLFSSL_MSG("Bad user ticket encrypt size");
wolfSSL	15:117db924cf7c	27617	return BAD_TICKET_KEY_CB_SZ;
wolfSSL	15:117db924cf7c	27618	}
wolfSSL	15:117db924cf7c	27619
wolfSSL	15:117db924cf7c	27620	/* sanity checks on encrypt callback */
wolfSSL	15:117db924cf7c	27621
wolfSSL	15:117db924cf7c	27622	/* internal ticket can't be the same if encrypted */
wolfSSL	15:117db924cf7c	27623	if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
wolfSSL	15:117db924cf7c	27624	WOLFSSL_MSG("User ticket encrypt didn't encrypt");
wolfSSL	15:117db924cf7c	27625	return BAD_TICKET_ENCRYPT;
wolfSSL	15:117db924cf7c	27626	}
wolfSSL	15:117db924cf7c	27627
wolfSSL	15:117db924cf7c	27628	XMEMSET(zeros, 0, sizeof(zeros));
wolfSSL	15:117db924cf7c	27629
wolfSSL	15:117db924cf7c	27630	/* name */
wolfSSL	15:117db924cf7c	27631	if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
wolfSSL	15:117db924cf7c	27632	WOLFSSL_MSG("User ticket encrypt didn't set name");
wolfSSL	15:117db924cf7c	27633	return BAD_TICKET_ENCRYPT;
wolfSSL	15:117db924cf7c	27634	}
wolfSSL	15:117db924cf7c	27635
wolfSSL	15:117db924cf7c	27636	/* iv */
wolfSSL	15:117db924cf7c	27637	if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
wolfSSL	15:117db924cf7c	27638	WOLFSSL_MSG("User ticket encrypt didn't set iv");
wolfSSL	15:117db924cf7c	27639	return BAD_TICKET_ENCRYPT;
wolfSSL	15:117db924cf7c	27640	}
wolfSSL	15:117db924cf7c	27641
wolfSSL	15:117db924cf7c	27642	/* mac */
wolfSSL	15:117db924cf7c	27643	if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
wolfSSL	15:117db924cf7c	27644	WOLFSSL_MSG("User ticket encrypt didn't set mac");
wolfSSL	15:117db924cf7c	27645	return BAD_TICKET_ENCRYPT;
wolfSSL	15:117db924cf7c	27646	}
wolfSSL	15:117db924cf7c	27647
wolfSSL	15:117db924cf7c	27648	/* set size */
wolfSSL	15:117db924cf7c	27649	c16toa((word16)encLen, et->enc_len);
wolfSSL	15:117db924cf7c	27650	ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
wolfSSL	15:117db924cf7c	27651	if (encLen < WOLFSSL_TICKET_ENC_SZ) {
wolfSSL	15:117db924cf7c	27652	/* move mac up since whole enc buffer not used */
wolfSSL	15:117db924cf7c	27653	XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
wolfSSL	15:117db924cf7c	27654	}
wolfSSL	15:117db924cf7c	27655	}
wolfSSL	15:117db924cf7c	27656
wolfSSL	15:117db924cf7c	27657	return ret;
wolfSSL	15:117db924cf7c	27658	}
wolfSSL	15:117db924cf7c	27659
wolfSSL	15:117db924cf7c	27660
wolfSSL	15:117db924cf7c	27661	/* Parse ticket sent by client, returns callback return value */
wolfSSL	15:117db924cf7c	27662	int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
wolfSSL	15:117db924cf7c	27663	{
wolfSSL	15:117db924cf7c	27664	ExternalTicket* et;
wolfSSL	15:117db924cf7c	27665	InternalTicket* it;
wolfSSL	15:117db924cf7c	27666	int ret;
wolfSSL	15:117db924cf7c	27667	int outLen;
wolfSSL	15:117db924cf7c	27668	word16 inLen;
wolfSSL	15:117db924cf7c	27669
wolfSSL	15:117db924cf7c	27670	WOLFSSL_START(WC_FUNC_TICKET_DO);
wolfSSL	15:117db924cf7c	27671	WOLFSSL_ENTER("DoClientTicket");
wolfSSL	15:117db924cf7c	27672
wolfSSL	15:117db924cf7c	27673	if (len > SESSION_TICKET_LEN \|\|
wolfSSL	15:117db924cf7c	27674	len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL	15:117db924cf7c	27675	return BAD_TICKET_MSG_SZ;
wolfSSL	15:117db924cf7c	27676	}
wolfSSL	15:117db924cf7c	27677
wolfSSL	15:117db924cf7c	27678	et = (ExternalTicket*)input;
wolfSSL	15:117db924cf7c	27679	it = (InternalTicket*)et->enc_ticket;
wolfSSL	15:117db924cf7c	27680
wolfSSL	15:117db924cf7c	27681	/* decrypt */
wolfSSL	15:117db924cf7c	27682	ato16(et->enc_len, &inLen);
wolfSSL	15:117db924cf7c	27683	if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL	15:117db924cf7c	27684	return BAD_TICKET_MSG_SZ;
wolfSSL	15:117db924cf7c	27685	}
wolfSSL	15:117db924cf7c	27686	outLen = inLen; /* may be reduced by user padding */
wolfSSL	16:8e0d178b1d1e	27687
wolfSSL	16:8e0d178b1d1e	27688	if (ssl->ctx->ticketEncCb == NULL) {
wolfSSL	16:8e0d178b1d1e	27689	ret = WOLFSSL_TICKET_RET_FATAL;
wolfSSL	16:8e0d178b1d1e	27690	}
wolfSSL	16:8e0d178b1d1e	27691	else {
wolfSSL	16:8e0d178b1d1e	27692	ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
wolfSSL	15:117db924cf7c	27693	et->enc_ticket + inLen, 0,
wolfSSL	15:117db924cf7c	27694	et->enc_ticket, inLen, &outLen,
wolfSSL	15:117db924cf7c	27695	ssl->ctx->ticketEncCtx);
wolfSSL	16:8e0d178b1d1e	27696	}
wolfSSL	15:117db924cf7c	27697	if (ret == WOLFSSL_TICKET_RET_FATAL \|\| ret < 0) return ret;
wolfSSL	16:8e0d178b1d1e	27698	if (outLen > (int)inLen \|\| outLen < (int)sizeof(InternalTicket)) {
wolfSSL	15:117db924cf7c	27699	WOLFSSL_MSG("Bad user ticket decrypt len");
wolfSSL	15:117db924cf7c	27700	return BAD_TICKET_KEY_CB_SZ;
wolfSSL	15:117db924cf7c	27701	}
wolfSSL	15:117db924cf7c	27702
wolfSSL	15:117db924cf7c	27703	/* get master secret */
wolfSSL	15:117db924cf7c	27704	if (ret == WOLFSSL_TICKET_RET_OK \|\| ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL	15:117db924cf7c	27705	if (ssl->version.minor < it->pv.minor) {
wolfSSL	15:117db924cf7c	27706	WOLFSSL_MSG("Ticket has greater version");
wolfSSL	15:117db924cf7c	27707	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	27708	}
wolfSSL	15:117db924cf7c	27709	else if (ssl->version.minor > it->pv.minor) {
wolfSSL	15:117db924cf7c	27710	if (!ssl->options.downgrade) {
wolfSSL	15:117db924cf7c	27711	WOLFSSL_MSG("Ticket has lesser version");
wolfSSL	15:117db924cf7c	27712	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	27713	}
wolfSSL	15:117db924cf7c	27714
wolfSSL	15:117db924cf7c	27715	WOLFSSL_MSG("Downgrading protocol due to ticket");
wolfSSL	15:117db924cf7c	27716
wolfSSL	15:117db924cf7c	27717	if (it->pv.minor < ssl->options.minDowngrade)
wolfSSL	15:117db924cf7c	27718	return VERSION_ERROR;
wolfSSL	15:117db924cf7c	27719	ssl->version.minor = it->pv.minor;
wolfSSL	15:117db924cf7c	27720	}
wolfSSL	15:117db924cf7c	27721
wolfSSL	16:8e0d178b1d1e	27722
wolfSSL	15:117db924cf7c	27723	if (!IsAtLeastTLSv1_3(ssl->version)) {
wolfSSL	15:117db924cf7c	27724	XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	27725	/* Copy the haveExtendedMasterSecret property from the ticket to
wolfSSL	15:117db924cf7c	27726	* the saved session, so the property may be checked later. */
wolfSSL	15:117db924cf7c	27727	ssl->session.haveEMS = it->haveEMS;
wolfSSL	16:8e0d178b1d1e	27728	#ifndef NO_RESUME_SUITE_CHECK
wolfSSL	16:8e0d178b1d1e	27729	ssl->session.cipherSuite0 = it->suite[0];
wolfSSL	16:8e0d178b1d1e	27730	ssl->session.cipherSuite = it->suite[1];
wolfSSL	16:8e0d178b1d1e	27731	#endif
wolfSSL	15:117db924cf7c	27732	}
wolfSSL	15:117db924cf7c	27733	else {
wolfSSL	15:117db924cf7c	27734	#ifdef WOLFSSL_TLS13
wolfSSL	15:117db924cf7c	27735	/* Restore information to renegotiate. */
wolfSSL	15:117db924cf7c	27736	ssl->session.ticketSeen = it->timestamp;
wolfSSL	15:117db924cf7c	27737	ssl->session.ticketAdd = it->ageAdd;
wolfSSL	15:117db924cf7c	27738	ssl->session.cipherSuite0 = it->suite[0];
wolfSSL	15:117db924cf7c	27739	ssl->session.cipherSuite = it->suite[1];
wolfSSL	15:117db924cf7c	27740	#ifdef WOLFSSL_EARLY_DATA
wolfSSL	15:117db924cf7c	27741	ssl->session.maxEarlyDataSz = it->maxEarlyDataSz;
wolfSSL	15:117db924cf7c	27742	#endif
wolfSSL	15:117db924cf7c	27743	/* Resumption master secret. */
wolfSSL	15:117db924cf7c	27744	XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	27745	#ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL	15:117db924cf7c	27746	XMEMCPY(&ssl->session.ticketNonce, &it->ticketNonce,
wolfSSL	15:117db924cf7c	27747	sizeof(TicketNonce));
wolfSSL	15:117db924cf7c	27748	#endif
wolfSSL	15:117db924cf7c	27749	ssl->session.namedGroup = it->namedGroup;
wolfSSL	15:117db924cf7c	27750	#endif
wolfSSL	15:117db924cf7c	27751	}
wolfSSL	15:117db924cf7c	27752	}
wolfSSL	15:117db924cf7c	27753
wolfSSL	15:117db924cf7c	27754	WOLFSSL_LEAVE("DoClientTicket", ret);
wolfSSL	15:117db924cf7c	27755	WOLFSSL_END(WC_FUNC_TICKET_DO);
wolfSSL	15:117db924cf7c	27756
wolfSSL	15:117db924cf7c	27757	return ret;
wolfSSL	15:117db924cf7c	27758	}
wolfSSL	15:117db924cf7c	27759
wolfSSL	15:117db924cf7c	27760
wolfSSL	15:117db924cf7c	27761	/* send Session Ticket */
wolfSSL	15:117db924cf7c	27762	int SendTicket(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	27763	{
wolfSSL	15:117db924cf7c	27764	byte* output;
wolfSSL	15:117db924cf7c	27765	int ret;
wolfSSL	15:117db924cf7c	27766	int sendSz;
wolfSSL	15:117db924cf7c	27767	word32 length = SESSION_HINT_SZ + LENGTH_SZ;
wolfSSL	15:117db924cf7c	27768	word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	27769
wolfSSL	15:117db924cf7c	27770	WOLFSSL_START(WC_FUNC_TICKET_SEND);
wolfSSL	15:117db924cf7c	27771	WOLFSSL_ENTER("SendTicket");
wolfSSL	15:117db924cf7c	27772
wolfSSL	15:117db924cf7c	27773	if (ssl->options.createTicket) {
wolfSSL	15:117db924cf7c	27774	ret = CreateTicket(ssl);
wolfSSL	15:117db924cf7c	27775	if (ret != 0) return ret;
wolfSSL	15:117db924cf7c	27776	}
wolfSSL	15:117db924cf7c	27777
wolfSSL	15:117db924cf7c	27778	length += ssl->session.ticketLen;
wolfSSL	15:117db924cf7c	27779	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	27780
wolfSSL	16:8e0d178b1d1e	27781	if (!ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	27782	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
wolfSSL	16:8e0d178b1d1e	27783	sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	27784	}
wolfSSL	16:8e0d178b1d1e	27785	else {
wolfSSL	15:117db924cf7c	27786	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	27787	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	15:117db924cf7c	27788	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	16:8e0d178b1d1e	27789	#endif
wolfSSL	16:8e0d178b1d1e	27790	}
wolfSSL	15:117db924cf7c	27791	/* check for available size */
wolfSSL	15:117db924cf7c	27792	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	27793	return ret;
wolfSSL	15:117db924cf7c	27794
wolfSSL	15:117db924cf7c	27795	/* get output buffer */
wolfSSL	15:117db924cf7c	27796	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	27797	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	27798
wolfSSL	15:117db924cf7c	27799	AddHeaders(output, length, session_ticket, ssl);
wolfSSL	15:117db924cf7c	27800
wolfSSL	15:117db924cf7c	27801	/* hint */
wolfSSL	15:117db924cf7c	27802	c32toa(ssl->ctx->ticketHint, output + idx);
wolfSSL	15:117db924cf7c	27803	idx += SESSION_HINT_SZ;
wolfSSL	15:117db924cf7c	27804
wolfSSL	15:117db924cf7c	27805	/* length */
wolfSSL	15:117db924cf7c	27806	c16toa(ssl->session.ticketLen, output + idx);
wolfSSL	15:117db924cf7c	27807	idx += LENGTH_SZ;
wolfSSL	15:117db924cf7c	27808
wolfSSL	15:117db924cf7c	27809	/* ticket */
wolfSSL	15:117db924cf7c	27810	XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL	16:8e0d178b1d1e	27811	idx += ssl->session.ticketLen;
wolfSSL	16:8e0d178b1d1e	27812
wolfSSL	16:8e0d178b1d1e	27813	if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL	16:8e0d178b1d1e	27814	byte* input;
wolfSSL	16:8e0d178b1d1e	27815	int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	16:8e0d178b1d1e	27816
wolfSSL	16:8e0d178b1d1e	27817	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27818	if (input == NULL)
wolfSSL	16:8e0d178b1d1e	27819	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	27820
wolfSSL	16:8e0d178b1d1e	27821	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	16:8e0d178b1d1e	27822	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	16:8e0d178b1d1e	27823	handshake, 1, 0, 0);
wolfSSL	16:8e0d178b1d1e	27824	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27825
wolfSSL	16:8e0d178b1d1e	27826	if (sendSz < 0)
wolfSSL	16:8e0d178b1d1e	27827	return sendSz;
wolfSSL	16:8e0d178b1d1e	27828	}
wolfSSL	16:8e0d178b1d1e	27829	else {
wolfSSL	16:8e0d178b1d1e	27830	#ifdef WOLFSSL_DTLS
wolfSSL	16:8e0d178b1d1e	27831	if (ssl->options.dtls) {
wolfSSL	16:8e0d178b1d1e	27832	if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	27833	return ret;
wolfSSL	16:8e0d178b1d1e	27834
wolfSSL	16:8e0d178b1d1e	27835	DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL	16:8e0d178b1d1e	27836	}
wolfSSL	16:8e0d178b1d1e	27837	#endif
wolfSSL	16:8e0d178b1d1e	27838	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	16:8e0d178b1d1e	27839	if (ret != 0)
wolfSSL	15:117db924cf7c	27840	return ret;
wolfSSL	16:8e0d178b1d1e	27841	}
wolfSSL	16:8e0d178b1d1e	27842
wolfSSL	15:117db924cf7c	27843	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	27844
wolfSSL	15:117db924cf7c	27845	ret = SendBuffered(ssl);
wolfSSL	15:117db924cf7c	27846
wolfSSL	15:117db924cf7c	27847	WOLFSSL_LEAVE("SendTicket", ret);
wolfSSL	15:117db924cf7c	27848	WOLFSSL_END(WC_FUNC_TICKET_SEND);
wolfSSL	15:117db924cf7c	27849
wolfSSL	15:117db924cf7c	27850	return ret;
wolfSSL	15:117db924cf7c	27851	}
wolfSSL	15:117db924cf7c	27852
wolfSSL	15:117db924cf7c	27853	#endif /* HAVE_SESSION_TICKET */
wolfSSL	15:117db924cf7c	27854
wolfSSL	15:117db924cf7c	27855	#ifndef WOLFSSL_NO_TLS12
wolfSSL	15:117db924cf7c	27856
wolfSSL	16:8e0d178b1d1e	27857	#if defined(HAVE_SECURE_RENEGOTIATION) && \
wolfSSL	16:8e0d178b1d1e	27858	defined(HAVE_SERVER_RENEGOTIATION_INFO) && \
wolfSSL	16:8e0d178b1d1e	27859	!defined(WOLFSSL_NO_SERVER)
wolfSSL	16:8e0d178b1d1e	27860
wolfSSL	16:8e0d178b1d1e	27861	/* handle generation of server's hello_request (0) */
wolfSSL	16:8e0d178b1d1e	27862	int SendHelloRequest(WOLFSSL* ssl)
wolfSSL	16:8e0d178b1d1e	27863	{
wolfSSL	16:8e0d178b1d1e	27864	byte* output;
wolfSSL	16:8e0d178b1d1e	27865	int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	16:8e0d178b1d1e	27866	int ret;
wolfSSL	16:8e0d178b1d1e	27867
wolfSSL	16:8e0d178b1d1e	27868	WOLFSSL_START(WC_FUNC_HELLO_REQUEST_SEND);
wolfSSL	16:8e0d178b1d1e	27869	WOLFSSL_ENTER("SendHelloRequest");
wolfSSL	16:8e0d178b1d1e	27870
wolfSSL	16:8e0d178b1d1e	27871	if (IsEncryptionOn(ssl, 1))
wolfSSL	16:8e0d178b1d1e	27872	sendSz += MAX_MSG_EXTRA;
wolfSSL	16:8e0d178b1d1e	27873
wolfSSL	16:8e0d178b1d1e	27874	/* check for available size */
wolfSSL	16:8e0d178b1d1e	27875	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	16:8e0d178b1d1e	27876	return ret;
wolfSSL	16:8e0d178b1d1e	27877
wolfSSL	16:8e0d178b1d1e	27878	/* get output buffer */
wolfSSL	16:8e0d178b1d1e	27879	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	16:8e0d178b1d1e	27880	ssl->buffers.outputBuffer.length;
wolfSSL	16:8e0d178b1d1e	27881
wolfSSL	16:8e0d178b1d1e	27882	AddHeaders(output, 0, hello_request, ssl);
wolfSSL	16:8e0d178b1d1e	27883
wolfSSL	16:8e0d178b1d1e	27884	if (IsEncryptionOn(ssl, 1)) {
wolfSSL	16:8e0d178b1d1e	27885	byte* input;
wolfSSL	16:8e0d178b1d1e	27886	int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL	16:8e0d178b1d1e	27887
wolfSSL	16:8e0d178b1d1e	27888	input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27889	if (input == NULL)
wolfSSL	16:8e0d178b1d1e	27890	return MEMORY_E;
wolfSSL	16:8e0d178b1d1e	27891
wolfSSL	16:8e0d178b1d1e	27892	XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL	16:8e0d178b1d1e	27893	sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL	16:8e0d178b1d1e	27894	handshake, 0, 0, 0);
wolfSSL	16:8e0d178b1d1e	27895	XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	16:8e0d178b1d1e	27896
wolfSSL	16:8e0d178b1d1e	27897	if (sendSz < 0)
wolfSSL	16:8e0d178b1d1e	27898	return sendSz;
wolfSSL	16:8e0d178b1d1e	27899	}
wolfSSL	16:8e0d178b1d1e	27900
wolfSSL	16:8e0d178b1d1e	27901	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	16:8e0d178b1d1e	27902
wolfSSL	16:8e0d178b1d1e	27903	ret = SendBuffered(ssl);
wolfSSL	16:8e0d178b1d1e	27904
wolfSSL	16:8e0d178b1d1e	27905	WOLFSSL_LEAVE("SendHelloRequest", ret);
wolfSSL	16:8e0d178b1d1e	27906	WOLFSSL_END(WC_FUNC_HELLO_REQUEST_SEND);
wolfSSL	16:8e0d178b1d1e	27907
wolfSSL	16:8e0d178b1d1e	27908	return ret;
wolfSSL	16:8e0d178b1d1e	27909	}
wolfSSL	16:8e0d178b1d1e	27910
wolfSSL	16:8e0d178b1d1e	27911	#endif /* HAVE_SECURE_RENEGOTIATION && HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL	16:8e0d178b1d1e	27912
wolfSSL	15:117db924cf7c	27913	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	27914	/* handle generation of DTLS hello_verify_request (3) */
wolfSSL	15:117db924cf7c	27915	static int SendHelloVerifyRequest(WOLFSSL* ssl,
wolfSSL	15:117db924cf7c	27916	const byte* cookie, byte cookieSz)
wolfSSL	15:117db924cf7c	27917	{
wolfSSL	15:117db924cf7c	27918	byte* output;
wolfSSL	15:117db924cf7c	27919	int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL	15:117db924cf7c	27920	int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	27921	int sendSz = length + idx;
wolfSSL	15:117db924cf7c	27922	int ret;
wolfSSL	15:117db924cf7c	27923
wolfSSL	15:117db924cf7c	27924	/* check for available size */
wolfSSL	15:117db924cf7c	27925	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	15:117db924cf7c	27926	return ret;
wolfSSL	15:117db924cf7c	27927
wolfSSL	15:117db924cf7c	27928	/* get output buffer */
wolfSSL	15:117db924cf7c	27929	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	15:117db924cf7c	27930	ssl->buffers.outputBuffer.length;
wolfSSL	15:117db924cf7c	27931
wolfSSL	15:117db924cf7c	27932	/* Hello Verify Request should use the same sequence number as the
wolfSSL	15:117db924cf7c	27933	* Client Hello. */
wolfSSL	15:117db924cf7c	27934	ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL	15:117db924cf7c	27935	ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL	15:117db924cf7c	27936	AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL	15:117db924cf7c	27937
wolfSSL	15:117db924cf7c	27938	#ifdef OPENSSL_EXTRA
wolfSSL	15:117db924cf7c	27939	output[idx++] = DTLS_MAJOR;
wolfSSL	15:117db924cf7c	27940	output[idx++] = DTLS_MINOR;
wolfSSL	15:117db924cf7c	27941	#else
wolfSSL	15:117db924cf7c	27942	output[idx++] = ssl->version.major;
wolfSSL	15:117db924cf7c	27943	output[idx++] = ssl->version.minor;
wolfSSL	15:117db924cf7c	27944	#endif
wolfSSL	15:117db924cf7c	27945
wolfSSL	15:117db924cf7c	27946	output[idx++] = cookieSz;
wolfSSL	15:117db924cf7c	27947	if (cookie == NULL \|\| cookieSz == 0)
wolfSSL	15:117db924cf7c	27948	return COOKIE_ERROR;
wolfSSL	15:117db924cf7c	27949
wolfSSL	15:117db924cf7c	27950	XMEMCPY(output + idx, cookie, cookieSz);
wolfSSL	15:117db924cf7c	27951
wolfSSL	15:117db924cf7c	27952	#if defined(WOLFSSL_CALLBACKS) \|\| defined(OPENSSL_EXTRA)
wolfSSL	15:117db924cf7c	27953	if (ssl->hsInfoOn)
wolfSSL	15:117db924cf7c	27954	AddPacketName(ssl, "HelloVerifyRequest");
wolfSSL	15:117db924cf7c	27955	if (ssl->toInfoOn)
wolfSSL	15:117db924cf7c	27956	AddPacketInfo(ssl, "HelloVerifyRequest", handshake, output,
wolfSSL	15:117db924cf7c	27957	sendSz, WRITE_PROTO, ssl->heap);
wolfSSL	15:117db924cf7c	27958	#endif
wolfSSL	15:117db924cf7c	27959
wolfSSL	15:117db924cf7c	27960	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	15:117db924cf7c	27961
wolfSSL	15:117db924cf7c	27962	return SendBuffered(ssl);
wolfSSL	15:117db924cf7c	27963	}
wolfSSL	15:117db924cf7c	27964	#endif /* WOLFSSL_DTLS */
wolfSSL	15:117db924cf7c	27965
wolfSSL	15:117db924cf7c	27966	typedef struct DckeArgs {
wolfSSL	15:117db924cf7c	27967	byte* output; /* not allocated */
wolfSSL	15:117db924cf7c	27968	word32 length;
wolfSSL	15:117db924cf7c	27969	word32 idx;
wolfSSL	15:117db924cf7c	27970	word32 begin;
wolfSSL	15:117db924cf7c	27971	word32 sigSz;
wolfSSL	15:117db924cf7c	27972	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	27973	int lastErr;
wolfSSL	15:117db924cf7c	27974	#endif
wolfSSL	15:117db924cf7c	27975	} DckeArgs;
wolfSSL	15:117db924cf7c	27976
wolfSSL	15:117db924cf7c	27977	static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL	15:117db924cf7c	27978	{
wolfSSL	15:117db924cf7c	27979	DckeArgs* args = (DckeArgs*)pArgs;
wolfSSL	15:117db924cf7c	27980
wolfSSL	15:117db924cf7c	27981	(void)ssl;
wolfSSL	15:117db924cf7c	27982	(void)args;
wolfSSL	15:117db924cf7c	27983	}
wolfSSL	15:117db924cf7c	27984
wolfSSL	15:117db924cf7c	27985	/* handle processing client_key_exchange (16) */
wolfSSL	15:117db924cf7c	27986	static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	15:117db924cf7c	27987	word32 size)
wolfSSL	15:117db924cf7c	27988	{
wolfSSL	15:117db924cf7c	27989	int ret;
wolfSSL	15:117db924cf7c	27990	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	27991	DckeArgs* args = (DckeArgs*)ssl->async.args;
wolfSSL	15:117db924cf7c	27992	typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL	15:117db924cf7c	27993	(void)sizeof(args_test);
wolfSSL	15:117db924cf7c	27994	#else
wolfSSL	15:117db924cf7c	27995	DckeArgs args[1];
wolfSSL	15:117db924cf7c	27996	#endif
wolfSSL	15:117db924cf7c	27997
wolfSSL	15:117db924cf7c	27998	(void)size;
wolfSSL	15:117db924cf7c	27999	(void)input;
wolfSSL	15:117db924cf7c	28000
wolfSSL	15:117db924cf7c	28001	WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
wolfSSL	15:117db924cf7c	28002	WOLFSSL_ENTER("DoClientKeyExchange");
wolfSSL	15:117db924cf7c	28003
wolfSSL	15:117db924cf7c	28004	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	28005	ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL	15:117db924cf7c	28006	if (ret != WC_NOT_PENDING_E) {
wolfSSL	15:117db924cf7c	28007	/* Check for error */
wolfSSL	15:117db924cf7c	28008	if (ret < 0)
wolfSSL	15:117db924cf7c	28009	goto exit_dcke;
wolfSSL	15:117db924cf7c	28010	}
wolfSSL	15:117db924cf7c	28011	else
wolfSSL	15:117db924cf7c	28012	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	28013	{
wolfSSL	15:117db924cf7c	28014	/* Reset state */
wolfSSL	15:117db924cf7c	28015	ret = 0;
wolfSSL	15:117db924cf7c	28016	ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL	15:117db924cf7c	28017	XMEMSET(args, 0, sizeof(DckeArgs));
wolfSSL	15:117db924cf7c	28018	args->idx = *inOutIdx;
wolfSSL	15:117db924cf7c	28019	args->begin = *inOutIdx;
wolfSSL	15:117db924cf7c	28020	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	28021	ssl->async.freeArgs = FreeDckeArgs;
wolfSSL	15:117db924cf7c	28022	#endif
wolfSSL	15:117db924cf7c	28023	}
wolfSSL	15:117db924cf7c	28024
wolfSSL	15:117db924cf7c	28025	/* Do Client Key Exchange State Machine */
wolfSSL	15:117db924cf7c	28026	switch(ssl->options.asyncState)
wolfSSL	15:117db924cf7c	28027	{
wolfSSL	15:117db924cf7c	28028	case TLS_ASYNC_BEGIN:
wolfSSL	15:117db924cf7c	28029	{
wolfSSL	15:117db924cf7c	28030	/* Sanity checks */
wolfSSL	15:117db924cf7c	28031	if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	28032	WOLFSSL_MSG("Client received client keyexchange, attack?");
wolfSSL	15:117db924cf7c	28033	WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL	15:117db924cf7c	28034	ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28035	}
wolfSSL	15:117db924cf7c	28036
wolfSSL	15:117db924cf7c	28037	if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL	15:117db924cf7c	28038	WOLFSSL_MSG("Client sending keyexchange at wrong time");
wolfSSL	15:117db924cf7c	28039	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	15:117db924cf7c	28040	ERROR_OUT(OUT_OF_ORDER_E, exit_dcke);
wolfSSL	15:117db924cf7c	28041	}
wolfSSL	15:117db924cf7c	28042
wolfSSL	15:117db924cf7c	28043	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	28044	if (ssl->options.verifyPeer && ssl->options.failNoCert) {
wolfSSL	15:117db924cf7c	28045	if (!ssl->options.havePeerCert) {
wolfSSL	15:117db924cf7c	28046	WOLFSSL_MSG("client didn't present peer cert");
wolfSSL	15:117db924cf7c	28047	ERROR_OUT(NO_PEER_CERT, exit_dcke);
wolfSSL	15:117db924cf7c	28048	}
wolfSSL	15:117db924cf7c	28049	}
wolfSSL	15:117db924cf7c	28050
wolfSSL	15:117db924cf7c	28051	if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) {
wolfSSL	15:117db924cf7c	28052	if (!ssl->options.havePeerCert &&
wolfSSL	15:117db924cf7c	28053	!ssl->options.usingPSK_cipher) {
wolfSSL	15:117db924cf7c	28054	WOLFSSL_MSG("client didn't present peer cert");
wolfSSL	15:117db924cf7c	28055	return NO_PEER_CERT;
wolfSSL	15:117db924cf7c	28056	}
wolfSSL	15:117db924cf7c	28057	}
wolfSSL	15:117db924cf7c	28058	#endif /* !NO_CERTS */
wolfSSL	15:117db924cf7c	28059
wolfSSL	15:117db924cf7c	28060	#if defined(WOLFSSL_CALLBACKS)
wolfSSL	15:117db924cf7c	28061	if (ssl->hsInfoOn) {
wolfSSL	15:117db924cf7c	28062	AddPacketName(ssl, "ClientKeyExchange");
wolfSSL	15:117db924cf7c	28063	}
wolfSSL	15:117db924cf7c	28064	if (ssl->toInfoOn) {
wolfSSL	15:117db924cf7c	28065	AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL	15:117db924cf7c	28066	}
wolfSSL	15:117db924cf7c	28067	#endif
wolfSSL	15:117db924cf7c	28068
wolfSSL	16:8e0d178b1d1e	28069	if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL	16:8e0d178b1d1e	28070	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	16:8e0d178b1d1e	28071	ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL	16:8e0d178b1d1e	28072	ssl->heap, DYNAMIC_TYPE_SECRET);
wolfSSL	16:8e0d178b1d1e	28073	if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL	16:8e0d178b1d1e	28074	ERROR_OUT(MEMORY_E, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28075	}
wolfSSL	16:8e0d178b1d1e	28076	XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
wolfSSL	16:8e0d178b1d1e	28077	}
wolfSSL	16:8e0d178b1d1e	28078
wolfSSL	15:117db924cf7c	28079	switch (ssl->specs.kea) {
wolfSSL	15:117db924cf7c	28080	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	28081	case rsa_kea:
wolfSSL	15:117db924cf7c	28082	{
wolfSSL	15:117db924cf7c	28083	break;
wolfSSL	15:117db924cf7c	28084	} /* rsa_kea */
wolfSSL	15:117db924cf7c	28085	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	28086	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	28087	case psk_kea:
wolfSSL	15:117db924cf7c	28088	{
wolfSSL	15:117db924cf7c	28089	/* sanity check that PSK server callback has been set */
wolfSSL	15:117db924cf7c	28090	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	28091	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	15:117db924cf7c	28092	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28093	}
wolfSSL	15:117db924cf7c	28094	break;
wolfSSL	15:117db924cf7c	28095	}
wolfSSL	15:117db924cf7c	28096	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	28097	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	28098	case ntru_kea:
wolfSSL	15:117db924cf7c	28099	{
wolfSSL	15:117db924cf7c	28100	/* make sure private key exists */
wolfSSL	15:117db924cf7c	28101	if (ssl->buffers.key == NULL \|\|
wolfSSL	15:117db924cf7c	28102	ssl->buffers.key->buffer == NULL) {
wolfSSL	15:117db924cf7c	28103	ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL	15:117db924cf7c	28104	}
wolfSSL	15:117db924cf7c	28105	break;
wolfSSL	15:117db924cf7c	28106	}
wolfSSL	15:117db924cf7c	28107	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	28108	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28109	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	28110	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28111	{
wolfSSL	15:117db924cf7c	28112	break;
wolfSSL	15:117db924cf7c	28113	}
wolfSSL	16:8e0d178b1d1e	28114	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	28115	#ifndef NO_DH
wolfSSL	15:117db924cf7c	28116	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28117	{
wolfSSL	15:117db924cf7c	28118	break;
wolfSSL	15:117db924cf7c	28119	}
wolfSSL	15:117db924cf7c	28120	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	28121	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28122	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	28123	{
wolfSSL	15:117db924cf7c	28124	/* sanity check that PSK server callback has been set */
wolfSSL	15:117db924cf7c	28125	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	28126	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	15:117db924cf7c	28127	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28128	}
wolfSSL	15:117db924cf7c	28129	break;
wolfSSL	15:117db924cf7c	28130	}
wolfSSL	15:117db924cf7c	28131	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	28132	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28133	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28134	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	28135	{
wolfSSL	15:117db924cf7c	28136	/* sanity check that PSK server callback has been set */
wolfSSL	15:117db924cf7c	28137	if (ssl->options.server_psk_cb == NULL) {
wolfSSL	15:117db924cf7c	28138	WOLFSSL_MSG("No server PSK callback set");
wolfSSL	15:117db924cf7c	28139	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28140	}
wolfSSL	15:117db924cf7c	28141	break;
wolfSSL	15:117db924cf7c	28142	}
wolfSSL	16:8e0d178b1d1e	28143	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	28144	default:
wolfSSL	15:117db924cf7c	28145	WOLFSSL_MSG("Bad kea type");
wolfSSL	15:117db924cf7c	28146	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	28147	} /* switch (ssl->specs.kea) */
wolfSSL	15:117db924cf7c	28148
wolfSSL	15:117db924cf7c	28149	/* Check for error */
wolfSSL	15:117db924cf7c	28150	if (ret != 0) {
wolfSSL	15:117db924cf7c	28151	goto exit_dcke;
wolfSSL	15:117db924cf7c	28152	}
wolfSSL	15:117db924cf7c	28153
wolfSSL	15:117db924cf7c	28154	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	28155	ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL	15:117db924cf7c	28156	} /* TLS_ASYNC_BEGIN */
wolfSSL	15:117db924cf7c	28157	FALL_THROUGH;
wolfSSL	15:117db924cf7c	28158
wolfSSL	15:117db924cf7c	28159	case TLS_ASYNC_BUILD:
wolfSSL	15:117db924cf7c	28160	{
wolfSSL	15:117db924cf7c	28161	switch (ssl->specs.kea) {
wolfSSL	15:117db924cf7c	28162	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	28163	case rsa_kea:
wolfSSL	15:117db924cf7c	28164	{
wolfSSL	16:8e0d178b1d1e	28165	word16 keySz;
wolfSSL	16:8e0d178b1d1e	28166
wolfSSL	16:8e0d178b1d1e	28167	ssl->buffers.keyType = rsa_sa_algo;
wolfSSL	16:8e0d178b1d1e	28168	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	28169	if (ret != 0) {
wolfSSL	15:117db924cf7c	28170	goto exit_dcke;
wolfSSL	15:117db924cf7c	28171	}
wolfSSL	15:117db924cf7c	28172	args->length = (word32)keySz;
wolfSSL	15:117db924cf7c	28173	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	15:117db924cf7c	28174
wolfSSL	15:117db924cf7c	28175	if (ssl->options.tls) {
wolfSSL	15:117db924cf7c	28176	word16 check;
wolfSSL	15:117db924cf7c	28177
wolfSSL	15:117db924cf7c	28178	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28179	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28180	}
wolfSSL	15:117db924cf7c	28181
wolfSSL	15:117db924cf7c	28182	ato16(input + args->idx, &check);
wolfSSL	15:117db924cf7c	28183	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28184
wolfSSL	15:117db924cf7c	28185	if ((word32)check != args->length) {
wolfSSL	15:117db924cf7c	28186	WOLFSSL_MSG("RSA explicit size doesn't match");
wolfSSL	16:8e0d178b1d1e	28187	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28188	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	28189	#endif
wolfSSL	15:117db924cf7c	28190	ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28191	}
wolfSSL	15:117db924cf7c	28192	}
wolfSSL	15:117db924cf7c	28193
wolfSSL	15:117db924cf7c	28194	if ((args->idx - args->begin) + args->length > size) {
wolfSSL	15:117db924cf7c	28195	WOLFSSL_MSG("RSA message too big");
wolfSSL	15:117db924cf7c	28196	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28197	}
wolfSSL	15:117db924cf7c	28198
wolfSSL	15:117db924cf7c	28199	/* pre-load PreMasterSecret with RNG data */
wolfSSL	15:117db924cf7c	28200	ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL	15:117db924cf7c	28201	&ssl->arrays->preMasterSecret[VERSION_SZ],
wolfSSL	15:117db924cf7c	28202	SECRET_LEN - VERSION_SZ);
wolfSSL	15:117db924cf7c	28203	if (ret != 0) {
wolfSSL	15:117db924cf7c	28204	goto exit_dcke;
wolfSSL	15:117db924cf7c	28205	}
wolfSSL	15:117db924cf7c	28206
wolfSSL	15:117db924cf7c	28207	args->output = NULL;
wolfSSL	15:117db924cf7c	28208	break;
wolfSSL	15:117db924cf7c	28209	} /* rsa_kea */
wolfSSL	15:117db924cf7c	28210	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	28211	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	28212	case psk_kea:
wolfSSL	15:117db924cf7c	28213	{
wolfSSL	15:117db924cf7c	28214	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	28215	word16 ci_sz;
wolfSSL	15:117db924cf7c	28216
wolfSSL	15:117db924cf7c	28217	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28218	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28219	}
wolfSSL	15:117db924cf7c	28220
wolfSSL	15:117db924cf7c	28221	ato16(input + args->idx, &ci_sz);
wolfSSL	15:117db924cf7c	28222	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28223
wolfSSL	15:117db924cf7c	28224	if (ci_sz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	28225	ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28226	}
wolfSSL	15:117db924cf7c	28227
wolfSSL	15:117db924cf7c	28228	if ((args->idx - args->begin) + ci_sz > size) {
wolfSSL	15:117db924cf7c	28229	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28230	}
wolfSSL	15:117db924cf7c	28231
wolfSSL	15:117db924cf7c	28232	XMEMCPY(ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	28233	input + args->idx, ci_sz);
wolfSSL	15:117db924cf7c	28234	args->idx += ci_sz;
wolfSSL	15:117db924cf7c	28235
wolfSSL	15:117db924cf7c	28236	ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	28237	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	15:117db924cf7c	28238	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	15:117db924cf7c	28239	MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	28240
wolfSSL	15:117db924cf7c	28241	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	28242	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	28243	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28244	}
wolfSSL	15:117db924cf7c	28245
wolfSSL	15:117db924cf7c	28246	/* make psk pre master secret */
wolfSSL	15:117db924cf7c	28247	/* length of key + length 0s + length of key + key */
wolfSSL	15:117db924cf7c	28248	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	28249	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28250
wolfSSL	15:117db924cf7c	28251	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	28252	pms += ssl->arrays->psk_keySz;
wolfSSL	15:117db924cf7c	28253
wolfSSL	15:117db924cf7c	28254	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	28255	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28256
wolfSSL	15:117db924cf7c	28257	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	28258	ssl->arrays->preMasterSz =
wolfSSL	15:117db924cf7c	28259	(ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
wolfSSL	15:117db924cf7c	28260	break;
wolfSSL	15:117db924cf7c	28261	}
wolfSSL	15:117db924cf7c	28262	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	28263	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	28264	case ntru_kea:
wolfSSL	15:117db924cf7c	28265	{
wolfSSL	15:117db924cf7c	28266	word16 cipherLen;
wolfSSL	15:117db924cf7c	28267	word16 plainLen = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	28268
wolfSSL	15:117db924cf7c	28269	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28270	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28271	}
wolfSSL	15:117db924cf7c	28272
wolfSSL	15:117db924cf7c	28273	ato16(input + args->idx, &cipherLen);
wolfSSL	15:117db924cf7c	28274	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28275
wolfSSL	15:117db924cf7c	28276	if (cipherLen > MAX_NTRU_ENCRYPT_SZ) {
wolfSSL	15:117db924cf7c	28277	ERROR_OUT(NTRU_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28278	}
wolfSSL	15:117db924cf7c	28279
wolfSSL	15:117db924cf7c	28280	if ((args->idx - args->begin) + cipherLen > size) {
wolfSSL	15:117db924cf7c	28281	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28282	}
wolfSSL	15:117db924cf7c	28283
wolfSSL	15:117db924cf7c	28284	if (NTRU_OK != ntru_crypto_ntru_decrypt(
wolfSSL	15:117db924cf7c	28285	(word16) ssl->buffers.key->length,
wolfSSL	15:117db924cf7c	28286	ssl->buffers.key->buffer, cipherLen,
wolfSSL	15:117db924cf7c	28287	input + args->idx, &plainLen,
wolfSSL	15:117db924cf7c	28288	ssl->arrays->preMasterSecret)) {
wolfSSL	15:117db924cf7c	28289	ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28290	}
wolfSSL	15:117db924cf7c	28291
wolfSSL	15:117db924cf7c	28292	if (plainLen != SECRET_LEN) {
wolfSSL	15:117db924cf7c	28293	ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28294	}
wolfSSL	15:117db924cf7c	28295
wolfSSL	15:117db924cf7c	28296	args->idx += cipherLen;
wolfSSL	15:117db924cf7c	28297	ssl->arrays->preMasterSz = plainLen;
wolfSSL	15:117db924cf7c	28298	break;
wolfSSL	15:117db924cf7c	28299	}
wolfSSL	15:117db924cf7c	28300	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	28301	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28302	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	28303	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28304	{
wolfSSL	15:117db924cf7c	28305	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	28306	ecc_key* private_key = ssl->eccTempKey;
wolfSSL	15:117db924cf7c	28307
wolfSSL	15:117db924cf7c	28308	/* handle static private key */
wolfSSL	15:117db924cf7c	28309	if (ssl->specs.static_ecdh &&
wolfSSL	16:8e0d178b1d1e	28310	ssl->ecdhCurveOID != ECC_X25519_OID &&
wolfSSL	16:8e0d178b1d1e	28311	ssl->ecdhCurveOID != ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	28312	word16 keySz;
wolfSSL	16:8e0d178b1d1e	28313
wolfSSL	16:8e0d178b1d1e	28314	ssl->buffers.keyType = ecc_dsa_sa_algo;
wolfSSL	16:8e0d178b1d1e	28315	ret = DecodePrivateKey(ssl, &keySz);
wolfSSL	15:117db924cf7c	28316	if (ret != 0) {
wolfSSL	15:117db924cf7c	28317	goto exit_dcke;
wolfSSL	15:117db924cf7c	28318	}
wolfSSL	16:8e0d178b1d1e	28319	private_key = (ecc_key*)ssl->hsKey;
wolfSSL	15:117db924cf7c	28320	}
wolfSSL	15:117db924cf7c	28321	#endif
wolfSSL	15:117db924cf7c	28322
wolfSSL	15:117db924cf7c	28323	/* import peer ECC key */
wolfSSL	15:117db924cf7c	28324	if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL	16:8e0d178b1d1e	28325	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28326	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28327	#endif
wolfSSL	15:117db924cf7c	28328	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28329	}
wolfSSL	15:117db924cf7c	28330
wolfSSL	15:117db924cf7c	28331	args->length = input[args->idx++];
wolfSSL	15:117db924cf7c	28332
wolfSSL	15:117db924cf7c	28333	if ((args->idx - args->begin) + args->length > size) {
wolfSSL	16:8e0d178b1d1e	28334	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28335	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28336	#endif
wolfSSL	15:117db924cf7c	28337	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28338	}
wolfSSL	15:117db924cf7c	28339
wolfSSL	15:117db924cf7c	28340	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	28341	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	28342	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	28343	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	28344	if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	28345	break;
wolfSSL	15:117db924cf7c	28346	}
wolfSSL	15:117db924cf7c	28347	#endif
wolfSSL	15:117db924cf7c	28348	if (ssl->peerX25519Key == NULL) {
wolfSSL	15:117db924cf7c	28349	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	28350	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	28351	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	28352	if (ret != 0) {
wolfSSL	15:117db924cf7c	28353	goto exit_dcke;
wolfSSL	15:117db924cf7c	28354	}
wolfSSL	15:117db924cf7c	28355	} else if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	28356	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	28357	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	28358	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	28359	if (ret != 0) {
wolfSSL	15:117db924cf7c	28360	goto exit_dcke;
wolfSSL	15:117db924cf7c	28361	}
wolfSSL	15:117db924cf7c	28362	}
wolfSSL	15:117db924cf7c	28363
wolfSSL	16:8e0d178b1d1e	28364	if ((ret = wc_curve25519_check_public(
wolfSSL	16:8e0d178b1d1e	28365	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28366	EC25519_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	28367	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28368	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	28369	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28370	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	28371	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	28372	else {
wolfSSL	16:8e0d178b1d1e	28373	SendAlert(ssl, alert_fatal,
wolfSSL	16:8e0d178b1d1e	28374	illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28375	}
wolfSSL	16:8e0d178b1d1e	28376	#endif
wolfSSL	16:8e0d178b1d1e	28377	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28378	}
wolfSSL	16:8e0d178b1d1e	28379
wolfSSL	15:117db924cf7c	28380	if (wc_curve25519_import_public_ex(
wolfSSL	15:117db924cf7c	28381	input + args->idx, args->length,
wolfSSL	15:117db924cf7c	28382	ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	28383	EC25519_LITTLE_ENDIAN)) {
wolfSSL	16:8e0d178b1d1e	28384	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28385	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28386	#endif
wolfSSL	15:117db924cf7c	28387	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28388	}
wolfSSL	15:117db924cf7c	28389
wolfSSL	16:8e0d178b1d1e	28390	ssl->arrays->preMasterSz = CURVE25519_KEYSIZE;
wolfSSL	16:8e0d178b1d1e	28391
wolfSSL	15:117db924cf7c	28392	ssl->peerX25519KeyPresent = 1;
wolfSSL	15:117db924cf7c	28393
wolfSSL	16:8e0d178b1d1e	28394	break;
wolfSSL	16:8e0d178b1d1e	28395	}
wolfSSL	16:8e0d178b1d1e	28396	#endif
wolfSSL	16:8e0d178b1d1e	28397	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	28398	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	28399	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	28400	/* if callback then use it for shared secret */
wolfSSL	16:8e0d178b1d1e	28401	if (ssl->ctx->X448SharedSecretCb != NULL) {
wolfSSL	16:8e0d178b1d1e	28402	break;
wolfSSL	16:8e0d178b1d1e	28403	}
wolfSSL	16:8e0d178b1d1e	28404	#endif
wolfSSL	16:8e0d178b1d1e	28405	if (ssl->peerX448Key == NULL) {
wolfSSL	16:8e0d178b1d1e	28406	/* alloc/init on demand */
wolfSSL	16:8e0d178b1d1e	28407	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	28408	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	28409	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	28410	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28411	}
wolfSSL	16:8e0d178b1d1e	28412	} else if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	28413	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	28414	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	28415	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	28416	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	28417	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28418	}
wolfSSL	16:8e0d178b1d1e	28419	}
wolfSSL	16:8e0d178b1d1e	28420
wolfSSL	16:8e0d178b1d1e	28421	if ((ret = wc_curve448_check_public(
wolfSSL	16:8e0d178b1d1e	28422	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28423	EC448_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	28424	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28425	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	28426	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28427	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	28428	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	28429	else {
wolfSSL	16:8e0d178b1d1e	28430	SendAlert(ssl, alert_fatal,
wolfSSL	16:8e0d178b1d1e	28431	illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28432	}
wolfSSL	16:8e0d178b1d1e	28433	#endif
wolfSSL	16:8e0d178b1d1e	28434	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28435	}
wolfSSL	16:8e0d178b1d1e	28436
wolfSSL	16:8e0d178b1d1e	28437	if (wc_curve448_import_public_ex(
wolfSSL	16:8e0d178b1d1e	28438	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28439	ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	28440	EC448_LITTLE_ENDIAN)) {
wolfSSL	16:8e0d178b1d1e	28441	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28442	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28443	#endif
wolfSSL	16:8e0d178b1d1e	28444	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28445	}
wolfSSL	16:8e0d178b1d1e	28446
wolfSSL	16:8e0d178b1d1e	28447	ssl->arrays->preMasterSz = CURVE448_KEY_SIZE;
wolfSSL	16:8e0d178b1d1e	28448
wolfSSL	16:8e0d178b1d1e	28449	ssl->peerX448KeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	28450
wolfSSL	15:117db924cf7c	28451	break;
wolfSSL	15:117db924cf7c	28452	}
wolfSSL	15:117db924cf7c	28453	#endif
wolfSSL	15:117db924cf7c	28454	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	28455	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	28456	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	28457	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	28458	break;
wolfSSL	15:117db924cf7c	28459	}
wolfSSL	15:117db924cf7c	28460	#endif
wolfSSL	15:117db924cf7c	28461
wolfSSL	15:117db924cf7c	28462	if (!ssl->specs.static_ecdh &&
wolfSSL	15:117db924cf7c	28463	ssl->eccTempKeyPresent == 0) {
wolfSSL	15:117db924cf7c	28464	WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL	15:117db924cf7c	28465	ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28466	}
wolfSSL	15:117db924cf7c	28467
wolfSSL	15:117db924cf7c	28468	if (ssl->peerEccKey == NULL) {
wolfSSL	15:117db924cf7c	28469	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	28470	ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	28471	(void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	28472	if (ret != 0) {
wolfSSL	15:117db924cf7c	28473	goto exit_dcke;
wolfSSL	15:117db924cf7c	28474	}
wolfSSL	15:117db924cf7c	28475	} else if (ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	28476	ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	28477	ssl->peerEccKey);
wolfSSL	15:117db924cf7c	28478	ssl->peerEccKeyPresent = 0;
wolfSSL	15:117db924cf7c	28479	if (ret != 0) {
wolfSSL	15:117db924cf7c	28480	goto exit_dcke;
wolfSSL	15:117db924cf7c	28481	}
wolfSSL	15:117db924cf7c	28482	}
wolfSSL	15:117db924cf7c	28483
wolfSSL	16:8e0d178b1d1e	28484	if (wc_ecc_import_x963_ex(input + args->idx,
wolfSSL	16:8e0d178b1d1e	28485	args->length, ssl->peerEccKey,
wolfSSL	16:8e0d178b1d1e	28486	private_key->dp->id)) {
wolfSSL	16:8e0d178b1d1e	28487	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28488	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28489	#endif
wolfSSL	15:117db924cf7c	28490	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28491	}
wolfSSL	15:117db924cf7c	28492
wolfSSL	16:8e0d178b1d1e	28493	ssl->arrays->preMasterSz = private_key->dp->size;
wolfSSL	16:8e0d178b1d1e	28494
wolfSSL	15:117db924cf7c	28495	ssl->peerEccKeyPresent = 1;
wolfSSL	15:117db924cf7c	28496	#endif /* HAVE_ECC */
wolfSSL	15:117db924cf7c	28497
wolfSSL	16:8e0d178b1d1e	28498	break;
wolfSSL	16:8e0d178b1d1e	28499	}
wolfSSL	16:8e0d178b1d1e	28500	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	28501	#ifndef NO_DH
wolfSSL	15:117db924cf7c	28502	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28503	{
wolfSSL	15:117db924cf7c	28504	word16 clientPubSz;
wolfSSL	15:117db924cf7c	28505
wolfSSL	15:117db924cf7c	28506	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28507	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28508	}
wolfSSL	15:117db924cf7c	28509
wolfSSL	15:117db924cf7c	28510	ato16(input + args->idx, &clientPubSz);
wolfSSL	15:117db924cf7c	28511	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28512
wolfSSL	15:117db924cf7c	28513	if ((args->idx - args->begin) + clientPubSz > size) {
wolfSSL	16:8e0d178b1d1e	28514	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28515	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28516	#endif
wolfSSL	15:117db924cf7c	28517	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28518	}
wolfSSL	15:117db924cf7c	28519
wolfSSL	15:117db924cf7c	28520	args->sigSz = clientPubSz;
wolfSSL	15:117db924cf7c	28521
wolfSSL	15:117db924cf7c	28522	ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL	15:117db924cf7c	28523	(void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	28524	if (ret != 0) {
wolfSSL	15:117db924cf7c	28525	goto exit_dcke;
wolfSSL	15:117db924cf7c	28526	}
wolfSSL	15:117db924cf7c	28527
wolfSSL	15:117db924cf7c	28528	ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	28529	ssl->buffers.serverDH_P.buffer,
wolfSSL	15:117db924cf7c	28530	ssl->buffers.serverDH_P.length,
wolfSSL	15:117db924cf7c	28531	ssl->buffers.serverDH_G.buffer,
wolfSSL	15:117db924cf7c	28532	ssl->buffers.serverDH_G.length);
wolfSSL	15:117db924cf7c	28533
wolfSSL	15:117db924cf7c	28534	/* set the max agree result size */
wolfSSL	15:117db924cf7c	28535	ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL	15:117db924cf7c	28536	break;
wolfSSL	15:117db924cf7c	28537	}
wolfSSL	15:117db924cf7c	28538	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	28539	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28540	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	28541	{
wolfSSL	15:117db924cf7c	28542	word16 clientSz;
wolfSSL	15:117db924cf7c	28543
wolfSSL	15:117db924cf7c	28544	/* Read in the PSK hint */
wolfSSL	15:117db924cf7c	28545	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28546	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28547	}
wolfSSL	15:117db924cf7c	28548
wolfSSL	15:117db924cf7c	28549	ato16(input + args->idx, &clientSz);
wolfSSL	15:117db924cf7c	28550	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28551	if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	28552	ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28553	}
wolfSSL	15:117db924cf7c	28554
wolfSSL	15:117db924cf7c	28555	if ((args->idx - args->begin) + clientSz > size) {
wolfSSL	15:117db924cf7c	28556	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28557	}
wolfSSL	15:117db924cf7c	28558
wolfSSL	15:117db924cf7c	28559	XMEMCPY(ssl->arrays->client_identity, input + args->idx,
wolfSSL	15:117db924cf7c	28560	clientSz);
wolfSSL	15:117db924cf7c	28561	args->idx += clientSz;
wolfSSL	15:117db924cf7c	28562	ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	28563
wolfSSL	15:117db924cf7c	28564	/* Read in the DHE business */
wolfSSL	15:117db924cf7c	28565	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28566	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28567	}
wolfSSL	15:117db924cf7c	28568
wolfSSL	15:117db924cf7c	28569	ato16(input + args->idx, &clientSz);
wolfSSL	15:117db924cf7c	28570	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28571
wolfSSL	15:117db924cf7c	28572	if ((args->idx - args->begin) + clientSz > size) {
wolfSSL	15:117db924cf7c	28573	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28574	}
wolfSSL	15:117db924cf7c	28575
wolfSSL	15:117db924cf7c	28576	args->sigSz = clientSz;
wolfSSL	15:117db924cf7c	28577
wolfSSL	15:117db924cf7c	28578	ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL	15:117db924cf7c	28579	(void**)&ssl->buffers.serverDH_Key);
wolfSSL	15:117db924cf7c	28580	if (ret != 0) {
wolfSSL	15:117db924cf7c	28581	goto exit_dcke;
wolfSSL	15:117db924cf7c	28582	}
wolfSSL	15:117db924cf7c	28583
wolfSSL	15:117db924cf7c	28584	ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	28585	ssl->buffers.serverDH_P.buffer,
wolfSSL	15:117db924cf7c	28586	ssl->buffers.serverDH_P.length,
wolfSSL	15:117db924cf7c	28587	ssl->buffers.serverDH_G.buffer,
wolfSSL	15:117db924cf7c	28588	ssl->buffers.serverDH_G.length);
wolfSSL	15:117db924cf7c	28589
wolfSSL	15:117db924cf7c	28590	break;
wolfSSL	15:117db924cf7c	28591	}
wolfSSL	15:117db924cf7c	28592	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	28593	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28594	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28595	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	28596	{
wolfSSL	15:117db924cf7c	28597	word16 clientSz;
wolfSSL	15:117db924cf7c	28598
wolfSSL	15:117db924cf7c	28599	/* Read in the PSK hint */
wolfSSL	15:117db924cf7c	28600	if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL	15:117db924cf7c	28601	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28602	}
wolfSSL	15:117db924cf7c	28603
wolfSSL	15:117db924cf7c	28604	ato16(input + args->idx, &clientSz);
wolfSSL	15:117db924cf7c	28605	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28606	if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL	15:117db924cf7c	28607	ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28608	}
wolfSSL	15:117db924cf7c	28609	if ((args->idx - args->begin) + clientSz > size) {
wolfSSL	15:117db924cf7c	28610	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28611	}
wolfSSL	15:117db924cf7c	28612
wolfSSL	15:117db924cf7c	28613	XMEMCPY(ssl->arrays->client_identity,
wolfSSL	15:117db924cf7c	28614	input + args->idx, clientSz);
wolfSSL	15:117db924cf7c	28615	args->idx += clientSz;
wolfSSL	15:117db924cf7c	28616	ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL	15:117db924cf7c	28617
wolfSSL	15:117db924cf7c	28618	/* import peer ECC key */
wolfSSL	15:117db924cf7c	28619	if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL	15:117db924cf7c	28620	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28621	}
wolfSSL	15:117db924cf7c	28622
wolfSSL	15:117db924cf7c	28623	args->length = input[args->idx++];
wolfSSL	15:117db924cf7c	28624
wolfSSL	15:117db924cf7c	28625	if ((args->idx - args->begin) + args->length > size) {
wolfSSL	15:117db924cf7c	28626	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28627	}
wolfSSL	15:117db924cf7c	28628
wolfSSL	15:117db924cf7c	28629	args->sigSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	28630
wolfSSL	15:117db924cf7c	28631	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	28632	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	28633	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	28634	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	28635	if (ssl->ctx->X25519SharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	28636	break;
wolfSSL	15:117db924cf7c	28637	}
wolfSSL	15:117db924cf7c	28638	#endif
wolfSSL	15:117db924cf7c	28639
wolfSSL	15:117db924cf7c	28640	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	15:117db924cf7c	28641	WOLFSSL_MSG(
wolfSSL	15:117db924cf7c	28642	"X25519 ephemeral key not made correctly");
wolfSSL	15:117db924cf7c	28643	ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28644	}
wolfSSL	15:117db924cf7c	28645
wolfSSL	15:117db924cf7c	28646	if (ssl->peerX25519Key == NULL) {
wolfSSL	15:117db924cf7c	28647	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	28648	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	28649	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	28650	if (ret != 0) {
wolfSSL	15:117db924cf7c	28651	goto exit_dcke;
wolfSSL	15:117db924cf7c	28652	}
wolfSSL	15:117db924cf7c	28653	} else if (ssl->peerX25519KeyPresent) {
wolfSSL	15:117db924cf7c	28654	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	28655	ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	28656	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	28657	if (ret != 0) {
wolfSSL	15:117db924cf7c	28658	goto exit_dcke;
wolfSSL	15:117db924cf7c	28659	}
wolfSSL	15:117db924cf7c	28660	}
wolfSSL	15:117db924cf7c	28661
wolfSSL	16:8e0d178b1d1e	28662	if ((ret = wc_curve25519_check_public(
wolfSSL	16:8e0d178b1d1e	28663	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28664	EC25519_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	28665	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28666	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	28667	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28668	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	28669	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	28670	else {
wolfSSL	16:8e0d178b1d1e	28671	SendAlert(ssl, alert_fatal,
wolfSSL	16:8e0d178b1d1e	28672	illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28673	}
wolfSSL	16:8e0d178b1d1e	28674	#endif
wolfSSL	16:8e0d178b1d1e	28675	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28676	}
wolfSSL	16:8e0d178b1d1e	28677
wolfSSL	15:117db924cf7c	28678	if (wc_curve25519_import_public_ex(
wolfSSL	15:117db924cf7c	28679	input + args->idx, args->length,
wolfSSL	15:117db924cf7c	28680	ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	28681	EC25519_LITTLE_ENDIAN)) {
wolfSSL	15:117db924cf7c	28682	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28683	}
wolfSSL	15:117db924cf7c	28684
wolfSSL	15:117db924cf7c	28685	ssl->peerX25519KeyPresent = 1;
wolfSSL	15:117db924cf7c	28686
wolfSSL	15:117db924cf7c	28687	break;
wolfSSL	15:117db924cf7c	28688	}
wolfSSL	15:117db924cf7c	28689	#endif
wolfSSL	16:8e0d178b1d1e	28690	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	28691	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	28692	#ifdef HAVE_PK_CALLBACKS
wolfSSL	16:8e0d178b1d1e	28693	/* if callback then use it for shared secret */
wolfSSL	16:8e0d178b1d1e	28694	if (ssl->ctx->X448SharedSecretCb != NULL) {
wolfSSL	16:8e0d178b1d1e	28695	break;
wolfSSL	16:8e0d178b1d1e	28696	}
wolfSSL	16:8e0d178b1d1e	28697	#endif
wolfSSL	16:8e0d178b1d1e	28698
wolfSSL	16:8e0d178b1d1e	28699	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	16:8e0d178b1d1e	28700	WOLFSSL_MSG(
wolfSSL	16:8e0d178b1d1e	28701	"X448 ephemeral key not made correctly");
wolfSSL	16:8e0d178b1d1e	28702	ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28703	}
wolfSSL	16:8e0d178b1d1e	28704
wolfSSL	16:8e0d178b1d1e	28705	if (ssl->peerX448Key == NULL) {
wolfSSL	16:8e0d178b1d1e	28706	/* alloc/init on demand */
wolfSSL	16:8e0d178b1d1e	28707	ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	28708	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	28709	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	28710	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28711	}
wolfSSL	16:8e0d178b1d1e	28712	} else if (ssl->peerX448KeyPresent) {
wolfSSL	16:8e0d178b1d1e	28713	ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	28714	ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	28715	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	28716	if (ret != 0) {
wolfSSL	16:8e0d178b1d1e	28717	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28718	}
wolfSSL	16:8e0d178b1d1e	28719	}
wolfSSL	16:8e0d178b1d1e	28720
wolfSSL	16:8e0d178b1d1e	28721	if ((ret = wc_curve448_check_public(
wolfSSL	16:8e0d178b1d1e	28722	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28723	EC448_LITTLE_ENDIAN)) != 0) {
wolfSSL	16:8e0d178b1d1e	28724	#ifdef WOLFSSL_EXTRA_ALERTS
wolfSSL	16:8e0d178b1d1e	28725	if (ret == BUFFER_E)
wolfSSL	16:8e0d178b1d1e	28726	SendAlert(ssl, alert_fatal, decode_error);
wolfSSL	16:8e0d178b1d1e	28727	else if (ret == ECC_OUT_OF_RANGE_E)
wolfSSL	16:8e0d178b1d1e	28728	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	16:8e0d178b1d1e	28729	else {
wolfSSL	16:8e0d178b1d1e	28730	SendAlert(ssl, alert_fatal,
wolfSSL	16:8e0d178b1d1e	28731	illegal_parameter);
wolfSSL	16:8e0d178b1d1e	28732	}
wolfSSL	16:8e0d178b1d1e	28733	#endif
wolfSSL	16:8e0d178b1d1e	28734	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28735	}
wolfSSL	16:8e0d178b1d1e	28736
wolfSSL	16:8e0d178b1d1e	28737	if (wc_curve448_import_public_ex(
wolfSSL	16:8e0d178b1d1e	28738	input + args->idx, args->length,
wolfSSL	16:8e0d178b1d1e	28739	ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	28740	EC448_LITTLE_ENDIAN)) {
wolfSSL	16:8e0d178b1d1e	28741	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	16:8e0d178b1d1e	28742	}
wolfSSL	16:8e0d178b1d1e	28743
wolfSSL	16:8e0d178b1d1e	28744	ssl->peerX448KeyPresent = 1;
wolfSSL	16:8e0d178b1d1e	28745
wolfSSL	16:8e0d178b1d1e	28746	break;
wolfSSL	16:8e0d178b1d1e	28747	}
wolfSSL	16:8e0d178b1d1e	28748	#endif
wolfSSL	15:117db924cf7c	28749	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	28750	/* if callback then use it for shared secret */
wolfSSL	15:117db924cf7c	28751	if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL	15:117db924cf7c	28752	break;
wolfSSL	15:117db924cf7c	28753	}
wolfSSL	15:117db924cf7c	28754	#endif
wolfSSL	15:117db924cf7c	28755
wolfSSL	15:117db924cf7c	28756	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	15:117db924cf7c	28757	WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL	15:117db924cf7c	28758	ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28759	}
wolfSSL	15:117db924cf7c	28760
wolfSSL	15:117db924cf7c	28761	if (ssl->peerEccKey == NULL) {
wolfSSL	15:117db924cf7c	28762	/* alloc/init on demand */
wolfSSL	15:117db924cf7c	28763	ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	28764	(void**)&ssl->peerEccKey);
wolfSSL	15:117db924cf7c	28765	if (ret != 0) {
wolfSSL	15:117db924cf7c	28766	goto exit_dcke;
wolfSSL	15:117db924cf7c	28767	}
wolfSSL	15:117db924cf7c	28768	}
wolfSSL	15:117db924cf7c	28769	else if (ssl->peerEccKeyPresent) {
wolfSSL	15:117db924cf7c	28770	ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	15:117db924cf7c	28771	ssl->peerEccKey);
wolfSSL	15:117db924cf7c	28772	ssl->peerEccKeyPresent = 0;
wolfSSL	15:117db924cf7c	28773	if (ret != 0) {
wolfSSL	15:117db924cf7c	28774	goto exit_dcke;
wolfSSL	15:117db924cf7c	28775	}
wolfSSL	15:117db924cf7c	28776	}
wolfSSL	16:8e0d178b1d1e	28777	if (wc_ecc_import_x963_ex(input + args->idx,
wolfSSL	16:8e0d178b1d1e	28778	args->length, ssl->peerEccKey,
wolfSSL	16:8e0d178b1d1e	28779	ssl->eccTempKey->dp->id)) {
wolfSSL	15:117db924cf7c	28780	ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	28781	}
wolfSSL	15:117db924cf7c	28782
wolfSSL	15:117db924cf7c	28783	ssl->peerEccKeyPresent = 1;
wolfSSL	15:117db924cf7c	28784	break;
wolfSSL	15:117db924cf7c	28785	}
wolfSSL	16:8e0d178b1d1e	28786	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	28787	default:
wolfSSL	15:117db924cf7c	28788	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	28789	} /* switch (ssl->specs.kea) */
wolfSSL	15:117db924cf7c	28790
wolfSSL	15:117db924cf7c	28791	/* Check for error */
wolfSSL	15:117db924cf7c	28792	if (ret != 0) {
wolfSSL	15:117db924cf7c	28793	goto exit_dcke;
wolfSSL	15:117db924cf7c	28794	}
wolfSSL	15:117db924cf7c	28795
wolfSSL	15:117db924cf7c	28796	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	28797	ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL	15:117db924cf7c	28798	} /* TLS_ASYNC_BUILD */
wolfSSL	15:117db924cf7c	28799	FALL_THROUGH;
wolfSSL	15:117db924cf7c	28800
wolfSSL	15:117db924cf7c	28801	case TLS_ASYNC_DO:
wolfSSL	15:117db924cf7c	28802	{
wolfSSL	15:117db924cf7c	28803	switch (ssl->specs.kea) {
wolfSSL	15:117db924cf7c	28804	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	28805	case rsa_kea:
wolfSSL	15:117db924cf7c	28806	{
wolfSSL	15:117db924cf7c	28807	RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL	15:117db924cf7c	28808
wolfSSL	15:117db924cf7c	28809	ret = RsaDec(ssl,
wolfSSL	15:117db924cf7c	28810	input + args->idx,
wolfSSL	15:117db924cf7c	28811	args->length,
wolfSSL	15:117db924cf7c	28812	&args->output,
wolfSSL	15:117db924cf7c	28813	&args->sigSz,
wolfSSL	15:117db924cf7c	28814	key,
wolfSSL	15:117db924cf7c	28815	#ifdef HAVE_PK_CALLBACKS
wolfSSL	15:117db924cf7c	28816	ssl->buffers.key
wolfSSL	15:117db924cf7c	28817	#else
wolfSSL	15:117db924cf7c	28818	NULL
wolfSSL	15:117db924cf7c	28819	#endif
wolfSSL	15:117db924cf7c	28820	);
wolfSSL	15:117db924cf7c	28821
wolfSSL	15:117db924cf7c	28822	/* Errors that can occur here that should be
wolfSSL	15:117db924cf7c	28823	* indistinguishable:
wolfSSL	15:117db924cf7c	28824	* RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR
wolfSSL	15:117db924cf7c	28825	*/
wolfSSL	16:8e0d178b1d1e	28826	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	28827	if (ret == WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	28828	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28829	#endif
wolfSSL	16:8e0d178b1d1e	28830	if (ret == BAD_FUNC_ARG)
wolfSSL	16:8e0d178b1d1e	28831	goto exit_dcke;
wolfSSL	16:8e0d178b1d1e	28832
wolfSSL	16:8e0d178b1d1e	28833	args->lastErr = ret - (SECRET_LEN - args->sigSz);
wolfSSL	16:8e0d178b1d1e	28834	ret = 0;
wolfSSL	15:117db924cf7c	28835	break;
wolfSSL	15:117db924cf7c	28836	} /* rsa_kea */
wolfSSL	15:117db924cf7c	28837	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	28838	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	28839	case psk_kea:
wolfSSL	15:117db924cf7c	28840	{
wolfSSL	15:117db924cf7c	28841	break;
wolfSSL	15:117db924cf7c	28842	}
wolfSSL	15:117db924cf7c	28843	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	28844	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	28845	case ntru_kea:
wolfSSL	15:117db924cf7c	28846	{
wolfSSL	15:117db924cf7c	28847	break;
wolfSSL	15:117db924cf7c	28848	}
wolfSSL	15:117db924cf7c	28849	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	28850	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28851	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	28852	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28853	{
wolfSSL	15:117db924cf7c	28854	void* private_key = ssl->eccTempKey;
wolfSSL	15:117db924cf7c	28855	(void)private_key;
wolfSSL	15:117db924cf7c	28856
wolfSSL	15:117db924cf7c	28857	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	28858	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	28859	ret = X25519SharedSecret(ssl,
wolfSSL	15:117db924cf7c	28860	(curve25519_key*)private_key,
wolfSSL	15:117db924cf7c	28861	ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	28862	input + args->idx, &args->length,
wolfSSL	15:117db924cf7c	28863	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	28864	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	28865	WOLFSSL_SERVER_END
wolfSSL	15:117db924cf7c	28866	);
wolfSSL	15:117db924cf7c	28867	break;
wolfSSL	15:117db924cf7c	28868	}
wolfSSL	15:117db924cf7c	28869	#endif
wolfSSL	16:8e0d178b1d1e	28870	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	28871	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	28872	ret = X448SharedSecret(ssl,
wolfSSL	16:8e0d178b1d1e	28873	(curve448_key*)private_key,
wolfSSL	16:8e0d178b1d1e	28874	ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	28875	input + args->idx, &args->length,
wolfSSL	16:8e0d178b1d1e	28876	ssl->arrays->preMasterSecret,
wolfSSL	16:8e0d178b1d1e	28877	&ssl->arrays->preMasterSz,
wolfSSL	16:8e0d178b1d1e	28878	WOLFSSL_SERVER_END
wolfSSL	16:8e0d178b1d1e	28879	);
wolfSSL	16:8e0d178b1d1e	28880	break;
wolfSSL	16:8e0d178b1d1e	28881	}
wolfSSL	16:8e0d178b1d1e	28882	#endif
wolfSSL	15:117db924cf7c	28883	#ifdef HAVE_ECC
wolfSSL	15:117db924cf7c	28884	if (ssl->specs.static_ecdh) {
wolfSSL	15:117db924cf7c	28885	private_key = ssl->hsKey;
wolfSSL	15:117db924cf7c	28886	}
wolfSSL	15:117db924cf7c	28887
wolfSSL	15:117db924cf7c	28888	/* Generate shared secret */
wolfSSL	15:117db924cf7c	28889	ret = EccSharedSecret(ssl,
wolfSSL	15:117db924cf7c	28890	(ecc_key*)private_key, ssl->peerEccKey,
wolfSSL	15:117db924cf7c	28891	input + args->idx, &args->length,
wolfSSL	15:117db924cf7c	28892	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	28893	&ssl->arrays->preMasterSz,
wolfSSL	15:117db924cf7c	28894	WOLFSSL_SERVER_END
wolfSSL	15:117db924cf7c	28895	);
wolfSSL	16:8e0d178b1d1e	28896	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	28897	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	28898	#endif
wolfSSL	16:8e0d178b1d1e	28899	{
wolfSSL	16:8e0d178b1d1e	28900	FreeKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	16:8e0d178b1d1e	28901	(void**)&ssl->peerEccKey);
wolfSSL	16:8e0d178b1d1e	28902	ssl->peerEccKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	28903	}
wolfSSL	16:8e0d178b1d1e	28904	#endif
wolfSSL	16:8e0d178b1d1e	28905	break;
wolfSSL	16:8e0d178b1d1e	28906	}
wolfSSL	16:8e0d178b1d1e	28907	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	28908	#ifndef NO_DH
wolfSSL	15:117db924cf7c	28909	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	28910	{
wolfSSL	15:117db924cf7c	28911	ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	28912	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	15:117db924cf7c	28913	ssl->buffers.serverDH_Priv.length,
wolfSSL	15:117db924cf7c	28914	input + args->idx,
wolfSSL	15:117db924cf7c	28915	(word16)args->sigSz,
wolfSSL	15:117db924cf7c	28916	ssl->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	28917	&ssl->arrays->preMasterSz);
wolfSSL	15:117db924cf7c	28918	break;
wolfSSL	15:117db924cf7c	28919	}
wolfSSL	15:117db924cf7c	28920	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	28921	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28922	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	28923	{
wolfSSL	15:117db924cf7c	28924	ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL	15:117db924cf7c	28925	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	15:117db924cf7c	28926	ssl->buffers.serverDH_Priv.length,
wolfSSL	15:117db924cf7c	28927	input + args->idx,
wolfSSL	15:117db924cf7c	28928	(word16)args->sigSz,
wolfSSL	15:117db924cf7c	28929	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	28930	&ssl->arrays->preMasterSz);
wolfSSL	15:117db924cf7c	28931	break;
wolfSSL	15:117db924cf7c	28932	}
wolfSSL	15:117db924cf7c	28933	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	28934	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	28935	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	28936	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	28937	{
wolfSSL	15:117db924cf7c	28938	#ifdef HAVE_CURVE25519
wolfSSL	15:117db924cf7c	28939	if (ssl->ecdhCurveOID == ECC_X25519_OID) {
wolfSSL	15:117db924cf7c	28940	ret = X25519SharedSecret(ssl,
wolfSSL	15:117db924cf7c	28941	(curve25519_key*)ssl->eccTempKey,
wolfSSL	15:117db924cf7c	28942	ssl->peerX25519Key,
wolfSSL	15:117db924cf7c	28943	input + args->idx, &args->length,
wolfSSL	15:117db924cf7c	28944	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	28945	&args->sigSz,
wolfSSL	15:117db924cf7c	28946	WOLFSSL_SERVER_END
wolfSSL	15:117db924cf7c	28947	);
wolfSSL	16:8e0d178b1d1e	28948	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	28949	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	28950	#endif
wolfSSL	16:8e0d178b1d1e	28951	{
wolfSSL	15:117db924cf7c	28952	FreeKey(ssl, DYNAMIC_TYPE_CURVE25519,
wolfSSL	15:117db924cf7c	28953	(void**)&ssl->peerX25519Key);
wolfSSL	15:117db924cf7c	28954	ssl->peerX25519KeyPresent = 0;
wolfSSL	15:117db924cf7c	28955	}
wolfSSL	15:117db924cf7c	28956	break;
wolfSSL	15:117db924cf7c	28957	}
wolfSSL	15:117db924cf7c	28958	#endif
wolfSSL	16:8e0d178b1d1e	28959	#ifdef HAVE_CURVE448
wolfSSL	16:8e0d178b1d1e	28960	if (ssl->ecdhCurveOID == ECC_X448_OID) {
wolfSSL	16:8e0d178b1d1e	28961	ret = X448SharedSecret(ssl,
wolfSSL	16:8e0d178b1d1e	28962	(curve448_key*)ssl->eccTempKey,
wolfSSL	16:8e0d178b1d1e	28963	ssl->peerX448Key,
wolfSSL	16:8e0d178b1d1e	28964	input + args->idx, &args->length,
wolfSSL	16:8e0d178b1d1e	28965	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	16:8e0d178b1d1e	28966	&args->sigSz,
wolfSSL	16:8e0d178b1d1e	28967	WOLFSSL_SERVER_END
wolfSSL	16:8e0d178b1d1e	28968	);
wolfSSL	16:8e0d178b1d1e	28969	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	28970	if (ret != WC_PENDING_E)
wolfSSL	16:8e0d178b1d1e	28971	#endif
wolfSSL	16:8e0d178b1d1e	28972	{
wolfSSL	16:8e0d178b1d1e	28973	FreeKey(ssl, DYNAMIC_TYPE_CURVE448,
wolfSSL	16:8e0d178b1d1e	28974	(void**)&ssl->peerX448Key);
wolfSSL	16:8e0d178b1d1e	28975	ssl->peerX448KeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	28976	}
wolfSSL	16:8e0d178b1d1e	28977	break;
wolfSSL	16:8e0d178b1d1e	28978	}
wolfSSL	16:8e0d178b1d1e	28979	#endif
wolfSSL	15:117db924cf7c	28980	/* Generate shared secret */
wolfSSL	15:117db924cf7c	28981	ret = EccSharedSecret(ssl,
wolfSSL	15:117db924cf7c	28982	ssl->eccTempKey, ssl->peerEccKey,
wolfSSL	15:117db924cf7c	28983	input + args->idx, &args->length,
wolfSSL	15:117db924cf7c	28984	ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL	15:117db924cf7c	28985	&args->sigSz,
wolfSSL	15:117db924cf7c	28986	WOLFSSL_SERVER_END
wolfSSL	15:117db924cf7c	28987	);
wolfSSL	16:8e0d178b1d1e	28988	if (!ssl->specs.static_ecdh
wolfSSL	16:8e0d178b1d1e	28989	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	16:8e0d178b1d1e	28990	&& ret != WC_PENDING_E
wolfSSL	16:8e0d178b1d1e	28991	#endif
wolfSSL	16:8e0d178b1d1e	28992	) {
wolfSSL	16:8e0d178b1d1e	28993	FreeKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL	16:8e0d178b1d1e	28994	(void**)&ssl->peerEccKey);
wolfSSL	16:8e0d178b1d1e	28995	ssl->peerEccKeyPresent = 0;
wolfSSL	16:8e0d178b1d1e	28996	}
wolfSSL	16:8e0d178b1d1e	28997	break;
wolfSSL	16:8e0d178b1d1e	28998	}
wolfSSL	16:8e0d178b1d1e	28999	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	29000	default:
wolfSSL	15:117db924cf7c	29001	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	29002	} /* switch (ssl->specs.kea) */
wolfSSL	15:117db924cf7c	29003
wolfSSL	15:117db924cf7c	29004	/* Check for error */
wolfSSL	15:117db924cf7c	29005	if (ret != 0) {
wolfSSL	15:117db924cf7c	29006	goto exit_dcke;
wolfSSL	15:117db924cf7c	29007	}
wolfSSL	15:117db924cf7c	29008
wolfSSL	15:117db924cf7c	29009	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	29010	ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL	15:117db924cf7c	29011	} /* TLS_ASYNC_DO */
wolfSSL	15:117db924cf7c	29012	FALL_THROUGH;
wolfSSL	15:117db924cf7c	29013
wolfSSL	15:117db924cf7c	29014	case TLS_ASYNC_VERIFY:
wolfSSL	15:117db924cf7c	29015	{
wolfSSL	15:117db924cf7c	29016	switch (ssl->specs.kea) {
wolfSSL	15:117db924cf7c	29017	#ifndef NO_RSA
wolfSSL	15:117db924cf7c	29018	case rsa_kea:
wolfSSL	15:117db924cf7c	29019	{
wolfSSL	16:8e0d178b1d1e	29020	byte mask;
wolfSSL	16:8e0d178b1d1e	29021	int i;
wolfSSL	16:8e0d178b1d1e	29022
wolfSSL	15:117db924cf7c	29023	/* Add the signature length to idx */
wolfSSL	15:117db924cf7c	29024	args->idx += args->length;
wolfSSL	15:117db924cf7c	29025
wolfSSL	15:117db924cf7c	29026	#ifdef DEBUG_WOLFSSL
wolfSSL	15:117db924cf7c	29027	/* check version (debug warning message only) */
wolfSSL	15:117db924cf7c	29028	if (args->output != NULL) {
wolfSSL	15:117db924cf7c	29029	if (args->output[0] != ssl->chVersion.major \|\|
wolfSSL	15:117db924cf7c	29030	args->output[1] != ssl->chVersion.minor) {
wolfSSL	15:117db924cf7c	29031	WOLFSSL_MSG("preMasterSecret version mismatch");
wolfSSL	15:117db924cf7c	29032	}
wolfSSL	15:117db924cf7c	29033	}
wolfSSL	15:117db924cf7c	29034	#endif
wolfSSL	15:117db924cf7c	29035
wolfSSL	15:117db924cf7c	29036	/* RFC5246 7.4.7.1:
wolfSSL	15:117db924cf7c	29037	* Treat incorrectly formatted message blocks and/or
wolfSSL	15:117db924cf7c	29038	* mismatched version numbers in a manner
wolfSSL	15:117db924cf7c	29039	* indistinguishable from correctly formatted RSA blocks
wolfSSL	15:117db924cf7c	29040	*/
wolfSSL	15:117db924cf7c	29041
wolfSSL	15:117db924cf7c	29042	ret = args->lastErr;
wolfSSL	15:117db924cf7c	29043	args->lastErr = 0; /* reset */
wolfSSL	16:8e0d178b1d1e	29044	/* On error 'ret' will be negative - top bit set */
wolfSSL	16:8e0d178b1d1e	29045	mask = ((unsigned int)ret >>
wolfSSL	16:8e0d178b1d1e	29046	((sizeof(ret) * 8) - 1)) - 1;
wolfSSL	15:117db924cf7c	29047
wolfSSL	15:117db924cf7c	29048	/* build PreMasterSecret */
wolfSSL	15:117db924cf7c	29049	ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL	15:117db924cf7c	29050	ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL	16:8e0d178b1d1e	29051
wolfSSL	16:8e0d178b1d1e	29052	if (args->output != NULL) {
wolfSSL	16:8e0d178b1d1e	29053	/* Use random secret on error */
wolfSSL	16:8e0d178b1d1e	29054	for (i = VERSION_SZ; i < SECRET_LEN; i++) {
wolfSSL	16:8e0d178b1d1e	29055	ssl->arrays->preMasterSecret[i] =
wolfSSL	16:8e0d178b1d1e	29056	ctMaskSel(mask, args->output[i],
wolfSSL	16:8e0d178b1d1e	29057	ssl->arrays->preMasterSecret[i]);
wolfSSL	16:8e0d178b1d1e	29058	}
wolfSSL	16:8e0d178b1d1e	29059	}
wolfSSL	16:8e0d178b1d1e	29060	/* preMasterSecret has RNG and version set
wolfSSL	16:8e0d178b1d1e	29061	* return proper length and ignore error
wolfSSL	16:8e0d178b1d1e	29062	* error will be caught as decryption error
wolfSSL	16:8e0d178b1d1e	29063	*/
wolfSSL	16:8e0d178b1d1e	29064	args->sigSz = SECRET_LEN;
wolfSSL	16:8e0d178b1d1e	29065	ret = 0;
wolfSSL	15:117db924cf7c	29066	break;
wolfSSL	15:117db924cf7c	29067	} /* rsa_kea */
wolfSSL	15:117db924cf7c	29068	#endif /* !NO_RSA */
wolfSSL	15:117db924cf7c	29069	#ifndef NO_PSK
wolfSSL	15:117db924cf7c	29070	case psk_kea:
wolfSSL	15:117db924cf7c	29071	{
wolfSSL	15:117db924cf7c	29072	break;
wolfSSL	15:117db924cf7c	29073	}
wolfSSL	15:117db924cf7c	29074	#endif /* !NO_PSK */
wolfSSL	15:117db924cf7c	29075	#ifdef HAVE_NTRU
wolfSSL	15:117db924cf7c	29076	case ntru_kea:
wolfSSL	15:117db924cf7c	29077	{
wolfSSL	15:117db924cf7c	29078	break;
wolfSSL	15:117db924cf7c	29079	}
wolfSSL	15:117db924cf7c	29080	#endif /* HAVE_NTRU */
wolfSSL	16:8e0d178b1d1e	29081	#if defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	29082	defined(HAVE_CURVE448)
wolfSSL	15:117db924cf7c	29083	case ecc_diffie_hellman_kea:
wolfSSL	15:117db924cf7c	29084	{
wolfSSL	15:117db924cf7c	29085	/* skip past the imported peer key */
wolfSSL	15:117db924cf7c	29086	args->idx += args->length;
wolfSSL	15:117db924cf7c	29087	break;
wolfSSL	15:117db924cf7c	29088	}
wolfSSL	16:8e0d178b1d1e	29089	#endif /* HAVE_ECC \|\| HAVE_CURVE25519 \|\| HAVE_CURVE448 */
wolfSSL	15:117db924cf7c	29090	#ifndef NO_DH
wolfSSL	15:117db924cf7c	29091	case diffie_hellman_kea:
wolfSSL	15:117db924cf7c	29092	{
wolfSSL	15:117db924cf7c	29093	args->idx += (word16)args->sigSz;
wolfSSL	15:117db924cf7c	29094	break;
wolfSSL	15:117db924cf7c	29095	}
wolfSSL	15:117db924cf7c	29096	#endif /* !NO_DH */
wolfSSL	15:117db924cf7c	29097	#if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	29098	case dhe_psk_kea:
wolfSSL	15:117db924cf7c	29099	{
wolfSSL	15:117db924cf7c	29100	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	29101	word16 clientSz = (word16)args->sigSz;
wolfSSL	15:117db924cf7c	29102
wolfSSL	15:117db924cf7c	29103	args->idx += clientSz;
wolfSSL	15:117db924cf7c	29104	c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL	15:117db924cf7c	29105	ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29106	pms += ssl->arrays->preMasterSz;
wolfSSL	15:117db924cf7c	29107
wolfSSL	15:117db924cf7c	29108	/* Use the PSK hint to look up the PSK and add it to the
wolfSSL	15:117db924cf7c	29109	* preMasterSecret here. */
wolfSSL	15:117db924cf7c	29110	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	15:117db924cf7c	29111	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	15:117db924cf7c	29112	MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	29113
wolfSSL	15:117db924cf7c	29114	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	29115	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	29116	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	29117	}
wolfSSL	15:117db924cf7c	29118
wolfSSL	15:117db924cf7c	29119	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	29120	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29121
wolfSSL	15:117db924cf7c	29122	XMEMCPY(pms, ssl->arrays->psk_key,
wolfSSL	15:117db924cf7c	29123	ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	29124	ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
wolfSSL	15:117db924cf7c	29125	OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29126	break;
wolfSSL	15:117db924cf7c	29127	}
wolfSSL	15:117db924cf7c	29128	#endif /* !NO_DH && !NO_PSK */
wolfSSL	16:8e0d178b1d1e	29129	#if (defined(HAVE_ECC) \|\| defined(HAVE_CURVE25519) \|\| \
wolfSSL	16:8e0d178b1d1e	29130	defined(HAVE_CURVE448)) && !defined(NO_PSK)
wolfSSL	15:117db924cf7c	29131	case ecdhe_psk_kea:
wolfSSL	15:117db924cf7c	29132	{
wolfSSL	15:117db924cf7c	29133	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	15:117db924cf7c	29134	word16 clientSz = (word16)args->sigSz;
wolfSSL	15:117db924cf7c	29135
wolfSSL	15:117db924cf7c	29136	/* skip past the imported peer key */
wolfSSL	15:117db924cf7c	29137	args->idx += args->length;
wolfSSL	15:117db924cf7c	29138
wolfSSL	15:117db924cf7c	29139	/* Add preMasterSecret */
wolfSSL	15:117db924cf7c	29140	c16toa(clientSz, pms);
wolfSSL	16:8e0d178b1d1e	29141	ssl->arrays->preMasterSz = OPAQUE16_LEN + clientSz;
wolfSSL	15:117db924cf7c	29142	pms += ssl->arrays->preMasterSz;
wolfSSL	15:117db924cf7c	29143
wolfSSL	15:117db924cf7c	29144	/* Use the PSK hint to look up the PSK and add it to the
wolfSSL	15:117db924cf7c	29145	* preMasterSecret here. */
wolfSSL	15:117db924cf7c	29146	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	15:117db924cf7c	29147	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	15:117db924cf7c	29148	MAX_PSK_KEY_LEN);
wolfSSL	15:117db924cf7c	29149
wolfSSL	15:117db924cf7c	29150	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	15:117db924cf7c	29151	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL	15:117db924cf7c	29152	ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	29153	}
wolfSSL	15:117db924cf7c	29154
wolfSSL	15:117db924cf7c	29155	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	15:117db924cf7c	29156	pms += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29157
wolfSSL	15:117db924cf7c	29158	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	15:117db924cf7c	29159	ssl->arrays->preMasterSz +=
wolfSSL	15:117db924cf7c	29160	ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29161	break;
wolfSSL	15:117db924cf7c	29162	}
wolfSSL	16:8e0d178b1d1e	29163	#endif /* (HAVE_ECC \|\| CURVE25519 \|\| CURVE448) && !NO_PSK */
wolfSSL	15:117db924cf7c	29164	default:
wolfSSL	15:117db924cf7c	29165	ret = BAD_KEA_TYPE_E;
wolfSSL	15:117db924cf7c	29166	} /* switch (ssl->specs.kea) */
wolfSSL	15:117db924cf7c	29167
wolfSSL	15:117db924cf7c	29168	/* Check for error */
wolfSSL	15:117db924cf7c	29169	if (ret != 0) {
wolfSSL	15:117db924cf7c	29170	goto exit_dcke;
wolfSSL	15:117db924cf7c	29171	}
wolfSSL	15:117db924cf7c	29172
wolfSSL	15:117db924cf7c	29173	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	29174	ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL	15:117db924cf7c	29175	} /* TLS_ASYNC_VERIFY */
wolfSSL	15:117db924cf7c	29176	FALL_THROUGH;
wolfSSL	15:117db924cf7c	29177
wolfSSL	15:117db924cf7c	29178	case TLS_ASYNC_FINALIZE:
wolfSSL	15:117db924cf7c	29179	{
wolfSSL	16:8e0d178b1d1e	29180	if (IsEncryptionOn(ssl, 0)) {
wolfSSL	16:8e0d178b1d1e	29181	args->idx += ssl->keys.padSz;
wolfSSL	16:8e0d178b1d1e	29182	#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL	16:8e0d178b1d1e	29183	if (ssl->options.startedETMRead)
wolfSSL	16:8e0d178b1d1e	29184	args->idx += MacSize(ssl);
wolfSSL	16:8e0d178b1d1e	29185	#endif
wolfSSL	16:8e0d178b1d1e	29186	}
wolfSSL	16:8e0d178b1d1e	29187
wolfSSL	15:117db924cf7c	29188	#ifdef HAVE_QSH
wolfSSL	15:117db924cf7c	29189	word16 name;
wolfSSL	15:117db924cf7c	29190
wolfSSL	15:117db924cf7c	29191	if (ssl->options.haveQSH) {
wolfSSL	15:117db924cf7c	29192	/* extension name */
wolfSSL	15:117db924cf7c	29193	ato16(input + args->idx, &name);
wolfSSL	15:117db924cf7c	29194	args->idx += OPAQUE16_LEN;
wolfSSL	15:117db924cf7c	29195
wolfSSL	15:117db924cf7c	29196	if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL	15:117db924cf7c	29197	int qshSz;
wolfSSL	15:117db924cf7c	29198	/* if qshSz is larger than 0 it is the
wolfSSL	15:117db924cf7c	29199	length of buffer used */
wolfSSL	15:117db924cf7c	29200	if ((qshSz = TLSX_QSHCipher_Parse(ssl,
wolfSSL	15:117db924cf7c	29201	input + args->idx,
wolfSSL	15:117db924cf7c	29202	size - args->idx + args->begin, 1)) < 0) {
wolfSSL	15:117db924cf7c	29203	ERROR_OUT(qshSz, exit_dcke);
wolfSSL	15:117db924cf7c	29204	}
wolfSSL	15:117db924cf7c	29205	args->idx += qshSz;
wolfSSL	15:117db924cf7c	29206	}
wolfSSL	15:117db924cf7c	29207	else {
wolfSSL	15:117db924cf7c	29208	/* unknown extension sent client ignored handshake */
wolfSSL	15:117db924cf7c	29209	ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL	15:117db924cf7c	29210	}
wolfSSL	15:117db924cf7c	29211	}
wolfSSL	15:117db924cf7c	29212	#endif /* HAVE_QSH */
wolfSSL	15:117db924cf7c	29213	ret = MakeMasterSecret(ssl);
wolfSSL	15:117db924cf7c	29214
wolfSSL	15:117db924cf7c	29215	/* Check for error */
wolfSSL	15:117db924cf7c	29216	if (ret != 0) {
wolfSSL	15:117db924cf7c	29217	goto exit_dcke;
wolfSSL	15:117db924cf7c	29218	}
wolfSSL	15:117db924cf7c	29219
wolfSSL	15:117db924cf7c	29220	/* Advance state and proceed */
wolfSSL	15:117db924cf7c	29221	ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL	15:117db924cf7c	29222	} /* TLS_ASYNC_FINALIZE */
wolfSSL	15:117db924cf7c	29223	FALL_THROUGH;
wolfSSL	15:117db924cf7c	29224
wolfSSL	15:117db924cf7c	29225	case TLS_ASYNC_END:
wolfSSL	15:117db924cf7c	29226	{
wolfSSL	15:117db924cf7c	29227	/* Set final index */
wolfSSL	15:117db924cf7c	29228	*inOutIdx = args->idx;
wolfSSL	15:117db924cf7c	29229
wolfSSL	15:117db924cf7c	29230	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	15:117db924cf7c	29231	#ifndef NO_CERTS
wolfSSL	15:117db924cf7c	29232	if (ssl->options.verifyPeer) {
wolfSSL	15:117db924cf7c	29233	ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL	15:117db924cf7c	29234	}
wolfSSL	15:117db924cf7c	29235	#endif
wolfSSL	15:117db924cf7c	29236	break;
wolfSSL	15:117db924cf7c	29237	} /* TLS_ASYNC_END */
wolfSSL	15:117db924cf7c	29238	default:
wolfSSL	15:117db924cf7c	29239	ret = INPUT_CASE_ERROR;
wolfSSL	15:117db924cf7c	29240	} /* switch(ssl->options.asyncState) */
wolfSSL	15:117db924cf7c	29241
wolfSSL	15:117db924cf7c	29242	exit_dcke:
wolfSSL	15:117db924cf7c	29243
wolfSSL	15:117db924cf7c	29244	WOLFSSL_LEAVE("DoClientKeyExchange", ret);
wolfSSL	15:117db924cf7c	29245	WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO);
wolfSSL	15:117db924cf7c	29246
wolfSSL	15:117db924cf7c	29247	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	29248	/* Handle async operation */
wolfSSL	15:117db924cf7c	29249	if (ret == WC_PENDING_E) {
wolfSSL	16:8e0d178b1d1e	29250	/* Mark message as not received so it can process again */
wolfSSL	15:117db924cf7c	29251	ssl->msgsReceived.got_client_key_exchange = 0;
wolfSSL	15:117db924cf7c	29252
wolfSSL	15:117db924cf7c	29253	return ret;
wolfSSL	15:117db924cf7c	29254	}
wolfSSL	15:117db924cf7c	29255	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	29256
wolfSSL	15:117db924cf7c	29257	/* Cleanup PMS */
wolfSSL	16:8e0d178b1d1e	29258	if (ssl->arrays->preMasterSecret != NULL) {
wolfSSL	16:8e0d178b1d1e	29259	ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL	16:8e0d178b1d1e	29260	}
wolfSSL	15:117db924cf7c	29261	ssl->arrays->preMasterSz = 0;
wolfSSL	15:117db924cf7c	29262
wolfSSL	15:117db924cf7c	29263	/* Final cleanup */
wolfSSL	15:117db924cf7c	29264	FreeDckeArgs(ssl, args);
wolfSSL	15:117db924cf7c	29265	FreeKeyExchange(ssl);
wolfSSL	15:117db924cf7c	29266
wolfSSL	15:117db924cf7c	29267	return ret;
wolfSSL	15:117db924cf7c	29268	}
wolfSSL	15:117db924cf7c	29269
wolfSSL	15:117db924cf7c	29270	#endif /* !WOLFSSL_NO_TLS12 */
wolfSSL	15:117db924cf7c	29271
wolfSSL	15:117db924cf7c	29272	#if defined(OPENSSL_ALL) \|\| defined(HAVE_STUNNEL) \|\| defined(WOLFSSL_NGINX) \|\| \
wolfSSL	15:117db924cf7c	29273	defined(WOLFSSL_HAPROXY)
wolfSSL	15:117db924cf7c	29274	int SNI_Callback(WOLFSSL* ssl)
wolfSSL	15:117db924cf7c	29275	{
wolfSSL	15:117db924cf7c	29276	/* Stunnel supports a custom sni callback to switch an SSL's ctx
wolfSSL	15:117db924cf7c	29277	* when SNI is received. Call it now if exists */
wolfSSL	15:117db924cf7c	29278	if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
wolfSSL	15:117db924cf7c	29279	WOLFSSL_MSG("Calling custom sni callback");
wolfSSL	15:117db924cf7c	29280	if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
wolfSSL	15:117db924cf7c	29281	== alert_fatal) {
wolfSSL	15:117db924cf7c	29282	WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
wolfSSL	15:117db924cf7c	29283	SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL	15:117db924cf7c	29284	return FATAL_ERROR;
wolfSSL	15:117db924cf7c	29285	}
wolfSSL	15:117db924cf7c	29286	}
wolfSSL	15:117db924cf7c	29287	return 0;
wolfSSL	15:117db924cf7c	29288	}
wolfSSL	15:117db924cf7c	29289	#endif /* OPENSSL_ALL \|\| HAVE_STUNNEL \|\| WOLFSSL_NGINX \|\| WOLFSSL_HAPROXY */
wolfSSL	15:117db924cf7c	29290
wolfSSL	15:117db924cf7c	29291	#endif /* NO_WOLFSSL_SERVER */
wolfSSL	15:117db924cf7c	29292
wolfSSL	15:117db924cf7c	29293
wolfSSL	15:117db924cf7c	29294	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	29295	int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
wolfSSL	15:117db924cf7c	29296	{
wolfSSL	15:117db924cf7c	29297	int ret = 0;
wolfSSL	15:117db924cf7c	29298	WC_ASYNC_DEV* asyncDev;
wolfSSL	15:117db924cf7c	29299	WOLF_EVENT* event;
wolfSSL	15:117db924cf7c	29300
wolfSSL	15:117db924cf7c	29301	if (ssl == NULL) {
wolfSSL	15:117db924cf7c	29302	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	29303	}
wolfSSL	15:117db924cf7c	29304
wolfSSL	15:117db924cf7c	29305	/* check for pending async */
wolfSSL	15:117db924cf7c	29306	asyncDev = ssl->async.dev;
wolfSSL	15:117db924cf7c	29307	if (asyncDev) {
wolfSSL	15:117db924cf7c	29308	/* grab event pointer */
wolfSSL	15:117db924cf7c	29309	event = &asyncDev->event;
wolfSSL	15:117db924cf7c	29310
wolfSSL	15:117db924cf7c	29311	ret = wolfAsync_EventPop(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL);
wolfSSL	15:117db924cf7c	29312	if (ret != WC_NOT_PENDING_E && ret != WC_PENDING_E) {
wolfSSL	15:117db924cf7c	29313
wolfSSL	15:117db924cf7c	29314	/* advance key share state if doesn't need called again */
wolfSSL	15:117db924cf7c	29315	if (state && (asyncDev->event.flags & WC_ASYNC_FLAG_CALL_AGAIN) == 0) {
wolfSSL	15:117db924cf7c	29316	(*state)++;
wolfSSL	15:117db924cf7c	29317	}
wolfSSL	15:117db924cf7c	29318
wolfSSL	15:117db924cf7c	29319	/* clear event */
wolfSSL	15:117db924cf7c	29320	XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT));
wolfSSL	15:117db924cf7c	29321
wolfSSL	15:117db924cf7c	29322	/* clear async dev */
wolfSSL	15:117db924cf7c	29323	ssl->async.dev = NULL;
wolfSSL	15:117db924cf7c	29324	}
wolfSSL	15:117db924cf7c	29325	}
wolfSSL	15:117db924cf7c	29326	else {
wolfSSL	15:117db924cf7c	29327	ret = WC_NOT_PENDING_E;
wolfSSL	15:117db924cf7c	29328	}
wolfSSL	15:117db924cf7c	29329
wolfSSL	15:117db924cf7c	29330	WOLFSSL_LEAVE("wolfSSL_AsyncPop", ret);
wolfSSL	15:117db924cf7c	29331
wolfSSL	15:117db924cf7c	29332	return ret;
wolfSSL	15:117db924cf7c	29333	}
wolfSSL	15:117db924cf7c	29334
wolfSSL	15:117db924cf7c	29335	int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags)
wolfSSL	15:117db924cf7c	29336	{
wolfSSL	15:117db924cf7c	29337	int ret;
wolfSSL	15:117db924cf7c	29338	WOLF_EVENT* event;
wolfSSL	15:117db924cf7c	29339
wolfSSL	15:117db924cf7c	29340	if (ssl == NULL \|\| asyncDev == NULL) {
wolfSSL	15:117db924cf7c	29341	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	29342	}
wolfSSL	15:117db924cf7c	29343
wolfSSL	15:117db924cf7c	29344	/* grab event pointer */
wolfSSL	15:117db924cf7c	29345	event = &asyncDev->event;
wolfSSL	15:117db924cf7c	29346
wolfSSL	15:117db924cf7c	29347	/* init event */
wolfSSL	15:117db924cf7c	29348	ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, ssl, flags);
wolfSSL	15:117db924cf7c	29349
wolfSSL	15:117db924cf7c	29350	WOLFSSL_LEAVE("wolfSSL_AsyncInit", ret);
wolfSSL	15:117db924cf7c	29351
wolfSSL	15:117db924cf7c	29352	return ret;
wolfSSL	15:117db924cf7c	29353	}
wolfSSL	15:117db924cf7c	29354
wolfSSL	15:117db924cf7c	29355	int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev)
wolfSSL	15:117db924cf7c	29356	{
wolfSSL	15:117db924cf7c	29357	int ret;
wolfSSL	15:117db924cf7c	29358	WOLF_EVENT* event;
wolfSSL	15:117db924cf7c	29359
wolfSSL	15:117db924cf7c	29360	if (ssl == NULL \|\| asyncDev == NULL) {
wolfSSL	15:117db924cf7c	29361	return BAD_FUNC_ARG;
wolfSSL	15:117db924cf7c	29362	}
wolfSSL	15:117db924cf7c	29363
wolfSSL	15:117db924cf7c	29364	/* grab event pointer */
wolfSSL	15:117db924cf7c	29365	event = &asyncDev->event;
wolfSSL	15:117db924cf7c	29366
wolfSSL	15:117db924cf7c	29367	/* store reference to active async operation */
wolfSSL	15:117db924cf7c	29368	ssl->async.dev = asyncDev;
wolfSSL	15:117db924cf7c	29369
wolfSSL	15:117db924cf7c	29370	/* place event into queue */
wolfSSL	15:117db924cf7c	29371	ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, event);
wolfSSL	15:117db924cf7c	29372
wolfSSL	15:117db924cf7c	29373	/* success means return WC_PENDING_E */
wolfSSL	15:117db924cf7c	29374	if (ret == 0) {
wolfSSL	15:117db924cf7c	29375	ret = WC_PENDING_E;
wolfSSL	15:117db924cf7c	29376	}
wolfSSL	15:117db924cf7c	29377
wolfSSL	15:117db924cf7c	29378	WOLFSSL_LEAVE("wolfSSL_AsyncPush", ret);
wolfSSL	15:117db924cf7c	29379
wolfSSL	15:117db924cf7c	29380	return ret;
wolfSSL	15:117db924cf7c	29381	}
wolfSSL	15:117db924cf7c	29382
wolfSSL	15:117db924cf7c	29383	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	15:117db924cf7c	29384
wolfSSL	15:117db924cf7c	29385
wolfSSL	15:117db924cf7c	29386	/* return the max record size */
wolfSSL	15:117db924cf7c	29387	int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment)
wolfSSL	15:117db924cf7c	29388	{
wolfSSL	15:117db924cf7c	29389	(void) ssl; /* Avoid compiler warnings */
wolfSSL	15:117db924cf7c	29390
wolfSSL	15:117db924cf7c	29391	if (maxFragment > MAX_RECORD_SIZE) {
wolfSSL	15:117db924cf7c	29392	maxFragment = MAX_RECORD_SIZE;
wolfSSL	15:117db924cf7c	29393	}
wolfSSL	15:117db924cf7c	29394
wolfSSL	15:117db924cf7c	29395	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	16:8e0d178b1d1e	29396	if ((ssl->max_fragment != 0) && ((word16)maxFragment > ssl->max_fragment)) {
wolfSSL	15:117db924cf7c	29397	maxFragment = ssl->max_fragment;
wolfSSL	15:117db924cf7c	29398	}
wolfSSL	15:117db924cf7c	29399	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	15:117db924cf7c	29400	#ifdef WOLFSSL_DTLS
wolfSSL	15:117db924cf7c	29401	if ((ssl->options.dtls) && (maxFragment > MAX_UDP_SIZE)) {
wolfSSL	15:117db924cf7c	29402	maxFragment = MAX_UDP_SIZE;
wolfSSL	15:117db924cf7c	29403	}
wolfSSL	15:117db924cf7c	29404	#endif
wolfSSL	15:117db924cf7c	29405
wolfSSL	15:117db924cf7c	29406	return maxFragment;
wolfSSL	15:117db924cf7c	29407	}
wolfSSL	15:117db924cf7c	29408
wolfSSL	15:117db924cf7c	29409
wolfSSL	15:117db924cf7c	29410	#undef ERROR_OUT
wolfSSL	15:117db924cf7c	29411
wolfSSL	15:117db924cf7c	29412	#endif /* WOLFCRYPT_ONLY */
wolfSSL	15:117db924cf7c	29413

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

src/internal.c@17:a5f916481144, 2020-06-05 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning